Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
uport-connect
Advanced tools
Uport is a system for self-sovereign digital identity.
This is the client side library that is used to interact with the mobile application where the end-user's keys are stored.
Signing transactions thus requires that the transactions are sent to the phone where they can be signed. This is accomplished by showing the user a QR-code for each transaction. The user can then verify the transaction on the phone and send it to the Ethereum network.
In order to make this flow easy for developers, uport-connect
provides a custom web3 provider which takes care of all of this.
For additional documentation on all functionality visit our docs. For a quick start read below.
First we will instantiate the Uport object.
import { Connect } from 'uport-connect'
const uport = new Connect('MyDApp')
To ask the user for their credentials use requestCredentials()
:
uport.requestCredentials().then((credentials) => {
console.log(credentials)
})
If all we want is the address of the connected user we can use requestAddress()
:
uport.requestAddress().then((address) => {
console.log(address)
})
For use directly in the browser you can reference the uport-connect distribution files from a number of places. They can be found in our npm package in the 'dist' folder or you can build them locally from this repo.
For a quick setup you may also request a remote copy from unpkg CDN as follows:
<!-- The most recent version -->
<script src="https://unpkg.com/uport-connect/dist/uportconnect.js"></script>
<!-- The most recent minified version -->
<script src="https://unpkg.com/uport-connect/dist/uportconnect.min.js"></script>
<!-- You can also fetch specific versions by specifying the version -->
<script src="https://unpkg.com/uport-connect@0.4.5/dist/uportconnect.js"></script>
Then to instantiate the uPort object from the browser window object:
var uportconnect = window.uportconnect
var uport = new uportconnect.Connect('MyDApp')
We provide a convenience method to create a uPort enabled version of the web3 object:
let web3 = uport.getWeb3()
After the above setup, you can now use the web3
object as normal.
Also, the following calls will show a QR code for the user to scan:
web3.eth.getCoinbase()
- returns your uport addressweb3.eth.getAccounts()
- returns your uport address in a listweb3.eth.sendTransaction(txObj)
- returns a transaction hashmyContract.myMethod()
- returns a transaction hashCheck out the examples folder too for how to integrate uport in your DApp
uport-connect
features a default QR-code display function, which injects a <div>
containing the QR-code into the DOM.
However, you might want to display the QR-code in a different way.
You can provide your own uriHandler
function which can be used to handle it your self using your own frontend library.
const uport = new Connect('MyDApp', {
uriHandler: (uri) => {
// show URI handler or button to send user to mobile app
}
})
This basic commands can be found in package.json -> scripts: { }
for contributing to the library.
To install this package from Github and the develop branch:
$ npm install "git://github.com/uport-project/uport-connect.git#develop" --save
$ (cd node_modules/uport-connect && npm install babel-cli && npm run prepublish)
FAQs
Library for integrating uPort into your app frontend
The npm package uport-connect receives a total of 60 weekly downloads. As such, uport-connect popularity was classified as not popular.
We found that uport-connect demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.