New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@decentralchain/ledger

Package Overview
Dependencies
Maintainers
3
Versions
3
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@decentralchain/ledger

DecentralChain Ledger hardware wallet integration library

latest
Source
npmnpm
Version
5.1.0
Version published
Maintainers
3
Created
Source

DecentralChain

@decentralchain/ledger

DecentralChain Ledger hardware wallet integration library.

npm license bundle size node

Overview

Communicate with Ledger Nano S/X devices to derive public keys and sign transactions securely on the hardware device. Supports WebUSB, Web Bluetooth, and Node HID transports.

Part of the DecentralChain SDK.

Requirements

  • Node.js >= 24
  • A Ledger Nano S or Nano X with the DCC application installed
  • A compatible transport (@ledgerhq/hw-transport-webusb, @ledgerhq/hw-transport-web-ble, etc.)

Installation

npm install @decentralchain/ledger

You also need a Ledger transport package:

npm install @ledgerhq/hw-transport-webusb

Quick Start

import { DCCLedger } from '@decentralchain/ledger';
import TransportWebUSB from '@ledgerhq/hw-transport-webusb';

const ledger = new DCCLedger({ transport: TransportWebUSB });
await ledger.tryConnect();

// Get public key and address for account 0
const user = await ledger.getUserDataById(0);
console.log(user.address, user.publicKey);

// Sign a transaction
const signature = await ledger.signTransaction(0, {
  dataBuffer: transactionBytes,
  dataType: 4,
  dataVersion: 2,
});

API Reference

new DCCLedger(options)

Create a new Ledger integration instance.

OptionTypeDefaultDescription
transportLedgerTransportFactoryRequired. A @ledgerhq/hw-transport-* class
debugbooleanfalseEnable binary exchange logging
openTimeoutnumberConnection timeout (ms)
listenTimeoutnumberListen request timeout (ms)
exchangeTimeoutnumberExchange call timeout (ms)
networkCodenumber76DCC network code (76 = mainnet)

tryConnect(): Promise<void>

Connect (or reconnect) to the Ledger device.

disconnect(): Promise<void>

Close the active transport connection.

probeDevice(): Promise<boolean>

Returns true if the device is connected and the DCC app is open.

getUserDataById(id: number): Promise<User>

Derive wallet data for an account index.

Returns { id, path, address, publicKey, statusCode }.

getVersion(): Promise<number[]>

Query the installed DCC application version ([major, minor, patch]).

getPaginationUsersData(from: number, limit: number): Promise<User[]>

Retrieve wallet data for a range of consecutive account indices.

signTransaction(userId, data): Promise<string>

Sign a transaction. The Ledger device displays parsed transaction details.

signOrder(userId, data): Promise<string>

Sign an exchange order.

signSomeData(userId, data): Promise<string>

Sign arbitrary data bytes (device shows raw data warning).

signRequest(userId, data): Promise<string>

Sign a request payload.

signMessage(userId, message): Promise<string>

Sign an ASCII text message.

All signing methods return a Base58-encoded signature string.

getLastError(): unknown

Return the last error from a Ledger operation, or null.

getPathById(id: number): string

Build the BIP-44 derivation path for an account index.

Supported Transports

Development

Prerequisites

  • Node.js >= 24 (see .node-version)
  • npm >= 10

Setup

git clone https://github.com/Decentral-America/ledger.git
cd ledger
npm install

Scripts

CommandDescription
npm run buildBuild distribution files
npm testRun tests with Vitest
npm run test:watchTests in watch mode
npm run test:coverageTests with V8 coverage
npm run typecheckTypeScript type checking
npm run lintBiome lint
npm run lint:fixBiome lint with auto-fix
npm run formatFormat with Biome
npm run validateFull CI validation pipeline
npm run bulletproofFormat + lint fix + typecheck + test
npm run bulletproof:checkCI-safe: check format + lint + tc + test

Quality Gates

  • TypeScript strict mode with all strict flags enabled
  • Biome with type-aware rules
  • Biome formatting enforced
  • 90% code coverage thresholds
  • Bundle size budget (10 kB gzipped)
  • Package export validation (publint + attw)

Related packages

PackageDescription
@decentralchain/signature-adapterMulti-provider signing adapter
@decentralchain/signerTransaction signing orchestrator
@decentralchain/transactionsTransaction builders and signers
@decentralchain/ts-lib-cryptoCryptographic primitives

Contributing

See CONTRIBUTING.md.

Security

To report a vulnerability, see SECURITY.md.

License

MIT — Copyright (c) DecentralChain

Keywords

decentralchain
dcc
ledger
hardware-wallet
signing
nano-s

FAQs

Package last updated on 11 Mar 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Supply Chain Attack on Axios Pulls Malicious Dependency from npm

Research

Supply Chain Attack on Axios Pulls Malicious Dependency from npm

A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHub releases.

By Socket Research Team  -  Mar 31, 2026