Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
ts-nkeys
A public-key signature system based on Ed25519 for the NATS ecosystem in typescript for ts-nats and node-nats
ts-nkeys
A public-key signature system based on Ed25519 for the NATS ecosystem system in JavaScript and Typescript.
ts-nkeys is a typescript nats library for node that for generating nkeys.
Installation
npm install ts-nkeys
Basic Usage
// create an user nkey - also possible to create accounts, clusters, servers.
let user = createUser();
// once you have an nkey you can generate various keys.
// A seed is the public and private keys together.
// Seeds are strings, and start with the letter 'S'.
// Seeds need to be kept safe and never shared.
let seed = user.getSeed();
t.true(Buffer.isBuffer(seed));
t.is(seed[0], 'S'.charCodeAt(0));
// the second letter in the seed represents its type:
// `U` for user,
// `A` for account,
// `C` for cluster
// `N` for severs
t.is(seed[1], 'U'.charCodeAt(0));
// public keys can be shared and can be used to verify signed content
let publicKey = user.getPublicKey();
t.true(Buffer.isBuffer(publicKey));
// first letter represents the type of public key
// `U` for user,
// `A` for account,
// `C` for cluster
// `N` for severs
t.is(publicKey[0], 'U'.charCodeAt(0));
// To sign data
let data = Buffer.from("HelloWorld");
let sig = user.sign(data);
// to verify use the user, public or seed:
t.true(user.verify(data, sig));
// public keys can be used to verify signatures you cannot sign with them though.
let pk = fromPublic(publicKey);
t.true(pk.verify(data, sig));
// seeds can be used to reconstitute the keypair from a string
let sk = fromSeed(seed);
t.true(sk.verify(data, sig));
// and can be used to sign
let sig2 = sk.sign(data);
t.true(sk.verify(data, sig));
Supported Node Versions
Our support policy for Nodejs versions follows Nodejs release support. We will support and build node-nats on even-numbered Nodejs versions that are current or in LTS.
License
Unless otherwise noted, the NATS source files are distributed under the Apache Version 2.0 license found in the LICENSE file.
Keywords
FAQs
A public-key signature system based on Ed25519 for the NATS ecosystem in typescript for ts-nats and node-nats
We found that ts-nkeys demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 25 Feb 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025