Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
@notabene/nodejs
Advanced tools
Notabene NodeJS SDK for sending and receiving transactions through the Notabene Travel Rule gateway.
Documentation • Getting started • Installation • Configuration
npm install @notabene/nodejs
const { Notabene } = require('@notabene/nodejs');
const client = new Notabene({
clientId: '{CLIENT_ID}', // Add your own client ID
clientSecret: '{CLIENT_SECRET}', // Add your own client secret
});
The client ID and client secret required to authenticate against Notabene's APIs must be requested.
For sending transactions to Notabene's test environment, use your test Client ID and Client Secret and
set the baseURL
to https://api.notabene.dev
.
const { Notabene } = require('@notabene/nodejs');
const client = new Notabene({
baseURL: 'https://api.notabene.dev',
clientId: '{CLIENT_ID}', // Add your own client ID
clientSecret: '{CLIENT_SECRET}', // Add your own client secret
});
Examples for ivms
and payload
variables can be found in the Appendix.
async function demo() {
const ivms = ...;
const payload = ...;
const txCreated = await client.transaction.create(payload);
console.log(txCreated);
}
E2E encryption method will encryt PII that such that only you and the beneficiary VASP
async function demo() {
const ivms = ...;
const payload = ...;
const jsonDIDKey = ...; // create or import a jsonDIDKey (see Appendix)
const txCreated = await client.transaction.create(
payload,
encryption: {
method: PIIEncryptionMethod.END_2_END,
jsonDIDKey
}
);
console.log(txCreated);
}
The hybrid encryption method PIIEncryptionMethod.HYBRID
will also encrypt the PII data to Notabene, using a unique managed Escrow Key for your VASP. This allows us to run sanction screening on the PII data.
For END_2_END
and HYBRID
encryption your VASP needs a dedicated DIDKey, which is a public-private keypair. You can create a new keypair using the @notabene/cli
and then publish it to the Notabene directory under the pii_didkey
field. This allows other VASPs retrieve your public key and encrypt PII data to you.
Typically you will do this only once, and re-use the same keypair for a long time. If you believe your private key was compromised, you can rotate your keypair (ie. create a new one + publish it again). Data encrypted using a specific public key, can only be decrypted with its private key, don't throw away your old key(s) if you still have data of interest encrypted with those key(s).
To retrieve a transaction simply call:
const txInfo = await client.transaction.get(id);
If the transaction was encrypted with the DEFAULT
or HYBRID
strategy, the PII Service will be able to decrypt it for you, the ivms101
property will contain the decrypted data. However, for END_2_END
encrypted data you can pass your jsonDIDKey
argument to decrypt it locally:
const txInfo = await client.transaction.get(id, decryption: { jsonDIDKey });
To update a transaction simply call the following with the fields you wish to update:
const updatedTx = await client.transaction.update({
id: txCreated.id,
beneficiaryVASPdid: '...',
});
Note, you need specify an encryption method just like in transaction.create
(and your jsonDIDKey
):
const updatedTxEnd2End = await client.transaction.update(
{ id: txCreated.id, beneficiaryVASPdid: '...' },
encryption: {
method: PIIEncryptionMethod.END_2_END,
jsonDIDKey
}
);
// transaction.create payload:
const payload = {
transactionAsset: 'ETH',
transactionAmount: '1111111000000000000',
originatorVASPdid: 'did:ethr:0xb086499b7f028ab7d3c96c4c2b71d7f24c5a0772',
beneficiaryVASPdid: 'did:ethr:0xa80b54afa45dc22a4ebc0e1a9b638998a7899c33',
transactionBlockchainInfo: {
origin: '0x123',
destination: '0x321',
},
originator: ivms.originator,
beneficiary: ivms.beneficiary,
};
const ivms = {
originator: {
originatorPersons: [
{
naturalPerson: {
name: [
{
nameIdentifier: [
{
primaryIdentifier: 'Frodo',
secondaryIdentifier: 'Baggins',
nameIdentifierType: 'LEGL',
},
],
},
],
nationalIdentification: {
nationalIdentifier: 'AABBCCDDEEFF0011223344',
nationalIdentifierType: 'CCPT',
countryOfIssue: 'NZ',
},
dateAndPlaceOfBirth: {
dateOfBirth: '1900-01-01',
placeOfBirth: 'Planet Earth',
},
geographicAddress: [
{
addressLine: ['Cool Road /-.st'],
country: 'BE',
addressType: 'HOME',
},
],
},
},
],
accountNumber: ['01234567890'],
},
beneficiary: {
beneficiaryPersons: [
{
naturalPerson: {
name: [
{
nameIdentifier: [
{
primaryIdentifier: 'Bilbo',
secondaryIdentifier: 'Bolson',
nameIdentifierType: 'LEGL',
},
],
},
],
},
},
],
accountNumber: ['01234567890'],
},
};
BSD 3-Clause © Notabene Inc.
FAQs
Client for Notabene's API
The npm package @notabene/nodejs receives a total of 524 weekly downloads. As such, @notabene/nodejs popularity was classified as not popular.
We found that @notabene/nodejs demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.