Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
edge-core-js
Advanced tools
This library implements the Edge login system. It runs inside a client application, and provides zero-knowledge backup for cryptographic keys and other secrets via a familiar password-based login system.
We have documentation at https://developer.airbitz.co/javascript/, but our Flow types are the best, most up-to-date reference for what this library contains.
To quickly get up and running with the UI for account creation, login, and management, use edge-login-ui-web for the web or edge-login-ui-rn for React Native.
Add this library to your project using npm install --save edge-core-js
.
To create an EdgeContext
object, which provides various methods for logging in and creating account, do something like this:
const context = await makeEdgeContext({
apiKey: '...', // Get this from our support team
appId: 'com.your-app',
plugins: {
// Configure currencies, exchange rates, and swap providers you want to use:
'bitcoin': true
}
})
The core uses various plugins to provide its currency, exchange rate, and swap features. These plugins ship separately, and are designed to load in parallel with the core:
import { addEdgeCorePlugins, lockEdgeCorePlugins } from 'edge-core-js'
import exchangePlugins from 'edge-exchange-plugins'
import bitcoinPlugins from 'edge-currency-bitcoin'
import currencyPlugins from 'edge-currency-accountbased'
addEdgeCorePlugins(exchangePlugins)
addEdgeCorePlugins(bitcoinPlugins)
addEdgeCorePlugins(currencyPlugins)
lockEdgeCorePlugins()
If the core seems to hang forever when logging in, you probably forgot to call lockEdgeCorePlugins
.
Please note that edge-core-js uses modern JavaScript syntax features such as async
, so you may need to run the library through Babel if you plan to run it in a browser. Node 10+ supports these features natively.
Edge-core-js directly supports React Native v0.60+ with autolinking. Simply add edge-core-js to your application, and React Native will link the necessary native modules & assets.
To create an EdgeContext
object, you need to mount a component:
<MakeEdgeContext
// Get this from our support team:
apiKey="..."
appId="com.your-app"
// Configure currencies and swap providers you want to use:
plugins={{
'bitcoin': true
}}
pluginUris={[
"edge-currency-plugins.js",
"edge-exchange-plugins.js"
]}
// Called when the core is done loading:
onLoad={edgeContext => {}}
onError={error => {}}
/>
The core itself runs inside a hidden WebView, which this MakeEdgeContext
component mounts & manages.
The core creates a <script>
tag for each source file in the pluginUris
array. For this to work, you need to add these plugin files to your app's native asset bundle, which is located at /android/app/src/main/assets/
on Android. For iOS, drag these files into the "Resources" section of your Xcode project.
To debug the core, run yarn start
inside the edge-core-js project, and then pass a debug={true}
property to the MakeEdgeContext
component. This tells the WebView to load the core from a local development server.
Run yarn
to download dependencies, and then run yarn prepare
to build the library.
Use yarn verify
to run all our code-quality tools. All sources are in the JavaScript Standard Style + Prettier. We check files prior to each commit, so if you have formatting issues, you can run yarn fix
to fix them automatically.
If you use Visual Studio Code, consider installing the ESLint extension. This will give you nice error highlighting as you work, along with quick fixes for formatting issues.
2.20.2 (2024-11-21)
FAQs
Edge account & wallet management library
The npm package edge-core-js receives a total of 253 weekly downloads. As such, edge-core-js popularity was classified as not popular.
We found that edge-core-js demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.