ual-scatter - npm Package Compare versions

Comparing version 0.1.6 to 0.1.7-alpha1

dist/ScatterUser.js

@@ -11,12 +11,6 @@ "use strict";
 };
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
-    return result;
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 const eosjs_1 = require("eosjs");
-const ecc = __importStar(require("eosjs-ecc"));
+const eosjs_jssig_1 = require("eosjs/dist/eosjs-jssig");
+const elliptic_1 = require("elliptic");
 const universal_authenticator_library_1 = require("universal-authenticator-library");
@@ -62,3 +56,13 @@ const UALScatterError_1 = require("./UALScatterError");
                 this.scatter.authenticate(challenge).then((signature) => __awaiter(this, void 0, void 0, function* () {
-                    const pubKey = ecc.recover(signature, challenge);
+                    const ecc = new elliptic_1.ec('secp256k1');
+                    const signatureBuffer = Buffer.from(signature);
+                    const i = signatureBuffer.readUInt8(0);
+                    let recoveryParam = i;
+                    recoveryParam -= 27;
+                    // tslint:disable-next-line: no-bitwise
+                    recoveryParam = recoveryParam & 3;
+                    if (recoveryParam > 3) {
+                        throw new Error('Could not get recovery param from signature');
+                    }
+                    const pubKey = ecc.recoverPubKey(challenge, eosjs_jssig_1.Signature.fromString(signature).toElliptic(), recoveryParam);
                     const myKeys = yield this.getKeys();
@@ -65,0 +69,0 @@ for (const key of myKeys) {

package.json

 {
   "name": "ual-scatter",
-  "version": "0.1.6",
+  "version": "0.1.7-alpha1",
   "main": "dist/index.js",
@@ -24,4 +24,5 @@ "license": "MIT",
   "dependencies": {
-    "eosjs": "20.0.0",
-    "eosjs-ecc": "4.0.4",
+    "@types/elliptic": "^6.4.10",
+    "elliptic": "^6.5.1",
+    "eosjs": "20.0.2-27905cc.0",
     "scatterjs-core": "2.7.17",
@@ -28,0 +29,0 @@ "scatterjs-plugin-eosjs2": "^1.5.0",

Fixed alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

33489

increased by1.31%

Lines of code

420

increased by0.96%

Number of medium supply chain risk alerts

0

decreased by-100%

Worsened metrics

Dependency count

6

increased by20%

Dependency changes

• + Added@types/elliptic@^6.4.10

• + Addedelliptic@^6.5.1

• + Added@types/bn.js@5.1.6(transitive)

• + Added@types/elliptic@6.4.18(transitive)

• + Added@types/node@22.13.1(transitive)

• + Addedbn.js@4.12.1(transitive)

• + Addedbrorand@1.1.0(transitive)

• + Addedelliptic@6.6.1(transitive)

• + Addedeosjs@20.0.2-27905cc.0(transitive)

• + Addedhash.js@1.1.7(transitive)

• + Addedhmac-drbg@1.0.1(transitive)

• + Addedminimalistic-assert@1.0.1(transitive)

• + Addedminimalistic-crypto-utils@1.0.1(transitive)

• + Addedundici-types@6.20.0(transitive)

• - Removedeosjs-ecc@4.0.4

• - Removedbase-x@3.0.10(transitive)

• - Removedbigi@1.4.2(transitive)

• - Removedbrowserify-aes@1.2.0(transitive)

• - Removedbs58@4.0.1(transitive)

• - Removedbuffer-xor@1.0.3(transitive)

• - Removedbytebuffer@5.0.1(transitive)

• - Removedcreate-hmac@1.1.7(transitive)

• - Removedecurve@1.0.6(transitive)

• - Removedeosjs@20.0.0(transitive)

• - Removedeosjs-ecc@4.0.4(transitive)

• - Removedevp_bytestokey@1.0.3(transitive)

• - Removedlong@3.2.0(transitive)

• - Removedrandombytes@2.1.0(transitive)

• Updatedeosjs@20.0.2-27905cc.0