Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
airgap-coin-lib
Advanced tools
The airgap-coin-lib is a protocol agnostic library to prepare, sign and broadcast cryptocurrency transactions.
The airgap-coin-lib
is a protocol-agnostic library that allows easy handling of the most important tasks relating cryptocurrencies and blockchains.
It implements operations such as preparing, signing and broadcasting transactions for a range of protocols.
The library consists of a shared interface for all implemented protocols. This is especially useful in the context of AirGap because methods are designed to support offline key management and signing. The following core operations are specified:
prepareTransaction
- This is done on AirGap Wallet (online) side. Either a public key or extended public key is used and will fetch the required information from the network.signTransaction
- This is done in AirGap Vault (offline) side. The output of "prepareTransaction" is the input for this method (hence the output of "prepareTransaction" is transferred via URL scheme (same-device) or QR code (2-device-setup)).broadcastTransaction
- This is done in AirGap Wallet (online) side. The output of "signTransaction" is the input for this method (hence the output of "signTransaction" is transferred via URL scheme (same-device) or QR code (2-device-setup)).The modular design used in this library allows you to simply add new protocols with special logic. Adding a new Bitcoin-like protocol basically means:
src/networks.ts
)Adding a new Ethereum-like protocol means:
Currently supported are:
The way the interface was designed is to allow stateless calls. This means the class itself stores very little state itself. All required input comes from the method params (public key, extended public key, etc...)
Currently we support for Bitcoin-like (UTXO) protocols:
Currently we support for Ethereum-like (Account-based) protocols:
There is a different interface that can be implemented if the protocol supports delegation. The delegation flow usually requires some changes in the user interface of the AirGap Wallet as well.
A serializer is included that encodes JSON structures with RLP and base58check. Those strings can then be sent to the other app, either through QR codes or a URL. The serializer can only serialize messages in predefined formats, so new message types have to be added when new protocols are added.
Such that the system works we need to be able to synchronise wallets. A wallet can be:
For the single address wallet we only need to share the public key. For HD Wallet we need to share the extended public key.
npm >= 6
NodeJS >= 12
Build dependencies get installed using npm install
.
$ git clone https://github.com/airgap-it/airgap-coin-lib.git
$ cd airgap-coin-lib
$ npm install
To run the tests, you will have to install the test dependencies
$ npm run install-test-dependencies
$ npm test
To remove the test dependencies and clean up the package.json
and package-lock.json
, execute this command
$ npm run install-build-dependencies
We welcome contributions from the community. Simple readme updates or bugfixes can be addressed with a PR directly.
For larger changes like new protocols, new features or larger refactorings, please contact us first by opening an issue. This project is under constant development and until version 1.x.x
has been reached, there will be frequent breaking changes. So make sure to take a look at the develop
branch.
Regarding new protocols / currencies, we cannot guarantee that they will be merged, but we're more than happy to discuss the details of a specific integration in a github issue.
FAQs
The airgap-coin-lib is a protocol agnostic library to prepare, sign and broadcast cryptocurrency transactions.
The npm package airgap-coin-lib receives a total of 51 weekly downloads. As such, airgap-coin-lib popularity was classified as not popular.
We found that airgap-coin-lib demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.