stelar-sdk

v12.3.0

A library for working with the Stellar network, including communication with the Horizon and Soroban RPC servers. For more information about how to use this package see README

Latest version published 19 days ago

License: Apache-2.0

NPM

GitHub

This is a malicious package

stelar-sdk is a malicious package. This package contains a malicious code and uses "typosquatting" to bait unaware users to install it. Avoid using all malicious instances of the package.

Security

Security issues found

All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security and license risk for significant versions

All Versions

Version				Vulnerabilities	License Risk
12.3.0	\|	11/2024	Popular	1 C 0 H 0 M 0 L	0 H 0 M 0 L

License

Apache-2.0

Security Policy

Is your project affected by vulnerabilities?

Scan your projects for vulnerabilities. Fix quickly with automated fixes. Get started with Snyk for free.

Get started free

Popularity

Limited

Weekly Downloads (1)

GitHub Stars: 644
Forks: 314
Contributors: 80

Direct Usage Popularity

The npm package stelar-sdk receives a total of 1 downloads a week. As such, we scored stelar-sdk popularity level to be Limited.

Based on project statistics from the GitHub repository for the npm package stelar-sdk, we found that it has been starred 644 times.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Community

Active

Readme.md: Yes
Contributing.md: Yes
Code of Conduct: Yes
Contributors: 80
Funding: No

With more than 10 contributors for the stelar-sdk repository, this is possibly a sign for a growing and inviting community.

Embed Package Health Score Badge

Maintenance

Healthy

Commit Frequency

Open Issues: 78
Open PR: 13
Last Release: 19 days ago
Last Commit: 5 days ago

Further analysis of the maintenance status of stelar-sdk based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Healthy.

We found that stelar-sdk demonstrates a positive version release cadence with at least one new version released in the past 3 months.

As a healthy sign for on-going project maintenance, we found that the GitHub repository had at least 1 pull request or issue interacted with by the community.

Keep your project healthy

Check your package.json

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Node.js Compatibility: not defined

Age: 19 days
Dependencies: 8 Direct
Versions: 2
Install Size: 3.83 MB
Dist-tags: 1
# of Files: 128
Maintainers: 1
TS Typings: No

stelar-sdk has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.

Readme

Creating equitable access to the global financial system

js-stellar-sdk

js-stellar-sdk is a JavaScript library for communicating with a Stellar Horizon server and Soroban RPC. It is used for building Stellar apps either on Node.js or in the browser, though it can be used in other environments with some tinkering.

It provides:

a networking layer API for Horizon endpoints (REST-based),
a networking layer for Soroban RPC (JSONRPC-based).
facilities for building and signing transactions, for communicating with a Stellar Horizon instance, and for submitting transactions or querying network history.

Jump to:

Installation: details on hitting the ground running
Usage: links to documentation and a variety of workarounds for non-traditional JavaScript environments
Developing: contribute to the project!
Understanding stellar-sdk vs. stellar-base
License

Installation

Using npm or yarn to include stellar-sdk in your own project:

npm install --save @stellar/stellar-sdk
# or
yarn add @stellar/stellar-sdk

Then, require or import it in your JavaScript code:

var StellarSdk = require('@stellar/stellar-sdk');
// or
import * as StellarSdk from '@stellar/stellar-sdk';

(Preferably, you would only import the pieces you need to enable tree-shaking and lower your final bundle sizes.)

Browsers

You can use a CDN:

Note that this method relies using a third party to host the JS library. This may not be entirely secure. You can self-host it via Bower:

bower install @stellar/stellar-sdk

and include it in the browser:

If you don't want to use or install Bower, you can copy the packaged JS files from the Bower repo, or just build the package yourself locally (see Developing ➡️ Building) and copy the bundle.

Always make sure that you are using the latest version number. They can be found on the releases page in GitHub.

Usage

The usage documentation for this library lives in a handful of places:

across the Stellar Developer Docs, which includes tutorials and examples,
within this repository itself, and
on the generated API doc site.

You can also refer to:

the documentation for the Horizon REST API (if using the Horizon module) and
the documentation for Soroban RPC's API (if using the rpc module)

Usage with React-Native

Install yarn add --dev rn-nodeify
Add the following postinstall script:

yarn rn-nodeify --install url,events,https,http,util,stream,crypto,vm,buffer --hack --yarn

Uncomment require('crypto') on shim.js
react-native link react-native-randombytes
Create file rn-cli.config.js

module.exports = {
  resolver: {
    extraNodeModules: require("node-libs-react-native"),
  },
};

Add import "./shim"; to the top of index.js
yarn add @stellar/stellar-sdk

There is also a sample that you can follow.

Note: Only the V8 compiler (on Android) and JSC (on iOS) have proper support for Buffer and Uint8Array as is needed by this library. Otherwise, you may see bizarre errors when doing XDR encoding/decoding such as source not specified.

Usage with Expo managed workflows

Install yarn add --dev rn-nodeify
Add the following postinstall script:

yarn rn-nodeify --install process,url,events,https,http,util,stream,crypto,vm,buffer --hack --yarn

Add import "./shim"; to the your app's entry point (by default ./App.js)
yarn add @stellar/stellar-sdk
expo install expo-random

At this point, the Stellar SDK will work, except that StellarSdk.Keypair.random() will throw an error. To work around this, you can create your own method to generate a random keypair like this:

import * as Random from 'expo-random';
import { Keypair } from '@stellar/stellar-sdk';

const generateRandomKeypair = () =&gt; {
  const randomBytes = Random.getRandomBytes(32);
  return Keypair.fromRawEd25519Seed(Buffer.from(randomBytes));
};

Usage with CloudFlare Workers

Both eventsource (needed for streaming) and axios (needed for making HTTP requests) are problematic dependencies in the CFW environment. The experimental branch make-eventsource-optional is an attempt to resolve these issues.

It requires the following additional tweaks to your project:

the axios-fetch-adapter lets you use axios with fetch as a backend, which is available to CF workers
it only works with axios@"<= 1.0.0" versions, so we need to force an override into the underlying dependency
and this can be problematic with newer yarn versions, so we need to force the environment to use Yarn 1

In summary, the package.json tweaks look something like this:

"dependencies": {
  // ...
  "@stellar/stellar-sdk": "git+https://github.com/stellar/js-stellar-sdk#make-eventsource-optional",
  "@vespaiach/axios-fetch-adapter": "^0.3.1",
  "axios": "^0.26.1"
},
"overrides": {
  "@stellar/stellar-sdk": {
    "axios": "$axios"
  }
},
"packageManager": "yarn@1.22.19"

Then, you need to override the adapter in your codebase:

import { Horizon } from '@stellar/stellar-sdk';
import fetchAdapter from '@vespaiach/axios-fetch-adapter';

Horizon.AxiosClient.defaults.adapter = fetchAdapter as any;

// then, the rest of your code...

All HTTP calls will use fetch, now, meaning it should work in the CloudFlare Worker environment.

Developing

So you want to contribute to the library: welcome! Whether you're working on a fork or want to make an upstream request, the dev-test loop is pretty straightforward.

Clone the repo:

git clone https://github.com/stellar/js-stellar-sdk.git

Install dependencies inside js-stellar-sdk folder:

cd js-stellar-sdk
yarn

Install Node 18

Because we support the oldest maintenance version of Node, please install and develop on Node 18 so you don't get surprised when your code works locally but breaks in CI.

Here's how to install nvm if you haven't: https://github.com/creationix/nvm

nvm install 18

# if you've never installed 18 before you'll want to re-install yarn
npm install -g yarn

If you work on several projects that use different Node versions, you might it helpful to install this automatic version manager: https://github.com/wbyoung/avn

Observe the project's code style

While you're making changes, make sure to run the linter to catch any linting errors (in addition to making sure your text editor supports ESLint) and conform to the project's code style.

yarn fmt

Building

You can build the developer version (unoptimized, commented, with source maps, etc.) or the production bundles:

yarn build
# or
yarn build:prod

Testing

To run all tests:

yarn test

To run a specific set of tests:

yarn test:node
yarn test:browser
yarn test:integration

In order to have a faster test loop, these suite-specific commands do not build the bundles first (unlike yarn test). If you make code changes, you will need to run yarn build (or a subset like yarn build:node corresponding to the test suite) before running the tests again to see your changes.

To generate and check the documentation site:

# install the `serve` command if you don't have it already
npm i -g serve

# clone the base library for complete docs
git clone https://github.com/stellar/js-stellar-base

# generate the docs files
yarn docs

# get these files working in a browser
cd jsdoc &amp;&amp; serve .

# you'll be able to browse the docs at https://localhost:5000

Publishing

For information on how to contribute or publish new versions of this software to npm, please refer to our contribution guide.

Miscellaneous

`stellar-sdk` vs `stellar-base`

stellar-sdk is a high-level library that serves as client-side API for Horizon and Soroban RPC, while `stellar-base is lower-level library for creating Stellar primitive constructs via XDR helpers and wrappers.

Most people will want stellar-sdk instead of stellar-base. You should only use stellar-base if you know what you're doing!

If you add stellar-sdk to a project, do not add stellar-base! Mismatching versions could cause weird, hard-to-find bugs. stellar-sdk automatically installs stellar-base and exposes all of its exports in case you need them.

> Important! The Node.js version of the stellar-base (stellar-sdk dependency) package uses the sodium-native package as an optional dependency. sodium-native is a low level binding to libsodium, (an implementation of Ed25519 signatures). > If installation of sodium-native fails, or it is unavailable, stellar-base (and stellar-sdk) will fallback to using the tweetnacl package implementation. If you are using them in a browser, you can ignore this. However, for production backend deployments, you should be using sodium-native. > If sodium-native is successfully installed and working the StellarSdk.FastSigning variable will return true.

License

js-stellar-sdk is licensed under an Apache-2.0 license. See the LICENSE file for details.

stelar-sdk dependencies

@stellar/stellar-base axios bignumber.js eventsource randombytes toml urijs ethers

stelar-sdk development dependencies

@babel/cli @babel/core @babel/eslint-plugin @babel/preset-env @babel/preset-typescript @babel/register @definitelytyped/dtslint @istanbuljs/nyc-config-babel @stellar/tsconfig @types/chai @types/detect-node @types/eventsource @types/json-schema @types/lodash @types/mocha @types/node @types/randombytes @types/sinon @types/urijs @typescript-eslint/parser axios-mock-adapter babel-loader babel-plugin-istanbul buffer chai chai-as-promised chai-http cross-env dotenv eslint eslint-config-airbnb-base eslint-config-airbnb-typescript eslint-config-prettier eslint-plugin-import eslint-plugin-jsdoc eslint-plugin-node eslint-plugin-prefer-import eslint-plugin-prettier eslint-webpack-plugin ghooks husky jsdoc json-schema-faker karma karma-chai karma-chrome-launcher karma-coverage karma-firefox-launcher karma-mocha karma-sinon-chai karma-webpack lint-staged lodash minami mocha node-polyfill-webpack-plugin nyc prettier randombytes sinon sinon-chai taffydb terser-webpack-plugin ts-node typescript webpack webpack-cli

FAQs

What is stelar-sdk?

A library for working with the Stellar network, including communication with the Horizon and Soroban RPC servers. Visit Snyk Advisor to see a full health score report for stelar-sdk, including popularity, security, maintenance & community analysis.

Is stelar-sdk popular?

The npm package stelar-sdk receives a total of 1 weekly downloads. As such, stelar-sdk popularity was classified as limited. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is stelar-sdk well maintained?

We found that stelar-sdk demonstrated a healthy version release cadence and project activity. It has a community of 80 open source contributors collaborating on the project. See the full package health analysis to learn more about the package maintenance status.

Is stelar-sdk safe to use?

Security issues were found while scanning the latest version of stelar-sdk, and a total of 1 vulnerabilities were detected. It is highly advised to conduct a security review before using this package. View the full security scan results.

Last updated on 18 November-2024, at 15:47 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP

Security and license risk for significant versions

Is your project affected by vulnerabilities?

Weekly Downloads (1)

Direct Usage Popularity

Embed Package Health Score Badge

Commit Frequency

Keep your project healthy

Check your package.json

Snyk Vulnerability Scanner

Readme

js-stellar-sdk

Installation

Browsers

Usage

Usage with React-Native

Usage with Expo managed workflows

Usage with CloudFlare Workers

Developing

Building

Testing

Publishing

Miscellaneous

stellar-sdk vs stellar-base

License

stelar-sdk dependencies

stelar-sdk development dependencies

FAQs

What is stelar-sdk?

Is stelar-sdk popular?

Is stelar-sdk well maintained?

Is stelar-sdk safe to use?

Build a secure application checklist

Select a recommended open source package

Scan your app for vulnerabilities

Source Code

Open Source

Container

Config

Fix identified vulnerabilities

Monitor for new issues

`stellar-sdk` vs `stellar-base`