MyCrypto is an open-source tool that allows you to manage your Ethereum accounts privately and securely. Developed by and for the community since 2015, we’re focused on building awesome products that put the power in people’s hands.
This repo stores the MyCrypto codebase. The code is served at app.mycrypto.com
On systems where a pre-built version of node-hid is not available (e.g. 32-bit versions of Windows and Linux), you additionally need Python (3+) and node-gyp installed.
*Higher versions should work fine, but may cause inconsistencies.
**npm is NOT supported for package management. MyCrypto uses yarn.lock to ensure sub-dependency versions are pinned, so yarn is required to install node_modules
***For users trying to build with WSL, you’ll need to have install libpng via sudo apt-get install libpng16-dev
.
First, you must run yarn
to grab all the dependencies. If you are ever having trouble with something, a good place to start is by trying rm -rf node_modules/ && yarn
which will completely clear all your previously installs dependencies and re-install them from scratch.
Then, you can run various commands depending on what you want to do:
# run app in dev mode in browser, rebuild on file changes
yarn start
A development server will be available on https://localhost:3000
If you’re using Chrome, you will get a net::ERR_CERT_AUTHORITY_INVALID
warning.
To disable it you can your settings in chrome: chrome://flags/#allow-insecure-localhost
# builds app for staging
yarn build:staging
# builds app for production
yarn build
# runs all unit tests using jest
yarn test
# runs all e2e tests using testcafe
yarn test:e2e
To debug E2E tests in the browser
yarn test:e2e:dev
You can also run a single file
yarn test:e2e:dev __tests__/dashboard.test.js
In development we use a .env
file to define required values. The list is defined in .env.example
. These values are made available to the React code through the dotenv
webpack plugin.
In production, the values are set through Github secrets and made available to the React app through the webpack.EnvironmentPlugin
.
NB. Since TestCafe has access to the node, the values are available at process.env
and do not need to be cloned.
We use product analytics to help us understand how to improve our features.
The collection of usage data requires the use of unique identifiers which are stored in the browsers local storage. The id is random and can be removed or reset in the Settings panel. This ensures that our product team can identify places to improve the product, while at the same time protecting the users anonymity.
We strive to provide access to the Ethereum blockchain in the most secure way possible, we refuse any dynamic script injections and only rely on HTTPS calls to the API. The calls are formatted using the excellant @blockstock/stats library.
Finally, since User privacy is part of our core values, we also take special care to ensure that the data we send to thrid-party servers is purged from any information which may be de-anonymised such as:
Every analytics call is sent to a MYC hosted reverse-proxy, strip of the users ip address and browser fingerprint before being forwarded to the data-warehouse (in this case )
never sending an ETH address or Transaction hash to our analytics warehouse.
The integrity hash is generated by base64 encoding the sha512 binary digest:
openssl dgst -binary -sha512 <dependency>.tgz | openssl base64
The best way to verify the integrity hash of a yarn.lock
is to compare the integrity hashes. This may be done manually.
Download tgz from yarnpkg host
Generate integrity hash for it (sha512 base64)
Unpackage tgz
Download files from Github at relevant tag
Diff the files from Github and the files from the unpackages tgz
$ diff -r node_modules/<depedency> tmp/<downloaded_dependency>