Conversation
release: v2.10.0
feat: Massa network
WalkthroughAdds full Massa support (provider, networks, API, middleware, signer, signer-package, UI, types), removes several legacy networks, updates many package/devtool versions and Node images/CI to v22.18.x, routes Sanko via Blockscout, removes Binance/Matic gas estimators, exposes ToTokenType, and disables SID initialization/tests. Changes
Sequence Diagram(s)sequenceDiagram
participant UI as UI / Client
participant Background as BackgroundHandler
participant Provider as MassaProvider
participant API as MassaAPI
participant KeyRing as KeyRing
participant Activity as ActivityState
UI->>Background: RPC massa_getBalance(address)
Background->>Provider: forward payload
Provider->>API: api.getBalance(address)
API-->>Provider: balance
Provider-->>Background: res(null, balance)
Background-->>UI: return balance
UI->>Background: request send transaction
Background->>Provider: forward sign & submit
Provider->>KeyRing: request signature (MassaSigner)
KeyRing-->>Provider: signature
Provider->>API: submit operation (serialized)
API-->>Provider: operationId/status
Provider->>Activity: persist activity records
Provider-->>Background: operation result
Background-->>UI: show operation id / success
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Possibly related PRs
Suggested labels
Pre-merge checks and finishing touches✅ Passed checks (3 passed)
✨ Finishing touches
🧪 Generate unit tests
Tip 👮 Agentic pre-merge checks are now available in preview!Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.
Please see the documentation for more information. Example: reviews:
pre_merge_checks:
custom_checks:
- name: "Undocumented Breaking Changes"
mode: "warning"
instructions: |
Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).Please share your feedback with us on this Discord post. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
💼 Build Files |
fix massa signature verify
devop: export types
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 3
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (6)
packages/swap/package.json (1)
21-23: Align engines with repo Node 22 target.Monorepo moved to Node 22.18.x; keeping ">=14.15.0" is misleading and may mask incompatibilities.
Apply:
- "engines": { - "node": ">=14.15.0" - }, + "engines": { + "node": ">=18" + },packages/signers/polkadot/package.json (1)
21-23: Update engines field to reflect Node 22.Same rationale as other packages.
- "engines": { - "node": ">=14.15.0" - }, + "engines": { + "node": ">=18" + },packages/name-resolution/package.json (2)
45-46: Fix repository URL placeholder.Replace <FILL_IT> with the real path to avoid broken npm metadata.
- "url": "git+https://github.com/<FILL_IT>" + "url": "git+https://github.com/enkryptcom/enKrypt/tree/main/packages/name-resolution"
21-23: Align engines to Node 18+.Stay consistent with monorepo Node 22 baseline.
- "engines": { - "node": ">=14.15.0" - }, + "engines": { + "node": ">=18" + },packages/utils/package.json (1)
21-23: Update engines to Node 18+.Maintain consistency with Node 22 target.
- "engines": { - "node": ">=14.15.0" - }, + "engines": { + "node": ">=18" + },packages/storage/package.json (1)
21-23: Align engines to Node 18+.- "engines": { - "node": ">=14.15.0" - }, + "engines": { + "node": ">=18" + },
🧹 Nitpick comments (13)
Dockerfile (1)
1-1: Pin Yarn via Corepack to match packageManager (yarn@4.5.1) and avoid yarn -v failures.Node 22 images rely on Corepack; without activation,
yarn -vmay fail or pick an unexpected version. Activate and pin Yarn to 4.5.1.Apply:
FROM node:22.18-bookworm +RUN corepack enable && corepack prepare yarn@4.5.1 --activate RUN apt-get update RUN apt-get install build-essential zip -y ENV HOME /home ENV NODE_OPTIONS --max-old-space-size=8192 RUN node -v && npm -v && yarn -v WORKDIR /homeOptional image hygiene:
-RUN apt-get update -RUN apt-get install build-essential zip -y +RUN apt-get update && \ + apt-get install -y --no-install-recommends build-essential zip && \ + rm -rf /var/lib/apt/lists/*packages/types/package.json (2)
27-27: Unify @types/node major across the workspace.Some packages use @types/node ^24.x while others use ^22.x. Mixed Node ambient types can collide during composite builds. Recommend standardizing one version (prefer the repo’s target runtime) and hoisting it at the root to avoid duplicate globals.
If desired, I can scan the repo to list all @types/node versions and propose a single-pin override at the root.
23-25: Update engines.node to reflect the repo’s Node baseline..engines still allows Node 14, which is EOL and mismatched with .nvmrc (v22.18.0). Consider tightening to >=20 or matching 22.x to prevent accidental installs on legacy Node.
Apply one of these diffs:
- "node": ">=14.15.0" + "node": ">=20.0.0"or
- "node": ">=14.15.0" + "node": ">=22.18.0"packages/signers/ethereum/package.json (2)
35-35: Align @types/node with the rest of the repo.This package uses ^24.3.0 while others are on ^22.18.0. Pick one major to avoid ambient type conflicts; consider hoisting at root.
I can enumerate all @types/node versions and generate a root override if you want.
21-23: Tighten engines.node to the supported baseline.Keeping >=14.15.0 is misleading post-upgrade. Recommend >=20 or >=22.18.0 to match .nvmrc.
- "node": ">=14.15.0" + "node": ">=22.18.0"packages/request/package.json (1)
21-23: Sync engines.node with project runtime.Recommend raising from >=14.15.0 to >=20 or >=22.18.0 to reflect the new Node baseline.
- "node": ">=14.15.0" + "node": ">=20.0.0"packages/signers/kadena/package.json (2)
33-33: Standardize @types/node across packages.This package uses ^24.x while others use ^22.x. Unify to a single major to avoid global type duplication issues.
Happy to propose a root override and adjust package-level versions accordingly.
21-23: Raise engines.node to supported versions.Suggest >=20 or >=22.18.0 to reflect .nvmrc and avoid accidental legacy Node usage.
- "node": ">=14.15.0" + "node": ">=22.18.0"packages/keyring/package.json (1)
21-23: Update engines.node to match the repo standard.Recommend moving from >=14.15.0 to >=20 or >=22.18.0.
- "node": ">=14.15.0" + "node": ">=20.0.0"packages/signers/polkadot/package.json (1)
34-38: Unify @types/node to Node 22 baseline for consistencyVerification with ripgrep in
packages/signers/polkadotdid not uncover any Node 24–specific API usages (e.g.fs/promisesorwith(AbortSignal…)), so it’s safe to align with the rest of the mono-repo’s Node 22 types:• In
packages/signers/polkadot/package.json, update:- "@types/node": "^24.3.0", + "@types/node": "^22.18.0",packages/name-resolution/package.json (1)
17-18: Optional: add --clean to build.Keeps dist fresh and matches other packages.
- "build": "tsup src/index.ts --format esm,cjs --dts", + "build": "tsup src/index.ts --format esm,cjs --dts --clean",packages/hw-wallets/package.json (1)
55-60: Ledger libs minor bumps: sanity-check transport/app interop across browsersThese are safe-looking patch bumps, but please sanity-test BTC/ETH/SOL flows over WebUSB on Chrome/Firefox (and with live-common still at ^34.20.0).
If desired, I can provide a minimal browser harness to probe enumerate/open/send/close for each app.
packages/extension/package.json (1)
137-137: Vite 7 upgrade – plugin compatibility is set, add “engines” for Node version consistency
- Verified that @vitejs/plugin-vue is on v6.0.1 and rollup is on v4.49.0 with matching plugins (commonjs, node-resolve, terser, etc.), and @crxjs/vite-plugin is at v2.2.0—these all align with Vite 7’s requirements.
- No .nvmrc was found in the repository; however, devDependencies specify
@types/node@^22.18.0, implying a minimum Node 22.18.0 runtime.Suggested optional update to
packages/extension/package.json:"name": "@enkryptcom/extension", ... + "engines": { + "node": ">=22.18.0" + }, "devDependencies": { ... "vite": "^7.1.3",
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
💡 Knowledge Base configuration:
- MCP integration is disabled by default for public repositories
- Jira integration is disabled by default for public repositories
- Linear integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
⛔ Files ignored due to path filters (1)
yarn.lockis excluded by!**/yarn.lock,!**/*.lock
📒 Files selected for processing (17)
.nvmrc(1 hunks)Dockerfile(1 hunks)package.json(1 hunks)packages/extension-bridge/package.json(2 hunks)packages/extension/package.json(5 hunks)packages/hw-wallets/package.json(3 hunks)packages/keyring/package.json(2 hunks)packages/name-resolution/package.json(3 hunks)packages/request/package.json(2 hunks)packages/signers/bitcoin/package.json(2 hunks)packages/signers/ethereum/package.json(2 hunks)packages/signers/kadena/package.json(2 hunks)packages/signers/polkadot/package.json(2 hunks)packages/storage/package.json(2 hunks)packages/swap/package.json(2 hunks)packages/types/package.json(2 hunks)packages/utils/package.json(2 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
- GitHub Check: buildAll
- GitHub Check: test
- GitHub Check: test
🔇 Additional comments (23)
.nvmrc (1)
1-1: Align Node 22.18.0 across CI, Docker, and build scriptsI ran a scan for any remaining hard-coded Node references in workflows, Dockerfiles/Compose, package.json (
engines.node), and shell scripts—but didn’t find any matches. To be safe, please manually confirm that everything is now using 22.18.x to avoid cache or ABI mismatches:• GitHub Actions – ensure all
actions/setup-node@…andnode-version:fields specify 22.18.x
• Dockerfiles – anyFROM node:…lines
• Docker-Compose files –image: node:…entries
• package.json –engines.nodeconstraint
• nvm or other install/use commands in build scriptspackage.json (1)
37-38: Dev tool bumps look fine.@swc/core and concurrently minor bumps are safe and low-risk.
packages/extension-bridge/package.json (1)
47-65: Tooling bump aligns with Node 22.18 and repo standards.Versions are consistent with the monorepo; no API surface changes here.
packages/types/package.json (1)
27-31: Tooling bumps look consistent.Types/ESLint/TS upgrades are aligned with the repo-wide move. No concerns here.
Also applies to: 40-41
packages/signers/ethereum/package.json (1)
35-38: Dev tooling upgrades LGTM.ESLint 9.34 + typescript-eslint 8.41 and TS 5.9.2 are a compatible trio. No issues spotted.
Also applies to: 48-49
packages/request/package.json (2)
34-38: LGTM on dev tooling bumps and added lint/format plugins.Additions (eslint-plugin-import, module-resolver, prettier) align with other packages.
Also applies to: 47-48
34-37: Verify ESLint config compatibility after plugin bumps.Ensure your (likely flat) ESLint config enables the added plugins and rulesets in this package; otherwise the new plugins are unused.
I can help review the root/package ESLint config to confirm plugin enablement if you share it.
packages/signers/kadena/package.json (1)
31-31: Upgrades look good.polkadot/util-crypto to ^13.5.6 and TS/ESLint/tooling bumps are consistent with the monorepo direction.
Also applies to: 33-36, 46-47
packages/keyring/package.json (2)
32-32: Dependency and tooling bumps LGTM.@polkadot/util to ^13.5.6 and TS/ESLint updates are consistent with related packages.
Also applies to: 37-40, 50-51
32-32: Confirm Polkadot suite alignment.If other @polkadot/* packages are used transitively, ensure they’re also on ^13.5.6 to prevent duplication/resolution skew. A root override for @polkadot/* may help.
I can scan the repo for @polkadot/* versions and suggest a unified override block if you want.
packages/swap/package.json (1)
28-35: Deps bump looks good.Minor bumps for @solana/web3.js and rango-sdk-basic are fine and low risk.
packages/signers/polkadot/package.json (1)
27-29: Polkadot suite bumps LGTM.@polkadot/util, util-crypto, and wasm-crypto minor bumps are expected to be compatible.
packages/name-resolution/package.json (3)
24-42: Tooling bumps LGTM.ESLint/TS/Node types/viem updates are consistent with repo-wide upgrades.
51-56: Runtime deps bumps LGTM.@bonfida/spl-name-service and @ensdomains/address-encoder minor bumps look safe.
40-41: No action required:viemis dev-onlySearches for any imports, requires, or dynamic imports of
viemin thepackages/name-resolutionsource (including TS, JS, and JSON files) returned no references outside ofpackage.json. Therefore, it is safe to keep"viem": "^2.36.0"indevDependenciesand no change is needed.packages/utils/package.json (2)
27-31: Polkadot util-crypto bump LGTM.
33-36: Tooling bumps LGTM.Matches repo-wide TypeScript/ESLint updates.
Also applies to: 47-48
packages/storage/package.json (1)
30-46: Tooling bumps and added lint/format deps LGTM.packages/hw-wallets/package.json (2)
62-63: Polkadot suite versions look consistent across workspace@polkadot/types and @polkadot/util are aligned with the extension package. No concerns.
25-28: Align Node engine and typings with the repo’s Node 22.18.0 LTSWe need to pin your development environment to match the intended Node 22.18.0 target and prevent accidental reliance on newer Node APIs.
– Pin
@types/nodeto^22.18.0instead of^24.3.0.
– Restrict"engines.node"to>=22.18.0instead of>=14.15.0.
– Verify no APIs introduced after Node 22.18.0 are in use by:
• Running all builds and tests under Node v22.18.0.
• Searching for known post-22 APIs (for examplefs.cp,fs.cpSync, streamingReadable.toWeb(), etc.) and ensuring none are referenced.Suggested diff in
packages/hw-wallets/package.json:"engines": { - "node": ">=14.15.0" + "node": ">=22.18.0" }, "devDependencies": { - "@types/node": "^24.3.0", + "@types/node": "^22.18.0", "@typescript-eslint/eslint-plugin": "^8.41.0", "@typescript-eslint/parser": "^8.41.0", "eslint": "^9.34.0", ... }After making these changes, please install dependencies and ensure that all tests and builds pass on Node v22.18.0.
packages/extension/package.json (3)
46-55: Cannot confirm type-check without installing dependencies
Theyarn type-checkcommand failed due to missingnode_modules. Please run the following locally and confirm there are no type errors:yarn install yarn type-check
120-120: cross-env v10 bump — verify quoting on Windows CII’ve confirmed that all
cross-envinvocations live inpackages/extension/package.jsonand nowhere else in the repo. The affected scripts are:
- dev (line 1):
yarn prebuild && cross-env BROWSER='chrome' vite- build:chrome (line 10):
yarn prebuild && cross-env BROWSER='chrome' MINIFY='true' vite build- build:firefox (line 11):
yarn prebuild && cross-env BROWSER='firefox' MINIFY='true' vite build && node configs/get-system-info.js- build:opera (line 12):
yarn prebuild && cross-env BROWSER='opera' MINIFY='true' vite build- watch:firefox (line 17):
yarn prebuild && cross-env BROWSER='firefox' viteNo other
package.jsoncontainscross-envin its scripts.Please manually verify on your Windows CI shells that the single-quoted values (e.g.
MINIFY='true') are still passed correctly withcross-env@^10.0.0.
92-92: Include dependency installation in build verificationTo ensure
yarn build:chromeandyarn build:firefoxactually run (and to confirm manifest generation + HMR remain intact), please install dependencies before building:• File: packages/extension/package.json (lines 92, 130, 137)
• Updated build check:# install dependencies yarn install # verify Chrome target yarn build:chrome # verify Firefox target yarn build:firefoxOnce that succeeds, confirm both Chrome and Firefox extension bundles generate correctly and HMR still functions as expected.
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (1)
packages/swap/src/index.ts (1)
270-271: Type-only re-export for ToTokenType (optional)
Yourtsconfig.jsonfiles don’t enableverbatimModuleSyntax,isolatedModules, orpreserveValueImports, so this change isn’t strictly required today. However, adopting a type-only re-export guards against future strict-mode compiler or transformer settings and keeps your runtime bundle clean.• In
packages/swap/src/index.ts(around lines 270–271):
– RemoveToTokenTypefrom the value-style export block
– Add a dedicated type re-exportStatusOptions, - ToTokenType, }; +export type { ToTokenType } from "./types";
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
💡 Knowledge Base configuration:
- MCP integration is disabled by default for public repositories
- Jira integration is disabled by default for public repositories
- Linear integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
📒 Files selected for processing (7)
packages/extension/src/providers/ethereum/libs/activity-handlers/providers/etherscan/configs.ts(0 hunks)packages/extension/src/providers/ethereum/networks/form-testnet.ts(0 hunks)packages/extension/src/providers/ethereum/networks/form.ts(0 hunks)packages/extension/src/providers/ethereum/networks/index.ts(0 hunks)packages/swap/src/common/estimateGasList.ts(0 hunks)packages/swap/src/index.ts(1 hunks)packages/types/src/networks.ts(0 hunks)
💤 Files with no reviewable changes (6)
- packages/types/src/networks.ts
- packages/swap/src/common/estimateGasList.ts
- packages/extension/src/providers/ethereum/networks/index.ts
- packages/extension/src/providers/ethereum/networks/form.ts
- packages/extension/src/providers/ethereum/networks/form-testnet.ts
- packages/extension/src/providers/ethereum/libs/activity-handlers/providers/etherscan/configs.ts
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: buildAll
There was a problem hiding this comment.
Actionable comments posted: 4
🧹 Nitpick comments (3)
.github/workflows/test-all.yml (1)
12-12: Use.nvmrcas the single source of truth for Node.js versionsBoth workflows currently hard-code
node-version: "22.18.0", which duplicates the version declared in.nvmrc(v22.18.0). To avoid drift, update each workflow to read from.nvmrc.Files to update:
- .github/workflows/test-all.yml
- .github/workflows/test-swap.yml
Apply the following diffs:
--- a/.github/workflows/test-all.yml +++ b/.github/workflows/test-all.yml @@ -11,7 +11,8 @@ jobs: steps: - uses: actions/checkout@v3 - uses: actions/setup-node@v4 - with: - node-version: "22.18.0" + with: + node-version-file: ".nvmrc" cache: "yarn" + - run: corepack enable--- a/.github/workflows/test-swap.yml +++ b/.github/workflows/test-swap.yml @@ -11,7 +11,8 @@ jobs: steps: - uses: actions/checkout@v3 - uses: actions/setup-node@v4 - with: - node-version: "22.18.0" + with: + node-version-file: ".nvmrc" cache: "yarn" + - run: corepack enableOptional hardening: enable Corepack after setup-node to lock in the repo’s Yarn version.
.github/workflows/test-swap.yml (1)
12-12: Deduplicate version managementUse .nvmrc to drive Node version and enable Corepack for deterministic Yarn.
Apply:
- node-version: "22.18.0" + node-version-file: ".nvmrc"Optional:
- uses: actions/setup-node@v4 with: - node-version: "22.18.0" + node-version-file: ".nvmrc" cache: "yarn" + - run: corepack enablepackages/extension/configs/vitest.config.mts (1)
20-28: Make customResolver cross‑platform (Windows-safe).Replacing file:// manually can break on Windows. Use fileURLToPath for robust URL→FS conversion.
Apply:
{ find: /^(vite-plugin-node-polyfills\/shims\/.+)/, replacement: '$1', - customResolver(source) { - return import.meta.resolve(source).replace(/^file:\/\//, ''); - }, + customResolver(source) { + return fileURLToPath(new URL(import.meta.resolve(source))); + }, },Add import at top:
import { fileURLToPath } from 'node:url';
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
💡 Knowledge Base configuration:
- MCP integration is disabled by default for public repositories
- Jira integration is disabled by default for public repositories
- Linear integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
📒 Files selected for processing (14)
.github/workflows/test-all.yml(1 hunks).github/workflows/test-swap.yml(1 hunks)packages/extension/configs/vitest.config.mts(1 hunks)packages/extension/src/providers/ethereum/libs/activity-handlers/providers/etherscan/configs.ts(0 hunks)packages/extension/src/providers/ethereum/libs/assets-handlers/assetinfo-mew.ts(1 hunks)packages/extension/src/providers/ethereum/networks/cagaAnkara.ts(0 hunks)packages/extension/src/providers/ethereum/networks/coti-devnet.ts(0 hunks)packages/extension/src/providers/ethereum/networks/coti-testnet.ts(1 hunks)packages/extension/src/providers/ethereum/networks/index.ts(2 hunks)packages/extension/src/providers/ethereum/networks/skale/chaos.ts(0 hunks)packages/extension/src/providers/ethereum/networks/skale/index.ts(0 hunks)packages/extension/src/providers/polkadot/networks/index.ts(0 hunks)packages/extension/src/providers/polkadot/networks/unique/opal.ts(0 hunks)packages/types/src/networks.ts(1 hunks)
💤 Files with no reviewable changes (7)
- packages/extension/src/providers/ethereum/networks/cagaAnkara.ts
- packages/extension/src/providers/polkadot/networks/index.ts
- packages/extension/src/providers/ethereum/networks/skale/chaos.ts
- packages/extension/src/providers/ethereum/networks/coti-devnet.ts
- packages/extension/src/providers/ethereum/networks/skale/index.ts
- packages/extension/src/providers/ethereum/libs/activity-handlers/providers/etherscan/configs.ts
- packages/extension/src/providers/polkadot/networks/unique/opal.ts
🧰 Additional context used
🧬 Code graph analysis (1)
packages/extension/src/providers/ethereum/networks/coti-testnet.ts (1)
packages/extension/src/providers/ethereum/types/evm-network.ts (2)
EvmNetworkOptions(22-53)EvmNetwork(55-286)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
- GitHub Check: buildAll
- GitHub Check: test
- GitHub Check: test
🔇 Additional comments (4)
.github/workflows/test-all.yml (1)
12-12: LGTM: Node pinned to 22.18.0Consistent with the PR’s broader runtime bump; no other workflow changes required.
.github/workflows/test-swap.yml (1)
12-12: LGTM: Version bump matches test-allKeeps CI environments aligned.
packages/extension/configs/vitest.config.mts (2)
18-19: LGTM: simplified test includes.Consolidated globs look correct for Vitest discovery.
9-10: The above script will verify if any tests or extension code import or use other Node core modules (buffer, stream, path, fs, url, util) or rely on the globalBufferAPI. Based on its output, we can confirm whether including only the'crypto'polyfill is sufficient or if additional polyfills are needed.
packages/extension/src/providers/ethereum/libs/assets-handlers/assetinfo-mew.ts
Show resolved
Hide resolved
There was a problem hiding this comment.
Actionable comments posted: 4
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (2)
packages/name-resolution/src/index.ts (1)
67-67: Fix: re-exportCoinTypeas a type (compile-time error with verbatimModuleSyntax).
CoinTypeis imported viaimport type. Re-exporting it usingexport { CoinType }emits a value export and fails under TS 5’s verbatimModuleSyntax. Use a type re-export.-export { ENSResolver, UDResolver, CoinType }; +export { ENSResolver, UDResolver }; +export type { CoinType };packages/hw-wallets/package.json (1)
21-23: Update engines.node to match toolchain (ESLint 9/Vitest 3 need ≥18.18; repo uses Node 22.18).The current ">=14.15.0" is misleading and can cause local installs to succeed but tooling to fail.
Apply:
"engines": { - "node": ">=14.15.0" + "node": ">=22.18.0" },
♻️ Duplicate comments (3)
packages/extension/package.json (2)
121-123: ESLint 9 requires Flat Config — migrate off .eslintrc.*.
Ensure eslint.config.* exists (per-package or at repo root) and CI uses it.#!/bin/bash fd -a '^eslint\.config\.(js|ts|mjs|cjs)$' -H fd -a '^\.eslintrc(\..*)?$' -H jq -r '.devDependencies.eslint, .devDependencies["eslint-plugin-vue"]' packages/extension/package.json
66-66: ECharts v6 ⇄ vue-echarts v7 peer-mismatch — resolve before shipping.
vue-echarts@7 peers ECharts v5; upgrade vue-echarts to v8 or pin ECharts to v5.Apply one of:
Option A — pin ECharts to v5:
- "echarts": "^6.0.0", + "echarts": "^5.6.0",Option B — upgrade vue-echarts to v8 (verify API changes):
- "vue-echarts": "7.0.3", + "vue-echarts": "^8.0.0",#!/bin/bash # Check for peer dependency warnings related to echarts/vue-echarts jq -r '.dependencies.echarts,.dependencies["vue-echarts"]' packages/extension/package.json rg -nP "from ['\"]echarts|echarts\.init|use\(" -C2 packages/extension/src | wc -lAlso applies to: 82-82
packages/types/src/networks.ts (1)
31-31: Clean up stale usages of ZkSyncGoerli.
Ensure all references moved to zkSyncSepolia (e.g., dapp list key/URL).#!/bin/bash rg -nPI '\bZkSyncGoerli\b|\bzkGoerli\b' -g 'packages/**'
🧹 Nitpick comments (9)
packages/types/package.json (1)
40-41: Deduplicate typescript-eslint depsYou have both:
- @typescript-eslint/{eslint-plugin,parser} at 8.43.0
- typescript-eslint (meta) at 8.43.0
Keeping all three is redundant and risks drift. Either:
A) Keep plugin+parser, remove the meta package:- "typescript-eslint": "8.43.0"B) Or adopt the meta package (flat config) and drop plugin+parser (update ESLint config accordingly). If you’re not using the meta package explicitly, option A is simpler.
packages/name-resolution/src/index.ts (3)
5-5: Remove/gate SID import and instantiation to avoid unused bundle weight and constructor side-effects.SID is disabled; keeping the import and constructing an instance still pulls the module into the bundle and may trigger side-effects in its constructor.
-import SIDResolver from "./sid"; @@ - sid: SIDResolver; @@ - this.sid = new SIDResolver(options.sid); @@ - // this.sid.init(),Alternative: keep a feature flag (e.g.,
options.sid?.enabled) and instantiate lazily when re-enabling.Also applies to: 14-14, 22-22, 27-27
31-46: Make reverse-name resolution resilient to individual resolver failures.A single rejection from any resolver will currently reject the whole call due to
Promise.all. Catch per-call to degrade gracefully.- public async resolveReverseName(address: string): Promise<string | null> { - return this.initDone.then(() => - Promise.all([ - this.ens.resolveReverseName(address), - // this.sid.resolveReverseName(address), - this.rns.resolveReverseName(address), - this.ud.resolveReverseName(address), - ]).then((results) => { - // eslint-disable-next-line no-restricted-syntax - for (const name of results) { - if (name !== null) return name; - } - return null; - }), - ); - } + public async resolveReverseName(address: string): Promise<string | null> { + await this.initDone; + const results = await Promise.all([ + this.ens.resolveReverseName(address).catch(() => null), + this.rns.resolveReverseName(address).catch(() => null), + this.ud.resolveReverseName(address).catch(() => null), + ]); + for (const name of results) { + if (name !== null) return name; + } + return null; + }
58-60: Clean up stale commented SID code referencing old param name.These comments reference
paymentIdChain(now_paymentIdChain) and add noise. Remove or replace with a single TODO pointing to the re-enable plan.- // if (this.sid.isSupportedName(name)) - // return this.sid.resolveAddress(name, paymentIdChain);packages/hw-wallets/package.json (2)
38-40: Avoid duplicating TS-ESLint packages; keep either the meta package or plugin+parser, not both.Carrying both can cause version skew and confusion.
Pick one:
- Keep plugin+parser (most common):
- "typescript-eslint": "8.43.0",
- Or keep the meta package and drop the two specifics:
- "@typescript-eslint/eslint-plugin": "^8.43.0", - "@typescript-eslint/parser": "^8.43.0", + "typescript-eslint": "8.43.0",Also consider aligning @types/node with the runtime (Node 22.18) to reduce type drift.
6-12: Prefer an “exports” map to avoid dual-package hazards and ensure correct ESM/CJS entry points.Relying on top-level main/module plus publishConfig can confuse resolvers in workspaces.
Proposed:
"type": "module", - "main": "src/index.ts", - "module": "src/index.ts", + "main": "dist/index.js", + "exports": { + ".": { + "types": "./dist/index.d.ts", + "import": "./dist/index.js", + "require": "./dist/index.cjs" + } + }, "publishConfig": { - "main": "dist/index.cjs", - "module": "dist/index.js", - "types": "dist/index.d.ts" + "access": "public" },Note: keep "files": ["dist"] and ensure build runs before publish.
packages/extension/package.json (3)
65-65: Move concurrently to devDependencies or remove if unused at runtime.
Avoids bundling a tool-only package.- "concurrently": "^9.2.1",
88-88: Remove yarn from runtime deps.
Yarn shouldn’t ship with the extension.- "yarn": "^1.22.22",If needed, add under devDependencies instead.
81-81: Remove redundant@types/uuiddev dependency
uuid v11 ships its own TypeScript definitions—drop the@types/uuidentry frompackages/extension/package.jsonto eliminate duplicate types and avoid conflicts.- "@types/uuid": "^10.0.0",
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
yarn.lockis excluded by!**/yarn.lock,!**/*.lock
📒 Files selected for processing (20)
packages/extension-bridge/package.json(2 hunks)packages/extension/package.json(6 hunks)packages/extension/src/providers/common/libs/new-features.ts(1 hunks)packages/extension/src/providers/ethereum/libs/activity-handlers/providers/etherscan/configs.ts(1 hunks)packages/extension/src/providers/ethereum/networks/index.ts(6 hunks)packages/extension/src/providers/ethereum/networks/tac.ts(1 hunks)packages/hw-wallets/package.json(3 hunks)packages/keyring/package.json(2 hunks)packages/name-resolution/package.json(3 hunks)packages/name-resolution/src/index.ts(2 hunks)packages/request/package.json(2 hunks)packages/signers/bitcoin/package.json(2 hunks)packages/signers/ethereum/package.json(2 hunks)packages/signers/kadena/package.json(2 hunks)packages/signers/polkadot/package.json(2 hunks)packages/storage/package.json(2 hunks)packages/swap/package.json(2 hunks)packages/types/package.json(2 hunks)packages/types/src/networks.ts(3 hunks)packages/utils/package.json(2 hunks)
🚧 Files skipped from review as they are similar to previous changes (12)
- packages/signers/bitcoin/package.json
- packages/signers/ethereum/package.json
- packages/swap/package.json
- packages/storage/package.json
- packages/utils/package.json
- packages/signers/polkadot/package.json
- packages/extension-bridge/package.json
- packages/request/package.json
- packages/name-resolution/package.json
- packages/extension/src/providers/ethereum/networks/index.ts
- packages/keyring/package.json
- packages/signers/kadena/package.json
🧰 Additional context used
🧬 Code graph analysis (1)
packages/extension/src/providers/ethereum/networks/tac.ts (2)
packages/extension/src/providers/ethereum/types/evm-network.ts (2)
EvmNetworkOptions(22-53)EvmNetwork(55-286)packages/extension/src/providers/ethereum/libs/activity-handlers/index.ts (1)
EtherscanActivity(10-10)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
- GitHub Check: buildAll
- GitHub Check: test
- GitHub Check: test
🔇 Additional comments (8)
packages/hw-wallets/package.json (1)
55-63: Verify peer dependencies and Node engine compatibility
- @ledgerhq/hw-app-* and @ledgerhq/hw-transport(/webusb) declare no peerDependencies.
- @ledgerhq/live-common (v34.20.0) adds peerDependencies on React ≥16, React-DOM ≥16, React-Redux ^7.2.9, React Native ≥0.65.1, redux-actions 2.6.5, react-native-svg ≥12.1.1 and @tanstack/react-query ≥5—ensure your host app satisfies these.
- @polkadot/types & @polkadot/util now require Node ≥18—confirm your package.json “engines” field.
packages/extension/package.json (2)
3-3: Version bump looks good.
137-139: Verify polyfill coverage for Node built-ins beyond crypto
Detected extensiveBufferusage across UI and provider modules underpackages/extension/src. Ensure yourvite.config.tsis configured so thatvite-plugin-node-polyfillspolyfills thebuffer,stream, andutilmodules (not justcrypto).packages/extension/src/providers/ethereum/networks/tac.ts (2)
19-19: Coingecko ID verified
The native asset ID “tac” matches CoinGecko’s API listing.
11-14: Chain ID and Explorer API – Confirmed
TAC mainnet uses chain ID 239 (0xEF), and explorer.tac.build provides an Etherscan-compatible/apiinterface.packages/extension/src/providers/common/libs/new-features.ts (1)
3-3: LGTM: TAC surfaced in “new networks”.packages/extension/src/providers/ethereum/libs/activity-handlers/providers/etherscan/configs.ts (1)
71-72: Approve TAC endpoint — explorer.tac.build is a Blockscout instance exposing Etherscan-compatible API routes (e.g. /api?module=account&action=txlist…) per Blockscout documentation [1][2]. Code changes approved.packages/types/src/networks.ts (1)
31-31: Enum additions/renames look correct.
zkSyncSepolia/CotiTestnet/TAC entries align with the network changes.Also applies to: 89-89, 110-111
feat: massalabs network
There was a problem hiding this comment.
Actionable comments posted: 30
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (6)
packages/extension/src/libs/tokens-state/index.ts (2)
26-56: Await storage write and fix address equality for non-hex (Massa) tokens.
- Missing
awaitonthis.storage.set(...)can cause races/data loss.- Case-insensitive comparison fits hex (0x...) but can be incorrect for base58-like Massa addresses. Compare case-insensitively only for hex.
async addErc20Token( chainName: NetworkNames, token: CustomErc20Token | CustomMassaToken, ): Promise<boolean> { let state: IState | null = await this.storage.get(StorageKeys.customTokens); if (state && state[chainName]) { const tokens = state[chainName]; + // Compare addresses: hex is case-insensitive, others (e.g., Massa) are case-sensitive. + const eqAddr = (a: string, b: string) => { + const isHex = a.startsWith('0x') && b.startsWith('0x'); + return isHex ? a.toLowerCase() === b.toLowerCase() : a === b; + }; + for (const t of tokens!) { if ( t.type === TokenType.ERC20 && - (t as CustomErc20Token).address.toLowerCase() === - token.address.toLowerCase() + eqAddr( + (t as unknown as CustomErc20Token | CustomMassaToken).address, + token.address, + ) ) { return false; } } tokens!.push(token); } else { if (state) { state[chainName] = [token]; } else { state = { [chainName]: [token] }; } } - this.storage.set(StorageKeys.customTokens, state); + await this.storage.set(StorageKeys.customTokens, state); return true; }
75-83: Use the same address comparison logic when removing tokens.Keeps behavior consistent for EVM and Massa addresses.
- if ( - token.type === TokenType.ERC20 && - (token as CustomErc20Token).address.toLowerCase() === - address.toLowerCase() - ) { + if (token.type === TokenType.ERC20) { + const eqAddr = (a: string, b: string) => { + const isHex = a.startsWith('0x') && b.startsWith('0x'); + return isHex ? a.toLowerCase() === b.toLowerCase() : a === b; + }; + if ( + eqAddr( + (token as unknown as CustomErc20Token | CustomMassaToken).address, + address, + ) + ) { tokens!.splice(i, 1); if (tokens!.length === 0) { delete state[chainName]; } await this.storage.set(StorageKeys.customTokens, state); return true; - } + } + }packages/extension/src/types/provider.ts (2)
26-37: Add Massa to ProviderName consumers (Provider union and exports).You introduced
ProviderName.massabutProvideromits the Massa injected provider type, which will cause typing gaps whereProvideris used generically.Apply:
import type { InjectedProvider as KadenaProvider } from '@/providers/kadena/types'; import type { InjectedProvider as SolanaProvider } from '@/providers/solana/types'; +import type { InjectedProvider as MassaProvider } from '@/providers/massa/types'; @@ export { EthereumProvider, PolkadotProvider, BitcoinProvider, KadenaProvider, SolanaProvider, + MassaProvider, }; @@ export type Provider = | EthereumProvider | PolkadotProvider | BitcoinProvider | KadenaProvider - | SolanaProvider; + | SolanaProvider + | MassaProvider;
113-128: Fix: MassaProvider.isPersistentEvent signature must match interfaceBackgroundProviderInterface declares isPersistentEvent(request: ProviderRPCRequest): Promise, but MassaProvider implements async isPersistentEvent(): Promise; update MassaProvider to accept the request parameter (e.g., async isPersistentEvent(request: ProviderRPCRequest): Promise { ... }) or change the interface if intended.
Locations: packages/extension/src/types/provider.ts:126; packages/extension/src/providers/massa/index.ts:62-64.packages/extension/src/ui/action/App.vue (1)
325-338: Type/logic bug: selectedAccount can be undefined; align with AccountsHeaderData (null) and guard.
activeAccounts[0]yieldsundefinedwhen empty, butAccountsHeaderData.selectedAccountisEnkryptAccount | null. This mismatch can break type-checks and lead to runtime NPEs (e.g., in openBuyPage).Apply:
- let selectedAccount = activeAccounts[0]; + let selectedAccount: EnkryptAccount | null = activeAccounts[0] ?? null; if (selectedAddress) { const found = activeAccounts.find(acc => acc.address === selectedAddress); - if (found) selectedAccount = found; + if (found) selectedAccount = found; }packages/extension/src/libs/background/types.ts (1)
2-5: Fix type-only imports:typeofon type-only imports breaks builds
typeof EthereumProvider/PolkadotProvider/KadenaProvideris used below, but they are imported withimport type. This causes TS errors (“only refers to a type, but is being used as a value here”). Import them as values instead.Apply:
-import type EthereumProvider from '@/providers/ethereum'; -import type PolkadotProvider from '@/providers/polkadot'; -import type KadenaProvider from '@/providers/kadena'; +import EthereumProvider from '@/providers/ethereum'; +import PolkadotProvider from '@/providers/polkadot'; +import KadenaProvider from '@/providers/kadena';Also applies to: 21-26
♻️ Duplicate comments (5)
packages/types/package.json (1)
27-31: Bump engines.node to 22.18.x (repeat of prior feedback).Dev deps (ESLint 9 / TS-ESLint 8 / TS 5.9) require modern Node; current
"engines.node": ">=14.15.0"is misleading for consumers and CI.Apply:
"engines": { - "node": ">=14.15.0" + "node": ">=22.18.0" },Also applies to: 41-43
packages/types/src/networks.ts (2)
89-89: Remove stale 'Opal' reference from documentationThe CotiDevnet to CotiTestnet rename is correct, but the README still contains a reference to the removed 'Opal' network that needs to be cleaned up.
31-31: Update stale references to removedZkSyncGoerliThe enum has been correctly updated to use
zkSyncSepoliainstead ofZkSyncGoerli. However, there are still references to the old enum value that need to be updated to prevent runtime errors.packages/extension/package.json (2)
67-67: ECharts v6 and vue-echarts v7 are incompatibleThe upgrade to ECharts v6 is incompatible with vue-echarts v7.0.3, which has a peer dependency on ECharts v5. This will cause build issues and potential runtime errors.
122-123: Migrate to ESLint Flat Config for v9 compatibilityESLint v9 requires the new Flat Config format. The legacy
.eslintrc.jsonfiles detected in the repository will be ignored.
🧹 Nitpick comments (66)
packages/extension/src/providers/ethereum/networks/ftm.ts (1)
11-12: Validate Fantom explorer TX path; consider EIP‑3091-standard/txinstead of/transactions.
- Blockscout/EIP‑3091 routes use
/tx/<hash>and/address/<addr>. If Fantom’s explorer is Blockscout-based, the canonical TX path should be/tx/[[txHash]]. The address route you set is fine. (docs.blockscout.com)- Fantom’s legacy explorer has historically accepted
/transactions/<hash>, but please confirm this is still the current detail route to avoid broken deep links. (explorer.fantom.network)Suggested change (if Fantom explorer expects EIP‑3091 paths):
- blockExplorerTX: 'https://explorer.fantom.network/transactions/[[txHash]]', + blockExplorerTX: 'https://explorer.fantom.network/tx/[[txHash]]',Manual check: open both variants with a known recent tx hash in a browser and ensure they resolve to the same transaction detail page. If only one works, lock to that path and (optionally) add a short comment noting the explorer’s expected route.
packages/extension/vite.config.ts (1)
56-60: Make the build stamp deterministic across locales/time zones.
toLocaleString()varies by locale/zone and can emit non-ASCII numerals, soreplace(/\D/g, '')may yield inconsistent or even empty results. Prefer ISO (UTC) or epoch time.Option A (stable ISO digits, minimal change):
- : JSON.stringify(new Date().toLocaleString().replace(/\D/g, '')), + : JSON.stringify(new Date().toISOString().replace(/\D/g, '')),Option B (also align Firefox to carry a timestamp for parity):
- ? JSON.stringify('FF-build') - : JSON.stringify(new Date().toLocaleString().replace(/\D/g, '')), + ? JSON.stringify(`FF-${new Date().toISOString().replace(/\D/g, '')}`) + : JSON.stringify(new Date().toISOString().replace(/\D/g, '')),packages/signers/massa/tsconfig.json (4)
18-24: Include/exclude conflict for testsYou include tests in "include" but exclude them below; exclude wins, so tests won’t be type-checked. Decide one:
- Build only src (typical): remove tests from include.
- "include": ["src/**/*.ts", "tests/**/*.ts"], + "include": ["src/**/*.ts"],
4-4: Drop DOM lib or add Node typesThis package runs in Node; "dom" can cause type collisions. Either remove "dom" or explicitly add Node types. Preferred: remove "dom" and add Node types.
- "lib": ["ESNext", "dom"], + "lib": ["ESNext"], + "types": ["node"],
5-5: Modernize target and moduleResolution for NodeTarget ES2015 is dated for current Node LTS; moduleResolution "node" is legacy. Recommend Node16 resolution and ES2020 (or ES2022) target.
- "moduleResolution": "node", + "moduleResolution": "Node16", - "target": "es2015", + "target": "ES2020",Also applies to: 10-16
3-17: Enable strict mode (optional) and faster CIConsider strict typing and skipping lib checks for speed.
"compilerOptions": { + "strict": true, + "skipLibCheck": true,packages/extension/src/providers/massa/ui/send-transaction/components/send-token-select.vue (7)
2-2: Make the row keyboard-accessible (anchor without href isn’t focusable/activatable).Either switch to a or add role/tabindex and key handlers.
- <a class="send-token-select" @click="emit('update:toggleTokenSelect')"> + <a + class="send-token-select" + role="button" + tabindex="0" + aria-label="Select token" + @click="emit('update:toggleTokenSelect')" + @keydown.enter.prevent="emit('update:toggleTokenSelect')" + @keydown.space.prevent="emit('update:toggleTokenSelect')" + >
4-4: Add alt text and guard missing icon.Provide descriptive alt, lazy-load, and avoid broken images when src is absent.
- <img :src="token.icon" alt="" /> + <img + v-if="token.icon" + :src="token.icon" + :alt="token.symbol || token.name || 'Token icon'" + loading="lazy" + />
26-28: Avoid “update:” event prefix unless using v-model.“update:toggleTokenSelect” suggests v-model usage on a prop named toggleTokenSelect, which isn’t present. Consider a plain “toggleTokenSelect” event, or wire this to an actual v-model.
Also applies to: 2-2
53-56: Remove duplicate CSS declaration.Duplicate box-sizing.
box-sizing: border-box; border: 1px solid @gray02; - box-sizing: border-box;
46-46: Scope styles to prevent bleed.These classnames look unique, but scoping is safer in large extensions.
-<style lang="less"> +<style scoped lang="less">
83-84: Improve text responsiveness; avoid fixed widths.Let content flex and truncate with ellipsis to handle long names/symbols.
&__info { + flex: 1; + min-width: 0; h5 { @@ - width: 290px; + white-space: nowrap; + overflow: hidden; + text-overflow: ellipsis; @@ p { @@ - width: 290px; + white-space: nowrap; + overflow: hidden; + text-overflow: ellipsis;Also applies to: 90-92, 101-103
4-4: Icon source hygiene.If token.icon can be user/data-driven, ensure it’s sanitized/whitelisted to avoid loading untrusted URLs in the extension UI.
Also applies to: 21-25
packages/extension/src/ui/action/components/app-menu/index.vue (1)
356-357: Harden name_long sorting with fallback and better collationGood call switching to name_long. To avoid runtime issues if any network lacks name_long (custom/legacy) and to improve UX (case/diacritics-insensitive, numeric-aware), compare with a fallback to name and pass locale options.
Please confirm all BaseNetwork entries define name_long; if not, this fallback will prevent crashes.
Apply this diff:
- ? a.name_long.localeCompare(b.name_long) - : b.name_long.localeCompare(a.name_long); + ? (a.name_long ?? a.name).localeCompare( + b.name_long ?? b.name, + undefined, + { sensitivity: 'base', numeric: true } + ) + : (b.name_long ?? b.name).localeCompare( + a.name_long ?? a.name, + undefined, + { sensitivity: 'base', numeric: true } + );Optional: cache a collator for perf and use collator.compare:
const collator = new Intl.Collator(undefined, { sensitivity: 'base', numeric: true }); // ... return sortBy.direction === NetworkSortDirection.Asc ? collator.compare(a.name_long ?? a.name, b.name_long ?? b.name) : collator.compare(b.name_long ?? b.name, a.name_long ?? a.name);packages/keyring/src/utils.ts (1)
14-16: Solana comment vs. code mismatch (hardened vs. non-hardened last segment)The comment says “Solana uses hardened paths” but returns
/0(non-hardened). If intentional, clarify the comment to avoid confusion; if not, consider/0'. Avoid changing behavior unless you’re sure about downstream expectations.Minimal comment-only clarification:
- return `${basePath}/${index}'/0`; // Solana uses hardened paths + return `${basePath}/${index}'/0`; // Solana: account is hardened; final segment here is intentionally non-hardenedpackage.json (1)
37-44: Add engines.node to enforce Node 22.18.0 (matches .nvmrc/CI).CI and base images are on Node 22.18.0; adding an engines constraint prevents accidental installs on older Node and aligns tooling.
Apply:
{ "name": "enkrypt", "packageManager": "yarn@4.5.1", "version": "0.0.3", "private": true, + "engines": { + "node": ">=22.18.0" + }, "workspaces": {packages/signers/massa/src/crypto/interfaces/hasher.ts (1)
2-3: Avoid Node-only Buffer in a cross-platform type; align with Blake3 input.Using Buffer in a public interface can break consumers without Node types. Blake3 already accepts Uint8Array|string.
Prefer:
-export default interface Hasher { - hash(data: Buffer | Uint8Array | string): Uint8Array -} +export default interface Hasher { + hash(data: Uint8Array | string): Uint8Array +}If Buffer must be explicit, import the type (no runtime cost):
+import type { Buffer } from 'node:buffer' export default interface Hasher { hash(data: Buffer | Uint8Array | string): Uint8Array }packages/extension/src/libs/tokens-state/types.ts (1)
24-26: TokenType lacks a MASSA discriminator; clarify semantics.CustomMassaToken extends CustomToken with a required
type: TokenType, but TokenType only has ERC20. This will force Massa tokens to masquerade as ERC20.Consider:
export enum TokenType { ERC20 = 'ERC20', + MASSA = 'MASSA', } export interface CustomMassaToken extends CustomToken { address: `AS${string}`; + type: TokenType.MASSA; }Also, please confirm the
ASprefix is correct for all Massa addresses you plan to store (mainnet/testnet). If multiple prefixes exist, a branded type or runtime validator may be safer.packages/signers/massa/src/crypto/interfaces/versioner.ts (1)
2-10: Reduce naming collision risk with app-level “Version” types.There’s another
Versioninterface in the UI layer; consider a more specific name to avoid import clashes.Example:
-export interface Versioner { - attach(version: Version, data: Uint8Array): Uint8Array - extract(data: Uint8Array): { version: Version; data: Uint8Array } +export interface Versioner { + attach(version: CryptoVersion, data: Uint8Array): Uint8Array + extract(data: Uint8Array): { version: CryptoVersion; data: Uint8Array } } -export enum Version { +export enum CryptoVersion { V0 = 0, V1 = 1, }packages/signers/massa/src/crypto/interfaces/sealer.ts (1)
2-7: Removeanywith a generic sealed-payload type.Keeps the interface flexible without sacrificing type safety.
-export default interface Sealer { - // eslint-disable-next-line @typescript-eslint/no-explicit-any - seal(data: Uint8Array): Promise<any> - // eslint-disable-next-line @typescript-eslint/no-explicit-any - unseal(data: any): Promise<Uint8Array> +export default interface Sealer<TSealed = unknown> { + seal(data: Uint8Array): Promise<TSealed> + unseal(data: TSealed): Promise<Uint8Array> }packages/extension/src/providers/common/ui/send-transaction/send-input-amount.vue (1)
147-151: Ellipsis treatment looks good; add discoverability for truncated values.Keep the single-line UI, but expose the full fiat string on hover for accessibility.
Template tweak (outside this hunk):
<span :title="$filters.parseCurrency(fiatEquivalent)"> {{ $filters.parseCurrency(fiatEquivalent) }} </span>Also applies to: 154-154, 165-167
packages/extension/src/providers/massa/libs/api.ts (3)
16-18: Remove unnecessary type assertionThe type assertion
as JsonRpcPublicProvideris redundant sincefromRPCUrlalready returns the correct type.this.provider = JsonRpcPublicProvider.fromRPCUrl( node, -) as JsonRpcPublicProvider; +);
25-25: Consider implementing the init methodThe empty
init()method might need implementation for provider initialization logic. If no initialization is required, consider adding a comment explaining why.-async init(): Promise<void> {} +async init(): Promise<void> { + // No initialization required - provider is ready after construction +}
44-45: Consider using a configuration value for default minimal feeThe hardcoded fallback fee value should be configurable or documented as a constant to make it easier to maintain.
+// Default minimal fee in base units (0.01 MAS with 9 decimals) +const DEFAULT_MINIMAL_FEE = '10000000'; + async getMinimalFee(): Promise<string> { try { const networkInfo = await this.provider.networkInfos(); return networkInfo.minimalFee.toString(); } catch { // Return a default minimal fee if network info is not available - return '10000000'; // 0.01 MAS in base units (9 decimals) + return DEFAULT_MINIMAL_FEE; } }packages/signers/massa/src/crypto/passwordSeal.ts (1)
58-61: Redundant validation callsThe
validate()method is called in bothseal()andunseal()methods, but the salt and nonce are already validated in the constructor and are immutable after construction.async seal(data: Uint8Array): Promise<Uint8Array> { - this.validate(); const key = await createKey(this.password, Buffer.from(this.salt)); return aesGCMEncrypt(data, key, Buffer.from(this.nonce)); } async unseal(data: Uint8Array): Promise<Uint8Array> { - this.validate(); const key = await createKey(this.password, Buffer.from(this.salt)); return aesGCMDecrypt(data, key, Buffer.from(this.nonce)); }Also applies to: 70-74
packages/signers/massa/src/crypto/cross-browser.ts (2)
52-53: Normalize PBKDF2 hash names across Node and WebCrypto.Browser expects "SHA-256"/"SHA-512"; Node typically "sha256"/"sha512". Normalize to avoid cross-env mismatch.
Add a small helper and use it in both paths:
function normalizeHashWebCrypto(h: string): 'SHA-256'|'SHA-512' { const x = h.toLowerCase().replace(/^sha-?/, ''); if (x === '256') return 'SHA-256'; if (x === '512') return 'SHA-512'; throw new Error(`unsupported PBKDF2 hash: ${h}`); }Then in browser:
hash: { name: normalizeHashWebCrypto(hash) }. In Node: map to lowercase:hash.toLowerCase().Also applies to: 67-71
78-82: Remove Buffer dependency in browser returns (ensure Uint8Array).Avoid assuming a Buffer polyfill in browsers; return Uint8Array.
- const buffer = Buffer.from(exportedKey) - return buffer + return new Uint8Array(exportedKey)- return Buffer.from(encrypted) + return new Uint8Array(encrypted)- return Buffer.from(decrypted) + return new Uint8Array(decrypted)If you prefer keeping Buffer, confirm a global Buffer polyfill is guaranteed in extension contexts.
Also applies to: 146-159, 204-217
packages/extension/src/providers/massa/ui/libs/signer.ts (2)
73-75: Consistent address typing for CallOperation.Other paths use
Address.fromString(...). Align types unlessCallOperation.addressis explicitly a string.- address: payload.to, + address: Address.fromString(payload.to),Please confirm the expected type in
@massalabs/massa-web3.
87-92: Typo: rename bufferTosign → bufferToSign.Minor readability nit.
- const bufferTosign = bufferToHex(serialized); + const bufferToSign = bufferToHex(serialized); ... - params: [bufferTosign, account], + params: [bufferToSign, account],packages/extension/src/providers/massa/libs/activity-handlers/index.ts (1)
1-3: Simplify re-export.One-liner reduces boilerplate.
-import MassaActivity from './massa'; - -export { MassaActivity }; +export { default as MassaActivity } from './massa';packages/extension/src/providers/massa/methods/index.ts (1)
15-18: Prefer awaiting middleware progression.If MiddlewareFunction follows the usual async chain pattern,
await next()is clearer and ensures errors propagate in-order.Apply:
- async (request, response, next) => { - // Add any additional Massa-specific middleware logic here - return next(); - }, + async (_req, _res, next) => { + // Add any additional Massa-specific middleware logic here + await next(); + },packages/extension/src/libs/tokens-state/index.ts (1)
20-25: Docs: note Massa tokens in the param description.Reflect the widened union type in JSDoc.
- * @param {CustomErc20Token} token - The token information being added. + * @param {CustomErc20Token | CustomMassaToken} token - The token information being added. + * Supports EVM (0x...) and Massa (AS...) token addresses.packages/extension/src/ui/action/App.vue (1)
201-226: Defensive guard for buy link address usage.If no active accounts exist (e.g., fresh profile),
selectedAccountcan be null until accounts are added. Guard to avoid a null deref when building links.Apply:
- default: - return `https://ccswap.myetherwallet.com/?to=${currentNetwork.value.displayAddress( - accountHeaderData.value.selectedAccount!.address, - )}&network=${currentNetwork.value.name}&crypto=${ - currentNetwork.value.currencyName - }&platform=enkrypt`; + default: { + const addr = + accountHeaderData.value.selectedAccount?.address ?? ''; + return `https://ccswap.myetherwallet.com/?to=${ + addr ? currentNetwork.value.displayAddress(addr) : '' + }&network=${currentNetwork.value.name}&crypto=${ + currentNetwork.value.currencyName + }&platform=enkrypt`; + }packages/extension/src/ui/action/views/verify-transaction/index.vue (1)
11-11: LGTM + consider lazy-loading Massa verify viewMapping and import look correct. To keep this route’s chunk small, lazy-load the Massa component.
Apply this minimal change:
-import VerifyTransactionMassa from '@/providers/massa/ui/send-transaction/verify-transaction/index.vue'; +const VerifyTransactionMassa = defineAsyncComponent( + () => + import( + '@/providers/massa/ui/send-transaction/verify-transaction/index.vue' + ), +);Additional import needed (outside the hunk):
import { shallowRef, defineAsyncComponent } from 'vue';Also applies to: 23-23
packages/extension/src/ui/action/views/network-activity/index.vue (1)
222-245: Make Massa status handling explicit and align “NotFound” with dropped semanticsCurrent logic defaults to failed when NotFound after 60s. Consider treating it as dropped (consistent with Solana branch) and use a switch for clarity.
- } else if (props.network.provider === ProviderName.massa) { - if (!info) return; - const massaInfo = info as MassaRawInfo; - if (isActivityUpdating || massaInfo === OperationStatus.PendingInclusion) - return; - - let status = ActivityStatus.failed; - // if the transaction is not found, and it's been less than 1 minute, wait for it to be processed - if ( - massaInfo === OperationStatus.NotFound && - Date.now() < activity.timestamp + 60_000 - ) { - return; - } else if ( - massaInfo === OperationStatus.Success || - massaInfo === OperationStatus.SpeculativeSuccess - ) { - status = ActivityStatus.success; - } - - activity.status = status; - activity.rawInfo = massaInfo; - updateActivitySync(activity).then(() => updateVisibleActivity(activity)); + } else if (props.network.provider === ProviderName.massa) { + if (!info) return; + const massaInfo = info as MassaRawInfo; + if (isActivityUpdating) return; + + switch (massaInfo) { + case OperationStatus.PendingInclusion: + return; // keep polling + case OperationStatus.NotFound: + if (Date.now() < activity.timestamp + 60_000) return; + activity.status = ActivityStatus.dropped; + break; + case OperationStatus.Success: + case OperationStatus.SpeculativeSuccess: + activity.status = ActivityStatus.success; + break; + default: + activity.status = ActivityStatus.failed; + } + activity.rawInfo = massaInfo; + updateActivitySync(activity).then(() => updateVisibleActivity(activity)); }packages/signers/massa/tests/sign.test.ts (1)
28-38: LGTM: sign/verify happy pathCovers core flow; consider adding a test with a different path/account index later.
packages/signers/massa/package.json (1)
6-11: Point entry fields to built artifacts and add exports mapUsing
src/index.tsformain/modulecan break consumers and tooling. Publish-time overrides help, but local workspace consumers will still resolve TS. Prefer dist outputs and an explicit exports map.- "main": "src/index.ts", - "module": "src/index.ts", + "main": "dist/index.cjs", + "module": "dist/index.js", + "types": "dist/index.d.ts", + "exports": { + ".": { + "types": "./dist/index.d.ts", + "import": "./dist/index.js", + "require": "./dist/index.cjs" + } + },packages/signers/massa/src/crypto/base58.ts (1)
10-10: Use Buffer conversions to avoid type pitfalls in browsers and strict build setupsbs58check expects Buffer; be explicit on encode and return plain Uint8Array on decode.
- return bs58check.encode(data) + return bs58check.encode(Buffer.from(data)) @@ - return bs58check.decode(data) + return Uint8Array.from(bs58check.decode(data))Also applies to: 15-15
packages/extension/src/providers/massa/methods/massa_setNetwork.ts (1)
16-44: Tighten validation and simplify key checksMinor streamlining: guard param type, avoid building an array, and return after
res()to prevent accidental fall-through.Apply:
- const networkName = payload.params?.[0]; + const raw = payload.params?.[0]; + if (typeof raw !== 'string' || !raw.trim()) { + res(getCustomError('Network name is required')); + return; + } + const networkName = raw as keyof typeof massaNetworks; @@ - const availableNetworks = Object.keys(massaNetworks); - - if (!availableNetworks.includes(networkName)) { + if (!(networkName in massaNetworks)) { res( getCustomError( - `Invalid network name. Available networks: ${availableNetworks.join(', ')}`, + `Invalid network name. Available networks: ${Object.keys(massaNetworks).join(', ')}`, ), ); return; } @@ - if (this.setRequestProvider) { - this.setRequestProvider(network); - res(null, { success: true, network: network.name }); - } else { - res(getCustomError('Network switching not supported')); - } + if (!this.setRequestProvider) { + res(getCustomError('Network switching not supported')); + return; + } + this.setRequestProvider(network); + res(null, { success: true, network: network.name }); + return;packages/signers/massa/src/crypto/varintVersioner.ts (1)
17-20: Avoid extra allocations and add a small safety checkMicro-optimization on attach; plus a basic bounds check after decode for robustness.
Apply:
- attach(version: Version, data: Uint8Array): Uint8Array { - const versionArray = varint.encode(version); - return new Uint8Array([...versionArray, ...data]); - } + attach(version: Version, data: Uint8Array): Uint8Array { + const ver = varint.encode(version); + const out = new Uint8Array(ver.length + data.length); + out.set(ver, 0); + out.set(data, ver.length); + return out; + } @@ - extract(data: Uint8Array): { version: Version; data: Uint8Array } { - const version = varint.decode(data); - return { data: data.slice(varint.decode.bytes), version }; - } + extract(data: Uint8Array): { version: Version; data: Uint8Array } { + const version = varint.decode(data); + const offset = varint.decode.bytes; + if (!offset || offset < 0 || offset > data.length) + throw new Error('Invalid varint prefix'); + return { data: data.slice(offset), version }; + }Also applies to: 30-33
packages/extension/src/types/base-network.ts (1)
11-11: Align import path style with the rest of the fileUse the alias import like others for consistency and path stability.
Apply:
-import MassaAPI from '../providers/massa/libs/api'; +import MassaAPI from '@/providers/massa/libs/api';packages/signers/massa/src/crypto/interfaces/signer.ts (1)
1-11: Style nit: add semicolons to match common interface member delimiter styleIf your lint/prettier prefers semicolons, add them; otherwise ignore.
Apply:
export default interface Signer { - generatePrivateKey(): Uint8Array - getPublicKey(privateKey: Uint8Array): Promise<Uint8Array> - sign(privateKey: Uint8Array, data: Uint8Array): Promise<Uint8Array> + generatePrivateKey(): Uint8Array; + getPublicKey(privateKey: Uint8Array): Promise<Uint8Array>; + sign(privateKey: Uint8Array, data: Uint8Array): Promise<Uint8Array>; verify( publicKey: Uint8Array, data: Uint8Array, signature: Uint8Array - ): Promise<boolean> + ): Promise<boolean>; }packages/extension/src/ui/action/views/network-assets/index.vue (1)
155-161: Consider extracting network detection logic to a composableThe network type detection logic could be reused across other components. Consider creating a composable that encapsulates this pattern for better reusability.
Example structure:
// useNetworkType.ts export function useNetworkType(network: Ref<BaseNetwork>) { const isEvmNetwork = computed(() => network.value.provider === ProviderName.ethereum ); const isMassaNetwork = computed(() => network.value.provider === ProviderName.massa ); // Add other network types as needed return { isEvmNetwork, isMassaNetwork }; }packages/signers/massa/src/index.ts (1)
39-52: Consider more specific error handling in verify methodThe catch block logs all errors generically. Different error types (invalid format, corrupted data, etc.) could provide more actionable feedback.
async verify( msgHash: string, sig: string, publicKey: string, ): Promise<boolean> { try { const massaPublicKey = PublicKey.fromString(publicKey); const signature = Signature.fromString(sig); return massaPublicKey.verify(hexToBuffer(msgHash), signature); } catch (error) { - console.error("Massa signature verification failed:", error); + if (error instanceof Error) { + if (error.message.includes('invalid public key')) { + console.error("Invalid Massa public key format:", error.message); + } else if (error.message.includes('invalid signature')) { + console.error("Invalid Massa signature format:", error.message); + } else { + console.error("Massa signature verification failed:", error.message); + } + } return false; } }packages/extension/src/providers/massa/ui/send-transaction/components/send-address-input.vue (2)
108-115: Extract magic string to a constantThe hardcoded placeholder address should be extracted to a named constant for better maintainability.
+const PLACEHOLDER_ADDRESS = '0'.repeat(64); + const placeholderIdenticonSrc = computed(() => { if (props.network && props.network.identicon) { - return props.network.identicon( - '000000000000000000000000000000000000000000000000000000000000000000', - ); + return props.network.identicon(PLACEHOLDER_ADDRESS); } return ''; });
75-77: Remove unnecessary computed wrapperThe
massaAddresscomputed property simply returnsprops.valuewithout any transformation. Consider usingprops.valuedirectly.-const massaAddress = computed(() => { - return props.value; -}); const isValidMassaAddress = computed(() => { - if (!massaAddress.value || massaAddress.value.trim() === '') return false; - return props.network.isValidAddress(massaAddress.value); + if (!props.value || props.value.trim() === '') return false; + return props.network.isValidAddress(props.value); });Then update all references from
massaAddress.valuetoprops.value.packages/extension/src/providers/massa/ui/send-transaction/verify-transaction/index.vue (2)
278-284: Avoid fixed 4s delay before navigationNavigating after an arbitrary delay can feel sluggish. Consider navigating immediately and showing the success toast/banner on the Activity page instead.
- setTimeout(() => { - showOperationId.value = false; - isProcessing.value = false; - callToggleRate(); - router.push({ name: 'activity', params: { id: network.value.name } }); - }, 4000); + isProcessing.value = false; + callToggleRate(); + router.push({ name: 'activity', params: { id: network.value.name } });
15-21: Replace inline red style with themed classInline styles hinder theming. Use a class that leverages theme variables.
-<p - class="verify-transaction__description" - style="color: red" - :class="{ popup: isPopup }" -> +<p + class="verify-transaction__description verify-transaction__error" + :class="{ popup: isPopup }" +>And in style:
.verify-transaction { + &__error { + color: @error; // or a dedicated danger/red token + }packages/extension/src/providers/massa/networks/massa-base.ts (2)
117-129: Duplication check againstassetsis currently a no-op
assetsonly has the native MAS entry (nocontract), so this duplicate check never excludes anything. Consider deduping by a Set of lowercase contracts when mergingcustomTokens.- for (const a of assets) { - if ( - a.contract && - (token as CustomMassaToken).address && - a.contract.toLowerCase() === - (token as CustomMassaToken).address.toLowerCase() - ) { - return false; - } - } + // If needed later when merging different sources: + // const seen = new Set(assets.filter(a => a.contract).map(a => a.contract!.toLowerCase())); + // if (token.address && seen.has(token.address.toLowerCase())) return false;
248-285: Consider exposingcoingeckoPlatformin options helperIf you plan to support token price lookups by contract, add an optional
coingeckoPlatformtocreateMassaNetworkOptionsand wire it from mainnet/buildnet configs.-export function createMassaNetworkOptions(config: { +export function createMassaNetworkOptions(config: { name: NetworkNames; name_long: string; blockExplorerTX: string; blockExplorerAddr: string; isTestNetwork: boolean; node: string; chainId: bigint; coingeckoID?: string; + coingeckoPlatform?: string; }): MassaNetworkOptions { return { ... - coingeckoID: config.coingeckoID, + coingeckoID: config.coingeckoID, + coingeckoPlatform: config.coingeckoPlatform,packages/signers/massa/src/libs/signature.ts (1)
95-101: Same expected/actual mismatch in fromBytesKeep error messages consistent.
- if (extractedVersion !== version) { - throw new Error( - `invalid version: ${version}. ${signature.version} was expected.`, - ); - } + if (extractedVersion !== version) { + throw new Error(`invalid version: ${extractedVersion}. ${version} was expected.`); + }packages/signers/massa/src/libs/address.ts (4)
125-131: Consistency: encode address type with varint everywhereIn
fromStringthe type is varint-encoded; infromPublicKeyit was a raw byte. Encode withvarint.encodefor consistency and future-proofing.- AddressType.EOA, + ...varint.encode(AddressType.EOA),
132-134: Type-safe error handling in catch block
eisunknownin TS. Accessinge.messagecan error at compile time.- } catch (e) { - throw new Error(`invalid address string: ${e.message}`); - } + } catch (e) { + const msg = e instanceof Error ? e.message : String(e); + throw new Error(`invalid address string: ${msg}`); + }
183-195: Reject unknown address types earlyIf
addressTypeis notEOAorContract, fail fast to avoid mis-parsing and silent bugs.const addressType = address.getType(); + if (![AddressType.EOA, AddressType.Contract].includes(addressType)) { + throw new Error(`invalid address type: ${addressType}`); + }
231-253: Make extractFromBuffer robust (bounds checks and decode failures)
varint.decode.bytesis always a number on success; if decoding fails, it throws—wrap in try/catch.- Validate
offset + addrLen <= data.lengthto avoid returning truncated slices.- Avoid hardcoding
UNDERLYING_HASH_LEN; derive payload length from the versioned part where possible (or clearly gate it byVersion.V0).static extractFromBuffer( data: Uint8Array, offset = 0, ): { data: Uint8Array; length: number } { - // addr type - varint.decode(data, offset); - const typeLen = varint.decode.bytes; - if (typeLen === undefined) { - throw new Error("invalid address: type not found."); - } - - // version - varint.decode(data, offset + typeLen); - const versionLen = varint.decode.bytes; - if (versionLen === undefined) { - throw new Error("invalid address: version not found."); - } - - const addrLen = typeLen + versionLen + UNDERLYING_HASH_LEN; - - const extractedData = data.slice(offset, offset + addrLen); - return { data: extractedData, length: addrLen }; + try { + // addr type + varint.decode(data, offset); + const typeLen = varint.decode.bytes; + // version + varint.decode(data, offset + typeLen); + const versionLen = varint.decode.bytes; + // NOTE: V0 uses a 32-byte payload. If/when versions change, update logic here. + const payloadLen = UNDERLYING_HASH_LEN; // V0 + const addrLen = typeLen + versionLen + payloadLen; + if (offset + addrLen > data.length) { + throw new Error("invalid address: buffer too short."); + } + const extractedData = data.slice(offset, offset + addrLen); + return { data: extractedData, length: addrLen }; + } catch (e) { + const msg = e instanceof Error ? e.message : String(e); + throw new Error(`invalid address: ${msg}`); + } }Optionally compute
payloadLenfrom aVersionerforVersion.V0+to avoid the 32-byte constant.packages/extension/src/ui/action/views/network-assets/components/custom-massa-token.vue (5)
17-24: Don't mark empty input as invalidCurrently, the input shows an error style when empty. Gate the invalid class on non-empty value.
- <input - v-model="contractAddress" - :class="{ invalid: !isValidAddress }" + <input + v-model.trim="contractAddress" + :class="{ invalid: !!contractAddress && !isValidAddress }"
154-201: Debounce and cancel stale fetches to avoid race conditions while typing
watch(contractAddress, fetchTokenInfo)fires on every keystroke. Without cancelation, late responses can overwrite newer state.-const fetchTokenInfo = async () => { +let reqId = 0; +const fetchTokenInfo = async () => { + const id = ++reqId; if (!isValidAddress.value) { tokenInfo.value = undefined; accountBalance.value = undefined; notTokenAddress.value = false; return; } try { const api = (await props.network.api()) as MassaAPI; const mrc20 = new MRC20(api.provider, contractAddress.value); @@ - tokenInfo.value = tokenInfos; + if (id !== reqId) return; // stale + tokenInfo.value = tokenInfos; @@ - accountBalance.value = balance; + if (id !== reqId) return; // stale + accountBalance.value = balance; @@ - notTokenAddress.value = false; + if (id !== reqId) return; // stale + notTokenAddress.value = false; } catch (error) { console.error('Error fetching token info:', error); - tokenInfo.value = undefined; - accountBalance.value = undefined; - notTokenAddress.value = true; + if (id === reqId) { + tokenInfo.value = undefined; + accountBalance.value = undefined; + notTokenAddress.value = true; + } } };Optionally add a small debounce (e.g., 250ms) if
@vueuse/coreis available.
230-244: Use unformatted balance for math; reserve formatted for display
balanceDisplayFormattedcan be rounded/truncated. UsebalanceFormattedfor USD math and keepbalanceDisplayFormattedfor UI.- const balanceUSD = new BigNumber(balanceDisplayFormatted) + const balanceUSD = new BigNumber(balanceFormatted) .times(price) .toNumber(); - const balanceUSDf = new BigNumber(balanceDisplayFormatted) + const balanceUSDf = new BigNumber(balanceFormatted) .times(price) .toString();
171-178: Type safety and normalization for contract addressEnsure the address is uppercase and trimmed to match
isValidAddressexpectations.- address: contractAddress.value as `AS${string}`, + address: contractAddress.value.toUpperCase() as `AS${string}`,You already added
v-model.trimabove.
253-255: Debounced watcherHook the debounced/stale-safe fetch into the watcher.
-watch(contractAddress, () => { - fetchTokenInfo(); -}); +watch(contractAddress, () => { fetchTokenInfo(); }); +// Optional: with debounce +// const debounced = useDebounceFn(fetchTokenInfo, 250); +// watch(contractAddress, debounced);packages/extension/src/providers/massa/index.ts (2)
78-82: Type-safe error serialization in request()
eisunknownandJSON.stringify(e.message)can yield quoted strings or"undefined". Serialize robustly.- .catch(e => { - return { - error: JSON.stringify(e.message), - }; - }); + .catch((e: unknown) => { + const msg = e instanceof Error ? e.message : String(e); + return { error: JSON.stringify(msg) }; + });
66-68: Nit: avoid returning a non-Promise from async sendNotificationNot harmful, but explicit
voidimproves intent.- async sendNotification(notif: string): Promise<void> { - return this.toWindow(notif); - } + async sendNotification(notif: string): Promise<void> { + this.toWindow(notif); + }packages/signers/massa/src/libs/keys.ts (2)
79-85: Code duplication in checkPrefix methodsBoth
PrivateKeyandPublicKeyhave identicalcheckPrefixmethods with only the error message differing. This violates the DRY principle.Consider extracting this to a shared utility function:
+function checkKeyPrefix(str: string, expectedPrefix: string, keyType: string): void { + if (!str.startsWith(expectedPrefix)) { + throw new Error( + `invalid ${keyType} key prefix: ${expectedPrefix} was expected.`, + ); + } +} export class PrivateKey { // ... other code ... private checkPrefix(str: string): void { - if (!str.startsWith(this.prefix)) { - throw new Error( - `invalid private key prefix: ${this.prefix} was expected.`, - ); - } + checkKeyPrefix(str, this.prefix, 'private'); }And similarly for
PublicKey.Also applies to: 263-269
341-343: Typo in documentation commentThere's a typo in the comment: "very" should be "verify".
* @remarks - * This function very a byte-encoded message. The message is first hashed and then verified. + * This function verifies a byte-encoded message. The message is first hashed and then verified. * Do not pass a digest to this function as it will be hashed twice.packages/signers/massa/src/crypto/ed25519.ts (2)
6-8: Clarify pre-hash expectation in docs.Callers pass pre-hashed data (see libs/keys.ts), which differs from Ed25519’s usual “raw message” expectation. Make this explicit to prevent misuse.
/** - * Ed25519 implementation of the Signer interface. + * Ed25519 implementation of the Signer interface. + * Note: sign()/verify() expect pre-hashed input (see hasher usage in libs/keys.ts). */
11-13: Optional: add lightweight input guards for clearer errors.Noble will throw on bad lengths; adding explicit checks yields faster, friendlier messages at the boundary.
export default class Ed25519 implements Signer { // eslint-disable-next-line class-methods-use-this -- Expected by the interface. generatePrivateKey(): Uint8Array { return utils.randomPrivateKey(); } // eslint-disable-next-line class-methods-use-this -- Expected by the interface. async getPublicKey(privateKey: Uint8Array): Promise<Uint8Array> { + if (privateKey.length !== 32) throw new Error("Ed25519 privateKey must be 32 bytes"); return getPublicKey(privateKey); } // eslint-disable-next-line class-methods-use-this -- Expected by the interface. async sign(privateKey: Uint8Array, data: Uint8Array): Promise<Uint8Array> { + if (privateKey.length !== 32) throw new Error("Ed25519 privateKey must be 32 bytes"); return sign(data, privateKey); } // eslint-disable-next-line class-methods-use-this -- Expected by the interface. async verify( publicKey: Uint8Array, data: Uint8Array, signature: Uint8Array, ): Promise<boolean> { + if (publicKey.length !== 32) throw new Error("Ed25519 publicKey must be 32 bytes"); + if (signature.length !== 64) throw new Error("Ed25519 signature must be 64 bytes"); return verify(signature, data, publicKey); } }Also applies to: 16-18, 21-23, 26-32
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (3)
packages/types/package.json (1)
23-25: Bump engines.node to match ESLint 9 / TS-ESLint 8 minimums (and repo standard).Current ">=14.15.0" is incompatible with devDeps here. Set to at least 18.18.0; if the repo standard is Node 22.18.x, prefer aligning to that.
"engines": { - "node": ">=14.15.0" + "node": ">=22.18.0" },packages/extension/package.json (2)
121-124: ESLint 9 requires Flat Config — ensure migration before mergingWith eslint^9 and eslint-plugin-vue^10, .eslintrc* is ignored. Confirm an eslint.config.* exists and CI uses it.
Run from repo root:
#!/bin/bash # Expect at least one flat config at root or per-package fd -a '^eslint\.config\.(js|ts|mjs|cjs)$' -H # Flag legacy configs that ESLint 9 ignores fd -a '^\.eslintrc(\..*)?$' -H # Show lint script targets in packages/extension jq -r '.scripts.lint' packages/extension/package.jsonAlso applies to: 122-123
66-68: echarts v6 is incompatible with vue-echarts v7 — fix the peer mismatch or expect breakagevue-echarts@7 peers on echarts^5, but deps declare echarts^6. Either upgrade vue-echarts to v8 (and validate) or pin echarts back to v5 now.
Two safe options (pick one):
Option A — pin echarts to v5 (low risk, immediate):
- "echarts": "^6.0.0", + "echarts": "^5.6.0",Option B — move to vue-echarts v8 (requires full validation):
- "vue-echarts": "7.0.3", + "vue-echarts": "8.0.0-beta.1",Also applies to: 82-84
🧹 Nitpick comments (4)
packages/types/package.json (2)
41-42: Keep typescript‑eslint version specifiers consistent.Plugin/parser use carets; the meta package is pinned. Prefer consistent ranges to avoid accidental mismatches.
- "typescript-eslint": "8.43.0" + "typescript-eslint": "^8.43.0"
1-21: Optional: add exports map and top-level types for clearer resolution.Since publishConfig switches to dist, consider an explicit exports map and root "types" to prevent deep-imports and dual-mode confusion.
"module": "src/index.ts", + "types": "dist/index.d.ts", + "exports": { + ".": { + "types": "./dist/index.d.ts", + "import": "./dist/index.js", + "require": "./dist/index.cjs" + } + }, "publishConfig": {packages/extension/package.json (2)
66-91: Move build-time tools to devDependencies; keep runtime libs in dependenciesAvoid shipping dev tools in the production graph and ensure runtime imports aren’t in devDeps.
Apply:
"dependencies": { @@ - "concurrently": "^9.2.1", @@ - "yarn": "^1.22.22", + // dev-only tooling belongs in devDependencies + // "concurrently" and "yarn" should not be runtime deps @@ - "vue-echarts": "7.0.3", + "vue-echarts": "7.0.3", @@ }, "devDependencies": { @@ + "concurrently": "^9.2.1", @@ - "webextension-polyfill": "^0.12.0" + // NOTE: webextension-polyfill is a runtime import in the app. + // Move it to dependencies so installs that omit devDeps still work. + "webextension-polyfill": "^0.12.0" },And split CLI-only package:
"dependencies": { @@ - "@kadena/pactjs-cli": "^1.18.0", + // CLI used by scripts; move to devDependencies @@ }, "devDependencies": { @@ + "@kadena/pactjs-cli": "^1.18.0", },If you intentionally keep webextension-polyfill in devDependencies because the bundler inlines it from dev graph, please confirm CI/production builds always perform a full install (not --production), or move it to dependencies.
Also applies to: 92-144
1-6: Declare Node engine (align with Vite 7, ESLint 9, @types/node 22)Set engines to avoid accidental installs on unsupported Node versions and reduce CI flakiness.
{ "name": "@enkryptcom/extension", "version": "2.11.0", "private": true, "type": "module", + "engines": { + "node": ">=20.9.0" + },Optionally add packageManager at the repo root (preferred) instead of adding “yarn” as a dependency.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
yarn.lockis excluded by!**/yarn.lock,!**/*.lock
📒 Files selected for processing (2)
packages/extension/package.json(6 hunks)packages/types/package.json(2 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
- GitHub Check: buildAll
- GitHub Check: test
- GitHub Check: test
🔇 Additional comments (4)
packages/types/package.json (1)
27-27: No exported types reference @massalabs/massa-web3 — keeping it in devDependencies is fine.
packages/types/src (index.ts, networks.ts) contains no imports/exports referencing @massalabs/massa-web3 and there are no built .d.ts artifacts; devDependency is appropriate. If you later expose types that depend on massa-web3, move it to dependencies or declare it as peerDependency + devDependency.packages/extension/package.json (3)
3-3: Version bump acknowledged2.11.0 looks good from a packaging perspective.
81-82: uuid@11 is ESM-only — imports are ESM and no CommonJS require foundAll usages are ESM imports; no require('uuid') detected. Found in: packages/extension/src/libs/background/index.ts:7, packages/extension/src/libs/backup-state/index.ts:24, packages/extension/src/providers/ethereum/inject.ts:20, packages/extension/src/providers/ethereum/libs/tx-broadcaster.ts:2, packages/request/src/libs/wsClient.ts:3, packages/swap/src/providers/changelly/index.ts:2.
41-43: Verify MV3 extension compatibility for added web3 depsFindings: packages/extension/package.json includes @massalabs/massa-web3, @polkadot/*@16.x, @solana/web3.js/@solana/spl-token and web3-eth/web3-utils; yarn.lock shows polkadot wasm packages and multiple solana/web3 versions. No packages/extension/dist and no packages/extension/manifest.json found. Search of packages/extension/src returned no direct Node-core require(...) imports or obvious eval/dynamic-import usages. I found no evidence of vite-plugin-node-polyfills in packages/extension.
Required checks (run and attach outputs):
- Show vite config(s) and search for polyfills plugin: cat packages/extension/vite.config.{ts,js} || rg -n "vite-plugin-node-polyfills|polyfill" -S
- Provide extension manifest content (manifest_version and content_security_policy): cat packages/extension/manifest.json (or the generated manifest path)
- Build and inspect bundle artifacts/sizes: (cd packages/extension && yarn build) && ls -la dist && fd -HI -e wasm -e map dist && du -sh dist
- Show which entrypoints import heavy web3 deps: rg -n "@PolkaDot|@Solana|massa-web3|web3-eth|web3-utils" packages/extension/src -S
If polyfills are missing or wasm/assets are bundled into popup/CSP-restricted pages, move heavy libs to background or lazy-load them, or add/configure vite-plugin-node-polyfills + rollup/browser shims to avoid eval/dynamic-import CSP failures.
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (2)
packages/extension/package.json (2)
121-123: ESLint 9 requires Flat Config — confirm migration and CI usage.
.eslintrc* is ignored in ESLint v9; ensure an eslint.config.* exists at repo root or this package and that lint scripts/CI use it.#!/bin/bash # Verify Flat Config present and legacy configs to be removed/migrated fd -a '^eslint\.config\.(js|ts|mjs|cjs)$' -H || echo "Missing eslint.config.*" fd -a '^\.eslintrc(\..*)?$' -H
66-68: Fix echarts v6 + vue-echarts v7 peer-dependency mismatch before release.
vue-echarts@7 peers on echarts v5; with echarts@^6.0.0 this will warn/error and can break charts. Either downgrade echarts to v5 or upgrade vue-echarts to v8 that supports v6, then validate rendering.Option A — keep vue-echarts@7 (pin echarts to v5):
- "echarts": "^6.0.0", + "echarts": "^5.6.0",Option B — move to vue-echarts@8 (keep echarts v6):
- "vue-echarts": "7.0.3", + "vue-echarts": "^8.0.0",Which vue-echarts versions officially support echarts v6, and is there a stable (non‑beta) v8 release compatible with Vue 3.5+?Also applies to: 83-84
🧹 Nitpick comments (6)
packages/extension/package.json (1)
89-89: Remove “yarn” from runtime dependencies.
Bundling Yarn as an app dependency is unnecessary and bloats install size. Use corepack (Node 22 includes it) and workspace tooling instead.Apply:
- "yarn": "^1.22.22",Optional: declare package manager at repo root (not required in this file):
{ "packageManager": "yarn@1.22.22" }packages/signers/massa/package.json (5)
6-12: Add exports map, prepack, and improve scripts separation.
- Provide proper ESM/CJS + types via "exports".
- Ensure builds exist on publish with "prepack".
- Keep "lint" read-only; add a separate "format".
"type": "module", "main": "src/index.ts", "module": "src/index.ts", + "exports": { + ".": { + "types": "./dist/index.d.ts", + "import": "./dist/index.js", + "require": "./dist/index.cjs" + } + }, "publishConfig": { "main": "dist/index.cjs", "module": "dist/index.js", "types": "dist/index.d.ts" }, @@ "scripts": { "build": "tsup src/index.ts --format esm,cjs --dts --clean", - "lint": "prettier --write .", + "lint": "eslint . --ext .ts,.js,.mjs,.cjs", + "format": "prettier --write .", "test": "vitest run" }, + "prepack": "npm run build",Also applies to: 16-20
8-12: Set publish access explicitly for scoped package.Prevents accidental private publish.
"publishConfig": { "main": "dist/index.cjs", "module": "dist/index.js", "types": "dist/index.d.ts" - }, + , "access": "public" + },
55-58: Fix repository metadata for npm.Use repo root URL plus "directory" for the package path.
"repository": { "type": "git", - "url": "git+https://github.com/enkryptcom/enKrypt/tree/main/packages/signers/massa" + "url": "git+https://github.com/enkryptcom/enKrypt.git", + "directory": "packages/signers/massa" },
24-33: Avoid dual ed25519 stacks unless required.Both @noble/ed25519 and tweetnacl increase footprint. If only one is used, drop the other.
Want me to scan usage across the repo to confirm which API is actually called?
13-15: Enable tree‑shaking if safe.Mark as side‑effect free to help bundlers, assuming no global side effects.
"files": [ "dist" ], + "sideEffects": false,
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
yarn.lockis excluded by!**/yarn.lock,!**/*.lock
📒 Files selected for processing (16)
packages/extension-bridge/package.json(2 hunks)packages/extension/package.json(6 hunks)packages/hw-wallets/package.json(3 hunks)packages/keyring/package.json(2 hunks)packages/keyring/tests/generate.test.ts(1 hunks)packages/name-resolution/package.json(3 hunks)packages/request/package.json(2 hunks)packages/signers/bitcoin/package.json(2 hunks)packages/signers/ethereum/package.json(2 hunks)packages/signers/kadena/package.json(2 hunks)packages/signers/massa/package.json(1 hunks)packages/signers/polkadot/package.json(2 hunks)packages/storage/package.json(2 hunks)packages/swap/package.json(2 hunks)packages/types/package.json(2 hunks)packages/utils/package.json(2 hunks)
🚧 Files skipped from review as they are similar to previous changes (12)
- packages/request/package.json
- packages/signers/ethereum/package.json
- packages/storage/package.json
- packages/extension-bridge/package.json
- packages/signers/bitcoin/package.json
- packages/swap/package.json
- packages/name-resolution/package.json
- packages/utils/package.json
- packages/signers/kadena/package.json
- packages/signers/polkadot/package.json
- packages/types/package.json
- packages/hw-wallets/package.json
🧰 Additional context used
🧬 Code graph analysis (1)
packages/keyring/tests/generate.test.ts (2)
packages/storage/src/index.ts (1)
Storage(5-44)packages/keyring/src/index.ts (1)
password(113-133)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
- GitHub Check: buildAll
- GitHub Check: test
- GitHub Check: test
🔇 Additional comments (9)
packages/extension/package.json (3)
3-3: Version bump acknowledged for 2.11.0.
No concerns with the version change.
116-116: Verified: @vitejs/plugin-vue@^6 and vite-plugin-node-polyfills@0.24.0 are compatible with Vite 7.x (including 7.1.5).
Confirmed: @vitejs/plugin-vue v6 targets Vite 7 and vite-plugin-node-polyfills v0.24.0 supports Vite 7 — no changes required.
82-82: UUID v11 import-style audit — verify ESM compatibilityuuid@^11.1.0 is declared in packages/swap, packages/request, packages/extension (yarn.lock resolves to 11.1.0); a repo search found no legacy default/require imports or uuid.v1–v5 calls. If any package is built/consumed as CommonJS or uses dynamic require, update usages to named ESM imports (e.g. import { v4 as uuidv4 } from 'uuid') or pin to a pre-ESM uuid version.
packages/signers/massa/package.json (1)
34-54: Verify/remove @types/hdkey devDependencypackages/signers/massa/package.json lists "@types/hdkey" in devDependencies, but repository search returned no matches (ripgrep reported "No files were searched" — inconclusive). Confirm whether hdkey types are required; if not, remove the entry from packages/signers/massa/package.json.
packages/keyring/package.json (3)
33-33: @polkadot/util patch bump: LGTM.Patch-level update; low risk.
28-28: Massa signer dep: LGTM.
Imported and registered in packages/keyring/src/index.ts (import at line 22; signer map entry at line 55).
21-23: Bump engines.node to match CI / ESLint toolingESLint v9 / typescript‑eslint v8 require newer Node; CI targets Node 22.18.x — update engines to avoid install/runtime surprises.
File: packages/keyring/package.json (lines 21-23)
Apply:
"engines": { - "node": ">=14.15.0" + "node": ">=22.18.0" },Verify repo-wide engines (run in repo root):
find . -type f -name package.json -not -path '/node_modules/' -print0 | while IFS= read -r -d '' f; do echo "== $f =="; jq -r 'if (.engines? and .engines.node?) then .engines.node else "" end' "$f" || echo ""; donepackages/keyring/tests/generate.test.ts (2)
280-305: Massa ed25519 + extra word test: LGTM — path check is already present and SLIP‑44 coin_type 632 is used consistently across Massa tests.
256-279: Massa ed25519 generation test — SLIP‑44 checkSLIP‑0044 contains no Massa (MAS) entry, so m/44'/632' is not an official coin_type; document this project‑specific derivation and verify it against official Massa tooling and any Ledger/Trezor community plugin before relying on cross‑wallet compatibility.
Likely an incorrect or invalid review comment.
4 participants
Summary by CodeRabbit
Chores
Removed
New Features
Stability / UX