Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
eth-scan
is a library written in TypeScript, to help you fetch Ether or (ERC-20) token balances for multiple addresses in an efficient way. The library uses a smart contract to fetch the balances in a single call to a node. The contract is currently deployed at 0x82Ea2E7834Bb0D6224dd6fd7125d44b83d6D6809 on the Ethereum mainnet.
It can use Web3.js, Ethers.js or regular HTTP as provider to get the balances. See Getting Started for more info.
Note: Even though eth_call
doesn't use any gas, the block gas limit still applies, and the maximum number of addresses you can fetch in a single call is limited. By default this library batches calls per 1000 addresses.
The library is published on npm. To install it, use npm
or yarn
:
yarn add eth-scan
or
npm install eth-scan
import EthScan, { HttpProvider } from 'eth-scan';
const scanner = new EthScan(new HttpProvider('http://127.0.0.1:8545'));
scanner.getEtherBalances([
'0x9a0decaffb07fb500ff7e5d253b16892dbec006a',
'0xeb65f72a2f5464157288ac15f1bb56c56e6be375',
'0x1b96c634f9e9fcfb76932e165984901701352ffd',
'0x740539b55ee5dc58efffb88fea44a9008f8daa6f',
'0x95d9e32dc03770699a6a5e5858165b174d500015'
]).then(console.log);
Results in:
{
'0x9a0decaffb07fb500ff7e5d253b16892dbec006a': 1000000000000000000n,
'0xeb65f72a2f5464157288ac15f1bb56c56e6be375': 1000000000000000000n,
'0x1b96c634f9e9fcfb76932e165984901701352ffd': 1000000000000000000n,
'0x740539b55ee5dc58efffb88fea44a9008f8daa6f': 1000000000000000000n,
'0x95d9e32dc03770699a6a5e5858165b174d500015': 1000000000000000000n
}
Note that this library uses the native JavaScript BigInt
type, which currently does not work in all browsers. Use a polyfill if your application requires support for other browsers.
new EthScan(provider, options?)
The main class used to get Ether or token balances.
provider
<Provider> - An instance of the Web3.js, Ethers.js or HTTP provider class.
options
<EthScanOptions> (optional) - The options to use.
getEtherBalances(addresses)
Get Ether balances for addresses
.
addresses
<string[]> - An array of addresses as hexadecimal string.
Returns: <Promise> - A promise with an object with the addresses and the balances.
getTokenBalances(token, addresses)
Get ERC-20 token balances from token
for addresses
. This does not check if the address specified is a token and will throw an error if it isn't.
token
<string> - The address of the ERC-20 token.
addresses
<string[]> - An array of addresses as hexadecimal string.
Returns: <Promise> - A promise with an object with the addresses and the balances.
EthScanOptions
contractAddress
<string> (optional) - The address of the smart contract to use. Defaults to 0x82Ea2E7834Bb0D6224dd6fd7125d44b83d6D6809.
batchSize
<number> (optional) - The size of the call batches. Defaults to 1000.
There are currently three available providers.
new EthersProvider(provider)
Create a provider from an existing Ethers.js provider.
provider
<Provider> - An instance of an Ethers.js provider.new HttpProvider(url)
Create a provider that uses a simple HTTP request.
url
<string> - The URL of the node to connect to.new Web3Provider(web3)
Create a provider from an existing Web3.js instance.
web3
<Web3> - An instance of the Web3 class.FAQs
An efficient Ether and token balance scanner
The npm package eth-scan receives a total of 12 weekly downloads. As such, eth-scan popularity was classified as not popular.
We found that eth-scan demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.