Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
hardhat-graph
Advanced tools
Hardhat plugin for Ethereum developers to build subgraphs alongside their smart contracts
This is a hardhat plugin that aims to make subgraph building easy for Ethereum developers. The goal is to allow the users to mimic a big portion of the graph-cli functionality. Below you can see a list of the currently available tasks, for a demo project that show how to use the pulgin you can check this repo.
NOTE: This project is POC/WIP, there could be breaking changes or bugs.
init
contractName: 'MyContract'
and address: '0x123..'
startBlock
- the optional number of the block that the data source starts indexing from./subgraph
using generateScaffold
from graph-cli
./subgraph
using initNetworksConfig
from graph-cli
codegen
commandasync function deploy(contractName: string) {
....
await contract.deployed();
return { contractName: contractName , address: contract.address}
}
deploy()
.then((result) => hre.run('init', result))
.then(() => process.exit(0))
.catch((error) => {
console.error(error);
process.exit(1);
});
update
contractName: 'MyContract'
and address: '0x123..'
startBlock
- the optional number of the block that the data source starts indexing from./subgraph/abis
network.json
if it's deployed to the same network. If the contract has been deployed to a network that is not present in the config file, adds an entry for the new network.codegen
and build
.codegen
if there are no changes to the contract events.graph build --network <network>
from the subgraph folder if you want to update the dataSources network in the subgraph.async function deploy(contractName: string) {
....
await contract.deployed();
return { contractName: contractName , address: contract.address}
}
deploy()
.then((result) => hre.run('update', result))
.then(() => process.exit(0))
.catch((error) => {
console.error(error);
process.exit(1);
});
add
address: '0x123..
startBlock
- the optional number of the block that the data source starts indexing fromsubgraphYaml: path/to/subgraph.yaml
(default is './subgraph.yaml')abi: path/to/Contract.json
Loads abi from filemergeEntities
When this flag is given new entities with already taken names are skippedcontractName: MyContract
(default is 'Contract')graph add
from the graph-cli with the given params which updates the subgraph.yaml
, schema.graphql
and adds a new abi and mapping filecodegen
graph
contractName: 'MyContract'
and address: '0x123..
and an optional positional parameter subtask
<init|update|add>.init
, update
or add
tasks depending if a subgraph already exists or not. If the optional param subtask
is passed it will run that subtask instead.async function deploy(contractName: string) {
....
await contract.deployed();
const deployTx = await contract.deployTransaction.wait();
return { contractName: MyContract , address: contract.address, blockNumber: deployTx.blockNumber}
}
deploy()
.then((result) => hre.run('graph', result))
.then(() => process.exit(0))
.catch((error) => {
console.error(error);
process.exit(1);
});
or
npx hardhat graph <init|update|add> --contract-name MyContract --address 0x123... # the subtask parameter is optional
NOTE:
npm >7 should auto-install peerDependencies from plugins, but if they are not or you're using yarn
, add
"@graphprotocol/graph-cli": "^0.30.0",
"@graphprotocol/graph-ts": "^0.27.0",
to the hardhat project package.json (Because the graph add
command was added in version 0.30.0, this is also the minimum required version)
The plugin can be installed from the repo:
{
...
"devDependencies": {
"hardhat-graph": "https://github.com/graphprotocol/hardhat-graph"
...
}
}
or from a specific branch:
{
...
"devDependencies": {
"hardhat-graph": "https://github.com/graphprotocol/hardhat-graph#branch_name"
...
}
}
Import the plugin in your hardhat.config
file:
JS: require("@graphprotocol/hardhat-graph")
TS: import "@graphprotocol/hardhat-graph"
JS:
module.exports = {
...
subgraph: {
name: 'MySubgraph', // Defaults to the name of the root folder of the hardhat project
product: 'hosted-service'|'subgraph-studio', // Defaults to 'subgraph-studio'
indexEvents: true|false, // Defaults to false
allowSimpleName: true|false // Defaults to `false` if product is `hosted-service` and `true` if product is `subgraph-studio`
},
paths: {
subgraph: './path/to/subgraph' // Defaults to './subgraph'
}
}
TS:
export default {
...
subgraph: {
name: 'MySubgraph', // Defaults to the name of the root folder of the hardhat project
product: 'hosted-service'|'subgraph-studio', // Defaults to 'subgraph-studio'
indexEvents: true|false, // Defaults to false
allowSimpleName: true|false // Defaults to `false` if product is `hosted-service` and `true` if product is `subgraph-studio`
},
paths: {
subgraph: './path/to/subgraph' // Defaults to './subgraph'
}
}
graph node
against local hardhat node
docker-compose.yml
file:version: '3'
services:
graph-node:
image: graphprotocol/graph-node
ports:
- '8000:8000'
- '8001:8001'
- '8020:8020'
- '8030:8030'
- '8040:8040'
depends_on:
- ipfs
- postgres
extra_hosts:
- host.docker.internal:host-gateway
environment:
postgres_host: postgres
postgres_user: graph-node
postgres_pass: let-me-in
postgres_db: graph-node
ipfs: 'ipfs:5001'
ethereum: 'localhost:http://host.docker.internal:8545'
GRAPH_LOG: info
ipfs:
image: ipfs/go-ipfs:v0.10.0
ports:
- '5001:5001'
volumes:
- ./data/ipfs:/data/ipfs
postgres:
image: postgres
ports:
- '5432:5432'
command:
[
"postgres",
"-cshared_preload_libraries=pg_stat_statements"
]
environment:
POSTGRES_USER: graph-node
POSTGRES_PASSWORD: let-me-in
POSTGRES_DB: graph-node
PGDATA: "/data/postgres"
volumes:
- ./data/postgres:/var/lib/postgresql/data
hardhat.config
file:{
...
networks: {
localhost: {
url: "http://0.0.0.0:8545",
},
},
...
}
npx hardhat node --hostname 0.0.0.0
npx hardhat console --network localhost
subgraph.yaml
file to localhost
and the addresses to the deployed contract addresses (You can use yarn build --network localhost
. If you use graph-cli >= 0.32.0 you can skip this step and see step 7)docker-compose up
or docker compose up
yarn create-local
and yarn deploy-local
(Since graph-cli 0.32.0 you can use --network localhost
option with the deploy command, similarly to yarn build
in step 5)http://127.0.0.1:8000/subgraphs/name/<your-subgraph-name>/graphql
NOTE: If for any reason you stop the hardhat node, it is recommended to stop the graph node, delete the ipfs
and postgres
folders in data
(or the whole data
folder) created by the graph node (you can run yarn graph-local-clean
that will do that for you), and then repeat steps 3-9
.
FAQs
Hardhat plugin for Ethereum developers to build subgraphs alongside their smart contracts
We found that hardhat-graph demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.