Security News
PyPI Introduces Digital Attestations to Strengthen Python Package Security
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
trezor-link
Advanced tools
Library for low-level communication with TREZOR.
Intended as a "building block" for other packages - it is used in trezor.js and chrome extension.
You probably don't want to use this package directly. For communication with Trezor with a more high-level API, use trezor.js.
Use like this:
var Link = require('trezor-link');
var LowlevelTransport = Link.Lowlevel;
var NodeHidPlugin = Link.NodeHid;
var link = new LowlevelTransport(new NodeHidPlugin());
var config = fetch('https://wallet.mytrezor.com/data/config_signed.bin').then(function (response) {
if (response.ok) {
return response.text();
} else {
throw new Error(`Fetch error ${response.status}`);
}
});
return link.init().then(function () {
return config.then(function (configData) {
return link.configure(configData);
});
}).then(function () {
return link.enumerate();
}).then(function (devices) {
return link.acquire(devices[0].path);
}).then(function (session) {
return link.call(session, 'GetFeatures', {}).then(function (features) {
console.log(features);
return link.release(session);
});
}).catch(function (error) {
console.error(error);
});
Source is annotated with Flow types, so it's more obvious what is going on from source code.
If you want to use flow for typechecking, just include the file as normally, it will automatically use the included flow file. However, you need to add flowtype/*.js
to your [libs]
(or copy it yourself from flow-typed repository), and probably libs from flowconfig.
LGPLv3
FAQs
Trezor Link for browser
The npm package trezor-link receives a total of 91 weekly downloads. As such, trezor-link popularity was classified as not popular.
We found that trezor-link demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.