Security News
NIST Misses 2024 Deadline to Clear NVD Backlog
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
@bitgo-forks/bip174
Advanced tools
A BIP174 compatible partial Transaction encoding library.
This library is separate as an attempt to separate Bitcoin specific logic from the encoding format.
I apologize if this library is hard to use. Removing Bitcoin specific logic from "Partially Signed BITCOIN Transaction" format was kind of hard.
combine
has highest priority.In order to keep this library as separate from Bitcoin logic as possible, This library will not implement the following responsibilities. But rather, down the road bitcoinjs-lib will adopt this class and extend it internally to allow for the following:
TransactionFromBuffer
typed function. See ts_src/lib/interfaces.ts
for info on the Transaction
interface and the TransactionFromBuffer
function.Transaction
abstract interface that has an addInput/addOutput method which will be called.const { Psbt } = require('bip174')
const { PsbtTransaction , pTxFromBuffer } = require('./someImplementation')
// Psbt requires a Transaction interface to create an instance, as well as
// A function that turns a buffer into that interface. See Transaction and TransactionFromBuffer
// in ts_src/lib/interfaces.ts ...
// See tests/utils/txTools file for an example of a simple Bitcoin Transaction.
// Also see BitcoinJS-lib for an extended class that uses the Transaction class internally.
// Anyone using this library for Bitcoin specifically should use bitcoinjs-lib
// Your PsbtTransaction will have a toBuffer function to allow for serialization
const tx = pTxFromBuffer(someTransactionBuffer);
const psbt = new Psbt(tx)
// OR
// This will parse the PSBT, and use the function you pass to parse the Transaction part
// the function should throw if the scriptSig section is not empty
const psbt = Psbt.fromBuffer(somePsbtBuffer, pTxFromBuffer)
psbt.addInput({
hash: '865dce988413971fd812d0e81a3395ed916a87ea533e1a16c0f4e15df96fa7d4',
index: 3,
})
psbt.addInput({
hash: 'ff5dce988413971fd812d0e81a3395ed916a87ea533e1a16c0f4e15df96fa7d4',
index: 1,
})
psbt.addOutput({
script: Buffer.from(
'a914e18870f2c297fbfca54c5c6f645c7745a5b66eda87',
'hex',
),
value: 1234567890,
})
psbt.addOutput({
script: Buffer.from(
'a914e18870f2c297fbfca54c5c6f645c7745a5b66eda87',
'hex',
),
value: 987654321,
})
psbt.addRedeemScriptToInput(0, Buffer.from(
'00208c2353173743b595dfb4a07b72ba8e42e3797da74e87fe7d9d7497e3b2028903',
'hex',
))
psbt.addWitnessScriptToInput(0, Buffer.from(
'522103089dc10c7ac6db54f91329af617333db388cead0c231f723379d1b9903' +
'0b02dc21023add904f3d6dcf59ddb906b0dee23529b7ffb9ed50e5e861519268' +
'60221f0e7352ae',
'hex',
))
psbt.addBip32DerivationToInput(0, {
masterFingerprint: Buffer.from('d90c6a4f', 'hex'),
pubkey: Buffer.from(
'023add904f3d6dcf59ddb906b0dee23529b7ffb9ed50e5e86151926860221f0e73',
'hex',
),
path: "m/0'/0'/3'",
})
psbt.addBip32DerivationToInput(0, {
masterFingerprint: Buffer.from('d90c6a4f', 'hex'),
pubkey: Buffer.from(
'03089dc10c7ac6db54f91329af617333db388cead0c231f723379d1b99030b02dc',
'hex',
),
path: "m/0'/0'/2'",
})
const b64 = psbt.toBase64();
FAQs
Fork of bip174 with BitGo specific changes
We found that @bitgo-forks/bip174 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.