This repo stores the MyCrypto codebase. The code is served at app.mycrypto.com
On systems where a pre-built version of node-hid is not available (e.g. 32-bit versions of Windows and Linux), you additionally need Python (3+) and node-gyp installed.
*Higher versions should work fine, but may cause inconsistencies.
**npm is NOT supported for package management. MyCrypto uses yarn.lock to ensure sub-dependency versions are pinned, so yarn is required to install node_modules
***For users trying to build with WSL, you'll need to have install libpng via
sudo apt-get install libpng16-dev.
First, you must run
yarn to grab all the dependencies. If you are ever having trouble with something, a good place to start is by trying
rm -rf node_modules/ && yarn which will completely clear all your previously installs dependencies and re-install them from scratch.
Then, you can run various commands depending on what you want to do:
# run app in dev mode in browser, rebuild on file changes yarn start
A development server will be available on https://localhost:3000
If you're using Chrome, you will get a
To disable it you can your settings in chrome: chrome://flags/#allow-insecure-localhost
# builds app for staging yarn build:staging
# builds app for production yarn build
# runs all unit tests using jest yarn test
# runs all e2e tests using testcafe yarn test:e2e
To debug E2E tests in the browser
You can also run a single file
yarn test:e2e:dev __tests__/dashboard.test.js
In development we use a
.env file to define required values. The list is defined in
.env.example. These values are made available to the React code through the
dotenv webpack plugin.
In production, the values are set through Github secrets and made available to the React app through the
NB. Since TestCafe has access to the node, the values are available at
process.env and do not need to be cloned.
We use product analytics to help us understand how to improve our features.
The collection of usage data requires the use of unique identifiers which are stored in the browsers local storage. The id is random and can be removed or reset in the Settings panel. This ensures that our product team can identify places to improve the product, while at the same time protecting the users anonymity.
We strive to provide access to the Ethereum blockchain in the most secure way possible, we refuse any dynamic script injections and only rely on HTTPS calls to the API. The calls are formatted using the excellant @blockstock/stats library.
Finally, since User privacy is part of our core values, we also take special care to ensure that the data we send to thrid-party servers is purged from any information which may be de-anonymised such as:
Every analytics call is sent to a MYC hosted reverse-proxy, strip of the users ip address and browser fingerprint before being forwarded to the data-warehouse (in this case )
never sending an ETH address or Transaction hash to our analytics warehouse.
The integrity hash is generated by base64 encoding the sha512 binary digest:
openssl dgst -binary -sha512 <dependency>.tgz | openssl base64
The best way to verify the integrity hash of a
yarn.lock is to compare the integrity hashes. This may be done manually.
Download tgz from yarnpkg host
Generate integrity hash for it (sha512 base64)
Download files from Github at relevant tag
Diff the files from Github and the files from the unpackages tgz
$ diff -r node_modules/<depedency> tmp/<downloaded_dependency>