Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@bitauth/libauth
Advanced tools
ultra-lightweight library for Bitcoin Cash, Bitcoin, and Bitauth
An ultra-lightweight JavaScript library for Bitcoin Cash, Bitcoin, and Bitauth applications.
An ultra-lightweight JavaScript library for Bitcoin Cash, Bitcoin, and Bitauth applications.
Libauth has no dependencies and works in all JavaScript environments, including Node.js, Deno, and browsers.
Libauth is designed to be flexible, lightweight, and easily auditable. Rather than providing a single, overarching, object-oriented API, all functionality is composed from simple functions. This has several benefits:
To get started, install @bitauth/libauth
:
npm install @bitauth/libauth
# OR
yarn add @bitauth/libauth
And import the functionality you need:
import { secp256k1 } from '@bitauth/libauth';
import { msgHash, pubkey, sig } from 'somewhere';
secp256k1.verifySignatureDERLowS(sig, pubkey, msgHash)
? console.log('🚀 Signature valid')
: console.log('❌ Signature invalid');
See Installation for more guidance on getting set up.
These guides introduce some of the high-level concepts and functionality provided by Libauth.
In addition to the usage examples in these guides, note that Libauth includes comprehensive tests that can help demonstrate usage of all functionality.
For example, utilities related to hexadecimal-encoded strings are defined in hex.ts
; for thorough usage examples, see the co-located hex.spec.ts
. You can also use GitHub search to see how a particular utility is used throughout the library, e.g. splitEvery
.
Below is a partial selection of functionality provided by Libauth. If you're looking for something else, be sure to search the API Reference.
High-level utilities are composed from lower-level utilities which are also exported, so it's often possible to remix behavior in your own codebase with relatively little duplication or maintenance burden. See the Defined in ...
link on each utility's API reference page to review and copy the implementation.
encodeBase58Address
/decodeBase58Address
encodeBase58AddressFormat
/decodeBase58AddressFormat
lockingBytecodeToBase58Address
/base58AddressToLockingBytecode
encodeCashAddress
/decodeCashAddress
lockingBytecodeToCashAddress
/cashAddressToLockingBytecode
decodeCashAddressFormatWithoutPrefix
encodeCashAddressVersionByte
/decodeCashAddressVersionByte
attemptCashAddressFormatErrorCorrection
encodeCashAddressFormat
/decodeCashAddressFormat
encodeCashAddressNonStandard
/decodeCashAddressNonStandard
hash160
(sha256
-> ripemd160
)hash256
(sha256
-> sha256
)hmacSha256
hmacSha512
instantiateHmacFunction
instantiatePbkdf2Function
pbkdf2HmacSha256
pbkdf2HmacSha512
ripemd160
secp256k1
sha1
sha256
sha512
00101010
)bigIntToBinUint256BEClamped
/binToBigIntUint256BE
bigIntToBinUint64LE
(bigIntToBinUint64LEClamped
)/binToBigIntUint64LE
bigIntToBinUintLE
/binToBigIntUintLE
binToBigIntUintBE
/bigIntToBinUintBE
int32SignedToUnsigned
/int32UnsignedToSigned
numberToBinInt16LE
/binToNumberInt16LE
numberToBinInt32LE
/binToNumberInt32LE
numberToBinInt32TwosCompliment
numberToBinUintLE
/binToNumberUintLE
numberToBinUint16BE
numberToBinUint16LE
(numberToBinUint16LEClamped
)/binToNumberUint16LE
numberToBinUint32BE
numberToBinUint32LE
(numberToBinUint32LEClamped
)/binToNumberUint32LE
crackHdPrivateNodeFromHdPublicNodeAndChildPrivateNode
decodeHdKey
(decodeHdKeyUnchecked
)decodeHdPrivateKey
/encodeHdPrivateKey
decodeHdPublicKey
/encodeHdPrivateKey
deriveHdPath
deriveHdPathRelative
deriveHdPrivateNodeFromSeed
deriveHdPrivateNodeIdentifier
/deriveHdPublicNodeIdentifier
deriveHdPrivateNodeChild
/deriveHdPublicNodeChild
deriveHdPublicKey
deriveHdPublicNode
hdKeyVersionIsPrivateKey
/hdKeyVersionIsPublicKey
hdPrivateKeyToIdentifier
/hdPublicKeyToIdentifier
deriveHdPrivateNodeFromBip39Mnemonic
deriveSeedFromBip39Mnemonic
encodeBip39Mnemonic
/decodeBip39Mnemonic
generateBip39Mnemonic
generateDeterministicEntropy
generateHdPrivateNode
generatePrivateKey
generateRandomBytes
generateRandomSeed
minimumEventsPerEntropyBits
shannonEntropyPerEvent
validateSecp256k1PrivateKey
readBytes
readCompactUintPrefixedBin
readRemainingBytes
readUint32LE
readUint64LE
readMultiple
readItemCount
encodeTransaction
/decodeTransaction
(decodeTransactionUnsafe
)encodeTransactionOutputs
/decodeTransactionOutputs
hashTransaction
hashTransactionP2pOrder
hashTransactionUiOrder
isArbitraryDataOutput
isSimpleMultisig
isStandardOutputBytecode
isStandardOutputBytecode2023
isStandardMultisig
isWitnessProgram
createInstructionSetBCH
createInstructionSetBCH2022
createInstructionSetBCH2023
createInstructionSetBCHCHIPs
createInstructionSetXEC
createVirtualMachine
createVirtualMachineBCH
createVirtualMachineBCH2022
createVirtualMachineBCH2023
createVirtualMachineBCHCHIPs
createVirtualMachineXEC
assembleBytecode
assembleBytecodeBCH
assembleBytecodeBTC
disassembleBytecode
disassembleBytecodeBCH
disassembleBytecodeBTC
generateBytecodeMap
summarizeDebugTrace
stringifyDebugTraceSummary
summarizeStack
combineOperations
mapOverOperations
pushToStack
pushToStackChecked
pushToStackVmNumber
pushToStackVmNumberChecked
useOneStackItem
useTwoStackItems
useThreeStackItems
useFourStackItems
useSixStackItems
useOneVmNumber
useTwoVmNumbers
useThreeVmNumbers
allErrorsAreRecoverable
cashAssemblyToBin
compileScript
containsRange
createCompiler
extractBytecodeResolutions
extractEvaluationSamples
extractEvaluationSamplesRecursive
extractUnexecutedRanges
getResolutionErrors
mergeRanges
parseScript
resolveVariableIdentifier
stringifyErrors
verifyCashAssemblyEvaluationState
walletTemplateToCompilerConfiguration
walletTemplateToCompilerBCH
hdPrivateKeyToP2pkhLockingBytecode
hdPrivateKeyToP2pkhCashAddress
hdPublicKeyToP2pkhLockingBytecode
hdPublicKeyToP2pkhCashAddress
privateKeyToP2pkhLockingBytecode
privateKeyToP2pkhCashAddress
publicKeyToP2pkhLockingBytecode
publicKeyToP2pkhCashAddress
Libauth's test suite includes a set of cross-implementation Virtual Machine Bytecode (VMB) test vectors for each supported VM. See Libauth VMB Tests
for details.
CashAssembly is the assembly language used by Libauth's Wallet Templates. To learn more about CashAssembly, read the Bitauth IDE Guide.
Pull Requests welcome! Please see CONTRIBUTING.md
for details.
3.0.0
#127 e5c275f
Thanks @bitjson! - Add support for relative BIP32 derivation
Relative BIP32 Hierarchical Deterministic (HD) derivation is now supported via the deriveHdPathRelative
utility, and the Libauth compiler has been updated to explicitly use relative derivation by default for HdKey
s. Absolute derivation has also been enhanced to validate the expected depth of provided HD keys.
If you application relies on relative derivation but uses deriveHdPath
, you'll need to switch to using the new deriveHdPathRelative
, as absolute derivation will now fail if provided with a non-zero depth HD key.
Fixes #49.
#127 e5c275f
Thanks @bitjson! - CashAssembly: .signature
is now .ecdsa_signature
All CashAssembly scripts using the .signature
operation should instead call .ecdsa_signature
or switch to .schnorr_signature
.
Additionally, signing_serialization.token_prefix
is now available.
#127 e5c275f
Thanks @bitjson! - Unify object parameters and error handling across library
A number of existing Libauth utilities have been modified to adhere to Libauth's object parameter and error handling conventions:
crackHdPrivateNodeFromHdPublicNodeAndChildPrivateNode
decodeHdKey
(decodeHdKeyUnchecked
)decodeHdPrivateKey
/encodeHdPrivateKey
decodeHdPublicKey
/encodeHdPrivateKey
deriveHdPath
deriveHdPathRelative
deriveHdPrivateNodeFromSeed
deriveHdPrivateNodeIdentifier
/deriveHdPublicNodeIdentifier
deriveHdPrivateNodeChild
/deriveHdPublicNodeChild
deriveHdPublicKey
deriveHdPublicNode
hdKeyVersionIsPrivateKey
/hdKeyVersionIsPublicKey
hdPrivateKeyToIdentifier
/hdPublicKeyToIdentifier
Please see the relevant guide(s) for usage examples:
#127 e5c275f
Thanks @bitjson! - Add usage guides and API overview
#127 e5c275f
Thanks @bitjson! - Add P2PKH CashAddress utilities
The following utilities are now available:
hdPrivateKeyToP2pkhLockingBytecode
hdPrivateKeyToP2pkhCashAddress
hdPublicKeyToP2pkhLockingBytecode
hdPublicKeyToP2pkhCashAddress
privateKeyToP2pkhLockingBytecode
privateKeyToP2pkhCashAddress
publicKeyToP2pkhLockingBytecode
publicKeyToP2pkhCashAddress
For usage examples, see wallets.md
.
#127 e5c275f
Thanks @bitjson! - Validate all keys prior to compilation, expose validateCompilationData
The compiler now validates all compilation data (i.e. validate all public and private keys), prior to compilation, regardless of whether or not the offending public or private key material is used. This is intended to surface software defects (particularly in the software used by counterparties) as early as possible.
#127 e5c275f
Thanks @bitjson! - Add support for decodeTransactionOutputs
FAQs
ultra-lightweight library for Bitcoin Cash, Bitcoin, and Bitauth
We found that @bitauth/libauth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.