New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

hivesigner

Package Overview
Dependencies
Maintainers
2
Versions
25
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

hivesigner

Hivesigner SDK

latest
Source
npmnpm
Version
3.3.5
Version published
Maintainers
2
Created
Source

npm npm GitHub license

HiveSigner SDK

The official HiveSigner JavaScript SDK, written in Typescript. Library supports both callback and promise functions. Learn more about integration: https://docs.hivesigner.com.

Getting started

To install and run HiveSigner SDK, follow this quick start guide

Install

HiveSigner.js was designed to work both in the browser and in Node.js.

Node.js

To install HiveSigner.js on Node.js, open your terminal and run:

npm i hivesigner --save

Browser

You can create an index.html file and include HiveSigner.js with:

<script src="https://cdn.jsdelivr.net/npm/hivesigner"></script>

or

  <script src="https://unpkg.com/hivesigner@latest/dist/hivesigner.min.js"></script>

Usage

For general information about HiveSigner and setting up your app you can checkout the developer documentation.

Developers documentation

SDK methods

Init client

Call the Client() method when your app first loads to init the SDK:

var hivesigner = require('hivesigner');

var client = new hivesigner.Client({
  app: 'demo',
  callbackURL: 'https://demo.hivesigner.com',
  scope: ['vote', 'comment']
});

Parameters:

  • app: This is the username of the app that was registered in the HiveSigner dashboard
  • callbackURL: This is the URL that users will be redirected to after interacting with HiveSigner. It must be listed in the "Redirect URI(s)" list in the app settings EXACTLY the same as it is specified here
  • accessToken: If you have an oauth2 access token for this user already you can specify it here, otherwise you can leave it and set it later using hivesigner.setAccessToken(accessToken).
  • scope: This is a list of operations the app will be able to access on the user's account. For a complete list of scopes see: https://github.com/ledgerconnect/hivesigner/wiki/OAuth-2#scopes

Login

This method redirects to login screen on HiveSigner website.

client.login(params);

Get login URL for OAuth 2

The following method returns a URL that you can redirect the user to so that they may log in to your app through HiveSigner:

var link = client.getLoginURL(state, select_account);
// => https://hivesigner.com/oauth2/authorize?client_id=[app]&redirect_uri=[callbackURL]&scope=vote,comment&state=[state]&select_account=[select_account]

Parameters:

  • state: Data that will be passed to the callbackURL for your app after the user has logged in.
  • select_account: Optional, username selection/detection from Hivesigner UI, if username already imported

After logging in, HiveSigner will redirect the user to the "redirect_uri" specified in the login url above and add the following query string parameters for your app to use:

  • access_token: This is the oauth2 access token that is required to make any Hive API calls on behalf of the current user. Once you have this you need to tell the HiveSigner.js to use it by either specifying it as a parameter to the init() method call or by calling sc2.setAccessToken([accessToken]).
  • expires_in: The number of seconds until the access token expires.
  • username: The username of the current user.

Get user profile

Once a user is logged in to your app you can call the following method to get the details of their account:

client.me(function (err, res) {
  console.log(err, res)
});

If it is successful, the result will be a JSON object with the following properties:

{
  account: { id: 43593, name: "demo", ...},
  name: "demo",
  scope: ["vote"],
  user: "demo",
  _id: "demo",
  user_metadata: {profile: {name: "Demo account", ...}}
}

Decode memo

Decode encrypted memo, only works if encryption is done with hivesigner account's posting public key

client.decode(function (err, res) {
  console.log(err, res)
});

If it is successful, the result will be a JSON object with the following properties:

{
  memoDecoded: "#ev.....",
  username: "demo"
}

Logout

The revokeToken() method will log the current user out of your application by revoking the access token provided to your app for that user:

client.revokeToken(function (err, res) {
  console.log(err, res)
});

Vote

The vote() method will cast a vote on the specified post or comment from the current user:

client.vote(voter, author, permlink, weight, function (err, res) {
  console.log(err, res)
});

Parameters:

  • voter: The Hive username of the current user.
  • author: The Hive username of the author of the post or comment.
  • permlink: The link to the post or comment on which to vote. This is the portion of the URL after the last "/". For example the "permlink" for this post: https://ecency.com/communityfork/@hiveio/announcing-the-launch-of-hive-blockchain would be "announcing-the-launch-of-hive-blockchain".
  • weight: The weight of the vote. 10000 equale a 100% vote.
  • callback: A function that is called once the vote is submitted and included in a block. If successful the "res" variable will be a JSON object containing the details of the block and the vote operation.

Comment

The comment() method will post a comment on an existing post or comment from the current user:

client.comment(parentAuthor, parentPermlink, author, permlink, title, body, jsonMetadata, function (err, res) {
  console.log(err, res)
});

The comment() method is rate limited to 5 minutes per root comment (post), and 20 seconds per non-root comment (reply).

Delete comment

The deleteComment() method will mark a comment as deleted.

client.deleteComment(author, permlink, function (err, res) {
  console.log(err, res)
})

Custom json

client.customJson(requiredAuths, requiredPostingAuths, id, json, function (err, res) {
  console.log(err, res)
});

Reblog

client.reblog(account, author, permlink, function (err, res) {
  console.log(err, res)
});

Follow

client.follow(follower, following, function (err, res) {
  console.log(err, res)
});

Unfollow

client.unfollow(unfollower, unfollowing, function (err, res) {
  console.log(err, res)
});

Ignore

client.ignore(follower, following, function (err, res) {
  console.log(err, res)
});

Claim reward balance

client.claimRewardBalance(account, rewardHive, rewardHbd, rewardVests, function (err, res) {
  console.log(err, res)
});

Send operation

Transfer

const op = ['transfer', {
  from: '__signer',
  to: 'demo123',
  amount: '0.001 HIVE'
}];
hivesigner.sendOperation(op, {callback: `https://ecency.com/@${from}/wallet`}, function(err, result) {
  console.log(err, result);
});

Redirect with transaction id

Using redirect uri

https://hivesigner.com/sign/custom-json?authority=active&required_auths=%5B%22${user}%22%5D&required_posting_auths=%5B%5D&id=someid&json=${encodeURIComponent(json)}&redirect_uri=https://ecency.com/

The result will be : https://ecency.com/?id=XXX

FAQs

Package last updated on 01 Feb 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Supply Chain Attack on Axios Pulls Malicious Dependency from npm

Research

Supply Chain Attack on Axios Pulls Malicious Dependency from npm

A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHub releases.

By Socket Research Team  -  Mar 31, 2026