Feat/ledger device sdk

[owencraston]

Description

Changelog

CHANGELOG entry:

Related issues

Fixes:

Manual testing steps

1. Go to this page...

Screenshots/Recordings

Before

After

Pre-merge author checklist

• [ ] I've followed MetaMask Contributor Docs and MetaMask Extension Coding Standards.
• [ ] I've completed the PR template to the best of my ability
• [ ] I’ve included tests if applicable
• [ ] I’ve documented my code using JSDoc format if applicable
• [ ] I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[github-actions[bot]]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[metamaskbot]

✨ Files requiring CODEOWNER review ✨

✅ @MetaMask/confirmations (1 files, +5 -0)

• 📁 ui/
  • 📁 pages/
    • 📁 confirmations/
      • 📁 components/
        • 📁 confirm/
          • 📁 ledger-info/
            • 📄 ledger-info.tsx +5 -0

---

📜 @MetaMask/policy-reviewers (1 files, +345 -370)

• 📁 lavamoat/
  • 📁 build-system/
    • 📄 policy.json +345 -370

[!TIP]
Follow the policy review process outlined in the LavaMoat Policy Review Process doc before expecting an approval from Policy Reviewers.

---

🔄 @MetaMask/swaps-engineers (1 files, +12 -1)

• 📁 ui/
  • 📁 pages/
    • 📁 swaps/
      • 📁 prepare-swap-page/
        • 📄 prepare-swap-page.js +12 -1

[socket-security[bot]]

[!CAUTION] MetaMask internal reviewing guidelines:

• Do not ignore-all
• Each alert has instructions on how to review if you don't know what it means. If lost, ask your Security Liaison or the supply-chain group
• Copy-paste ignore lines for specific packages or a group of one kind with a note on what research you did to deem it safe.
  @SocketSecurity ignore npm/PACKAGE@VERSION

Action	Severity	Alert  (click "▶" to expand/collapse)
Block		Publisher changed: npm nopt is now published by gar instead of isaacs New Author: gar Previous Author: isaacs From: ? → npm/@metamask/[email protected] → npm/[email protected] ℹ Read more on: This package | This alert | What is new author? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report