Gathering detailed insights and metrics for pocket-js-core
Gathering detailed insights and metrics for pocket-js-core
Installations
npm install pocket-js-coreDeveloper
pokt-network
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
No
Node Version
11.6.0
NPM Version
6.5.0
Statistics
8 Stars
104 Commits
10 Forks
19 Watching
4 Branches
15 Contributors
Updated on 07 Dec 2023
Bundle Size
18.10 kB
Minified
5.79 kB
Minified + Gzipped
Languages
TypeScript (98.93%)
JavaScript (0.59%)
Shell (0.48%)
Total Downloads
Cumulative downloads
Total Downloads
4,267,197
Last day
2.7%
1,548
Compared to previous day
Last week
-4%
9,471
Compared to previous week
Last month
-9.5%
43,020
Compared to previous month
Last year
-38.4%
619,857
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
PocketJS
A complete, fast and slim SDK to interact with the Pocket Network.
Installation
You can install the packages using your favorite package manager like yarn, npm, or pnpm. See the usages below to know which package needs to be installed in your project.
1yarn add @pokt-foundation/pocketjs-provider 2yarn add @pokt-foundation/pocketjs-signer 3yarn add @pokt-foundation/pocketjs-transaction-builder 4yarn add @pokt-foundation/pocketjs-relayer 5yarn add @pokt-foundation/pocketjs-utils
Usage
Send a read-only query
This example queries the latest height, a wallet's balance, and the list of
jailed nodes in the network specified by PoktEndpoint.
PoktEndpoint is a string representing an endpoint URL to any Pocket-based
network, POKT Mainnet, Testnet or your own devnet. It may or may not contain
basic authentication credentials like "https://scott:tiger@example.pokt.network".
You can get an endpoint to POKT Mainnet from one of Pocket's Gateways. See
https://docs.pokt.network/developers/use-a-gateway for details. For example,
Grove's endpoint is like https://mainnet.rpc.grove.city/v1/<AccessKey>.
1import "dotenv/config"; 2import { JsonRpcProvider } from "@pokt-foundation/pocketjs-provider"; 3import { JailedStatus } from "@pokt-foundation/pocketjs-types"; 4 5const PoktEndpoint = process.env.POKT_ENDPOINT; 6 7async function main() { 8 const provider = new JsonRpcProvider({ 9 rpcUrl: PoktEndpoint, 10 }); 11 12 // Get the latest height 13 const height = await provider.getBlockNumber(); 14 console.log(height); 15 16 // Get the balance of a wallet in μPOKT 17 const balance = await provider.getBalance( 18 "85efd04b9bad9da612ee2f80db9b62bb413e32fb", 19 ); 20 console.log(balance); 21 22 const nodes = await provider.getNodes({ 23 blockHeight: 0, 24 page: 1, 25 perPage: 100, 26 jailedStatus: JailedStatus.Jailed, 27 }) 28 console.log(nodes.data.map(n => n.address)); 29} 30 31main() 32 .then(() => process.exit(0)) 33 .catch(error => { 34 console.error(error); 35 process.exit(1); 36 });
Output:
127561
24301704832n
[
'b30d23caf048ac466e46fcd54c397631a377b522',
'b47e9f313fa12d91975b62aedf648dd21410efe9'
]
Send POKT
This example sends 1 POKT from a wallet associated with SIGNER_PRIVATE_KEY
to the address fc1c79e7efecf89f071ebb2ba7c6f5a98dcdfc3c in POKT Testnet and
prints the transaction hash.
To send tokens, a send message must be signed by a sender account's private key.
There are two ways to import a private key into TransactionBuilder.
-
KeyManager.fromPrivateKeytakes a private key in a raw format. You can get it from "pocket accounts export-raw" command. This example demonstrates this usecase. -
KeyManager.fromPPKtakes the content of an armored keypair file and its passphrade. A keypair file can be exported by "pocket accounts export" command. You can see this usecase in the next example.
1import "dotenv/config";
2import { JsonRpcProvider } from "@pokt-foundation/pocketjs-provider";
3import { KeyManager } from "@pokt-foundation/pocketjs-signer";
4import { TransactionBuilder } from "@pokt-foundation/pocketjs-transaction-builder";
5
6async function main() {
7 const provider = new JsonRpcProvider({rpcUrl: process.env.POKT_ENDPOINT});
8
9 const txSignerKey = process.env.SIGNER_PRIVATE_KEY;
10 const txSigner = await KeyManager.fromPrivateKey(txSignerKey);
11 const transactionBuilder = new TransactionBuilder({
12 provider,
13 signer: txSigner,
14
15 // To submit a transaction to a non-Mainnet network, you need to specify
16 // the network ID in `chainID`.
17 chainID: "testnet",
18 });
19
20 // Create a message to send POKT
21 const txMsg = transactionBuilder.send({
22 fromAddress: txSigner.getAddress(),
23 toAddress: "fc1c79e7efecf89f071ebb2ba7c6f5a98dcdfc3c",
24 // Amount in μPOKT ("1000000" means 1 POKT)
25 amount: "1000000",
26 });
27 // Submit the message as a transaction
28 const txResponse = await transactionBuilder.submit({
29 txMsg,
30 memo: "Send 1 POKT via PocketJS",
31 });
32 console.log(txResponse.txHash);
33}
34
35main()
36 .then(() => process.exit(0))
37 .catch(error => {
38 console.error(error);
39 process.exit(1);
40 });Output:
2958AC49C3C00DD9F3E6FF2C7983D56E93B4164FF197F6D9DD6954A0BF4FD066
Stake a node
transactionBuilder.nodeStake creates a message to stake a new node or
edit a staked node.
This examples stakes a node with the output address and delegators in POKT Testnet.
A signer's private is imported from an armored keypair file "pocket-account-e95c3df1649d9525ae65949eb4c8466ee7ee8bef.json".
1import "dotenv/config"; 2import { JsonRpcProvider } from "@pokt-foundation/pocketjs-provider"; 3import { KeyManager } from "@pokt-foundation/pocketjs-signer"; 4import { TransactionBuilder } from "@pokt-foundation/pocketjs-transaction-builder"; 5import ArmoredJson from './pocket-account-e95c3df1649d9525ae65949eb4c8466ee7ee8bef.json' assert { type: 'json' }; 6 7async function main() { 8 const provider = new JsonRpcProvider({rpcUrl: process.env.POKT_ENDPOINT}); 9 10 const txSigner = await KeyManager.fromPPK({ 11 ppk: JSON.stringify(ArmoredJson), 12 password: "password", 13 }); 14 const transactionBuilder = new TransactionBuilder({ 15 provider, 16 signer: txSigner, 17 chainID: "testnet", 18 }); 19 20 // Create a message to stake a node with delegators 21 const txMsg = transactionBuilder.nodeStake({ 22 amount: "16000000000", 23 chains: ["0001", "0002"], 24 serviceURL: new URL("https://node1.testnet.pokt.network:443"), 25 outputAddress: "fc1c79e7efecf89f071ebb2ba7c6f5a98dcdfc3c", 26 rewardDelegators: { 27 "8147ed5182da6e7dea33f36d78db6327f9df6ba0": 10, 28 "54751ae3431c015a6e24d711c9d1ed4e5a276479": 50, 29 } 30 }); 31 const txResponse = await transactionBuilder.submit({ 32 txMsg, 33 memo: "NodeStake via PocketJS", 34 }); 35 console.log(txResponse.txHash); 36} 37 38main() 39 .then(() => process.exit(0)) 40 .catch(error => { 41 console.error(error); 42 process.exit(1); 43 });
Output:
E85F8D495722B9832B9FA36E2F41012737A8FFF2DD2428A8F9C22847907032C7
There are some variations of a node-stake message.
-
Stake from the output address
Instantiate
TransactionBuilderwith the private key of the output address and specify the node's public key innodePubKey.1const transactionBuilder = new TransactionBuilder({ 2 provider, 3 signer: txOutputSigner, // this must be the key of the output address 4 chainID: "testnet", 5}); 6const txMsg = transactionBuilder.nodeStake({ 7 nodePubKey: "f53b9120f4f18c09f883e82b5c1554eddb78cd56eb753eb2ae0dfdbc492cfaaf", 8 amount: "16000000000", 9 chains: ["0001", "0002"], 10 serviceURL: new URL("https://node1.testnet.pokt.network:443"), 11 outputAddress: "fc1c79e7efecf89f071ebb2ba7c6f5a98dcdfc3c", 12 rewardDelegators: { 13 "8147ed5182da6e7dea33f36d78db6327f9df6ba0": 10, 14 "54751ae3431c015a6e24d711c9d1ed4e5a276479": 50, 15 } 16}); -
Stake without delegators or remove delegators from a staked node
Simply skip
rewardDelegatorsto create a message. If you submit this transaction to an existing node with delegators, this removes the existing delegators from the node.1const txMsg = transactionBuilder.nodeStake({ 2 amount: "16000000000", 3 chains: ["0001", "0002"], 4 serviceURL: new URL("https://node1.testnet.pokt.network:443"), 5 outputAddress: "fc1c79e7efecf89f071ebb2ba7c6f5a98dcdfc3c", 6});
Stake an app
This examples stakes an app with 1000 POKT in POKT Testnet.
1import "dotenv/config";
2import { JsonRpcProvider } from "@pokt-foundation/pocketjs-provider";
3import { KeyManager } from "@pokt-foundation/pocketjs-signer";
4import { TransactionBuilder } from "@pokt-foundation/pocketjs-transaction-builder";
5
6async function main() {
7 const provider = new JsonRpcProvider({rpcUrl: process.env.POKT_ENDPOINT});
8
9 const txSignerKey = process.env.SIGNER_PRIVATE_KEY;
10 const txSigner = await KeyManager.fromPrivateKey(txSignerKey);
11 const transactionBuilder = new TransactionBuilder({
12 provider,
13 signer: txSigner,
14
15 // To submit a transaction to a non-Mainnet network, you need to specify
16 // the network ID in `chainID`.
17 chainID: "testnet",
18 });
19
20 // Create a message to stake an app
21 const txMsg = transactionBuilder.appStake({
22 appPubKey: "f53b9120f4f18c09f883e82b5c1554eddb78cd56eb753eb2ae0dfdbc492cfaaf",
23 chains: ["0001", "0002"],
24 // Amount in μPOKT ("1000000000" means 1000 POKT)
25 amount: "1000000000",
26 });
27 const txResponse = await transactionBuilder.submit({
28 txMsg,
29 memo: "AppStake via PocketJS",
30 });
31 console.log(txResponse.txHash);
32}
33
34main()
35 .then(() => process.exit(0))
36 .catch(error => {
37 console.error(error);
38 process.exit(1);
39 });Output:
137BF72DAB2EA4DE9D27B25FFBCDC13C072687F6938F9530116FE96C91DC8F51
Transfer an app
You can directly transfer the slot of a staked app to a new empty address without unstaking the app.
This examples transfers the slot of a staked app from the address associated
with process.env.SIGNER_PRIVATE_KEY to fc1c79e7efecf89f071ebb2ba7c6f5a98dcdfc3c
that is the address of the public key
0c872497365fad64c3909c934983853865b79e50fe7b8b8003a47baf99d5a64d.
1import "dotenv/config";
2import { JsonRpcProvider } from "@pokt-foundation/pocketjs-provider";
3import { KeyManager } from "@pokt-foundation/pocketjs-signer";
4import { TransactionBuilder } from "@pokt-foundation/pocketjs-transaction-builder";
5
6async function main() {
7 const provider = new JsonRpcProvider({rpcUrl: process.env.POKT_ENDPOINT});
8
9 const txSignerKey = process.env.SIGNER_PRIVATE_KEY;
10 const txSigner = await KeyManager.fromPrivateKey(txSignerKey);
11 const transactionBuilder = new TransactionBuilder({
12 provider,
13 signer: txSigner,
14
15 // To submit a transaction to a non-Mainnet network, you need to specify
16 // the network ID in `chainID`.
17 chainID: "testnet",
18 });
19
20 // Create a message to transfer the app slot
21 const txMsg = transactionBuilder.appTransfer({
22 appPubKey: "0c872497365fad64c3909c934983853865b79e50fe7b8b8003a47baf99d5a64d",
23 });
24 const txResponse = await transactionBuilder.submit({
25 txMsg,
26 memo: "AppTransfer via PocketJS",
27 });
28 console.log(txResponse.txHash);
29}
30
31main()
32 .then(() => process.exit(0))
33 .catch(error => {
34 console.error(error);
35 process.exit(1);
36 });Output:
AAF82443ADF0D5B0F43DE8E3537BF140B8F4122949F342D4831A57790AE0215D
Send a jsonrpc to a relay chain
This example submits the call of eth_chainId to the chain 005A in the
network specified by process.env.POKT_ENDPOINT.
1import "dotenv/config"; 2import { JsonRpcProvider } from "@pokt-foundation/pocketjs-provider"; 3import { KeyManager } from "@pokt-foundation/pocketjs-signer"; 4import { Relayer } from "@pokt-foundation/pocketjs-relayer"; 5 6const AppPrivateKey = process.env.APP_PRIVATE_KEY; 7 8async function main() { 9 // Client signer adds a signature to every relay request. This example 10 // generates a new key every time for demonstration purpose. 11 const clientSigner = await KeyManager.createRandom(); 12 13 // AAT (= Application Authentication Token) must be attached to every relay 14 // request. Otherwise it's rejected by the network. To generate an AAT, 15 // you need to have the private key of a staked application. 16 // This example generates an AAT every request for demonstration purpose. 17 // Usually a relayer pre-creates an AAT with Client public key, which is 18 // also pre-created, and uses the AAT and the Client private key in the 19 // relayer. 20 const appSigner = await KeyManager.fromPrivateKey(AppPrivateKey); 21 const aat = await Relayer.GenerateAAT( 22 appSigner, 23 clientSigner.publicKey, 24 ); 25 26 // To use `Relayer`, you need to specify `dispatchers`. 27 const provider = new JsonRpcProvider({ 28 dispatchers: [process.env.POKT_ENDPOINT], 29 }); 30 const relayer = new Relayer({ 31 keyManager: clientSigner, 32 provider, 33 }); 34 35 const chain = '005A'; 36 const payload = {"id":1,"jsonrpc":"2.0","method":"eth_chainId"}; 37 38 const sessionResp = await provider.dispatch({ 39 sessionHeader: { 40 sessionBlockHeight: 0, 41 chain, 42 applicationPubKey: appSigner.publicKey, 43 }, 44 }); 45 46 const relayResp = await relayer.relay({ 47 blockchain: chain, 48 data: JSON.stringify(payload), 49 pocketAAT: aat, 50 session: sessionResp.session, 51 options: { 52 retryAttempts: 5, 53 rejectSelfSignedCertificates: false, 54 timeout: 8000, 55 }, 56 }); 57 58 console.log(relayResp.response); 59} 60 61main() 62 .then(() => process.exit(0)) 63 .catch(error => { 64 console.error(error); 65 process.exit(1); 66 });
Output:
{"jsonrpc":"2.0","id":1,"result":"0xc0d31"}
Contributing
Setting up
Clone the repo from Github, and just run pnpm i at the root folder. This will install all of the individual packages in the necessary order. If you'd like to build all packages manually, you'll need follow the order in which they're referenced:
- Install
packages/utils - Install
packages/types - Install
packages/abstract-provider - Install
packages/provider - Install
packages/signer - Install
packages/relayer - Install
packages/transaction-builder
The best way to develop locally is to link the local packages from your clone to the project you're working on; this will let you either run the dev server or build the packages to see the changes in real time.
We use Turborepo to manage build caches and our general build/test pipeline. This means that only the packages that have changed will get built again, saving you time. At the root package.json we've also defined a collection of scripts you can use to run individual packages on their dev server.
Running tests
For running tests, either run pnpm jest on the corresponding repo or run pnpm turbo run test on the root folder to run all tests.
👋 Get started contributing with a good first issue.
Don't be shy to contribute even the smallest tweak. 🐲 There are still some dragons to be aware of, but we'll be here to help you get started!
Issues
If you ever come across an issue with PocketJS, do a search in the issues tab of this repo and make sure it hasn't been reported before. Follow these steps to help us prevent unnecessary notifications to the many people following this repo.
- If the issue you found has been reported and is still open, and the details match your issue, give a "thumbs up" to the relevant posts in the issue thread to signal that you have the same issue. No further action is required on your part.
- If the issue you found has been reported and is still open, but the issue is missing some details, you can add a comment to the issue thread describing the additional details.
- If the issue you found has been reported but has been closed, you can comment on the closed issue thread and ask to have the issue reopened because you are still experiencing the issue. Alternatively, you can open a new issue, reference the closed issue by number or link, and state that you are still experiencing the issue. Provide any additional details in your post so we can better understand the issue and how to fix it.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 19/29 approved changesets -- score normalized to 6
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/cs.yml:1
- Warn: no topLevel permission defined: .github/workflows/greetings.yml:1
- Warn: no topLevel permission defined: .github/workflows/node.js.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish.yml:1
- Warn: no topLevel permission defined: .github/workflows/stale.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cs.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/pokt-network/pocket-js/cs.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/cs.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/pokt-network/pocket-js/cs.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/cs.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/pokt-network/pocket-js/cs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/greetings.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/pokt-network/pocket-js/greetings.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/pokt-network/pocket-js/node.js.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/node.js.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/pokt-network/pocket-js/node.js.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/pokt-network/pocket-js/node.js.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/pokt-network/pocket-js/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/pokt-network/pocket-js/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/pokt-network/pocket-js/stale.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/publish.yml:18
- Info: 0 out of 7 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 3 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 28 are checked with a SAST tool
Reason
32 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-phwq-j96m-2c2q
- Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
- Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
- Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
- Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
- Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
- Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
- Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-9qxr-qj54-h672
- Warn: Project is vulnerable to: GHSA-m4v8-wqvr-p9f7
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
3.4
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More