@nlv8/signun - npm Package Compare versions

Comparing version 1.4.4 to 2.0.0

package.json

 {
   "name": "@nlv8/signun",
-  "version": "1.4.4",
+  "version": "2.0.0",
   "description": "N-API Crypto bindings.",
@@ -27,10 +27,18 @@ "main": "src/js/index.js",
   "homepage": "https://github.com/nlv8/signun#readme",
+  "husky": {
+    "hooks": {
+      "commit-msg": "commitlint -E HUSKY_GIT_PARAMS"
+    }
+  },
   "dependencies": {
-    "node-gyp": "^7.1.2"
+    "node-gyp": "7.1.2"
   },
   "devDependencies": {
-    "chai": "^4.2.0",
-    "chai-as-promised": "^7.1.1",
-    "mocha": "^8.2.1",
-    "mocha-junit-reporter": "^2.0.0"
+    "@commitlint/cli": "11.0.0",
+    "@commitlint/config-conventional": "11.0.0",
+    "chai": "4.2.0",
+    "chai-as-promised": "7.1.1",
+    "husky": "4.3.6",
+    "mocha": "8.2.1",
+    "mocha-junit-reporter": "2.0.0"
   },
@@ -37,0 +45,0 @@ "files": [

README.md

 # signun
 
 [![NPM version](https://img.shields.io/npm/v/@nlv8/signun.svg)](https://www.npmjs.com/package/@nlv8/signun)
-[![Build Status](https://dev.azure.com/nlv8/signun/_apis/build/status/nlv8.signun?branchName=master)](https://dev.azure.com/nlv8/signun/_build/latest?definitionId=1&branchName=master)
+[![Build Master](https://github.com/nlv8/signun/workflows/Build%20Master/badge.svg)](https://github.com/nlv8/signun/actions?query=workflow%3A%22Build+Master%22)
 [![License](https://img.shields.io/github/license/nlv8/signun.svg)](LICENSE)
 
-signun provides sync and async [N-API](https://nodejs.org/api/n-api.html#n_api_n_api) bindings to the following crypto libraries:
+signun provides [N-API](https://nodejs.org/api/n-api.html#n_api_n_api) bindings to the following crypto libraries:
 
@@ -12,93 +12,23 @@ * [secp256k1](https://github.com/bitcoin-core/secp256k1),
 
-## Install
+## Installation
 
-Install with npm or yarn:
-
 ~~~~
-npm i @nlv8/signun --save
+npm i @nlv8/signun
 ~~~~
 
-~~~~
-yarn add @nlv8/signun
-~~~~
+## Features
 
-Please keep in mind, that for the best secp256k1 performance, you should have [GMP](https://gmplib.org/) installed.
+  * Digital Signature
+    * Sync and async secp256k1 ECDSA.
+      * Tunable performance characteristics in [bindings.gyp](bindings.gyp). Please see the documentation of [secp256k1](https://github.com/bitcoin-core/secp256k1) for the available settings.
+      * Uses [GMP](https://gmplib.org/) if available.
+  * Cryptographic Hash
+    * Async BLAKE2b.
+  
+Runs on
 
-## API
+  * Windows x86 (will not use GMP),
+  * Linux x86/ARM (will use GMP if available),
+  * Mac x86/ARM (will use GMP if available).
 
-signun exports the following two objects:
-
-### `secp256k1`
-
-Asynchronous and synchronous bindings for secdp256k1-based ECDSA. By default, all functions are async, returning a Promise. However, by appending `Sync` at the end of the function name, one can invoke them synchronously.
-
-#### `privateKeyVerify(privateKey)`
-
-Verifies whether a Buffer is a valid private key.
-
-  * `privateKey: Buffer`: A Buffer containing the candidate private key.
-
-Returns `true` if the specified Buffer is a valid private key and `false` otherwise.
-
-#### `publicKeyCreate(privateKey, isCompressed = true)`
-
-Constructs a new public key corresponding to the specified private key.
-
-  * `privateKey: Buffer`: A Buffer containing a valid private key.
-  * `isCompressed: boolean = true`: Whether a compressed representation should be produced.
-
-Returns a Buffer with the public key upon success.
-
-Will throw/reject if the public key cannot be created from the specified data.
-
-#### `sign(message, privateKey, options)`
-
-Signs the message with the specified private key.
-
-  * `message: Buffer`: The message to sign.
-  * `privateKey: Buffer`: The private key with which the signature will be created.
-  * `options: object`: Optional options object. Can only be used for synchronous invocations.
-    * `data: Buffer`: Arbitrary data to be passed to the nonce function.
-    * `noncefn: function`: A custom nonce function, with the following signature: `noncefn(message: Buffer, key: Buffer, algo: Buffer, data: Buffer, attempt: number): Buffer`.
-
-Returns an object with the following properties upon success:
-
-  * `signature: Buffer`: The actual signature.
-  * `recovery: number`: The recovery id.
-
-Will throw/reject if the signature cannot be created.
-
-#### `verify(message, signature, publicKey)`
-
-Verifies a signature against the specified message and public key.
-
-   * `message: Buffer`: The message we think was signed.
-   * `signature: Buffer`: The signature to be verified.
-   * `publicKey`: The public key pair of the signing private key.
-
-Returns `true` if the signature is valid and `false` otherwise.
-
-### `blake2b`
-
-Asynchronous BLAKE2b hashing.
-
-#### `hash(data, hashLength)`
-
-Hashes the specified data.
-
-  * `data: Buffer`: The data to be hashed. Can be empty but must be a valid Buffer.
-  * `hashLength: number`: The length of the hash. Must be between 1 and 64 (inclusive).
-
-Returns the hash in a Buffer.
-
-#### `keyedHash(data, key, hashLength)`
-
-Produces the keyed hash of the specified data.
-
-  * `data: Buffer`: The data to be hashed. Can be empty but must be a valid Buffer.
-  * `key: Buffer`: The key to be used.
-  * `hashLength: number`: The length of the hash. Must be between 1 and 64 (inclusive).
-
-Returns the hash in a Buffer.
-
 ## Examples
@@ -202,17 +132,93 @@
 
+
+## API
+
+signun exports the following two objects.
+
+### `secp256k1`
+
+Asynchronous and synchronous bindings for secdp256k1-based ECDSA. By default, all functions are async, returning a Promise. However, by appending `Sync` at the end of the function name, one can invoke them synchronously.
+
+#### `privateKeyVerify(privateKey)`
+
+Verifies whether a Buffer is a valid private key.
+
+  * `privateKey: Buffer`: A Buffer containing the candidate private key.
+
+Returns `true` if the specified Buffer is a valid private key and `false` otherwise.
+
+#### `publicKeyCreate(privateKey, isCompressed = true)`
+
+Constructs a new public key corresponding to the specified private key.
+
+  * `privateKey: Buffer`: A Buffer containing a valid private key.
+  * `isCompressed: boolean = true`: Whether a compressed representation should be produced.
+
+Returns a Buffer with the public key upon success.
+
+Will throw/reject if the public key cannot be created from the specified data.
+
+#### `sign(message, privateKey, options)`
+
+Signs the message with the specified private key.
+
+  * `message: Buffer`: The message to sign.
+  * `privateKey: Buffer`: The private key with which the signature will be created.
+  * `options: object`: Optional options object. Can only be used for synchronous invocations.
+    * `data: Buffer`: Arbitrary data to be passed to the nonce function.
+    * `noncefn: function`: A custom nonce function, with the following signature: `noncefn(message: Buffer, key: Buffer, algo: Buffer, data: Buffer, attempt: number): Buffer`.
+
+Returns an object with the following properties upon success:
+
+  * `signature: Buffer`: The actual signature.
+  * `recovery: number`: The recovery id.
+
+Will throw/reject if the signature cannot be created.
+
+#### `verify(message, signature, publicKey)`
+
+Verifies a signature against the specified message and public key.
+
+   * `message: Buffer`: The message we think was signed.
+   * `signature: Buffer`: The signature to be verified.
+   * `publicKey`: The public key pair of the signing private key.
+
+Returns `true` if the signature is valid and `false` otherwise.
+
+### `blake2b`
+
+Asynchronous BLAKE2b hashing.
+
+#### `hash(data, hashLength)`
+
+Hashes the specified data.
+
+  * `data: Buffer`: The data to be hashed. Can be empty but must be a valid Buffer.
+  * `hashLength: number`: The length of the hash. Must be between 1 and 64 (inclusive).
+
+Returns the hash in a Buffer.
+
+#### `keyedHash(data, key, hashLength)`
+
+Produces the keyed hash of the specified data.
+
+  * `data: Buffer`: The data to be hashed. Can be empty but must be a valid Buffer.
+  * `key: Buffer`: The key to be used.
+  * `hashLength: number`: The length of the hash. Must be between 1 and 64 (inclusive).
+
+Returns the hash in a Buffer.
+
 ## Acknowledgements
 
-This project is kindly supported by:
+This is an open source project maintained by [NLV8](https://nlv8.com/).
 
-  * [NLV8](https://nlv8.com/)
+Original authors include [Viktor Simkó](https://github.com/ViktorSimko), [Tibor Balla](https://github.com/ballatibi) and [Attila Bagossy](https://github.com/battila7)
 
-I'd like to give special thanks to [Viktor Simkó](https://github.com/ViktorSimko) and [Tibor Balla](https://github.com/ballatibi) for helping me out when I was lost :unicorn:
+## Licence
 
-## License
-
 signun is licensed under [Apache-2.0](https://github.com/battila7/signun/blob/master/LICENSE).
 
-Licenses of dependencies:
+Licences of dependencies:
 
   * [secp256k1](https://github.com/bitcoin-core/secp256k1): [MIT](https://github.com/bitcoin-core/secp256k1/blob/master/COPYING)
   * [BLAKE2](https://github.com/BLAKE2/BLAKE2): Triple-licensed, using [Apache 2.0](https://github.com/BLAKE2/BLAKE2/blob/master/README.md)

src/js/blake2/blake2b.js

@@ -0,0 +0,0 @@ const { blake2b } = require('../native');

src/js/blake2/index.js

@@ -0,0 +0,0 @@ const blake2b = require('./blake2b');

src/js/index.js

@@ -0,0 +0,0 @@ const blake2 = require('./blake2');

src/js/native.js

@@ -0,0 +0,0 @@ const BINDINGS_NOT_COMPILED = 'Native bindings are not compiled. This library however, can only be used with native bindings.';

src/js/secp256k1/index.js

@@ -0,0 +0,0 @@ const { secp256k1 } = require('../native');

src/js/util/guard.js

@@ -0,0 +0,0 @@ const guard = {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

No bug tracker

Maintenance

Package does not have a linked bug tracker in package.json.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Mixed license

License

(Experimental) Package contains multiple licenses.

Found 1 instance in 1 package

No bug tracker

Maintenance

Package does not have a linked bug tracker in package.json.

Found 1 instance in 1 package

Improved metrics

Number of low license alerts

0

decreased by-100%

Number of lines in readme file

223

increased by2.76%

Worsened metrics

Total package byte prevSize

86693

decreased by-98.58%

Dev dependency count

7

increased by75%

Number of package files

31

decreased by-85.1%

Lines of code

145

decreased by-99.35%

Number of medium supply chain risk alerts

2

increased by100%

Dependency changes

• Updatednode-gyp@7.1.2