EOSJS V20.0.0: Signature Provider Key Management and More Secure JavaScript Development
Since release of the EOSIO software platform in June, EOSJS has been the most well-received community-driven library for connecting your frontend application with an EOSIO blockchain. With more than 65,000 downloads of the npm package and widespread utilization across many great EOSIO-based projects, it’s fair to say the first iterations of EOSJS have been a success. This was due to the hard work of many well-known members of the community, like James Calfee, whom we are excited to have worked closely with through the initial release of EOSIO.
Over the past few months we’ve studied usage of EOSJS in many community applications as well as our own projects in development at Block.one. The primary conclusion we’ve come to is that to create great user experiences and maintain the highest levels of security, blockchain applications should almost never need to access a user’s private keys. Instead, applications should propose transactions to secure signature providers like wallets or application browsers that are able to focus their efforts on storing keys in the most secure ways possible and provide a consistent user experience when signing transactions.
Introducing Signature Providers
Today we are happy to announce a major update, EOSJS v20.0.0, with built-in support for interchangeable signature providers. This shift is great for application developers because it removes the burden of handling secure key management from their scope and improves interoperability because applications can be built on the new EOSJS API and work with any EOSJS signature provider. Most importantly, it is a major security improvement that limits exposure of a user’s keys across many applications to a single trusted signature provider that they can choose for themselves. This mitigates potential risks that can arise from malicious code or user error when using blockchain applications.
We are releasing EOSJS v20.0.0 as a beta release to make sure it’s tested by the community well enough to be promoted to a stable release.
By aligning as a community around recommended ways to manage keys across all types of applications, we can begin to propose standards for application development that will enhance the usability and security of products built on EOSIO. In the future, this could even allow for trusted signature providers to create whitelists of actions and more user-friendly control akin to a permissions system or privacy settings in a non-blockchain application.
Additional Changes in EOSJS V20.0.0-beta.1
In addition to the foundational change in the way keys are managed going forward, we’ve proposed some additional changes to simplify and improve usability for developers, including:
- Strict Typing using Typescript
- Improved Error Handling
- Fewer Dependencies
- Simplified API
What does this mean for EOSIO users?
- Once adopted, popular wallets and app browsers will be able to act as signature providers for blockchain applications.
- Choose and become familiar with your preferred signature provider that can be used across many blockchain applications.
- Start becoming familiar with the concept of signing actions outside of the application you’re using and urge application developers to support your provider of choice.
What does this mean for EOSIO developers?
- Once adopted, signature providers will lighten the burden of handling secure key management in your application
- Easily integrate interoperably with any EOSJS signature provider
- Upgrade to the latest version of EOSJS V20.0.0-beta.1. This is a breaking change, but the upgrade process is very simple. Make sure that if you choose not to update you have version locking in your package.json locked down to v16.0.8 like this: “eosjs”: “16.0.8”
- Encourage wallets and application browsers to implement the EOSJS signature provider interface to be compatible with your application.
- Updated documentation is viewable here.
We are excited for the future of a more secure and connected world on the EOSIO blockchain. Going forward we plan to formalize the release schedule and goals for the EOSJS library. In addition to EOSJS V20.0.0-beta.1 release notes and documentation we will provide easy-to-digest summaries of the features and benefits of each future major release of EOSJS, as we do for each EOSIO version.
Stay Connected
If you are interested in providing feedback and working more closely with our team to improve EOSIO for the community, you can send our developer relations team an email at [email protected]. You can also hear about future updates by subscribing to our mailing list on the EOSIO Developer Portal. We are excited to be continually improving the usability of the EOSIO software platform for developers as we continue laying a foundation for the most scalable blockchain development in the space.
All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
Important Note: All material is provided subject to this important notice and you must familiarize yourself with its terms. The notice contains important information, limitations, and restrictions relating to our software, publications, trademarks, third-party resources and forward-looking statements. By accessing any of our material, you accept and agree to the terms of the notice.