npmpackage.info

Gathering detailed insights and metrics for @substrate/smoldot-light

Other packages similar to @substrate/smoldot-light

smoldot

2.0.36

Light client that connects to Polkadot and Substrate-based blockchains

@ideallabs/smoldot

1.1.0

Light client that connects to Polkadot and Substrate-based blockchains

@substrate/smoldot-provider

0.0.1

PolkadotJS provider for smoldot wasm light client

@polkadot-api/smoldot-patch

101.0.0

Light client that connects to Polkadot and Substrate-based blockchains

Gathering detailed insights and metrics for @substrate/smoldot-light

@substrate/smoldot-light - 0.7.9 | npmpackage.info

@substrate/smoldot-light

Alternative client for Substrate-based chains.

0.7.9

315

GPL-3.0

Rust

5.54 MB

5.1

Installations

npm install @substrate/smoldot-light

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS, ESM

Node Version

12.22.12

NPM Version

6.14.16 Pull Requests

Open

29

Total

2,680

Closed

148

Merged

2,503

Issues

Open

109

Total

436

Closed

327

Releases

Unable to fetch releases

Languages

Rust

TypeScript

JavaScript

Dockerfile

Shell

Rust (96.34%)

TypeScript (2.97%)

JavaScript (0.66%)

Dockerfile (0.01%)

Shell (0.01%)

Developer

paritytech

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

GPL-3.0 License

315 Stars

3,049 Commits

75 Forks

15 Watchers

17 Branches

34 Contributors

Updated on Jun 01, 2025

Maintainers

View All 34 Contributors

Package Meta Information

Latest Version

0.7.9

Package Id

@substrate/smoldot-light@0.7.9

Unpacked Size

5.54 MB

Size

4.04 MB

File Count

NPM Version

6.14.16

Node Version

12.22.12

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

pako ws

Dev Dependencies

@types/node @types/pako @types/ws ava dtslint rimraf typedoc typescript

Light client for Polkadot and Substrate-based chains

This JavaScript library provides a light client for the Polkadot blockchain and for chains built using the Substrate blockchain framework.

It is an "actual" light client, in the sense that it is byzantine-resilient. It does not rely on the presence of an RPC server, but directly connects to the full nodes of the network.

Example

import * as smoldot from '@substrate/smoldot-light';

// Load a string chain specification.
const chainSpec = fs.readFileSync('./westend.json', 'utf8');

// A single client can be used to initialize multiple chains.
const client = smoldot.start();

const chain = await client.addChain({ chainSpec });

chain.sendJsonRpc('{"jsonrpc":"2.0","id":1,"method":"system_name","params":[]}');

// Wait for a JSON-RPC response to come back. This is typically done in a loop in the background.
const jsonRpcResponse = await chain.nextJsonRpcResponse();
console.log(jsonRpcResponse)

// Later:
// chain.remove();

Usage

The first thing to do is to initialize the client with the start function.

Once initialized, the client can be used to connect to one or more chains. Use addChain to add a new chain that the client must be connected to. addChain must be passed the specification of the chain (commonly known as "chain spec").

The addChain function returns a Promise that yields a chain once the chain specification has been successfully parsed and basic initialization is finished, but before Internet connections are opened towards the chains.

In order to de-initialize a chain, call chain.remove(). Any function called afterwards on this chain will throw an exception. In order to de-initialize a client, call client.terminate(). Any function called afterwards on any of the chains of the client will throw an exception.

After having obtained a chain, use sendJsonRpc to send a JSON-RPC request towards the node. The function accepts as parameter a string request. See the specification of the JSON-RPC protocol, and the list of requests that smoldot is capable of serving. Smoldot also has experimental support for an extra (still experimental at the time of writing of this comment) set of JSON-RPC functions found here.

If the request is well formatted, the client will generate a response. This response can be pulled using the nextJsonRpcResponse asynchronous function. Calling this function waits until a response is available and returns it.

If the request is a subscription, the notifications will also be sent back using the same mechanism and can be pulled using nextJsonRpcResponse.

If the chain specification passed to addChain is a parachain, then the list of potential relay chains must be passed as parameter to addChain as well. In situations where the chain specifications passed to addChain are not trusted, it is important for security reasons to not establish a parachain-relay-chain link between two chains that aren't part of the same "trust sandbox".

No vulnerabilities found.

10

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

License

Determines if the project has defined a license.

10

Fuzzing

Determines if the project uses fuzzing.

Reason

project is fuzzed

Details

Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/chain-spec.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/fork-tree.rs:40
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/grandpa-justification-parse.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/header-parse.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/json-rpc-call.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/multiaddr-bytes.rs:22
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/multiaddr-text.rs:22
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/multihash.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/network-connection-encrypted.rs:36
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/network-connection-raw.rs:26
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/peer-id.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/proof-node-codec.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/protocol-block-announce-decode.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/protocol-block-announces-handshake-decode.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/protocol-blocks-request-decode.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/protocol-blocks-response-decode.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/protocol-grandpa-notification-decode.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/protocol-grandpa-warp-sync-response-decode.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/protocol-identify-response-decode.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/protocol-state-response-decode.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/protocol-storage-call-proof-response-decode.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/wasm-module-wasmi.rs:20
Info: RustCargoFuzzer integration found: bin/fuzz/fuzz_targets/wasm-module-wasmtime.rs:20

10

Security-Policy

Determines if the project has published a security policy.

9

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

0

Maintained

Determines if the project is "actively maintained".

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/audit.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/audit.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/audit.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-post-workflow.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci-post-workflow.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-post-workflow.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci-post-workflow.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-post-workflow.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci-post-workflow.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-post-workflow.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci-post-workflow.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-post-workflow.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci-post-workflow.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:175: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:176: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:181: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:182: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:195: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:196: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:204: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:206: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:215: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:216: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:147: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:155: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:156: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:161: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:165: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/paritytech/smoldot/deploy.yml/main?enable=pin
Warn: containerImage not pinned by hash: bin/full-node/Dockerfile:1
Warn: containerImage not pinned by hash: bin/full-node/Dockerfile:12: pin your Docker image by updating alpine:latest to alpine:latest@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
Warn: npmCommand not pinned by hash: .github/workflows/deploy.yml:61
Warn: npmCommand not pinned by hash: .github/workflows/deploy.yml:104
Warn: npmCommand not pinned by hash: .github/workflows/deploy.yml:142
Info: 0 out of 26 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 34 third-party GitHubAction dependencies pinned
Info: 0 out of 2 containerImage dependencies pinned
Info: 2 out of 5 npmCommand dependencies pinned

0

SAST

Determines if the project uses static code analysis.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Score

5.1

/10

Last Scanned on 2025-07-07

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More