Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
The OpenNode Node library provides convenient access to the OpenNode API from applications written in server-side JavaScript.
You can find examples here. For more information refer to our API docs.
Install the package with:
npm install opennode --save
or
yarn add opennode
The package needs to be configured with your account's secret key which is available in your OpenNode Dashboard. value:
const opennode = require('opennode');
opennode.setCredentials('MY_API_KEY', 'dev'); //if no parameter given, default environment is 'live'
try {
const charge = await opennode.createCharge({
amount: 10.5,
currency: "USD",
callback_url: "https://example.com/webhook/opennode",
auto_settle: false
});
}
catch (error) {
console.error(`${error.status} | ${error.message}`);
}
Every method returns a chainable promise which can be used instead of a regular callback:
// Create a new charge
opennode.createCharge({
amount: 10.5,
currency: "USD",
callback_url: "https://example.com/webhook/opennode",
auto_settle: false
}).then(charge => {
console.log(charge);
})
.catch(error => {
console.error(`${error.status} | ${error.message}`);
});
OpenNode can send signed webhook events that notify your application any time a specific event occurs. You can read more about it here.
You can verify if a webhook was sent by OpenNode by comparing the signatures.
function handleWebhook (req, res) {
const charge = req.body;
const isValid = await opennode.signatureIsValid(charge);
if (isValid){
//Handle event
}
return res.sendStatus(200);
}
FAQs
Node.js library for the OpenNode API.
The npm package opennode receives a total of 177 weekly downloads. As such, opennode popularity was classified as not popular.
We found that opennode demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.