Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@browser-network/crypto
Advanced tools
A wrapper around eccrypto designed for use in the browser-network ecosystem
This package is just a wrapper around
eccrypto
. It's meant to be used with the
browser network and accompanying browser network apps. It's only for
convenience. If you're looking to bring cryptography into your non browser
network application, you should probably use eccrypto
or another cryptography
library directly instead of using this.
npm install @browser-network/crypto
or
<script src="//unpkg.com/@browser-network/network/umd/crypto.min.js"></script>
import * as bnc from 'browser-network/crypto'
// Generate a secret (private key) as used by browser-network
const secret = bnc.generateSecret()
// Get the public key mathematically derived from a given secret
const pubKey = bnc.derivePubKey(secret)
// Turn a given string into a `Uint8Array` buffer that eccrypto uses.
const buf = bnc.stob("Serena's ol bus")
// Turn the `Uint8Array` buffer that eccrypto uses into a string for export
const str = bnc.btos(buf) // "Serena's ol bus"
// Create a hash from an object
const has = bnc.hash({ some: 'object' }) // => `Uint8Array`
// Take an object and create a signature for it based on a given private key.
const signature = bnc.sign(secret, { some: 'object' })
// Ensure a signature of object by a pubKey comes from that pubKey's associated secret
const isValid = bnc.verifySignature({ some: 'object' }, signature, pubKey) // true
or if you're using the UMD build via a tag, the window
object will
automatically be populated with the field Bnc
which you can use as above, eg. Bnc.generateSecret()
.
FAQs
A wrapper around eccrypto designed for use in the browser-network ecosystem
The npm package @browser-network/crypto receives a total of 0 weekly downloads. As such, @browser-network/crypto popularity was classified as not popular.
We found that @browser-network/crypto demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.