
Security News
/Research
Wallet-Draining npm Package Impersonates Nodemailer to Hijack Crypto Transactions
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
cardano-web3-utils
Advanced tools
Cardano web3 is a javascript library that allows interaction with COSE Sign1 and CBOR encoded data and implements some helper methods for CIP-0093 Authenticated HTTP Web3 Requests.
The Web3Authentication
class provides authentication functionality. It has the following constructor and methods:
Web3Authentication(expirationTimeSpan: number, hostname: string)
: Creates a new instance of the Web3Authentication class. It takes the expiration time span in seconds and the hostname as parameters.authenticate<T>(uri: string, action: string, key: string, signature: string, options?: Web3AuthenticationOptions): { payload: Web3AuthenticationPayload & T; walletAddress: string }
: Performs authentication using the provided parameters. It returns an object with the authenticated payload and wallet address.The Web3AuthenticationError
class is an error subclass that represents authentication errors. It extends the built-in Error class and includes an additional property httpErrorCode to store the associated HTTP error code.
The Web3AuthenticationPayload
type defines the structure of the payload used in the authentication process. It includes properties such as uri, action, timestamp, and optional properties for additional secured data.
checkExpiration(payload: Web3AuthenticationPayload, expirationTimeSpan: number)
:
Checks if a payload has expired based on its timestamp and expiration time span.
getCoseSign1Bech32Address(signature: string)
: Extracts the bech32 address from a COSE_Sign1 signature.
getPayload(signature: string)
: Retrieves the payload from a COSE_Sign1 signature.
verifyCoseSign1Address(key: string, signature: string)
: Verifies if a COSE_Sign1 address matches the provided key.
verifyCoseSign1Signature(key: string, signature: string)
Verifies the integrity of a COSE_Sign1 signature using the provided key.
createCOSEKey(privateKey: CSL.PrivateKey)
: Creates a COSE Key structure from a private key.
createCOSESign1Signature(payload: object, address: CSL.RewardAddress, privateKey: CSL.PrivateKey)
: Creates a COSE_Sign1 signature using the provided payload, address, and private key.
createFakePrivateKey(accountNumber: number)
: Creates a fake private key for mocking purposes.
createRewardAddress(privateKey: CSL.PrivateKey, networkId: CSL.NetworkId)
: Creates a reward address from a private key and network ID.
If you find it useful, please consider inviting me a coffee :)
FAQs
Cardano utils for web3 apps
The npm package cardano-web3-utils receives a total of 6 weekly downloads. As such, cardano-web3-utils popularity was classified as not popular.
We found that cardano-web3-utils demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.