Releases: nostr-wot/nostr-wot-extension
Releases · nostr-wot/nostr-wot-extension
Release list
v0.3.4
Fixed
- WebLN zaps broken in Coracle and other clients —
webln_getInfowas missing thesupports: ['lightning']field that clients check to verify Lightning capability;webln_enablenow adds the requesting domain to the allowed domains list (the standard WebLN connection handshake)
v0.3.3
v0.3.3 — Comprehensive Code Review & Security Hardening
Changed
- Comprehensive code review (Round 2) — 10 parallel Opus agents audited the full codebase; 70 new findings documented in
docs/code-review.md - Misc-handlers split —
misc-handlers.ts(507 lines) split intoactivity-handlers.ts,profile-handlers.ts,publish-handlers.ts - Graph module hardened — underscore-prefixed methods replaced with
privatemodifier - NIP-07 input validation — added
event.tagsandevent.created_atvalidation - signEvent zeroing contract — comprehensive JSDoc documenting caller responsibility for key zeroing
- LNbits HTTP warning — console.warn when admin key sent over non-localhost HTTP
Fixed
- Permission cache test failures (added
storage.onChangedto browser mock) - Wallet balance assertions (msats-to-sats conversion in NWC test mocks)
- Import extensions standardized (17 test files from
.jsto.ts) nostr-tools/pureremoval (replaced with own crypto; onlynostr-tools/nip46remains)- IDB upgrade deduplication (extracted shared
upgradeDatabase()helper) NODE_ENVchanged from'development'to'production'
Added
lib/constants.ts— centralized magic numberslib/utils/async-lock.ts— shared async mutexlib/bg/activity-handlers.ts— activity log handlers with write bufferinglib/bg/profile-handlers.ts— profile metadata and mute list handlerslib/bg/publish-handlers.ts— event signing, broadcasting, and NIP-46 session handlersdocs/code-review.md— comprehensive Round 2 audit with 70 findings and prioritized roadmap
v0.3.2
What's Changed
Improved
- Modularized background service worker — split the monolithic
background.ts(~2800 lines) into 8 focused handler modules underlib/bg/; background.ts is now a ~300-line orchestrator with Map-based dispatch - Code quality — eliminated duplicate types, extracted shared helpers, removed dead code and unnecessary exports
Fixed
- Sats display shows whole numbers — wallet balance, transaction amounts, invoice previews, and payment prompts no longer show decimal fractions
- Wallet setup banner persists after setup — the "Set up wallet" banner on the home screen now disappears immediately after configuring a wallet
Assets
nostr-wot-chrome.zip— Chrome Web Store package (unminified)nostr-wot-firefox.zip— Firefox Add-ons package (unminified)nostr-wot-source.zip— Full source code for store review
Full Changelog: v0.3.1...v0.3.2
v0.2.2
What's Changed since v0.2.1
NIP-46 Remote Signer UX
- Cancellable pending requests — NIP-46 in-flight requests now show a cancel button (×) on the approval card and in the detail modal, so users can dismiss stuck remote signer operations instead of waiting indefinitely
- Abort infrastructure — All 5 NIP-46 call sites (signEvent, nip04/nip44 encrypt/decrypt) race against an AbortController for immediate cancellation
- Hide permissions for NIP-46 accounts — Since the remote signer handles approval, "Manage permissions" is replaced with a "Managed by your signer app" banner on the Home tab and in Settings > Permissions
- Filtered permission keys — NIP-46 accounts only show
getPublicKeyin the permissions editor (same as read-only), since signing permissions are meaningless locally
Fixes
- CI workflow updated to use
.tsextensions and tsx loader
v0.2.1
What's New
Nostr WoT is now a full identity provider and NIP-07 signer with Web of Trust verification. This release is a complete rewrite from the ground up.
Identity & Key Management
- NIP-07 signer — Sign events directly from the extension when websites request it, without exposing your private keys
- Multi-account encrypted vault — AES-256-GCM encrypted vault stores multiple Nostr identities with configurable auto-lock timer
- HD sub-account derivation — Derive child accounts from your seed phrase (NIP-06)
- Import seed, nsec, or encrypted nsec — Flexible key import options for existing Nostr users
- Seed import/export — Import 12/24-word seed phrases; export with copy, download, or encrypted download
- NIP-46 remote signer — Connect to bunker-based remote signers as an alternative to local keys
- Read-only accounts — Import npub for watch-only access with clear "read-only" badges
Auto-Lock & Security
- Auto-lock with timer — Configurable auto-lock (5 min, 15 min, 1 hour, or never) protects your keys when idle
- Password-protected vault — Minimum 8-character password with PBKDF2 key derivation (210k iterations)
Permissions & Activity
- Manage permissions per account and per site — Grant, deny, or prompt for each event kind on each domain
- Check recent activity — View signing history per account and per domain
- Approval drawer — Bottom drawer with reject-all, expand/group toggle, and individual request detail
- Permission copy — Copy permissions from an existing account when adding a new one
Web of Trust
- Sync modes for Web of Trust — Local database sync, remote oracle, or hybrid mode
- Customizable badge injection experience — Trust distance badges on Nostr profiles across supported websites, with per-site enable/disable
- Local blocks — Block accounts locally without publishing
- Import mute lists — Import existing Nostr mute lists into your local filters
- Trust sensitivity controls — Adjustable scoring parameters for WoT distance calculation
Onboarding
- Follow suggestions — Curated follow suggestions with streaming profile data from relays
- Smart step skipping — Wizard auto-skips steps that aren't needed for your setup
- Wizard persistence — Wizard state survives popup close/reopen
Multi-Language
- English, Spanish, Portuguese, German, French, Italian
Technical
- Full TypeScript migration
- Comprehensive test suite (crypto, vault, signer, permissions, communication, relay)
- Chrome & Firefox packaging with automated build scripts
v0.1.1: Firefox Support & npub Input
What's New
Firefox Support
- Now compatible with Firefox 128+ (MV3)
- Cross-browser compatibility layer for seamless operation on both Chrome and Firefox
npub Format Support
- Pubkey inputs now accept both hex and npub formats
- Automatically converts npub to hex when saving
Improved Validation
- Shows alert popup when trying to sync without a valid pubkey
Other Changes
- Fixed
data_collection_permissionsformat for Firefox Add-ons - Replaced unsafe
innerHTMLwith safe DOM methods - Added deployment documentation (
DEPLOY.md)
Installation
Chrome
Firefox
Firefox Add-ons link coming soon
Manual Install
Download nostr-wot-extension.zip below and load as unpacked extension.
See CHANGELOG.md for full details.