
Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
trezor-connect
Advanced tools
Trezor Connect v8 is under maintenance mode, all new development efforts are focused on v9. New integrations are recommended to start with v9.
NPM package trezor-connect will not receive any v9 changes. v9 changes are only available at NPM package @trezor/connect.
Trezor Connect is a platform for easy integration of Trezor into 3rd party services. It provides API with functionality to access public keys, sign transactions and authenticate users. User interface is presented in a secure popup window served from https://connect.trezor.io/8/popup.html
Please report any issues directly in our Trezor Suite monorepo and apply the connect
label.
We started tagging versions and releasing them to separate URLs, so we don't break any existing (and working) integrations.
Currently, we are at version 8, which has an url https://connect.trezor.io/8/trezor-connect.js. If you would like to find out which version is deployed precisely simply run:
curl -s https://connect.trezor.io/8/trezor-connect.js | grep VERSION
With regards to this repo - All updates should go to current version branch, the previous releases are in corresponding branches. The gh-pages is the same older version, that is used at trezor.github.io/connect/connect.js, and it's there for backwards compatibility; please don't touch.
For integration testing against trezord and emulator refer to this document.
FAQs
High-level javascript interface for Trezor hardware wallet.
We found that trezor-connect demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
Research
A malicious package uses a QR code as steganography in an innovative technique.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.