Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@ledgerhq/devices
Advanced tools
@ledgerhq/devices is an npm package that provides a comprehensive set of tools and utilities for interacting with Ledger hardware wallets. It includes functionalities for managing device information, handling firmware updates, and interfacing with various Ledger applications.
List Supported Devices
This feature allows you to retrieve information about a specific Ledger device model. In this example, the code fetches details about the Ledger Nano S model.
const { getDeviceModel } = require('@ledgerhq/devices');
const deviceModel = getDeviceModel('nanoS');
console.log(deviceModel);
Identify Device by USB Product ID
This feature helps you identify a Ledger device based on its USB product ID. The code sample demonstrates how to get device information using a specific USB product ID.
const { identifyUSBProductId } = require('@ledgerhq/devices');
const deviceInfo = identifyUSBProductId(0x0001);
console.log(deviceInfo);
List All Devices
This feature provides a list of all supported Ledger devices. The code sample prints out the entire list of devices supported by the @ledgerhq/devices package.
const { devices } = require('@ledgerhq/devices');
console.log(devices);
Logic for all Ledger devices.
Parses a raw stream coming from a BLE communication into an APDU response
rawStream
Observable<(Buffer | Error)> An observable containing the raw stream as emitted buffers
options
{context: TraceContext?} Optional options containing:* context An optional context object for log/tracing strategy (optional, default {}
)
options.context
Returns Observable<Buffer> An observable containing the APDU response as one emitted buffer
Creates a list of chunked buffer from one buffer
If this is using a Node buffer: the chunked buffers reference to the same memory as the original buffer. If this is using a Uint8Array: each part of the original buffer is copied into the chunked buffers
buffer
Buffer a Node Buffer, or a Uint8ArraysizeForIndex
function (arg0: number): number A function that takes an index (on the buffer) and returns the size of the chunk at that indexReturns Array<Buffer> a list of chunked buffers
Sends an APDU by encoding it into chunks and sending the chunks using the given write
function
write
function (arg0: Buffer): Promise<void> The function to send each chunk to the device
apdu
Buffer
mtuSize
number The negotiated maximum size of the data to be sent in one chunk
options
{context: TraceContext?} Optional options containing:* context An optional context object for log/tracing strategy (optional, default {}
)
options.context
Returns Observable<Buffer> An observable that will only emit if an error occurred, otherwise it will complete
Object to handle HID frames (encoding and decoding)
Frames/encodes an APDU message into HID USB packets/frames
apdu
Buffer The APDU message to send, in a Buffer containing [cla, ins, p1, p2, data length, data(if not empty)]Returns Array<Buffer> an array of HID USB frames ready to be sent
Reduces HID USB packets/frames to one response.
acc
ResponseAcc The value resulting from (accumulating) the previous call of reduceResponse.
On first call initialized to initialAcc
. The accumulator enables handling multi-frames messages.chunk
Buffer Current chunk to reduce into accumulatorReturns ResponseAcc An accumulator value updated with the current chunk
Returns the response message that has been reduced from the HID USB frames
acc
ResponseAcc The accumulatorReturns (Buffer | null | undefined) A Buffer containing the cleaned response message, or null if no response message, or undefined if the accumulator is incorrect (message length is not valid)
The USB product IDs will be defined as MMII, encoding a model (MM) and an interface bitfield (II)
Model Ledger Nano S : 0x10 Ledger Blue : 0x00 Ledger Nano X : 0x40
Interface support bitfield Generic HID : 0x01 Keyboard HID : 0x02 U2F : 0x04 CCID : 0x08 WebUSB : 0x10
Type: number
Ledger Blue
Type: string
Ledger Nano S
Type: string
Ledger Nano S Plus
Type: string
Ledger Nano X
Type: string
Ledger Stax
Type: string
Ledger Flex ("europa" is the internal name)
Type: string
Type: number
id
DeviceModelId Returns DeviceModel
Given a targetId
, return the deviceModel associated to it,
based on the first two bytes.
targetId
number Returns (DeviceModel | null | undefined)
From a given USB product id, return the deviceModel associated to it.
The mapping from the product id is only based on the 2 most significant bytes. For example, Stax is defined with a product id of 0x60ii, a product id 0x6011 would be mapped to it.
usbProductId
number Returns (DeviceModel | null | undefined)
uuid
string Returns (BluetoothInfos | undefined)
FAQs
Ledger devices
The npm package @ledgerhq/devices receives a total of 226,736 weekly downloads. As such, @ledgerhq/devices popularity was classified as popular.
We found that @ledgerhq/devices demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.