Add CactusLink wallet support

[sagpatil]

Summary

• Upgrade @creit.tech/stellar-wallets-kit to ^2.2.0 so Laboratory can use the Cactus Link module.
• Register CactusLinkModule in the shared wallet module list for testnet and mainnet.
• Update the sign transaction E2E wallet modal expectation to 8 wallets and assert Cactus Link is visible.

Resolves #2075

Validation

• pnpm lint:ts
• pnpm exec playwright test tests/e2e/signTransactionPage.test.ts

[Copilot]

Pull request overview

This PR adds Cactus Link as a supported wallet by upgrading Stellar Wallets Kit and registering the new module in the app’s wallet module list, along with updating E2E expectations for the wallet-connect modal.

Changes:

• Upgraded @creit.tech/stellar-wallets-kit to ^2.2.0.
• Registered CactusLinkModule in the WalletKit initialization modules list (affecting both testnet and mainnet via shared module arrays).
• Updated the sign-transaction E2E test to expect 8 wallets and verify “Cactus Link” appears.

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 2 comments.

File	Description
package.json	Bumps Stellar Wallets Kit dependency to enable Cactus Link module usage.
src/components/WalletKit/WalletKitContextProvider.tsx	Adds and registers CactusLinkModule in the initialized SWK modules list.
tests/e2e/signTransactionPage.test.ts	Updates wallet modal assertions for the new wallet entry.
pnpm-lock.yaml	Lockfile refresh due to dependency update (includes a concerning non-registry tarball entry).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[stellar-jenkins-ci]

Preview is available here:
http://laboratory-pr2097.previews.kube001.services.stellar-ops.com/

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		License policy violation: npm @ethereumjs/rlp under MPL-2.0 Location: Package overview From: pnpm-lock.yaml → npm/@creit.tech/stellar-wallets-kit@2.2.0 → npm/@trezor/connect-plugin-stellar@9.2.3 → npm/@ethereumjs/rlp@10.1.1 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@ethereumjs/rlp@10.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm @ethereumjs/tx under MPL-2.0 Location: Package overview From: pnpm-lock.yaml → npm/@creit.tech/stellar-wallets-kit@2.2.0 → npm/@trezor/connect-plugin-stellar@9.2.3 → npm/@ethereumjs/tx@10.1.1 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@ethereumjs/tx@10.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm @ethereumjs/util under MPL-2.0 Location: Package overview From: pnpm-lock.yaml → npm/@creit.tech/stellar-wallets-kit@2.2.0 → npm/@trezor/connect-plugin-stellar@9.2.3 → npm/@ethereumjs/util@10.1.1 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@ethereumjs/util@10.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm rpc-websockets under LGPL-3.0-only Location: Package overview From: pnpm-lock.yaml → npm/@creit.tech/stellar-wallets-kit@2.2.0 → npm/rpc-websockets@9.3.9 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/rpc-websockets@9.3.9. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm ua-parser-js under AGPL-3.0-or-later License: AGPL-3.0-or-later - The applicable license policy does not permit this license (5) (npm metadata) License: AGPL-3.0-or-later - The applicable license policy does not permit this license (5) (package/package.json) License: AGPL-3.0-or-later - The applicable license policy does not permit this license (5) (package/LICENSE.md) From: pnpm-lock.yaml → npm/@creit.tech/stellar-wallets-kit@2.2.0 → npm/@trezor/connect-plugin-stellar@9.2.3 → npm/ua-parser-js@2.0.10 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/ua-parser-js@2.0.10. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm usb under GPL-1.0-only License: GPL-1.0-only - The applicable license policy does not permit this license (5) (package/libusb/examples/ezusb.h) License: GPL-1.0-only - The applicable license policy does not permit this license (5) (package/libusb/examples/ezusb.c) License: GPL-1.0-only - The applicable license policy does not permit this license (5) (package/libusb/examples/fxload.c) From: pnpm-lock.yaml → npm/@creit.tech/stellar-wallets-kit@2.2.0 → npm/@trezor/connect-plugin-stellar@9.2.3 → npm/usb@2.17.0 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/usb@2.17.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		HTTP dependency: npm viem depends on https://pkg.pr.new/ox@386a3439fe1ce76d237930f8c6e6bb493746069a Dependency: ox@https://pkg.pr.new/ox@386a3439fe1ce76d237930f8c6e6bb493746069a Location: Package overview From: pnpm-lock.yaml → npm/@creit.tech/stellar-wallets-kit@2.2.0 → npm/viem@2.51.0 ℹ Read more on: This package | This alert | What are http dependencies? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Publish the HTTP URL dependency to a public or private package repository and consume it from there. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/viem@2.51.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Deprecated by its maintainer: npm @swc/helpers Reason: This version contains a decorator helper regression from swc-project/swc#11847. Please upgrade to @swc/helpers@0.5.23 or newer. From: pnpm-lock.yaml → npm/@creit.tech/stellar-wallets-kit@2.2.0 → npm/@swc/helpers@0.5.22 ℹ Read more on: This package | This alert | What is a deprecated package? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Research the state of the package and determine if there are non-deprecated versions that can be used, or if it should be replaced with a new, supported solution. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@swc/helpers@0.5.22. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[stellar-jenkins-ci]

Preview is available here:
http://laboratory-pr2097.previews.kube001.services.stellar-ops.com/

[quietbits]

Looks good. I tested Wallet Kit with Freighter (Testnet) and Ledger (Mainnet).

[stellar-jenkins-ci]

Preview is available here:
http://laboratory-pr2097.previews.kube001.services.stellar-ops.com/

[stellar-jenkins-ci]

Preview is available here:
http://laboratory-pr2097.previews.kube001.services.stellar-ops.com/