Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@ledgerhq/hw-app-btc
Advanced tools
Github, API Doc, Ledger Devs Slack
Ledger Hardware Wallet BTC JavaScript bindings. Also supports many altcoins.
Bitcoin API.
transport
Transport<any>scrambleKey
string (optional, default "BTC"
)import Btc from "@ledgerhq/hw-app-btc";
const btc = new Btc(transport)
btc.getWalletPublicKey("44'/0'/0'/0").then(o => o.bitcoinAddress)
Returns Promise<{publicKey: string, bitcoinAddress: string, chainCode: string}>
You can sign a message according to the Bitcoin Signature format and retrieve v, r, s given the message and the BIP 32 path of the account to sign.
btc.signMessageNew_async("44'/60'/0'/0'/0", Buffer.from("test").toString("hex")).then(function(result) {
var v = result['v'] + 27 + 4;
var signature = Buffer.from(v.toString(16) + result['r'] + result['s'], 'hex').toString('base64');
console.log("Signature : " + signature);
}).catch(function(ex) {console.log(ex);});
Returns Promise<{v: number, r: string, s: string}>
To sign a transaction involving standard (P2PKH) inputs, call createPaymentTransactionNew with the following parameters
inputs
Array<[Transaction, number, string?, number?]> is an array of [ transaction, output_index, optional redeem script, optional sequence ] where- transaction is the previously computed transaction object for this UTXO
associatedKeysets
Array<string> is an array of BIP 32 paths pointing to the path to the private key used for each UTXOchangePath
string is an optional BIP 32 path pointing to the path to the public key used to compute the change addressoutputScriptHex
string is the hexadecimal serialized outputs of the transaction to signlockTime
number is the optional lockTime of the transaction to sign, or default (0)sigHashType
number is the hash type of the transaction to sign, or default (all)segwit
boolean is an optional boolean indicating wether to use segwit or notinitialTimestamp
number is an optional timestamp of the function call to use for coins that necessitate timestamps only, (not the one that the tx will include)additionals
Array<string> list of additionnal options- "abc" for bch
expiryHeight
Buffer is an optional Buffer for zec overwinter / sapling Txsbtc.createPaymentTransactionNew(
[ [tx1, 1] ],
["0'/0/0"],
undefined,
"01905f0100000000001976a91472a5d75c8d2d0565b656a5232703b167d50d5a2b88ac"
).then(res => ...);
Returns any the signed transaction ready to be broadcast
To obtain the signature of multisignature (P2SH) inputs, call signP2SHTransaction_async with the folowing parameters
inputs
Array<[Transaction, number, string?, number?]> is an array of [ transaction, output_index, redeem script, optional sequence ] where- transaction is the previously computed transaction object for this UTXO
associatedKeysets
Array<string> is an array of BIP 32 paths pointing to the path to the private key used for each UTXOoutputScriptHex
string is the hexadecimal serialized outputs of the transaction to signlockTime
number is the optional lockTime of the transaction to sign, or default (0)sigHashType
number is the hash type of the transaction to sign, or default (all)segwit
boolean (optional, default false
)transactionVersion
number (optional, default DEFAULT_VERSION
)btc.signP2SHTransaction(
[ [tx, 1, "52210289b4a3ad52a919abd2bdd6920d8a6879b1e788c38aa76f0440a6f32a9f1996d02103a3393b1439d1693b063482c04bd40142db97bdf139eedd1b51ffb7070a37eac321030b9a409a1e476b0d5d17b804fcdb81cf30f9b99c6f3ae1178206e08bc500639853ae"] ],
["0'/0/0"],
"01905f0100000000001976a91472a5d75c8d2d0565b656a5232703b167d50d5a2b88ac"
).then(result => ...);
Returns any the signed transaction ready to be broadcast
For each UTXO included in your transaction, create a transaction object from the raw serialized version of the transaction used in this UTXO.
transactionHex
stringisSegwitSupported
boolean? (optional, default false
)hasTimestamp
boolean (optional, default false
)hasExtraData
boolean (optional, default false
)additionals
Array<string> (optional, default []
)const tx1 = btc.splitTransaction("01000000014ea60aeac5252c14291d428915bd7ccd1bfc4af009f4d4dc57ae597ed0420b71010000008a47304402201f36a12c240dbf9e566bc04321050b1984cd6eaf6caee8f02bb0bfec08e3354b022012ee2aeadcbbfd1e92959f57c15c1c6debb757b798451b104665aa3010569b49014104090b15bde569386734abf2a2b99f9ca6a50656627e77de663ca7325702769986cf26cc9dd7fdea0af432c8e2becc867c932e1b9dd742f2a108997c2252e2bdebffffffff0281b72e00000000001976a91472a5d75c8d2d0565b656a5232703b167d50d5a2b88aca0860100000000001976a9144533f5fb9b4817f713c48f0bfe96b9f50c476c9b88ac00000000");
Returns Transaction
$0
any
$0.outputs
const tx1 = btc.splitTransaction("01000000014ea60aeac5252c14291d428915bd7ccd1bfc4af009f4d4dc57ae597ed0420b71010000008a47304402201f36a12c240dbf9e566bc04321050b1984cd6eaf6caee8f02bb0bfec08e3354b022012ee2aeadcbbfd1e92959f57c15c1c6debb757b798451b104665aa3010569b49014104090b15bde569386734abf2a2b99f9ca6a50656627e77de663ca7325702769986cf26cc9dd7fdea0af432c8e2becc867c932e1b9dd742f2a108997c2252e2bdebffffffff0281b72e00000000001976a91472a5d75c8d2d0565b656a5232703b167d50d5a2b88aca0860100000000001976a9144533f5fb9b4817f713c48f0bfe96b9f50c476c9b88ac00000000");
const outputScript = btc.serializeTransactionOutputs(tx1).toString('hex');
Returns Buffer
transaction
TransactionskipWitness
booleantimestamp
Bufferadditionals
Array<string> (optional, default []
)transaction
TransactionType: {prevout: Buffer, script: Buffer, sequence: Buffer, tree: Buffer?}
Type: {amount: Buffer, script: Buffer}
Type: {version: Buffer, inputs: Array<TransactionInput>, outputs: Array<TransactionOutput>?, locktime: Buffer?, witness: Buffer?, timestamp: Buffer?, nVersionGroupId: Buffer?, nExpiryHeight: Buffer?, extraData: Buffer?}
FAQs
Ledger Hardware Wallet Bitcoin Application API
The npm package @ledgerhq/hw-app-btc receives a total of 12,546 weekly downloads. As such, @ledgerhq/hw-app-btc popularity was classified as popular.
We found that @ledgerhq/hw-app-btc demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.