npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@here-wallet/core

v3.3.1

Published

HereWallet lib for near-selector

Downloads

7,848

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

here-wallethere-wallet

Keywords

nearhot-coinethereumherewalletweb3

Readme

@herewallet/core

In contrast to the synchronous signing of transactions in web near wallets, where the user is redirected to the wallet site for signing -- HERE Wallet provides the ability to sign transactions using async/await API calls.

npm i near-api-js@^0.44.2 --save
npm i @here-wallet/core --save

Usage

import { HereWallet } from "@here-wallet/core";
const here = await HereWallet.connect();
const account = await here.signIn({ contractId: "social.near" });
console.log(`Hello ${account}!`);

You can also login to the wallet without adding a key. For this you can call signIn without contractId

How it works

By default, all near-selector api calls that you make with this library run a background process and generate a unique link that the user can go to their mobile wallet and confirm the transaction. This is a link of the form: https://h4n.app/TRX_PART_OF_SHA1_IN_BASE64

If a user has logged into your application from a phone and has a wallet installed, we immediately transfer him to the application for signing. In all other cases, we open a new window on the web.herewallet.app site, where the user can find information about installing the wallet and sign the transaction there.

All this time while user signing the transaction, a background process in your application will monitor the status of the transaction requested for signing.

Sign in is optional!

You can generate a signing transaction without knowing your user's accountId (without calling signIn). There are cases when you do not need to receive a public key from the user to call your contract, but you want to ask the user to perform an action in your application once:

import { HereWallet } from "@here-wallet/core";
const here = await HereWallet.connect();
const tx = await here.signAndSendTransaction({
  actions: [{ type: "FunctionCall", params: { deposit: 1000 } }],
  receiverId: "donate.near",
});

console.log("Thanks for the donation!");

Build Telegram App and connect HOT Telegram Wallet

import { HereWallet } from "@here-wallet/core";
const here = await HereWallet.connect({
  botId: "HOTExampleConnectBot/app", // Your bot MiniApp
  walletId: "herewalletbot/app", // HOT Wallet
});

Login without AddKey

In order to use the wallet for authorization on the backend, you need to use the signMessage method. This method signs your message with a private full access key inside the wallet. You can also use this just to securely get your user's accountId without any extra transactions.

import { HereWallet } from "@here-wallet/core";
const here = await HereWallet.connect();

const nonce = Array.from(crypto.getRandomValues(new Uint8Array(32)));
const recipient = window.location.host;
const message = "Authenticate message";

const { signature, publicKey, accountId } = await here.signMessage({ recipient, nonce, message });

// Verify on you backend side, check NEP0413
const accessToken = await axios.post(yourAPI, { signature, accountId, publicKey, nonce, message, recipient });
console.log("Auth completed!");

Or you can verify signMessage on client side, just call:

try {
  const { accountId } = await here.authenticate();
  console.log(`Hello ${accountId}!`);
} catch (e) {
  console.log(e);
}

If you use js-sdk on your backend, then you do not need to additionally check the signature and key, the library does this, and if the signature is invalid or the key is not a full access key, then the method returns an error. Otherwise, on the backend, you need to verify the signature and message with this public key. And also check that this public key is the full access key for this accountId.

It's important to understand that the returned message is not the same as the message you submitted for signature. This message conforms to the standard: https://github.com/near/NEPs/pull/413

Instant Wallet with AppClip

If your goal is to provide the user with a convenient way to log in to your desktop app, you can use Here Instant Wallet, which allows users without a wallet to instantly create one via appclip.

At the moment here wallet is only available for IOS users

You have the option to override how your user is delivered the signing link. This is how you can create a long-lived transaction signature request and render it on your web page:

import { HereStrategy, HereWallet } from "@here-wallet/core";
import { QRCodeStrategy } from "@here-wallet/core/qrcode-strategy";

const putQrcode = document.getElementById("qr-container");

// Instant wallet signin HERE!
const here = await HereWallet.connect();
await here.signIn({
  contractId: "social.near",
  // override default connect strategy
  strategy: new QRCodeStrategy({
    element: putQrcode,
    theme: "dark",
    size: 128,
  }),
});

You can also look at an example in this repository /example/index.ts or in sandbox: https://codesandbox.io/s/here-wallet-instant-app-6msgmn

Security

To transfer data between the application and the phone, we use our own proxy service. On the client side, a transaction confirmation request is generated with a unique request_id, our wallet receives this request_id and requests this transaction from the proxy.

To make sure that the transaction was not forged by the proxy service, the link that opens inside the application contains a hash-sum of the transaction. If the hashes do not match, the wallet will automatically reject the signing request