Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
@ledgerhq/hw-transport
Advanced tools
Ledger Hardware Wallet common interface of the communication layer
@ledgerhq/hw-transport is a JavaScript library that provides a set of transport methods to communicate with Ledger hardware wallets. It supports various transport protocols such as USB, WebUSB, and Bluetooth, allowing developers to interact with Ledger devices in a secure and efficient manner.
USB Transport
This feature allows you to connect to a Ledger device using USB. The code sample demonstrates how to establish a connection and then close it.
const Transport = require('@ledgerhq/hw-transport-node-hid').default;
async function connectLedger() {
const transport = await Transport.create();
console.log('Connected to Ledger via USB');
await transport.close();
}
connectLedger();
WebUSB Transport
This feature allows you to connect to a Ledger device using WebUSB. The code sample demonstrates how to establish a connection and then close it.
const TransportWebUSB = require('@ledgerhq/hw-transport-webusb').default;
async function connectLedgerWebUSB() {
const transport = await TransportWebUSB.create();
console.log('Connected to Ledger via WebUSB');
await transport.close();
}
connectLedgerWebUSB();
Bluetooth Transport
This feature allows you to connect to a Ledger device using Bluetooth. The code sample demonstrates how to establish a connection and then close it.
const TransportBLE = require('@ledgerhq/hw-transport-ble').default;
async function connectLedgerBLE() {
const transport = await TransportBLE.create();
console.log('Connected to Ledger via Bluetooth');
await transport.close();
}
connectLedgerBLE();
trezor-connect is a JavaScript library for communicating with Trezor hardware wallets. It provides similar functionalities to @ledgerhq/hw-transport, such as USB and WebUSB support, but is specifically designed for Trezor devices.
bitbox02-api is a JavaScript library for interacting with BitBox02 hardware wallets. It offers functionalities similar to @ledgerhq/hw-transport, including USB communication, but is tailored for BitBox02 devices.
GitHub, Ledger Devs Discord, Developer Portal
@ledgerhq/hw-transport
implements the generic interface of a Ledger Hardware Wallet transport.
Type: {unsubscribe: function (): void}
unsubscribe
function (): voidType: any
A "descriptor" is a parameter that is specific to the implementation, and can be an ID, file path, or URL. type: add or remove event descriptor: a parameter that can be passed to open(descriptor) deviceModel: device info on the model (is it a nano s, nano x, ...) device: transport specific device info
Observer generic type, following the Observer pattern
Type: Readonly<{next: function (event: EventType): any, error: function (e: EventError): any, complete: function (): any}>
The Transport class defines a generic interface for communicating with a Ledger hardware wallet. There are different kind of transports based on the technology (channels like U2F, HID, Bluetooth, Webusb) and environment (Node, Web,...). It is an abstract class that needs to be implemented.
Send data to the device using a low level API. It's recommended to use the "send" method for a higher level API.
Returns Promise<Buffer> A promise that resolves with the response data from the device.
Send apdus in batch to the device using a low level API. The default implementation is to call exchange for each apdu.
apdus
Array<Buffer> array of apdus to send.observer
Observer<Buffer> an observer that will receive the response of each apdu.Returns Subscription A Subscription object on which you can call ".unsubscribe()" to stop sending apdus.
Set the "scramble key" for the next data exchanges with the device. Each app can have a different scramble key and it is set internally during instantiation.
Meta
Close the connection with the device.
Returns Promise<void> A promise that resolves when the transport is closed.
Listen for an event on the transport instance. Transport implementations may have specific events. Common events include: "disconnect" : triggered when the transport is disconnected.
Returns void
Stop listening to an event on an instance of transport.
Returns void
Enable or not logs of the binary exchange
Set a timeout (in milliseconds) for the exchange call. Only some transport might implement it. (e.g. U2F)
exchangeTimeout
numberReturns void
Define the delay before emitting "unresponsive" on an exchange that does not respond
unresponsiveTimeout
numberReturns void
Send data to the device using the higher level API.
cla
number The instruction class for the command.ins
number The instruction code for the command.p1
number The first parameter for the instruction.p2
number The second parameter for the instruction.data
Buffer The data to be sent. Defaults to an empty buffer. (optional, default Buffer.alloc(0)
)statusList
Array<number> A list of acceptable status codes for the response. Defaults to [StatusCodes.OK]. (optional, default [StatusCodes.OK]
)Returns Promise<Buffer> A promise that resolves with the response data from the device.
Check if the transport is supported on the current platform/browser.
Type: function (): Promise<boolean>
Returns Promise<boolean> A promise that resolves with a boolean indicating support.
List all available descriptors for the transport.
For a better granularity, checkout listen()
.
Type: function (): Promise<Array<any>>
TransportFoo.list().then(descriptors => ...)
Returns Promise<Array<any>> A promise that resolves with an array of descriptors.
Listen for device events for the transport. The method takes an observer of DescriptorEvent and returns a Subscription. A DescriptorEvent is an object containing a "descriptor" and a "type" field. The "type" field can be "add" or "remove", and the "descriptor" field can be passed to the "open" method. The "listen" method will first emit all currently connected devices and then will emit events as they occur, such as when a USB device is plugged in or a Bluetooth device becomes discoverable.
Type: function (observer: Observer<DescriptorEvent<any>>): Subscription
observer
Observer<DescriptorEvent<any>> An object with "next", "error", and "complete" functions, following the observer pattern.const sub = TransportFoo.listen({
next: e => {
if (e.type==="add") {
sub.unsubscribe();
const transport = await TransportFoo.open(e.descriptor);
...
}
},
error: error => {},
complete: () => {}
})
Returns Subscription A Subscription object on which you can call ".unsubscribe()" to stop listening to descriptors.
Attempt to create a Transport instance with a specific descriptor.
Type: function (descriptor: any, timeout: number): Promise<Transport>
descriptor
any The descriptor to open the transport with.timeout
number An optional timeout for the transport connection.TransportFoo.open(descriptor).then(transport => ...)
Returns Promise<Transport> A promise that resolves with a Transport instance.
create() allows to open the first descriptor available or throw if there is none or if timeout is reached. This is a light helper, alternative to using listen() and open() (that you may need for any more advanced usecase)
openTimeout
(optional, default 3000
)listenTimeout
number?TransportFoo.create().then(transport => ...)
FAQs
Ledger Hardware Wallet common interface of the communication layer
The npm package @ledgerhq/hw-transport receives a total of 191,337 weekly downloads. As such, @ledgerhq/hw-transport popularity was classified as popular.
We found that @ledgerhq/hw-transport demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
Security News
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.