Skip to content

Latest commit

 

History

History
128 lines (86 loc) · 5.18 KB

README.md

File metadata and controls

128 lines (86 loc) · 5.18 KB

MyCrypto Web App

Build codecov

This repo stores the MyCrypto codebase. The code is served at app.mycrypto.com

Documentation can be found in our wiki

Development / Build Requirements

  • Node 12.14.1*
  • Yarn >= 1.19.1**

On systems where a pre-built version of node-hid is not available (e.g. 32-bit versions of Windows and Linux), you additionally need Python (3+) and node-gyp installed.

*Higher versions should work fine, but may cause inconsistencies.
**npm is NOT supported for package management. MyCrypto uses yarn.lock to ensure sub-dependency versions are pinned, so yarn is required to install node_modules

***For users trying to build with WSL, you'll need to have install libpng via sudo apt-get install libpng16-dev.

Running the App

First, you must run yarn to grab all the dependencies. If you are ever having trouble with something, a good place to start is by trying rm -rf node_modules/ && yarn which will completely clear all your previously installs dependencies and re-install them from scratch.

Then, you can run various commands depending on what you want to do:

Development

# run app in dev mode in browser, rebuild on file changes
yarn start

A development server will be available on https://localhost:3000 If you're using Chrome, you will get a net::ERR_CERT_AUTHORITY_INVALID warning. To disable it you can your settings in chrome: chrome://flags/#allow-insecure-localhost

Staging

# builds app for staging
yarn build:staging

Production

# builds app for production
yarn build

Testing

Unit Tests

# runs all unit tests using jest
yarn test

End-to-end Tests

# runs all e2e tests using testcafe
yarn test:e2e

To debug E2E tests in the browser

yarn test:e2e:dev

You can also run a single file

yarn test:e2e:dev __tests__/dashboard.test.js

Environments

In development we use a .env file to define required values. The list is defined in .env.example. These values are made available to the React code through the dotenv webpack plugin. In production, the values are set through Github secrets and made available to the React app through the webpack.EnvironmentPlugin. NB. Since TestCafe has access to the node, the values are available at process.env and do not need to be cloned.

Product Analytics

We use product analytics to help us understand how to improve our features.

The collection of usage data requires the use of unique identifiers which are stored in the browsers local storage. The id is random and can be removed or reset in the Settings panel. This ensures that our product team can identify places to improve the product, while at the same time protecting the users anonymity.

We strive to provide access to the Ethereum blockchain in the most secure way possible, we refuse any dynamic script injections and only rely on HTTPS calls to the API. The calls are formatted using the excellant @blockstock/stats library.

Finally, since User privacy is part of our core values, we also take special care to ensure that the data we send to thrid-party servers is purged from any information which may be de-anonymised such as:

  • Every analytics call is sent to a MYC hosted reverse-proxy, strip of the users ip address and browser fingerprint before being forwarded to the data-warehouse (in this case )

  • never sending an ETH address or Transaction hash to our analytics warehouse.

Dependency verification.

The integrity hash is generated by base64 encoding the sha512 binary digest:

  openssl dgst -binary -sha512 <dependency>.tgz | openssl base64

The best way to verify the integrity hash of a yarn.lock is to compare the integrity hashes. This may be done manually.

  1. Download tgz from yarnpkg host

  2. Generate integrity hash for it (sha512 base64)

  3. Unpackage tgz

  4. Download files from Github at relevant tag

  5. Diff the files from Github and the files from the unpackages tgz

      $ diff -r node_modules/<depedency> tmp/<downloaded_dependency>