Security News
JSR Working Group Kicks Off with Ambitious Roadmap and Plans for Open Governance
At its inaugural meeting, the JSR Working Group outlined plans for an open governance model and a roadmap to enhance JavaScript package management.
@neon-exchange/nash-protocol-mpc
Advanced tools
TypeScript implementation of Nash crypto routines
Implementation of Nash cryptographic routines.
Currently, you should clone the repository to access the HTML documentation. This may be statically hosted separately at some point for convenience.
yarn install
yarn build
yarn test
The Nash Protocol contains functions necessary to create, setup, and authenticate into an account.
This step registers a new user with Nash's Central Accounts System.
hashPassword()
should be called to hash the password, and getHKDFKeysFromPassword()
should be called on the hasked password to get an authentication key and encryption key.This step creates blockchain wallets for a user.
getEntropy()
is called to generate a secret key.secretKeyToMnemonic()
is called on the secret key to provide a user's mnemonic. The user should persist this and never share this value.mnemonicToMasterSeed()
is called on the mnemonic to create the master seed, which is the seed value for BIP-44 HD wallet generation.generateWallet
is called using the master seed for all supported coin types.encryptSecretKey()
, which produces an encrypted secret key AEAD object. This is sent to Nash.getHKDFKeysFromPassword()
is used to get the authentication key and encryption key.initialize()
with the encrypted secret key AEAD object, encryption key, wallet metadata, and some Nash Matching Engine market and asset data to receive a config.Secret values are never sent to Nash. Values that are visible to Nash are. A combination of secret values and values accessible by Nash are needed for all sensitive operations. Both types of values are sensitive and should be carefully guarded.
We will NOT support the user supplying their own wallet keys. While users will control their own wallets, we will generate the wallets for them. This is partially because we want wallets to be deterministically derivable from the master seed.
Gitlab CI will automatically publish a version if it receives a new Git tag (see also the publish_to_npm
step in .gitlab-ci.yml
).
Here's the specific steps: Start with decide on a new release version, eg. v1.2.3
. Then create a branch and tag and push everything to Gitlab:
# Make sure you are on master and that all work for this release is committed and merged.
# Next step is to create a branch for this release:
git checkout -b release/v1.2.3
# `yarn prepare-release` will do a hard git reset, run the tests and update the version
# number based on the input you provide in the prompt. It also creates a git tag.
yarn prepare-release
git push origin release/v1.2.3
# Based on that branch, create a PR, and as soon as that is in master, push the tag
# that was created with `yarn prepare-release`:
git push origin refs/tags/v1.2.3
# At this point, the CI will run and if successful push to npm
FAQs
TypeScript implementation of Nash crypto routines
The npm package @neon-exchange/nash-protocol-mpc receives a total of 1 weekly downloads. As such, @neon-exchange/nash-protocol-mpc popularity was classified as not popular.
We found that @neon-exchange/nash-protocol-mpc demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 11 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At its inaugural meeting, the JSR Working Group outlined plans for an open governance model and a roadmap to enhance JavaScript package management.
Security News
Research
An advanced npm supply chain attack is leveraging Ethereum smart contracts for decentralized, persistent malware control, evading traditional defenses.
Security News
Research
Attackers are impersonating Sindre Sorhus on npm with a fake 'chalk-node' package containing a malicious backdoor to compromise developers' projects.