Gathering detailed insights and metrics for @substrate/txwrapper-registry
Gathering detailed insights and metrics for @substrate/txwrapper-registry
Gathering detailed insights and metrics for @substrate/txwrapper-registry
Gathering detailed insights and metrics for @substrate/txwrapper-registry
npm install @substrate/txwrapper-registry
Module System
Min. Node Version
Typescript Support
Node Version
NPM Version
77 Stars
414 Commits
28 Forks
13 Watching
10 Branches
42 Contributors
Updated on 26 Nov 2024
TypeScript (99.95%)
JavaScript (0.05%)
Cumulative downloads
Total Downloads
Last day
-70%
846
Compared to previous day
Last week
-52.9%
6,529
Compared to previous week
Last month
14.5%
54,161
Compared to previous month
Last year
221.4%
267,935
Compared to previous year
2
The polkadot.js based txwrapper suite of packages provides chain builders with the tools to quickly create, test, and maintain a library of helper functions for offline transaction generation with their chain. End users can then use these chain specific packages to create an offline transaction workflow. (We sometimes refer to chain specific libs as txwrappers.)
For example, those looking to construct a transaction offline on Polkadot would require @substrate/txwrapper-polkadot. @substrate/txwrapper-polkadot is built by requiring @substrate/txwrapper-core, @substrate/txwrapper-registry, @substrate/txwrapper-substrate and re-exporting utilities and dispatchables relevant to Polkadot.
Click here to find our guide for chain builders.. The guide explains how to make a chain specific txwrapper.
Install dependencies:
1yarn install
Build all packages:
1yarn run build
We welcome contributions!
All the commits in this repo follow the Conventional Commits spec. When merging a PR, make sure 1) to use squash merge and 2) that the title of the PR follows the Conventional Commits spec.
Run all tests:
1yarn run test
Run the linter:
1yarn run lint 2 3# or to automatically fix warnings: 4 5yarn run lint --fix
Txwrapper-core runs on yarn berry. It is a package manager local to the repo, and requires updating from time to time. The releases for yarn berry can be found here. Below are the steps to updating yarn.
1$ yarn set version <version> 2$ yarn 3$ yarn dedupe
Ensure that your version of npm
is 7 or above. Check with npm --version
and, if needed, upgrade with npm install -g npm
(which may need to be prefixed with sudo
depending on the permissions set on your global node_modules
folder). If this is not true, an empty binary will be pushed on publish.
Checkout a branch name-update-deps
.
In order to update all the polkadot-js dependencies and resolutions, run yarn up '@polkadot/*'
.
Ensure there are no issues by running the following commands. If any type errors occur due to the updated dependencies, please file an issue here.
1yarn run build 2yarn dedupe 3yarn run test 4yarn run lint
If all tests pass and all packages build successfully, commit your changes with the following format fix(types): Update polkadot-js deps to get the latest types
. Then push your branch up to Github for review, then merge. The release tooling takes care of bumping the version so no need for a manual update (see below).
This libraries release process uses Lerna, and the following below is required to have a successful release.
N.B. Ensure you have GH_TOKEN
env variable set to a GitHub personal access token (PAT) so lerna can publish the release on github.
The publisher will need publishing permissions to the substrate npm org.
Make sure you're logged in to npm
using npm login
.
Make sure to be in the main
branch, and git pull origin main
.
Before deploying a new release run the following sanity checks.
1yarn run build 2yarn run test
Deploy the new release. It is important to note there will be a step that asks you to confirm whether or not the version bump is correct. Please confirm with the maintainers the suggested versions are correct.
1yarn run deploy
NOTES:
This repo requires signed and verified commits, so when using a yubikey there are several points where you are required to sign a commit while Lerna sets up the github release. The output from Lerna won't warn you that you have to sign it, so the deploy
step will error if you forget. I'd advise keeping an eye on your Yubikey; it'll start flashing when it's needed to sign something.
If you don't sign a commit in time and get an error, you may need to "undo" some steps:
git reset --hard HEAD~1
to undo it.git tag -d <new-version>
to remove it.lerna-debug.log
was created, rm -rf lerna-debug.log
to remove it.If you forget to login to NPM, the GitHub steps will all complete successfully, but the publishing step will fail. In that case, you can do the following:
yarn run build
to ensure that all packages are built and ready to be published (This is important; yarn run deploy
does this for us, but if we skip to publishing, we must ensure that the packages are in a good state ourselves).npx lerna publish from-package
to publish the packages.If you don't have the permissions you need on the GitHub repository, you may find that you're able to push a tag but not the actual commit. In this case, you can delete the version tag on GitHub with git push origin :<new-version>
.
No vulnerabilities found.
Reason
19 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
Reason
security policy file detected
Details
Reason
Found 21/23 approved changesets -- score normalized to 9
Reason
2 existing vulnerabilities detected
Details
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
Reason
project is not fuzzed
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Score
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More