Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
A thin, fast, low-level Promise-based wrapper around the Ethereum APIs.
Clone the repo and install dependencies via npm install
. Tests can be executed via
npm run testOnce
(100% covered unit tests)npm run testE2E
(E2E against a running RPC-enabled testnet Parity/Geth instance, parity --testnet
and for WebScokets, geth --testnet --ws --wsorigins '*' --rpc
)DEBUG=true
will display the RPC POST bodies and responses on E2E testsInstall the package with npm install --save ethapi-js
from the npm registry ethapi-js
// import the actual EthApi class
import EthApi from 'ethapi-js';
// do the setup
const transport = new EthApi.Transport.Http('http://localhost:8545'); // or .Ws('ws://localhost:8546')
const ethapi = new EthApi(transport);
You will require native Promises and fetch support (latest browsers only), they can be utilised by
import 'isomorphic-fetch';
import es6Promise from 'es6-promise';
es6Promise.polyfill();
perform a call
ethapi.eth
.coinbase()
.then((coinbase) => {
console.log(`The coinbase is ${coinbase}`);
});
multiple promises
Promise
.all([
ethapi.eth.coinbase(),
ethapi.net.listening()
])
.then(([coinbase, listening]) => {
// do stuff here
});
chaining promises
ethapi.eth
.newFilter({...})
.then((filterId) => ethapi.eth.getFilterChanges(filterId))
.then((changes) => {
console.log(changes);
});
attach contract
const abi = [{ name: 'callMe', inputs: [{ type: 'bool', ...}, { type: 'string', ...}]}, ...abi...];
const contract = new EthApi.Contract(ethapi, abi);
deploy
contract
.deploy('0xc0de', [params], 'superPassword')
.then((address) => {
console.log(`the contract was deployed at ${address}`);
});
attach a contract at address
// via the constructor & .at function
const contract = new EthApi.Contract(ethapi, abi).at('0xa9280...7347b');
// or on an already initialised contract
contract.at('0xa9280...7347b');
// perform calls here
find & call a function
contract.functions
.find((func) => func.name === 'callMe')
.call({ gas: 21000 }, [true, 'someString']) // or estimateGas or sendTransaction
.then((result) => {
console.log(`the result was ${result}`);
});
parse events from transaction receipt
contract
.parseTransactionEvents(txReceipt)
.then((receipt) => {
receipt.logs.forEach((log) => {
console.log('log parameters', log.params);
});
});
APIs implement the calls as exposed in the Ethcore JSON Ethereum RPC definitions. Mapping follows the naming conventions of the originals, i.e. eth_call
becomes eth.call
, personal_accounts
becomes personal.accounts
, etc.
As a verification step, all exposed interfaces are tested for existing and pointing to the correct endpoints by using the generated interfaces from the above repo.
FAQs
A thin, fast, low-level Promise-based wrapper around the Ethereum APIs.
We found that ethapi-js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.