Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
@atproto/identity
Advanced tools
@atproto/identity
Library for decentralized identities in atproto using DIDs and handles
@atproto/identity
TypeScript library for decentralized identities in atproto using DIDs and handles
Example
Resolving a Handle and verifying against DID document:
const didres = new DidResolver({})
const hdlres = new HandleResolver({})
const handle = 'atproto.com'
const did = await hdlres.resolve(handle)
if (did == undefined) {
throw new Error('expected handle to resolve')
}
console.log(did) // did:plc:ewvi7nxzyoun6zhxrhs64oiz
const doc = await didres.resolve(did)
console.log(doc)
// additional resolutions of same DID will be cached for some time, unless forceRefresh flag is used
const doc2 = await didres.resolve(did, true)
// helper methods use the same cache
const data = await didres.resolveAtprotoData(did)
if (data.handle != handle) {
throw new Error('invalid handle (did not match DID document)')
}
License
This project is dual-licensed under MIT and Apache 2.0 terms:
- MIT license (LICENSE-MIT.txt or http://opensource.org/licenses/MIT)
- Apache License, Version 2.0, (LICENSE-APACHE.txt or http://www.apache.org/licenses/LICENSE-2.0)
Downstream projects and end users may chose either license individually, or both together, at their discretion. The motivation for this dual-licensing is the additional software patent assurance provided by Apache 2.0.
FAQs
Library for decentralized identities in atproto using DIDs and handles
The npm package @atproto/identity receives a total of 6,983 weekly downloads. As such, @atproto/identity popularity was classified as popular.
We found that @atproto/identity demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Package last updated on 09 Sep 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025