Add Keyring and KeyringClass types #5
Conversation
|
|
|
I'm still working on the tests for this type, and I'd like to test this with the real keyrings before moving this out of draft. But the type itself and the inline docs are complete as far as I know, so this is OK for some early review now. |
Gudahtt
force-pushed
the
add-keyring-type
branch
2 times, most recently
from
daa2b53 to
729c5ce
Compare
| }, | ||
| "dependencies": { | ||
| "@ethereumjs/tx": "^3.2.1", | ||
| "eth-sig-util": "^3.0.1" |
There was a problem hiding this comment.
I would like to replace the two types from these packages with our own. Better to avoid any non-type dependencies if possible. Plus, we ought to have our own Transaction type.
The Keyring type represents the common API between all of our keyrings. Currently the keyrings are written in JavaScript and they don't extend a base type, but they are assumed to have certain methods and method signatures. The Keyring interface represents a keyring instance. It has mandatory methods for basic functionality such as serialization/deserialization, and getting and adding accounts. Some account management methods are optional, like `exportAccount` which isn't possible to implement on hardware wallets. The signing methods are all optional as well, as they might not be implemented if the keyring doesn't support that type of signing. The KeyringClass type is used to validate that the class itself has the expected constructor signature and static properties. This needs to be a separate type because you can't validate constructor signatures or static properties with an interface, and we rely upon both of these things being consistent between all keyrings in the `KeyringController`. Note that this is just an attempt at capturing the existing keyring API, without making any changes. We will be redesigning this API in the near future.
Gudahtt
force-pushed
the
add-keyring-type
branch
from
729c5ce to
32c627d
Compare
Socket Security Pull Request ReportDependency issues detected. If you merge this pull request, you will not be alerted to the instances of these issues again. 📜 Install scriptsInstall scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts. Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.
🫣 Native codeContains native code which could be a vector to obscure malicious code, and generally decrease the likelihood of reproducible or reliable installs. Ensure that native code bindings are expected. Consumers may consider pure JS and functionally similar alternatives to avoid the challenges and risks associated with native code bindings.
Pull request report summary
Bot CommandsTo ignore an alert, reply with a comment starting with
Powered by socket.dev |
The Keyring type represents the common API between all of our keyrings. Currently the keyrings are written in JavaScript and they don't extend a base type, but they are assumed to have certain methods and method signatures.
The Keyring interface represents a keyring instance. It has mandatory methods for basic functionality such as serialization/deserialization, and getting and adding accounts. Some account management methods are optional, like
exportAccountwhich isn't possible to implement on hardware wallets. The signing methods are all optional as well, as they might not be implemented if the keyring doesn't support that type of signing.The KeyringClass type is used to validate that the class itself has the expected constructor signature and static properties. This needs to be a separate type because you can't validate constructor signatures or static properties with an interface, and we rely upon both of these things being consistent between all keyrings in the
KeyringController.Note that this is just an attempt at capturing the existing keyring API, without making any changes. We will be redesigning this API in the near future.