npmpackage.info

Gathering detailed insights and metrics for @substrate/smoldot-light

Other packages similar to @substrate/smoldot-light

@substrate/light-client-extension-helpers

2.6.0

smoldot

2.0.34

Light client that connects to Polkadot and Substrate-based blockchains

@substrate/connect

2.1.0

Substrate-connect to Smoldot clients. Using either substrate extension with predefined clients or an internal smoldot client based on chainSpecs provided.

@substrate/smoldot-discovery

2.0.1

Gathering detailed insights and metrics for @substrate/smoldot-light

@substrate/smoldot-light

Alternative client for Substrate-based chains.

0.7.9

308

GPL-3.0

Rust

3,894,826 5.1

Installations

npm install @substrate/smoldot-light

Pull Requests

Open

29

Total

2,680

Closed

148

Merged

2,503

Issues

Open

102

Total

429

Closed

327

Releases

Unable to fetch releases

Developer

paritytech

Developer Guide

BETA

Module System

CommonJS, ESM

Min. Node Version

Typescript Support

Yes

Node Version

12.22.12

NPM Version

6.14.16 Statistics

308 Stars

3,049 Commits

74 Forks

16 Watching

17 Branches

35 Contributors

Updated on 23 Nov 2024

Languages

Rust (96.34%)

TypeScript (2.97%)

JavaScript (0.66%)

Dockerfile (0.01%)

Shell (0.01%)

Total Downloads

Cumulative downloads

Total Downloads

3,894,826

Last day

47.7%

3,057

Compared to previous day

Last week

55.7%

15,862

Compared to previous week

Last month

12.9%

46,589

Compared to previous month

Last year

-57.8%

819,962

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

ws pako

Dev Dependencies

ava rimraf dtslint typedoc @types/ws typescript @types/node @types/pako

Versions

DEPRECATED

This repository is deprecated in favor of: https://github.com/smol-dot/smoldot

Lightweight Substrate and Polkadot client.

Introduction

smoldot is an alternative client of Substrate-based chains, including Polkadot.

There exists two clients: the full client and the wasm light node. The full client is currently a work in progress and doesn't support many features that the official client supports.

The main development focus is currently around the wasm light node. Using https://github.com/polkadot-js/api/ and https://github.com/paritytech/substrate-connect/ (which uses smoldot as an implementation detail), one can easily connect to a chain and interact in a fully trust-less way with it, from JavaScript.

The Wasm light node is published:

On NPM: https://www.npmjs.com/package/@substrate/smoldot-light
On Deno.land/x: https://deno.land/x/smoldot (URL to import: https://deno.land/x/smoldot/index-deno.js)

Objectives

There exists multiple objectives behind this repository:

Write a client implementation that is as comprehensive as possible, to make it easier to understand the various components of a Substrate/Polkadot client. A large emphasis is put on documentation.
Implement a client that is lighter than Substrate, in terms of memory consumption, number of threads, and code size, in order to compile it to WebAssembly and distribute it in web pages.
Experiment with a new code architecture, to maybe upstream some components to Substrate and Polkadot.

Trade-offs

In order to simplify the code, two main design decisions have been made compared to Substrate:

No native runtime. The execution time of the wasmtime library is satisfying enough that having a native runtime isn't critical anymore.
No pluggable architecture. smoldot supports a certain hard coded list of consensus algorithms, at the moment Babe, Aura, and GrandPa. Support for other algorithms can only be added by modifying the code of smoldot, and it is not possible to plug a custom algorithm from outside.

Building manually

Wasm light node

In order to run the wasm light node, you must have installed rustup.

The wasm light node can be tested with cd bin/wasm-node/javascript and npm install; npm start. This will compile the smoldot wasm light node and start a WebSocket server capable of answering JSON-RPC requests. This demo will print a list of URLs that you can navigate to in order to connect to a certain chain. For example you can navigate to https://polkadot.js.org/apps/?rpc=ws%3A%2F%2F127.0.0.1%3A9944%2Fwestend in order to interact with the Westend chain.

Note: The npm start command starts a small JavaScript shim, on top of the wasm light node, that hard codes the chain to Westend and starts the WebSocket server. The wasm light node itself can connect to a variety of different chains (not only Westend) and doesn't start any server.

Full client

The full client is a binary similar to the official Polkadot client, and can be tested with cargo run.

Note: The Cargo.toml contains a section [profile.dev] opt-level = 2, and as such cargo run alone should give performances close to the ones in release mode.

The following list is a best-effort list of packages that must be available on the system in order to compile the full node:

clang or gcc
pkg-config
sqlite

No vulnerabilities found.

10

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

License

Determines if the project has defined a license.

10

Fuzzing

Determines if the project uses fuzzing.

Reason

project is fuzzed

Details

Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/chain-spec.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/fork-tree.rs:40
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/grandpa-justification-parse.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/header-parse.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/json-rpc-call.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/multiaddr-bytes.rs:22
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/multiaddr-text.rs:22
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/multihash.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/network-connection-encrypted.rs:36
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/network-connection-raw.rs:26
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/peer-id.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/proof-node-codec.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/protocol-block-announce-decode.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/protocol-block-announces-handshake-decode.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/protocol-blocks-request-decode.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/protocol-blocks-response-decode.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/protocol-grandpa-notification-decode.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/protocol-grandpa-warp-sync-response-decode.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/protocol-identify-response-decode.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/protocol-state-response-decode.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/protocol-storage-call-proof-response-decode.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/wasm-module-wasmi.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/wasm-module-wasmtime.rs:20

10

Security-Policy

Determines if the project has published a security policy.

9

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

0

Maintained

Determines if the project is "actively maintained".

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/audit.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/audit.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/audit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-post-workflow.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci-post-workflow.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-post-workflow.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci-post-workflow.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-post-workflow.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci-post-workflow.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-post-workflow.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci-post-workflow.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-post-workflow.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci-post-workflow.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:147: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:175: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:176: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:181: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:182: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:155: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:156: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:161: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:165: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:195: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:196: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:204: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:206: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:215: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:216: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: containerImage not pinned by hash: bin/full-node/Dockerfile:1
Warn: containerImage not pinned by hash: bin/full-node/Dockerfile:12: pin your Docker image by updating alpine:latest to alpine:latest@sha256:1e42bbe2508154c9126d48c2b8a75420c3544343bf86fd041fb7527e017a4b4a
Warn: npmCommand not pinned by hash: .github/workflows/deploy.yml:61
Warn: npmCommand not pinned by hash: .github/workflows/deploy.yml:104
Warn: npmCommand not pinned by hash: .github/workflows/deploy.yml:142
Info: 0 out of 26 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 34 third-party GitHubAction dependencies pinned
Info: 0 out of 2 containerImage dependencies pinned
Info: 2 out of 5 npmCommand dependencies pinned

0

SAST

Determines if the project uses static code analysis.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Score

5.1

/10

Last Scanned on 2024-11-18

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More