:warning: Under heavy development: do not use in production :warning:
zos-lib is a library for writing upgradeable smart contracts on Ethereum. It can be used to create an upgradeable on-chain distributed application and is also used inside the zOS Kernel.
Use this library if you want to programmatically develop, deploy or operate an upgradeable smart contract system.
If you want a CLI-aided development experience, see the zOS CLI.
To install zos-lib simply go to your project's root directory and run:
npm i zos-lib
Next, learn how to:
Note: This shows a low-level manual method of developing a single upgradeable smart contract. You probably want to use the higher-level CLI guide.
To work with a single upgradeable smart contract, you just need to deal with a simple upgradeability proxy. This is a special contract that will hold the storage of your upgradeable contract and redirect function calls to an implementation contract, which you can change (thus making it upgradeable). To learn more about how proxies work under the hood, read this post on our blog. To simply use them, do the following:
MyContract.sol. Most contracts require some sort of initialization, but upgradeable contracts can't use constructors (for reasons explained in this blog post), so we need to use the Initializable pattern provided in zos-lib:import "zos-lib/contracts/migrations/Initializable.sol";
contract MyContract is Initializable {
bool internal initialized;
uint256 public x;
function initialize(uint256 _x) public {
require(!initialized);
x = _x;
initialized = true;
}
}
const implementation_v0 = await MyContract.new();
const proxy = await OwnedUpgradeabilityProxy.new(implementation_v0.address);
MyContract interface, because all calls will be delegated to the behavior.let myContract = await MyContract.at(proxy.address);
const x0 = 42;
await myContract.initialize(x0);
console.log(await myContract.x()); // 42
import "zos-lib/contracts/migrations/Initializable.sol";
contract MyContract is Initializable {
bool internal initialized;
uint256 public x;
function initialize(uint256 _x) public {
require(!initialized);
x = _x;
initialized = true;
}
function y() public pure returns (uint256) {
return 1337;
}
}
Note that when we update our contract's code, we can't change its pre-existing storage structure. This means we can't remove any previously existing contract variable. We can, however, remove functions we don't want to use anymore (in the code shown, all functions were preserved).
const implementation_v1 = await MyContract.new();
await proxy.upgradeTo(implementation_v1.address);
myContract = await MyContract_v1.at(proxy.address);
console.log(await myContract.x()); // 42
console.log(await myContract.y()); // 1337
Wohoo! We've upgraded our contract's behavior while preserving it's storage.
For a fully working project with this example, see the examples/single folder.
Most real-world applications require more than a single smart contract. Here's how to build a complex upgradeable app with multiple smart contracts and connect it to the zOS Kernel standard libraries.
See this guide in the zeppelinos/kernel repo to learn how to develop new zOS kernel standard library releases.
FAQs
JavaScript library for the ZeppelinOS smart contract platform
The npm package zos-lib receives a total of 142 weekly downloads. As such, zos-lib popularity was classified as not popular.
We found that zos-lib demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Application Security
/Research
/Security News
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Halud" supply chain attack that previously hit Tinycolor and 40+ other packages.
Research
/Security News
Malicious update to @ctrl/tinycolor on npm is part of a supply-chain attack hitting 40+ packages across maintainers
Security News
pnpm's new minimumReleaseAge setting delays package updates to prevent supply chain attacks, with other tools like Taze and NCU following suit.