Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@dscvr-one/frames-adapter

Package Overview
Dependencies
Maintainers
4
Versions
2
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@dscvr-one/frames-adapter

Frames adapter to validate in DSCVR frame instances

  • 2.0.3
  • latest
  • npm
  • Socket score
Version published
Maintainers
4
Created
Source

frames-adapter

frames-adapter is a small typescript library that can be used as an adapter to DSCVR's protocol from different frames frameworks.

The library provides a couple of helper methods to validate the trusted message data of a frame action and also to determine if a frame is using the DSCVR protocol.

Installation

You can install Frames Adapter via npm:

npm install @dscvr-one/frames-adapter

yarn

yarn add @dscvr-one/frames-adapter

Usage

To use Frames Adapter, simply import it into your typescript project:

import {
  type DscvrFramesRequest,
  type DscvrClientProtocol,
  type DscvrFrameActionData,
  validateClientProtocol,
  validateFramesPost,
} from '@dscvr-one/frames-adapter';

Then, you can use the functions provided by Frames Adapter to validate a Frame Post payload.

Example

import {
  type DscvrFramesRequest,
  type DscvrClientProtocol,
  type DscvrFrameActionData,
  validateClientProtocol,
  validateFramesPost,
} from '@dscvr-one/frames-adapter';

export const isDscvrFrameActionPayload = (
  frameActionPayload: FrameActionPayload,
): frameActionPayload is DscvrFramesRequest => {
  return (
    !!frameActionPayload.clientProtocol &&
    validateClientProtocol(frameActionPayload.clientProtocol)
  );
};

export const getDscvrFrameMessage = async (
  frameActionPayload: DscvrFramesRequest,
) => {
  const result = await validateFramesPost({
    ...frameActionPayload,
    clientProtocol: frameActionPayload.clientProtocol as DscvrClientProtocol,
  });

  return result;
};

Expected payload should have the next structure

{
  "clientProtocol": "dscvr@...",
  "untrustedData": {
    "dscvrId": "...",
    "contentId": 123,
    "state": "...",
    "url": "...",
    "timestamp": 123,
    "buttonIndex": 1,
    "inputText": "...",
    "address": "...",
    "transactionId": "..."
  },
  "trustedData": {
    "messageBytes": "..."
  }
}

Contributing

Contributions are welcome! If you find any issues or have suggestions for improvement, feel free to open an issue or submit a pull request.

Note:

  1. Please contribute using GitHub Flow
  2. Commits & PRs will be allowed only if the commit messages & PR titles follow the conventional commit standard, read more about it here
  3. PS. Ensure your commits are signed. Read why

Take in count

  • type DscvrUntrustedData in file src/types.ts should be a type with the && operator and not an interface with extend, otherwise a type predicate wont work e.g:
const fn = (payload: T): payload is DscvrFramesRequest

Keywords

FAQs

Package last updated on 17 Apr 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries

Research

Security News

Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries

Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.

By Kirill Boychenko  -  Nov 22, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc