Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
eth-tracker
Advanced tools
A block tracker for the Ethereum blockchain. Keeps track of the latest block.
This module walks the Ethereum blockchain, keeping track of the latest block. It uses a web3 provider as a data source and will continuously poll for the next block.
yarn add eth-block-tracker
or
npm install eth-block-tracker
const createInfuraProvider = require('eth-json-rpc-infura');
const { PollingBlockTracker } = require('eth-block-tracker');
const provider = createInfuraProvider({
network: 'mainnet',
projectId: process.env.INFURA_PROJECT_ID,
});
const blockTracker = new PollingBlockTracker({ provider });
blockTracker.on('sync', ({ newBlock, oldBlock }) => {
if (oldBlock) {
console.log(`sync #${Number(oldBlock)} -> #${Number(newBlock)}`);
} else {
console.log(`first sync #${Number(newBlock)}`);
}
});
provider
as a data source and pollingInterval
(ms) timeout between polling for the latest block.retryTimeout
(ms) before attempting again.keepEventLoopActive
is false
, in Node.js it will unref the polling timeout, allowing the process to exit during the polling interval. Defaults to true
, meaning the process will be kept alive.usePastBlocks
is true
, block numbers less than the current block number can used and emitted. Defaults to false
, meaning that only block numbers greater than the current block number will be used and emitted.Synchronously returns the current block. May be null
.
console.log(blockTracker.getCurrentBlock());
Asynchronously returns the latest block. if not immediately available, it will fetch one.
Tells the block tracker to ask for a new block immediately, in addition to its normal polling interval. Useful if you received a hint of a new block (e.g. via tx.blockNumber
from getTransactionByHash
). Will resolve to the new latest block when done polling.
The latest
event is emitted for whenever a new latest block is detected. This may mean skipping blocks if there were two created since the last polling period.
blockTracker.on('latest', (newBlock) => console.log(newBlock));
The sync
event is emitted the same as "latest" but includes the previous block.
blockTracker.on('sync', ({ newBlock, oldBlock }) =>
console.log(newBlock, oldBlock),
);
The error
event means an error occurred while polling for the latest block.
blockTracker.on('error', (err) => console.error(err));
nvm use
will automatically choose the right node version for you.yarn setup
to install dependencies and run any requried post-install scripts
yarn
/ yarn install
command directly. Use yarn setup
instead. The normal install command will skip required post-install scripts, leaving your development environment in an invalid state.Run yarn test
to run the tests once. To run tests on file changes, run yarn test:watch
.
Run yarn lint
to run the linter, or run yarn lint:fix
to run the linter and fix any automatically fixable issues.
The project follows the same release process as the other libraries in the MetaMask organization. The GitHub Actions action-create-release-pr
and action-publish-release
are used to automate the release process; see those repositories for more information about how they work.
Choose a release version.
If this release is backporting changes onto a previous release, then ensure there is a major version branch for that version (e.g. 1.x
for a v1
backport release).
v1.0.2
release, you'd want to ensure there was a 1.x
branch that was set to the v1.0.1
tag.Trigger the workflow_dispatch
event manually for the Create Release Pull Request
action to create the release PR.
action-create-release-pr
workflow to create the release PR.Update the changelog to move each change entry into the appropriate change category (See here for the full list of change categories, and the correct ordering), and edit them to be more easily understood by users of the package.
yarn auto-changelog validate --rc
to check that the changelog is correctly formatted.Review and QA the release.
Squash & Merge the release.
action-publish-release
workflow to tag the final release commit and publish the release on GitHub.Publish the release on npm.
npm publish --dry-run
to examine the release contents to ensure the correct files are included. Compare to previous releases if necessary (e.g. using https://unpkg.com/browse/[package name]@[package version]/
).npm publish
.FAQs
A block tracker for the Ethereum blockchain. Keeps track of the latest block.
The npm package eth-tracker receives a total of 0 weekly downloads. As such, eth-tracker popularity was classified as not popular.
We found that eth-tracker demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.