Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

scatter-js

Package Overview
Dependencies
Maintainers
1
Versions
29
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

scatter-js

This is an importable javascript library that allows web applications to directly interface with Scatter Desktop.

  • 1.1.10
  • npm
  • Socket score

Version published
Weekly downloads
11
increased by37.5%
Maintainers
1
Weekly downloads
 
Created
Source

Scatter JS

This is an importable javascript library that allows web applications to directly interface with Scatter Desktop.

Installation

// ES Module style
import ScatterJS from 'scatter-js/dist/scatter.esm';

// CommonJS style
import ScatterJS from 'scatter-js/dist/scatter.cjs';
 
//or
 
const ScatterJS = require('scatter-js/dist/scatter.<SUFFIX>');

You can also just drop the scatter.min.js bundle from the dist/ directory here right into your html file and use it as a fully packed browser-ready package.

<script src="path/to/scatter.min.js"></script>
CDN:

Coming soon.

Setup

This library catches both Scatter Desktop and Scatter Classic ( old extension ) depending on the existence of either. All you have to do is call scatter.connect(...) and it will feed you back one or the other once it connects, or time out after 5 seconds and return false in the connected result.

ScatterJS.scatter.connect("Put_Your_App_Name_Here").then(connected => {
    if(!connected) {
        // User does not have Scatter Desktop or Classic installed. 
        return false;
    }
    
    // Use `scatter` normally now.
    ScatterJS.scatter.getIdentity(...);
});

Using your own RSA Keypairs

scatter-js requires that you supply an RSA key for local socket encryption to the desktop client. This key only allows your app to prove itself to Scatter Desktop. How you choose to save the key ( local storage, session, backend ) is up to you, but if it changes then it will not re-prompt the user to accept connections from your application, they will have to know to manually remove the app link and resync with your application.

It is best to serve this key deterministically.

If no getter/setter is provided then scatter-js will use localStorage to store a randomly generated RSA key by default.

Getters and Setters must be promises!

let KEY = ``;
const keyGetter = () => new Promise(resolve => resolve(KEY));
const keySetter = (x) => new Promise(resolve => resolve(KEY = x));
 
ScatterJS.scatter.connect("Put_Your_App_Name_Here", {keyGetter, keySetter}).then(...);

Other Options

{
    keyGetter,
    keySetter,
    
    // You may specify a maximum timeout for checking if a user has Scatter installed
    // This defaults to 10 seconds
    initTimeout:10000,
    
    // You may also specify a maximum timeout for checking if a user has accepted the app link
    // inside of their Scatter desktop. This defaults to 30 seconds.
    linkTimeout:30000
}

Don't forget to null out the window.scatter reference!

scatter-js binds to the window reference if it notices that an application has a window on global scope. This is useful for <script src="..."> imports for sites without nodejs/npm, but is also semi-dangerous.

If you don't null out the window reference then extensions will be able to catch it on the window's scope and pretend to send requests from your authorized application.

The best practice is to offload the scatter reference to your own global/state variable and nullify the window ref.

setStateVariable(window.scatter);
 
window.scatter = null;

Scatter ( eosjs / web3 ) Usage

See the Developer Documentation to find out how to interact with Scatter and various blockchains.

Scatter sits on top of eosjs or web3, so learn to use those depending on which blockchain you are interfacing with.

FAQs

Package last updated on 07 Aug 2018

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc