Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
truffle-debugger
Advanced tools
Core functionality for debugging Solidity files built with Truffle
Portable Solidity debugger library, for use with or without Truffle.
Features:
API Documentation for this library can be found at trufflesuite.github.io/truffle-debugger.
:warning: This documentation is currently a work in progress.
Please see the reference integration provided by the truffle debug
command.
To start a truffle-debugger session, you'll need the following:
txHash
- A transaction hash (prefixed with 0x
), for the transaction to debugprovider
- A web3 provider instance (see web3.js)contracts
- An array of contract objects, with the following properties:
contractName
- The name of the contractsource
- The full Solidity source codesourcePath
- (optional) the path to the Solidity file on diskast
- The Solidity compiler's output AST (new style, not legacyAST
)binary
- 0x
-prefixed string with the binary used to create a contract instancesourceMap
- The Solidity compiler output source map for the creation binarydeployedBinary
- 0x
-prefixed string with the on-chain binary for a contract instancedeployedSourceMap
- The source map corresponding to the on-chain binary (from the Solidity compiler)Optionally (and recommended), you can also provide a files
argument:
files
- An array of sourcePaths representing file indexes (from solc
or truffle-compile
).forTx()
and then .connect()
to it:import Debugger from "truffle-debugger";
let bugger = await Debugger
.forTx(txHash, { contracts, files, provider });
let session = bugger.connect();
ready()
promise:await session.ready();
session
instance in order to step through the trace for the transaction:session.stepNext();
session.stepOver();
session.stepInto();
session.view()
interface, and the provided selectors:let { ast, data, evm, solidity, trace } = Debugger.selectors;
let variables = session.view(data.current.identifiers.native);
let sourceRange = session.view(solidity.current.sourceRange);
Session
class docsIt's our goal that this library should serve as a reliable and well-maintained tool for the Solidity ecosystem. Ultimately, we hope to support all language features and meet the varied requirements of a mature debugging library.
We believe that a good Solidity debugger belongs to the community. We welcome, with our most humble gratitude, any and all community efforts in bringing this debugger closer to that goal. If you find something broken or missing, please open an issue!
Some other ideas for how to get involved:
Thank you for all the continued support. :bow:
FAQs
Core functionality for debugging Solidity files built with Truffle
We found that truffle-debugger demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.