Conversation
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #6 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 6 6
Lines 316 316
Branches 43 43
=========================================
Hits 316 316 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Computes SHA-256 of fips_crypto_wasm_bg.wasm Embeds the hash as a constant directly in pkg-node/fips_crypto_wasm.js At runtime (when the module loads): Reads the WASM binary via readFileSync (same as before) Computes SHA-256 of the loaded bytes Compares against the embedded hash If mismatched: throws "WASM integrity check failed: binary has been tampered with" — the module never instantiates If matched: proceeds normally Why this is stronger than a separate checksums file: The hash is embedded in the JS loader itself, not a side file an attacker could also replace The JS file's own hash is tracked by npm's package integrity, creating a chain of trust
Gap Fix 1. CHANGELOG missing 1.0.0 Added [1.0.0] - 2026-03-25 section with all changes 2. Unused error codes Removed DECAPSULATION_FAILED, VERIFICATION_FAILED, NOT_IMPLEMENTED from types.ts + updated tests 3. README test count Updated to 970+ (748 JS + 225 Rust) 4. Publish workflow OIDC Removed NPM_TOKEN dependency, updated comments 748 JS + 225 Rust = 973 tests, all passing
Flaky tests from shared artifact mutation High Tamper tests now use isolated cpSync copies; shared pkg/ and pkg-node/ are never mutated Browser path unvalidated Medium Already marked "Compatible — not yet CI-validated" in README (honest) CJS auto docs say "ESM-only" Low Already fixed — commonjs-usage.cjs says "Both explicit init() and auto-init work with require()" Trusted publishing TODO Low Already fixed — publish.yml uses OIDC, no NPM_TOKEN Changelog missing 1.0.0 Low Already fixed — [1.0.0] section added
Validator doesn't bind address to key Added validateTransaction() that checks both signature validity AND that the signer's public key derives the claimed tx.from address. New Step 6 demonstrates Bob's forgery rejected. Overstated "drop-in replacement" README now says "replacing the ECDSA signature primitive" not "drop-in replacement". SECURITY-MODEL.md adds protocol-level caveat. Example renamed to "Signature Replacement" with explicit disclaimer. Tamper test uses fresh timestamp All transactions now use a fixed timestamp (1711900000000), so only the amount differs between original and tampered. Absolute language "immune" removed from example header. "Not vulnerable" softened to "Not considered at risk". Summary says "resists all known quantum attacks" instead of "immune".
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.