rework permissions and popup prompts, make each permission fine grained.

extension/background.js

@@ -10,9 +10,8 @@ import {nip04} from 'nostr-tools'
 import {Mutex} from 'async-mutex'
 
 import {
-  PERMISSIONS_REQUIRED,
   NO_PERMISSIONS_REQUIRED,
-  readPermissionLevel,
+  getPermissionStatus,
   updatePermission
 } from './common'
 
@@ -90,24 +89,60 @@ async function handleContentScriptMessage({type, params, host}) {
 
     return
   } else {
-    let level = await readPermissionLevel(host)
+    // acquire mutex here before reading policies
+    releasePromptMutex = await promptMutex.acquire()
 
-    if (level >= PERMISSIONS_REQUIRED[type]) {
+    let allowed = await getPermissionStatus(
+      host,
+      type,
+      type === 'signEvent' ? params.event : undefined
+    )
+
+    if (allowed === true) {
       // authorized, proceed
+      releasePromptMutex()
+    } else if (allowed === false) {
+      // denied, just refuse immediately
+      releasePromptMutex()
+      return {
+        error: 'denied'
+      }
     } else {
       // ask for authorization
       try {
-        await promptPermission(host, PERMISSIONS_REQUIRED[type], params)
+        let id = Math.random().toString().slice(4)
-        // authorized, proceed
+        let qs = new URLSearchParams({
-      } catch (_) {
+          host,
-        // not authorized, stop here
+          id,
+          params: JSON.stringify(params),
+          type
+        })
+
+        // prompt will be resolved with true or false
+        let accept = await new Promise((resolve, reject) => {
+          openPrompt = {resolve, reject}
+
+          browser.windows.create({
+            url: `${browser.runtime.getURL('prompt.html')}?${qs.toString()}`,
+            type: 'popup',
+            width: 340,
+            height: 360
+          })
+        })
+
+        // denied, stop here
+        if (!accept) return {error: 'denied'}
+      } catch (err) {
+        // errored, stop here
+        releasePromptMutex()
         return {
-          error: `insufficient permissions, required ${PERMISSIONS_REQUIRED[type]}`
+          error: `error: ${err}`
         }
       }
     }
   }
 
+  // if we're here this means it was accepted
   let results = await browser.storage.local.get('private_key')
   if (!results || !results.private_key) {
     return {error: 'no private key found'}
@@ -148,51 +183,23 @@ async function handleContentScriptMessage({type, params, host}) {
   }
 }
 
-function handlePromptMessage({id, condition, host, level}, sender) {
+function handlePromptMessage({id, host, type, accept, conditions}, sender) {
-  switch (condition) {
+  // return response
-    case 'forever':
+  openPrompt?.resolve?.(accept)
-    case 'expirable':
+
-      openPrompt?.resolve?.()
+  // update policies
-      updatePermission(host, {
+  if (conditions) {
-        level,
+    updatePermission(host, type, accept, conditions)
-        condition
-      })
-      break
-    case 'single':
-      openPrompt?.resolve?.()
-      break
-    case 'no':
-      openPrompt?.reject?.()
-      break
   }
 
+  // cleanup this
   openPrompt = null
+
+  // release mutex here after updating policies
   releasePromptMutex()
 
+  // close prompt
   if (sender) {
     browser.windows.remove(sender.tab.windowId)
   }
 }
-
-async function promptPermission(host, level, params) {
-  releasePromptMutex = await promptMutex.acquire()
-
-  let id = Math.random().toString().slice(4)
-  let qs = new URLSearchParams({
-    host,
-    level,
-    id,
-    params: JSON.stringify(params)
-  })
-
-  return new Promise((resolve, reject) => {
-    openPrompt = {resolve, reject}
-
-    browser.windows.create({
-      url: `${browser.runtime.getURL('prompt.html')}?${qs.toString()}`,
-      type: 'popup',
-      width: 340,
-      height: 330
-    })
-  })
-}

extension/common.js

@@ -4,90 +4,90 @@ export const NO_PERMISSIONS_REQUIRED = {
   replaceURL: true
 }
 
-export const PERMISSIONS_REQUIRED = {
+export const PERMISSION_NAMES = Object.fromEntries([
-  getPublicKey: 1,
+  ['getPublicKey', 'read your public key'],
-  getRelays: 5,
+  ['getRelays', 'read your list of preferred relays'],
-  signEvent: 10,
+  ['signEvent', 'sign events using your private key'],
-  'nip04.encrypt': 20,
+  ['nip04.encrypt', 'encrypt messages to peers'],
-  'nip04.decrypt': 20,
+  ['nip04.decrypt', 'decrypt messages from peers']
+])
+
+function matchConditions(conditions, event) {
+  if (conditions?.kinds) {
+    if (event.kind in conditions.kinds) return true
+    else return false
   }
 
-const ORDERED_PERMISSIONS = [
+  return true
-  [1, ['getPublicKey']],
-  [5, ['getRelays']],
-  [10, ['signEvent']],
-  [20, ['nip04.encrypt']],
-  [20, ['nip04.decrypt']]
-]
-
-const PERMISSION_NAMES = {
-  getPublicKey: 'read your public key',
-  getRelays: 'read your list of preferred relays',
-  signEvent: 'sign events using your private key',
-  'nip04.encrypt': 'encrypt messages to peers',
-  'nip04.decrypt': 'decrypt messages from peers',
 }
 
-export function getAllowedCapabilities(permission) {
+export async function getPermissionStatus(host, type, event) {
-  let requestedMethods = []
+  let {policies} = await browser.storage.local.get('policies')
-  for (let i = 0; i < ORDERED_PERMISSIONS.length; i++) {
+
-    let [perm, methods] = ORDERED_PERMISSIONS[i]
+  let answers = [true, false]
-    if (perm > permission) break
+  for (let i = 0; i < answers.length; i++) {
-    requestedMethods = requestedMethods.concat(methods)
+    let accept = answers[i]
+    let {conditions} = policies?.[host]?.[accept]?.[type] || {}
+
+    if (conditions) {
+      if (type === 'signEvent') {
+        if (matchConditions(conditions, event)) {
+          return accept // may be true or false
+        } else {
+          // if this doesn't match we just continue so it will either match for the opposite answer (reject)
+          // or it will end up returning undefined at the end
+          continue
+        }
+      } else {
+        return accept // may be true or false
+      }
+    }
   }
 
-  if (requestedMethods.length === 0) return 'nothing'
+  return undefined
-
-  return requestedMethods.map(method => PERMISSION_NAMES[method])
 }
 
-export function getPermissionsString(permission) {
+export async function updatePermission(host, type, accept, conditions) {
-  let capabilities = getAllowedCapabilities(permission)
+  let {policies = {}} = await browser.storage.local.get('policies')
 
-  if (capabilities.length === 0) return 'none'
+  // if the new conditions is "match everything", override the previous
-  if (capabilities.length === 1) return capabilities[0]
+  if (Object.keys(conditions).length === 0) {
-
+    conditions = {}
-  return (
+  } else {
-    capabilities.slice(0, -1).join(', ') +
+    // if we already had a policy for this, merge the conditions
-    ' and ' +
+    let existingConditions = policies[host]?.[accept]?.[type]?.conditions
-    capabilities[capabilities.length - 1]
+    if (existingConditions) {
-  )
+      if (existingConditions.kinds && conditions.kinds) {
+        Object.keys(existingConditions.kinds).forEach(kind => {
+          conditions.kinds[kind] = true
+        })
+      }
+    }
   }
 
-export async function readPermissions() {
+  // if we have a reverse policy (accept / reject) that is exactly equal to this, remove it
-  let {permissions = {}} = await browser.storage.local.get('permissions')
+  let other = !accept
-
+  let reverse = policies?.[host]?.[other]?.[type]
-  // delete expired
-  var needsUpdate = false
-  for (let host in permissions) {
   if (
-      permissions[host].condition === 'expirable' &&
+    reverse &&
-      permissions[host].created_at < Date.now() / 1000 - 5 * 60
+    JSON.stringify(reverse.conditions) === JSON.stringify(conditions)
   ) {
-      delete permissions[host]
+    delete policies[host][other][type]
-      needsUpdate = true
-    }
-  }
-  if (needsUpdate) browser.storage.local.set({permissions})
-
-  return permissions
   }
 
-export async function readPermissionLevel(host) {
+  // insert our new policy
-  return (await readPermissions())[host]?.level || 0
+  policies[host] = policies[host] || {}
-}
+  policies[host][accept] = policies[host][accept] || {}
-
+  policies[host][accept][type] = {
-export async function updatePermission(host, permission) {
+    conditions, // filter that must match the event (in case of signEvent)
-  let {permissions = {}} = await browser.storage.local.get('permissions')
-  permissions[host] = {
-    ...permission,
     created_at: Math.round(Date.now() / 1000)
   }
-  browser.storage.local.set({permissions})
+
+  browser.storage.local.set({policies})
 }
 
-export async function removePermissions(host) {
+export async function removePermissions(host, accept, type) {
-  let {permissions = {}} = await browser.storage.local.get('permissions')
+  let {policies = {}} = await browser.storage.local.get('policies')
-  delete permissions[host]
+  delete policies[host]
-  browser.storage.local.set({permissions})
+  browser.storage.local.set({policies})
 }

extension/options.jsx

@@ -4,18 +4,14 @@ import {render} from 'react-dom'
 import {generatePrivateKey, getPublicKey, nip19} from 'nostr-tools'
 import QRCode from 'react-qr-code'
 
-import {
+import {removePermissions, PERMISSION_NAMES} from './common'
-  getPermissionsString,
-  readPermissions,
-  removePermissions
-} from './common'
 
 function Options() {
   let [pubKey, setPubKey] = useState('')
   let [privKey, setPrivKey] = useState('')
   let [relays, setRelays] = useState([])
   let [newRelayURL, setNewRelayURL] = useState('')
-  let [permissions, setPermissions] = useState()
+  let [policies, setPermissions] = useState()
   let [protocolHandler, setProtocolHandler] = useState(null)
   let [hidingPrivateKey, hidePrivateKey] = useState(true)
   let [message, setMessage] = useState('')
@@ -58,19 +54,25 @@ function Options() {
     loadPermissions()
   }, [])
 
-  function loadPermissions() {
+  async function loadPermissions() {
-    readPermissions().then(permissions => {
+    let {policies = {}} = await browser.storage.local.get('policies')
-      setPermissions(
+    let list = []
-          Object.entries(permissions).map(
+
-              ([host, {level, condition, created_at}]) => ({
+    Object.entries(policies).forEach(([host, accepts]) => {
+      Object.entries(accepts).forEach(([accept, types]) => {
+        Object.entries(types).forEach(([type, {conditions, created_at}]) => {
+          list.push({
             host,
-                level,
+            type,
-                condition,
+            accept: {true: 'allow', false: 'deny'}[accept],
+            conditions,
             created_at
           })
-          )
-      )
         })
+      })
+    })
+
+    setPermissions(list)
   }
 
   return (
@@ -150,7 +152,16 @@ function Options() {
             </button>
 
             {showQR && (
-                  <div id={'qrCodeDiv'} style={{ height: 'auto', maxWidth: 256, width: '100%', marginTop: '20px', marginBottom: '30px' }}>
+              <div
+                id={'qrCodeDiv'}
+                style={{
+                  height: 'auto',
+                  maxWidth: 256,
+                  width: '100%',
+                  marginTop: '20px',
+                  marginBottom: '30px'
+                }}
+              >
                 <QRCode
                   size={256}
                   style={{height: 'auto', maxWidth: '100%', width: '100%'}}
@@ -161,25 +172,28 @@ function Options() {
             )}
           </div>
         </label>
-          {permissions?.length > 0 && (
+        {policies?.length > 0 && (
           <>
-                <h2>permissions</h2>
+            <h2>policies</h2>
             <table>
               <thead>
                 <tr>
                   <th>domain</th>
-                    <th>permissions</th>
+                  <th>permission</th>
-                    <th>condition</th>
+                  <th>answer</th>
+                  <th>conditions</th>
                   <th>since</th>
                   <th></th>
                 </tr>
               </thead>
               <tbody>
-                  {permissions.map(({host, level, condition, created_at}) => (
+                {policies.map(
+                  ({host, type, accept, conditions, created_at}) => (
                     <tr key={host}>
                       <td>{host}</td>
-                        <td>{getPermissionsString(level)}</td>
+                      <td>{PERMISSION_NAMES[type]}</td>
-                        <td>{condition}</td>
+                      <td>{accept}</td>
+                      <td>{JSON.stringify(conditions).slice(1, -1)}</td>
                       <td>
                         {new Date(created_at * 1000)
                           .toISOString()
@@ -188,12 +202,18 @@ function Options() {
                           .join(' ')}
                       </td>
                       <td>
-                          <button onClick={handleRevoke} data-domain={host}>
+                        <button
+                          onClick={handleRevoke}
+                          data-host={host}
+                          data-accept={accept}
+                          data-type={type}
+                        >
                           revoke
                         </button>
                       </td>
                     </tr>
-                  ))}
+                  )
+                )}
               </tbody>
             </table>
           </>
@@ -335,10 +355,16 @@ function Options() {
   }
 
   async function handleRevoke(e) {
-    let host = e.target.dataset.domain
+    let {host, accept, type} = e.target.dataset
-    if (window.confirm(`revoke all permissions from ${host}?`)) {
+    if (
-      await removePermissions(host)
+      window.confirm(
-      showMessage(`removed permissions from ${host}`)
+        `revoke all ${
+          accept ? 'accept' : 'deny'
+        } ${type} policies from ${host}?`
+      )
+    ) {
+      await removePermissions(host, accept, type)
+      showMessage('removed policies')
       loadPermissions()
     }
   }

extension/prompt.jsx

@@ -2,17 +2,18 @@ import browser from 'webextension-polyfill'
 import {render} from 'react-dom'
 import React from 'react'
 
-import {getAllowedCapabilities} from './common'
+import {PERMISSION_NAMES} from './common'
 
 function Prompt() {
   let qs = new URLSearchParams(location.search)
   let id = qs.get('id')
   let host = qs.get('host')
-  let level = parseInt(qs.get('level'))
+  let type = qs.get('type')
-  let params
+  let params, event
   try {
     params = JSON.parse(qs.get('params'))
     if (Object.keys(params).length === 0) params = null
+    else if (params.event) event = params.event
   } catch (err) {
     params = null
   }
@@ -23,20 +24,15 @@ function Prompt() {
         <b style={{display: 'block', textAlign: 'center', fontSize: '200%'}}>
           {host}
         </b>{' '}
-        <p>is requesting your permission to </p>
+        <p>
-        <ul>
+          is requesting your permission to <b>{PERMISSION_NAMES[type]}:</b>
-          {getAllowedCapabilities(level).map(cap => (
+        </p>
-            <li key={cap}>
-              <i style={{fontSize: '140%'}}>{cap}</i>
-            </li>
-          ))}
-        </ul>
       </div>
       {params && (
         <>
           <p>now acting on</p>
-          <pre style={{overflow: 'auto', maxHeight: '100px'}}>
+          <pre style={{overflow: 'auto', maxHeight: '120px'}}>
-            <code>{JSON.stringify(params, null, 2)}</code>
+            <code>{JSON.stringify(event || params, null, 2)}</code>
           </pre>
         </>
       )}
@@ -49,35 +45,65 @@ function Prompt() {
       >
         <button
           style={{marginTop: '5px'}}
-          onClick={authorizeHandler('forever')}
+          onClick={authorizeHandler(
+            true,
+            {} // store this and answer true forever
+          )}
         >
           authorize forever
         </button>
+        {event?.kind !== undefined && (
           <button
             style={{marginTop: '5px'}}
-          onClick={authorizeHandler('expirable')}
+            onClick={authorizeHandler(
+              true,
+              {kinds: {[event.kind]: true}} // store and always answer true for all events that match this condition
+            )}
           >
-          authorize for 5 minutes
+            authorize kind {event.kind} forever
           </button>
-        <button style={{marginTop: '5px'}} onClick={authorizeHandler('single')}>
+        )}
+        <button style={{marginTop: '5px'}} onClick={authorizeHandler(true)}>
           authorize just this
         </button>
-        <button style={{marginTop: '5px'}} onClick={authorizeHandler('no')}>
+        {event?.kind !== undefined ? (
-          cancel
+          <button
+            style={{marginTop: '5px'}}
+            onClick={authorizeHandler(
+              false,
+              {kinds: {[event.kind]: true}} // idem
+            )}
+          >
+            reject kind {event.kind} forever
+          </button>
+        ) : (
+          <button
+            style={{marginTop: '5px'}}
+            onClick={authorizeHandler(
+              false,
+              {} // idem
+            )}
+          >
+            reject forever
+          </button>
+        )}
+        <button style={{marginTop: '5px'}} onClick={authorizeHandler(false)}>
+          reject
         </button>
       </div>
     </>
   )
 
-  function authorizeHandler(condition) {
+  function authorizeHandler(accept, conditions) {
     return function (ev) {
       ev.preventDefault()
       browser.runtime.sendMessage({
         prompt: true,
         id,
         host,
-        level,
+        type,
-        condition
+        accept,
+        conditions
       })
     }
   }

package.json

@@ -7,7 +7,7 @@
     "eslint-plugin-babel": "^5.3.1",
     "eslint-plugin-react": "^7.28.0",
     "events": "^3.3.0",
-    "nostr-tools": "^1.1.0",
+    "nostr-tools": "^1.12.0",
     "prettier": "^2.5.1",
     "react": "^17.0.2",
     "react-dom": "^17.0.2",

yarn.lock

@@ -31,41 +31,43 @@
   resolved "https://registry.yarnpkg.com/@humanwhocodes/object-schema/-/object-schema-1.2.1.tgz#b520529ec21d8e5945a1851dfd1c32e94e39ff45"
   integrity sha512-ZnQMnLV4e7hDlUvw8H+U8ASL02SS2Gn6+9Ac3wGGLIe7+je2AeAOxPY+izIPJDfFDb7eDjev0Us8MO1iFRN8hA==
 
-"@noble/hashes@^0.5.7":
+"@noble/curves@1.0.0", "@noble/curves@~1.0.0":
-  version "0.5.9"
+  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/@noble/hashes/-/hashes-0.5.9.tgz#9f3051a4cc6f7c168022b3b7fbbe9fe2a35cccf0"
+  resolved "https://registry.yarnpkg.com/@noble/curves/-/curves-1.0.0.tgz#e40be8c7daf088aaf291887cbc73f43464a92932"
-  integrity sha512-7lN1Qh6d8DUGmfN36XRsbN/WcGIPNtTGhkw26vWId/DlCIGsYJJootTtPGghTLcn/AaXPx2Q0b3cacrwXa7OVw==
+  integrity sha512-2upgEu0iLiDVDZkNLeFV2+ht0BAVgQnEmCk6JsOch9Rp8xfkMCbvbAZlA2pBHQc73dbl+vFOXfqkf4uemdn0bw==
+  dependencies:
+    "@noble/hashes" "1.3.0"
 
-"@noble/hashes@~1.1.1", "@noble/hashes@~1.1.3":
+"@noble/hashes@1.3.0":
-  version "1.1.5"
+  version "1.3.0"
-  resolved "https://registry.yarnpkg.com/@noble/hashes/-/hashes-1.1.5.tgz#1a0377f3b9020efe2fae03290bd2a12140c95c11"
+  resolved "https://registry.yarnpkg.com/@noble/hashes/-/hashes-1.3.0.tgz#085fd70f6d7d9d109671090ccae1d3bec62554a1"
-  integrity sha512-LTMZiiLc+V4v1Yi16TD6aX2gmtKszNye0pQgbaLqkvhIqP7nVsSaJsWloGQjJfJ8offaoP5GtX3yY5swbcJxxQ==
+  integrity sha512-ilHEACi9DwqJB0pw7kv+Apvh50jiiSyR/cQ3y4W7lOR5mhvn/50FLUfsnfJz0BDZtl/RR16kXvptiv6q1msYZg==
 
-"@noble/secp256k1@^1.7.0", "@noble/secp256k1@~1.7.0":
+"@noble/hashes@~1.3.0":
-  version "1.7.0"
+  version "1.3.1"
-  resolved "https://registry.yarnpkg.com/@noble/secp256k1/-/secp256k1-1.7.0.tgz#d15357f7c227e751d90aa06b05a0e5cf993ba8c1"
+  resolved "https://registry.yarnpkg.com/@noble/hashes/-/hashes-1.3.1.tgz#8831ef002114670c603c458ab8b11328406953a9"
-  integrity sha512-kbacwGSsH/CTout0ZnZWxnW1B+jH/7r/WAAKLBtrRJ/+CUH7lgmQzl3GTrQua3SGKWNSDsS6lmjnDpIJ5Dxyaw==
+  integrity sha512-EbqwksQwz9xDRGfDST86whPBgM65E0OH/pCgqW0GBVzO22bNE+NuIbeTb714+IfSjU3aRk47EUvXIb5bTsenKA==
 
-"@scure/base@^1.1.1", "@scure/base@~1.1.0":
+"@scure/base@1.1.1", "@scure/base@~1.1.0":
   version "1.1.1"
   resolved "https://registry.yarnpkg.com/@scure/base/-/base-1.1.1.tgz#ebb651ee52ff84f420097055f4bf46cfba403938"
   integrity sha512-ZxOhsSyxYwLJj3pLZCefNitxsj093tb2vq90mp2txoYeBqbcjDjqFhyM8eUjq/uFm6zJ+mUuqxlS2FkuSY1MTA==
 
-"@scure/bip32@^1.1.1":
+"@scure/bip32@1.3.0":
-  version "1.1.1"
+  version "1.3.0"
-  resolved "https://registry.yarnpkg.com/@scure/bip32/-/bip32-1.1.1.tgz#f62e4a2f13cc3e5e720ad81b7582b8631ae6835a"
+  resolved "https://registry.yarnpkg.com/@scure/bip32/-/bip32-1.3.0.tgz#6c8d980ef3f290987736acd0ee2e0f0d50068d87"
-  integrity sha512-UmI+liY7np2XakaW+6lMB6HZnpczWk1yXZTxvg8TM8MdOcKHCGL1YkraGj8eAjPfMwFNiAyek2hXmS/XFbab8g==
+  integrity sha512-bcKpo1oj54hGholplGLpqPHRbIsnbixFtc06nwuNM5/dwSXOq/AAYoIBRsBmnZJSdfeNW5rnff7NTAz3ZCqR9Q==
   dependencies:
-    "@noble/hashes" "~1.1.3"
+    "@noble/curves" "~1.0.0"
-    "@noble/secp256k1" "~1.7.0"
+    "@noble/hashes" "~1.3.0"
     "@scure/base" "~1.1.0"
 
-"@scure/bip39@^1.1.0":
+"@scure/bip39@1.2.0":
-  version "1.1.0"
+  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/@scure/bip39/-/bip39-1.1.0.tgz#92f11d095bae025f166bef3defcc5bf4945d419a"
+  resolved "https://registry.yarnpkg.com/@scure/bip39/-/bip39-1.2.0.tgz#a207e2ef96de354de7d0002292ba1503538fc77b"
-  integrity sha512-pwrPOS16VeTKg98dYXQyIjJEcWfz7/1YJIwxUEPFfQPtc86Ym/1sVgQ2RLoD43AazMk2l/unK4ITySSpW2+82w==
+  integrity sha512-SX/uKq52cuxm4YFXWFaVByaSHJh2w3BnokVSeUJVCv6K7WulT9u2BuNRBhuFl8vAuYnzx9bEu9WgpcNYTrYieg==
   dependencies:
-    "@noble/hashes" "~1.1.1"
+    "@noble/hashes" "~1.3.0"
     "@scure/base" "~1.1.0"
 
 acorn-jsx@^5.3.1:
@@ -932,16 +934,16 @@ natural-compare@^1.4.0:
   resolved "https://registry.yarnpkg.com/natural-compare/-/natural-compare-1.4.0.tgz#4abebfeed7541f2c27acfb29bdbbd15c8d5ba4f7"
   integrity sha1-Sr6/7tdUHywnrPspvbvRXI1bpPc=
 
-nostr-tools@^1.1.0:
+nostr-tools@^1.12.0:
-  version "1.1.0"
+  version "1.12.0"
-  resolved "https://registry.yarnpkg.com/nostr-tools/-/nostr-tools-1.1.0.tgz#f7c06a1d1a1a71b7b1feb7b0e687cef6a4e24286"
+  resolved "https://registry.yarnpkg.com/nostr-tools/-/nostr-tools-1.12.0.tgz#ec3618fc2298e029941b7db3bbe95187777c488f"
-  integrity sha512-T+Fj29ff6dn1YMMDrG03OctxrWVKeei/DZatVjgoad0tYUCiBBERk37qkpCqFAoKYVreIPl/Mxrh2DVfMzLA7g==
+  integrity sha512-fsIXaNJPKaSrO9MxsCEWbhI4tG4pToQK4D4sgLRD0fRDfZ6ocCg8CLlh9lcNx0o8pVErCMLVASxbJ+w4WNK0MA==
   dependencies:
-    "@noble/hashes" "^0.5.7"
+    "@noble/curves" "1.0.0"
-    "@noble/secp256k1" "^1.7.0"
+    "@noble/hashes" "1.3.0"
-    "@scure/base" "^1.1.1"
+    "@scure/base" "1.1.1"
-    "@scure/bip32" "^1.1.1"
+    "@scure/bip32" "1.3.0"
-    "@scure/bip39" "^1.1.0"
+    "@scure/bip39" "1.2.0"
 
 nth-check@^2.0.1:
   version "2.1.1"