Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Nostr signature stuff in WASM based on libsecp256k1.
yarn install
A demo application using this package is available at https://nostr-wasm-demo.pages.dev/.
First, choose which import method suites your needs:
Import with the WASM binary preloaded and uncompressed. No need to perform fetch
, but bundle will be larger (+332 KiB).
import {initNostrWasm} from 'nostr-wasm'
const nw = await initNostrWasm()
Import with the WASM binary preloaded and gzipped (requires access to globalThis.DecompressionSteam
). No need to perform fetch
, but bundle will be still be a bit larger (+175 KiB).
import {initNostrWasm} from 'nostr-wasm/gzipped'
const nw = await initNostrWasm()
Import without the WASM binary. Produces the smallest bundle size but requires fetching the binary yourself.
import {NostrWasm} from 'nostr-wasm/headless'
// provide the binary (the constructor also accepts raw bytes)
const nw = await NostrWasm(await fetch('secp256k1.wasm'))
// generate a random private key
const sec = nw.generateSecretKey()
// get its corresponding public key
const pubkey = nw.getPublicKey(sec)
// finalize a nostr event in-place, filling it with id, pubkey and sig
nw.finalizeEvent(event, sec)
// verify a nostr event checking its id and its signature against the given pubkey
try {
nw.verifyEvent(event)
} catch (err) {
console.log(err)
}
Caller is responsible for zero-ing out private keys in the Uint8Array it passes. Library only zeroes out the bytes in the copies it makes.
No, the library is imported as a git submodule directly from upstream.
Prerequisites:
git clone --recurse-submodules https://github.com/fiatjaf/nostr-wasm
cd nostr-wasm
bun install
just
The WASM binary will be output to public/out/secp256k1.wasm
.
The Emscripten-generated js file at public/out/secp256k1.js
is not needed for production if you are using the provided wrapper.
FAQs
nostr stuff in wasm
The npm package nostr-wasm receives a total of 2,717 weekly downloads. As such, nostr-wasm popularity was classified as popular.
We found that nostr-wasm demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.