Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
eth-rpc-errors
Advanced tools
The eth-rpc-errors package provides utilities for creating and managing Ethereum JSON-RPC errors. It helps standardize error handling in Ethereum-related applications by providing predefined error codes and messages.
Creating Custom Errors
This feature allows you to create custom errors with specific codes, messages, and additional data. It is useful for defining application-specific error conditions.
const { ethErrors } = require('eth-rpc-errors');
const customError = ethErrors.rpc.custom({
code: 1234,
message: 'Custom error message',
data: { additional: 'info' }
});
console.log(customError);
Predefined Errors
The package provides predefined errors for common JSON-RPC error conditions, such as invalid parameters, method not found, and internal errors. This helps standardize error responses across different applications.
const { ethErrors } = require('eth-rpc-errors');
const invalidParamsError = ethErrors.rpc.invalidParams('Invalid parameters provided');
console.log(invalidParamsError);
Error Serialization
This feature allows you to serialize JavaScript errors into a format that can be easily transmitted over JSON-RPC. It ensures that error information is consistently formatted.
const { serializeError } = require('eth-rpc-errors');
const error = new Error('Something went wrong');
const serializedError = serializeError(error);
console.log(serializedError);
The json-rpc-error package provides utilities for creating and managing JSON-RPC errors. It offers similar functionality to eth-rpc-errors but is not specific to Ethereum. It can be used in any JSON-RPC based application.
The jsonrpc-lite package is a lightweight JSON-RPC 2.0 and 1.0 implementation. It includes error handling utilities similar to eth-rpc-errors but also provides full JSON-RPC request and response handling capabilities.
The json-rpc-protocol package provides a complete implementation of the JSON-RPC 2.0 protocol, including error handling. It offers a more comprehensive solution compared to eth-rpc-errors, which focuses solely on error management.
Ethereum RPC errors, including for Ethereum JSON RPC and Ethereum Provider, and making unknown errors compliant with either spec.
In TypeScript or JavaScript:
import { ethErrors } from 'eth-rpc-errors'
throw ethErrors.provider.unauthorized()
// or
throw ethErrors.provider.unauthorized('my custom message')
CloseEvent
errors or status codes.Installation: npm install eth-rpc-errors
or yarn add eth-rpc-errors
import
or require
as normal (no default export).
The package is implemented in TypeScript, and all exports are typed.
import { ethErrors } from 'eth-rpc-errors'
// Ethereum RPC errors are namespaced under "ethErrors.rpc"
response.error = ethErrors.rpc.methodNotFound({
message: optionalCustomMessage, data: optionalData
})
// Provider errors namespaced under ethErrors.provider
response.error = ethErrors.provider.unauthorized({
message: optionalCustomMessage, data: optionalData
})
// each error getter takes a single "opts" argument
// for most errors, this can be replaced with a single string, which becomes
// the error message
response.error = ethErrors.provider.unauthorized(customMessage)
// if an error getter accepts a single string, all arguments can be omitted
response.error = ethErrors.provider.unauthorized()
response.error = ethErrors.provider.unauthorized({})
// omitting the message will produce an error with a default message per
// the relevant spec
// omitting the data argument will produce an error without a
// "data" property
// the JSON RPC 2.0 server error requires a valid code
response.error = ethErrors.rpc.server({
code: -32031
})
// custom Ethereum Provider errors require a valid code and message
// valid codes are integers i such that: 1000 <= i <= 4999
response.error = ethErrors.provider.custom({
code: 1001, message: 'foo'
})
// this is useful for ensuring your errors are standardized
import { serializeError } from 'eth-rpc-errors'
// if the argument is not a valid error per any supported spec,
// it will be added as error.data.originalError
response.error = serializeError(maybeAnError)
// you can add a custom fallback error code and message if desired
const fallbackError = { code: 4999, message: 'My custom error.' }
response.error = serializeError(maybeAnError, fallbackError)
// Note: if the original error has a "message" property, it will take
// precedence over the fallback error's message
// the default fallback is:
{
code: -32603,
message: 'Internal JSON-RPC error.'
}
/**
* Classes
*/
import { EthereumRpcError, EthereumProviderError } from 'eth-rpc-errors'
/**
* getMessageFromCode and errorCodes
*/
import { getMessageFromCode, errorCodes } from 'eth-rpc-errors'
// get the default message string for the given code, or a fallback message if
// no message exists for the given code
const message1 = getMessageFromCode(someCode)
// you can specify your own fallback message
const message2 = getMessageFromCode(someCode, myFallback)
// it can be anything, use at your own peril
const message3 = getMessageFromCode(someCode, null)
// {
// rpc: { [errorName]: code, ... },
// provider: { [errorName]: code, ... },
// }
const code1 = errorCodes.rpc.parse
const code2 = errorCodes.provider.userRejectedRequest
// all codes in errorCodes have default messages
const message4 = getMessageFromCode(code1)
const message5 = getMessageFromCode(code2)
MIT
[4.0.3] - 2021-03-10
ethErrors
getter function argument objects as optional (#36)FAQs
Ethereum RPC and Provider errors.
The npm package eth-rpc-errors receives a total of 307,067 weekly downloads. As such, eth-rpc-errors popularity was classified as popular.
We found that eth-rpc-errors demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.