metamask / eth-trezor-keyring Goto Github PK
View Code? Open in Web Editor NEWA JS wrapper around Trezor Connect libraries, to support the KeyringController protocol used by MetaMask
License: ISC License
A JS wrapper around Trezor Connect libraries, to support the KeyringController protocol used by MetaMask
License: ISC License
This project is missing a LICENSE
file
Currently, the type we use for Keyrings does not include a "destroy" function. On the other hand, Ledger and Trezor keyring have a function for this and is named dispose
for Trezor and destroy
for Ledger.
We should align the two hardware keyrings, renaming Trezor's dispose
to destroy
We should rename this package to use the @metamask/
scope.
After merging the TypeScript migration PR (#161) we should now implement the Keyring
interface from utils package as for other keyrings.
We want to migrate this package to TypeScript to reduce regressions and improve compatibility with our other TypeScript projects.
From an email from CircleCI:
You are receiving this email because you are a member of one or more paid projects building on CircleCI that does not have pipelines enabled.
We are reaching out to let you know about two upcoming changes to CircleCI:
- Beginning on March 31, 2020, we will start automatically enabling pipelines for all projects. Turning on pipelines will allow your team to access new features. Watch our webinar recording or read our docs for detailed information about the transition to pipelines and the benefits that you can expect to see.
- The ability to opt-out of our new user interface will be removed starting on April 15th, 2020. Our team has been hard at work building a new interface that is more responsive and makes it easier for you to accomplish your most important tasks in CircleCI. Beginning on April 15, we will start to remove the ability to switch back to our old UI.
To get ahead of these changes we recommend that you update your project settings to enable pipelines and opt in to the new UI if you haven’t already. At the end of this message, we have included links to the settings for your projects that are not yet using pipelines to make it easy to make the switch.
We’re constantly working to improve CircleCI. These changes will help us deliver the best possible experience for our customers.
From the project settings on CircleCI:
Enable pipelines
Turn on pipelines for this project to gain access to CircleCI’s improved UI and other new features including reusable config, auto-cancellation of redundant builds, and more.
If you experience any issues when enabling pipelines, check out these troubleshooting tips.
NOTE: If for any reason you’d like to disable pipelines again for a project on a usage-based plan, you can do so by filing a ticket with CircleCI support.
The module template uses Jest as a standard test library. We should migrate from Mocha/Chai to it.
mocha
, chai
, and chai-spies
as dependencies and replace it with jest
jest.config.js
from the module templatepackage.json
with the equivalent jest line (see the module template), and add a test:watch
scriptThis project is currently using 8.11.3, we should upgrade to an LTS version
Our ESLint config is out of date with our other repos, and this repo is missing depcheck
.
.eslintrc.js
is up to date. If this issue is addressed before #156 and #165, we would want to omit Jest and TypeScript-related config.The following change in Trezor Connect 9.1.1 introduces a mitigation about the auto-closing of popups.
feat(connect-popup): when a call to TrezorConnect returns success: false popup remains opened and displays error page instead.
This is driven by the client, and requires an NPM upgrade. This is an ongoing issue and MetaMask users are still experiencing it.
The goal is users will be able to report which errors are occurring.
Patches like this can be removed. Since the missing dependency is available on npm.
Hi, I have made my Trezor with migrated Ledger seed worked on Metamask. But I am amateur at this so I'd like to open an issue for discussion before opening a PR.
The reason to do this is because when I imported my broken Ledger seed to the new Trezor, the metamask could not find the correct address, they are using different path. But this totally don't make sense to me, seeds should be interoperability.
So I made these changes to make it work. Tested on my Trezor device.
First, for eth-trezor-keyring, allow Ledger paths:
Lafudoci@ca525ac
Second, add Ledger path options to metamask trezor connection script:
Lafudoci/metamask-extension@49d433e#diff-0a2a225e26cc8840b2d6e5b4acf30923de787fbcf19efb5766f04ba8bd8e433f
Besides, change safety checks setting from strict to prompt in the Trezor suite is also needed.
How do you think? Are these changes good to put into public release? I'll need to open 2 PR for eth-trezor-keyring and metamask.
The assert
dependency is intended for the browser—this project uses it in Node.js where we can instead leverage the built-in assert
.
This project doesn't need two lockfiles. The package-lock.json
file should be removed in favour of the yarn.lock
file.
Hi,
as you can imagine, typing in a wrongly spelled / mistyped password into the trezor-device when opening a new (empty) wallet can be pretty devastating. Dont ask me how I know.
The Trezor-Suite implements a double check that requires you to put in your passphrase twice if the wallet is found to be empty.
I understand that with metamask such an empty-detection is not trivial to implement. However I would argue, for user-safety, that the dialog that prompts the address-numbers (organized in pages of 5 addresses) would benefit from a button "double-check passphrase", that the user could click on and go through the passphrase-procedure again to see if the same addresses will be derived from the second attempt.
Mistyped passwords can happen due to user-mistakes, or, if the passphrase is entered on the trezor-device, even touch-screen shenanigans.
I am not sure if it can be easily detected if the passphrase was used at all or if only the standard account was returned from the device. If such detection is possible the enable-status of such button could be linked to this condition.
Also if there are funds detected within the displayed page of 5 addresses (if any address has funds other than 0.00000 ETH) such a button could be grayed out.
If a full empty-check can be easily implemented (iterating over all networks for all addresses over a given page), then i would suggest that double-entering the passphrase should become mandatory if an empty wallet is detected.
I think for user-clarity a hint (when the mouse hovers over the button) could explain its purpose:
"Re-enter your passphrase to check your spelling. This is helpful to ensure the correctness of your passphrase when opening empty wallets."
This is purely a safety improvement suggestion.
The project should have an nvmrc file
According to the implementation here https://github.com/MetaMask/eth-trezor-keyring/blob/main/index.js#L389 eth_signTypedData are not supported by Trezor.
However, Trezor supports it now:
Implementation : trezor/connect@08e4382
Doc: https://github.com/trezor/connect/blob/develop/docs/methods/ethereumSignTypedData.md
Do you have any plan to add this to Metamask ?
Thank you.
This project should be updated to include a CHANGELOG file
There seems to be some inconsistencies with how data is serialized and deserialized in some of the Metamask keyring libraries.
For the Trezor keyring:
this.paths
is included in serialization, but not in deserializationthis.hdk
can/should be serialised and deserialised
publicKey
and chainCode
need to be serialised/deserialisedthis.hdPath
can be changed via deserialization without triggering the this.setHdPath
methodforgetDevice
, setHdPath
and the constructor
)this.hdKey
can be refactored via a setHdKey
methodWe should update this repository to follow the conventions used in our module template.
The dispose
method of the keyring calls a dispose
function from the Trezor connect that returns a promise, but our method doesn't return that promise. That makes it impossible for the caller to know when this operation has completed. We should return the promise so that it's possible to know when the disposal has completed.
Suggested here: #161 (comment)
This project should be updated to use the shared ESLint config, @metamask/eslint-config
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.