Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
@emurgo/cardano-message-signing-nodejs
Advanced tools
Readme
This is a library that implements the CIP-0008 message signing spec for the Cardano blockchain.
The library is composed of structs for (de)serializing the CBOR defined in CIP-0008/COSE which lays at the core of the protocol, mostly defined in lib.rs
, as well as many helper utilities for more specific cases useful to CIP-0008. These are mostly in builders.rs
for building the CBOR structures specific to certain algorithms.
It can be used from both rust or compiled to wasm as all public code works with wasm-bindgen
via wasm-pack
.
There are no rust crates/npm packages uploaded yet, but these will come in the future.
In the meantime to build a wasm package we can run one of
npm run rust:build-nodejs
for nodejs targeted wasmnpm run rust:build-browser
for browser targeted wasmnpm run asm:build
for conversion for asm.jsand for use from rust simply use the lib that resides in /rust/
.
It is important to read the CIP-0008 spec to properly understand how to use this library. As per CIP-0008/COSE, signing is done via constructing a SigStructure
and then signing this with the proper keys. This can be simplified via the use of the COSESignBuilder
(for multiparty signing) / COSESign1Builder
(for single signer) builders. Encryption is not yet supported by this library but will be in the future. An example node.js (wasm option) project that signs a message with a Cardano address exists in the /example/
directory which has detailed comments describing each step.
FAQs
This is a library that implements the [CIP-0008](https://github.com/cardano-foundation/CIPs/blob/master/CIP-0008/README.md) message signing spec for the Cardano blockchain.
The npm package @emurgo/cardano-message-signing-nodejs receives a total of 2,703 weekly downloads. As such, @emurgo/cardano-message-signing-nodejs popularity was classified as popular.
We found that @emurgo/cardano-message-signing-nodejs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.