Socket
Socket
Sign inDemoInstall

@metamask/controller-utils

Package Overview
Dependencies
Maintainers
9
Versions
36
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@metamask/controller-utils - npm Package Compare versions

Comparing version 3.2.0 to 3.3.0

18

CHANGELOG.md

@@ -9,8 +9,13 @@ # Changelog

## [3.3.0]
### Added
- Add Sign-in-with-Ethereum origin validation ([#1163](https://github.com/MetaMask/core/pull/1163))
- Add `NetworkId` enum and `NETWORK_ID_TO_ETHERS_NETWORK_NAME_MAP` constant that includes entries for each built-in Infura network ([#1170](https://github.com/MetaMask/core/pull/1170))
## [3.2.0]
### Uncategorized
- deps: eth-rpc-errors@4.0.0->4.0.2 ([#1215](https://github.com/MetaMask/core/pull/1215))
- deps: bump @metamask/utils to 5.0.1 ([#1211](https://github.com/MetaMask/core/pull/1211))
- Add ORIGIN_METAMASK constant ([#1166](https://github.com/MetaMask/core/pull/1166))
- Add ApprovalType enum ([#1174](https://github.com/MetaMask/core/pull/1174))
### Added
- Add `ORIGIN_METAMASK` constant ([#1166](https://github.com/MetaMask/core/pull/1166))
- Add `ApprovalType` enum ([#1174](https://github.com/MetaMask/core/pull/1174))
### Changed
- Improve return type of `toHex` ([#1195](https://github.com/MetaMask/core/pull/1195))

@@ -81,3 +86,4 @@

[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/controller-utils@3.2.0...HEAD
[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/controller-utils@3.3.0...HEAD
[3.3.0]: https://github.com/MetaMask/core/compare/@metamask/controller-utils@3.2.0...@metamask/controller-utils@3.3.0
[3.2.0]: https://github.com/MetaMask/core/compare/@metamask/controller-utils@3.1.0...@metamask/controller-utils@3.2.0

@@ -84,0 +90,0 @@ [3.1.0]: https://github.com/MetaMask/core/compare/@metamask/controller-utils@3.0.0...@metamask/controller-utils@3.1.0

3

dist/constants.d.ts

@@ -1,2 +0,2 @@

import { NetworksTicker, NetworksChainId } from './types';
import { NetworkType, NetworksTicker, NetworksChainId, NetworkId } from './types';
export declare const RPC = "rpc";

@@ -93,2 +93,3 @@ export declare const FALL_BACK_VS_CURRENCY = "ETH";

}
export declare const NETWORK_ID_TO_ETHERS_NETWORK_NAME_MAP: Record<NetworkId, NetworkType>;
//# sourceMappingURL=constants.d.ts.map

7

dist/constants.js
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.ApprovalType = exports.ORIGIN_METAMASK = exports.OPENSEA_TEST_API_URL = exports.OPENSEA_API_URL = exports.OPENSEA_PROXY_URL = exports.BUILT_IN_NETWORKS = exports.TESTNET_TICKER_SYMBOLS = exports.ASSET_TYPES = exports.GWEI = exports.ERC1155_TOKEN_RECEIVER_INTERFACE_ID = exports.ERC1155_METADATA_URI_INTERFACE_ID = exports.ERC1155_INTERFACE_ID = exports.ERC721_ENUMERABLE_INTERFACE_ID = exports.ERC721_METADATA_INTERFACE_ID = exports.ERC721_INTERFACE_ID = exports.ERC20 = exports.ERC1155 = exports.ERC721 = exports.MAX_SAFE_CHAIN_ID = exports.GANACHE_CHAIN_ID = exports.IPFS_DEFAULT_GATEWAY_URL = exports.FALL_BACK_VS_CURRENCY = exports.RPC = void 0;
exports.NETWORK_ID_TO_ETHERS_NETWORK_NAME_MAP = exports.ApprovalType = exports.ORIGIN_METAMASK = exports.OPENSEA_TEST_API_URL = exports.OPENSEA_API_URL = exports.OPENSEA_PROXY_URL = exports.BUILT_IN_NETWORKS = exports.TESTNET_TICKER_SYMBOLS = exports.ASSET_TYPES = exports.GWEI = exports.ERC1155_TOKEN_RECEIVER_INTERFACE_ID = exports.ERC1155_METADATA_URI_INTERFACE_ID = exports.ERC1155_INTERFACE_ID = exports.ERC721_ENUMERABLE_INTERFACE_ID = exports.ERC721_METADATA_INTERFACE_ID = exports.ERC721_INTERFACE_ID = exports.ERC20 = exports.ERC1155 = exports.ERC721 = exports.MAX_SAFE_CHAIN_ID = exports.GANACHE_CHAIN_ID = exports.IPFS_DEFAULT_GATEWAY_URL = exports.FALL_BACK_VS_CURRENCY = exports.RPC = void 0;
const types_1 = require("./types");

@@ -105,2 +105,7 @@ exports.RPC = 'rpc';

})(ApprovalType = exports.ApprovalType || (exports.ApprovalType = {}));
exports.NETWORK_ID_TO_ETHERS_NETWORK_NAME_MAP = {
[types_1.NetworkId.goerli]: types_1.NetworkType.goerli,
[types_1.NetworkId.sepolia]: types_1.NetworkType.sepolia,
[types_1.NetworkId.mainnet]: types_1.NetworkType.mainnet,
};
//# sourceMappingURL=constants.js.map

40

dist/siwe.d.ts
import { ParsedMessage } from '@spruceid/siwe-parser';
/**
* @type WrappedSIWERequest
*
* Sign-In With Ethereum (SIWE)(EIP-4361) message with request metadata
* @property {string} from - Subject account address
* @property {string} origin - The RFC 3986 originating authority of the signing request, including scheme
* @property {ParsedMessage} siwe - The data parsed from the message
*/
export interface WrappedSIWERequest {
from: string;
origin: string;
siwe: SIWEMessage;
}
interface DomainParts {
username?: string;
hostname: string;
port?: string;
}
/**
* Parses parts from RFC 3986 authority from EIP-4361 `domain` field.
*
* @param domain - input string
* @param originProtocol - implied protocol from origin
* @returns parsed parts
*/
export declare const parseDomainParts: (domain: string, originProtocol: string) => DomainParts;
/**
* Validates origin of a Sign-In With Ethereum (SIWE)(EIP-4361) request.
* As per spec:
* hostname must match.
* port and username must match iff specified.
* Protocol binding and full same-origin are currently not performed.
*
* @param req - Signature request
* @returns true if origin matches domain; false otherwise
*/
export declare const isValidSIWEOrigin: (req: WrappedSIWERequest) => boolean;
/**
* A locally defined object used to provide data to identify a Sign-In With Ethereum (SIWE)(EIP-4361) message and provide the parsed message
*
* @typedef localSIWEObject
* @typedef SIWEMessage
* @param {boolean} isSIWEMessage - Does the intercepted message conform to the SIWE specification?

@@ -30,2 +67,3 @@ * @param {ParsedMessage} parsedMessage - The data parsed out of the message

}) => SIWEMessage;
export {};
//# sourceMappingURL=siwe.d.ts.map

63

dist/siwe.js
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.detectSIWE = void 0;
exports.detectSIWE = exports.isValidSIWEOrigin = exports.parseDomainParts = void 0;
const siwe_parser_1 = require("@spruceid/siwe-parser");

@@ -37,3 +37,64 @@ const ethereumjs_util_1 = require("ethereumjs-util");

}
const DEFAULT_PORTS_BY_PROTOCOL = {
'http:': '80',
'https:': '443',
};
/**
* Parses parts from RFC 3986 authority from EIP-4361 `domain` field.
*
* @param domain - input string
* @param originProtocol - implied protocol from origin
* @returns parsed parts
*/
const parseDomainParts = (domain, originProtocol) => {
if (domain.match(/^[^/:]*:\/\//u)) {
return new URL(domain);
}
return new URL(`${originProtocol}//${domain}`);
};
exports.parseDomainParts = parseDomainParts;
/**
* Validates origin of a Sign-In With Ethereum (SIWE)(EIP-4361) request.
* As per spec:
* hostname must match.
* port and username must match iff specified.
* Protocol binding and full same-origin are currently not performed.
*
* @param req - Signature request
* @returns true if origin matches domain; false otherwise
*/
const isValidSIWEOrigin = (req) => {
var _a;
try {
const { origin, siwe } = req;
// origin = scheme://[user[:password]@]domain[:port]
// origin is supplied by environment and must match domain claim in message
if (!origin || !((_a = siwe === null || siwe === void 0 ? void 0 : siwe.parsedMessage) === null || _a === void 0 ? void 0 : _a.domain)) {
return false;
}
const originParts = new URL(origin);
const domainParts = (0, exports.parseDomainParts)(siwe.parsedMessage.domain, originParts.protocol);
if (domainParts.hostname.localeCompare(originParts.hostname, undefined, {
sensitivity: 'accent',
}) !== 0) {
return false;
}
if (domainParts.port !== '' && domainParts.port !== originParts.port) {
// If origin port is not specified, protocol default is implied
return (originParts.port === '' &&
domainParts.port === DEFAULT_PORTS_BY_PROTOCOL[originParts.protocol]);
}
if (domainParts.username !== '' &&
domainParts.username !== originParts.username) {
return false;
}
return true;
}
catch (e) {
log(e);
return false;
}
};
exports.isValidSIWEOrigin = isValidSIWEOrigin;
/**
* This function intercepts a sign message, detects if it's a

@@ -40,0 +101,0 @@ * Sign-In With Ethereum (SIWE)(EIP-4361) message, and returns an object with

5

dist/types.d.ts

@@ -25,2 +25,7 @@ /**

}
export declare enum NetworkId {
mainnet = "1",
goerli = "5",
sepolia = "11155111"
}
export declare enum NetworksTicker {

@@ -27,0 +32,0 @@ mainnet = "ETH",

8

dist/types.js
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.NetworksTicker = exports.NetworksChainId = exports.isNetworkType = exports.NetworkType = void 0;
exports.NetworksTicker = exports.NetworkId = exports.NetworksChainId = exports.isNetworkType = exports.NetworkType = void 0;
/**

@@ -33,2 +33,8 @@ * Human-readable network name

})(NetworksChainId = exports.NetworksChainId || (exports.NetworksChainId = {}));
var NetworkId;
(function (NetworkId) {
NetworkId["mainnet"] = "1";
NetworkId["goerli"] = "5";
NetworkId["sepolia"] = "11155111";
})(NetworkId = exports.NetworkId || (exports.NetworkId = {}));
var NetworksTicker;

@@ -35,0 +41,0 @@ (function (NetworksTicker) {

2

package.json
{
"name": "@metamask/controller-utils",
"version": "3.2.0",
"version": "3.3.0",
"description": "Data and convenience functions shared by multiple packages",

@@ -5,0 +5,0 @@ "keywords": [

dist/constants.d.ts.map

Sorry, the diff of this file is not supported yet

dist/constants.js.map

Sorry, the diff of this file is not supported yet

dist/siwe.d.ts.map

Sorry, the diff of this file is not supported yet

dist/siwe.js.map

Sorry, the diff of this file is not supported yet

dist/types.d.ts.map

Sorry, the diff of this file is not supported yet

dist/types.js.map

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc