Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
The 'viem' npm package is a versatile library designed for interacting with Ethereum blockchain networks. It provides a range of functionalities including connecting to Ethereum nodes, sending transactions, interacting with smart contracts, and more.
Connecting to Ethereum Nodes
This feature allows you to create a client that connects to an Ethereum node using a specified URL. In this example, the client connects to the Infura mainnet node.
const { createClient } = require('viem');
const client = createClient({
url: 'https://mainnet.infura.io/v3/YOUR_INFURA_PROJECT_ID'
});
Sending Transactions
This feature allows you to send transactions on the Ethereum network. The example demonstrates sending 1 ETH from one address to another.
const { sendTransaction } = require('viem');
const tx = await sendTransaction(client, {
from: '0xYourAddress',
to: '0xRecipientAddress',
value: '1000000000000000000' // 1 ETH in wei
});
Interacting with Smart Contracts
This feature allows you to interact with smart contracts by calling their functions. The example shows how to call a function of a smart contract using its ABI and function name.
const { callContractFunction } = require('viem');
const result = await callContractFunction(client, {
contractAddress: '0xContractAddress',
abi: [
// ABI of the contract
],
functionName: 'functionName',
args: [/* function arguments */]
});
The 'web3' package is a popular library for interacting with the Ethereum blockchain. It provides similar functionalities to 'viem' such as connecting to nodes, sending transactions, and interacting with smart contracts. However, 'web3' is more established and widely used in the Ethereum developer community.
The 'ethers' package is another widely-used library for Ethereum development. It offers a clean and simple API for interacting with the Ethereum blockchain, including functionalities for connecting to nodes, sending transactions, and interacting with smart contracts. 'ethers' is known for its ease of use and comprehensive documentation.
FAQs
TypeScript Interface for Ethereum
The npm package viem receives a total of 483,083 weekly downloads. As such, viem popularity was classified as popular.
We found that viem demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.