Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
hd-wallet
Advanced tools
For now, mostly a PoC. Uses bitcore-node for transaction lookup and trezor-crypto for address derivation, compiled through emscripten and run in a web worker. Supports persisting discovered state and doing partial update later on. Should out-perform all wallets available today that do client-side chain discovery.
Example is in example/index.js
; it is compiled in makefile to gh-pages
directory by make example
.
Built version is in gh-pages
branch.
You can also try it yourself here - http://trezor.github.io/hd-wallet/example.html (note that xpubs are preloaded there, but some simple GUI for inputing the XPUBs could be probably done).
Running the tests require an installed regtest-bitcore and an empty regtest blockchain, but there is a docker that runs the bitcore in background.
Before running coverage, do
make bitcore-test-docker
And you can normally run coverage tests.
LGPLv3, (C) 2016 Karel Bilek, Jan Pochyla
Coinselect MIT, (C) 2015 Daniel Cousens
FAQs
Data structures and algorithms for Bitcoin HD wallet.
The npm package hd-wallet receives a total of 20 weekly downloads. As such, hd-wallet popularity was classified as not popular.
We found that hd-wallet demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.