Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
sidecar-test-beta
Advanced tools
REST service that makes it easy to interact with blockchain nodes built using Substrate's FRAME framework.
v1.0.0 was released on 2020-10-23. This major release introduced several renamed endpoints as breaking changes. It is important that users complete the transition to the new endpoints ASAP so they are ready for any subsequent emergency updates. Please visit the MIGRATION_GUIDE to learn more.
This service requires Node versions 14 or higher.
Compatibility:
Node Version | Stablility |
---|---|
v14.x.x | Stable |
v16.x.x | Stable |
v17.x.x | Not Stable |
v18.x.x | Pending |
NOTE: Node LTS (long term support
) versions start with an even number, and odd number versions are subject to a 6 month testing period with active support before they are unsupported. It is recommended to use sidecar with a stable actively maintained version of node.js.
Install the service globally:
npm install -g @substrate/api-sidecar
# OR
yarn global add @substrate/api-sidecar
Run the service from any directory on your machine:
substrate-api-sidecar
To check your version you may append the --version
flag to substrate-api-sidecar
.
Install the service locally:
npm install @substrate/api-sidecar
# OR
yarn add @substrate/api-sidecar
Run the service from within the local directory:
node_modules/.bin/substrate-api-sidecar
Jump to the configuration section for more details on connecting to a node.
Click here for full endpoint docs.
In the full endpoints doc, you will also find the following trace
related endpoints :
/experimental/blocks/{blockId}/traces/operations?actions=false
/experimental/blocks/head/traces/operations?actions=false
/experimental/blocks/{blockId}/traces
/experimental/blocks/head/traces
To have access to these endpoints you need to :
—unsafe-rpc-external
BlocksTrace
controller is active for the chain you are running.Currently BlocksTrace
controller is active in Polkadot and Kusama.
Simply run yarn
.
If you are looking to hack on the calc
Rust crate make sure your machine has an up-to-date version of rustup
installed to manage Rust dependencies.
Install wasm-pack
if your machine does not already have it:
cargo install wasm-pack
Use yarn to do the remaining setup:
yarn
# For live reload in development
yarn dev
# To build and run
yarn build
yarn start
Jump to the configuration section for more details on connecting to a node.
To use a specific env profile (here for instance a profile called 'env.sample'):
NODE_ENV=sample yarn start
For more information on our configuration manager visit its readme here. See Specs.ts
to view the env configuration spec.
SAS_EXPRESS_BIND_HOST
: address on which the server will be listening, defaults to 127.0.0.1
.SAS_EXPRESS_PORT
: port on which the server will be listening, defaults to 8080
.SAS_EXPRESS_LOG_MODE
: enable console logging of "all" HTTP requests, only "errors", or nothing by
setting it to anything else. LOG_MODE defaults to only "errors".SAS_SUBSTRATE_WS_URL
: WebSocket URL to which the RPC proxy will attempt to connect to, defaults to
ws://127.0.0.1:9944
.Some chains require custom type definitions in order for Sidecar to know how to decode the data retrieved from the node. Sidecar pulls types for chains from @polkadot/apps-config, but in some cases the types for the chain you are trying to connect to may be out of date or may simply not exist in @polkadot/apps-config.
Sidecar affords environment variables which allow the user to specify an absolute path to a JSON file
that contains type definitions in the corresponding formats. Consult polkadot-js/api for more info on
the type formats (see RegisteredTypes
).
N.B Types set from environment variables will override the corresponding types pulled from @polkadot/apps-config.
SAS_SUBSTRATE_TYPES_BUNDLE
: a bundle of types with versioning info, type aliases, derives, and
rpc definitions. Format: OverrideBundleType
(see typesBundle
).SAS_SUBSTRATE_TYPES_CHAIN
: type definitions keyed by chainName
. Format: Record<string, RegistryTypes>
(see typesChain
).SAS_SUBSTRATE_TYPES_SPEC
: type definitions keyed by specName
. Format: Record<string, RegistryTypes>
(see typesSpec
).SAS_SUBSTRATE_TYPES
: type definitions and overrides, not keyed. Format: RegistryTypes
(see types
).You can read more about defining types for polkadot-js here.
Polkadot-js can recognize the standard node template and inject the correct types, but if you have
modified the name of your chain in the node template you will need to add the types manually in a
JSON types
file like so:
// my-chains-types.json
{
"Address": "AccountId",
"LookupSource": "AccountId"
}
and then set the enviroment variable to point to your definitions:
export SAS_SUBSTRATE_TYPES=/path/to/my-chains-types.json
SAS_LOG_LEVEL
: the lowest priority log level to surface, defaults to info
. Tip: set to http
to see all HTTP requests.SAS_LOG_JSON
: wether or not to have logs formatted as JSON, defaults to false
.
Useful when using stdout
to programmatically process Sidecar log data.SAS_LOG_FILTER_RPC
: wether or not to filter polkadot-js API-WS RPC logging, defaults to false
.SAS_LOG_STRIP_ANSI
: wether or not to strip ANSI characters from logs, defaults
to false
. Useful when logging RPC calls with JSON written to transports.Log levels in order of decreasing importance are: error
, warn
, info
, http
, verbose
, debug
, silly
.
http status code range | log level |
---|---|
code < 400 | http |
400 <= code < 500 | warn |
500 < code | error |
If looking to track raw RPC requests/responses, one can use yarn start:log-rpc
to turn on polkadot-js's
logging. It is recommended to also set SAS_LOG_STRIP_ANSI=true
to increase the readability of the logging stream.
N.B. If running yarn start:log-rpc
, the NODE_ENV will be set to test
. In order still run your .env
file you can symlink
it with .env.test
. For example you could run
ln -s .env.myEnv .env.test && yarn start:log-rpc
to use .env.myEnv
to set ENV variables. (see linux
commands ln
and unlink
for more info.)
It is possible to get more information about the fee and payout calculation process logged to the console. Because this fee calculation happens in the statically compiled web assembly part a re-compile with the proper environment variable set is necessary:
CALC_DEBUG=1 sh calc/build.sh
Click here for full endpoint docs.
Click here for chain integration guide.)
With each release, the maintainers publish a docker image to dockerhub at parity/substrate-api-sidecar
docker pull docker.io/parity/substrate-api-sidecar:latest
The specific image tag matches the release version.
yarn build:docker
# For default use run:
docker run --rm -it --read-only -p 8080:8080 substrate-api-sidecar
# Or if you want to use environment variables set in `.env.docker`, run:
docker run --rm -it --read-only --env-file .env.docker -p 8080:8080 substrate-api-sidecar
NOTE: While you could omit the --read-only
flag, it is strongly recommended for containers used in production.
then you can test with:
curl -s http://0.0.0.0:8080/blocks/head | jq
N.B. The docker flow presented here is just a sample to help get started. Modifications may be necessary for secure usage.
Need help or want to contribute ideas or code? Head over to our CONTRIBUTING doc for more information.
All the commits in this repo follow the Conventional Commits spec. When merging a PR, make sure 1) to use squash merge and 2) that the title of the PR follows the Conventional Commits spec.
Every Monday the polkadot-js ecosystem will usually come out with a new release. It's important that we keep up,
and read the release notes for any breaking changes or high priority updates. You can use the following command yarn upgrade-interactive
to find and update all available releases. To Upgrade just @polkadot
scoped deps use yarn up @polkadot/*
.
Next make sure the resolutions are up to date inside of the package.json
for all @polkadot/*
packages, please refer to the releases of each polkadot package we update as a dependency, and reach out to the maintainers for any questions. You will have to run yarn
again to ensure the dependency cache
, and yarn.lock
have the correct versions.
Ensure everything is working by running the following tests, yarn build
, yarn lint
, yarn test
, yarn test:init-e2e-tests
.
Lastly, create a PR with the updates.
Sidecar is a stateless program and thus should not use any disk space.
The requirements follow the default of node.js processes which is an upper bound in HEAP memory of a little less than 2GB thus 4GB of memory should be sufficient.
Please note that if you run sidecar next to a substrate node in a single machine then your system specifications should improve significantly.
During the benchmarks we performed, we concluded that sidecar would use a max of 1.1GB of RSS memory.
The benchmarks were:
Hardware specs in which the benchmarks were performed:
Machine type:
n2-standard-4 (4 vCPUs, 16 GB memory)
CPU Platform:
Intel Cascade Lake
Hard-Disk:
500GB
FAQs
REST service that makes it easy to interact with blockchain nodes built using Substrate's FRAME framework.
The npm package sidecar-test-beta receives a total of 0 weekly downloads. As such, sidecar-test-beta popularity was classified as not popular.
We found that sidecar-test-beta demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.