Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
paraswap-widget
Advanced tools
ParaSwap Widget allows you to provide the best ERC20 prices for your users and earn fees on every trade.
You can monetize by using the referrer field. Reach out to us on Telegram for more info: https://t.me/paraswap
Here is how it looks:
Install the lib using npm or yarn
yarn install paraswap-widget
const {PSWidget} = require("paraswap-widget");
//or
import {PSWidget} from "paraswap-widget";
<PSWidget referrer={"my_company"} providerUrl={"MY_INFURA_URL"} />
Those are the properties you can use to customize the widget:
interface IPSWidgetProps {
providerUrl: string; //Required
referrer: string; //Required
defaultSlippage: number;
defaultPair: { from: string, to: string, amount: string };
unlimitedAllowance: boolean;
hasReceiver: boolean;
bgColor: string;
fixedFrom: boolean,
fixedTo: boolean,
}
You can also customize it a bit more
<PSWidget
referrer={"my_company"}
providerUrl={"MY_INFURA_URL"}
unlimitedAllowance={false}
bgColor={"#DDD"}
defaultPair={{from: 'cDAI', to: 'aDAI', amount: '100'}}
/>
If you wan to fix the from and/or to token, you can use fixedFrom and fixedTo params
<PSWidget
referrer={"my_company"}
providerUrl={"MY_INFURA_URL"}
defaultPair={{from: 'cDAI', to: 'JRT', amount: '100'}}
fixedFrom={true}
fixedTo={true}
/>
And you're good to go :)
FAQs
Unknown package
We found that paraswap-widget demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.