Allow createFetchMiddleware to take an RPC service #357
Conversation
|
👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎ This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. Ignoring: Next stepsTake a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with |
|
@SocketSecurity ignore npm/[email protected] New author is OK. Either it's us or known members of the NPM community. |
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
mcmire
force-pushed
the
integrate-rpc-service
branch
7 times, most recently
from
9777496 to
23479ea
Compare
|
@SocketSecurity ignore npm/@metamask/[email protected] This is our package. |
`@metamask/network-controller` now contains an `RpcService` class. Using this class not only allows us to remove a lot of code from this package, as it incorporates the vast majority of logic contained in `createFetchMiddleware`, including the retry logic, but it also allows us to use the circuit breaker pattern and the exponential backoff pattern to prevent too many retries if the network is unreliable, and then automatically cut over to a failover node when the network truly goes down.
mcmire
force-pushed
the
integrate-rpc-service
branch
from
23479ea to
5ecddf7
Compare
|
@SocketSecurity ignore npm/@metamask/[email protected] This is our package. |
| * Like a JSON-RPC request, but includes an optional `origin` property. | ||
| * This will be included in the request as a header if specified. | ||
| */ | ||
| export type JsonRpcRequestWithOrigin<Params extends JsonRpcParams> = |
There was a problem hiding this comment.
Purposefully not reusing PayloadWithOrigin above because 1) it's badly named, 2) it doesn't take any type parameters and 3) we need a type and not an interface going forward.
| * @returns The fetch middleware. | ||
| */ | ||
| function createFetchMiddlewareWithoutRpcService({ | ||
| btoa: givenBtoa, |
There was a problem hiding this comment.
btoa and fetch are globals, so we rename them.
| * The interface for a service class responsible for making a request to an RPC | ||
| * endpoint. | ||
| */ | ||
| export type AbstractRpcService = { |
There was a problem hiding this comment.
We could get this from @metamask/network-controller, but that would create a circular dependency.
@metamask/network-controllernow contains anRpcServiceclass. Using this class not only allows us to remove a lot of code from this package, as it incorporates the vast majority of logic contained increateFetchMiddleware, including the retry logic, but it also allows us to use the circuit breaker pattern and the exponential backoff pattern to prevent too many retries if the network is unreliable, and then automatically cut over to a failover node when the network truly goes down.Closes #356.
Closes #207.
Closes #209.
Closes #211.
Closes #166.