Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
TronWeb aims to deliver a unified, seamless development experience influenced by Ethereum's Web3 implementation. We have taken the core ideas and expanded upon them to unlock the functionality of TRON's unique feature set along with offering new tools for integrating DApps in the browser, Node.js and IoT devices.
To better support its use in TypeScript projects, we have rewritten the entire library in TypeScript. And to make the TronWeb API more secure and consistent, there are some breaking changes. Please check out 6.x API documentation for detailed changes so you can start using the new TypeScript version of TronWeb early. Any questions or feedback are welcome here.
Project scope
Any new TRON feature will be incorporated into TronWeb. Changes to the API to improve quality-of-life are in-scope for the project. We will not necessarily maintain feature parity with Web3.js going forward as this is a separate project, not a synchronized fork.
You can access either version specifically from the dist folder.
TronWeb is also compatible with frontend frameworks such as:
You can also ship TronWeb in a Chrome extension.
For recent history, see the CHANGELOG. You can check it out for:
npm install tronweb
or
yarn add tronweb
The easiest way to use TronWeb in a browser is to install it as above and copy the dist file to your working folder. For example:
cp node_modules/tronweb/dist/TronWeb.js ./js/tronweb.js
so that you can call it in your HTML page as
<script src="./js/tronweb.js"><script>
This project is also published on NPM and you can access CDN mirrors of this release (please use sub-resource integrity for any <script>
includes).
Shasta is the official Tron testnet. To use it use the following endpoint:
https://api.shasta.trongrid.io
Get some Shasta TRX at https://www.trongrid.io/shasta and play with it. Anything you do should be explorable on https://shasta.tronscan.org
You can set up your own private network, running Tron Quickstart. To do it you must install Docker and, when ready, run a command like
docker run -it --rm \
-p 9090:9090 \
-e "defaultBalance=100000" \
-e "showQueryString=true" \
-e "showBody=true" \
-e "formatJson=true" \
--name tron \
trontools/quickstart
More details about Tron Quickstart on GitHub
First of all, in your typescript file, define TronWeb:
import { TronWeb, utils as TronWebUtils, Trx, TransactionBuilder, Contract, Event, Plugin } from 'tronweb';
Please note that this is not the same as v5.x. If you want to dive into more differences, check out migration guide
When you instantiate TronWeb you can define
you can also set a
which works as a jolly. If you do so, though, the more precise specification has priority. Supposing you are using a server which provides everything, like TronGrid, you can instantiate TronWeb as:
const tronWeb = new TronWeb({
fullHost: 'https://api.trongrid.io',
headers: { "TRON-PRO-API-KEY": 'your api key' },
privateKey: 'your private key'
})
For retro-compatibility, though, you can continue to use the old approach, where any parameter is passed separately:
const tronWeb = new TronWeb(fullNode, solidityNode, eventServer, privateKey)
tronWeb.setHeader({ "TRON-PRO-API-KEY": 'your api key' });
If you are, for example, using a server as full and solidity node, and another server for the events, you can set it as:
const tronWeb = new TronWeb({
fullHost: 'https://api.trongrid.io',
eventServer: 'https://api.someotherevent.io',
privateKey: 'your private key'
}
)
If you are using different servers for anything, you can do
const tronWeb = new TronWeb({
fullNode: 'https://some-node.tld',
solidityNode: 'https://some-other-node.tld',
eventServer: 'https://some-event-server.tld',
privateKey: 'your private key'
}
)
The package files will be signed using a GPG key pair, and the correctness of the signature will be verified using the following public key:
pub: 4371 AB85 E5A5 8FAA 88AD 7FDF 9945 DBCA 8C4B B810
uid: dev@tronweb.network
In order to contribute you can
npm i
npm run build:all
npm run test
Contact the team at https://cn.developers.tron.network/docs/online-technical-support
TronWeb is distributed under a MIT licence.
FAQs
JavaScript SDK that encapsulates the TRON HTTP API
The npm package tronwb receives a total of 0 weekly downloads. As such, tronwb popularity was classified as not popular.
We found that tronwb demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.