Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
@notabene/nodejs
Advanced tools
Notabene NodeJS SDK for sending and receiving transactions through the Notabene Travel Rule gateway.
Documentation • Getting started • Installation • Configuration
npm install @notabene/nodejs
const { Notabene } = require('@notabene/nodejs');
const client = new Notabene({
clientId: '{CLIENT_ID}', // Add your own client ID
clientSecret: '{CLIENT_SECRET}', // Add your own client secret
});
The client ID and client secret required to authenticate against Notabene's APIs must be requested.
For sending transactions to Notabene's test environment, use your test Client ID and Client Secret and
set the baseURL
to https://api.notabene.dev
.
const { Notabene } = require('@notabene/nodejs');
const client = new Notabene({
baseURL: 'https://api.notabene.dev',
clientId: '{CLIENT_ID}', // Add your own client ID
clientSecret: '{CLIENT_SECRET}', // Add your own client secret
});
Examples for ivms
and payload
variables can be found in the Appendix.
const ivms = ...; // (see Appendix)
const payload = ...; // (see Appendix)
const txCreated = await client.transaction.create(payload);
E2E encryption method will encryt PII that such that only you and the beneficiary VASP
const ivms = ...; // (see Appendix)
const payload = ...; // (see Appendix)
const jsonDIDKey = ...; // create or import a jsonDIDKey (see below)
const txCreated = await client.transaction.create(
payload,
jsonDIDKey
);
The hybrid encryption method will also encrypt the PII data to Notabene, using a unique managed Escrow Key for your VASP. This allows us to run sanction screening on the PII data.
const txCreated = await client.transaction.create(
payload,
jsonDIDKey,
true // hybrid
);
For END_2_END
and HYBRID
encryption your VASP needs a dedicated DIDKey, which is a public-private keypair. You can create a new keypair using the @notabene/cli
and then publish it to the Notabene directory under the pii_didkey
field. This allows other VASPs retrieve your public key and encrypt PII data to you.
// get your encryption key
const ikey = ... // or create a new key using the CLI, or: await client.toolset.createKey();
// extract the did:key (public key)
const pii_didkey = JSON.parse(ikey).did;
// upload did:key to your VASP on the Notabene directory
const fields = [
{
fieldName: 'pii_didkey',
values: [
{
value: pii_didkey,
},
],
},
];
await client.trustFramework.update(vaspDID, fields);
Typically you will do this only once, and re-use the same keypair for a long time. If you believe your private key was compromised, you can rotate your keypair (ie. create a new one + publish it again). Data encrypted using a specific public key can only be decrypted with its private key, so don't throw away your old key(s) if you still have data of interest encrypted with those key(s).
To retrieve a transaction simply call:
const txInfo = await client.transaction.get(id);
If the transaction was encrypted with the HOSTED
(default) or HYBRID
strategy, the PII Service will be able to decrypt it for you, the ivms101
property will contain the decrypted data. However, for END_2_END
encrypted data you can pass your jsonDIDKey
argument to decrypt it locally:
const txInfo = await client.transaction.get(id, jsonDIDKey);
To update a transaction simply call the following with the fields you wish to update:
const updatedTx = await client.transaction.update({
id: txCreated.id,
beneficiaryVASPdid: '...',
});
Note, you need specify an encryption method just like in transaction.create
(and your jsonDIDKey
):
const updatedTxEnd2End = await client.transaction.update(
{ id: txCreated.id, beneficiaryVASPdid: '...' },
jsonDIDKey // for END_2_END | HYBRID
// false | true
);
// transaction.create payload:
const payload = {
transactionAsset: 'ETH',
transactionAmount: '1111111000000000000',
originatorVASPdid: 'did:ethr:0xb086499b7f028ab7d3c96c4c2b71d7f24c5a0772',
beneficiaryVASPdid: 'did:ethr:0xa80b54afa45dc22a4ebc0e1a9b638998a7899c33',
transactionBlockchainInfo: {
origin: '0x123',
destination: '0x321',
},
originator: ivms.originator,
beneficiary: ivms.beneficiary,
};
const ivms = {
originator: {
originatorPersons: [
{
naturalPerson: {
name: [
{
nameIdentifier: [
{
primaryIdentifier: 'Frodo',
secondaryIdentifier: 'Baggins',
nameIdentifierType: 'LEGL',
},
],
},
],
nationalIdentification: {
nationalIdentifier: 'AABBCCDDEEFF0011223344',
nationalIdentifierType: 'CCPT',
countryOfIssue: 'NZ',
},
dateAndPlaceOfBirth: {
dateOfBirth: '1900-01-01',
placeOfBirth: 'Planet Earth',
},
geographicAddress: [
{
addressLine: ['Cool Road /-.st'],
country: 'BE',
addressType: 'HOME',
},
],
},
},
],
accountNumber: ['01234567890'],
},
beneficiary: {
beneficiaryPersons: [
{
naturalPerson: {
name: [
{
nameIdentifier: [
{
primaryIdentifier: 'Bilbo',
secondaryIdentifier: 'Bolson',
nameIdentifierType: 'LEGL',
},
],
},
],
},
},
],
accountNumber: ['01234567890'],
},
};
BSD 3-Clause © Notabene Inc.
FAQs
Client for Notabene's API
The npm package @notabene/nodejs receives a total of 907 weekly downloads. As such, @notabene/nodejs popularity was classified as not popular.
We found that @notabene/nodejs demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.