Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@taquito/ledger-signer
Advanced tools
Documentation can be found here
TypeDoc style documentation is available here
@taquito/ledger-signer
is an npm package that provides developers with ledger signing functionality for Taquito. It implements the Signer interface of Taquito, allowing you to sign operations from a Ledger Nano device.
Install the package as follows
npm install @taquito/ledger-signer
To use the Ledger Signer we must first import the desired transport from the LedgerJs library.
The Ledger Signer has currently been tested with @ledgerhq/hw-transport-node-hid
for Node-based applications and with @ledgerhq/hw-transport-webhid
for web applications.
Pass an instance of the transport of your choice to the Ledger Signer as follows:
import transportWeb from '@ledgerhq/hw-transport-webhid';
import { LedgerSigner } from '@taquito/ledger-signer';
const transport = await transportWeb.create();
const ledgerSigner = new LedgerSigner(transport);
The constructor of the LedgerSigner
class takes three other optional parameters. If none are specified, the following default values are used:
path
: default value is "44'/1729'/0'/0'"HDPathTemplate
which refers to 44'/1729'/${account}'/0'
. You have to specify the index of the account you want to use. Or you can also use a complete path as a parameter. More details about paths hereprompt
: default is true@ledgerhq/hw-transport-webhid
, so you should not set this parameter to false if you are using this transport.derivationType
: default is DerivationType.ED25519import { LedgerSigner, DerivationType, HDPathTemplate } from '@taquito/ledger-signer';
const ledgerSigner = new LedgerSigner(
transport, //required
HDPathTemplate(1), // path optional (equivalent to "44'/1729'/1'/0'")
true, // prompt optional
DerivationType.ED25519 // derivationType optional
);
import { LedgerSigner } from '@taquito/ledger-signer';
import TransportWeb from '@ledgerhq/hw-transport-webhid';
import { TezosToolkit } from '@taquito/taquito';
const Tezos = new TezosToolkit('https://YOUR_PREFERRED_RPC_URL');
const transport = await TransportWeb.create();
const ledgerSigner = new LedgerSigner(transport);
Tezos.setProvider({ signer: ledgerSigner });
//Get the public key and the public key hash from the Ledger
const publicKey = await Tezos.signer.publicKey();
const publicKeyHash = await Tezos.signer.publicKeyHash();
See the top-level https://github.com/ecadlabs/taquito file for details on reporting issues, contributing and versioning.
THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
FAQs
Ledger signer provider
We found that @taquito/ledger-signer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.