Installations
npm install @oceanprotocol/lib
Developer Guide
Typescript
Yes
Module System
CommonJS, ESM
Node Version
20.18.1
NPM Version
10.8.2
Releases
Contributors
Languages
TypeScript (99.05%)
Shell (0.61%)
JavaScript (0.34%)
Developer
Download Statistics
Total Downloads
144,226
Last Day
8
Last Week
196
Last Month
1,341
Last Year
12,655
GitHub Statistics
108 Stars
3,275 Commits
69 Forks
16 Watching
24 Branches
41 Contributors
Package Meta Information
Latest Version
3.4.5
Package Id
@oceanprotocol/lib@3.4.5
Unpacked Size
2.73 MB
Size
527.84 kB
File Count
161
NPM Version
10.8.2
Node Version
20.18.1
Publised On
19 Dec 2024
Total Downloads
Cumulative downloads
Total Downloads
144,226
Last day
-27.3%
8
Compared to previous day
Last week
-60.3%
196
Compared to previous week
Last month
-9.7%
1,341
Compared to previous month
Last year
-82.5%
12,655
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
6
Peer Dependencies
1
Dev Dependencies
31
ocean.js
JavaScript library to privately & securely publish, exchange, and consume data.
With ocean.js, you can:
- Publish data services: downloadable files or compute-to-data. Create an ERC721 data NFT for each service, and ERC20 datatoken for access (1.0 datatokens to access).
- Sell datatokens for a fixed price. Sell data NFTs.
- Transfer data NFTs & datatokens to another owner, and all other ERC721 & ERC20 actions using web3.js etc.
ocean.js is part of the Ocean Protocol toolset.
This is in alpha state. If you run into problems, please open up a new issue.
- 📚 Prerequisites
- 🏗 Installation & Usage
- 🦑 Development
- ✨ Code Style
- 👩🔬 Testing
- 🛳 Production
- ⬆️ Releases
- 🏛 License
📚 Prerequisites
- node.js (Install from here)
- Docker (Managed as a non-root user)
- A Unix based operating system (Mac or Linux)
🏗 Installation & Usage
1npm install @oceanprotocol/lib
- Checkout our code examples or compute to data examples to see how you can use ocean.js.
- Refer to the Ocean Protocol documentation for more guides and tutorials.
- Visit the Ocean Protocol website for general information about Ocean Protocol.
- If you have any difficulties or if you have further questions about how to use ocean.js please reach out to us on Discord.
- If you notice any bugs or issues with ocean.js please open an issue on github.
🦑 Development
The project is authored with TypeScript and compiled with tsc
.
To start compiler in watch mode:
1npm install 2npm start
✨ Code Style
For linting and auto-formatting you can use from the root of the project:
1# lint all js with eslint 2npm run lint 3 4# auto format all js & css with prettier, taking all configs into account 5npm run format
👩🔬 Testing
Test suite for unit & integration tests is setup with Mocha as test runner, and nyc for coverage reporting. A combined coverage report is sent to CodeClimate via the coverage
GitHub Actions job.
Running all tests requires running Ocean Protocol components beforehand with Barge, which also runs a ganache-cli
instance:
1git clone https://github.com/oceanprotocol/barge 2cd barge 3 4./start_ocean.sh --with-provider2 --no-dashboard --with-c2d
You can then proceed to run in another terminal.
Let ocean.js know where to pickup the smart contract addresses, which has been written out by Barge in this location:
export ADDRESS_FILE="${HOME}/.ocean/ocean-contracts/artifacts/address.json"
Build metadata:
npm run build:metadata
Executing linting, type checking, unit, and integration tests with coverage reporting all in one go:
1npm test
Unit Tests
You can execute the unit tests individually with:
1npm run test:unit 2# same thing, but with coverage reporting 3npm run test:unit:cover
Integration Tests
You can execute the integration tests individually with:
1npm run test:integration 2# same thing, but with coverage reporting 3npm run test:integration:cover
Sapphire Integration Tests
We are currently using the live Oasis Sapphire Test network for the integration tests.
Please export the PRIVATE_KEY
and PRIVATE_KEY_CONSUMER
before running the tests.
1export PRIVATE_KEY='0x<YOUR_PRIVATE_KEY>' 2export PRIVATE_KEY_CONSUMER='0x<YOUR_CONSUMER_PRIVATE_KEY>'
Then, you can execute the tests individually with:
1npm run test:sapphire
Note: On macOS, changes to the
provider
,metadataCache
andsubgraph
URLs are required, as their defaultbarge
IPs can not be accessed due to network constraints on macOS. Instead usehttp://127.0.0.1
for each direct call to the mentioned services, but keep the internalprovider
URL (http://172.15.0.4:8030
) hardcoded inside all DDO'sserviceEndpoint
, and when callingnft.setMetadata()
.
🛳 Production
To create a production build, run from the root of the project:
1npm run build
⬆️ Releases
Releases are managed semi-automatically. They are always manually triggered from a developer's machine with release scripts.
Production
From a clean main
branch you can run the release task bumping the version accordingly based on semantic versioning:
1npm run release
The task does the following:
- bumps the project version in
package.json
,package-lock.json
- auto-generates and updates the CHANGELOG.md file from commit messages
- creates a Git tag
- commits and pushes everything
- creates a GitHub release with commit messages as description
- Git tag push will trigger a GitHub Action workflow to do a npm release
For the GitHub releases steps a GitHub personal access token, exported as GITHUB_TOKEN
is required. Setup
Pre-Releases
For pre-releases, this is required for the first one like v0.18.0-next.0
:
1./node_modules/.bin/release-it major|minor|patch --preRelease=next
Further releases afterwards can be done with npm run release
again and selecting the appropriate next version, in this case v0.18.0-next.1
and so on.
🏛 License
Copyright ((C)) 2023 Ocean Protocol Foundation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/oceanprotocol/.github/SECURITY.md:1
- Info: Found linked content: github.com/oceanprotocol/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/oceanprotocol/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/oceanprotocol/.github/SECURITY.md:1
Reason
Found 8/13 approved changesets -- score normalized to 6
Reason
dependency not pinned by hash detected -- score normalized to 4
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/oceanprotocol/ocean.js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/oceanprotocol/ocean.js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/oceanprotocol/ocean.js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/oceanprotocol/ocean.js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/oceanprotocol/ocean.js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/oceanprotocol/ocean.js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/oceanprotocol/ocean.js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/oceanprotocol/ocean.js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/oceanprotocol/ocean.js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/oceanprotocol/ocean.js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:159: update your workflow using https://app.stepsecurity.io/secureworkflow/oceanprotocol/ocean.js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:160: update your workflow using https://app.stepsecurity.io/secureworkflow/oceanprotocol/ocean.js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:164: update your workflow using https://app.stepsecurity.io/secureworkflow/oceanprotocol/ocean.js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:180: update your workflow using https://app.stepsecurity.io/secureworkflow/oceanprotocol/ocean.js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:181: update your workflow using https://app.stepsecurity.io/secureworkflow/oceanprotocol/ocean.js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:184: update your workflow using https://app.stepsecurity.io/secureworkflow/oceanprotocol/ocean.js/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:187: update your workflow using https://app.stepsecurity.io/secureworkflow/oceanprotocol/ocean.js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:199: update your workflow using https://app.stepsecurity.io/secureworkflow/oceanprotocol/ocean.js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:200: update your workflow using https://app.stepsecurity.io/secureworkflow/oceanprotocol/ocean.js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:205: update your workflow using https://app.stepsecurity.io/secureworkflow/oceanprotocol/ocean.js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/oceanprotocol/ocean.js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/oceanprotocol/ocean.js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/oceanprotocol/ocean.js/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/oceanprotocol/ocean.js/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/oceanprotocol/ocean.js/publish.yml/main?enable=pin
- Info: 0 out of 24 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 5 out of 5 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 25 are checked with a SAST tool
Reason
22 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
- Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
- Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
- Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
- Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
- Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-584q-6j8j-r5pm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-p5gc-c584-jj6v
- Warn: Project is vulnerable to: GHSA-whpj-8f3w-67p5
- Warn: Project is vulnerable to: GHSA-cchq-frgv-rjh5
- Warn: Project is vulnerable to: GHSA-g644-9gfx-q4q4
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
5.4
/10
Last Scanned on 2024-12-16
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More