Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@nomicfoundation/ethereumjs-util
Advanced tools
@nomicfoundation/ethereumjs-util is a utility library for Ethereum-related functions. It provides a variety of tools for handling Ethereum addresses, private keys, public keys, signatures, and other cryptographic operations.
Address Generation
This feature allows you to generate an Ethereum address from a private key and convert it to a checksummed address.
const { privateToAddress, toChecksumAddress } = require('@nomicfoundation/ethereumjs-util');
const privateKey = Buffer.from('c87509a1c067bbde78beb793e6fa5e8b8d2a9f1d7b2a9b2a2b2a2b2a2b2a2b2a', 'hex');
const addressBuffer = privateToAddress(privateKey);
const address = toChecksumAddress(addressBuffer.toString('hex'));
console.log(address);
Signature Verification
This feature allows you to sign a message and verify the signature, recovering the public key and address from the signature.
const { ecsign, ecrecover, pubToAddress, toBuffer } = require('@nomicfoundation/ethereumjs-util');
const msg = 'Hello, Ethereum!';
const msgHash = toBuffer('0x' + require('crypto').createHash('sha256').update(msg).digest('hex'));
const privateKey = Buffer.from('c87509a1c067bbde78beb793e6fa5e8b8d2a9f1d7b2a9b2a2b2a2b2a2b2a2b2a', 'hex');
const sig = ecsign(msgHash, privateKey);
const publicKey = ecrecover(msgHash, sig.v, sig.r, sig.s);
const address = pubToAddress(publicKey).toString('hex');
console.log(address);
Hashing
This feature allows you to hash data using the Keccak-256 algorithm, which is used in Ethereum for various purposes.
const { keccak256 } = require('@nomicfoundation/ethereumjs-util');
const data = 'Hello, Ethereum!';
const hash = keccak256(Buffer.from(data));
console.log(hash.toString('hex'));
The ethers.js library is a complete and compact library for interacting with the Ethereum blockchain and its ecosystem. It provides similar functionalities for handling addresses, keys, and signatures, but also includes features for interacting with smart contracts and the Ethereum network.
The web3.js library is a comprehensive library for interacting with the Ethereum blockchain. It provides similar utilities for cryptographic operations and address handling, but also includes extensive features for interacting with smart contracts, nodes, and the Ethereum network.
The eth-sig-util library provides utilities for signing and verifying Ethereum messages and transactions. It focuses more on signature-related functionalities compared to @nomicfoundation/ethereumjs-util.
A collection of utility functions for Ethereum. |
---|
To obtain the latest version, simply require the project using npm
:
npm install @ethereumjs/util
This package contains the following modules providing respective helper methods, classes and commonly re-used constants.
All helpers are re-exported from the root level and deep imports are not necessary. So an import can be done like this:
import { hexToBytes, isValidChecksumAddress } from '@ethereumjs/util'
Class representing an Account
and providing private/public key and address-related functionality (creation, validation, conversion).
// ./examples/account.ts
import { Account } from '@ethereumjs/util'
const account = Account.fromAccountData({
nonce: '0x02',
balance: '0x0384',
storageRoot: '0x56e81f171bcc55a6ff8345e692c0f86e5b48e01b996cadc001622fb5e363b421',
codeHash: '0xc5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470',
})
console.log(`Account with nonce=${account.nonce} and balance=${account.balance} created`)
Class representing an Ethereum Address
with instantiation helpers and validation methods.
// ./examples/address.ts
import { Address } from '@ethereumjs/util'
const address = Address.fromString('0x2f015c60e0be116b1f0cd534704db9c92118fb6a')
console.log(`Ethereum address ${address.toString()} created`)
Module providing helpers for 4844 blobs and versioned hashes.
// ./examples/blobs.ts
import { bytesToHex, computeVersionedHash, getBlobs } from '@ethereumjs/util'
const blobs = getBlobs('test input')
console.log('Created the following blobs:')
console.log(blobs)
const commitment = new Uint8Array([1, 2, 3])
const blobCommitmentVersion = 0x01
const versionedHash = computeVersionedHash(commitment, blobCommitmentVersion)
console.log(`Versioned hash ${bytesToHex(versionedHash)} computed`)
Byte-related helper and conversion functions.
// ./examples/bytes.ts
import { bytesToBigInt } from '@ethereumjs/util'
const bytesValue = new Uint8Array([97])
const bigIntValue = bytesToBigInt(bytesValue)
console.log(`Converted value: ${bigIntValue}`)
Exposed constants (e.g. KECCAK256_NULL_S
for string representation of Keccak-256 hash of null)
// ./examples/constants.ts
import { BIGINT_2EXP96, KECCAK256_NULL_S } from '@ethereumjs/util'
console.log(`The keccak-256 hash of null: ${KECCAK256_NULL_S}`)
console.log(`BigInt constants (performance), e.g. BIGINT_2EXP96: ${BIGINT_2EXP96}`)
DB interface for database abstraction (Blockchain, Trie), see e.g. @ethereumjs/trie recipes) for usage.
Genesis related interfaces and helpers.
Internalized simple helper methods like isHexPrefixed
. Note that methods from this module might get deprectared in the future.
KZG interface (used for 4844 blob txs), see @ethereumjs/tx README for main usage instructions.
Simple map DB implementation using the DB
interface (see above).
Functionality for signing, signature validation, conversion, recovery.
// ./examples/signature.ts
import { bytesToHex, ecrecover, hexToBytes } from '@ethereumjs/util'
const chainId = BigInt(3) // Ropsten
const echash = hexToBytes('0x82ff40c0a986c6a5cfad4ddf4c3aa6996f1a7837f9c398e17e5de5cbd5a12b28')
const r = hexToBytes('0x99e71a99cb2270b8cac5254f9e99b6210c6c10224a1579cf389ef88b20a1abe9')
const s = hexToBytes('0x129ff05af364204442bdb53ab6f18a99ab48acc9326fa689f228040429e3ca66')
const v = BigInt(41)
const pubkey = ecrecover(echash, v, r, s, chainId)
console.log(`Recovered public key ${bytesToHex(pubkey)} from valid signature values`)
Various TypeScript types. Direct usage is not recommended, type structure might change in the future.
Class representing an EIP-4895
Withdrawal
with different constructors as well as conversion and output helpers.
// ./examples/withdrawal.ts
import { Withdrawal } from '@ethereumjs/util'
const withdrawal = Withdrawal.fromWithdrawalData({
index: 0n,
validatorIndex: 65535n,
address: '0x0000000000000000000000000000000000000000',
amount: 0n,
})
console.log('Withdrawal object created:')
console.log(withdrawal.toJSON())
With the breaking release round in Summer 2023 we have added hybrid ESM/CJS builds for all our libraries (see section below) and have eliminated many of the caveats which had previously prevented a frictionless browser usage.
It is now easily possible to run a browser build of one of the EthereumJS libraries within a modern browser using the provided ESM build. For a setup example see ./examples/browser.html.
Read the API docs.
Depending on the extend of Buffer
usage within your own libraries and other planning considerations, there are the two upgrade options to do the switch to Uint8Array
yourself or keep Buffer
and do transitions for input and output values.
We have updated the @ethereumjs/util
bytes
module with helpers for the most common conversions:
Buffer.alloc(97) // Allocate a Buffer with length 97
new Uint8Array(97) // Allocate a Uint8Array with length 97
Buffer.from('342770c0', 'hex') // Convert a hex string to a Buffer
hexToBytes('0x342770c0') // Convert a prefixed hex string to a Uint8Array, Util.hexToBytes()
`0x${myBuffer.toString('hex')}` // Convert a Buffer to a prefixed hex string
bytesToHex(myUint8Array) // Convert a Uint8Array to a prefixed hex string
intToBuffer(9) // Convert an integer to a Buffer, old (removed)
intToBytes(9) // Convert an integer to a Uint8Array, Util.intToBytes()
bytesToInt(myUint8Array) // Convert a Uint8Array to an integer, Util.bytesToInt()
bigIntToBytes(myBigInt) // Convert a BigInt to a Uint8Array, Util.bigIntToBytes()
bytesToBigInt(myUint8Array) // Convert a Uint8Array to a BigInt, Util.bytesToInt()
utf8ToBytes(myUtf8String) // Converts a UTF-8 string to a Uint8Array, Util.utf8ToBytes()
bytesToUtf8(myUint8Array) // Converts a Uint8Array to a UTF-8 string, Util.bytesToUtf8()
toBuffer(v: ToBufferInputTypes) // Converts various byte compatible types to Buffer, old (removed)
toBytes(v: ToBytesInputTypes) // Converts various byte compatible types to Uint8Array, Util.toBytes()
Helper methods can be imported like this:
import { hexToBytes } from '@ethereumjs/util'
With the breaking releases from Summer 2023 we have started to ship our libraries with both CommonJS (cjs
folder) and ESM builds (esm
folder), see package.json
for the detailed setup.
If you use an ES6-style import
in your code files from the ESM build will be used:
import { EthereumJSClass } from '@ethereumjs/[PACKAGE_NAME]'
If you use Node.js specific require
, the CJS build will be used:
const { EthereumJSClass } = require('@ethereumjs/[PACKAGE_NAME]')
Using ESM will give you additional advantages over CJS beyond browser usage like static code analysis / Tree Shaking which CJS can not provide.
With the breaking releases from Summer 2023 we have removed all Node.js specific Buffer
usages from our libraries and replace these with Uint8Array representations, which are available both in Node.js and the browser (Buffer
is a subclass of Uint8Array
).
We have converted existing Buffer conversion methods to Uint8Array conversion methods in the @ethereumjs/util bytes
module, see the respective README section for guidance.
Starting with Util v8 the usage of BN.js for big numbers has been removed from the library and replaced with the usage of the native JS BigInt data type (introduced in ES2020
).
Please note that number-related API signatures have changed along with this version update and the minimal build target has been updated to ES2020
.
The following methods are available by an internalized version of the ethjs-util package (MIT
license), see internal.ts. The original package is not maintained any more and the original functionality will be replaced by own implementations over time (starting with the v7.1.3
release, October 2021).
They can be imported by name:
import { stripHexPrefix } from '@ethereumjs/util'
See our organizational documentation for an introduction to EthereumJS
as well as information on current standards and best practices. If you want to join for work or carry out improvements on the libraries, please review our contribution guidelines first.
FAQs
A collection of utility functions for Ethereum
We found that @nomicfoundation/ethereumjs-util demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.