Research
Security News
Malicious npm Packages Use Telegram to Exfiltrate BullX Credentials
Socket uncovers an npm Trojan stealing crypto wallets and BullX credentials via obfuscated code and Telegram exfiltration.
By Kush Pandya - May 08, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
What is viem?
The 'viem' npm package is a versatile library designed for interacting with Ethereum blockchain networks. It provides a range of functionalities including connecting to Ethereum nodes, sending transactions, interacting with smart contracts, and more.
What are viem's main functionalities?
Connecting to Ethereum Nodes
This feature allows you to create a client that connects to an Ethereum node using a specified URL. In this example, the client connects to the Infura mainnet node.
const { createClient } = require('viem');
const client = createClient({
url: 'https://mainnet.infura.io/v3/YOUR_INFURA_PROJECT_ID'
});Sending Transactions
This feature allows you to send transactions on the Ethereum network. The example demonstrates sending 1 ETH from one address to another.
const { sendTransaction } = require('viem');
const tx = await sendTransaction(client, {
from: '0xYourAddress',
to: '0xRecipientAddress',
value: '1000000000000000000' // 1 ETH in wei
});Interacting with Smart Contracts
This feature allows you to interact with smart contracts by calling their functions. The example shows how to call a function of a smart contract using its ABI and function name.
const { callContractFunction } = require('viem');
const result = await callContractFunction(client, {
contractAddress: '0xContractAddress',
abi: [
// ABI of the contract
],
functionName: 'functionName',
args: [/* function arguments */]
});Other packages similar to viem
web3
The 'web3' package is a popular library for interacting with the Ethereum blockchain. It provides similar functionalities to 'viem' such as connecting to nodes, sending transactions, and interacting with smart contracts. However, 'web3' is more established and widely used in the Ethereum developer community.
ethers
The 'ethers' package is another widely-used library for Ethereum development. It offers a clean and simple API for interacting with the Ethereum blockchain, including functionalities for connecting to nodes, sending transactions, and interacting with smart contracts. 'ethers' is known for its ease of use and comprehensive documentation.
TypeScript Interface for Ethereum
Features
- Abstractions over the JSON-RPC API to make your life easier
- First-class APIs for interacting with Smart Contracts
- Language closely aligned to official Ethereum terminology
- Import your Browser Extension, WalletConnect or Private Key Wallet
- Browser native BigInt, instead of large BigNumber libraries
- Utilities for working with ABIs (encoding/decoding/inspection)
- TypeScript ready (infer types from ABIs and EIP-712 Typed Data)
- First-class support for Anvil, Hardhat & Ganache
- Test suite running against forked Ethereum network
... and a lot more.
Overview
// 1. Import modules.
import { createPublicClient, http } from 'viem';
import { mainnet } from 'viem/chains';
// 2. Set up your client with desired chain & transport.
const client = createPublicClient({
chain: mainnet,
transport: http(),
});
// 3. Consume an action!
const blockNumber = await client.getBlockNumber();
Documentation
Head to the documentation to read and learn more about viem.
Community
Check out the following places for more viem-related content:
- Follow @wevm_dev, @_jxom, and @awkweb on Twitter for project updates
- Join the discussions on GitHub
- Share your project/organization that uses viem
Support
Sponsors
Contributing
If you're interested in contributing, please read the contributing docs before submitting a pull request.
Authors
License
MIT License
FAQs
TypeScript Interface for Ethereum
The npm package viem receives a total of 920,989 weekly downloads. As such, viem popularity was classified as popular.
We found that viem demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 08 May 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS
Malicious npm packages posing as developer tools target macOS Cursor IDE users, stealing credentials and modifying files to gain persistent backdoor access.
By Kirill Boychenko - May 07, 2025
Security News
AI Slop Is Polluting Bug Bounty Platforms with Fake Vulnerability Reports
AI-generated slop reports are making bug bounty triage harder, wasting maintainer time, and straining trust in vulnerability disclosure programs.
By Sarah Gooding - May 06, 2025