@ledgerhq/hw-app-str - npm Package Compare versions

Comparing version 4.2.0 to 4.3.0-beta.d226ed3b

lib/Str.js

@@ -65,2 +65,8 @@ "use strict";
     transport.setScrambleKey("l0v");
+    var self = this;
+    var _arr = ["getAppConfiguration", "getPublicKey", "signTransaction", "signHash"];
+    for (var _i = 0; _i < _arr.length; _i++) {
+      var methodName = _arr[_i];
+      self[methodName] = transport.globalLock(methodName, self[methodName], self);
+    }
   }
@@ -177,3 +183,3 @@
           // pre-v2 app version: fall back on hash signing
-          return _this.signHash(path, (0, _utils.hash)(transaction));
+          return _this.signHash_private(path, (0, _utils.hash)(transaction));
         } else {
@@ -198,2 +204,7 @@ throw new Error("Transaction approval request was rejected");
     value: function signHash(path, hash) {
+      return this.signHash_private(path, hash);
+    }
+  }, {
+    key: "signHash_private",
+    value: function signHash_private(path, hash) {
       var pathElts = (0, _utils.splitPath)(path);
@@ -200,0 +211,0 @@ var buffer = Buffer.alloc(1 + pathElts.length * 4);

package.json

 {
   "name": "@ledgerhq/hw-app-str",
-  "version": "4.2.0",
+  "version": "4.3.0-beta.d226ed3b",
   "description": "Ledger Hardware Wallet Stellar Application API",
@@ -28,3 +28,3 @@ "keywords": [
   "dependencies": {
-    "@ledgerhq/hw-transport": "^4.2.0",
+    "@ledgerhq/hw-transport": "^4.3.0-beta.d226ed3b",
     "base32.js": "^0.1.0",
@@ -31,0 +31,0 @@ "crc": "^3.5.0",

src/Str.js

@@ -58,2 +58,15 @@ /********************************************************************************
     transport.setScrambleKey("l0v");
+    const self: Object = this;
+    for (let methodName of [
+      "getAppConfiguration",
+      "getPublicKey",
+      "signTransaction",
+      "signHash"
+    ]) {
+      self[methodName] = transport.globalLock(
+        methodName,
+        self[methodName],
+        self
+      );
+    }
   }
@@ -190,3 +203,3 @@
         // pre-v2 app version: fall back on hash signing
-        return this.signHash(path, hash(transaction));
+        return this.signHash_private(path, hash(transaction));
       } else {
@@ -208,2 +221,6 @@ throw new Error("Transaction approval request was rejected");
   signHash(path: string, hash: Buffer): Promise<{ signature: Buffer }> {
+    return this.signHash_private(path, hash);
+  }
+
+  signHash_private(path: string, hash: Buffer): Promise<{ signature: Buffer }> {
     let pathElts = splitPath(path);
@@ -210,0 +227,0 @@ let buffer = Buffer.alloc(1 + pathElts.length * 4);

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

73033

increased by5.58%

Number of package files

18

increased by5.88%

Lines of code

1166

increased by6.68%

Number of medium supply chain risk alerts

0

decreased by-100%

Worsened metrics

Number of low quality alerts

1

increased byInfinity%

Dependency changes

• Updated@ledgerhq/hw-transport@^4.3.0-beta.d226ed3b