
Security News
/Research
Wallet-Draining npm Package Impersonates Nodemailer to Hijack Crypto Transactions
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
A tiny command line utility for learning and developing on Ethereum.
Implemented as a commanderJS wrapper around the ethersJS, where possible it uses the same function signatures.
The most convenient way is to install the package globally, that you can run ethy <command>
from any directory.
npm i -g ethy
ethy --help
Commands:
getBalance [options] <addressOrName> get the balance of an account
lookupAddress [options] <address> lookup the ENS name associated with an address
resolveName [options] <name> lookup the address associated with an ENS name
getGasPrice [options] returns current estimated gas price
convertWei <amount> returns input amount in wei, gwei and eth
keccak256 <input> returns the KECCAK256 hash of the text bytes
help [command] display help for command
Get the eth balance of an address or ENS name.
$ ethy getBalance vitalik.eth
3207.586970447020180416 eth
You can optionally specify network to target testnets.
$ ethy getBalance 0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045 --network rinkeby
0.410338958929449048 eth
Another common operation is resolving ENS names in both directions
$ ethy resolveName vitalik.eth
0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045
$ ethy lookupAddress 0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045
vitalik.eth
$ ethy getGasPrice
27.872450494 gwei
Much quicker than googling wei to eth converter five times a day
$ ethy convertWei 100000000000
100.0 gwei
0.0000001 eth
Check the keccak256 hash value of a string
$ ethy keccak256 "hello world"
0x47173285a8d7341e5e972fc677286384f802f8ef42a5ec5f03bbfa254cb01fad
FAQs
Tiny command line utils for ethereum development and learning
The npm package ethy receives a total of 2 weekly downloads. As such, ethy popularity was classified as not popular.
We found that ethy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.