transmute-industries / vc.js Goto Github PK

they should be exported by linked data proof...

@vocab is a jsonld anti pattern, there should be an error or a warning when it's used

currently, not possible to use private contexts (ones that are not public on the internet)... solution is to forwards the document loader to the checker.

Hey, I get the following error when using this library:

  The types returned by 'from(...)' are incompatible between these types.
    Type 'Promise<Ed25519KeyPair2020>' is missing the following properties from type 'Ed25519KeyPair': id, type, controller, publicKeyBuffer, and 9 more.

Furthermore, I had to add @transmute/did-key-ed25519 manually, since it's only a devDependency. Since Ed25519KeyPair2020 uses it directly I feel it should go into dependencies

This schema/context document defines "publicKey", which I don't think is part of the did-document specification any longer?

https://github.com/transmute-industries/vc.js/blob/master/packages/web-app-smoke-tester/src/did-doc.json

there are a number of places that mutate function arguments... this breaks all kinds of assumptions and should not happen.

I was testing compatibility between linked-data-proof and jsonld-signatures and noticed some divergence here https://github.com/transmute-industries/vc.js/blob/master/packages/linked-data-proof/src/ProofSet.ts#L150 and here https://github.com/digitalbazaar/jsonld-signatures/blob/master/lib/ProofSet.js#L188. I believe the fix would be:

+ const context = document['@context'] || constants.SECURITY_CONTEXT_URL
  const proofSet = proofSet.map((proof: any) => ({
-   '@context': constants.SECURITY_CONTEXT_URL,
+   '@context': context,
    ...proof,
  }));

When testing that out I also noticed that vc.js will need to be updated too: https://github.com/transmute-industries/vc.js/blob/master/packages/vc.js/src/vc-ld/purposes/CredentialIssuancePurpose.ts#L62. The fix here I think would be:

  const issuer = jsonld.getValues(
    document,
-   'https://www.w3.org/2018/credentials#issuer'
+   'issuer'
  );

+ const issuerId = const issuerId = typeof issuer[0] === 'string' ? issuer[0] : issuer[0].id;
-  if (result.controller.id !== issuer[0].id) {
+  if (result.controller.id !== issuerId) {
    throw new Error(
      'Credential issuer must match the verification method controller.'
    );
  }

I tried to create a PR that fixes and tests these things but to do so I needed a signing suite that wasn't supported by sec-v2 context I tried using https://github.com/digitalbazaar/ed25519-signature-2020 but that requires the latest jsonld-signatures and that has other changes that impact compatibility (no more compact proof support)

Github actions, conventional commits, release documentation, etc...

The spec https://w3c-ccg.github.io/lds-ed25519-2018/ specifies sha512 for digests. This library uses sha256. Which one is correct?
Thanks

https://github.com/mattrglobal/jsonld-signatures-bbs/blob/master/__tests__/vc-js.spec.ts#L109

transmute-industries/sidetree.js#103

see revocation list... throw new TypeError('"suite" must be an object or an array of objects.');

• digitalbazaar/jsonld.js#199
• digitalbazaar/jsonld-signatures#117

when this PR is merged, should be able to remove the declare module "vc-js" and see any mismatches in types.

digitalbazaar/vc#84 (review)

Caused by sec/v2 not understanding publicKeyJwk...

proposed solution, any suite that uses publicKeyJwk should have the result of get verification method to ensure the property exists as publicKeyJwk not sec:publicKeyJwk... move evidence that security context remains a blocker for adoption.

Would be nice to add a nodejs bin / cli with support for boring web URLs

This is a minor nitpick but would make it a lot easier to go from npm to github (and from github to github).

Two reasons:

1. When on NPM you can't go directly to Github (it renders a link if present in package.json). You have to manually find where the package is located. With monorepos this can be inconvient.
2. I'm using OctoLinker which adds links to file/package imports in the Github Web UI. If you have a link to the Github repo in your package.json it will automatically link them together.

E.g. for the @transmute/vc.js package this will mean adding the following to the package.json:

{
  "name": "@transmute/vc.js",
  // ...
  "repository": {
    "type" : "git",
    "url" : "https://github.com/transmute-industries/vc.js.git",
    "directory": "packages/vc.js"
  },
  "homepage": "https://github.com/transmute-industries/vc.js/tree/master/packages/vc.js",
  // OR 
  "homepage": "https://transmute-industries.github.io/vc.js/"
}

Happy to assist if you agree :)

https://github.com/gjgd/jsonld-checker/blob/master/packages/lib/src/test/jsonld.test.ts#L12

When having a credential or vc with this date format, it causes the formatting of the datetime without milliseconds when issuing or verifying to be incorrect. This happens for fields issuanceDate and expirationDate.