Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@metamask/eth-snap-keyring
Advanced tools
This keyring acts as a bridge between the KeyringController
and a snap.
Follow these instructions when using this template.
.github/pull_request_template.md
) to remove the Examples
section that is specific to this template.yarn add @metamask/eth-snap-keyring
or
npm install @metamask/eth-snap-keyring
Add examples here
See our documentation:
nvm use
will automatically choose the right node version for you.yarn install
to install dependencies and run any required post-install scriptsRun yarn test
to run the tests once. To run tests on file changes, run yarn test:watch
.
Run yarn lint
to run the linter, or run yarn lint:fix
to run the linter and fix any automatically fixable issues.
The project follows the same release process as the other libraries in the MetaMask organization. The GitHub Actions action-create-release-pr
and action-publish-release
are used to automate the release process; see those repositories for more information about how they work.
Choose a release version.
If this release is backporting changes onto a previous release, then ensure there is a major version branch for that version (e.g. 1.x
for a v1
backport release).
v1.0.2
release, you'd want to ensure there was a 1.x
branch that was set to the v1.0.1
tag.Trigger the workflow_dispatch
event manually for the Create Release Pull Request
action to create the release PR.
action-create-release-pr
workflow to create the release PR.Update the changelog to move each change entry into the appropriate change category (See here for the full list of change categories, and the correct ordering), and edit them to be more easily understood by users of the package.
yarn auto-changelog validate --rc
to check that the changelog is correctly formatted.Review and QA the release.
Squash & Merge the release.
action-publish-release
workflow to tag the final release commit and publish the release on GitHub.Publish the release on npm.
publish-release
GitHub Action workflow to finish. This should trigger a second job (publish-npm
), which will wait for a run approval by the npm publishers
team.publish-npm
job (or ask somebody on the npm publishers team to approve it for you).publish-npm
job has finished, check npm to verify that it has been published.[0.1.0]
FAQs
Snaps keyring bridge.
The npm package @metamask/eth-snap-keyring receives a total of 5,116 weekly downloads. As such, @metamask/eth-snap-keyring popularity was classified as popular.
We found that @metamask/eth-snap-keyring demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 10 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.