Research
/Security News
Shai Hulud Strikes Again (v2)
Another wave of Shai-Hulud campaign has hit npm with more than 500 packages and 700+ versions affected.
By Socket Research Team -  Nov 24, 2025
🚨 Shai-Hulud Strikes Again:More than 500 packages and 700+ versions compromised.Technical Analysis →
@trezor/connect-common
Advanced tools
@trezor/connect-common
Collection of assets and utilities used by @trezor/connect* packages.
files
bridge
Data in releases.json are used to determine which version of Bridge to use depending on the user's operating system.
firmware
Binaries of the latest versions of firmware for each Trezor model are included in this package so that they are available to users of Suite desktop app without connecting to the internet. The process of adding new firmwares is described here. Besides the latest versions, T1B1 and T2T1 both require a transitory version for upgrading from old firmware (intermediary firmware trezor-inter-1.10.0.bin for T1B1 and version trezor-2.1.1.bin for T2T1).
There is a releases.json file for each Trezor model which must be updated any time new binaries are added. This file provides data about all available firmware versions and it is used to display them in Suite and to make sure that the correct firmware is downloaded. Read more about releases.json and it's structure here
src
Storage
A utility to remember app permissions given by user.
Publishing
Follow instructions how to publish @trezor package to npm registry.
Keywords
FAQs
Collection of assets and utils used by trezor-connect library.
The npm package @trezor/connect-common receives a total of 133,795 weekly downloads. As such, @trezor/connect-common popularity was classified as popular.
We found that @trezor/connect-common demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Package last updated on 23 Oct 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Introducing Webhook Events for Alert Changes
Add real-time Socket webhook events to your workflows to automatically receive software supply chain alert changes in real time.
By Phil Gates-Idem -  Nov 21, 2025
Security News
ENISA Becomes a CVE Root, Expanding Its Role in Europe’s Vulnerability Ecosystem
ENISA has become a CVE Program Root, giving the EU a central authority for coordinating vulnerability reporting, disclosure, and cross-border response.
By Sarah Gooding -  Nov 21, 2025