Two Exciting Updates to MetaMask Snaps

Here are two exciting updates to MetaMask Snaps, including reduced audit requirements and seamless auto-connections for dapps

by Kingsley OkonkwoJune 13, 2024
Two Exciting Updates to MetaMask Snaps

Since the open beta launch of MetaMask Snaps in September 2023, we set out to democratize innovation by enabling independent developers to build the features and functionality of MetaMask that capture the full extent of ingenuity in our web3 space. In 9 months since the launch, we’ve seen 55 Snaps developed by 3rd party developers, listed in our official directory, and over 900k installs across all Snaps.

As we continue to find ways to make building Snaps and extending MetaMask more seamless for developers, we’ve identified 2 key areas and have shipped some important new updates, which we’ll discuss further in this blog post.

1. Reduced audit requirements for allow-listing in the Snaps directory

Publishing a third-party Snap just got simpler. Before now, developers needed to complete an audit before submitting any Snap to the allowlist to be included in the Snaps registry. Today, we’re relaxing this rule so that Snaps that do not do key management( [entropy API]( can now be submitted to the allowlist without a security audit and distributed through our channel.

It is important to note that we will still require third-party security audits for Snaps that do key management. Key management or entropy APIs are those APIs that are used to manage blockchain accounts on the user’s behalf. Such APIs includes snap_getBip32Entropy, snap_getBip44Entropy, and snap_getEntropy. If you use these APIs and want to learn how to prepare your Snap for a third-party security audit, check out this blog on 5 Security Audit Tips from MSQ Snap and Consensys Diligence.

As of today, allow-listing is still a manual process. We check if a Snap needs an audit when submitted for the allowlist, and if not, we will proceed with submitting it to the registry. All Snaps require two approvals from the Snaps team before they can be allowed.

Additionally, a subset of third-party Snaps can now be installed by anyone without inclusion on our allowlist permissionlessly. Snaps that rely only on “open” permissions from the following list do not need to be allow-listed before they can be installed:

  • endowment:cronjob
  • endowment:ethereum-provider
  • endowment:lifecycle-hooks
  • endowment:page-home
  • endowment:signature-insight
  • endowment:transaction-insight
  • snap_dialog
  • snap_getLocale
  • snap_manageState
  • Snap_notify

We still encourage developers to get third-party security audits for their Snaps even if not required for allowlisting. Also, allow-listing is still required for Snaps to appear in the Snaps Directory.

2. Seamless auto-connection for selected dapps

Developers can now specify a list of dapps with auto-connection privileges with their Snap. This means that for specific dapps, when the dapp calls `wallet_requestSnaps`, users would no longer need to confirm a connection manually, and the dapp can check if the Snap is installed seamlessly. This is especially useful for Snaps that are used by multiple dapps as it allows for the following UX flow:
  • You build a Snap for use by one or more dapps and authorize an automatic connection to your Snap's companion dapp by listing it in the initialConnections configuration option.
  • A user installs your Snap while interacting with a dapp that uses it.
  • The user lands on your Snap's companion dapp.
  • Your companion dapp can immediately identify that the Snap has already been installed.
  • The user can interact with the companion dapp without connecting to the Snap manually.
  • This can be extended to your trusted known dapps of choice that integrates your Snap.

The Linea Voyager Snap currently uses this feature, and you can see the seamless connection by installing the Linea Voyager Snap from the Snaps Directory and visiting the Linea Voyager companion dapp. Unlike most companion dapps, this one automatically connects to the Snap, even though you did not install it or connect it manually from the dapp. See the Snaps documentation for detailed information on how to use this feature.

Keep building with MetaMask Snaps

As we continue to build the permissionless future for web3 wallets, we’re constantly working on improving the experience, and these two new updates are some of what we have in the pipeline.

If you’re currently building with Snaps, we’d like to know what you think, so leave us feedback as it helps us build a better wallet for tomorrow. If you’re a developer interested in building a Snap, you can start by reading the Snaps documentation and then share your project with us when it’s ready.

Receive our Newsletter