Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
3id-blockchain-utils
Advanced tools
This package contains a bunch of utilities that is used by 3ID and 3Box in order to create and verify links from blockchain addresses.
$ npm install --save 3id-blockchain-utils
Import the package into your project
import { createLink, validateLink, authenticate } from '3id-blockchain-utils'
Use the library to create and verify links:
const did = 'did:3:bafypwg9834gf...'
const proof = await createLink(did, '0x123abc...', ethereumProvider)
console.log(proof)
const verified = await validateLink(proof)
if (verified) {
console.log('Proof is valid', proof)
} else {
console.log('Proof is invalid')
}
Use the library for 3ID authenticate:
await authenticate(message, '0x123abc...', ethereumProvider)
Below you can see a table which lists supported blockchains and their provider objects.
Blockchain | CAIP-2 namespace | Supported providers |
---|---|---|
Ethereum | eip155 | metamask-like ethereum provider |
Filecoin | fil | Filecoin Wallet Provider |
If you want to add support for a new blockchain to 3ID this is the place to do so. This library uses CAIP-10 to represent accounts in a blockchain agnostic way. If the blockchain you want to add isn't already part of the CAIP standards you shold make sure to add it there.
To begin adding support for a given blockchain add a file with the path: src/blockchains/<blockchain-name>.js
. This module needs to export three functions:
createLink
- creates a LinkProof object which associates the specified AccountID with the DIDvalidateLink
- validates the given LinkProofauthenticate
- signs a message and returns some entropy based on the signature. Needs to be deterministicIt also needs to export a constant called namespace
. This constant is a string which contains the CAIP-2 chainId namespace.
Please see src/blockchains/ethereum.js
for an example of how this is implemented for the eip155
(ethereum) CAIP-2 namespace.
Finally add support for your blockchain in src/index.js
. Simply add it to the handlers
array.
Test the code by running:
$ npm test
Apache-2.0 OR MIT
FAQs
Blockchain utils for 3ID
We found that 3id-blockchain-utils demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.