New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

ceramic-cacao

Package Overview
Dependencies
Maintainers
2
Versions
25
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

ceramic-cacao

Typescript library for Ceramic OCAP

  • 1.4.0
  • latest
  • Source
  • npm
  • Socket score
Version published
Weekly downloads
86
increased by126.32%
Maintainers
2
Weekly downloads
 
Created
Source

CACAO

A library to represent chain-agnostic Object Capabilities (OCAP), created using EIP-4361 (or similar for other blockchains), as an IPLD object.

Examples

Convert between CACAO and SIWE (EIP-4361)

const siweMessage = new SiweMessage({
  domain: 'service.org',
  address: address,
  statement: 'I accept the ServiceOrg Terms of Service: https://service.org/tos',
  uri: 'did:key:z6MkrBdNdwUPnXDVD1DCxedzVVBpaGi8aSmoXFAeKNgtAer8',
  version: '1',
  nonce: '32891757',
  issuedAt: '2021-09-30T16:25:24.000Z',
  chainId: '1',
  resources: [
    'ipfs://Qme7ss3ARVgxv6rXqVPiikMJ8u2NLgmgszg13pYrDKEoiu',
    'https://example.com/my-web2-claim.json',
    'ceramic://k2t6wyfsu4pg040dpjpbla1ybxof65baldb7fvmeam4m3n71q0w1nslz609u2d',
  ],
})

const cacao = Cacao.fromSiweMessage(siweMessage)
const siweMessage2 = SiweMessage.fromCacao(cacao)

Creating and signing a CACAO with private-key Wallet

import { Wallet } from '@ethersproject/wallet'
import { Cacao, CacaoBlock, SiweMessage } from 'ceramic-cacao'

const wallet = Wallet.createRandom()
const address = wallet.address

const siweMessage = new SiweMessage({
  domain: 'service.org',
  address: address,
  statement: 'I accept the ServiceOrg Terms of Service: https://service.org/tos',
  uri: 'did:key:z6MkrBdNdwUPnXDVD1DCxedzVVBpaGi8aSmoXFAeKNgtAer8',
  version: '1',
  nonce: '32891757',
  issuedAt: '2021-09-30T16:25:24.000Z',
  chainId: '1',
  resources: [
    'ipfs://Qme7ss3ARVgxv6rXqVPiikMJ8u2NLgmgszg13pYrDKEoiu',
    'https://example.com/my-web2-claim.json',
    'ceramic://k2t6wyfsu4pg040dpjpbla1ybxof65baldb7fvmeam4m3n71q0w1nslz609u2d',
  ],
})
const signature = await wallet.signMessage(siweMessage.toMessage())
siweMessage.signature = signature

const cacao = Cacao.fromSiweMessage(siweMessage)

Usage with EthereumAuthProvider requestCapability to update a TileDocument

import { Web3Provider } from "@ethersproject/providers"
import { EthereumAuthProvider } from "@ceramicnetwork/blockchain-utils-linking";
import { Ed25519Provider } from "key-did-provider-ed25519"
import { DID } from "dids"
import * as KeyDidResolver from "key-did-resolver";
import { TileDocument } from "@ceramicnetwork/stream-tile";
import { CeramicClient } from "@ceramicnetwork/http-client";
import type { Cacao } from "ceramic-cacao"

// Create the EthereumAuthProvider
const web3Provider = new Web3Provider(...) // connect to a provider
const address = "0xAB..." // get the signer address
const ethereumAuthProvider = new EthereumAuthProvider(web3Provider.provider, address) // Note: we pass the underlying RPC provider, not the ethers.js wrapped version

// Create a determinstic document for the user
const ceramic = new CeramicClient(CERAMIC_API_URL) // Ceramic HTTP Client
const deterministicDocument = await TileDocument.deterministic(ceramic, {
    deterministic: true,
    family: 'randomFamily',
    controllers: [`did:pkh:eip155:1:${address}`]
})

// Create a session key for the dApp
const seed = ... // 32 bytes of entropy
const didProvider = new Ed25519Provider(seed)
const didKey = new DID({
    provider: didProvider,
    resolver: KeyDidResolver.getResolver()
})
await didKey.authenticate()

// Request capability from user
const cacao = await ethereumAuthProvider.requestCapability(didKey.id, [deterministicDocument.id.toUrl()])

// Attach capability to session key
const didKeyWithCap = didKey.withCapability(cacao);
await didKeyWithCap.authenticate()

// Update user's TileDocument using session key that has the capability
await deterministicDocument.update({ foo: 'bar' }, {}, {
    asDid: didKeyWithCap
})

License

Dual licensed with APACHE and MIT

FAQs

Package last updated on 26 Aug 2022

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts

Security News

Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts

Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.

By Sarah Gooding  -  Jan 24, 2025
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc