Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
blockstack
Advanced tools
The Blockstack Javascript library for authentication, identity, and storage.
Note: If you're looking for the Blockstack CLI repo it was merged with Blockstack Core.
$ npm install blockstack
You can import blockstack.js
as a script without using a package manager.
To securely use the latest distribution of blockstack.js from a CDN, use the following script in your application:
<script src="https://unpkg.com/blockstack@21.1.1/dist/blockstack.js" integrity="sha384-QsRlJlLKvr/Vq4iv1MPwTqoMx5hd0StlnCBCTdwbb0ituqCGaTxjNIkdahGHlnwb" crossorigin="anonymous"></script>
Note: this is script is bundled as standalone (UMD) lib, targeting ES6 (ECMAScript 2015).
Blockstack JS is a library for profiles/identity, authentication, and storage.
The authentication portion of this library can be used to:
The profiles/identity portion of this library can be used to:
The storage portion of this library can be used to:
Note: this lib is written in Typescript and is compiled to ES6 (ECMAScript 2015) syntax and uses CommonJS modules. The NPM package works out of the box within the Node.js runtime, and within browsers when using a common bundler (e.g. Webpack, Browserify, Rollup, etc).
Note: blockstack.js 0.14.0 and newer versions use a new on-disk format that is not backward compatible with prior versions.
This repository uses the git flow branching mode.
The latest released code as deployed to npm is in master
and the latest delivered development
changes for the next release are in develop
.
We use the git-flow-avh plugin.
Please send pull requests against develop
. Pull requests should include tests,
flow static type annotations and be lint free. Open your pull request using the template in PULL_REQUEST_TEMPLATE.md
Github issues marked help-wanted are great places to start. Please ask in a github issue or slack before embarking on larger issues that aren't labeled as help wanted or adding additional functionality so that we can make sure your contribution can be included!
This repository is maintained by yukan.id.
$ npm run test
We test on the "Active LTS" version of Node.
This test will only work with your browser's Cross-Origin Restrictions disabled.
Run npm run compile; npm run browserify
before opening the file test.html
in your browser.
See release-checklist.md
FAQs
The Blockstack Javascript library for authentication, identity, and storage.
We found that blockstack demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.