News.EOS.WiKi Bilingual News & Info Of EOS

EOSJS重大更新V20.0.0测试版:委托签名提供者进行密钥管理,为EOSIO提供更加安全的的JavaScript开发未来/EOSJS Major Update V20.0.0 Beta: Entrusting key management to signature providers for a more secure future of javascript development for EOSIO

E

译文/Translated:

自从六月EOSIO软件平台发布以来,EOSJS已经成为最受欢迎的社区为导向的数据库,它能把你的前端应用和EOSIO区块链连接起来。npm软件包已经被下载了65000多次,在很多基于EOSIO的项目中得到了广泛的应用,所以可以说,EOSJS的第一次迭代是一个成功。这都要归功于社区中很多著名成员的艰辛工作,其中就包括James Calfee,我们很高性能够在EOSIO的初次发布中和他紧密合作。

过去几个月里,我们在研究如何在很多社区应用和我们自己开发Block.one的项目中应用EOSJS。我们得到的最重要的一个结论是为了创造更好的用户体验、维护最高水平的安全,区块链应用做到几乎不访问用户的私人密钥。正相反,应用应该发起交易保证签名提供者(如钱包或者浏览器)的安全,从而让这些签名提供者可以关注如何用最安全的方法储存密钥并在签署交易时提供稳定的用户体验。

介绍签名提供者

今天我们要宣布一个重要的更新,EOSJS v20.0.0,它为互换签名提供了内置支持,对于应用开发者来说这而还是一个很有用的变化:由于应用可以建立在新的EOSJS API上,它可以和任何EOSJS签名提供者合作,所以它消除了操作人员需要处理安全密钥管理的负担、提高了互操作性。更重要的是,他是一个重要的安全改进,过去用户的密钥会在许多应用中暴露出来,但现在它把这个情况控制到用户可以自主选择的一个单一的可信任的程序中。这样,一些源于恶意代码或者源于区块链使用过程中产生的用户错误的潜在威胁就能减少。我们现在发布测试版EOSJS v20.0.0,以确保它能经过社区测试,升级到稳定版本。

围绕着大家推荐的在各个应用中的密钥管理方法,我们社区开始提供应用开发的标准,以增强建立在EOSIO的产品的可用性和安全性。将来,这甚至可以让受信的签名提供者创建操作白名单和更加用户友好的管理方式或者在非区块链应用中的隐私设置。

EOSJS v20.0.0-beta.1测试版的其它改变

除了改进最核心的密钥管理方法以外,我们还做了其它变化来简化和改进应用的可用性,包括:

使用typescript进行严格输入

改进拼写错误

减少依赖包

简化API

对于EOSIO用户来说这意味着什么

  • 一旦被但用,常用的数字钱包和应用浏览器其将能够充当区块链应用的签名提供者。
  • 选择和熟悉你偏好的签名提供者使其充当数个区块链应用的签名提供者。
  • 开始了解在使用的程序之外签署操作的概念,督促开发人员支持你选择的签名提供者。

对开发人员来说意味着什么

  • 一经采用,签名提供者在处理你的应用中安全密钥管理的负担将会减少
  • 可同任何EOSJS签名提供者轻松集成
  • 升级到最新版本的EOSJS V20.0.0-beta.1。这是一个重大的改变,但是升级方式非常简单。如果你选择不升级现有版本,请确保在您的package.json有版本可以锁定到v16.0.8,如“eosjs”: “¹⁶.0.8”
  • 鼓励钱包和应用浏览器留出EOSJS签名提供者接口兼容应用。
  • 点击此处查看更新的文档

我们很期待能够看到在EOSIO区块链技术之下未来更安全、联系更紧密的世界。未来我们计划要正式确定EOSJS库的发布规划和发布目标。除了EOSJS V20.0.0-beta.1的发行说明和文档以外,正如我们在每个EOSIO版本的操作一样,我们将会提供EOSJS未来每个主要版本的简明特色和优点指南。

联系我们

如果您愿意提供反馈和我们的团队一起为社区改进EOSIO,您可以发邮件到developers@block.one给我们的开发小组;你还可以通过在EOSIO开发者文档订阅我们的邮件获得未来的更新提醒。我们希望能够为开发者不断改进EOSIO软件平台的可用性,同时我们也会继续为空间中区块链发展不断奠定基础。

原文/Original:

Since release of the EOSIO software platform in June, EOSJS has been the most well-received community-driven library for connecting your frontend application with an EOSIO blockchain. With more than 65,000 downloads of the npm package and widespread utilization across many great EOSIO-based projects, it’s fair to say the first iterations of EOSJS have been a success. This was due to the hard work of many well-known members of the community, like James Calfee, whom we are excited to have worked closely with through the initial release of EOSIO.

Over the past few months we’ve studied usage of EOSJS in many community applications as well as our own projects in development at Block.one. The primary conclusion we’ve come to is that to create great user experiences and maintain the highest levels of security, blockchain applications should almost never need to access a user’s private keys. Instead, applications should propose transactions to secure signature providers like wallets or application browsers that are able to focus their efforts on storing keys in the most secure ways possible and provide a consistent user experience when signing transactions.

Introducing Signature Providers

Today we are happy to announce a major update, EOSJS v20.0.0, with built-in support for interchangeable signature providers. This shift is great for application developers because it removes the burden of handling secure key management from their scope and improves interoperability because applications can be built on the new EOSJS API and work with any EOSJS signature provider. Most importantly, it is a major security improvement that limits exposure of a user’s keys across many applications to a single trusted signature provider that they can choose for themselves. This mitigates potential risks that can arise from malicious code or user error when using blockchain applications.

We are releasing EOSJS v20.0.0 as a beta release to make sure it’s tested by the community well enough to be promoted to a stable release.

By aligning as a community around recommended ways to manage keys across all types of applications, we can begin to propose standards for application development that will enhance the usability and security of products built on EOSIO. In the future, this could even allow for trusted signature providers to create whitelists of actions and more user-friendly control akin to a permissions system or privacy settings in a non-blockchain application.

Additional Changes in EOSJS V20.0.0-beta.1

In addition to the foundational change in the way keys are managed going forward, we’ve proposed some additional changes to simplify and improve usability for developers, including:

  • Strict Typing using Typescript
  • Improved Error Handling
  • Fewer Dependencies
  • Simplified API

What does this mean for EOSIO users?

  • Once adopted, popular wallets and app browsers will be able to act as signature providers for blockchain applications.
  • Choose and become familiar with your preferred signature provider that can be used across many blockchain applications.
  • Start becoming familiar with the concept of signing actions outside of the application you’re using and urge application developers to support your provider of choice.

What does this mean for EOSIO developers?

  • Once adopted, signature providers will lighten the burden of handling secure key management in your application
  • Easily integrate interoperably with any EOSJS signature provider
  • Upgrade to the latest version of EOSJS V20.0.0-beta.1. This is a breaking change, but the upgrade process is very simple. Make sure that if you choose not to update you have version locking in your package.json locked down to v16.0.8 like this: “eosjs”: “¹⁶.0.8”
  • Encourage wallets and application browsers to implement the EOSJS signature provider interface to be compatible with your application.
  • Updated documentation is viewable here.

We are excited for the future of a more secure and connected world on the EOSIO blockchain. Going forward we plan to formalize the release schedule and goals for the EOSJS library. In addition to EOSJS V20.0.0-beta.1 release notes and documentation we will provide easy-to-digest summaries of the features and benefits of each future major release of EOSJS, as we do for each EOSIO version.

Stay Connected

If you are interested in providing feedback and working more closely with our team to improve EOSIO for the community, you can send our developer relations team an email at developers@block.one. You can also hear about future updates by subscribing to our mailing list on the EOSIO Developer Portal. We are excited to be continually improving the usability of the EOSIO software platform for developers as we continue laying a foundation for the most scalable blockchain development in the space.

原文链接/Original URL:

https://medium.com/eosio/eosjs-major-update-v20-0-0-c06829738579

About the author

By user
News.EOS.WiKi Bilingual News & Info Of EOS

Recent Posts