isPackedAttestation

[Arvanaghi]

isPackedAttesation has a check:

export function isPackedAttestation(obj: { [key: string]: any }): boolean {
	if (
		obj["fmt"] &&
		obj["fmt"] === "packed" &&
		obj["attStmt"] &&
		obj["attStmt"]["alg"] &&
		(
			obj["attStmt"]["x5c"] ||
			obj["attStmt"]["ecdaaKeyId"]
		) &&
		obj["attStmt"]["sig"]
	)
		return true;
	return false;
}

I don't believe the middle part is needed:

			obj["attStmt"]["x5c"] ||
			obj["attStmt"]["ecdaaKeyId"]

It can be a packed attestation without x5c and without ecdaaKeyId. If x5c is not present, it's a self-signed attestation, where all that's left is to verify the pubkey matches the key itself. These can be packed attesations -- like with TouchID on Apple.