Product
Introducing Webhook Events for Alert Changes
Add real-time Socket webhook events to your workflows to automatically receive software supply chain alert changes in real time.
By Phil Gates-Idem -  Nov 21, 2025
🚀 DAY 5 OF LAUNCH WEEK:Introducing Webhook Events for Alert Changes.Learn more →
spell-attester
Advanced tools
MakerDAO spell attester
The command-line tool to assist with on-chain attestation of MakerDAO spells. It aids with creating or revoking EAS attestations of 3 kinds: identity (userAddress, userPseudonym, userTeam), spell (payloadId, crafterPseudonym, reviewerAPseudonym, reviewerBPseudonym), deployment (payloadId, payloadAddress, payloadHash). It also helps to identify current status of the spell using status command.
Note: the CLI is just another interface for creating, revoking and fetching attestations, but a regular UI such as EASscan can be used to do the same set of actions (by using relevant attestation schemas).
Pre-requirements
- Installed node.js
- [Optional] RPC url of the supported chain (will be read from the
RPC_URLenvironment variable) - [Required for submitting transactions] Private key of your EOA wallet (will be read from the
PRIVATE_KEYenvironment variable)
Usage
The CLI can be directly executed without installation via npx spell-attester or installed on your machine via npm i spell-attester@latest -g and then executed via spell-attester. It is advised to install specific version of the package and then review its code before using it.
$ npx spell-attester --help
<command>
Commands:
create-identity Create attestation to identify ethereum address
create-spell Create attestation to setup a spell and define its members
create-deployment Create attestation to verify deployed spell
revoke [attestation-uid] Revoke existing attestation
status [payload-id] Get status of existing spell
configure [variable-name] Configure env variables
Options:
--help Show help [boolean]
--version Show version number [boolean]
Example usage
# Create Identity attestation (at least 3 identities are required)
$ npx spell-attester create-identity --user-address 0x... --user-pseudonym alice --team-name team_a
# Create Spell attestation
$ npx spell-attester create-spell --payload-id 2024-06-27 --crafter alice --reviewer-a bob --reviewer-b charlie
# Create Deployment attestation
$ npx spell-attester create-deployment --payload-id 2024-06-27 --payload-address 0x... --payload-hash 0x...
# Get status of the spell
$ npx spell-attester status 2024-06-27
Keywords
FAQs
CLI for the Maker Spell Attestation contracts
We found that spell-attester demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 09 Aug 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
ENISA Becomes a CVE Root, Expanding Its Role in Europe’s Vulnerability Ecosystem
ENISA has become a CVE Program Root, giving the EU a central authority for coordinating vulnerability reporting, disclosure, and cross-border response.
By Sarah Gooding -  Nov 21, 2025
Product
Introducing Socket Scanning for OpenVSX Extensions
Socket now scans OpenVSX extensions, giving teams early detection of risky behaviors, hidden capabilities, and supply chain threats in developer tools.
By Mix Irving, Ryan Eberhardt -  Nov 20, 2025