Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
uport-credentials
Advanced tools
DID Specification | Getting Started
Required Upgrade to uport-credentials@1.3.0
Starting with version 1.3.0 you are required to specify either a Resolver
instance or a valid configuration object for ethr-did-resolver
.
Previous versions of this library were relying on automatic configuration of some default DID resolvers
but this pattern was both limiting and prone to errors of misconfiguration or interference.
This has caused an outage in credential verification on 2020-01-20 and continued use of previous versions are highly likely to no longer function properly because of this.
An example configuration with a resolver:
import { Resolver } from 'did-resolver'
import getResolver from 'ethr-did-resolver'
const providerConfig = { rpcUrl: 'https://mainnet.infura.io/<YOUR INFURA PROJECT ID>' }
const credentials = new Credentials({
did: process.env.APPLICATION_DID,
signer: SimpleSigner(process.env.PRIVATE_KEY),
resolver: new Resolver(getResolver(providerConfig))
})
See ethr-did-resolver#43 for more info.
uPort provides a set of tools for creating and managing identities that conform to the decentralized identifier (DID) specification, and for requesting and exchanging verified data between identities.
uPort Credentials simplifies the process of identity creation within JavaScript applications; additionally, it allows applications to easily sign and verify data — signed by other identities to facilitate secure communication between parties. These pieces of data take the form of signed JSON Web Tokens (JWTs), they have specific fields designed for use with uPort clients, described in the uPort specifications, collectively referred to as verifications.
To allow for maximum flexibility, uPort Credential’s only deals with creation and validation of verifications. To pass verifications between a JavaScript application and a user via the uPort mobile app, we have developed the uPort Transports library, use it in conjunction with uPort Credentials when necessary.
To hit the ground running with uPort Credentials, visit the Getting Started guide.
For details on uPort's underlying architecture, read our spec repo or check out the uPort identity contracts.
This library is part of a suite of tools maintained by the uPort Project, a ConsenSys formation. For more information on the project, visit uport.me
FAQs
Library for interacting with uport profiles and attestations
The npm package uport-credentials receives a total of 80 weekly downloads. As such, uport-credentials popularity was classified as not popular.
We found that uport-credentials demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 10 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.