Major SDK upgrade: Aptos TS SDK 6, Vite 8, TypeScript 6#4
Conversation
…nfig - Bump @aptos-labs/ts-sdk to 6.x; SimpleWebAuthn to 13.3; Vite 8; TS 6; React 19.2.4 - Add pnpm peerDependencyRules for typescript-eslint with TypeScript 6 - tsconfig: moduleResolution bundler for TS 6 - Migrate from .eslintrc.cjs to eslint.config.js (typescript-eslint, react-hooks) - Fix App/webauthn types: CredentialInfo, Hex.fromHexInput, Secp256r1 key bytes - Fix noble curves type-only import path (.js extension) Co-authored-by: Logan Wang <WGB5445@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR upgrades the project’s Aptos/WebAuthn demo stack to newer major versions (Aptos TS SDK v6, Vite v8, TypeScript v6, React 19.x) and updates the code/configuration needed to compile and lint successfully under the new toolchain.
Changes:
- Upgrade major dependencies (Aptos TS SDK, Vite, TypeScript, React, SimpleWebAuthn) and refresh the lockfile.
- Migrate ESLint to v9 flat config (
eslint.config.js) and adjust the lint script accordingly. - Update app/helper code for SDK v6 APIs and stricter linting (typed credential info,
useCallbackbalance fetch,unknownerror handling).
Reviewed changes
Copilot reviewed 5 out of 7 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
tsconfig.json |
Switches TS module resolution to bundler for TS 6 compatibility. |
src/helper/webauthn.ts |
Updates imports/types and refines credential info typing (CredentialInfo). |
src/App.tsx |
Adapts to new helper exports/types; improves effect deps and error handling; updates Hex conversion. |
package.json |
Bumps core deps/devDeps and adds pnpm peerDependencyRules for TS 6. |
pnpm-lock.yaml |
Lockfile updated to reflect dependency upgrades (Vite 8, SDK 6, etc.). |
eslint.config.js |
Adds ESLint 9 flat configuration with TypeScript + React hooks/refresh plugins. |
.eslintrc.cjs |
Removes legacy ESLint config in favor of flat config. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Drop rawData Uint8Array from persisted shape; use publicKey.hex when logging - Add parseStoredCredentialInfo with runtime validation for reads - Use parser in App and submitTransfer instead of unsafe JSON.parse casts Co-authored-by: Logan Wang <WGB5445@users.noreply.github.com>
- Add .github/workflows/ci.yml for pull_request and push to main - Add prettier, fmt (write) and fmt:check; .prettierignore for dist/node_modules - Format repo with Prettier (incl. vite-gh-pages workflow YAML) Co-authored-by: Logan Wang <WGB5445@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 13 out of 15 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…ey UX) - calculateAptosAddressFromPublicKey returns null on failure; getCredentialInfo fails fast - parseStoredCredentialInfo validates hex length/prefix, base64 length, Aptos address shape - createPasskey only updates credentialId/localStorage when credentialInfo succeeds - useEffect interval typed as ReturnType<typeof setInterval> | undefined Co-authored-by: Logan Wang <WGB5445@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 13 out of 15 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…e consistency - Guard createCredential null / non-PublicKeyCredential before getCredentialInfo - fetchAptBalance: clear balance when stored JSON invalid or missing - parseStoredCredentialInfo: require hex and base64 decode to same 65 bytes; match aptosAddress to recomputed derivation - submitTransfer: require credentialData.id matches credentialId parameter Co-authored-by: Logan Wang <WGB5445@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 13 out of 15 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Addresses Copilot review: avoid duplicating WebAuthn sender authenticator construction for log vs submit. Co-authored-by: Logan Wang <WGB5445@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 13 out of 15 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…ad data - parseStoredCredentialInfo: require id decodes from base64 to non-empty bytes - handleFaucetRequest/openTestnetFaucet: showError when JSON invalid or missing Co-authored-by: Logan Wang <WGB5445@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 13 out of 15 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| function isValidBase64PublicKey(b64: string, expectedRawLen: number): boolean { | ||
| if (!/^[A-Za-z0-9+/]+=*$/.test(b64)) return false; | ||
| try { | ||
| const buf = Buffer.from(b64, "base64"); | ||
| return buf.length === expectedRawLen; | ||
| } catch { | ||
| return false; | ||
| } | ||
| } | ||
|
|
||
| function isValidAptosAccountAddress(addr: string): boolean { | ||
| return /^0x[0-9a-fA-F]{64}$/.test(addr); | ||
| } | ||
|
|
||
| /** Credential rawId encoded as standard base64 (matches Buffer.toString("base64") in getCredentialInfo). */ | ||
| function isValidCredentialIdBase64(id: string): boolean { | ||
| if (!/^[A-Za-z0-9+/]+=*$/.test(id) || id.length % 4 !== 0) return false; | ||
| try { | ||
| const buf = Buffer.from(id, "base64"); | ||
| return buf.length > 0; | ||
| } catch { | ||
| return false; |
There was a problem hiding this comment.
isValidBase64PublicKey / isValidCredentialIdBase64 use the regex ^[A-Za-z0-9+/]+=*$, which allows = padding in the middle of the string and doesn’t enforce canonical padding (0–2 = at the end). Since this function is used to validate persisted credential data, it would be better to enforce length % 4 === 0 and restrict padding to the end only (or use a small base64 validation helper) to avoid accepting malformed/corrupted values.
Made-with: Cursor
Summary
.eslintrc.cjswitheslint.config.jsusingtypescript-eslint,@eslint/js,globals,eslint-plugin-react-hooks(flat/recommended),eslint-plugin-react-refresh.peerDependencyRules.allowedVersionssotypescript-eslintaccepts TypeScript 6 (peer range still<6.0.0upstream).moduleResolution: "bundler"for TS 6 (avoids deprecatednode10).Hex.fromHexInputfor SDK 6;CredentialInfoJSON-safe forlocalStorage+parseStoredCredentialInfo(with hex/base64/address validation and cross-checks);useCallbackfor balance fetch + effect deps;unknownerror handling for lint..github/workflows/ci.ymlruns on pull requests and pushes tomain:pnpm fmt:check,pnpm lint,pnpm build.pnpm fmt/pnpm fmt:check.Copilot review follow-up
rawDatafrom persisted shape; addedparseStoredCredentialInfowith validation.calculateAptosAddressFromPublicKeyreturnsnullon failure;getCredentialInforeturnsnullif derivation fails.parseStoredCredentialInfochecks uncompressed P-256 hex, base64 length, Aptos address shape, hex vs base64 byte equality, and recomputed address matches storedaptosAddress.credentialId/localStoragewhencredentialInfois non-null; null guard forcreateCredential()andinstanceof PublicKeyCredential.aptBalancewhen stored JSON is invalid or missing (no stale UI).credentialData.idmust equalcredentialIdor throws a clear error.ReturnType<typeof setInterval> | undefinedwith explicit cleanup check.Verification
pnpm fmt:check,pnpm lint, andpnpm buildpass locally.