@ledgerhq/bitcoin_signer
Advanced tools
Readme
Maybe you won't lose money, but this tool's sole purpose is to be a quick and dirty offline signer. Development will never stop to consider security risks, and dependencies were not audited (by the author, at least).
So don't trust this software with funds you care about.
This is a small library/CLI utility for signing BTC-like transactions using bitcoinlib-js. As an extra, it can also use internal Ledger Wallet Daemon and Praline mock-node/explorer infrastructure to run broadcasting-based scenarii for component testing.
Install from npm registry:
npm i -g @ledgerhq/bitcoin_signer
or
yarn global add @ledgerhq/bitcoin_signer
# Create a mnenomic and saves the string in a file
echo "abandon abandon abandon" > .mnemonic
# Build the stuff
npm install && npm run build # Or yarn install && yarn build
# Test the stuff
./dist/index.js sign .mnemonic .tx-test
It will fail with messages like
pubkeyhash not supported (OP_DUP OP_HASH160 ed176f89c975db1fb6c9b798e446fba6023a9b10 OP_EQUALVERIFY OP_CHECKSIG)
if the key pair doesn't match one of the input to sign
Note: The docker-compose file uses ghcr images, so configure your docker CLI accordingly. (And unauthorized people won't be able to run this test, even including myself eventually)
There is a testing scenario that uses commands to successively :
This basic scenario uses the Faucet and Send commands and serves the purpose of dogfooding the API in lib, as well as showing examples for building other workflows.
docker-compose up -d
# Wait for all containers to start, lasts approx. 1min. You can monitor your CPU load
./tooling/scenarii/btc_testnet_praline.sh
# Or the eth one
./tooling/scenarii/eth_ropsten_real.sh
It probably won't be able to sign transactions with inputs from different addresses. At least it's not planned now.
This tool is being created to help with Ledger testing, so the TransactionBuilder format is way easier to use with the rawTransaction format lib-ledger-core uses for communication.
That also means that this project uses deprecated code and will keep using old code to be able to keep working.
FAQs
[Internal development use] INSECURE CLI BTC transaction signer for integration tests
The npm package @ledgerhq/bitcoin_signer receives a total of 1 weekly downloads. As such, @ledgerhq/bitcoin_signer popularity was classified as not popular.
We found that @ledgerhq/bitcoin_signer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 20 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
This episode of the Risky Biz podcast discusses how the rise of small open source packages and the shift towards individual maintainers makes the ecosystem more vulnerable to supply chain attacks.
Product
Streamline your login process and enhance security by enabling Single Sign-On (SSO) on the Socket platform, now available for all customers on the Enterprise plan, supporting 20+ identity providers.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.