Socket
Socket
Sign inDemoInstall

@metamask/eth-sig-util

Package Overview
Dependencies
48
Maintainers
7
Versions
13
Alerts
File Explorer

Advanced tools

npm Scripts

Install Socket

Detect and block malicious and high-risk dependencies

Install

    @metamask/eth-sig-util

A few useful functions for signing ethereum data

Version published
Weekly downloads
257K
increased by1.42%
Maintainers
7
Install size
9.80 MB
Created
Weekly downloads
 

Changelog

Source

[4.0.0]

Added

  • BREAKING: Add subpath exports (#214, #211)
    • This is breaking because it prevents the import of modules that are not exposed as subpath exports.
  • Add salt to the EIP-712 domain type (#176)
  • Add additional unit tests (#146, #164, #167, #169, #172, #177, #180, #170, #171, #178, #173, #182, #184, #185, #187)
  • Improve documentation (#157, #177, #174, #180, #178, #181, #186, #212, #207, #213)

Changed

  • BREAKING: Consolidate signTypedData and recoverTypedSignature functions (#156)
    • The functions signTypedDataLegacy, signTypedData, and signTypedData_v4 have been replaced with a single signTypedData function with a version parameter. The version parameter determines which type of signature you get.
      • If you used signTypedDataLegacy, switch to signTypedData with the version V1.
      • If you used signTypedData, switch to signTypedData with the version V3.
      • If you used signTypedData_v4, switch to signTypedData with the version V4.
    • The functions recoverTypedSignatureLegacy, recoverTypedSignature, and recoverTypedSignature_v4 have been replaced with a single recoverTypedSignature function.
      • If you used recoverTypedSignatureLegacy, switch to recoverTypedMessage with the version V1.
      • If you used recoverTypedMessage, switch to recoverTypedMessage with the version V3.
      • If you used recoverTypedSignature_v4, switch to recoverTypedMessage with the version V4.
  • BREAKING: Rename TypedDataUtils.sign to TypedDataUtils.eip712Hash (#104)
    • This function never actually signed anything. It just created a hash that was later signed. The new name better reflects what the function does.
  • BREAKING: Move package under @metamask npm organization (#162)
    • Update your require and import statements to import @metamask/eth-sig-util rather than eth-sig-util.
  • BREAKING: Simplify function type signatures (#198)
    • This is only a breaking change for TypeScript projects that were importing types used by the function signatures. The types should be far simpler now.
    • The TypedData has been updated to be more restrictive (it only allows valid typed data now), and it was renamed to TypedDataV1
  • BREAKING: Replace MsgParams parameters with "options" parameters (#204)
    • This affects the following functions:
      • personalSign
      • recoverPersonalSignature
      • extractPublicKey
      • encrypt
      • encryptSafely
      • decrypt
      • decryptSafely
      • signTypedData
      • recoverTypedSignature
    • All parameters are passed in as a single "options" object now, instead of the MsgParams type that was used for most of these functions previously. Read each function signature carefully to ensure you are correctly passing in parameters.
    • personalSign example:
      • Previously it was called like this: personalSign(privateKey, { data })
      • Now it is called like this: personalSign({ privateKey, data })
  • BREAKING: Rename Version type to SignTypedDataVersion (#218)
  • BREAKING: Rename EIP712TypedData type to TypedDataV1Field (#218)
  • Add signTypedData version validation (#201)
  • Add validation to check that parameters aren't nullish (#205)
  • Enable inline sourcemaps (#159)
  • Update ethereumjs-util to v6 (#138, #195)
  • Allow TypedDataUtils functions to be called unbound (#152)
  • Update minimum tweetnacl-util version (#155)
  • Add Solidity types to JSON schema for signTypedData (#189)
  • Replace README API docs with generated docs (#213)

Readme

Source

@metamask/eth-sig-util

A small collection of Ethereum signing functions.

You can find usage examples here

Available on NPM

Installation

yarn add @metamask/eth-sig-util

or

npm install @metamask/eth-sig-util

API

The full API documentation for the latest published version of this library is available here.

Contributing

Setup

  • Install Node.js version 12
    • If you are using nvm (recommended) running nvm use will automatically choose the right node version for you.
  • Install Yarn v1
  • Run yarn setup to install dependencies and run any requried post-install scripts
    • Warning: Do not use the yarn / yarn install command directly. Use yarn setup instead. The normal install command will skip required post-install scripts, leaving your development environment in an invalid state.

Testing and Linting

Run yarn test to run the tests once. To run tests on file changes, run yarn test:watch.

Run yarn lint to run the linter, or run yarn lint:fix to run the linter and fix any automatically fixable issues.

Documentation

The API documentation can be generated with the command yarn docs, which saves it in the ./docs directory. Open the ./docs/index.html file to browse the documentation.

Release & Publishing

The project follows the same release process as the other libraries in the MetaMask organization. The GitHub Actions action-create-release-pr and action-publish-release are used to automate the release process; see those repositories for more information about how they work.

  1. Choose a release version.

    • The release version should be chosen according to SemVer. Analyze the changes to see whether they include any breaking changes, new features, or deprecations, then choose the appropriate SemVer version. See the SemVer specification for more information.

  2. If this release is backporting changes onto a previous release, then ensure there is a major version branch for that version (e.g. 1.x for a v1 backport release).

    • The major version branch should be set to the most recent release with that major version. For example, when backporting a v1.0.2 release, you'd want to ensure there was a 1.x branch that was set to the v1.0.1 tag.

  3. Trigger the workflow_dispatch event manually for the Create Release Pull Request action to create the release PR.

    • For a backport release, the base branch should be the major version branch that you ensured existed in step 2. For a normal release, the base branch should be the main branch for that repository (which should be the default value).
    • This should trigger the action-create-release-pr workflow to create the release PR.

  4. Update the changelog to move each change entry into the appropriate change category (See here for the full list of change categories, and the correct ordering), and edit them to be more easily understood by users of the package.

    • Generally any changes that don't affect consumers of the package (e.g. lockfile changes or development environment changes) are omitted. Exceptions may be made for changes that might be of interest despite not having an effect upon the published package (e.g. major test improvements, security improvements, improved documentation, etc.).
    • Try to explain each change in terms that users of the package would understand (e.g. avoid referencing internal variables/concepts).
    • Consolidate related changes into one change entry if it makes it easier to explain.
    • Run yarn auto-changelog validate --rc to check that the changelog is correctly formatted.

  5. Review and QA the release.

    • If changes are made to the base branch, the release branch will need to be updated with these changes and review/QA will need to restart again. As such, it's probably best to avoid merging other PRs into the base branch while review is underway.

  6. Squash & Merge the release.

    • This should trigger the action-publish-release workflow to tag the final release commit and publish the release on GitHub.

  7. Publish the release on npm.

    • Be very careful to use a clean local environment to publish the release, and follow exactly the same steps used during CI.
    • Use npm publish --dry-run to examine the release contents to ensure the correct files are included. Compare to previous releases if necessary (e.g. using https://unpkg.com/browse/[package name]@[package version]/).
    • Once you are confident the release contents are correct, publish the release using npm publish.

Keywords

FAQs

Last updated on 22 Sep 2021

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

CISA Launches Vulnrichment Project as NVD Backlog Hits 10,000

Security News

CISA Launches Vulnrichment Project as NVD Backlog Hits 10,000

CISA launched a new project called Vulnrichment to enrich CVEs with details that help prioritize patching and mitigation efforts, as the NVD backlog of unenriched CVEs awaiting analysis surpasses 10,000.

By Sarah Gooding  -  May 09, 2024
Recent Trends in Malicious Packages Targeting Discord

Research

Recent Trends in Malicious Packages Targeting Discord

The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.

By Socket Research Team  -  May 07, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc