Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
eth-block-tracker
Advanced tools
A block tracker for the Ethereum blockchain. Keeps track of the latest block.
The eth-block-tracker npm package is designed to help developers track the latest blocks on the Ethereum blockchain. It provides a simple interface to subscribe to new block events, poll for new blocks, and manage block tracking efficiently.
Polling for New Blocks
This feature allows you to poll for new blocks on the Ethereum blockchain. The code sample demonstrates how to set up a block tracker that listens for the latest block and logs it to the console.
const EthBlockTracker = require('eth-block-tracker');
const provider = require('eth-provider');
const blockTracker = new EthBlockTracker({ provider: provider() });
blockTracker.on('latest', (block) => {
console.log('Latest block:', block);
});
blockTracker.start();
Handling Errors
This feature allows you to handle errors that may occur during block tracking. The code sample demonstrates how to set up an error handler that logs errors to the console.
const EthBlockTracker = require('eth-block-tracker');
const provider = require('eth-provider');
const blockTracker = new EthBlockTracker({ provider: provider() });
blockTracker.on('error', (error) => {
console.error('Error:', error);
});
blockTracker.start();
Custom Polling Interval
This feature allows you to set a custom polling interval for checking new blocks. The code sample demonstrates how to set up a block tracker with a polling interval of 20 seconds.
const EthBlockTracker = require('eth-block-tracker');
const provider = require('eth-provider');
const blockTracker = new EthBlockTracker({ provider: provider(), pollingInterval: 20000 });
blockTracker.on('latest', (block) => {
console.log('Latest block:', block);
});
blockTracker.start();
The web3 package is a comprehensive library for interacting with the Ethereum blockchain. It includes functionality for tracking blocks, but also provides a wide range of other features such as contract interaction, account management, and more. Compared to eth-block-tracker, web3 is more feature-rich but may be overkill if you only need block tracking.
The ethers package is another popular library for interacting with the Ethereum blockchain. It offers similar functionalities to web3, including block tracking, but is known for its smaller size and better performance. Like web3, it provides a broader set of features beyond block tracking.
The ethereumjs-blockstream package is specifically designed for streaming Ethereum blocks. It provides a more focused approach to block tracking compared to web3 and ethers, making it a closer alternative to eth-block-tracker. However, it may not be as widely used or supported as the other two libraries.
This module walks the Ethereum blockchain, keeping track of the latest block. It uses a web3 provider as a data source and will continuously poll for the next block.
yarn add eth-block-tracker
or
npm install eth-block-tracker
const createInfuraProvider = require('eth-json-rpc-infura');
const { PollingBlockTracker } = require('eth-block-tracker');
const provider = createInfuraProvider({
network: 'mainnet',
projectId: process.env.INFURA_PROJECT_ID,
});
const blockTracker = new PollingBlockTracker({ provider });
blockTracker.on('sync', ({ newBlock, oldBlock }) => {
if (oldBlock) {
console.log(`sync #${Number(oldBlock)} -> #${Number(newBlock)}`);
} else {
console.log(`first sync #${Number(newBlock)}`);
}
});
provider
as a data source and pollingInterval
(ms) timeout between polling for the latest block.retryTimeout
(ms) before attempting again.keepEventLoopActive
is false
, in Node.js it will unref the polling timeout, allowing the process to exit during the polling interval. Defaults to true
, meaning the process will be kept alive.usePastBlocks
is true
, block numbers less than the current block number can used and emitted. Defaults to false
, meaning that only block numbers greater than the current block number will be used and emitted.Synchronously returns the current block. May be null
.
console.log(blockTracker.getCurrentBlock());
Asynchronously returns the latest block. if not immediately available, it will fetch one.
Tells the block tracker to ask for a new block immediately, in addition to its normal polling interval. Useful if you received a hint of a new block (e.g. via tx.blockNumber
from getTransactionByHash
). Will resolve to the new latest block when done polling.
The latest
event is emitted for whenever a new latest block is detected. This may mean skipping blocks if there were two created since the last polling period.
blockTracker.on('latest', (newBlock) => console.log(newBlock));
The sync
event is emitted the same as "latest" but includes the previous block.
blockTracker.on('sync', ({ newBlock, oldBlock }) =>
console.log(newBlock, oldBlock),
);
The error
event means an error occurred while polling for the latest block.
blockTracker.on('error', (err) => console.error(err));
nvm use
will automatically choose the right node version for you.yarn setup
to install dependencies and run any requried post-install scripts
yarn
/ yarn install
command directly. Use yarn setup
instead. The normal install command will skip required post-install scripts, leaving your development environment in an invalid state.Run yarn test
to run the tests once. To run tests on file changes, run yarn test:watch
.
Run yarn lint
to run the linter, or run yarn lint:fix
to run the linter and fix any automatically fixable issues.
The project follows the same release process as the other libraries in the MetaMask organization. The GitHub Actions action-create-release-pr
and action-publish-release
are used to automate the release process; see those repositories for more information about how they work.
Choose a release version.
If this release is backporting changes onto a previous release, then ensure there is a major version branch for that version (e.g. 1.x
for a v1
backport release).
v1.0.2
release, you'd want to ensure there was a 1.x
branch that was set to the v1.0.1
tag.Trigger the workflow_dispatch
event manually for the Create Release Pull Request
action to create the release PR.
action-create-release-pr
workflow to create the release PR.Update the changelog to move each change entry into the appropriate change category (See here for the full list of change categories, and the correct ordering), and edit them to be more easily understood by users of the package.
yarn auto-changelog validate --rc
to check that the changelog is correctly formatted.Review and QA the release.
Squash & Merge the release.
action-publish-release
workflow to tag the final release commit and publish the release on GitHub.Publish the release on npm.
npm publish --dry-run
to examine the release contents to ensure the correct files are included. Compare to previous releases if necessary (e.g. using https://unpkg.com/browse/[package name]@[package version]/
).npm publish
.FAQs
A block tracker for the Ethereum blockchain. Keeps track of the latest block.
We found that eth-block-tracker demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 13 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.