Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
@civic/civic-sign
Advanced tools
Readme
The intention of this library is to provide an abstraction layer for retrieving a user’s DID and publicKey, as well as requesting proof by signing a message or transaction and finally verifying the proof is valid.
The following diagram can be used as reference in order to illustrate how the library will be used between the different Civic systems.
import { CivicSignProveFactory } from '@civic/civic-sign';
import { Keypair, Transaction } from '@solana/web3.js';
const keys = Keypair.generate();
const wallet: SolanaWalletAdapter = {
publicKey: keys.publicKey,
signTransaction: (transaction: Transaction) => {
transaction.sign(keys);
return Promise.resolve(transaction);
},
};
const { requestDid, requestProof, verify } = CivicSignProveFactory.createWithSolanaWallet(wallet);
const { did } = requestDid();
const signedProof = requestProof();
const verifiedProofResult = verifyProof(signedProof, did);
console.log(did, signedProof, verifiedProofResult);
import { CivicSignProveFactory } from '@civic/civic-sign';
import { Wallet } from 'ethers';
const wallet = Wallet.createRandom();
const walletAdapter = {
...wallet,
signTypedData: (domain: TypedDataDomain, types: Record<string, TypedDataField[]>, value: EthPowoMessage) => {
return wallet._signTypedData(domain, types, value);
},
verifierAddress: 'verifierAddress',
};
const { requestDid, requestProof, verify } = CivicSignProveFactory.createWithEthereumWallet(walletAdapter);
const { did } = requestDid();
const signedProof = requestProof();
const verifiedProofResult = verifyProof(signedProof);
console.log(did, signedProof, verifiedProofResult);
CivicSign has the following public Api methods available. Please refer to the docs for additional information available in the project.
Method | Description | Returns |
---|---|---|
createWithSolanaWallet | create an instance of CivicSign with an instance of a SolanaWalletAdapter | CivicSignProve |
createWithEthereumWallet | create an instance of CivicSign with an instance of a EthereumWalletAdapter | CivicSignProve |
createWithSolanaInIframe | create an instance of CivicSign for communicating with a remote instance of a Solana Wallet | CivicSignProve |
createWithEthereumInIframe | create an instance of CivicSign for communicating with a remote instance of an Ethereum Wallet | CivicSignProve |
Method | Description | Returns |
---|---|---|
requestDid | requests a DID from a wallet instance or remotely | Promise |
requestProof | requests a proof to be signed either through a wallet instance or remotely | Promise |
signMessage | requests the user to sign a message | Promise |
Method | Description | Returns |
---|---|---|
verify | verify a proof that was returned from requestProof is valid | Promise |
To check whether a given wallet owns a given DID:
import { walletOwnsDID } from '@civic/civic-sign';
const walletAddress = '016752701213E0D5Ee093A355c4d8e16b15525177e3C97DB5F9E2AC7C69F5Bfd52';
const did = 'did:key:z6MkmQaws5ASXmntxzybdK4piNKTFQh17cJK3JEURfhbMX2Z';
const doesWalletOwnDid = await walletOwnsDID(walletAddress, did);
This will:
capabilityInvocations
or authentication
lists )The following commands are availabe when contriburing to the project.
yarn lint
Checks that the project lints successfully. This automatically gets run before building the project.
yarn test
Checks that all unit and integration tests pass. This automatically gets run before building the project.
yarn generateDocs
Generate docs based on the available types in the project.
yarn publish
Published a new version of the CivicSign library to NPM. Running the command will build the dist folder before continuing to publish.
FAQs
An abstraction around proof of ownership using DIDs
The npm package @civic/civic-sign receives a total of 242 weekly downloads. As such, @civic/civic-sign popularity was classified as not popular.
We found that @civic/civic-sign demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 16 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.