@scure/base - npm Package Compare versions

Comparing version 1.1.0 to 1.1.1

package.json

 {
   "name": "@scure/base",
-  "version": "1.1.0",
+  "version": "1.1.1",
   "description": "Secure, audited & 0-dep implementation of bech32, base64, base58, base32 & base16",
@@ -8,2 +8,3 @@ "files": [
     "lib/esm/index.js",
+    "lib/esm/package.json",
     "lib/index.d.ts"
@@ -10,0 +11,0 @@ ],

README.md

 # scure-base
 
-Secure, audited and 0-dep implementation of bech32, base64, base58, base32 & base16.
+Secure, [audited](#security) and 0-dep implementation of bech32, base64, base58, base32 & base16.
 
@@ -13,4 +13,2 @@ Written in [functional style](#design-rationale), uses chaining, has unique tests which ensure correctness.
 
-The library has been audited by Cure53 on Jan 5, 2022. Check out the audit [PDF](./audit/2022-01-05-cure53-audit-nbl2.pdf), [URL](https://cure53.de/pentest-report_hashing-libs.pdf) & [changes since audit](https://github.com/paulmillr/scure-base/compare/1.0.0..main). Before the audit, it was called `micro-base`.
-
 ### This library belongs to *scure*
@@ -49,6 +47,6 @@
 // bech32
-const {bech32, bech32m} = require('@scure/base');
+const { bech32, bech32m } = require('@scure/base');
 const words = bech32.toWords(data);
 const be = bech32.encode('prefix', words);
-const {prefix, words} = bech32.decode(be);
+const { prefix, words } = bech32.decode(be);
 bech32m.encode('prefix', words);
@@ -58,7 +56,7 @@
 // you need to pass sha256() function that returns Uint8Array
-const {base58check} = require('@scure/base');
+const { base58check } = require('@scure/base');
 base58check(sha256).encode(data);
 
 // Alternative API
-const {str, bytes} = require('@scure/base');
+const { str, bytes } = require('@scure/base');
 const encoded = str('base64', data);
@@ -141,4 +139,13 @@ const data = bytes('base64', encoded);
 
+## Security
+
+The library has been audited by Cure53 on Jan 5, 2022. Check out the audit [PDF](./audit/2022-01-05-cure53-audit-nbl2.pdf) & [URL](https://cure53.de/pentest-report_hashing-libs.pdf). See [changes since audit](https://github.com/paulmillr/scure-base/compare/1.0.0..main).
+
+1. The library was initially developed for [js-ethereum-cryptography](https://github.com/ethereum/js-ethereum-cryptography)
+2. At commit [ae00e6d7](https://github.com/ethereum/js-ethereum-cryptography/commit/ae00e6d7d24fb3c76a1c7fe10039f6ecd120b77e), it
+  was extracted to a separate package called `micro-base`
+3. After the audit we've decided to use NPM namespace for security. Since `@micro` namespace was taken, we've renamed the package to `@scure/base`
+
 ## License
 
 MIT (c) Paul Miller [(https://paulmillr.com)](https://paulmillr.com), see LICENSE file.

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

46440

increased by1.09%

Number of package files

7

increased by16.67%

Number of lines in readme file

148

increased by4.96%

Number of medium supply chain risk alerts

0

decreased by-100%

No dependency changes