npmpackage.info

Gathering detailed insights and metrics for @trufflesuite/web3-provider-engine

@trufflesuite/web3-provider-engine - 15.0.14 | npmpackage.info

@trufflesuite/web3-provider-engine

A JavaScript library for composing Ethereum provider objects using middleware modules.

15.0.14

MIT

JavaScript

Installations

npm install @trufflesuite/web3-provider-engine

Developer Guide

BETA

Typescript

No

Module System

CommonJS, UMD

Node Version

12.22.0

NPM Version

6.14.14 Pull Requests

Open

1

Total

10

Closed

2

Merged

7

Issues

Open

0

Total

0

Closed

0

Releases

Unable to fetch releases

Languages

JavaScript

JavaScript (100%)

Developer

trufflesuite

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

MIT License

5 Stars

833 Commits

12 Forks

3 Watchers

42 Branches

6 Contributors

Updated on Mar 11, 2024

Maintainers

View All 6 Contributors

Package Meta Information

Latest Version

15.0.14

Package Id

@trufflesuite/web3-provider-engine@15.0.14

Size

869.70 kB

NPM Version

6.14.14

Node Version

12.22.0

Published on

Nov 02, 2021

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Web3 ProviderEngine

Web3 ProviderEngine is a tool for composing your own web3 providers.

Originally created for MetaMask, but has been superceded by json-rpc-engine in combination with our eth-json-rpc-middleware. This module is not very actively maintained, so we recommend using that one instead.

Composable

Built to be modular - works via a stack of 'sub-providers' which are like normal web3 providers but only handle a subset of rpc methods.

The subproviders can emit new rpc requests in order to handle their own; e.g. eth_call may trigger eth_getAccountBalance, eth_getCode, and others. The provider engine also handles caching of rpc request results.

1const ProviderEngine = require('web3-provider-engine')
2const CacheSubprovider = require('web3-provider-engine/subproviders/cache.js')
3const FixtureSubprovider = require('web3-provider-engine/subproviders/fixture.js')
4const FilterSubprovider = require('web3-provider-engine/subproviders/filters.js')
5const VmSubprovider = require('web3-provider-engine/subproviders/vm.js')
6const HookedWalletSubprovider = require('web3-provider-engine/subproviders/hooked-wallet.js')
7const NonceSubprovider = require('web3-provider-engine/subproviders/nonce-tracker.js')
8const RpcSubprovider = require('web3-provider-engine/subproviders/rpc.js')
9
10var engine = new ProviderEngine()
11var web3 = new Web3(engine)
12
13// static results
14engine.addProvider(new FixtureSubprovider({
15  web3_clientVersion: 'ProviderEngine/v0.0.0/javascript',
16  net_listening: true,
17  eth_hashrate: '0x00',
18  eth_mining: false,
19  eth_syncing: true,
20}))
21
22// cache layer
23engine.addProvider(new CacheSubprovider())
24
25// filters
26engine.addProvider(new FilterSubprovider())
27
28// pending nonce
29engine.addProvider(new NonceSubprovider())
30
31// vm
32engine.addProvider(new VmSubprovider())
33
34// id mgmt
35engine.addProvider(new HookedWalletSubprovider({
36  getAccounts: function(cb){ ... },
37  approveTransaction: function(cb){ ... },
38  signTransaction: function(cb){ ... },
39}))
40
41// data source
42engine.addProvider(new RpcSubprovider({
43  rpcUrl: 'https://testrpc.metamask.io/',
44}))
45
46// log new blocks
47engine.on('block', function(block){
48  console.log('================================')
49  console.log('BLOCK CHANGED:', '#'+block.number.toString('hex'), '0x'+block.hash.toString('hex'))
50  console.log('================================')
51})
52
53// network connectivity error
54engine.on('error', function(err){
55  // report connectivity errors
56  console.error(err.stack)
57})
58
59// start polling for blocks
60engine.start()

When importing in webpack:

1import * as Web3ProviderEngine  from 'web3-provider-engine';
2import * as RpcSource  from 'web3-provider-engine/subproviders/rpc';
3import * as HookedWalletSubprovider from 'web3-provider-engine/subproviders/hooked-wallet';

Built For Zero-Clients

The Ethereum JSON RPC was not designed to have one node service many clients. However a smaller, lighter subset of the JSON RPC can be used to provide the blockchain data that an Ethereum 'zero-client' node would need to function. We handle as many types of requests locally as possible, and just let data lookups fallback to some data source ( hosted rpc, blockchain api, etc ). Categorically, we don’t want / can’t have the following types of RPC calls go to the network:

id mgmt + tx signing (requires private data)
filters (requires a stateful data api)
vm (expensive, hard to scale)

Change Log

15.0.0

uses eth-block-tracker@4, but still provides block body on ('block', 'latest', and 'rawBlock'). Other events ('sync') provide block number hex string instead of block body.
SubscriptionsSubprovider automatically forwards events to provider
replacing subprovider implementations with those in eth-json-rpc-engine
browserify: moved to babelify@10 + @babel/core@7

14.0.0

default dataProvider for zero is Infura mainnet REST api
websocket support
subscriptions support
remove solc subprovider
removed dist from git (but published in npm module)
es5 builds in dist/es5
zero + ProviderEngine bundles are es5
web3 subprovider renamed to provider subprovider
error if provider subprovider is missing a proper provider
removed need to supply getAccounts hook
fixed hooked-wallet-ethtx message signing
fixed hooked-wallet default txParams

13.0.0

txs included in blocks via eth-block-tracker@2.0.0

12.0.0

moved block polling to eth-block-tracker.

11.0.0

zero.js - replaced http subprovider with fetch provider (includes polyfill for node).

10.0.0

renamed HookedWalletSubprovider personalRecoverSigner to recoverPersonalSignature

9.0.0

pollingShouldUnref option now defaults to false

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

2

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Maintained

Determines if the project is "actively maintained".

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

Security-Policy

Determines if the project has published a security policy.

0

SAST

Determines if the project uses static code analysis.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

74 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
Warn: Project is vulnerable to: GHSA-xq7p-g2vc-g82p
Warn: Project is vulnerable to: GHSA-pp7h-53gx-mx7r
Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw
Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5
Warn: Project is vulnerable to: GHSA-wg6g-ppvx-927h
Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
Warn: Project is vulnerable to: GHSA-h452-7996-h45h
Warn: Project is vulnerable to: GHSA-897m-rjf5-jp39
Warn: Project is vulnerable to: GHSA-7gc6-qh9x-w6h8
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
Warn: Project is vulnerable to: GHSA-vh7m-p724-62c2
Warn: Project is vulnerable to: GHSA-r9p9-mrjm-926w
Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh
Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6
Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37
Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
Warn: Project is vulnerable to: GHSA-w7rc-rwvf-8q5r
Warn: Project is vulnerable to: GHSA-px4h-xg32-q955
Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6
Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59
Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
Warn: Project is vulnerable to: GHSA-584q-6j8j-r5pm
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7
Warn: Project is vulnerable to: GHSA-wpg7-2c88-r8xv
Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9
Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw
Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc
Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh
Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p
Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Warn: Project is vulnerable to: GHSA-cf4h-3jhx-xvhq
Warn: Project is vulnerable to: GHSA-27v7-qhfv-rqq8
Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Warn: Project is vulnerable to: GHSA-6fc8-4gx4-v693
Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp

Score

2

/10

Last Scanned on 2025-06-30

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

@trufflesuite/web3-provider-engine

Installations

Developer Guide

No

CommonJS, UMD

12.22.0

6.14.14

Pull Requests

1

10

2

7

Issues

0

0

0

Releases

Unable to fetch releases

Languages

Developer

trufflesuite

Download Statistics

GitHub Statistics

Maintainers

Package Meta Information

Total Downloads

NaN

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Dev Dependencies

Web3 ProviderEngine

Composable

Built For Zero-Clients

Change Log

15.0.0

14.0.0

13.0.0

12.0.0

11.0.0

10.0.0

9.0.0

10

10

2

0

0

0

0

0

0

0

2

/10