Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
@hashgraph/hedera-custodians-integration
Advanced tools
Readme
The hedera-custodians-library library is a Typescript utility designed to simplify custodial wallet management. It provides developers with tools to abstract complex aspects of custodial wallets, allowing them to focus on their application's core logic.
Optimized for integration with the Hedera network, it supports services like Fireblocks and Dfns and is scalable for various wallet services. The library's code is organized in a clear directory structure, with source code and unit and integration tests in separate folders. It's developed in Typescript, optimized for Node.js, and managed through npm for easy dependency handling and testing. The library is user-friendly, emphasizing developer experience and code readability. It includes extensive unit tests, ensuring its reliability and stability for managing custodial wallets in Typescript applications.
The hedera-custodians-library
library implements a factory-strategy pattern, enabling object creation without specifying their exact class. The library's structure is divided into two primary directories:
SignatureRequest
.CustodialWalletService
, which exposes the library's services.The strategy classes in the src/ directory, following a factory-strategy pattern, along with various helper functions and classes, facilitate the creation and management of custodial wallets, enhancing code readability and maintainability.
.env
file into process.env
.To install the hedera-custodians-library library, navigate to the root directory of the library and run the following command:
npm install
This command installs all the dependencies listed in the package.json
file.
To use a function or class from the hedera-custodians-library library in your code, you first need to import it. Here's an example of how to import a function:
// ESM import
import { function, Class, Type, Interface } from 'hedera-custodians-library';
// or CJS require
const { function, Class, Type, Interface } = require('hedera-custodians-library');
Replace function, Class, Type, Interface
with the actual name of the component you want to use.
In the custodial wallet management process, the CustodialWalletService class plays a central role. To create a service, instantiate the class with a relevant configuration, such as FireblocksConfig. This involves specifying essential parameters like API keys and account IDs. Following this, a signature request is created using the SignatureRequest class, defining the transaction bytes to be signed. The transaction signing is accomplished by calling the signTransaction method on the service instance. This streamlined approach provides a concise and effective way to manage custodial wallets in an application.
To create a service, you need to instantiate the CustodialWalletService
class with the appropriate configuration. This can be either a FireblocksConfig
or DFNSConfig
instance, depending on the service you want to use.
Here's an example of how to create a service:
import {
CustodialWalletService,
FireblocksConfig,
} from 'hedera-custodians-library';
const config = new FireblocksConfig(
FIREBLOCKS_API_KEY,
FIREBLOCKS_API_SECRET_KEY,
FIREBLOCKS_BASE_URL,
FIREBLOCKS_VAULT_ACCOUNT_ID,
FIREBLOCKS_ASSET_ID
);
const service = new CustodialWalletService(config);
To create a signature request, you need to instantiate the SignatureRequest
class with the transaction bytes you want to sign.
Here's an example of how to create a signature request:
import { SignatureRequest } from 'hedera-custodians-library';
const transactionBytes = new Uint8Array([1, 2, 3]); // replace with your transaction bytes
const request = new SignatureRequest(transactionBytes);
To sign a transaction, you need to call the signTransaction
method on the service instance, passing in the signature request.
Here's an example of how to sign a transaction:
const signature = await service.signTransaction(request);
This will return a Uint8Array
containing the signature of the transaction.
A set of examples with detailed usage of this library is available at examples.
To compile TypeScript files into JavaScript. The command tsc -p tsconfig.json
is typically run before deploying the application or testing the compiled JavaScript code.
Here's a breakdown of the command:
tsc
: This is the TypeScript compiler command. It's used to compile TypeScript (.ts
) files into JavaScript (.js
) files.
-p tsconfig.json
: The -p
option tells the TypeScript compiler to use the configuration from the tsconfig.json
file. This file contains settings for the TypeScript compiler, such as the target JavaScript version, the root directory of the source files, compiler options, and more.
When you run npm run build
in your terminal, npm will execute this script command, which will compile your TypeScript code into JavaScript using the settings from your tsconfig.json
file.
Test files for the hedera-custodians-library
library are in the __tests__/
directory, corresponding to the source files in the src/
directory. Key test files include:
StrategyFactory.test.ts: Tests the StrategyFactory
for both Fireblocks and DFNS configurations. Verifies if the factory correctly instantiates FireblocksStrategy
with Fireblocks config, and DFNSStrategy
with DFNS config, ensuring each strategy is appropriately created.
Model.test.ts: Focuses on the SignatureRequest
class, testing methods like getTransactionBytes
and setTransactionBytes
for handling transaction bytes.
Service.test.ts: An integration test suite for the CustodialWalletService
class. It assesses the class's ability to manage configurations and sign transactions. The suite features distinct test cases, focusing on configuration settings and the signing process, with special attention to the integration with Fireblocks and DFNS services.
DFNSStrategy.test.ts: Tests the DFNSStrategy
class, especially the sign
method, using a mock DFNS API client for signature generation and verification.
FireblocksStrategy.test.ts: Similar to DFNSStrategy tests, but focused on the FireblocksStrategy
class, using a mock Fireblocks SDK for the signing process.
The tests, written using Jest in a Node.js environment, comprehensively cover signature strategies, transaction handling, and other functionalities of the library.
The configuration for the tests is defined in the jest.config.js
file located in the root directory of the library.
The config.ts
file is responsible for setting up the configurations for the FireblocksConfig
and DFNSStrategy
classes, which are used to manage the interactions with the Fireblocks and DFNS APIs, respectively.
To run the tests, you need to provide the following environment variables in a .env
file:
For Fireblocks:
FIREBLOCKS_API_SECRET_KEY
: Path to Fireblocks API secret key file or secret key value encoded in Base64FIREBLOCKS_API_KEY
: Your Fireblocks API keyFIREBLOCKS_BASE_URL
: Base URL of Fireblocks APIFIREBLOCKS_ASSET_ID
: Asset ID for FireblocksFIREBLOCKS_VAULT_ACCOUNT_ID
: Vault account ID for FireblocksFIREBLOCKS_PUBLIC_KEY
: Public key of the Vault for FireblocksFIREBLOCKS_HEDERA_ACCOUNT_ID
: Hedera Account ID linked to the public key of the vault for FireblocksFor DFNS:
DFNS_SERVICE_ACCOUNT_AUTHORIZATION_TOKEN
: Authorization token for DFNS service accountDFNS_SERVICE_ACCOUNT_CREDENTIAL_ID
: Credential ID for DFNS service accountDFNS_SERVICE_ACCOUNT_PRIVATE_KEY
: Path to DFNS service account private key file or private key value encoded in Base64DFNS_APP_ORIGIN
: URL origin of DFNS appDFNS_APP_ID
: ID of DFNS appDFNS_TEST_URL
: Test URL for DFNS APIDFNS_WALLET_ID
: Wallet ID for DFNSDFNS_WALLET_PUBLIC_KEY
: Public key of the Wallet for DfnsDFNS_WALLET_HEDERA_ACCOUNT_ID
: Hedera Account ID linked to the public key of the Wallet for Dfns. In Dfns the Hedera Account must be generated as an additional stepTo run the tests, navigate to the root directory of the hedera-custodians-library library and run the following command:
npm run test
# or
npm run test:coverage
Contributions are welcome. Please see the contributing guide to see how you can get involved.
This project is governed by the Contributor Covenant Code of Conduct. By participating, you are expected to uphold this code of conduct. Please report unacceptable behavior to oss@hedera.com.
FAQs
A library to provide integration with custodial wallets
The npm package @hashgraph/hedera-custodians-integration receives a total of 31 weekly downloads. As such, @hashgraph/hedera-custodians-integration popularity was classified as not popular.
We found that @hashgraph/hedera-custodians-integration demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 15 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.