Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
@binance-chain/bsc-ledger-bridge-keyring
Advanced tools
Readme
An implementation of MetaMask's Keyring interface, that uses a Ledger hardware wallet for all cryptographic operations.
In most regards, it works in the same way as eth-hd-keyring, but using a Ledger device. However there are a number of differences:
Because the keys are stored in the device, operations that rely on the device will fail if there is no Ledger device attached, or a different Ledger device is attached.
It does not support the signMessage
, signTypedData
or exportAccount
methods, because Ledger devices do not support these operations.
Because extensions have limited access to browser features, there's no easy way to interact wth the Ledger Hardware wallet from the MetaMask extension. This library implements a workaround to those restrictions by injecting (on demand) an iframe to the background page of the extension, (which is hosted here.
The iframe is allowed to interact with the Ledger device (since U2F requires SSL and the iframe is hosted under https) using the libraries from LedgerJS hw-app-eth and hw-transport-u2f and establishes a two-way communication channel with the extension via postMessage.
The iframe code it's hosted in the same repo under the branch gh-pages and it's being served via github pages. In the future we might move it under the metamask.io domain.
In addition to all the known methods from the Keyring class protocol, there are a few others:
isUnlocked : Returns true if we have the public key in memory, which allows to generate the list of accounts at any time
unlock : Connects to the Ledger device and exports the extended public key, which is later used to read the available ethereum addresses inside the Ledger account.
setAccountToUnlock : the index of the account that you want to unlock in order to use with the signTransaction and signPersonalMessage methods
getFirstPage : returns the first ordered set of accounts from the Ledger account
getNextPage : returns the next ordered set of accounts from the Ledger account based on the current page
getPreviousPage : returns the previous ordered set of accounts from the Ledger account based on the current page
forgetDevice : removes all the device info from memory so the next interaction with the keyring will prompt the user to connect the Ledger device and export the account information
Run the following command:
yarn test
This code was inspired by eth-ledger-keyring and eth-hd-keyring
FAQs
A MetaMask compatible keyring, for ledger hardware wallets
The npm package @binance-chain/bsc-ledger-bridge-keyring receives a total of 1 weekly downloads. As such, @binance-chain/bsc-ledger-bridge-keyring popularity was classified as not popular.
We found that @binance-chain/bsc-ledger-bridge-keyring demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.