Security News
JSR Working Group Kicks Off with Ambitious Roadmap and Plans for Open Governance
At its inaugural meeting, the JSR Working Group outlined plans for an open governance model and a roadmap to enhance JavaScript package management.
@metamask/eth-sig-util
Advanced tools
@metamask/eth-sig-util is a utility library for Ethereum signature operations. It provides functions for signing and verifying messages, encoding and decoding data, and other cryptographic operations related to Ethereum.
Sign Typed Data
This feature allows you to sign typed data using a private key. The `signTypedData` function takes a private key and a message parameter, and returns a signature.
const { signTypedData } = require('@metamask/eth-sig-util');
const privateKey = Buffer.from('your-private-key', 'hex');
const msgParams = {
data: [{
type: 'string',
name: 'message',
value: 'Hello, world!'
}]
};
const signature = signTypedData({ privateKey, data: msgParams.data });
console.log(signature);
Recover Typed Signature
This feature allows you to recover the address that signed a typed data message. The `recoverTypedSignature` function takes a message parameter and a signature, and returns the address that signed the message.
const { recoverTypedSignature } = require('@metamask/eth-sig-util');
const msgParams = {
data: [{
type: 'string',
name: 'message',
value: 'Hello, world!'
}]
};
const signature = 'your-signature';
const address = recoverTypedSignature({ data: msgParams.data, sig: signature });
console.log(address);
Encrypt and Decrypt Data
This feature allows you to encrypt and decrypt data using public and private keys. The `encrypt` function takes a public key and data, and returns encrypted data. The `decrypt` function takes a private key and encrypted data, and returns the decrypted data.
const { encrypt, decrypt } = require('@metamask/eth-sig-util');
const publicKey = 'recipient-public-key';
const data = 'Hello, world!';
const encryptedData = encrypt({ publicKey, data });
console.log(encryptedData);
const privateKey = Buffer.from('your-private-key', 'hex');
const decryptedData = decrypt({ privateKey, encryptedData });
console.log(decryptedData);
eth-sig-util is a utility library for Ethereum signature operations, similar to @metamask/eth-sig-util. It provides functions for signing and verifying messages, encoding and decoding data, and other cryptographic operations related to Ethereum. It is often used in conjunction with other Ethereum libraries.
ethereumjs-util is a collection of utility functions for Ethereum. It includes functions for signing and verifying messages, encoding and decoding data, and other cryptographic operations. It is a more general-purpose library compared to @metamask/eth-sig-util, which is specifically focused on signature utilities.
ethers is a complete Ethereum library and wallet implementation. It includes utilities for signing and verifying messages, interacting with smart contracts, and managing wallets. While it offers similar functionalities to @metamask/eth-sig-util, it is a more comprehensive library for Ethereum development.
@metamask/eth-sig-util
A small collection of Ethereum signing functions.
You can find usage examples here
yarn add @metamask/eth-sig-util
or
npm install @metamask/eth-sig-util
The full API documentation for the latest published version of this library is available here.
nvm use
will automatically choose the right node version for you.yarn setup
to install dependencies and run any requried post-install scripts
yarn
/ yarn install
command directly. Use yarn setup
instead. The normal install command will skip required post-install scripts, leaving your development environment in an invalid state.Run yarn test
to run the tests once. To run tests on file changes, run yarn test:watch
.
Run yarn lint
to run the linter, or run yarn lint:fix
to run the linter and fix any automatically fixable issues.
The API documentation can be generated with the command yarn docs
, which saves it in the ./docs
directory. Open the ./docs/index.html
file to browse the documentation.
The project follows the same release process as the other libraries in the MetaMask organization. The GitHub Actions action-create-release-pr
and action-publish-release
are used to automate the release process; see those repositories for more information about how they work.
Choose a release version.
If this release is backporting changes onto a previous release, then ensure there is a major version branch for that version (e.g. 1.x
for a v1
backport release).
v1.0.2
release, you'd want to ensure there was a 1.x
branch that was set to the v1.0.1
tag.Trigger the workflow_dispatch
event manually for the Create Release Pull Request
action to create the release PR.
action-create-release-pr
workflow to create the release PR.Update the changelog to move each change entry into the appropriate change category (See here for the full list of change categories, and the correct ordering), and edit them to be more easily understood by users of the package.
yarn auto-changelog validate --rc
to check that the changelog is correctly formatted.Review and QA the release.
Squash & Merge the release.
action-publish-release
workflow to tag the final release commit and publish the release on GitHub.Publish the release on npm.
npm publish --dry-run
to examine the release contents to ensure the correct files are included. Compare to previous releases if necessary (e.g. using https://unpkg.com/browse/[package name]@[package version]/
).npm publish
.FAQs
A few useful functions for signing ethereum data
The npm package @metamask/eth-sig-util receives a total of 276,265 weekly downloads. As such, @metamask/eth-sig-util popularity was classified as popular.
We found that @metamask/eth-sig-util demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 11 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At its inaugural meeting, the JSR Working Group outlined plans for an open governance model and a roadmap to enhance JavaScript package management.
Security News
Research
An advanced npm supply chain attack is leveraging Ethereum smart contracts for decentralized, persistent malware control, evading traditional defenses.
Security News
Research
Attackers are impersonating Sindre Sorhus on npm with a fake 'chalk-node' package containing a malicious backdoor to compromise developers' projects.