Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
The web3 npm package is a collection of libraries that allow you to interact with a local or remote Ethereum node, using HTTP, IPC, or WebSocket. It provides functionalities for interacting with smart contracts, sending transactions, and querying blockchain data.
Connecting to an Ethereum Node
This feature allows you to connect to an Ethereum node using an HTTP provider. You can replace the URL with your own node's URL or use a service like Infura.
const Web3 = require('web3');
const web3 = new Web3('https://mainnet.infura.io/v3/YOUR_INFURA_PROJECT_ID');
Interacting with Smart Contracts
This feature allows you to interact with smart contracts deployed on the Ethereum blockchain. You need the contract's ABI and address to create a contract instance and call its methods.
const contractABI = [/* ABI array */];
const contractAddress = '0xYourContractAddress';
const contract = new web3.eth.Contract(contractABI, contractAddress);
contract.methods.yourMethod().call().then(console.log);
Sending Transactions
This feature allows you to send transactions on the Ethereum network. You need the sender's account address and private key to sign and send the transaction.
const account = '0xYourAccountAddress';
const privateKey = 'your_private_key';
const tx = {
to: '0xRecipientAddress',
value: web3.utils.toWei('0.1', 'ether'),
gas: 2000000
};
web3.eth.accounts.signTransaction(tx, privateKey).then(signed => {
web3.eth.sendSignedTransaction(signed.rawTransaction)
.on('receipt', console.log);
});
Querying Blockchain Data
This feature allows you to query data from the blockchain, such as retrieving the latest block information.
web3.eth.getBlock('latest').then(console.log);
The ethers.js library aims to be a complete and compact library for interacting with the Ethereum Blockchain and its ecosystem. It provides similar functionalities to web3, such as connecting to Ethereum nodes, interacting with smart contracts, and sending transactions. Ethers.js is known for its smaller size and better documentation.
Truffle is a development environment, testing framework, and asset pipeline for Ethereum. While it provides some overlapping functionalities with web3, such as interacting with smart contracts, it is more focused on the development and deployment of smart contracts.
Embark is a framework for serverless Decentralized Applications using Ethereum, IPFS, and other platforms. It provides functionalities for smart contract management, decentralized storage, and communication, making it a more comprehensive solution compared to web3.
This is the main package of web3.js, it contains a collection of comprehensive TypeScript libraries for Interaction with the Ethereum JSON RPC API and utility functions.
You can install the package either using NPM or using Yarn
npm install web3
yarn add web3
Script | Description |
---|---|
clean | Uses rimraf to remove dist/ |
build | Uses tsc to build package and dependent packages |
lint | Uses eslint to lint package |
lint:fix | Uses eslint to check and fix any warnings |
format | Uses prettier to format the code |
test | Uses jest to run unit tests |
test:integration | Uses jest to run tests under /test/integration |
test:unit | Uses jest to run tests under /test/unit |
We encourage users to use only required individual packages listed in following table, for making lightweight application instead of importing main web3 package, and if you don't need functions from most of the packages that are implicitly included with main web3 package.
Package | Version | License | Docs | Description |
---|---|---|---|---|
web3 | :rotating_light: Entire Web3.js offering (includes all packages) | |||
web3-core | Core functions for web3.js packages | |||
web3-errors | Errors Objects | |||
web3-eth | Modules to interact with the Ethereum blockchain and smart contracts | |||
web3-eth-abi | Functions for encoding and decoding EVM in/output | |||
web3-eth-accounts | Functions for managing Ethereum accounts and signing | |||
web3-eth-contract | The contract package contained in web3-eth | |||
web3-eth-ens | Functions for interacting with the Ethereum Name Service | |||
web3-eth-iban | Functionality for converting Ethereum addressed to IBAN addressed and vice versa | |||
web3-eth-personal | Module to interact with the Ethereum blockchain accounts stored in the node | |||
web3-net | Functions to interact with an Ethereum node's network properties | |||
web3-providers-http | Web3.js provider for the HTTP protocol | |||
web3-providers-ipc | Web3.js provider for IPC | |||
web3-providers-ws | Web3.js provider for the Websocket protocol | |||
web3-rpc-methods | RPC Methods | |||
web3-types | Shared useable types | |||
web3-utils | Useful utility functions for Dapp developers | |||
web3-validator | Utilities for validating objects |
FAQs
Ethereum JavaScript API
We found that web3 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.