bitcoinjs-lib
Advanced tools
Comparing version 1.5.5 to 1.5.6
{ | ||
"name": "bitcoinjs-lib", | ||
"version": "1.5.5", | ||
"version": "1.5.6", | ||
"description": "Client-side Bitcoin JavaScript library", | ||
@@ -5,0 +5,0 @@ "main": "./src/index.js", |
var assert = require('assert') | ||
var bufferutils = require('./bufferutils') | ||
var crypto = require('crypto') | ||
var typeForce = require('typeforce') | ||
var networks = require('./networks') | ||
var randomBytes = require('randombytes') | ||
@@ -15,3 +15,3 @@ var Address = require('./address') | ||
seed = seed || crypto.randomBytes(32) | ||
seed = seed || randomBytes(32) | ||
network = network || networks.bitcoin | ||
@@ -41,3 +41,3 @@ | ||
seed = seed || crypto.randomBytes(32) | ||
seed = seed || randomBytes(32) | ||
masterKey = HDNode.fromSeedBuffer(seed, network) | ||
@@ -44,0 +44,0 @@ |
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Debug access
Supply chain riskUses debug, reflection and dynamic code execution features.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 2 instances in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
746063
24
23309
9
2