Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
ethblock-trackr
Advanced tools
A block tracker for the Ethereum blockchain. Keeps track of the latest block.
This module walks the Ethereum blockchain, keeping track of the latest block. It uses a web3 provider as a data source and will continuously poll for the next block.
yarn add eth-block-tracker
or
npm install eth-block-tracker
const createInfuraProvider = require('eth-json-rpc-infura');
const { PollingBlockTracker } = require('eth-block-tracker');
const provider = createInfuraProvider({
network: 'mainnet',
projectId: process.env.INFURA_PROJECT_ID,
});
const blockTracker = new PollingBlockTracker({ provider });
blockTracker.on('sync', ({ newBlock, oldBlock }) => {
if (oldBlock) {
console.log(`sync #${Number(oldBlock)} -> #${Number(newBlock)}`);
} else {
console.log(`first sync #${Number(newBlock)}`);
}
});
provider
as a data source and pollingInterval
(ms) timeout between polling for the latest block.retryTimeout
(ms) before attempting again.keepEventLoopActive
is false
, in Node.js it will unref the polling timeout, allowing the process to exit during the polling interval. Defaults to true
, meaning the process will be kept alive.usePastBlocks
is true
, block numbers less than the current block number can used and emitted. Defaults to false
, meaning that only block numbers greater than the current block number will be used and emitted.Synchronously returns the current block. May be null
.
console.log(blockTracker.getCurrentBlock());
Asynchronously returns the latest block. if not immediately available, it will fetch one.
Tells the block tracker to ask for a new block immediately, in addition to its normal polling interval. Useful if you received a hint of a new block (e.g. via tx.blockNumber
from getTransactionByHash
). Will resolve to the new latest block when done polling.
The latest
event is emitted for whenever a new latest block is detected. This may mean skipping blocks if there were two created since the last polling period.
blockTracker.on('latest', (newBlock) => console.log(newBlock));
The sync
event is emitted the same as "latest" but includes the previous block.
blockTracker.on('sync', ({ newBlock, oldBlock }) =>
console.log(newBlock, oldBlock),
);
The error
event means an error occurred while polling for the latest block.
blockTracker.on('error', (err) => console.error(err));
nvm use
will automatically choose the right node version for you.yarn setup
to install dependencies and run any requried post-install scripts
yarn
/ yarn install
command directly. Use yarn setup
instead. The normal install command will skip required post-install scripts, leaving your development environment in an invalid state.Run yarn test
to run the tests once. To run tests on file changes, run yarn test:watch
.
Run yarn lint
to run the linter, or run yarn lint:fix
to run the linter and fix any automatically fixable issues.
The project follows the same release process as the other libraries in the MetaMask organization. The GitHub Actions action-create-release-pr
and action-publish-release
are used to automate the release process; see those repositories for more information about how they work.
Choose a release version.
If this release is backporting changes onto a previous release, then ensure there is a major version branch for that version (e.g. 1.x
for a v1
backport release).
v1.0.2
release, you'd want to ensure there was a 1.x
branch that was set to the v1.0.1
tag.Trigger the workflow_dispatch
event manually for the Create Release Pull Request
action to create the release PR.
action-create-release-pr
workflow to create the release PR.Update the changelog to move each change entry into the appropriate change category (See here for the full list of change categories, and the correct ordering), and edit them to be more easily understood by users of the package.
yarn auto-changelog validate --rc
to check that the changelog is correctly formatted.Review and QA the release.
Squash & Merge the release.
action-publish-release
workflow to tag the final release commit and publish the release on GitHub.Publish the release on npm.
npm publish --dry-run
to examine the release contents to ensure the correct files are included. Compare to previous releases if necessary (e.g. using https://unpkg.com/browse/[package name]@[package version]/
).npm publish
.FAQs
A block tracker for the Ethereum blockchain. Keeps track of the latest block.
The npm package ethblock-trackr receives a total of 1 weekly downloads. As such, ethblock-trackr popularity was classified as not popular.
We found that ethblock-trackr demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.