{"id":28425258,"url":"https://github.com/metamask/providers","last_synced_at":"2025-10-07T22:17:20.452Z","repository":{"id":38076478,"uuid":"144184829","full_name":"MetaMask/providers","owner":"MetaMask","description":"An Ethereum Provider that connects over a stream, as injected into websites by MetaMask","archived":false,"fork":false,"pushed_at":"2025-09-09T13:49:15.000Z","size":2833,"stargazers_count":253,"open_issues_count":25,"forks_count":131,"subscribers_count":69,"default_branch":"main","last_synced_at":"2025-09-20T00:35:35.150Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MetaMask.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":null,"patreon":null,"open_collective":"metamask","ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":null}},"created_at":"2018-08-09T17:40:04.000Z","updated_at":"2025-09-09T13:06:33.000Z","dependencies_parsed_at":"2024-04-16T23:40:32.441Z","dependency_job_id":"b523b528-dd57-4e8e-9380-2cf6db59dd6f","html_url":"https://github.com/MetaMask/providers","commit_stats":{"total_commits":214,"total_committers":21,"mean_commits":10.19047619047619,"dds":0.5654205607476636,"last_synced_commit":"f21617553810c1d5d01cb51508d3338448f2b895"},"previous_names":["metamask/inpage-provider","metamask/metamask-inpage-provider"],"tags_count":80,"template":false,"template_full_name":null,"purl":"pkg:github/MetaMask/providers","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MetaMask%2Fproviders","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MetaMask%2Fproviders/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MetaMask%2Fproviders/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MetaMask%2Fproviders/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MetaMask","download_url":"https://codeload.github.com/MetaMask/providers/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MetaMask%2Fproviders/sbom","scorecard":{"id":92944,"data":{"date":"2025-08-11","repo":{"name":"github.com/MetaMask/providers","commit":"5b3055f06290ca6b865e1af339c8e14b5ed032b4"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: jobLevel 'contents' permission set to 'write': .github/workflows/create-release-pr.yml:21","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/main.yml:72","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/publish-main-docs.yml:11","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/publish-rc-docs.yml:22","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/publish-release.yml:105","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/publish-release.yml:116","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/publish-release.yml:16","Info: jobLevel 'actions' permission set to 'read': .github/workflows/security-code-scanner.yml:16","Info: jobLevel 'contents' permission set to 'read': .github/workflows/security-code-scanner.yml:17","Warn: jobLevel 'security-events' permission set to 'write': .github/workflows/security-code-scanner.yml:18","Warn: no topLevel permission defined: .github/workflows/build-lint-test.yml:1","Warn: no topLevel permission defined: .github/workflows/create-release-pr.yml:1","Warn: no topLevel permission defined: .github/workflows/main.yml:1","Warn: no topLevel permission defined: .github/workflows/publish-docs.yml:1","Warn: no topLevel permission defined: .github/workflows/publish-main-docs.yml:1","Warn: no topLevel permission defined: .github/workflows/publish-rc-docs.yml:1","Warn: no topLevel permission defined: .github/workflows/publish-release.yml:1","Warn: no topLevel permission defined: .github/workflows/security-code-scanner.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-lint-test.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/MetaMask/providers/build-lint-test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-lint-test.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/MetaMask/providers/build-lint-test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-lint-test.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/MetaMask/providers/build-lint-test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-lint-test.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/MetaMask/providers/build-lint-test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-lint-test.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/MetaMask/providers/build-lint-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-release-pr.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/MetaMask/providers/create-release-pr.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-release-pr.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/MetaMask/providers/create-release-pr.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/create-release-pr.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/MetaMask/providers/create-release-pr.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/MetaMask/providers/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/MetaMask/providers/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-docs.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/MetaMask/providers/publish-docs.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-docs.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/MetaMask/providers/publish-docs.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-release.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/MetaMask/providers/publish-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-release.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/MetaMask/providers/publish-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-release.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/MetaMask/providers/publish-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-release.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/MetaMask/providers/publish-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-release.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/MetaMask/providers/publish-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-release.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/MetaMask/providers/publish-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-release.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/MetaMask/providers/publish-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-release.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/MetaMask/providers/publish-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-release.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/MetaMask/providers/publish-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-release.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/MetaMask/providers/publish-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-release.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/MetaMask/providers/publish-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/security-code-scanner.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/MetaMask/providers/security-code-scanner.yml/main?enable=pin","Warn: downloadThenRun not pinned by hash: .github/workflows/main.yml:17","Info:   0 out of  13 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of  12 third-party GitHubAction dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":8,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Info: codeowner review is required on branch 'main'","Info: 'last push approval' is required to merge on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/MetaMask/.github/SECURITY.md:1","Info: Found linked content: github.com/MetaMask/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/MetaMask/.github/SECURITY.md:1","Info: Found text in security policy: github.com/MetaMask/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: all commits (30) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":6,"reason":"4 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-15T08:15:13.242Z","repository_id":38076478,"created_at":"2025-08-15T08:15:13.242Z","updated_at":"2025-08-15T08:15:13.242Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278855640,"owners_count":26057711,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-07T02:00:06.786Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-05T10:36:43.902Z","updated_at":"2025-10-07T22:17:20.414Z","avatar_url":"https://github.com/MetaMask.png","language":"TypeScript","funding_links":["https://opencollective.com/metamask"],"categories":[],"sub_categories":[],"readme":"# MetaMask Providers\n\nThe Ethereum provider object injected by MetaMask into various environments.\nContains a lot of implementation details specific to MetaMask, and is probably\nnot suitable for out-of-the-box use with other wallets.\n\nThe `BaseProvider` implements the Ethereum JavaScript provider specification ([EIP-1193]), but must be modified by a sub-class in order to function.\n`StreamProvider` is such a sub-class, which synchronizes its state and marshals JSON-RPC messages via a duplex stream.\n`MetamaskInpageProvider` further extends `StreamProvider` to support legacy provider interfaces in addition to [EIP-1193], and is used to instantiate the object injected by MetaMask into web pages as `window.ethereum`.\n\n## Usage\n\n```javascript\nimport { initializeProvider } from '@metamask/providers';\n\n// Create a stream to a remote provider:\nconst metamaskStream = new LocalMessageDuplexStream({\n  name: 'inpage',\n  target: 'contentscript',\n});\n\n// this will initialize the provider and set it as window.ethereum\ninitializeProvider({\n  connectionStream: metamaskStream,\n});\n\nconst { ethereum } = window;\n```\n\n### Types\n\nTypes are exposed at `index.d.ts`.\nThey require Node.js `EventEmitter` and `Duplex` stream types, which you can grab from e.g. [`@types/node`](https://npmjs.com/package/@types/node).\n\n### Do Not Modify the Provider\n\nThe Provider object should not be mutated by consumers under any circumstances.\nThe maintainers of this package will neither fix nor take responsbility for bugs caused by third parties mutating the provider object.\n\n## Contributing\n\n### Setup\n\n- Install [Node.js](https://nodejs.org) version 16\n  - If you are using [nvm](https://github.com/creationix/nvm#installation) (recommended) running `nvm use` will automatically choose the right node version for you.\n- Install [Yarn v1](https://yarnpkg.com/en/docs/install)\n- Run `yarn setup` to install dependencies and run any requried post-install scripts\n  - **Warning:** Do not use the `yarn` / `yarn install` command directly. Use `yarn setup` instead. The normal install command will skip required post-install scripts, leaving your development environment in an invalid state.\n\n### Testing and Linting\n\nRun `yarn test` to run the tests once. To run tests on file changes, run `yarn test:watch`.\n\nRun `yarn lint` to run the linter, or run `yarn lint:fix` to run the linter and fix any automatically fixable issues.\n\n### Release \u0026 Publishing\n\nThe project follows the same release process as the other libraries in the MetaMask organization:\n\n1. Create a release branch\n   - For a typical release, this would be based on `main`\n   - To update an older maintained major version, base the release branch on the major version branch (e.g. `1.x`)\n2. Update the changelog\n3. Update version in package.json file (e.g. `yarn version --minor --no-git-tag-version`)\n4. Create a pull request targeting the base branch (e.g. `main` or `1.x`)\n5. Code review and QA\n6. Once approved, the PR is squashed \u0026 merged\n7. The commit on the base branch is tagged\n8. The tag can be published as needed\n\n[eip-1193]: https://eips.ethereum.org/EIPS/eip-1193\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmetamask%2Fproviders","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmetamask%2Fproviders","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmetamask%2Fproviders/lists"}