Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
did-resolver
Advanced tools
This library is intended as a simple common interface for javascript applications to resolve DID documents from Decentralized Identifiers (DIDs).
This is intended to support the proposed Decentralized Identifiers spec from the W3C Credentials Community Group.
The library does not implement any specific DID method, but allows DID method implementors to release npm packages that applications can add.
The resolver presents a simple resolver()
function that returns a ES6 Promise returning the DID document.
import resolve from 'did-resolver'
resolve('did:uport:2nQtiQG6Cgm1GYTBaaKAgr76uY7iSexUkqX/some/path#fragment=123').then(doc => console.log)
// You can also use ES7 async/await syntax
const doc = await resolve('did:uport:2nQtiQG6Cgm1GYTBaaKAgr76uY7iSexUkqX/some/path#fragment=123')
Each DID method will have it's own methods for looking up an identifier on it's respective blockchain or other decentralized storage mechanism.
A method implementer calls the registerMethod('methodname', resolver)
. where methodname
is the method identifier. The resolver is a function that receives a DID and a parsed version of the DID. It returns a ES6 Promise that looks up the DID document.
import { registerMethod } from 'did-resolver'
registerMethod('mymethod', (did, parsed) => new Promise(resolve, reject) => {
console.log(parsed)
// {method: 'mymethod', id: 'abcdefg', did: 'did:mymethod:abcdefg/some/path#fragment=123', path: '/some/path', fragment: 'fragment=123'}
const didDoc = ...// lookup doc
resolve(didDoc)
})
The method resolver should register this so that just requiring it will register the method:
import resolve from 'did-resolver'
import MyMethod from 'mymethod-did-resolver'
resolve('did:mymethod:abcdefg/some/path#fragment=123').then(doc => console.log)
FAQs
Resolve DID documents
We found that did-resolver demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.