@stacks/transactions - npm Package Compare versions

Comparing version 6.16.0 to 6.16.1-pr.1dd96c12.0

dist/esm/signer.js

@@ -1,2 +0,2 @@
-import { isSequentialMultiSig, isSingleSig, nextVerification, } from './authorization';
+import { isNonSequentialMultiSig, isSequentialMultiSig, isSingleSig, nextVerification, } from './authorization';
 import { cloneDeep } from './utils';
@@ -18,5 +18,7 @@ import { AddressHashMode, AuthType, PubKeyEncoding, StacksMessageType } from './constants';
             spendingCondition.fields.forEach(field => {
-                if (field.contents.type === StacksMessageType.MessageSignature) {
-                    const signature = field.contents;
-                    const nextVerify = nextVerification(this.sigHash, transaction.auth.authType, spendingCondition.fee, spendingCondition.nonce, PubKeyEncoding.Compressed, signature);
+                if (field.contents.type !== StacksMessageType.MessageSignature)
+                    return;
+                const signature = field.contents;
+                const nextVerify = nextVerification(this.sigHash, transaction.auth.authType, spendingCondition.fee, spendingCondition.nonce, PubKeyEncoding.Compressed, signature);
+                if (!isNonSequentialMultiSig(spendingCondition.hashMode)) {
                     this.sigHash = nextVerify.nextSigHash;
@@ -23,0 +25,0 @@ }

dist/signer.js

@@ -21,5 +21,7 @@ "use strict";
             spendingCondition.fields.forEach(field => {
-                if (field.contents.type === constants_1.StacksMessageType.MessageSignature) {
-                    const signature = field.contents;
-                    const nextVerify = (0, authorization_1.nextVerification)(this.sigHash, transaction.auth.authType, spendingCondition.fee, spendingCondition.nonce, constants_1.PubKeyEncoding.Compressed, signature);
+                if (field.contents.type !== constants_1.StacksMessageType.MessageSignature)
+                    return;
+                const signature = field.contents;
+                const nextVerify = (0, authorization_1.nextVerification)(this.sigHash, transaction.auth.authType, spendingCondition.fee, spendingCondition.nonce, constants_1.PubKeyEncoding.Compressed, signature);
+                if (!(0, authorization_1.isNonSequentialMultiSig)(spendingCondition.hashMode)) {
                     this.sigHash = nextVerify.nextSigHash;
@@ -26,0 +28,0 @@ }

package.json

 {
   "name": "@stacks/transactions",
-  "version": "6.16.0",
+  "version": "6.16.1-pr.1dd96c12.0+1dd96c12",
   "description": "Javascript library for constructing transactions on the Stacks blockchain.",
@@ -30,4 +30,4 @@ "license": "MIT",
     "@noble/secp256k1": "1.7.1",
-    "@stacks/common": "^6.16.0",
-    "@stacks/network": "^6.16.0",
+    "@stacks/common": "^6.16.1-pr.1dd96c12.0+1dd96c12",
+    "@stacks/network": "^6.16.1-pr.1dd96c12.0+1dd96c12",
     "c32check": "^2.0.0",
@@ -37,3 +37,3 @@ "lodash.clonedeep": "^4.5.0"
   "devDependencies": {
-    "@stacks/encryption": "^6.16.0",
+    "@stacks/encryption": "^6.16.1-pr.1dd96c12.0+1dd96c12",
     "@types/common-tags": "^1.8.0",
@@ -67,3 +67,3 @@ "@types/elliptic": "^6.4.12",
   },
-  "gitHead": "3c807f294746dd6a98a95cce963ac7e2189b53c2"
+  "gitHead": "1dd96c1298edace847821b32e2c24537dbe759e9"
 }

src/signer.ts

 import { StacksTransaction } from './transaction';
 import { StacksPrivateKey, StacksPublicKey } from './keys';
 import {
+  isNonSequentialMultiSig,
   isSequentialMultiSig,
@@ -41,12 +42,15 @@ isSingleSig,
       spendingCondition.fields.forEach(field => {
-        if (field.contents.type === StacksMessageType.MessageSignature) {
-          const signature = field.contents;
-          const nextVerify = nextVerification(
-            this.sigHash,
-            transaction.auth.authType,
-            spendingCondition.fee,
-            spendingCondition.nonce,
-            PubKeyEncoding.Compressed, // always compressed for multisig
-            signature
-          );
+        if (field.contents.type !== StacksMessageType.MessageSignature) return;
+
+        const signature = field.contents;
+        const nextVerify = nextVerification(
+          this.sigHash,
+          transaction.auth.authType,
+          spendingCondition.fee,
+          spendingCondition.nonce,
+          PubKeyEncoding.Compressed, // always compressed for multisig
+          signature
+        );
+
+        if (!isNonSequentialMultiSig(spendingCondition.hashMode)) {
           this.sigHash = nextVerify.nextSigHash;
@@ -53,0 +57,0 @@ }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Manifest confusion

Supply chain risk

This package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

1910883

increased by0.04%

Lines of code

18985

increased by0.04%

Worsened metrics

Number of low quality alerts

1

increased byInfinity%

Number of medium supply chain risk alerts

2

increased by100%

Dependency changes

• + Added@stacks/common@6.16.1-pr.2f54c501.1(transitive)

• Updated@stacks/common@^6.16.1-pr.1dd96c12.0+1dd96c12

• Updated@stacks/network@^6.16.1-pr.1dd96c12.0+1dd96c12