
Research
/Security News
Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
zkfold-smart-wallet-api
Advanced tools
This package provides a Smart Wallet API to manage both mnemonic-based and Google OAuth-based wallets.
npm install zkfold-smart-wallet-api
Provides methods to initiate wallets and send funds securely:
Provides high-level functions to backend REST API. Create an instance to pass to Wallet.
Provides OAuth 2.0 authorization code flow authentication for Google-based wallets:
const gapi = new GoogleApi("your-client-id", "your-client-secret", "redirect-url");
const authUrl = gapi.getAuthUrl("state");
// User redirected to Google, then back with code in URL parameters
const jwt = await gapi.getJWT(code);
Provides utilities for serializing and deserializing objects from this library:
import { Wallet, Backend, WalletType, SmartTxRecipient, BigIntWrap } from 'zkfold-smart-wallet-api';
const backend = new Backend('https://api.wallet.zkfold.io', 'api-key');
const wallet = new Wallet(
backend,
{
method: WalletType.Mnemonic,
data: "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about"
},
'password', // optional
'mainnet'
);
// Send 1 ADA to Gmail user
await wallet.sendTo(new SmartTxRecipient(
WalletType.Google,
"user@gmail.com",
{ lovelace: new BigIntWrap(1000000) }
));
import { Wallet, Backend, GoogleApi, WalletType } from 'zkfold-smart-wallet-api';
const backend = new Backend('https://api.wallet.zkfold.io', 'api-key');
const gapi = new GoogleApi(
"your-google-client-id.apps.googleusercontent.com",
"your-google-client-secret",
"https://your-app.com/oauth/callback"
);
// Generate auth URL and redirect user
const state = crypto.randomUUID();
const authUrl = gapi.getAuthUrl(state);
// Redirect user to authUrl...
// After OAuth callback, extract code from URL parameters and exchange for JWT
const urlParams = new URLSearchParams(window.location.search);
const code = urlParams.get('code');
const jwt = await gapi.getJWT(code);
// Create wallet
const wallet = new Wallet(
backend,
{ method: WalletType.Google, data: jwt },
'', // password optional
'mainnet'
);
// Use wallet
const address = await wallet.getAddress();
const balance = await wallet.getBalance();
// Send funds
await wallet.sendTo(new SmartTxRecipient(
WalletType.Google,
"recipient@gmail.com",
{ lovelace: new BigIntWrap(2000000) } // 2 ADA
));
FAQs
Smart wallet api - Browser and extension compatible
The npm package zkfold-smart-wallet-api receives a total of 1,044 weekly downloads. As such, zkfold-smart-wallet-api popularity was classified as popular.
We found that zkfold-smart-wallet-api demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.