Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
@ledgerhq/hw-transport
Advanced tools
Ledger Hardware Wallet common interface of the communication layer
@ledgerhq/hw-transport is a JavaScript library that provides a set of transport methods to communicate with Ledger hardware wallets. It supports various transport protocols such as USB, WebUSB, and Bluetooth, allowing developers to interact with Ledger devices in a secure and efficient manner.
USB Transport
This feature allows you to connect to a Ledger device using USB. The code sample demonstrates how to establish a connection and then close it.
const Transport = require('@ledgerhq/hw-transport-node-hid').default;
async function connectLedger() {
const transport = await Transport.create();
console.log('Connected to Ledger via USB');
await transport.close();
}
connectLedger();
WebUSB Transport
This feature allows you to connect to a Ledger device using WebUSB. The code sample demonstrates how to establish a connection and then close it.
const TransportWebUSB = require('@ledgerhq/hw-transport-webusb').default;
async function connectLedgerWebUSB() {
const transport = await TransportWebUSB.create();
console.log('Connected to Ledger via WebUSB');
await transport.close();
}
connectLedgerWebUSB();
Bluetooth Transport
This feature allows you to connect to a Ledger device using Bluetooth. The code sample demonstrates how to establish a connection and then close it.
const TransportBLE = require('@ledgerhq/hw-transport-ble').default;
async function connectLedgerBLE() {
const transport = await TransportBLE.create();
console.log('Connected to Ledger via Bluetooth');
await transport.close();
}
connectLedgerBLE();
trezor-connect is a JavaScript library for communicating with Trezor hardware wallets. It provides similar functionalities to @ledgerhq/hw-transport, such as USB and WebUSB support, but is specifically designed for Trezor devices.
bitbox02-api is a JavaScript library for interacting with BitBox02 hardware wallets. It offers functionalities similar to @ledgerhq/hw-transport, including USB communication, but is tailored for BitBox02 devices.
@ledgerhq/hw-transport
implements the generic interface of a Ledger Hardware Wallet transport.
unsubscribe
function (): voidType: Object
type: add or remove event descriptor: a parameter that can be passed to open(descriptor) deviceModel: device info on the model (is it a nano s, nano x, ...) device: transport specific device info
type
("add"
| "remove"
)descriptor
DescriptordeviceModel
DeviceModel??device
Device?Type: $ReadOnly<{next: function (event: Ev): any, error: function (e: any): any, complete: function (): any}>
Transport defines the generic interface to share between node/u2f impl A Descriptor is a parametric type that is up to be determined for the implementation. it can be for instance an ID, an file path, a URL,...
low level api to communicate with the device This method is for implementations to implement but should not be directly called. Instead, the recommanded way is to use send() method
_apdu
Bufferapdu
the data to sendReturns Promise<Buffer> a Promise of response data
set the "scramble key" for the next exchanges with the device. Each App can have a different scramble key and they internally will set it at instanciation.
_key
stringkey
the scramble keyclose the exchange with the device.
Returns Promise<void> a Promise that ends when the transport is closed.
Listen to an event on an instance of transport. Transport implementation can have specific events. Here is the common events:
"disconnect"
: triggered if Transport is disconnectedStop listening to an event on an instance of transport.
Enable or not logs of the binary exchange
Set a timeout (in milliseconds) for the exchange call. Only some transport might implement it. (e.g. U2F)
exchangeTimeout
numberDefine the delay before emitting "unresponsive" on an exchange that does not respond
unresponsiveTimeout
numberwrapper on top of exchange to simplify work of the implementation.
cla
numberins
numberp1
numberp2
numberdata
Buffer (optional, default Buffer.alloc(0)
)statusList
Array<number> is a list of accepted status code (shorts). [0x9000] by default (optional, default [StatusCodes.OK]
)Returns Promise<Buffer> a Promise of response buffer
Statically check if a transport is supported on the user's platform/browser.
Type: function (): Promise<boolean>
List once all available descriptors. For a better granularity, checkout listen()
.
Type: function (): Promise<Array<Descriptor>>
TransportFoo.list().then(descriptors => ...)
Returns any a promise of descriptors
Listen all device events for a given Transport. The method takes an Obverver of DescriptorEvent and returns a Subscription (according to Observable paradigm https://github.com/tc39/proposal-observable )
a DescriptorEvent is a { descriptor, type }
object. type can be "add"
or "remove"
and descriptor is a value you can pass to open(descriptor)
.
each listen() call will first emit all potential device already connected and then will emit events can come over times,
for instance if you plug a USB device after listen() or a bluetooth device become discoverable.
Type: function (observer: Observer<DescriptorEvent<Descriptor>>): Subscription
observer
is an object with a next, error and complete function (compatible with observer pattern)const sub = TransportFoo.listen({
next: e => {
if (e.type==="add") {
sub.unsubscribe();
const transport = await TransportFoo.open(e.descriptor);
...
}
},
error: error => {},
complete: () => {}
})
Returns any a Subscription object on which you can .unsubscribe()
to stop listening descriptors.
attempt to create a Transport instance with potentially a descriptor.
Type: function (descriptor: Descriptor, timeout: number): Promise<Transport<Descriptor>>
descriptor
: the descriptor to open the transport with.timeout
: an optional timeoutTransportFoo.open(descriptor).then(transport => ...)
Returns any a Promise of Transport instance
create() allows to open the first descriptor available or throw if there is none or if timeout is reached. This is a light helper, alternative to using listen() and open() (that you may need for any more advanced usecase)
TransportFoo.create().then(transport => ...)
FAQs
Ledger Hardware Wallet common interface of the communication layer
The npm package @ledgerhq/hw-transport receives a total of 262,236 weekly downloads. As such, @ledgerhq/hw-transport popularity was classified as popular.
We found that @ledgerhq/hw-transport demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.