Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
eth-contract-metadata
Advanced tools
A mapping of ethereum contract addresses to broadly accepted icons for those addresses.
A mapping of checksummed ethereum addresses to metadata, like names, and images of those addresses' logos.
All address keys follow the EIP 55 address checksum format.
This repository is effectively frozen. We recommend that developers of new tokens use EIP 747 to ask the user's permission to display your tokens in their wallet. This reduces the dangers of airdrop-based phishing, and reduces administrative overhead from managing this list.
You can install from npm with npm install eth-contract-metadata
and use it in your code like this:
import contractMap from 'eth-contract-metadata'
import ethJSUtil from 'ethereumjs-util'
const { toChecksumAddress } = ethJSUtil
function imageElFor (address) {
const metadata = contractMap[toChecksumAddress(address)]
if (metadata?.logo) {
const fileName = metadata.logo
const path = `${__dirname}/images/contract/${fileName}`
const img = document.createElement('img')
img.src = path
img.style.width = '100%'
return img
}
}
imageElFor ("0x06012c8cf97BEaD5deAe237070F9587f8E7A266d")
Maintaining this list is a considerable chore, and it is not our highest priority. We do not guarantee inclusion in this list on any urgent timeline. We are actively looking for fair and safe ways to maintain a list like this in a decentralized way, because maintaining it is a large and security-delicate task.
images
folder.contract-map.json
file with the specified address as the key, and the image file's name as the value.Criteria:
A sample submission:
{
"0x6090A6e47849629b7245Dfa1Ca21D94cd15878Ef": {
"name": "ENS Registrar",
"logo": "ens.svg"
}
}
Tokens should include a field "erc20": true
, and can include additional fields:
A full list of permitted fields can be found in the permitted-fields.json file.
FAQs
A mapping of ethereum contract addresses to broadly accepted icons for those addresses.
The npm package eth-contract-metadata receives a total of 34 weekly downloads. As such, eth-contract-metadata popularity was classified as not popular.
We found that eth-contract-metadata demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.