New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@pcd/eddsa-frog-pcd

Package Overview
Dependencies
Maintainers
5
Versions
13
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@pcd/eddsa-frog-pcd

Install the `@pcd/eddsa-frog-pcd` package with npm:

latest
npmnpm
Version
0.7.0
Version published
Maintainers
5
Created
Source

@pcd/eddsa-frog-pcd

License NPM version Downloads Docs

This package defines a PCD designed to verify the authenticity of an object in the FROGCRYPTO universe signed using an EdDSA key.

🛠 Install

Install the @pcd/eddsa-frog-pcd package with npm:

npm i @pcd/eddsa-frog-pcd

or yarn:

yarn add @pcd/eddsa-frog-pcd

📜 Usage

Prove

import { newEdDSAPrivateKey } from "@pcd/eddsa-pcd"
import { IFrogData, prove } from "@pcd/eddsa-frog-pcd"
import { ArgumentTypeName } from "@pcd/pcd-types"
import { v4 as uuid } from "uuid";

// Generate a new EdDSA private key.
const privateKey = newEdDSAPrivateKey()

// Prepare the frog object to sign.
// The following are just dummy values used for testing.
const frogData: IFrogData = {
    name: "test name",
      description: "test description",
      imageUrl: "/frog.png",
      frogId: 0,
      biome: 0,
      rarity: 0,
      temperament: 0,
      jump: 0,
      speed: 0,
      intelligence: 0,
      beauty: 0,
      timestampSigned: Date.now(),
      ownerSemaphoreId: "12345"
}

// Create a PCD with the required attributes and their types.
// It uses the EdDSA PCD to sign the message, which is the serialized data in this PCD.
const pcd = await prove({
    // The id is optional and if you don't pass it a random value will be automatically created.
    id: {
        argumentType: ArgumentTypeName.String
    },
    data: {
        value: frogData,
        argumentType: ArgumentTypeName.Object
    },
    privateKey: {
        argumentType: ArgumentTypeName.String,
        value: privateKey
    }
})

console.log(pcd)
/*
EdDSAFrogPCD {
  type: 'eddsa-frog-pcd',
  id: '3b7617ce-5631-45e7-8cf0-496ae2b4d96f',
  claim: {
    data: {
      name: 'test name',
      description: 'test description',
      imageUrl: '/frog.png',
      frogId: 0,
      biome: 0,
      rarity: 0,
      temperament: 0,
      jump: 0,
      speed: 0,
      intelligence: 0,
      beauty: 0,
      timestampSigned: 1698095960615,
      ownerSemaphoreId: '12345'
    }
  },
  proof: {
    eddsaPCD: EdDSAPCD {
      type: 'eddsa-pcd',
      id: 'a9763be4-b12c-41ca-a8af-6d69669e62c5',
      claim: [Object],
      proof: [Object]
    }
  }
}
*/

Verify

In most cases, verifying the validity of the PCD with the 'verify' function is not enough. It may also be necessary to check the public key of the entity that signed the claim and verify the authenticity of the entity.

import { verify } from "@pcd/eddsa-frog-pcd";

const isValid = await verify(pcd);

console.log(isValid); // true

// Other possible checks.
pcd.proof.eddsaPCD.claim.publicKey[0] === expectedPublicKey[0];
pcd.proof.eddsaPCD.claim.publicKey[1] === expectedPublicKey[1];

Serialize

import { serialize } from "@pcd/eddsa-frog-pcd";

const serialized = await serialize(pcd);

console.log(serialized);
/*
{
  type: 'eddsa-frog-pcd',
  pcd: '{"id":"b98d9c5f-2077-4953-abeb-dd64d1bcf680","eddsaPCD":{"type":"eddsa-pcd","pcd":"{\\"type\\":\\"eddsa-pcd\\",\\"id\\":\\"af060fbf-b5bd-4edc-bc82-8b5351701339\\",\\"claim\\":{\\"message\\":[\\"0\\",\\"0\\",\\"0\\",\\"0\\",\\"0\\",\\"0\\",\\"0\\",\\"0\\",\\"18b5e68ab1c\\",\\"3039\\",\\"0\\",\\"0\\",\\"0\\"],\\"publicKey\\":[\\"1d5ac1f31407018b7d413a4f52c8f74463b30e6ac2238220ad8b254de4eaa3a2\\",\\"1e1de8a908826c3f9ac2e0ceee929ecd0caf3b99b3ef24523aaab796a6f733c4\\"]},\\"proof\\":{\\"signature\\":\\"a8ad5876f708466f68f87c45d3a2849e0a75b8532f302034ee68c47d90f10e82515de475419389445251a5d8473296c61cdcfa8291cf0db682dffd4298d90b04\\"}}"},"data":{"name":"test name","description":"test description","imageUrl":"/frog.png","frogId":0,"biome":0,"rarity":0,"temperament":0,"jump":0,"speed":0,"intelligence":0,"beauty":0,"timestampSigned":1698095999772,"ownerSemaphoreId":"12345"}}'
}
*/

Deserialize

import { deserialize } from "@pcd/eddsa-frog-pcd";

const deserialized = await deserialize(serialized.pcd);

console.log(deserialized);
/*
EdDSAFrogPCD {
  type: 'eddsa-frog-pcd',
  id: 'b98d9c5f-2077-4953-abeb-dd64d1bcf680',
  claim: {
    data: [Object: null prototype] {
      name: 'test name',
      description: 'test description',
      imageUrl: '/frog.png',
      frogId: 0,
      biome: 0,
      rarity: 0,
      temperament: 0,
      jump: 0,
      speed: 0,
      intelligence: 0,
      beauty: 0,
      timestampSigned: 1698095999772,
      ownerSemaphoreId: '12345'
    }
  },
  proof: {
    eddsaPCD: EdDSAPCD {
      type: 'eddsa-pcd',
      id: 'af060fbf-b5bd-4edc-bc82-8b5351701339',
      claim: [Object],
      proof: [Object]
    }
  }
}
*/

FAQs

Package last updated on 31 Oct 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Axios Maintainer Confirms Social Engineering Attack Behind npm Compromise

Security News

Axios Maintainer Confirms Social Engineering Attack Behind npm Compromise

Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.

By Sarah Gooding  -  Apr 02, 2026