New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@didtools/pkh-ethereum

Package Overview
Dependencies
Maintainers
6
Versions
12
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@didtools/pkh-ethereum - npm Package Compare versions

Comparing version 0.4.2-next.0 to 0.5.0

6

dist/authmethod.js

@@ -25,2 +25,5 @@ import { Cacao, SiweMessage } from '@didtools/cacao';

}
/**
* Get a configured authMethod for an Ethereum account in a web based environment
*/ // eslint-disable-next-line @typescript-eslint/require-await
EthereumWebAuth.getAuthMethod = getAuthMethod;

@@ -37,2 +40,5 @@ })(EthereumWebAuth || (EthereumWebAuth = {}));

}
/**
* Get a configured authMethod for an Ethereum account in a Node based environment
*/ // eslint-disable-next-line @typescript-eslint/require-await
EthereumNodeAuth.getAuthMethod = getAuthMethod;

@@ -39,0 +45,0 @@ })(EthereumNodeAuth || (EthereumNodeAuth = {}));

20

dist/verifier.js

@@ -32,14 +32,16 @@ import { SiweMessage, asLegacyChainIdString, verifyTimeChecks, assertSigned } from '@didtools/cacao';

verifyTimeChecks(cacao, options);
const recoveredAddress = verifyMessage(SiweMessage.fromCacao(cacao).toMessage(), cacao.s.s);
const recoveredAddresses = [
recoveredAddress
];
if (Date.parse(cacao.p.iat) <= LEGACY_CHAIN_ID_REORG_DATE) {
const legacyChainIdRecoveredAddress = verifyMessage(asLegacyChainIdString(SiweMessage.fromCacao(cacao), 'Ethereum'), cacao.s.s);
recoveredAddresses.push(legacyChainIdRecoveredAddress);
const issuer = AccountId.parse(cacao.p.iss.replace('did:pkh:', '')).address.toLowerCase();
// assume the message doesn't use eip55 for the ethereum address
let recovered = verifyMessage(SiweMessage.fromCacao(cacao).toMessage(), cacao.s.s);
if (recovered !== issuer) {
// try to verify signature using eip55 address
recovered = verifyMessage(SiweMessage.fromCacao(cacao).toMessageEip55(), cacao.s.s);
}
const issuerAddress = AccountId.parse(cacao.p.iss.replace('did:pkh:', '')).address.toLowerCase();
if (!recoveredAddresses.includes(issuerAddress)) {
if (recovered !== issuer && Date.parse(cacao.p.iat) <= LEGACY_CHAIN_ID_REORG_DATE) {
// might be an old CACAOv1 format
recovered = verifyMessage(asLegacyChainIdString(SiweMessage.fromCacao(cacao), 'Ethereum'), cacao.s.s);
}
if (recovered !== issuer) {
throw new Error(`Signature does not belong to issuer`);
}
}

10

package.json
{
"name": "@didtools/pkh-ethereum",
"version": "0.4.2-next.0",
"version": "0.5.0",
"author": "3Box Labs",

@@ -34,8 +34,8 @@ "license": "(Apache-2.0 OR MIT)",

"devDependencies": {
"typescript": "^5.0.4"
"typescript": "^5.3.2"
},
"dependencies": {
"@didtools/cacao": "^2.1.1-next.0",
"@noble/hashes": "^1.3.1",
"@noble/curves": "^1.1.0",
"@didtools/cacao": "^3.0.0",
"@noble/curves": "^1.2.0",
"@noble/hashes": "^1.3.2",
"@stablelib/random": "^1.0.2",

@@ -42,0 +42,0 @@ "caip": "^1.1.0"

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc