Hiro Wallet is a browser extension for managing your digital assets and connecting to apps built with the Stacks blockchain.
Source code is available on GitHub at https://github.com/blockstack/stacks-wallet-web/tree/main
To use this extension with your own Stacks App, we recommend using Connect.
Table of Contents:
When working locally with stacks-wallet-web, it can only be used as you'd use any extension. There is no ability to
run it as a standalone web application.
Clone this repository and install dependencies:
git clone https://github.com/blockstack/stacks-wallet-web
cd stacks-wallet-web
yarnWhen working on the extension, you can run it in development mode which will watch for any file changes and
use react-refresh to update the extension as you work. This gives us near instant reloading of our changes, and
persists the state of the application between changes. To start development mode for the extension, run this command:
yarn devWe bundle a test app to use along with the extension. It gives easy access to the various functions that the extension can do.
In a separate terminal, run:
yarn dev:test-appAfter starting development mode, you'll have to add it to your browser of choice. Hiro Wallet for web currently only
supports chromium and firefox browsers. When you run yarn dev, it will compile the application to the /dist folder
within the project.
- Go to:
chrome://extensions - Toggle: "developer mode" on
- Click on: "Load unpacked"
- Navigate to the
stacks-wallet-webproject directory - Select the
distdirectory to load the extension
- Go to:
about:debugging - Click on "This Firefox"
- Click on: "Load Temporary Add-on…"
- Navigate to the
stacks-wallet-webproject directory - Select the
manifest.jsonfile from thestacks-wallet-web/distdirectory.
This repository utilizes Changesets in order to create a CHANGELOG.md file and update the version of the wallet. Each pull request should include a changeset, which includes a description of the changes made in your PR. Most information can be found in the changesets repository, but the quickest way to add a changeset is to run yarn changeset add. You'll be prompted to enter a summary of your changes.
Once your PR is merged into the main branch, a new pull request will automatically be created. This is a "release" pull request. The PR will merge your changesets into the CHANGELOG.md file, and will update the version of the wallet appropriately, depending on the type of change you've made.
In general, you should not update the version of the wallet (found in package.json). Each commit in a PR will generate a "beta" version, which can be used for testing.
See instructions on Hiro.so for installing from source for production usage.
Alternatively, the following steps can be taken by technical users with the latest version of node installed on their machines.
Run the following from within this repository's root directory if you've pulled it with Git:
yarn && yarn build && sh build-ext.shAlternatively, run the following if you've downloaded the source code as a zip file from GitHub:
docker build -f Dockerfile -t stacks-wallet-web . \
&& docker run -d --name stacks-wallet-web stacks-wallet-web \
&& docker cp stacks-wallet-web:stacks-wallet-chromium.zip . \
&& docker rm -f stacks-wallet-web
The extension will be packaged as stacks-wallet-chromium.zip.
First, unzip the stacks-wallet-chromium.zip file that was generated in the previous step.
Then for Chrome, Brave or Edge:
- Go to:
chrome://extensions - Toggle: "developer mode" on.
- Click on: "Load unpacked"
- Select the new directory that was unzipped from
stacks-wallet-chromium.zip.
Alternatively, for Firefox:
- Go to:
about:debugging - Click on "This Firefox"
- Click on: "Load Temporary Add-on…"
- Navigate inside the new directory that was unzipped from
stacks-wallet-chromium.zip - Select the
manifest.jsonfile.
We consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present.
If you discover a security vulnerability, please use one of the following means of communications to report it to us:
- Report the security issue to our HackerOne program
- Report the security issue directly at [email protected]
Please note this email is strictly for reporting security vulnerabilities. For support queries, contact [email protected]. Your efforts to responsibly disclose your findings are sincerely appreciated and will be taken into account to acknowledge your contributions.
In Q1 2021, Hiro partnered with Least Authority, a leading security consultancy with experience in the crypto space, to audit Hiro Wallet for Web. On April 29th 2021, after addressing the major concerns described in the initial findings, as well as a concluding sign off from the Least Authority team, a final report was delivered.