Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
did-resolver
Advanced tools
This library is intended as a simple common interface for javascript applications to resolve DID documents from Decentralized Identifiers (DIDs).
This is intended to support the proposed Decentralized Identifiers spec from the W3C Credentials Community Group.
The library does not implement any specific DID method, but allows DID method implementors to release npm packages that applications can add.
This removes the global resolver. We've learnt that this ended up causing many problems. Instead you should now instantiate a Resolver object and use that to resolve did's within your consuming app/library.
You now no longer register your DID resolvers using the global registerMethod()
function. Instead export the resolver function and show how to configure it in a local resolver object.
Resolver
objectYou are now required to preconfigure a resolver during instantiation. The Resolver
constructor expects a registry of methods mapped to a resolver function. For example:
{
ethr: resolve,
web: resolve
}
Each method resolver should expose a function called getResolver
which will return an object containing one of these key/value pairs. Then you can flatten them into one object to pass into the Resolver
constructor.
import { Resolver } from 'did-resolver'
import ethr from 'ethr-did-resolver'
import web from 'web-did-resolver'
import sov from 'sov-did-resolver'
//returns an object of { methodName: resolveFunction}
ethrResolver = ethr.getResolver()
webResolver = web.getResolver()
//If you are using multiple methods you need to flatten them into one object
const resolver = new Resolver({
...ethrResolver,
...webResolver,
})
//If you are using one method you can simply pass the result of getResolver( into the constructor
const resolver = new Resolver(ethrResolver)
The resolver presents a simple resolve()
function that returns a ES6 Promise returning the DID document.
resolver.resolve('did:uport:2nQtiQG6Cgm1GYTBaaKAgr76uY7iSexUkqX/some/path#fragment=123').then(doc => console.log)
// You can also use ES7 async/await syntax
const doc = await resolver.resolve('did:uport:2nQtiQG6Cgm1GYTBaaKAgr76uY7iSexUkqX/some/path#fragment=123')
Resolving DID Documents can be expensive. It is in most cases best to cache DID documents. Caching has to be specifically enabled using the cache
parameter
The built in cache uses a Map, but does not have an automatic TTL, so entries don't expire. This is fine in most web, mobile and serverless contexts. If you run a long running process you may want to use an existing configurable caching system.
The built in Cache can be enabled by passing in a true
value to the constructor:
const resolver = new DIDResolver({
ethr,
web
}, true)
Here is an example using js-cache
which has not been tested.
var cache = require('js-cache')
const customCache : DIDCache = (parsed, resolve) => {
// DID spec requires to not cache if no-cache param is set
if (parsed.params && parsed.params['no-cache'] === 'true') return await resolve()
const cached = cache.get(parsed.didUrl)
if (cached !== undefined) return cached
const doc = await resolve()
cache.set(parsed, doc, 60000)
return doc
}
const resolver = new DIDResolver({
ethr,
web
}, customCache)
Each DID method will have it's own methods for looking up an identifier on it's respective blockchain or other decentralized storage mechanism.
To avoid misconfiguration, method implementers should export a getResolver()
function. Which returns an object mapping the method name to a resolve(did: string, parsed: ParsedDID, didResolver: DIDResolver)
function. e.g. { ethr: resolve }
.
the resolve function should accept a did string, and an object of type ParsedDID
export function getResolver() {
async function resolve(
did: string,
parsed: ParsedDID,
didResolver: DIDResolver
): Promise<DIDDocument | null> {
console.log(parsed)
// {method: 'mymethod', id: 'abcdefg', did: 'did:mymethod:abcdefg/some/path#fragment=123', path: '/some/path', fragment: 'fragment=123'}
const didDoc = ...// lookup doc
// If you need to lookup another did as part of resolving this did document, the primary DIDResolver object is passed in as well
const parentDID = await didResolver.resolve(...)
//
return didDoc
}
return { myMethod: resolve }
}
The MyMethod getResolver()
result could then be passed into the DIDResolver constructor. Note that it should be flattened if used with other methods as well.
import { DIDResolver } from 'did-resolver'
import MyMethod from 'mymethod-did-resolver'
const myResolver = MyMethod.getResolver()
const resolver = new DIDResolver(myResolver)
FAQs
Resolve DID documents
The npm package did-resolver receives a total of 45,903 weekly downloads. As such, did-resolver popularity was classified as popular.
We found that did-resolver demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.