Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@nexeraid/identity-sdk
Advanced tools
$ npm install @nexeraid/identity-sdk
/*
* Get access token
* This has to be done from secured server, to avoid leaking API_KEY
*/
const response = await fetch('https://api.nexera.id/kyc/auth/access-token', {
body: JSON.stringify({ publicAddress }),
headers: {
'Content-Type': 'application/json',
'Authorization': `Bearer ${API_KEY}`
},
method: 'POST'
})
const { accessToken } = await response.json()
/*
* Handle data from webhook
* At the defined webhook endpoint, each time an user shares data with you, data with format
* {
* address: '0x0000000000000000000000000000000000000000',
* data: {
* ...
* }
* }
*/
// Assuming you have this data in some variable named input
const response = await fetch('https://api.nexera.id/compliance/rules/execute', {
body: JSON.stringify({
inputData: input.data,
address: input.address,
policyId: `${POLICY_ID}`,
}),
headers: {
'Content-Type': 'application/json',
'Authorization': `Bearer ${API_KEY}`
},
method: 'POST'
})
/*
* Validation result structure could vary according the required rules defined, but it will
* have the necessary flags that determine whether or not the user meets the requirements.
*/
const validationResult = await response.json()
// instantiate IdentityClient
// onSignPersonalData is optional, since can be defined as shown below
const IDENTITY_CLIENT = new IdentityClient({
onSignPersonalData: async (data: string) => {
return await signMessageAsync({message: data});
}
});
// configure identity flow callbacks
// mandatory onSignPersonalData callback
IDENTITY_CLIENT.onSignMessage(async (data: string) => {
// make user sign data with wallet, and return result
return await signMessageAsync({message: data})
})
// optional onZkCallback (mandatory if zk flow will be used)
IDENTITY_CLIENT.onZkCallback(async (data) => {
// make wallet user send transaction, using data from identity app, and returning transaction hash
const tx = await signer.data.sendTransaction(data);
return tx.hash;
});
// build signing message, needed to safety store identity in user's browser
const signingMessage = IdentityClient.buildSignatureMessage(address)
const signature = await signMessageAsync({message: signingMessage})
// here you need to get access token from your server, which will call our backend as we explained in the Server app section
const accessToken = getAccessTokenFromYourServer(address)
// finally, once accessToken, signingMessage and signature ready, IdentityClient flow can be triggered
IDENTITY_CLIENT.startVerification({
accessToken: accessToken,
signature: signature,
signingMessage: signingMessage,
});
IDENTITY_CLIENT.startManagement({
accessToken: accessToken,
signature: signature,
signingMessage: signingMessage,
});
For the latest changes, see the CHANGELOG.
FAQs
Nexera ID Identity Verification SDK
The npm package @nexeraid/identity-sdk receives a total of 824 weekly downloads. As such, @nexeraid/identity-sdk popularity was classified as not popular.
We found that @nexeraid/identity-sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.