Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
TronWeb aims to deliver a unified, seamless development experience influenced by Ethereum's Web3 implementation. We have taken the core ideas and expanded upon them to unlock the functionality of TRON's unique feature set along with offering new tools for integrating DApps in the browser, Node.js and IoT devices.
To better support its use in TypeScript projects, we have rewritten the entire library in TypeScript. And to make the TronWeb API more secure and consistent, there are some breaking changes. Please check out 6.x API documentation for detailed changes so you can start using the new TypeScript version of TronWeb early. Any questions or feedback are welcome here.
Project scope
Any new TRON feature will be incorporated into TronWeb. Changes to the API to improve quality-of-life are in-scope for the project. We will not necessarily maintain feature parity with Web3.js going forward as this is a separate project, not a synchronized fork.
You can access either version specifically from the dist folder.
TronWeb is also compatible with frontend frameworks such as:
You can also ship TronWeb in a Chrome extension.
For recent history, see the CHANGELOG. You can check it out for:
npm install tronweb
or
yarn add tronweb
The easiest way to use TronWeb in a browser is to install it as above and copy the dist file to your working folder. For example:
cp node_modules/tronweb/dist/TronWeb.js ./js/tronweb.js
so that you can call it in your HTML page as
<script src="./js/tronweb.js"><script>
This project is also published on NPM and you can access CDN mirrors of this release (please use sub-resource integrity for any <script>
includes).
Shasta is the official Tron testnet. To use it use the following endpoint:
https://api.shasta.trongrid.io
Get some Shasta TRX at https://www.trongrid.io/shasta and play with it. Anything you do should be explorable on https://shasta.tronscan.org
You can set up your own private network, running Tron Quickstart. To do it you must install Docker and, when ready, run a command like
docker run -it --rm \
-p 9090:9090 \
-e "defaultBalance=100000" \
-e "showQueryString=true" \
-e "showBody=true" \
-e "formatJson=true" \
--name tron \
trontools/quickstart
More details about Tron Quickstart on GitHub
First of all, in your typescript file, define TronWeb:
import { TronWeb, utils as TronWebUtils, Trx, TransactionBuilder, Contract, Event, Plugin } from 'tronweb';
Please note that this is not the same as v5.x. If you want to dive into more differences, check out migration guide
When you instantiate TronWeb you can define
you can also set a
which works as a jolly. If you do so, though, the more precise specification has priority. Supposing you are using a server which provides everything, like TronGrid, you can instantiate TronWeb as:
const tronWeb = new TronWeb({
fullHost: 'https://api.trongrid.io',
headers: { "TRON-PRO-API-KEY": 'your api key' },
privateKey: 'your private key'
})
For retro-compatibility, though, you can continue to use the old approach, where any parameter is passed separately:
const tronWeb = new TronWeb(fullNode, solidityNode, eventServer, privateKey)
tronWeb.setHeader({ "TRON-PRO-API-KEY": 'your api key' });
If you are, for example, using a server as full and solidity node, and another server for the events, you can set it as:
const tronWeb = new TronWeb({
fullHost: 'https://api.trongrid.io',
eventServer: 'https://api.someotherevent.io',
privateKey: 'your private key'
}
)
If you are using different servers for anything, you can do
const tronWeb = new TronWeb({
fullNode: 'https://some-node.tld',
solidityNode: 'https://some-other-node.tld',
eventServer: 'https://some-event-server.tld',
privateKey: 'your private key'
}
)
The package files will be signed using a GPG key pair, and the correctness of the signature will be verified using the following public key:
pub: 4371 AB85 E5A5 8FAA 88AD 7FDF 9945 DBCA 8C4B B810
uid: dev@tronweb.network
In order to contribute you can
npm i
npm run build:all
npm run test
Contact the team at https://cn.developers.tron.network/docs/online-technical-support
TronWeb is distributed under a MIT licence.
FAQs
JavaScript SDK that encapsulates the TRON HTTP API
The npm package tronweb receives a total of 77,300 weekly downloads. As such, tronweb popularity was classified as popular.
We found that tronweb demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.