1.8.8 • Public • Published

DFINITY Service Worker

Service worker which transforms browser asset request to the IC to canister calls and verifies the asset certification.


Usage Folder Command Note
dev build for testnets dist-dev npm run build-dev - sets FORCE_FETCH_ROOT_KEY=1
- not minified
prod build for mainnet dist-prod npm run build - uses IC root key
- minified


  • Node.js 17
  • npm 8.5


By setting the FORCE_FETCH_ROOT_KEY=1 environment variable prior to building, the service worker will always fetch the root key of the network before doing the validation.

THIS SHOULD ONLY BE USED ON A TEST OR LOCAL NETWORK. The IC mainnet public key is hard coded in the agent and, for security reasons, should not be fetched by the agent.

Generating HTTP Gateway bindings

JavaScript binding

Generate the binding:

didc bind ./src/http-interface/canister_http_interface.did --target js > ./src/http-interface/canister_http_interface.ts

Then move the StreamingCallbackHttpResponse variable outside of the idlFactory function, rename to streamingCallbackHttpResponseType and then export it.

export const streamingCallbackHttpResponseType = // ...

then add the import { IDL } from '@dfinity/candid'; import, move the Token variable outside of the idlFactory function, and set its value to be IDL.Unknown.

import { IDL } from '@dfinity/candid';

const Token = IDL.Unknown;

then add the type IDL.InterfaceFactory to the idlFactory export.

export const idlFactory: IDL.InterfaceFactory = // ...

and finally remove the unused init method export const init.

TypeScript binding

Generate the binding:

didc bind ./src/http-interface/canister_http_interface.did --target ts > ./src/http-interface/canister_http_interface_types.d.ts

Add the following import:

import { IDL } from '@dfinity/candid';

and then replace:

export type Token = { type: any };


export type Token = { type: <T>() => IDL.Type<T> };

Testing locally

  1. Install mkcert.
    brew install mkcert
    brew install nss # optional, for Firefox support
  2. Optionally, install the mkcert root CA
    mkcert -install
  3. Generate SSL certificates:
    npm run create-ssl-certs
  4. Add the following to your /etc/hosts file. ic0.local
    # Internet Identity rdmx6-jaaaa-aaaaa-aaadq-cai.ic0.local identity.ic0.local
    # NNS qoctq-giaaa-aaaaa-aaaea-cai.ic0.local nns.ic0.local
    # Distrikt az5sd-cqaaa-aaaae-aaarq-cai.ic0.local distrikt.ic0.local
    # Distrikt Staging am2do-dyaaa-aaaae-aaasa-cai.ic0.local distrikt-staging.ic0.local
    # DSCVR h5aet-waaaa-aaaab-qaamq-cai.ic0.local dscvr.ic0.local
    # Nuance exwqn-uaaaa-aaaaf-qaeaa-cai.ic0.local nuance.ic0.local
    # Open Chat 6hsbt-vqaaa-aaaaf-aaafq-cai.ic0.local oc.ic0.local
    # Local custom domains for service worker demo.ic.local internetcomputer.ic.local distrikt.ic.local dscvr.ic.local nns.ic.local
  5. Set the hostnameCanisterIdMap value in the src/sw/domains/static.ts file (make sure to revert this before committing):
    export const hostnameCanisterIdMap: Map<string, Principal> = new Map(
                'identity.ic0.local': Principal.from('rdmx6-jaaaa-aaaaa-aaadq-cai'),
                'nns.ic0.local': Principal.from('qoctq-giaaa-aaaaa-aaaea-cai'),
                'dscvr.ic0.local': Principal.from('h5aet-waaaa-aaaab-qaamq-cai'),
                'distrikt.ic0.local': Principal.from('az5sd-cqaaa-aaaae-aaarq-cai'),
                'distrikt-staging.ic0.local': Principal.from('am2do-dyaaa-aaaae-aaasa-cai'),
                'nuance.ic0.local': Principal.from('exwqn-uaaaa-aaaaf-qaeaa-cai'),
                'oc.ic0.local': Principal.from('6hsbt-vqaaa-aaaaf-aaafq-cai'),
  6. Build and watch the service worker:
    npm run build-dev -- --watch
  7. In a separate shell, build and run the docker image:
    docker compose up
  8. If you installed the root CA, that's all there is to do. If you chose not to install the root CA, then you will need to launch your browser with certain flags:
    /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --user-data-dir=/tmp/no-ssl --ignore-certificate-errors

e2e Tests

Start e2e testing env:


Run e2e tests:


Stop e2e testing env:



  1. Make an MR to bump the service worker version
    1. Update version in package.json
    2. Run npm i --package-lock-only
    3. Test the built artifact using testnet boundary node VMs
      • Currently needs to be done before making the MR as the boundary nodes are not built if only service worker files are updated
  2. Merge MR to master
  3. Tag the commit on master with service-worker_v${version}
  4. Verify that the desired version has been pushed to NPM: https://www.npmjs.com/package/@dfinity/service-worker
  5. Create an MR for the boundary nodes team that updates the sw_version and sw_sha256 in ic-os/boundary-guestos/rootfs/Dockerfile

Package Sidebar


npm i @dfinity/service-worker

Weekly Downloads






Unpacked Size

5.14 MB

Total Files


Last publish


  • dfx-json
  • dfn_wndlng
  • nathan.mcgrath.dfinity
  • frederikrothenberger
  • bitdivine
  • ielashi
  • dayyildiz
  • eric-swanson-dfinity
  • krpeacock
  • npm-dfinity-org