Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@ledgerhq/devices
Advanced tools
@ledgerhq/devices is an npm package that provides a comprehensive set of tools and utilities for interacting with Ledger hardware wallets. It includes functionalities for managing device information, handling firmware updates, and interfacing with various Ledger applications.
List Supported Devices
This feature allows you to retrieve information about a specific Ledger device model. In this example, the code fetches details about the Ledger Nano S model.
const { getDeviceModel } = require('@ledgerhq/devices');
const deviceModel = getDeviceModel('nanoS');
console.log(deviceModel);
Identify Device by USB Product ID
This feature helps you identify a Ledger device based on its USB product ID. The code sample demonstrates how to get device information using a specific USB product ID.
const { identifyUSBProductId } = require('@ledgerhq/devices');
const deviceInfo = identifyUSBProductId(0x0001);
console.log(deviceInfo);
List All Devices
This feature provides a list of all supported Ledger devices. The code sample prints out the entire list of devices supported by the @ledgerhq/devices package.
const { devices } = require('@ledgerhq/devices');
console.log(devices);
Logic for all Ledger devices.
Parses a raw stream coming from a BLE communication into an APDU response
rawStream
Observable<(Buffer | Error)> An observable containing the raw stream as emitted buffers
options
{context: TraceContext?} Optional options containing:* context An optional context object for log/tracing strategy (optional, default {}
)
options.context
Returns Observable<Buffer> An observable containing the APDU response as one emitted buffer
Creates a list of chunked buffer from one buffer
If this is using a Node buffer: the chunked buffers reference to the same memory as the original buffer. If this is using a Uint8Array: each part of the original buffer is copied into the chunked buffers
buffer
Buffer a Node Buffer, or a Uint8ArraysizeForIndex
function (arg0: number): number A function that takes an index (on the buffer) and returns the size of the chunk at that indexReturns Array<Buffer> a list of chunked buffers
Sends an APDU by encoding it into chunks and sending the chunks using the given write
function
write
function (arg0: Buffer): Promise<void> The function to send each chunk to the device
apdu
Buffer
mtuSize
number The negotiated maximum size of the data to be sent in one chunk
options
{context: TraceContext?} Optional options containing:* context An optional context object for log/tracing strategy (optional, default {}
)
options.context
Returns Observable<Buffer> An observable that will only emit if an error occurred, otherwise it will complete
Object to handle HID frames (encoding and decoding)
Frames/encodes an APDU message into HID USB packets/frames
apdu
Buffer The APDU message to send, in a Buffer containing [cla, ins, p1, p2, data length, data(if not empty)]Returns Array<Buffer> an array of HID USB frames ready to be sent
Reduces HID USB packets/frames to one response.
acc
ResponseAcc The value resulting from (accumulating) the previous call of reduceResponse.
On first call initialized to initialAcc
. The accumulator enables handling multi-frames messages.chunk
Buffer Current chunk to reduce into accumulatorReturns ResponseAcc An accumulator value updated with the current chunk
Returns the response message that has been reduced from the HID USB frames
acc
ResponseAcc The accumulatorReturns (Buffer | null | undefined) A Buffer containing the cleaned response message, or null if no response message, or undefined if the accumulator is incorrect (message length is not valid)
The USB product IDs will be defined as MMII, encoding a model (MM) and an interface bitfield (II)
Model Ledger Nano S : 0x10 Ledger Blue : 0x00 Ledger Nano X : 0x40
Interface support bitfield Generic HID : 0x01 Keyboard HID : 0x02 U2F : 0x04 CCID : 0x08 WebUSB : 0x10
Type: number
Ledger Blue
Type: string
Ledger Nano S
Type: string
Ledger Nano S Plus
Type: string
Ledger Nano X
Type: string
Ledger Stax
Type: string
Ledger Flex ("europa" is the internal name)
Type: string
Type: number
id
DeviceModelId Returns DeviceModel
Given a targetId
, return the deviceModel associated to it,
based on the first two bytes.
targetId
number Returns (DeviceModel | null | undefined)
From a given USB product id, return the deviceModel associated to it.
The mapping from the product id is only based on the 2 most significant bytes. For example, Stax is defined with a product id of 0x60ii, a product id 0x6011 would be mapped to it.
usbProductId
number Returns (DeviceModel | null | undefined)
uuid
string Returns (BluetoothInfos | undefined)
FAQs
Ledger devices
The npm package @ledgerhq/devices receives a total of 206,109 weekly downloads. As such, @ledgerhq/devices popularity was classified as popular.
We found that @ledgerhq/devices demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.