Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
The Blockstack Javascript library for authentication, identity, and storage.
Note: If you're looking for the Blockstack CLI repo it was merged with Blockstack Core.
$ npm install blockstack
You can import blockstack.js
as a script without using a package manager.
To securely use the latest distribution of blockstack.js from a CDN, use the following script in your application:
<script src="https://unpkg.com/blockstack@21.1.1/dist/blockstack.js" integrity="sha384-QsRlJlLKvr/Vq4iv1MPwTqoMx5hd0StlnCBCTdwbb0ituqCGaTxjNIkdahGHlnwb" crossorigin="anonymous"></script>
Note: this is script is bundled as standalone (UMD) lib, targeting ES6 (ECMAScript 2015).
Blockstack JS is a library for profiles/identity, authentication, and storage.
The authentication portion of this library can be used to:
The profiles/identity portion of this library can be used to:
The storage portion of this library can be used to:
Note: this lib is written in Typescript and is compiled to ES6 (ECMAScript 2015) syntax and uses CommonJS modules. The NPM package works out of the box within the Node.js runtime, and within browsers when using a common bundler (e.g. Webpack, Browserify, Rollup, etc).
Note: blockstack.js 0.14.0 and newer versions use a new on-disk format that is not backward compatible with prior versions.
This repository uses the git flow branching mode.
The latest released code as deployed to npm is in master
and the latest delivered development
changes for the next release are in develop
.
We use the git-flow-avh plugin.
Please send pull requests against develop
. Pull requests should include tests,
flow static type annotations and be lint free. Open your pull request using the template in PULL_REQUEST_TEMPLATE.md
Github issues marked help-wanted are great places to start. Please ask in a github issue or slack before embarking on larger issues that aren't labeled as help wanted or adding additional functionality so that we can make sure your contribution can be included!
This repository is maintained by yukan.id.
$ npm run test
We test on the "Active LTS" version of Node.
This test will only work with your browser's Cross-Origin Restrictions disabled.
Run npm run compile; npm run browserify
before opening the file test.html
in your browser.
See release-checklist.md
1.0.0-beta.1 (2020-09-28)
FAQs
The Blockstack Javascript library for authentication, identity, and storage.
The npm package blokstack receives a total of 2 weekly downloads. As such, blokstack popularity was classified as not popular.
We found that blokstack demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.