{"id":32618051,"url":"https://github.com/blockmason/web3-provider-ledger","last_synced_at":"2026-03-16T01:43:54.546Z","repository":{"id":27972642,"uuid":"115747070","full_name":"blockmason/web3-provider-ledger","owner":"blockmason","description":"A web3 provider for Ledger hardware wallets","archived":false,"fork":false,"pushed_at":"2022-12-30T17:35:42.000Z","size":2856,"stargazers_count":16,"open_issues_count":17,"forks_count":3,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-10-30T17:54:25.717Z","etag":null,"topics":["ethereum","ethjs","ledger","wallet-rpc","web3"],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/package/web3-provider-ledger","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/blockmason.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null}},"created_at":"2017-12-29T19:01:05.000Z","updated_at":"2023-04-21T09:23:00.000Z","dependencies_parsed_at":"2022-08-07T13:01:25.385Z","dependency_job_id":null,"html_url":"https://github.com/blockmason/web3-provider-ledger","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/blockmason/web3-provider-ledger","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blockmason%2Fweb3-provider-ledger","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blockmason%2Fweb3-provider-ledger/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blockmason%2Fweb3-provider-ledger/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blockmason%2Fweb3-provider-ledger/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/blockmason","download_url":"https://codeload.github.com/blockmason/web3-provider-ledger/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blockmason%2Fweb3-provider-ledger/sbom","scorecard":{"id":243776,"data":{"date":"2025-08-11","repo":{"name":"github.com/blockmason/web3-provider-ledger","commit":"53543b7dbb86839c107973d8bdf09fb7d0555412"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.1,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":1,"reason":"Found 2/11 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 25 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"72 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-6chw-6frg-f759","Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw","Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c","Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq","Warn: Project is vulnerable to: GHSA-9j49-mfvp-vmhm","Warn: Project is vulnerable to: GHSA-ff7x-qrg7-qggm","Warn: Project is vulnerable to: GHSA-2j2x-2gpw-g8fm","Warn: Project is vulnerable to: GHSA-8r6j-v8pm-fqw3","Warn: Project is vulnerable to: MAL-2023-462","Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5","Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6","Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97","Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj","Warn: Project is vulnerable to: GHSA-pc5p-h8pf-mvwp","Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37","Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22","Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-jg8v-48h5-wgxg","Warn: Project is vulnerable to: GHSA-36fh-84j7-cv5h","Warn: Project is vulnerable to: GHSA-6c8f-qphg-qjgp","Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw","Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-6vfc-qv3f-vr6c","Warn: Project is vulnerable to: GHSA-5v2h-r2cx-5xgj","Warn: Project is vulnerable to: GHSA-rrrm-qjm4-v8hf","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-6xwr-q98w-rvg7","Warn: Project is vulnerable to: GHSA-4c7m-wxvm-r7gc","Warn: Project is vulnerable to: GHSA-pch5-whg9-qr2r","Warn: Project is vulnerable to: GHSA-3j8f-xvm3-ffx4","Warn: Project is vulnerable to: GHSA-4p35-cfcx-8653","Warn: Project is vulnerable to: GHSA-7f3x-x4pr-wqhj","Warn: Project is vulnerable to: GHSA-jpp7-7chh-cf67","Warn: Project is vulnerable to: GHSA-q6wq-5p59-983w","Warn: Project is vulnerable to: GHSA-j9fq-vwqv-2fm2","Warn: Project is vulnerable to: GHSA-pqw5-jmp5-px4v","Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9","Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j","Warn: Project is vulnerable to: GHSA-g6ww-v8xp-vmwg","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-hpqj-7cj6-hfj8","Warn: Project is vulnerable to: GHSA-4vrv-93c7-m92j","Warn: Project is vulnerable to: GHSA-4x6g-3cmx-w76r","Warn: Project is vulnerable to: GHSA-6hwc-9h8r-3vmf","Warn: Project is vulnerable to: GHSA-qqqw-gm93-qf6m","Warn: Project is vulnerable to: GHSA-69f9-h8f9-7vjf","Warn: Project is vulnerable to: GHSA-mxhp-79qh-mcx6","Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9","Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw","Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc","Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh","Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-884p-74jh-xrg2","Warn: Project is vulnerable to: GHSA-j7fq-p9q7-5wfv","Warn: Project is vulnerable to: GHSA-cf4h-3jhx-xvhq","Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc","Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh","Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T07:08:14.547Z","repository_id":27972642,"created_at":"2025-08-17T07:08:14.547Z","updated_at":"2025-08-17T07:08:14.547Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30558335,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-15T23:30:23.986Z","status":"ssl_error","status_checked_at":"2026-03-15T23:28:43.564Z","response_time":61,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ethereum","ethjs","ledger","wallet-rpc","web3"],"created_at":"2025-10-30T17:51:24.692Z","updated_at":"2026-03-16T01:43:54.521Z","avatar_url":"https://github.com/blockmason.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Ledger `web3` Provider\n\n[![CircleCI](https://circleci.com/gh/blockmason/web3-provider-ledger.svg?style=svg)][12]\n[![npm version](https://img.shields.io/npm/v/web3-provider-ledger.svg)][11]\n[![npm downloads](https://img.shields.io/npm/dt/web3-provider-ledger.svg)][11]\n[![dependencies](https://img.shields.io/david/blockmason/web3-provider-ledger.svg)][10]\n[![devDependencies](https://img.shields.io/david/dev/blockmason/web3-provider-ledger.svg)][10]\n[![license](https://img.shields.io/github/license/blockmason/web3-provider-ledger.svg)][3]\n\nThis web3 provider allows Ethereum transactions to be signed with a [Ledger][4] device.\n\n## Features\n\n * Lightweight, with minimal dependencies\n * Easy to use; just plug it in wherever a web3 provider is expected\n\n## Installing\n\n**[Yarn][5]:**\n\n```\n$ yarn add web3-provider-ledger\n```\n\n**[npm][6]:**\n\n```\n$ npm install --save web3-provider-ledger\n```\n\n## Usage\n\nLet's assume we are using the [`ethjs`][7] library. This library, like Web3,\nis designed to be constructed with an instance of a web3 provider.\n\n```javascript\nimport Eth from 'ethjs';\nimport LedgerProvider from 'web3-provider-ledger';\n\nconst eth = new Eth(new LedgerProvider());\n```\n\nThat's all you need to do in order to get an instance of ethjs, but\nthis particular instance is only capable of generating signed transactions.\n\nHere's one way you might end up with a transaction for interacting with\na smart contract:\n\n```javascript\n// Use the ethjs contract API to build a convenience wrapper for a contract\nconst myContract = eth.contract(myContractAbi).at(myContractAddress);\n\n// Get the raw signed transaction\nconst tx = await myContract.myFunction(...myFunctionArgs);\n```\n\nAt this point, `tx` gives us a *signed* transaction. We still need to *send*\nthe transaction, which requires a *network-capable* provider. For this, you\ncan use the built-in `Eth.HttpProvider` or look for an *injected* provider\nvia the global `web3.currentProvider`.\n\nHere's what this might look like:\n\n```javascript\n// Constract a network-capable instance of ethjs\nconst ethNet = new Eth(web3.currentProvider);\n\n// Use the network-capable provider to *send* the transaction\nconst txId = await ethNet.sendRawTransaction(tx);\n```\n\n### Usage with `ethjs-signer-provider`\n\n```javascript\nimport Eth from 'ethjs';\nimport LedgerDevice from 'web3-provider-ledger/ledger-device';\nimport SignerProvider from 'ethjs-provider-signer';\n\nconst ledgerDevice = new LedgerDevice({ appId: origin, u2f });\n\nconst provider = new SignerProvider('https://ropsten.infura.io', {\n  signTransaction: async (transaction, callback) =\u003e {\n    const signedTransaction = await ledgerDevice.signTransaction(transaction);\n    callback(null, signedTransaction);\n  },\n  accounts: async (callback) =\u003e {\n    const accounts = await ledgerDevice.listAddresses();\n    callback(null, accounts);\n  }\n});\n\nconst eth = new Eth(provider);\n\n// `eth` is now configured to use the Ledger device for signing and\n// Infura for sending transactions to the Ethereum network\n```\n\n### Advanced Usage\n\nSee the [API Reference][9] for detailed code-level documentation.\n\nIn addition to the provider, this library includes a `LedgerDevice`,\nwhich allows operations to be performed directly on the device. This\ncan be useful for *account discovery* (`LedgerDevice#listAddresses()`),\nwhich can be used to allow users to choose which account they would like\nto use. The index of the preferred account can then be provided to a new\ndevice via the `accountIndex` attribute, and this device can be given to\n`LedgerProvider` via its `device` attribute.\n\nFor example, here is how you might get a list of account addresses on\nthe device:\n\n```javascript\nimport LedgerDevice from 'web3-provider-ledger/device';\n\nconst device = new LedgerDevice({ appId: origin, u2f });\nconst accounts = await device.listAddresses();\n```\n\nLet's say the user has selected the account at index `3`. To use that account,\nyou would then construct the provider as follows:\n\n```javascript\nimport Eth from 'ethjs';\nimport LedgerDevice from 'web3-provider-ledger/device';\nimport LedgerProvider from 'web3-provider-ledger';\n\n// Simple form\nconst eth = new Eth(new LedgerProvider({ accountIndex: 3 }));\n\n// Advanced form (equivalent result to the simple form above)\nconst eth = new Eth(new LedgerProvider({\n  device: new LedgerDevice({ accountIndex: 3, appId: origin, u2f })\n}));\n```\n\n## Contributing\n\nSee [CONTRIBUTING.md][2].\n\n## Code of Conduct\n\nSee [CODE_OF_CONDUCT.md][1].\n\n## Security\n\nSee [SECURITY.md][8].\n\n## License\n\nThis library is licensed under the [MIT][3] license.\n\n[1]: https://github.com/blockmason/web3-provider-ledger/blob/master/CODE_OF_CONDUCT.md\n[2]: https://github.com/blockmason/web3-provider-ledger/blob/master/CONTRIBUTING.md\n[3]: https://github.com/blockmason/web3-provider-ledger/blob/master/LICENSE\n[4]: https://www.ledgerwallet.com/\n[5]: https://npmjs.com/\n[6]: https://yarnpkg.com/\n[7]: https://github.com/ethjs/ethjs\n[8]: https://github.com/blockmason/web3-provider-ledger/blob/master/SECURITY.md\n[9]: https://16-115747070-gh.circle-artifacts.com/0/home/project/project/docs/web3-provider-ledger/1.1.0/index.html\n[10]: https://github.com/blockmason/web3-provider-ledger/blob/master/package.json\n[11]: https://www.npmjs.com/package/web3-provider-ledger\n[12]: https://circleci.com/gh/blockmason/web3-provider-ledger\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblockmason%2Fweb3-provider-ledger","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fblockmason%2Fweb3-provider-ledger","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblockmason%2Fweb3-provider-ledger/lists"}