gridplus-sdk - npm Package Compare versions

Comparing version 1.3.2 to 1.3.3

dist/calldata/evm.js

@@ -16,10 +16,8 @@ "use strict";
     // Find the first match in the ABI
-    var match = abi.find(function (item) {
-        if (item.type === 'function') {
-            var def = parseDef(item);
-            // If this matches the function selector (sig) we can return it
-            if (getFuncSig(def.canonicalName) === sig) {
-                return item;
-            }
-        }
+    var match = abi
+        .filter(function (item) { return item.type === 'function'; })
+        .find(function (item) {
+        var def = parseDef(item);
+        var funcSig = getFuncSig(def.canonicalName);
+        return funcSig === sig;
     });
@@ -26,0 +24,0 @@ if (match) {

dist/client.d.ts

@@ -41,3 +41,3 @@ /// <reference types="node" />
         /** If true we will not retry if we get a wrong wallet error code */
-        skipRetryOnWrongWallet: boolean;
+        skipRetryOnWrongWallet?: boolean;
     });
@@ -90,3 +90,3 @@ /**
         n: number;
-        flag: number;
+        flag?: number;
     }, _cb?: (err?: string, data?: Buffer | string[]) => void): Promise<Buffer>;
@@ -93,0 +93,0 @@ /**

dist/constants.d.ts

@@ -386,3 +386,21 @@ /** @internal Consistent with Lattice's IV */
 declare const ASCII_REGEX: RegExp;
-export { ASCII_REGEX, getFwVersionConst, ADDR_STR_LEN, AES_IV, BIP_CONSTANTS, BASE_URL, ENC_MSG_LEN, addressSizes, decResLengths, deviceCodes, encReqCodes, ethMsgProtocol, messageConstants, responseCodes, responseMsgs, signingSchema, REQUEST_TYPE_BYTE, VERSION_BYTE, HARDENED_OFFSET, HANDLE_LARGER_CHAIN_ID, MAX_CHAIN_ID_BYTES, ETH_ABI_LATTICE_FW_TYPE_MAP, };
+declare const NETWORKS_BY_CHAIN_ID: {
+    1: {
+        name: string;
+        baseUrl: string;
+    };
+    137: {
+        name: string;
+        baseUrl: string;
+    };
+    56: {
+        name: string;
+        baseUrl: string;
+    };
+    43114: {
+        name: string;
+        baseUrl: string;
+    };
+};
+export { ASCII_REGEX, getFwVersionConst, ADDR_STR_LEN, AES_IV, BIP_CONSTANTS, BASE_URL, NETWORKS_BY_CHAIN_ID, ENC_MSG_LEN, addressSizes, decResLengths, deviceCodes, encReqCodes, ethMsgProtocol, messageConstants, responseCodes, responseMsgs, signingSchema, REQUEST_TYPE_BYTE, VERSION_BYTE, HARDENED_OFFSET, HANDLE_LARGER_CHAIN_ID, MAX_CHAIN_ID_BYTES, ETH_ABI_LATTICE_FW_TYPE_MAP, };
 //# sourceMappingURL=constants.d.ts.map

dist/constants.js

@@ -15,3 +15,3 @@ "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ETH_ABI_LATTICE_FW_TYPE_MAP = exports.MAX_CHAIN_ID_BYTES = exports.HANDLE_LARGER_CHAIN_ID = exports.HARDENED_OFFSET = exports.VERSION_BYTE = exports.REQUEST_TYPE_BYTE = exports.signingSchema = exports.responseMsgs = exports.responseCodes = exports.messageConstants = exports.ethMsgProtocol = exports.encReqCodes = exports.deviceCodes = exports.decResLengths = exports.addressSizes = exports.ENC_MSG_LEN = exports.BASE_URL = exports.BIP_CONSTANTS = exports.AES_IV = exports.ADDR_STR_LEN = exports.getFwVersionConst = exports.ASCII_REGEX = exports.EXTERNAL = void 0;
+exports.ETH_ABI_LATTICE_FW_TYPE_MAP = exports.MAX_CHAIN_ID_BYTES = exports.HANDLE_LARGER_CHAIN_ID = exports.HARDENED_OFFSET = exports.VERSION_BYTE = exports.REQUEST_TYPE_BYTE = exports.signingSchema = exports.responseMsgs = exports.responseCodes = exports.messageConstants = exports.ethMsgProtocol = exports.encReqCodes = exports.deviceCodes = exports.decResLengths = exports.addressSizes = exports.ENC_MSG_LEN = exports.NETWORKS_BY_CHAIN_ID = exports.BASE_URL = exports.BIP_CONSTANTS = exports.AES_IV = exports.ADDR_STR_LEN = exports.getFwVersionConst = exports.ASCII_REGEX = exports.EXTERNAL = void 0;
 /** @internal Consistent with Lattice's IV */
@@ -511,1 +511,20 @@ var AES_IV = [
 exports.ASCII_REGEX = ASCII_REGEX;
+var NETWORKS_BY_CHAIN_ID = {
+    1: {
+        name: 'ethereum',
+        baseUrl: 'https://api.etherscan.io',
+    },
+    137: {
+        name: 'polygon',
+        baseUrl: 'https://api.polygonscan.com',
+    },
+    56: {
+        name: 'binance',
+        baseUrl: 'https://api.bscscan.com',
+    },
+    43114: {
+        name: 'avalanche',
+        baseUrl: 'https://api.snowtrace.io',
+    },
+};
+exports.NETWORKS_BY_CHAIN_ID = NETWORKS_BY_CHAIN_ID;

dist/genericSigning.js

@@ -197,3 +197,3 @@ "use strict";
             // strings right now).
-            parsed.sig.v = Buffer.from(vBn);
+            parsed.sig.v = vBn.toArrayLike(Buffer);
         }
@@ -200,0 +200,0 @@ }

dist/util.d.ts

@@ -69,2 +69,9 @@ /// <reference types="node" />
 export declare const getV: (tx: any, resp: any) => any;
+/**
+ *  Fetches calldata from a remote scanner based on the transaction's `chainId`
+ */
+export declare function fetchCalldataDecoder(_data: Uint8Array | string, to: string, _chainId: number | string): Promise<{
+    def: Buffer;
+    abi: any;
+}>;
 /** @internal */
@@ -74,3 +81,4 @@ export declare const EXTERNAL: {
     generateAppSecret: (deviceId: Buffer, password: Buffer, appName: Buffer) => Buffer;
+    fetchCalldataDecoder: typeof fetchCalldataDecoder;
 };
 //# sourceMappingURL=util.d.ts.map

dist/util.js

 "use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
+    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (_) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
 var __spreadArray = (this && this.__spreadArray) || function (to, from, pack) {
@@ -15,3 +51,3 @@ if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) {
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.EXTERNAL = exports.getV = exports.generateAppSecret = exports.isUInt4 = exports.randomBytes = exports.promisifyCb = exports.existsIn = exports.isAsciiStr = exports.buildSignerPathBuf = exports.getP256KeyPairFromPub = exports.getP256KeyPair = exports.parseDER = exports.aes256_decrypt = exports.aes256_encrypt = exports.fixLen = exports.ensureHexBuffer = exports.splitFrames = exports.isValidAssetPath = exports.toPaddedDER = exports.checksum = exports.parseLattice1Response = void 0;
+exports.EXTERNAL = exports.fetchCalldataDecoder = exports.getV = exports.generateAppSecret = exports.isUInt4 = exports.randomBytes = exports.promisifyCb = exports.existsIn = exports.isAsciiStr = exports.buildSignerPathBuf = exports.getP256KeyPairFromPub = exports.getP256KeyPair = exports.parseDER = exports.aes256_decrypt = exports.aes256_encrypt = exports.fixLen = exports.ensureHexBuffer = exports.splitFrames = exports.isValidAssetPath = exports.toPaddedDER = exports.checksum = exports.parseLattice1Response = void 0;
 // Static utility functions
@@ -30,2 +66,4 @@ var tx_1 = require("@ethereumjs/tx");
 var secp256k1_1 = require("secp256k1");
+var _1 = require(".");
+var superagent_1 = __importDefault(require("superagent"));
 var constants_1 = require("./constants");
@@ -436,6 +474,90 @@ var COINS = constants_1.BIP_CONSTANTS.COINS, PURPOSES = constants_1.BIP_CONSTANTS.PURPOSES;
 exports.getV = getV;
+/**
+ *  Fetches calldata from a remote scanner based on the transaction's `chainId`
+ */
+function fetchCalldataDecoder(_data, to, _chainId) {
+    var _a;
+    return __awaiter(this, void 0, void 0, function () {
+        var isHexString, data, selector, chainId, supportedChain_1, baseUrl, url_1, response_1, abi, url, response, fourByteResults, canonicalName, err_1;
+        return __generator(this, function (_b) {
+            switch (_b.label) {
+                case 0:
+                    _b.trys.push([0, 4, , 5]);
+                    // Exit if there is no data. The 2 comes from the 0x prefix, but a later
+                    // check will confirm that there are at least 4 bytes of data in the buffer.
+                    if (!_data || _data.length < 2) {
+                        throw new Error('Data is either undefined or less than two bytes');
+                    }
+                    isHexString = typeof _data === 'string' && _data.slice(0, 2) === '0x';
+                    data = isHexString ?
+                        Buffer.from(_data.slice(2), 'hex') :
+                        //@ts-expect-error - Buffer doesn't recognize Uint8Array type properly
+                        Buffer.from(_data, 'hex');
+                    if (data.length < 4) {
+                        throw new Error('Data must contain at least 4 bytes of data to define the selector');
+                    }
+                    selector = Buffer.from(data.slice(0, 4)).toString('hex');
+                    chainId = Number(_chainId);
+                    supportedChain_1 = constants_1.NETWORKS_BY_CHAIN_ID[chainId];
+                    if (!supportedChain_1) return [3 /*break*/, 2];
+                    baseUrl = supportedChain_1.baseUrl;
+                    url_1 = "".concat(baseUrl, "/api?module=contract&action=getabi&address=").concat(to, "&apiKey=").concat(process.env.ETHERSCAN_KEY);
+                    return [4 /*yield*/, superagent_1.default
+                            .get(url_1)
+                            .catch(function (err) {
+                            console.warn("Fetching calldata from ".concat(supportedChain_1.name, " failed\n"), err);
+                        })];
+                case 1:
+                    response_1 = _b.sent();
+                    if (response_1 &&
+                        response_1.body &&
+                        response_1.body.result) {
+                        abi = JSON.parse(response_1.body.result);
+                        return [2 /*return*/, {
+                                def: _1.Calldata.EVM.parsers.parseSolidityJSONABI(selector, abi),
+                                abi: abi
+                            }];
+                    }
+                    console.warn("Could not find selector in calldata for network: ".concat(supportedChain_1.name, "\n"), 'Falling back to 4byte\n');
+                    _b.label = 2;
+                case 2:
+                    url = "https://www.4byte.directory/api/v1/signatures?hex_signature=0x".concat(selector);
+                    return [4 /*yield*/, superagent_1.default
+                            .get(url)
+                            .catch(function (err) {
+                            console.warn('Failed to fetch calldata from 4byte \n', err);
+                        })];
+                case 3:
+                    response = _b.sent();
+                    if (response &&
+                        response.body &&
+                        response.body.results &&
+                        response.body.results.length) {
+                        fourByteResults = response.body.results;
+                        if (fourByteResults.length > 1) {
+                            console.warn('WARNING: There are multiple results. Using the first one.');
+                        }
+                        canonicalName = (_a = fourByteResults[0]) === null || _a === void 0 ? void 0 : _a.text_signature;
+                        return [2 /*return*/, {
+                                def: _1.Calldata.EVM.parsers.parseCanonicalName(selector, canonicalName),
+                                abi: fourByteResults
+                            }];
+                    }
+                    throw new Error('Could not find selector in calldata from 4byte');
+                case 4:
+                    err_1 = _b.sent();
+                    err_1.message = "Fetching calldata failed \n ".concat(err_1.message);
+                    console.warn(err_1);
+                    return [2 /*return*/, { def: null, abi: null }];
+                case 5: return [2 /*return*/];
+            }
+        });
+    });
+}
+exports.fetchCalldataDecoder = fetchCalldataDecoder;
 /** @internal */
 exports.EXTERNAL = {
     getV: exports.getV,
-    generateAppSecret: exports.generateAppSecret
+    generateAppSecret: exports.generateAppSecret,
+    fetchCalldataDecoder: fetchCalldataDecoder
 };

package.json

 {
   "name": "gridplus-sdk",
-  "version": "1.3.2",
+  "version": "1.3.3",
   "description": "SDK to interact with GridPlus Lattice1 device",
@@ -53,2 +53,3 @@ "scripts": {
     "@types/mocha": "^9.0.0",
+    "@types/superagent": "^4.1.15",
     "@typescript-eslint/eslint-plugin": "^5.10.0",
@@ -55,0 +56,0 @@ "@typescript-eslint/parser": "^5.10.0",

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

250193

increased by3.53%

Lines of code

5703

increased by2.98%

Worsened metrics

Dev dependency count

32

increased by3.23%

Number of low supply chain risk alerts

2

increased by100%

No dependency changes