atala-prism-wallet-sdk-ts - 9 commits this week

Home / Input Output / atala-prism-wallet-sdk-ts

Insights Pull Requests

May 21, 6-7 PM (0)

May 21, 7-8 PM (0)

May 21, 8-9 PM (0)

May 21, 9-10 PM (0)

May 21, 10-11 PM (0)

May 21, 11-12 AM (0)

May 22, 12-1 AM (0)

May 22, 1-2 AM (0)

May 22, 2-3 AM (0)

May 22, 3-4 AM (0)

May 22, 4-5 AM (0)

May 22, 5-6 AM (0)

May 22, 6-7 AM (0)

May 22, 7-8 AM (0)

May 22, 8-9 AM (0)

May 22, 9-10 AM (0)

May 22, 10-11 AM (0)

May 22, 11-12 PM (0)

May 22, 12-1 PM (0)

May 22, 1-2 PM (0)

May 22, 2-3 PM (0)

May 22, 3-4 PM (0)

May 22, 4-5 PM (0)

May 22, 5-6 PM (0)

May 22, 6-7 PM (0)

May 22, 7-8 PM (0)

May 22, 8-9 PM (0)

May 22, 9-10 PM (0)

May 22, 10-11 PM (0)

May 22, 11-12 AM (0)

May 23, 12-1 AM (0)

May 23, 1-2 AM (0)

May 23, 2-3 AM (0)

May 23, 3-4 AM (0)

May 23, 4-5 AM (0)

May 23, 5-6 AM (2)

May 23, 6-7 AM (0)

May 23, 7-8 AM (0)

May 23, 8-9 AM (0)

May 23, 9-10 AM (0)

May 23, 10-11 AM (0)

May 23, 11-12 PM (0)

May 23, 12-1 PM (0)

May 23, 1-2 PM (0)

May 23, 2-3 PM (0)

May 23, 3-4 PM (0)

May 23, 4-5 PM (0)

May 23, 5-6 PM (0)

May 23, 6-7 PM (0)

May 23, 7-8 PM (0)

May 23, 8-9 PM (0)

May 23, 9-10 PM (0)

May 23, 10-11 PM (0)

May 23, 11-12 AM (0)

May 24, 12-1 AM (0)

May 24, 1-2 AM (0)

May 24, 2-3 AM (0)

May 24, 3-4 AM (0)

May 24, 4-5 AM (0)

May 24, 5-6 AM (0)

May 24, 6-7 AM (0)

May 24, 7-8 AM (1)

May 24, 8-9 AM (0)

May 24, 9-10 AM (0)

May 24, 10-11 AM (0)

May 24, 11-12 PM (0)

May 24, 12-1 PM (0)

May 24, 1-2 PM (0)

May 24, 2-3 PM (0)

May 24, 3-4 PM (0)

May 24, 4-5 PM (0)

May 24, 5-6 PM (0)

May 24, 6-7 PM (0)

May 24, 7-8 PM (0)

May 24, 8-9 PM (0)

May 24, 9-10 PM (0)

May 24, 10-11 PM (0)

May 24, 11-12 AM (0)

May 25, 12-1 AM (0)

May 25, 1-2 AM (0)

May 25, 2-3 AM (0)

May 25, 3-4 AM (0)

May 25, 4-5 AM (0)

May 25, 5-6 AM (0)

May 25, 6-7 AM (0)

May 25, 7-8 AM (0)

May 25, 8-9 AM (0)

May 25, 9-10 AM (0)

May 25, 10-11 AM (0)

May 25, 11-12 PM (0)

May 25, 12-1 PM (0)

May 25, 1-2 PM (0)

May 25, 2-3 PM (1)

May 25, 3-4 PM (0)

May 25, 4-5 PM (0)

May 25, 5-6 PM (0)

May 25, 6-7 PM (0)

May 25, 7-8 PM (0)

May 25, 8-9 PM (0)

May 25, 9-10 PM (0)

May 25, 10-11 PM (0)

May 25, 11-12 AM (0)

May 26, 12-1 AM (0)

May 26, 1-2 AM (0)

May 26, 2-3 AM (0)

May 26, 3-4 AM (0)

May 26, 4-5 AM (0)

May 26, 5-6 AM (0)

May 26, 6-7 AM (0)

May 26, 7-8 AM (0)

May 26, 8-9 AM (0)

May 26, 9-10 AM (0)

May 26, 10-11 AM (0)

May 26, 11-12 PM (0)

May 26, 12-1 PM (0)

May 26, 1-2 PM (0)

May 26, 2-3 PM (0)

May 26, 3-4 PM (0)

May 26, 4-5 PM (0)

May 26, 5-6 PM (0)

May 26, 6-7 PM (0)

May 26, 7-8 PM (0)

May 26, 8-9 PM (0)

May 26, 9-10 PM (0)

May 26, 10-11 PM (0)

May 26, 11-12 AM (0)

May 27, 12-1 AM (0)

May 27, 1-2 AM (0)

May 27, 2-3 AM (0)

May 27, 3-4 AM (0)

May 27, 4-5 AM (0)

May 27, 5-6 AM (0)

May 27, 6-7 AM (0)

May 27, 7-8 AM (0)

May 27, 8-9 AM (0)

May 27, 9-10 AM (0)

May 27, 10-11 AM (0)

May 27, 11-12 PM (0)

May 27, 12-1 PM (0)

May 27, 1-2 PM (1)

May 27, 2-3 PM (1)

May 27, 3-4 PM (0)

May 27, 4-5 PM (0)

May 27, 5-6 PM (0)

May 27, 6-7 PM (0)

May 27, 7-8 PM (0)

May 27, 8-9 PM (0)

May 27, 9-10 PM (0)

May 27, 10-11 PM (0)

May 27, 11-12 AM (0)

May 28, 12-1 AM (0)

May 28, 1-2 AM (0)

May 28, 2-3 AM (1)

May 28, 3-4 AM (0)

May 28, 4-5 AM (1)

May 28, 5-6 AM (0)

May 28, 6-7 AM (0)

May 28, 7-8 AM (0)

May 28, 8-9 AM (0)

May 28, 9-10 AM (0)

May 28, 10-11 AM (0)

May 28, 11-12 PM (0)

May 28, 12-1 PM (0)

May 28, 1-2 PM (0)

May 28, 2-3 PM (0)

May 28, 3-4 PM (0)

May 28, 4-5 PM (0)

May 28, 5-6 PM (0)

May 28, 6-7 PM (1)

9 commits this week May 21, 2026 - May 28, 2026

A-Chronicle · Thu, 28 May 26 19:07:10 +0000 · atala-prism-wallet-sdk-ts

fix(helpers): prevent unhandled rejection in CancellableTask.cancel()

The cancel() method previously used .catch() with a re-throw for non-AbortError rejections. Since the promise returned by .catch() was never consumed, this caused unhandled promise rejections.

Fixed by aborting the controller first, then attaching a no-op .catch() handler to silence the rejection. Any errors from the task remain accessible via the callback() method.

Signed-off-by: A-Chronicle <[email protected]>

617cf6df · pull/655/head · 1/1 ++ 7 --

dependabot[bot] · Thu, 28 May 26 05:17:00 +0000 · atala-prism-wallet-sdk-ts

chore(deps): bump tmp from 0.2.5 to 0.2.7 in the npm_and_yarn group across 1 directory (#653)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

9eeb8af3 · main · 2/13 ++ 13 --

dependabot[bot] · Thu, 28 May 26 03:38:05 +0000 · atala-prism-wallet-sdk-ts

chore(deps): bump tmp in the npm_and_yarn group across 1 directory

Bumps the npm_and_yarn group with 1 update in the / directory: [tmp](https://github.com/raszi/node-tmp).


Updates `tmp` from 0.2.5 to 0.2.7
- [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md)
- [Commits](https://github.com/raszi/node-tmp/compare/v0.2.5...v0.2.7)

---
updated-dependencies:
- dependency-name: tmp
  dependency-version: 0.2.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>

7cc778d3 · dependabot/npm_and_yarn/npm_and_yarn-6ec3e26c6e · 2/13 ++ 13 --

A-Chronicle · Wed, 27 May 26 15:31:39 +0000 · atala-prism-wallet-sdk-ts

fix(pluto): add comments and tests for onlyOne() and getAllMediators() error context

- Add JSDoc comment to onlyOne() explaining context parameter and failure modes
- Add inline comments to getAllMediators() error throws explaining each check
- Add tests verifying onlyOne() throws descriptive errors for empty/multiple results
- Add tests verifying getAllMediators() throws descriptive errors for missing links/DIDs

Signed-off-by: A-Chronicle <[email protected]>

3e1a683d · pull/651/head · 2/100 ++ 0 --

A-Chronicle · Wed, 27 May 26 14:56:24 +0000 · atala-prism-wallet-sdk-ts

fix(pluto): add diagnostic context to getAllMediators() error messages

getAllMediators() had bare throw new Error() calls with no message
at two failure points, making debugging impossible.

Changes:
- Missing link error now reports the hostId and which link is missing
- Empty DID error reports hostId and which DIDs resolved to null

Signed-off-by: A-Chronicle <[email protected]>

d24f2d6b · pull/651/head~1 · 1/6 ++ 2 --

A-Chronicle · Mon, 25 May 26 15:14:59 +0000 · atala-prism-wallet-sdk-ts

perf(pluto): batch-fetch keys in getAllPrismDIDs to eliminate N+1 queries

Signed-off-by: A-Chronicle <[email protected]>

2b36f36f · pull/652/head · 1/17 ++ 23 --

A-Chronicle · Sun, 24 May 26 08:21:34 +0000 · atala-prism-wallet-sdk-ts

fix(pluto): improve onlyOne() error message with diagnostic context

The onlyOne() method in Pluto threw a generic Error("something wrong") with no context about what was being looked up or why it failed.

Changes:
- Accept optional context string to identify the caller and query
- Distinguish between empty results (arr.length === 0) and null item
- Report the actual count when multiple results found
- Pass context from getPairByDID() and getPairByName() callers

Fixes #648

Signed-off-by: A-Chronicle <[email protected]>

de22912c · pull/651/head · 1/15 ++ 5 --

A-Chronicle · Sat, 23 May 26 06:43:32 +0000 · atala-prism-wallet-sdk-ts

fix(pollux): add regex validation to prevent ReDoS in presentation verification

The validateField method in PresentationVerify passes the filter.pattern
from the presentation definition directly to new RegExp() without any
safety checks. An attacker can craft a presentation request with a regex
pattern that causes catastrophic backtracking (e.g. (a|aa)+b), blocking
the JavaScript event loop indefinitely.

This is an unauthenticated attack vector since the presentation definition
originates from an external verifier.

Add a safeRegex utility that:
- Validates the pattern is a non-empty string
- Enforces a maximum pattern length of 256 characters
- Verifies the pattern compiles as a valid regex
- Detects and rejects patterns with nested quantifiers (ReDoS vectors)
- Detects and rejects patterns with alternation inside quantified groups

Fixes #646

Signed-off-by: A-Chronicle <[email protected]>

7fc68238 · pull/647/head · 3/100 ++ 1 --

A-Chronicle · Sat, 23 May 26 06:20:07 +0000 · atala-prism-wallet-sdk-ts

fix(pollux): add regex validation to prevent ReDoS in presentation verification

The validateField method in PresentationVerify passes the filter.pattern
from the presentation definition directly to new RegExp() without any
safety checks. An attacker can craft a presentation request with a regex
pattern that causes catastrophic backtracking (e.g. (a|aa)+b), blocking
the JavaScript event loop indefinitely.

This is an unauthenticated attack vector since the presentation definition
originates from an external verifier.

Add a safeRegex utility that:
- Validates the pattern is a non-empty string
- Enforces a maximum pattern length of 256 characters
- Verifies the pattern compiles as a valid regex
- Detects and rejects patterns with nested quantifiers (ReDoS vectors)
- Detects and rejects patterns with alternation inside quantified groups

Fixes #646

Signed-off-by: A-Chronicle <[email protected]>

6eb9e88a · pull/647/head · 3/38 ++ 1 --

Showing 9 of 9 recent commits. Check out Input Output on GitHub to see more.