Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Install with npm install --save jsstc
inside your project. Then just
const jsstc = require('jsstc')
If you are working in the browser and want to load jsstc from a CDN:
<script src="https://unpkg.com/jsstc/bin/jsstc.min.js"></script>
By default, jsstc hits on the main stc testnet (https://api.staketoclaim.com). You can eventually make jsstc hit on your local node or any stc node like so:
jsstc.init({api: 'http://localhost:3001'})
jsstc.getAccount('alice', (err, account) => {
console.log(err, account)
})
Just pass an array of usernames instead
jsstc.getAccounts(['alice', 'bob'], (err, accounts) => {
console.log(err, accounts)
})
For the history, you also need to specify a block number. The api will return all blocks lower than the specified block where the user was involved in a transaction
jsstc.getAccountHistory('alice', 0, (err, blocks) => {
console.log(err, blocks)
})
jsstc.getContent('alice', 'pocNl2YhZdM', (err, content) => {
console.log(err, content)
})
jsstc.getFollowers('alice', (err, followers) => {
console.log(err, followers)
})
jsstc.getFollowers('alice', (err, followers) => {
console.log(err, followers)
})
You can pass a username and permlink (identifying a content) in the 2nd and 3rd argument to 'get more'.
jsstc.getDiscussionsByAuthor('alice', null, null, (err, contents) => {
console.log(err, contents)
})
You can pass a username and a permlink to 'get more'.
jsstc.getNewDiscussions('alice', null, null, (err, contents) => {
console.log(err, contents)
})
You can pass a username and a permlink to 'get more'.
jsstc.getHotDiscussions(null, null, (err, contents) => {
console.log(err, contents)
})
This lists the contents posted by the following of the passed username.
You can pass a username and a permlink in the 2nd and 3rd argument to 'get more'.
jsstc.getFeedDiscussions('alice', null, null, (err, contents) => {
console.log(err, contents)
})
jsstc.getNotifications('alice', (err, contents) => {
console.log(err, contents)
})
To send a transaction to the network, you will need multiple steps. First you need to define your transaction and sign it.
var newTx = {
type: jsstc.TransactionType.FOLLOW,
data: {
target: 'bob'
}
}
newTx = jsstc.sign(alice_key, 'alice', newTx)
After this step, the transaction is forged with a timestamp, hash, and signature. This transaction needs to be sent in the next 60 secs or will be forever invalid.
You can send it like so
jsstc.sendTransaction(newTx, function(err, res) {
cb(err, res)
})
The callback will return once your transaction has been included in a new block.
Alternatively, you can just want the callback as soon as the receiving node has it, you can do:
jsstc.sendRawTransaction(newTx, function(err, res) {
cb(err, res)
})
console.log(jsstc.keypair())
Voting Power and Bandwidth are growing in time but the API will only return the latest update in the vt
and bw
fields of the accounts. To get the actual value, use votingPower() and bandwidth()
jsstc.getAccount('alice', (err, account) => {
console.log(jsstc.votingPower(account))
console.log(jsstc.bandwidth(account))
})
FAQs
javascript api for the stc blockchain
The npm package jsstc receives a total of 0 weekly downloads. As such, jsstc popularity was classified as not popular.
We found that jsstc demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.