Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
@trezor/connect-web
Advanced tools
@trezor/connect-web
High-level javascript interface for Trezor hardware wallet in web environment.
@trezor/connect-web
This package is bundled into web implementations. User interface is presented in a secure popup window served from connect.trezor.io/<version>/popup.html. To try it out, use @trezor/connect-explorer hosted here.
Contains minimum of code required to:
- Define
TrezorConnectAPI object - Create and handle communication between
@trezor/connect-iframehosted onhttps://connect.trezor.io/<version>/iframe.html - Create and handle communication and lifecycle of
@trezor/connect-popuphosted onhttps://connect.trezor.io/<version>/popup.html
Installation
Install library as npm module:
npm install @trezor/connect-web
or
yarn add @trezor/connect-web
Include library as inline script:
<script src="https://connect.trezor.io/9/trezor-connect.js"></script>
Initialization
ES6
import TrezorConnect from '@trezor/connect-web';
Inline
var TrezorConnect = window.TrezorConnect;
For more instructions refer to this document
Development
- clone repository:
git clone git@github.com:trezor/trezor-suite.git - install node_modules:
yarn && yarn build:libs - generate certs
yarn workspace @trezor/connect-web predev - It is possible to run local dev server with iframe and popup using:
yarn workspace @trezor/connect-web devNote: don't forget to visithttps://localhost:8088/and allow self-signed certificate. No UI is displayed here.
TrezorConnect Support Matrix
The table below details the support for different environments by TrezorConnect for integrating Trezor devices, including the use of WebUSB and the need for Trezor Bridge.
| Environment | Chrome | Firefox | Safari | Chrome Android | Firefox Android | Notes |
|---|---|---|---|---|---|---|
| Web (WebUSB) | ✓ | ✗ | ✗ | ✓ | ✗ | WebUSB is fully supported where indicated. (Chromium based browsers) |
| Web (Bridge) | ✓ | ✓ | ✗ | ✗ | ✗ | Trezor Bridge is required where WebUSB is not supported. (e.g. Firefox) |
| WebExtension (WebUSB, Bridge) | ✓ | ✓ | ✗ | ✓ | ✗ | Requires Trezor Bridge on platforms not supporting WebUSB. |
Key Differences
- WebUSB: Allows direct communication with Trezor devices via the browser. Supported by most modern browsers but may have limitations on mobile devices and is not supported by Safari.
- Trezor Bridge: A service that runs with Trezor Suite or Standalone that facilitates communication between your Trezor device and a web browser. Required for browsers that do not support WebUSB or for a more stable connection on desktop environments.
Keywords
FAQs
High-level javascript interface for Trezor hardware wallet in web environment.
The npm package @trezor/connect-web receives a total of 113,586 weekly downloads. As such, @trezor/connect-web popularity was classified as popular.
We found that @trezor/connect-web demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Package last updated on 18 Sep 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025