npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@1hive/radspec

v2.0.1

Published

Radspec is a safe alternative to Ethereum's natspec

Downloads

569

Readme

radspec 🤘

Travis branch Coveralls github branch

Radspec is a safe interpreter for dynamic expressions in Ethereum's NatSpec.

This allows smart contact developers to show improved function documentation to end users, without the security pitfalls of natspec.js. Radspec defines its own syntax structure and parses its own AST rather than directly evaluating untrusted JavaScript.

Features

  • Expressive: Show relevant details to smart contract end-users at the time they make transactions.
  • External calls: Radspec can query other contracts.
  • Safe: Radspec requires no DOM access or untrusted JavaScript evaluation.
  • Compatible: Most existing NatSpec dynamic expressions are compatible with Radspec.

Introduction & quick start

Radspec supports any contract programming language, such as Solidity or Vyper because radspec works on the compiled JSON ABI. Here is an example using Solidity.

pragma solidity ^0.5.0;

contract Tree {
    /// @notice Set the tree age to `numYears` years
    function setAge(uint256 numYears) external {
        // set the age into storage
    }
}

Notice the dynamic expression documentation for the setAge function. When presented to the end user, this will render based on the inputs provided by the user. For example, if the end user is calling the contract with an input of 10 years, this will be rendered by radspec as:

Set the tree age to 10 years

Use the Solidity compiler to generate user documentation and ABI with:

solc --userdoc --abi tree.sol

This produces the outputs:

{
  "methods" :
  {
    "setAge(uint256)" :
    {
      "notice" : "Set the tree age to `numYears` years"
    }
  }
}

and

[{
  "constant":false,
  "inputs":[{"name":"numYears","type":"uint256"}],
  "name":"setAge",
  "outputs":[],
  "payable":false,
  "stateMutability":"nonpayable",
  "type":"function"
}]

Note you can also use Human-Redable abis. For the above example that would be:

["function setAge(uint256 numYears) public view"]

Write a simple tool using radspec to interpret this:

import radspec from 'radspec'

// Set userDoc and ABI from above
const expression = userDoc.methods["setAge(uint256)"].notice
const call = {
  abi: abi,
  transaction: {
    to: '0x8521742d3f456bd237e312d6e30724960f72517a',
    data: '0xd5dcf127000000000000000000000000000000000000000000000000000000000000000a'
  }
}
radspec.evaluate(expression, call)
  .then(console.log) // => "Set the tree age to 10 years"

Or see more examples here and in the tests.

Please let us know if there's anything else you'd like Radspec to be able to evaluate by filing an issue!

Installation

Simply use your favorite Node.js package manager:

npm i radspec

Documentation

Documentation about radspec and the internals of radspec can be found here.

Contributing

TBD

Aside: Why is natspec.js unsafe?

natspec.js accepts any valid JavaScript. There are multiple reasons this is a bad idea:

  1. You either need to write your own JavaScript VM or use eval (unsafe!) from inside JavaScript
  2. A fully-featured language with classes, functions and much more is absolutely overkill for something that could be solved with a simple DSL.

As dapps become increasingly complex, it is paramount that tools are written in a way that makes phishing near impossible. Evaluating JavaScript directly makes opens your dapp up to cross-site scripting attacks by users merely submitting a transaction(!).

License

MIT