@solana/connector 0.1.4 → 0.1.5

package/README.md

@@ -608,6 +608,242 @@ const mobile = getDefaultMobileConfig({
 
 ---
 
+## Security Considerations
+
+### Token Image Privacy
+
+When using `useTokens()` or `useTransactions()`, token metadata (including logo URLs) is fetched from external APIs. By default, these image URLs are returned directly, which means when your users' browsers fetch these images, the image host can see:
+
+- User IP addresses
+- Request timing (when users viewed their tokens)
+- User agent and browser information
+
+This could potentially be exploited by malicious token creators who set tracking URLs in their token metadata.
+
+### Image Proxy Configuration
+
+To protect user privacy, you can configure an image proxy that fetches images on behalf of your users:
+
+```typescript
+const config = getDefaultConfig({
+    appName: 'My App',
+    imageProxy: '/_next/image?w=64&q=75&url=', // Next.js Image Optimization
+});
+```
+
+When `imageProxy` is set, all token image URLs returned by `useTokens()` and `useTransactions()` will be automatically transformed:
+
+```
+// Original URL from token metadata
+https://raw.githubusercontent.com/.../token-logo.png
+
+// Transformed URL (when imageProxy is set)
+/_next/image?w=64&q=75&url=https%3A%2F%2Fraw.githubusercontent.com%2F...%2Ftoken-logo.png
+```
+
+### Common Proxy Options
+
+| Service | Configuration |
+|---------|---------------|
+| **Next.js Image** | `imageProxy: '/_next/image?w=64&q=75&url='` |
+| **Cloudflare** | `imageProxy: '/cdn-cgi/image/width=64,quality=75/'` |
+| **imgproxy** | `imageProxy: 'https://imgproxy.example.com/insecure/fill/64/64/'` |
+| **Custom API** | `imageProxy: '/api/image-proxy?url='` |
+
+### Custom Proxy API Route (Next.js Example)
+
+```typescript
+// app/api/image-proxy/route.ts
+import { NextRequest, NextResponse } from 'next/server';
+import dns from 'dns/promises';
+
+// Allowlist of permitted domains for image fetching
+const ALLOWED_DOMAINS = [
+    'raw.githubusercontent.com',
+    'arweave.net',
+    'ipfs.io',
+    'cloudflare-ipfs.com',
+    'nftstorage.link',
+    // Add other trusted image domains as needed
+];
+
+// Check if an IP address falls within private/reserved ranges
+function isPrivateOrReservedIP(ip: string): boolean {
+    // IPv4 private/reserved ranges
+    const ipv4PrivateRanges = [
+        /^127\./, // 127.0.0.0/8 (loopback)
+        /^10\./, // 10.0.0.0/8 (private)
+        /^172\.(1[6-9]|2[0-9]|3[0-1])\./, // 172.16.0.0/12 (private)
+        /^192\.168\./, // 192.168.0.0/16 (private)
+        /^169\.254\./, // 169.254.0.0/16 (link-local/metadata)
+        /^0\./, // 0.0.0.0/8 (current network)
+        /^100\.(6[4-9]|[7-9][0-9]|1[0-1][0-9]|12[0-7])\./, // 100.64.0.0/10 (CGNAT)
+        /^192\.0\.0\./, // 192.0.0.0/24 (IETF protocol assignments)
+        /^192\.0\.2\./, // 192.0.2.0/24 (TEST-NET-1)
+        /^198\.51\.100\./, // 198.51.100.0/24 (TEST-NET-2)
+        /^203\.0\.113\./, // 203.0.113.0/24 (TEST-NET-3)
+        /^224\./, // 224.0.0.0/4 (multicast)
+        /^240\./, // 240.0.0.0/4 (reserved)
+        /^255\.255\.255\.255$/, // broadcast
+    ];
+
+    // IPv6 private/reserved ranges
+    const ipv6PrivatePatterns = [
+        /^::1$/, // loopback
+        /^fe80:/i, // link-local
+        /^fc00:/i, // unique local (fc00::/7)
+        /^fd/i, // unique local (fd00::/8)
+        /^::ffff:(127\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.|192\.168\.|169\.254\.)/i, // IPv4-mapped
+    ];
+
+    // Check IPv4
+    for (const range of ipv4PrivateRanges) {
+        if (range.test(ip)) return true;
+    }
+
+    // Check IPv6
+    for (const pattern of ipv6PrivatePatterns) {
+        if (pattern.test(ip)) return true;
+    }
+
+    return false;
+}
+
+// Validate and parse the URL
+function validateUrl(urlString: string): URL | null {
+    try {
+        const parsed = new URL(urlString);
+        // Only allow http and https protocols
+        if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:') {
+            return null;
+        }
+        return parsed;
+    } catch {
+        return null;
+    }
+}
+
+// Check if hostname is in the allowlist
+function isAllowedDomain(hostname: string): boolean {
+    return ALLOWED_DOMAINS.some(
+        (domain) => hostname === domain || hostname.endsWith(`.${domain}`)
+    );
+}
+
+export async function GET(request: NextRequest) {
+    const urlParam = request.nextUrl.searchParams.get('url');
+    
+    // (1) Ensure URL exists and parses correctly with http/https
+    if (!urlParam) {
+        return new NextResponse('Missing URL parameter', { status: 400 });
+    }
+
+    const parsedUrl = validateUrl(urlParam);
+    if (!parsedUrl) {
+        return new NextResponse('Invalid URL or protocol', { status: 400 });
+    }
+
+    // (2) Enforce allowlist of permitted domains
+    if (!isAllowedDomain(parsedUrl.hostname)) {
+        return new NextResponse('Domain not allowed', { status: 403 });
+    }
+
+    // (3) Resolve hostname and check for private/reserved IPs
+    try {
+        const addresses = await dns.resolve(parsedUrl.hostname);
+        for (const ip of addresses) {
+            if (isPrivateOrReservedIP(ip)) {
+                return new NextResponse('Resolved IP is not allowed', { status: 403 });
+            }
+        }
+    } catch {
+        return new NextResponse('Failed to resolve hostname', { status: 400 });
+    }
+
+    // (4) All checks passed - perform the fetch
+    try {
+        const response = await fetch(parsedUrl.toString());
+        const buffer = await response.arrayBuffer();
+        
+        return new NextResponse(buffer, {
+            headers: {
+                'Content-Type': response.headers.get('Content-Type') || 'image/png',
+                'Cache-Control': 'public, max-age=86400',
+            },
+        });
+    } catch {
+        return new NextResponse('Failed to fetch image', { status: 500 });
+    }
+}
+```
+
+---
+
+## CoinGecko API & Rate Limits
+
+The `useTokens()` hook fetches token prices from CoinGecko. CoinGecko has rate limits that may affect your application:
+
+### Rate Limits (as of 2024)
+
+| Tier | Rate Limit | API Key Required |
+|------|------------|------------------|
+| **Free (Public)** | 10-30 requests/minute | No |
+| **Demo** | 30 requests/minute | Yes (free) |
+| **Analyst** | 500 requests/minute | Yes (paid) |
+| **Pro** | 1000+ requests/minute | Yes (paid) |
+
+### Handling Rate Limits
+
+ConnectorKit automatically handles rate limits with:
+- **Exponential backoff**: Retries with increasing delays
+- **Jitter**: Random delay added to prevent thundering herd
+- **Retry-After header**: Honors server-specified wait times
+- **Bounded timeout**: Won't block forever (default 30s max)
+
+### Adding a CoinGecko API Key
+
+For higher rate limits, add a free Demo API key from [CoinGecko](https://www.coingecko.com/en/api/pricing):
+
+```typescript
+const config = getDefaultConfig({
+    appName: 'My App',
+    coingecko: {
+        apiKey: process.env.COINGECKO_API_KEY, // Demo or Pro API key
+        isPro: false, // Set to true for Pro API keys
+    },
+});
+```
+
+### Advanced Configuration
+
+```typescript
+const config = getDefaultConfig({
+    appName: 'My App',
+    coingecko: {
+        // API key for higher rate limits (optional)
+        apiKey: process.env.COINGECKO_API_KEY,
+        
+        // Set to true if using a Pro API key (default: false for Demo keys)
+        isPro: false,
+        
+        // Maximum retry attempts on 429 (default: 3)
+        maxRetries: 3,
+        
+        // Base delay for exponential backoff in ms (default: 1000)
+        baseDelay: 1000,
+        
+        // Maximum total timeout in ms (default: 30000)
+        maxTimeout: 30000,
+    },
+});
+```
+
+### Caching
+
+Token prices are cached for 60 seconds to minimize API calls. The retry logic only applies to uncached token IDs, so frequently-viewed tokens won't trigger additional API calls.
+
+---
+
 ## Advanced Usage
 
 ### Headless Client (Vue, Svelte, Vanilla JS)

package/dist/{chunk-U64YZRJL.mjs → chunk-3STZXVXD.mjs}

@@ -1,6 +1,6 @@
-import { installPolyfills, ConnectorErrorBoundary, isMainnetCluster, isDevnetCluster, isTestnetCluster, isLocalCluster, getClusterExplorerUrl, getClusterType, formatAddress, copyAddressToClipboard, createTransactionSigner, createKitTransactionSigner, NetworkError, getTransactionUrl, ConnectorClient } from './chunk-YTCSTE3Q.mjs';
-import { createLogger, createSolanaClient, prepareTransaction } from './chunk-P5MWBDFG.mjs';
-import React, { createContext, useContext, useSyncExternalStore, useMemo, useState, useCallback, useEffect, useRef } from 'react';
+import { installPolyfills, ConnectorErrorBoundary, isMainnetCluster, isDevnetCluster, isTestnetCluster, isLocalCluster, getClusterExplorerUrl, getClusterType, formatAddress, copyAddressToClipboard, createTransactionSigner, createKitTransactionSigner, NetworkError, getTransactionUrl, ConnectorClient } from './chunk-VMSZJPR5.mjs';
+import { createLogger, __publicField, createSolanaClient, prepareTransaction } from './chunk-QL3IT3TS.mjs';
+import React, { createContext, useContext, useSyncExternalStore, useMemo, useState, useCallback, useRef, useEffect } from 'react';
 import { jsx, Fragment, jsxs } from 'react/jsx-runtime';
 import { address } from '@solana/addresses';
 import { signature } from '@solana/keys';
@@ -307,9 +307,9 @@ function formatSol(lamports, decimals = 4) {
   }) + " SOL";
 }
 function useBalance() {
-  let { address: address$1, connected } = useAccount(); useCluster(); let client = useSolanaClient(), [lamports, setLamports] = useState(0n), [tokens, setTokens] = useState([]), [isLoading, setIsLoading] = useState(false), [error, setError] = useState(null), [lastUpdated, setLastUpdated] = useState(null), rpcClient = client?.client ?? null, fetchBalance = useCallback(async () => {
+  let { address: address$1, connected } = useAccount(); useCluster(); let client = useSolanaClient(), [lamports, setLamports] = useState(0n), [tokens, setTokens] = useState([]), [isLoading, setIsLoading] = useState(false), [error, setError] = useState(null), [lastUpdated, setLastUpdated] = useState(null), hasDataRef = useRef(false), rpcClient = client?.client ?? null, fetchBalance = useCallback(async () => {
     if (!connected || !address$1 || !rpcClient) {
-      setLamports(0n), setTokens([]);
+      setLamports(0n), setTokens([]), hasDataRef.current = false;
       return;
     }
     setIsLoading(true), setError(null);
@@ -337,9 +337,9 @@ function useBalance() {
       } catch (tokenError) {
         console.warn("Failed to fetch token balances:", tokenError), setTokens([]);
       }
-      setLastUpdated(/* @__PURE__ */ new Date());
+      hasDataRef.current = true, setLastUpdated(/* @__PURE__ */ new Date());
     } catch (err) {
-      setError(err), console.error("Failed to fetch balance:", err);
+      hasDataRef.current || (setError(err), console.error("Failed to fetch balance:", err));
     } finally {
       setIsLoading(false);
     }
@@ -490,6 +490,10 @@ function formatAmount(tokenAmount, tokenDecimals, direction, solChange) {
     return `${solChange > 0 ? "+" : ""}${solChange.toFixed(4)} SOL`;
 }
 var tokenMetadataCache = /* @__PURE__ */ new Map();
+function transformImageUrl(url, imageProxy) {
+  if (url)
+    return imageProxy ? `${imageProxy}${encodeURIComponent(url)}` : url;
+}
 async function fetchTokenMetadata(mints) {
   let results = /* @__PURE__ */ new Map();
   if (mints.length === 0) return results;
@@ -500,16 +504,17 @@ async function fetchTokenMetadata(mints) {
   }
   if (uncachedMints.length === 0) return results;
   try {
-    let url = new URL("https://lite-api.jup.ag/tokens/v2/search");
-    url.searchParams.append("query", uncachedMints.join(","));
-    let response = await fetch(url.toString(), {
+    let response = await fetch("https://token-list-api.solana.cloud/v1/mints?chainId=101", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ addresses: uncachedMints }),
       signal: AbortSignal.timeout(5e3)
     });
     if (!response.ok) return results;
-    let items = await response.json();
-    for (let item of items) {
-      let metadata = { symbol: item.symbol, icon: item.icon };
-      results.set(item.id, metadata), tokenMetadataCache.set(item.id, metadata);
+    let data = await response.json();
+    for (let item of data.content) {
+      let metadata = { symbol: item.symbol, icon: item.logoURI };
+      results.set(item.address, metadata), tokenMetadataCache.set(item.address, metadata);
     }
   } catch (error) {
     console.warn("[useTransactions] Failed to fetch token metadata:", error);
@@ -517,16 +522,19 @@ async function fetchTokenMetadata(mints) {
   return results;
 }
 function useTransactions(options = {}) {
-  let { limit = 10, autoRefresh = false, refreshInterval = 6e4, fetchDetails = true } = options, { address: address$1, connected } = useAccount(), { cluster } = useCluster(), client = useSolanaClient(), [transactions, setTransactions] = useState([]), [isLoading, setIsLoading] = useState(false), [error, setError] = useState(null), [hasMore, setHasMore] = useState(true), [lastUpdated, setLastUpdated] = useState(null), beforeSignatureRef = useRef(void 0), prevDepsRef = useRef(
+  let { limit = 10, autoRefresh = false, refreshInterval = 6e4, fetchDetails = true } = options, { address: address$1, connected } = useAccount(), { cluster } = useCluster(), client = useSolanaClient(), connectorClient = useConnectorClient(), [transactions, setTransactions] = useState([]), [isLoading, setIsLoading] = useState(false), [error, setError] = useState(null), [hasMore, setHasMore] = useState(true), [lastUpdated, setLastUpdated] = useState(null), beforeSignatureRef = useRef(void 0), prevDepsRef = useRef(
     null
-  ), rpcClient = client?.client ?? null, parseTransaction = useCallback(
+  ), rpcClient = client?.client ?? null, imageProxy = connectorClient?.getConfig().imageProxy, parseTransaction = useCallback(
     (tx, walletAddress, sig, blockTime, slot, err, explorerUrl) => {
       let { date, time } = formatDate(blockTime), baseInfo = {
         signature: sig,
         blockTime,
         slot,
         status: err ? "failed" : "success",
-        error: err ? JSON.stringify(err) : void 0,
+        error: err ? JSON.stringify(
+          err,
+          (_key, value) => typeof value == "bigint" ? value.toString() : value
+        ) : void 0,
         type: "unknown",
         formattedDate: date,
         formattedTime: time,
@@ -631,7 +639,7 @@ function useTransactions(options = {}) {
                 return {
                   ...tx,
                   tokenSymbol: meta.symbol,
-                  tokenIcon: meta.icon,
+                  tokenIcon: transformImageUrl(meta.icon, imageProxy),
                   // Update formatted amount with symbol
                   formattedAmount: tx.formattedAmount ? `${tx.formattedAmount} ${meta.symbol}` : tx.formattedAmount
                 };
@@ -655,7 +663,7 @@ function useTransactions(options = {}) {
         setIsLoading(false);
       }
     },
-    [connected, address$1, rpcClient, cluster, limit, fetchDetails, parseTransaction]
+    [connected, address$1, rpcClient, cluster, limit, fetchDetails, parseTransaction, imageProxy]
   ), refetch = useCallback(async () => {
     beforeSignatureRef.current = void 0, await fetchTransactions(false);
   }, [fetchTransactions]), loadMoreFn = useCallback(async () => {
@@ -681,38 +689,221 @@ function useTransactions(options = {}) {
     [transactions, isLoading, error, hasMore, loadMoreFn, refetch, lastUpdated]
   );
 }
-var NATIVE_MINT = "So11111111111111111111111111111111111111112", metadataCache = /* @__PURE__ */ new Map();
-async function fetchJupiterMetadata(mints) {
+function createTimeoutSignal(ms) {
+  if (typeof AbortSignal.timeout == "function")
+    return { signal: AbortSignal.timeout(ms), cleanup: () => {
+    } };
+  let controller = new AbortController(), timeoutId = setTimeout(() => controller.abort(), ms);
+  return {
+    signal: controller.signal,
+    cleanup: () => clearTimeout(timeoutId)
+  };
+}
+var NATIVE_MINT = "So11111111111111111111111111111111111111112", CACHE_MAX_SIZE = 500, PRICE_CACHE_TTL = 6e4, STALE_CLEANUP_INTERVAL = 12e4, COINGECKO_DEFAULT_MAX_RETRIES = 3, COINGECKO_DEFAULT_BASE_DELAY = 1e3, COINGECKO_DEFAULT_MAX_TIMEOUT = 3e4, COINGECKO_API_BASE_URL = "https://api.coingecko.com/api/v3", LRUCache = class {
+  constructor(maxSize, options) {
+    __publicField(this, "cache", /* @__PURE__ */ new Map());
+    __publicField(this, "maxSize");
+    __publicField(this, "getTtl");
+    __publicField(this, "getTimestamp");
+    this.maxSize = maxSize, this.getTtl = options?.getTtl, this.getTimestamp = options?.getTimestamp;
+  }
+  get(key) {
+    let value = this.cache.get(key);
+    if (value !== void 0) {
+      if (this.getTtl && this.getTimestamp) {
+        let ttl = this.getTtl(value), timestamp = this.getTimestamp(value);
+        if (ttl !== void 0 && timestamp !== void 0 && Date.now() - timestamp >= ttl) {
+          this.cache.delete(key);
+          return;
+        }
+      }
+      return this.cache.delete(key), this.cache.set(key, value), value;
+    }
+  }
+  set(key, value) {
+    if (this.cache.has(key) && this.cache.delete(key), this.cache.size >= this.maxSize) {
+      let oldestKey = this.cache.keys().next().value;
+      oldestKey !== void 0 && this.cache.delete(oldestKey);
+    }
+    this.cache.set(key, value);
+  }
+  has(key) {
+    return this.cache.has(key);
+  }
+  delete(key) {
+    return this.cache.delete(key);
+  }
+  clear() {
+    this.cache.clear();
+  }
+  get size() {
+    return this.cache.size;
+  }
+  /**
+   * Prune stale entries based on TTL.
+   * Only works if getTtl and getTimestamp are provided.
+   */
+  pruneStale() {
+    if (!this.getTtl || !this.getTimestamp) return 0;
+    let now = Date.now(), pruned = 0;
+    for (let [key, value] of this.cache) {
+      let ttl = this.getTtl(value), timestamp = this.getTimestamp(value);
+      ttl !== void 0 && timestamp !== void 0 && now - timestamp >= ttl && (this.cache.delete(key), pruned++);
+    }
+    return pruned;
+  }
+}, metadataCache = new LRUCache(CACHE_MAX_SIZE), priceCache = new LRUCache(CACHE_MAX_SIZE, {
+  getTtl: () => PRICE_CACHE_TTL,
+  getTimestamp: (entry) => entry.timestamp
+}), cleanupIntervalId = null, cleanupRefCount = 0;
+function startCacheCleanup() {
+  cleanupRefCount++, cleanupIntervalId === null && (cleanupIntervalId = setInterval(() => {
+    priceCache.pruneStale();
+  }, STALE_CLEANUP_INTERVAL));
+}
+function stopCacheCleanup() {
+  cleanupRefCount = Math.max(0, cleanupRefCount - 1), cleanupRefCount === 0 && cleanupIntervalId !== null && (clearInterval(cleanupIntervalId), cleanupIntervalId = null);
+}
+function clearTokenCaches() {
+  metadataCache.clear(), priceCache.clear();
+}
+async function fetchSolanaTokenMetadata(mints) {
   let results = /* @__PURE__ */ new Map();
   if (mints.length === 0) return results;
-  let uncachedMints = [];
+  let { signal, cleanup } = createTimeoutSignal(1e4);
+  try {
+    let response = await fetch("https://token-list-api.solana.cloud/v1/mints?chainId=101", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ addresses: mints }),
+      signal
+    });
+    if (cleanup(), !response.ok)
+      throw new Error(`Solana Token List API error: ${response.status}`);
+    let data = await response.json();
+    for (let item of data.content)
+      results.set(item.address, item);
+  } catch (error) {
+    cleanup(), console.warn("[useTokens] Solana Token List API failed:", error);
+  }
+  return results;
+}
+function calculateBackoffDelay(attempt, baseDelay, retryAfter) {
+  if (retryAfter !== void 0 && retryAfter > 0) {
+    let jitter2 = Math.random() * 500;
+    return retryAfter * 1e3 + jitter2;
+  }
+  let exponentialDelay = baseDelay * Math.pow(2, attempt), jitter = Math.random() * 500;
+  return exponentialDelay + jitter;
+}
+function parseRetryAfter(retryAfterHeader) {
+  if (!retryAfterHeader) return;
+  let seconds = parseInt(retryAfterHeader, 10);
+  if (!isNaN(seconds) && seconds >= 0)
+    return seconds;
+  let date = Date.parse(retryAfterHeader);
+  if (!isNaN(date)) {
+    let waitMs = date - Date.now();
+    return waitMs > 0 ? Math.ceil(waitMs / 1e3) : 0;
+  }
+}
+async function fetchCoinGeckoPrices(coingeckoIds, config) {
+  let results = /* @__PURE__ */ new Map();
+  if (coingeckoIds.length === 0) return results;
+  let now = Date.now(), uncachedIds = [];
+  for (let id of coingeckoIds) {
+    let cached = priceCache.get(id);
+    cached && now - cached.timestamp < PRICE_CACHE_TTL ? results.set(id, cached.price) : uncachedIds.push(id);
+  }
+  if (uncachedIds.length === 0) return results;
+  let maxRetries = config?.maxRetries ?? COINGECKO_DEFAULT_MAX_RETRIES, baseDelay = config?.baseDelay ?? COINGECKO_DEFAULT_BASE_DELAY, maxTimeout = config?.maxTimeout ?? COINGECKO_DEFAULT_MAX_TIMEOUT, apiKey = config?.apiKey, isPro = config?.isPro ?? false, url = `${COINGECKO_API_BASE_URL}/simple/price?ids=${uncachedIds.join(",")}&vs_currencies=usd`, headers = {};
+  apiKey && (headers[isPro ? "x-cg-pro-api-key" : "x-cg-demo-api-key"] = apiKey);
+  let startTime = Date.now(), attempt = 0, lastError = null;
+  for (; attempt <= maxRetries; ) {
+    let elapsedTime = Date.now() - startTime;
+    if (elapsedTime >= maxTimeout) {
+      console.warn(
+        `[useTokens] CoinGecko API: Total timeout (${maxTimeout}ms) exceeded after ${attempt} attempts. Returning cached/partial results.`
+      );
+      break;
+    }
+    let remainingTimeout = maxTimeout - elapsedTime, requestTimeout = Math.min(1e4, remainingTimeout), { signal, cleanup } = createTimeoutSignal(requestTimeout);
+    try {
+      let response = await fetch(url, {
+        headers,
+        signal
+      });
+      if (cleanup(), response.status === 429) {
+        let retryAfter = parseRetryAfter(response.headers.get("Retry-After")), delay = calculateBackoffDelay(attempt, baseDelay, retryAfter);
+        if (console.warn(
+          `[useTokens] CoinGecko API rate limited (429). Attempt ${attempt + 1}/${maxRetries + 1}. Retry-After: ${retryAfter ?? "not specified"}s. Waiting ${Math.round(delay)}ms before retry. Consider adding an API key for higher limits: https://www.coingecko.com/en/api/pricing`
+        ), Date.now() - startTime + delay >= maxTimeout) {
+          console.warn(
+            `[useTokens] CoinGecko API: Skipping retry - would exceed total timeout (${maxTimeout}ms). Returning cached/partial results.`
+          );
+          break;
+        }
+        await new Promise((resolve) => setTimeout(resolve, delay)), attempt++;
+        continue;
+      }
+      if (!response.ok)
+        throw new Error(`CoinGecko API error: ${response.status} ${response.statusText}`);
+      let data = await response.json(), fetchTime = Date.now();
+      for (let [id, priceData] of Object.entries(data))
+        priceData?.usd !== void 0 && (results.set(id, priceData.usd), priceCache.set(id, { price: priceData.usd, timestamp: fetchTime }));
+      return results;
+    } catch (error) {
+      if (cleanup(), lastError = error, error instanceof DOMException && error.name === "AbortError" ? console.warn(
+        `[useTokens] CoinGecko API request timed out. Attempt ${attempt + 1}/${maxRetries + 1}.`
+      ) : console.warn(
+        `[useTokens] CoinGecko API request failed. Attempt ${attempt + 1}/${maxRetries + 1}:`,
+        error
+      ), attempt < maxRetries) {
+        let delay = calculateBackoffDelay(attempt, baseDelay);
+        Date.now() - startTime + delay < maxTimeout && await new Promise((resolve) => setTimeout(resolve, delay));
+      }
+      attempt++;
+    }
+  }
+  return attempt > maxRetries && console.warn(
+    `[useTokens] CoinGecko API: All ${maxRetries + 1} attempts failed. Returning cached/partial results. Last error: ${lastError?.message ?? "Unknown error"}. If you are frequently rate limited, consider adding an API key: https://www.coingecko.com/en/api/pricing`
+  ), results;
+}
+async function fetchTokenMetadataHybrid(mints, coingeckoConfig) {
+  let results = /* @__PURE__ */ new Map();
+  if (mints.length === 0) return results;
+  let uncachedMints = [], now = Date.now();
   for (let mint of mints) {
     let cached = metadataCache.get(mint);
-    cached ? results.set(mint, cached) : uncachedMints.push(mint);
+    cached ? (cached.coingeckoId && (!priceCache.get(cached.coingeckoId) || now - (priceCache.get(cached.coingeckoId)?.timestamp ?? 0) >= PRICE_CACHE_TTL) && cached.coingeckoId && uncachedMints.push(mint), results.set(mint, cached)) : uncachedMints.push(mint);
   }
   if (uncachedMints.length === 0) return results;
-  try {
-    let url = new URL("https://lite-api.jup.ag/tokens/v2/search");
-    url.searchParams.append("query", uncachedMints.join(","));
-    let response = await fetch(url.toString(), {
-      signal: AbortSignal.timeout(1e4)
-    });
-    if (!response.ok)
-      throw new Error(`Jupiter API error: ${response.status}`);
-    let items = await response.json();
-    for (let item of items) {
-      let metadata = {
-        id: item.id,
-        name: item.id === NATIVE_MINT ? "Solana" : item.name,
-        symbol: item.symbol,
-        decimals: item.decimals,
-        icon: item.icon,
-        usdPrice: item.usdPrice
-      };
-      results.set(item.id, metadata), metadataCache.set(item.id, metadata);
+  let solanaMetadata = await fetchSolanaTokenMetadata(uncachedMints), coingeckoIdToMint = /* @__PURE__ */ new Map();
+  for (let [mint, meta] of solanaMetadata)
+    meta.extensions?.coingeckoId && coingeckoIdToMint.set(meta.extensions.coingeckoId, mint);
+  for (let mint of mints) {
+    let cached = metadataCache.get(mint);
+    cached?.coingeckoId && !coingeckoIdToMint.has(cached.coingeckoId) && coingeckoIdToMint.set(cached.coingeckoId, mint);
+  }
+  let prices = await fetchCoinGeckoPrices([...coingeckoIdToMint.keys()], coingeckoConfig);
+  for (let [mint, meta] of solanaMetadata) {
+    let coingeckoId = meta.extensions?.coingeckoId, usdPrice = coingeckoId ? prices.get(coingeckoId) : void 0, combined = {
+      address: meta.address,
+      name: meta.address === NATIVE_MINT ? "Solana" : meta.name,
+      symbol: meta.symbol,
+      decimals: meta.decimals,
+      logoURI: meta.logoURI,
+      coingeckoId,
+      usdPrice
+    };
+    results.set(mint, combined), metadataCache.set(mint, combined);
+  }
+  for (let [coingeckoId, mint] of coingeckoIdToMint) {
+    let cached = results.get(mint) ?? metadataCache.get(mint);
+    if (cached) {
+      let usdPrice = prices.get(coingeckoId);
+      usdPrice !== void 0 && (cached.usdPrice = usdPrice, results.set(mint, cached), metadataCache.set(mint, cached));
     }
-  } catch (error) {
-    console.warn("[useTokens] Jupiter API failed:", error);
   }
   return results;
 }
@@ -730,6 +921,12 @@ function formatUsd(amount, decimals, usdPrice) {
     maximumFractionDigits: 2
   });
 }
+function transformImageUrl2(url, imageProxy) {
+  if (!url) return;
+  if (!imageProxy) return url;
+  let encodedUrl = encodeURIComponent(url);
+  return imageProxy.endsWith("/") ? imageProxy + encodedUrl : imageProxy + "/" + encodedUrl;
+}
 function useTokens(options = {}) {
   let {
     includeZeroBalance = false,
@@ -737,7 +934,7 @@ function useTokens(options = {}) {
     refreshInterval = 6e4,
     fetchMetadata = true,
     includeNativeSol = true
-  } = options, { address: address$1, connected } = useAccount(), client = useSolanaClient(), [tokens, setTokens] = useState([]), [isLoading, setIsLoading] = useState(false), [error, setError] = useState(null), [lastUpdated, setLastUpdated] = useState(null), [totalAccounts, setTotalAccounts] = useState(0), rpcClient = client?.client ?? null, fetchTokens = useCallback(async () => {
+  } = options, { address: address$1, connected } = useAccount(), client = useSolanaClient(), connectorClient = useConnectorClient(), [tokens, setTokens] = useState([]), [isLoading, setIsLoading] = useState(false), [error, setError] = useState(null), [lastUpdated, setLastUpdated] = useState(null), [totalAccounts, setTotalAccounts] = useState(0), rpcClient = client?.client ?? null, connectorConfig = connectorClient?.getConfig(), imageProxy = connectorConfig?.imageProxy, coingeckoConfig = connectorConfig?.coingecko, fetchTokens = useCallback(async () => {
     if (!connected || !address$1 || !rpcClient) {
       setTokens([]), setTotalAccounts(0);
       return;
@@ -779,16 +976,16 @@ function useTokens(options = {}) {
         }
       }
       if (setTokens([...tokenList]), setTotalAccounts(tokenAccountsResult.value.length + (includeNativeSol ? 1 : 0)), setLastUpdated(/* @__PURE__ */ new Date()), fetchMetadata && mints.length > 0) {
-        let metadata = await fetchJupiterMetadata(mints);
+        let metadata = await fetchTokenMetadataHybrid(mints, coingeckoConfig);
         for (let i = 0; i < tokenList.length; i++) {
           let meta = metadata.get(tokenList[i].mint);
           meta && (tokenList[i] = {
             ...tokenList[i],
             name: meta.name,
             symbol: meta.symbol,
-            logo: meta.icon,
+            logo: transformImageUrl2(meta.logoURI, imageProxy),
             usdPrice: meta.usdPrice,
-            formattedUsd: formatUsd(tokenList[i].amount, tokenList[i].decimals, meta.usdPrice)
+            formattedUsd: meta.usdPrice ? formatUsd(tokenList[i].amount, tokenList[i].decimals, meta.usdPrice) : void 0
           });
         }
         tokenList.sort((a, b) => {
@@ -803,14 +1000,18 @@ function useTokens(options = {}) {
     } finally {
       setIsLoading(false);
     }
-  }, [connected, address$1, rpcClient, includeZeroBalance, fetchMetadata, includeNativeSol]);
-  return useEffect(() => {
+  }, [connected, address$1, rpcClient, includeZeroBalance, fetchMetadata, includeNativeSol, imageProxy, coingeckoConfig]);
+  useEffect(() => {
     fetchTokens();
   }, [fetchTokens]), useEffect(() => {
     if (!connected || !autoRefresh) return;
     let interval = setInterval(fetchTokens, refreshInterval);
     return () => clearInterval(interval);
-  }, [connected, autoRefresh, refreshInterval, fetchTokens]), useMemo(
+  }, [connected, autoRefresh, refreshInterval, fetchTokens]), useEffect(() => (startCacheCleanup(), () => stopCacheCleanup()), []);
+  let wasConnectedRef = useRef(connected);
+  return useEffect(() => {
+    wasConnectedRef.current && !connected && clearTokenCaches(), wasConnectedRef.current = connected;
+  }, [connected]), useMemo(
     () => ({
       tokens,
       isLoading,
@@ -1980,5 +2181,5 @@ function TokenListElement({
 TokenListElement.displayName = "TokenListElement";
 
 export { AccountElement, BalanceElement, ClusterElement, ConnectorProvider, DisconnectElement, TokenListElement, TransactionHistoryElement, UnifiedProvider, WalletListElement, useAccount, useBalance, useCluster, useConnector, useConnectorClient, useGillSolanaClient, useGillTransactionSigner, useKitTransactionSigner, useSolanaClient, useTokens, useTransactionPreparer, useTransactionSigner, useTransactions, useWalletInfo };
-//# sourceMappingURL=chunk-U64YZRJL.mjs.map
-//# sourceMappingURL=chunk-U64YZRJL.mjs.map
+//# sourceMappingURL=chunk-3STZXVXD.mjs.map
+//# sourceMappingURL=chunk-3STZXVXD.mjs.map