
Research
Malicious npm Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet Credentials
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
@web3auth/auth
Advanced tools
Web3Auth is where passwordless auth meets non-custodial key infrastructure for Web3 apps and wallets. By aggregating OAuth (Google, Twitter, Discord) logins, different wallets and innovative Multi Party Computation (MPC) - Web3Auth provides a seamless login experience to every user on your application.
Your Web3Auth account is a cryptographic key that acts as a proxy to traditional SSOs. Accounts are secured across user devices and authentication methods - there is no central server, no data honey pot. It combines both CustomAuth and tKey and provides you with a nice UI and UX flows
Please refer to docs for API Reference available here.
Each sub package is distributed in 3 formats
esm
build dist/lib.esm.js
in es6 formatcommonjs
build dist/lib.cjs.js
in es5 formatumd
build dist/auth.umd.min.js
in es5 format without polyfilling corejs minifiedBy default, the appropriate format is used for your specified usecase You can use a different format (if you know what you're doing) by referencing the correct file
The cjs build is not polyfilled with core-js. It is upto the user to polyfill based on the browserlist they target
CDN's serve the non-core-js polyfilled version by default. You can use a different
jsdeliver
<script src="https://cdn.jsdelivr.net/npm/auth"></script>
unpkg
<script src="https://unpkg.com/auth"></script>
Ensure you have a Node.JS
development environment setup:
git clone https://github.com/web3auth/Auth.git
cd Auth
npm i
npm run build
To run tests:
npm test
@babel/runtime
AuthSdk
is MIT Licensed
TODO: fix demo app ci
FAQs
Auth sdk for web3auth
The npm package @web3auth/auth receives a total of 8,743 weekly downloads. As such, @web3auth/auth popularity was classified as popular.
We found that @web3auth/auth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.