
Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
@psychedelic/cover
Advanced tools
Cover SDK is JavaScript and TypeScript client library for integrating the Cover protocol into applications.
Cover's SDK makes it easy to:
... And more!
npm i @psychedelic/cover
const {Cover} = require('@psychedelic/cover');
import {Cover} from '@psychedelic/cover';
const cover = new Cover(identity: SignIdentity);
cover.verify(canisterId: Principal): Promise<boolean>;
// wasm hash in Cover verification
cover.getCoverHash(canisterId: Principal): Promise<string | undefined>;
// wasm hash on IC network
cover.getICHash(canisterId: Principal): Promise<string | undefined>;
// provide a pagination info to get all verifications
// PaginationInfo {
// items_per_page has Min value = 10 & Max = 120
// page_index is start from 1
// }
cover.getAllVerifications(paginationInfo: PaginationInfo): Promise<VerificationPagination>;
// get verification by canister id
cover.getVerificationByCanisterId(canisterId: Principal): Promise<Verification | undefined>;
// get verification statistics
cover.getVerificationStats(): Promise<Stats>;
cover.getMyVerificationStats(): Promise<Stats>;
interface Pagination {
page_index: bigint;
data: Array<T>;
total_pages: bigint;
total_items: bigint;
is_first_page: boolean;
items_per_page: bigint;
is_last_page: boolean;
}
// get all build configs
cover.getMyBuildConfigs(): Promise<Array<BuildConfig>>;
// get build config by canister id
cover.getMyBuildConfigById(canisterId: Principal): Promise<BuildConfig | undefined>;
// delete a build config
cover.deleteMyBuildConfig(canisterId: Principal): Promise<void>;
// provide a pagination info to get activities
// PaginationInfo {
// items_per_page has Min value = 10 & Max = 120
// page_index is start from 1
// }
cover.getActivities(paginationInfo: PaginationInfo): Promise<ActivityPagination>;
cover.getMyActivities(paginationInfo: PaginationInfo): Promise<MyActivityPagination>;
// from Cover's instance
cover.coverMetadata(canisterId: Principal): Promise<CoverMetadata>;
// without Cover's instance
Cover.anonymousCoverMetadata(canisterId: Principal): Promise<CoverMetadata>;
// save a build config
cover.saveBuildConfig(buildConfigRequest: BuildConfigRequest): Promise<void>;
// build a config
cover.build(buildRequest: BuildRequest): Promise<void>;
// build a saved config
cover.buildWithConfig(buildWithConfigRequest: BuildWithConfigRequest): Promise<void>;
// save a build config without create a Cover instance
Cover.anonymousSaveBuildConfig(buildConfigRequest: AnonymousBuildConfigRequest, coverConfig?: CoverConfig): Promise<void>;
// build a config without create a Cover instance
Cover.anonymousBuild(buildRequest: AnonymousBuildRequest, coverConfig?: CoverConfig): Promise<void>;
// build a saved config without create a Cover instance
Cover.anonymousBuildWithConfig(buildWithConfigRequest: AnonymousBuildWithConfigRequest, coverConfig?: CoverConfig): Promise<void>;
// build with metadata
Cover.buildWithCoverMetadata(coverMetadataRequest: CoverMetadataRequest, coverConfig?: CoverConfig): Promise<void>;
// get public key
getPublicKey: (identity: SignIdentity) => string;
// sign a signature, return a hex string
sign: (identity: SignIdentity, timestamp: number) => Promise<string>;
// error codes from the validator side(wrong format, missing arguments, internal error,...)
ERR_XXX;
// error codes from the sdk side(can't connect to the Validator, ...)
SDK_ERR_XXX;
// the error object will include these fields
{
code: string;
message: string;
details: unknown;
}
Example extract identity from PEM using SDK
import {Cover, getPublicKey, sign} from '@psychedelic/cover';
import {Ed25519KeyIdentity} from '@dfinity/identity';
import {Principal} from '@dfinity/principal';
import {SignIdentity} from '@dfinity/agent';
// create new identity
const identity = Ed25519KeyIdentity.generate() as SignIdentity;
const cover = new Cover(identity);
// verify a canister
const isVerified = await cover.verify(Principal.fromText('iftvq-niaaa-aaaai-qasga-cai'));
// get wasm hash from IC network
const icHash = await cover.getICHash(Principal.fromText('iftvq-niaaa-aaaai-qasga-cai'));
// get wasm hash from Cover verification
const coverHash = await cover.getCoverHash(Principal.fromText('iftvq-niaaa-aaaai-qasga-cai'));
// get Cover verification by canister ID
const verification = await cover.getVerificationByCanisterId(Principal.fromText('iftvq-niaaa-aaaai-qasga-cai'));
// get public key
const publicKey = getPublicKey(identity);
// sign a signature
const timestamp = new Date().getTime();
const signature = await sign(identity, timestamp);
FAQs
Cover Software Development Kit
We found that @psychedelic/cover demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
Research
A malicious package uses a QR code as steganography in an innovative technique.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.