@dropyacht/evm-signer
Advanced tools
The evm-signer/ package contains libraries for signing messages and transactions with hardware security modules (HSMs).
At this time, only GCP KMS-managed HSMs are supported, but we hope to add support for AWS Cloud HSM, Azure Dedicated HSM, and self-hosted HSMs.
We'll assume that you've set up a Google Cloud account and created an HSM key with Purpose Asymmetric sign and with Algorithm Elliptic Curve secp256k1 - SHA256 Digest.
You'll need to set appropriate GOOGLE_APPLICATION_CREDENTIALS for submitting requests.
The easiest way is to create a service account with the roles/cloudkms.signer and roles/cloudkms.publicKeyViewer minimum permission set.
You should add a new JSON key to your service account, and download it. Then set
$ export GOOGLE_APPLICATION_CREDENTIALS=key.json
pointing to the downloaded keyfile.
You can install with npm:
$ npm install @dropyacht/evm-signer
FAQs
A cloud HSM signer for EVM-compatible transactions.
The npm package @dropyacht/evm-signer receives a total of 0 weekly downloads. As such, @dropyacht/evm-signer popularity was classified as not popular.
We found that @dropyacht/evm-signer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncovered a malicious PyPI package exploiting Deezer’s API to enable coordinated music piracy through API abuse and C2 server control.
Research
The Socket Research Team discovered a malicious npm package, '@ton-wallet/create', stealing cryptocurrency wallet keys from developers and users in the TON ecosystem.
Security News
Newly introduced telemetry in devenv 1.4 sparked a backlash over privacy concerns, leading to the removal of its AI-powered feature after strong community pushback.