Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
uport-connect
Advanced tools
Quick Start | Tutorial and Examples | Usage Guide | Development Guide | Contributing
uPort is a system for self-sovereign digital identity anchored in Ethereum. The uPort technology primarily consists of smart contracts, developer libraries, and a mobile app. uPort identities are fully owned and controlled by the creator, and don't rely on centralized third-parties for creation, control or validation. In the current implementation of the system this is achievable by having the mobile app act as the primary secure container for data related to your identity and for a set of keys which allow you sign transactions, grant authorization and sign credentials. The identity is anchored in the blockchain with an identifier and public data is stored in IPFS.
uport-connect
is the client side library that allows you interact with user's uPort identities through the mobile app. It handles the communication channel between your app and the uPort mobile app, which can vary depending on the environment which your application runs. Over this communication channel you can create requests for a user's data, share credentials and generate transactions to be signed in the user's mobile app.
For more information about our system and other products visit uport.me. View our protocol specs if interested in understanding some of the lower level details.
For any questions or library support reach out to the uPort team on riot or create a Github issue.
For additional documentation on all functionality visit our docs. For a quick start continue below.
For a more interactive quick start visit developer.uport.me
npm install uport-connect
First we will instantiate the uPort object, by default it is configured on the Rinkeby test network.
import { Connect } from 'uport-connect'
const uport = new Connect('MyDApp')
To ask the user for their credentials use requestCredentials()
. With no additional params this will return a user's public profile.
uport.requestCredentials().then((credentials) => {
console.log(credentials)
})
If all we want is the address of the connected user we can use requestAddress()
:
uport.requestAddress().then((address) => {
console.log(address)
})
For use directly in the browser you can reference the uport-connect distribution files from a number of places. They can be found in our npm package in the 'dist' folder or you can build them locally from this repo.
For a quick setup you may also request a remote copy from unpkg CDN as follows:
<!-- The most recent version -->
<script src="https://unpkg.com/uport-connect/dist/uport-connect.js"></script>
<!-- The most recent minified version -->
<script src="https://unpkg.com/uport-connect/dist/uport-connect.min.js"></script>
<!-- You can also fetch specific versions by specifying the version, files names may differ for past versions -->
<script src="https://unpkg.com/uport-connect@<version>/dist/uport-connect.js"></script>
To see all available dist files on unpkg, vist unpkg.com/uport-connect/dist/
Then to instantiate the uPort object from the browser window object:
var uportconnect = window.uportconnect
var uport = new uportconnect.Connect('MyDApp')
For a more in depth quick start example follow our tutorial for building a simple dapp or locally open the /examples
folder. This simple example will show you how to use our default QR flow to connect and create transactions to send ether or interact with smart contracts.
Download this repo or your fork, then run npm install
.
All builds are created from files in /src
To transpile to ES5. All files are output to /lib
. The entry of our npm package is /lib/index.js
$ npm run build-es5
To generate a bundle/distributable. We use webpack for our builds. The output dist is /dist/uport-connect.js
and source map /dist/uport-connect.map.js
$ npm run build-dist
To generate a production bundle/distributable. Includes build optimizations related to size and code is minified. The output dist is /dist/uport-connect.min.js
and source map /dist/uport-connect.min.map.js
$ npm run build-dist-prod
We write our tests using mocha and run them with karma. TestRPC runs in the background during tests.
To run our tests:
$ npm run karma
Code coverage reports are generated when tests are run and can be viewed in browser. Reports are also published on CodeCov when pushed to github.
$ npm run karma
$ open test/coverage/html/index.html
Run our linter, we follow JavaScript Standard Style.
$ npm run lint
We write inline documentation using JSDoc. To generate docs:
$ npm run build:docs:html
$ open docs/index.html
$ npm run build:docs:md // to generate a markdown file in /docs folder
Additional scripts can be found in package.json -> scripts: { }
.
We follow MAJOR.MINOR.PATCH Semantic Versioning
You can npm install the develop branch of uport-connect using the follow commands.
$ npm install "git://github.com/uport-project/uport-connect.git#develop" --save
$ (cd node_modules/uport-connect && npm install babel-cli && npm run prepublish)
Each Frontend Library React, Angular, Vue, etc... can sometimes require specific configuration settings. To prevent developers from solving the same problems twice we're going document Library specific issues on a case-by-case basis.
When adding the uport-connect.js
library to an Angular project please install the crypto-browserify
module as a project dependency and create a path alias pointing crypto
to the crypto-browserify
module.
This will fix a crypto.createHash()
undefined error.
"paths": {
"crypto": ["../node_modules/crypto-browserify/index.js"]
}
Are you experiencing other Frontend Library specific issues?
Let us know in the issues.
Code, test and documentation contributions are welcomed and encouraged. Please read the guidelines below and reach out on our riot or create an issue if any contribution is more than trivial. We can help you see where/if it fits into our roadmap and if we are likely to accept. We are also looking to add references to projects using uport-connect
with example implementations and use cases.
Well formed bug reports are hugely valuable to the project and allow us quickly evaluate and fix a bug. Poorly formed bug reports leave use searching for more details and even worse may leave us trying to resolve bugs not related to the code here. Primarily be thoughtful when submitting bugs and leave enough details to minimize the paths we have to take when finding a resolution. Report bugs by creating an issue.
Some guidelines for reporting bugs:
Our master
branch reflects our most recent release, while we accept pull requests from topic branches into our develop
branch. To submit code for a feature, bug or documentation, fork this repo and add all related commits to a topic branch (feature/your-title, fix/your-title, doc/your-title, etc). Once ready for review, open a pull request to merge into develop
.
All commits are required to be well formed. We follow the AngularJS Commit Message Conventions. We use these commit messages to create a useful history, generate CHANGELOGS and to determine release versions.
Before submitting your changes run npm run lint
to find any formatting issues that don't adhere to the original codebase. Run npm run karma
to be sure all tests pass. When submitting a bug fix try to add additional tests to cover that bug or similar bugs in the future. If a bug was specific to an environment consider adding a environment specific note in the docs. When submitting code for a new feature or functionality add the relevant documentation and test coverage as well.
FAQs
Library for integrating uPort into your app frontend
We found that uport-connect demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.