
Security News
/Research
Wallet-Draining npm Package Impersonates Nodemailer to Hijack Crypto Transactions
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
@keystonehq/aptossnap
Advanced tools
Aptos Snap
Aptos Snap is the application allowing users to directly manage Aptos within the MetaMask interface. Since Snaps is pre-release software, the alpha version of Aptos Snap is currently live on Metamask Flask only, a canary distribution for developers that provides access to upcoming features.
*Note: MetaMask Flask is an experimental playground for developers and is not to be confused with the normal MetaMask wallet app.
Snaps is a system that allows developers to safely build and expand the capabilities of MetaMask. It is a program that is run in an isolated environment with a limited set of capabilities, that can customize and modify MetaMask's wallet experience for end users. For example, a snap can add new APIs to MetaMask thus adding support for different blockchains or modify existing functionalities using internal APIs.
Additional information can be found here.
Aptos Snap
in your dappconst result: boolean = await ethereum.request({
method: 'wallet_enable',
params: [
{
wallet_snap: {'npm:@keystonehq/aptossnap': {}},
},
],
});
const result: string = await ethereum.request({
method: 'wallet_invokeSnap',
params: [
"npm:@keystonehq/aptossnap",
{
method: 'aptso_getAccount'
},
],
});
const result: { txId: string, txHex: string } = await ethereum.request({
method: 'wallet_invokeSnap',
params: [
snapId,
{
method: 'aptos_signTransaction',
params: {
rawTransaction: bcsBytes // bcs serialized raw transaction bytes
},
},
],
})
Build the snap and test it locally with the following command:
yarn build
If you would like to integrate Aptos Snap into your dapp, you can use the following codes here.
FAQs
Aptos - Metamask snap to interact with Aptos.
We found that @keystonehq/aptossnap demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.