Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@ledgerhq/errors
Advanced tools
@ledgerhq/errors is an npm package designed to handle and manage errors specifically for Ledger hardware wallet applications. It provides a structured way to define, throw, and catch errors, making error handling more consistent and easier to manage.
Custom Error Definitions
This feature allows you to define custom error classes that extend the built-in TransportError class. This makes it easier to create specific error types for different scenarios.
const { TransportError, StatusCodes } = require('@ledgerhq/errors');
class MyCustomError extends TransportError {
constructor(message) {
super(message, StatusCodes.UNKNOWN_ERROR);
this.name = 'MyCustomError';
}
}
try {
throw new MyCustomError('Something went wrong');
} catch (error) {
console.error(error.name); // MyCustomError
console.error(error.message); // Something went wrong
console.error(error.statusCode); // UNKNOWN_ERROR
}
Error Handling
This feature demonstrates how to handle errors thrown by operations, specifically checking if the error is an instance of TransportError and logging the appropriate message and status code.
const { TransportError, StatusCodes } = require('@ledgerhq/errors');
function performOperation() {
throw new TransportError('Operation failed', StatusCodes.CONDITIONS_OF_USE_NOT_SATISFIED);
}
try {
performOperation();
} catch (error) {
if (error instanceof TransportError) {
console.error(`Error: ${error.message}, Status Code: ${error.statusCode}`);
} else {
console.error('An unknown error occurred');
}
}
Predefined Status Codes
The package provides a set of predefined status codes that can be used to standardize error handling across different parts of your application.
const { StatusCodes } = require('@ledgerhq/errors');
console.log(StatusCodes.CONDITIONS_OF_USE_NOT_SATISFIED); // 0x6985
console.log(StatusCodes.INS_NOT_SUPPORTED); // 0x6D00
http-errors is a package for creating HTTP errors for use with Express, Koa, Connect, etc. It provides a simple way to create error objects with HTTP status codes and messages. Unlike @ledgerhq/errors, which is tailored for Ledger hardware wallet applications, http-errors is more general-purpose and focused on web applications.
custom-error-generator is a package that allows you to create custom error classes with ease. It is similar to @ledgerhq/errors in that it provides a way to define custom error types, but it does not include predefined status codes or specific integrations for hardware wallets.
create-error is a utility for creating custom error classes. It is lightweight and flexible, allowing you to define custom properties and methods for your error classes. While it offers similar functionality to @ledgerhq/errors in terms of custom error creation, it lacks the specific focus on Ledger hardware wallet error handling.
Hodl all possible errors of Ledger (live, ledgerjs) so we can deal with them in a unified way (share between libraries, instanceof
them,...)
TransportError is used for any generic transport errors. e.g. Error thrown when data received by exchanges are incorrect or if exchanged failed to communicate with the device for various reason.
Returns void
Error thrown when a device returned a non success status.
the error.statusCode is one of the StatusCodes
exported by this library.
statusCode
numberReturns void
FAQs
Ledger common errors
The npm package @ledgerhq/errors receives a total of 242,109 weekly downloads. As such, @ledgerhq/errors popularity was classified as popular.
We found that @ledgerhq/errors demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.