New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

bitcoin-script

Package Overview
Dependencies
Maintainers
1
Versions
8
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

bitcoin-script

Compile Bitcoin Script to JavaScript.

  • 0.0.6
  • Source
  • npm
  • Socket score
Version published
Weekly downloads
12
decreased by-45.45%
Maintainers
1
Weekly downloads
 
Created
Source

bitcoin-script

JavaScript implementation of Script, Bitcoin's scripting language, along with a Script Playground, deployed here. See my blog post for more.

The original ES6 source can be found on GitHub.

Usage

This package can be used to evaluate Bitcoin scripts as follows:

var evaluate = require('bitcoin-script').evaluate;
var script = 'OP_1 OP_VERIFY';
evaluate(script);
// => true

(Note: here, OP_VERIFY could be excluded, as default behavior is to check for a 1 on the top of the stack if there's no terminating command in the script.)

Alternatively, you can use the lock-unlock paradigm, which concatenates the scripts before evaluating:

var unlock = require('bitcoin-script').unlock;
var scriptSig = 'OP_1';
var scriptPubKey = 'OP_VERIFY';
unlock(scriptSig, scriptPubKey);
// => true

Further examples and tests are available in the GitHub repo.

How It Works

(A longer explanation of Script and this implementation can be found in my blog post.)

Script programs are compiled to JavaScript using Jison, with behavior following the specification outlined on the Bitcoin Wiki. For those unfamiliar, Script is a simple, stack-based programming language used to validate transactions in the Bitcoin protocol.

When the parser runs over a Script program, it returns an object of the following form:

{
    value: [value],
    code: [code]
}

This allows for inspection into the compiled code (e.g., for use in the live editor), as well as the return value (true or false) of the Script.

Deviations From the Spec

Note that as this is an educational tool, the goal is not to create a full-fidelity re-implementation of Script, but rather, to focus on re-creating Script's core behavior. With that in mind, the implementation here differs from that described on the Wiki in a few ways. For example:

  • Unlike in the official implementation, OP_CHECKMULTISIG does not pop an extra, arbitrary value off the stack (as this is considered a bug and would only serve to confuse new users).
  • Signatures aren't generated by hashing transaction inputs and outputs (as the snippets only exist in isolation); instead, the protocol expects users to sign a simple nonce (in this case, the string 'Secure').
  • Any hex data is pushed to the state with no limitations.

Operations labeled as Disabled are not implemented.

License

MIT.

Keywords

FAQs

Package last updated on 22 Dec 2014

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Socket Joins TC54 to Help Shape the Future of SBOMs, CycloneDX, and PURL

Security News

Company News

Socket Joins TC54 to Help Shape the Future of SBOMs, CycloneDX, and PURL

Socket is joining TC54 to help develop standards for software supply chain security, contributing to the evolution of SBOMs, CycloneDX, and Package URL specifications.

By Sarah Gooding  -  Jan 31, 2025
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc