Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

anchor-link

Package Overview
Dependencies
Maintainers
2
Versions
63
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

anchor-link

Library for authenticating and signing transactions using the Anchor Link protocol

  • 3.6.0
  • latest
  • Source
  • npm
  • Socket score
Version published
Weekly downloads
1.2K
decreased by-0.25%
Maintainers
2
Weekly downloads
 
Created
Source

Anchor Link Package Version License

Persistent, fast and secure signature provider for EOSIO chains built on top of EOSIO Signing Requests (EEP-7)

Key features:

  • Persistent account sessions
  • End-to-end encryption (E2EE)
  • Account-based identity proofs
  • Cross-device signing
  • Network resource management
  • Open standard

Resources:

Guides:

Examples:

Installation

The anchor-link package is distributed both as a module on npm and a standalone bundle on unpkg.

Browser using a bundler (recommended)

Install Anchor Link and a transport:

yarn add anchor-link anchor-link-browser-transport
# or
npm install --save anchor-link anchor-link-browser-transport

Import them into your project:

import AnchorLink from 'anchor-link'
import AnchorLinkBrowserTransport from 'anchor-link-browser-transport'

Browser using a pre-built bundle

Include the scripts in your <head> tag.

<script src="https://unpkg.com/anchor-link@3"></script>
<script src="https://unpkg.com/anchor-link-browser-transport@3"></script>

AnchorLink and AnchorLinkBrowserTransport are now available in the global scope of your document.

Using node.js

Using node.js

yarn add anchor-link anchor-link-console-transport
# or
npm install --save anchor-link anchor-link-console-transport

Import them into your project:

const AnchorLink = require('anchor-link')
const AnchorLinkConsoleTransport = require('anchor-link-console-transport')

Usage

First you need to instantiate your transport and the link.

const transport = new AnchorLinkBrowserTransport()
const link = new AnchorLink({
    transport,
    chains: [
        {
            chainId: 'aca376f206b8fc25a6ed44dbdc66547c36c6c33e3a119ffbeaef943642f0e906',
            nodeUrl: 'https://eos.greymass.com',
        },
    ],
})

Now you have a link instance that can be used in the browser to login and/or transact. See options for a full list of available options. Also refer to the anchor-link-browser-transport README for a list of available options within the transport.

Create a user session

To create a persistent session where you can push multiple transaction to a users wallet you need to call the login method on your link instance and pass your application name.

// Perform the login, which returns the users identity
const identity = await link.login('mydapp')

// Save the session within your application for future use
const {session} = identity
console.log(`Logged in as ${session.auth}`)

Perform a transaction with a user session

Using the session you have persisted within your applications state from the user login, you can now send transactions through the session to the users wallet using the transact method.

const action = {
    account: 'eosio',
    name: 'voteproducer',
    authorization: [session.auth],
    data: {
        voter: session.auth.actor,
        proxy: 'greymassvote',
        producers: [],
    },
}

session.transact({action}).then(({transaction}) => {
    console.log(`Transaction broadcast! Id: ${transaction.id}`)
})

Restoring a session

If a user has previously logged in to your application, you can restore that previous session by calling the restoreSession method on your link instance.

link.restoreSession('mydapp').then((session) => {
    console.log(`Session for ${session.auth} restored`)
    const action = {
        account: 'eosio',
        name: 'voteproducer',
        authorization: [session.auth],
        data: {
            voter: session.auth.actor,
            proxy: 'greymassvote',
            producers: [],
        },
    }
    session.transact({action}).then(({transaction}) => {
        console.log(`Transaction broadcast! Id: ${transaction.id}`)
    })
})

Additional Methods

A full list of all methods can be found in the Link class documentation.

One-shot transact

To sign action(s) or a transaction using the link without logging in you can call the transact method on your link instance.

const action = {
    account: 'eosio',
    name: 'voteproducer',
    authorization: [
        {
            actor: '............1', // ............1 will be resolved to the signing accounts name
            permission: '............2', // ............2 will be resolved to the signing accounts authority (e.g. 'active')
        },
    ],
    data: {
        voter: '............1', // same as above, resolved to the signers account name
        proxy: 'greymassvote',
        producers: [],
    },
}
link.transact({action}).then(({signer, transaction}) => {
    console.log(
        `Success! Transaction signed by ${signer} and bradcast with transaction id: ${transaction.id}`
    )
})

You can find more examples in the examples directory at the root of this repository and don't forget to look at the API documentation.

Transports

Transports in Anchor Link are responsible for getting signature requests to the users wallet when establishing a session or when using anchor link without logging in.

Available transports:

PackageDescription
anchor-link-browser-transportBrowser overlay that generates QR codes or triggers local URI handler if available
anchor-link-console-transportTransport that prints ASCII QR codes and esr:// links to the JavaScript console

See the LinkTransport documentation for details on how to implement custom transports.

Protocol

The Anchor Link protocol uses EEP-7 identity requests to establish a channel to compatible wallets using an untrusted HTTP POST to WebSocket forwarder (see buoy node.js).

A session key and unique channel URL is generated by the client which is attached to the identity request and sent to the wallet (see transports). The wallet signs the identity proof and sends it back along with its own channel URL and session key. Subsequent signature requests can now be encrypted to a shared secret derived from the two keys and pushed directly to the wallet channel.

📘 Protocol specification

Developing

You need Make, node.js and yarn installed.

Clone the repository and run make to checkout all dependencies and build the project. See the Makefile for other useful targets. Before submitting a pull request make sure to run make lint.

Made with ☕️ & ❤️ by Greymass, if you find this useful please consider supporting us.

FAQs

Package last updated on 10 Apr 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Input Validation Vulnerabilities Dominate MITRE's 2024 CWE Top 25 List

Security News

Input Validation Vulnerabilities Dominate MITRE's 2024 CWE Top 25 List

MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.

By Sarah Gooding  -  Nov 22, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc