Latest Threat ResearchGlassWorm Loader Hits Open VSX via Developer Account Compromise.Details
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@lit-protocol/aw-tool-sign-ecdsa

Package Overview
Dependencies
Maintainers
8
Versions
21
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@lit-protocol/aw-tool-sign-ecdsa

The `aw-tool-sign-ecdsa` package provides functionality for performing ECDSA signing operations using Lit Protocol's PKPs (Programmable Key Pairs). This tool enables secure signing of arbitrary messages or transactions while enforcing policy-based control

latest
npmnpm
Version
0.1.0-23
Version published
Maintainers
8
Created
Source

AW-Tool Sign ECDSA Documentation

The aw-tool-sign-ecdsa package provides functionality for performing ECDSA signing operations using Lit Protocol's PKPs (Programmable Key Pairs). This tool enables secure signing of arbitrary messages or transactions while enforcing policy-based controls.

Files Overview (in src/lib)

1. ipfs.ts

Handles IPFS CIDs for different environments (development, testing, production). Falls back to default CIDs if the build output is not found.

Key Features:

  • Default CIDs: Predefined CIDs for datil-dev, datil-test, and datil environments
  • Dynamic CID Loading: Attempts to load CIDs from dist/ipfs.json at runtime
  • Fallback Mechanism: Uses default CIDs if the file is missing or unreadable

2. lit-action.ts

Contains the main logic for executing a Lit Action to perform ECDSA signing operations.

Key Features:

  • PKP Info Retrieval: Fetches PKP details (token ID, Ethereum address, public key) from the PubkeyRouter contract
  • Delegatee Validation: Verifies that the session signer is a valid delegatee for the PKP
  • Policy Enforcement: Validates message prefixes against the allowed prefixes in the policy
  • Message Signing: Signs messages using the PKP's public key via Lit Actions
  • Error Handling: Comprehensive error handling and response formatting

3. policy.ts

Defines and validates the ECDSA signing policy schema using Zod.

Key Features:

  • Policy Schema: Validates policy fields:
    • type: Must be 'SignEcdsa'
    • version: Policy version string
    • allowedPrefixes: Array of allowed message prefixes
  • Encoding/Decoding: Converts policies to and from ABI-encoded strings using ethers
  • Type Safety: Uses Zod for schema validation and TypeScript type inference

4. tool.ts

Configures the ECDSA signing tool for different Lit networks.

Key Features:

  • Parameter Schema: Validates required parameters:
    • pkpEthAddress: The Ethereum address of the PKP
    • message: The message to be signed
  • Network Configuration: Creates network-specific tools for each supported Lit network
  • Tool Definition: Implements the AwTool interface with:
    • Name and description
    • Parameter validation and descriptions
    • Policy integration with SignEcdsaPolicy

FAQs

Package last updated on 18 Feb 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Open VSX Begins Implementing Pre-Publish Security Checks After Repeated Supply Chain Incidents

Security News

Open VSX Begins Implementing Pre-Publish Security Checks After Repeated Supply Chain Incidents

Following multiple malicious extension incidents, Open VSX outlines new safeguards designed to catch risky uploads earlier.

By Sarah Gooding  -  Feb 02, 2026
GlassWorm Loader Hits Open VSX via Developer Account Compromise

Research

/

Security News

GlassWorm Loader Hits Open VSX via Developer Account Compromise

Threat actors compromised four oorzc Open VSX extensions with more than 22,000 downloads, pushing malicious versions that install a staged loader, evade Russian-locale systems, pull C2 from Solana memos, and steal macOS credentials and wallets.

By Kirill Boychenko  -  Jan 31, 2026