Socket
Socket
Sign inDemoInstall

bitcoinjs-lib

Package Overview
Dependencies
Maintainers
3
Versions
88
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

bitcoinjs-lib - npm Package Compare versions

Comparing version 5.1.7 to 5.1.8

10

CHANGELOG.md

@@ -0,1 +1,11 @@

# 5.1.8
__fixed__
- Throw errors when p2wsh or p2wpkh contain uncompressed pubkeys (#1573)
__added__
- Add txInputs and txOutputs for Psbt (#1561)
__changed__
- (Not exposed) Added BufferWriter to help ease maintenance of certain forks of this library (#1533)
# 5.1.7

@@ -2,0 +12,0 @@ __fixed__

12

package.json
{
"name": "bitcoinjs-lib",
"version": "5.1.7",
"version": "5.1.8",
"description": "Client-side Bitcoin JavaScript library",

@@ -26,3 +26,3 @@ "main": "./src/index.js",

"format": "npm run prettier -- --write",
"formatjs": "npm run prettierjs -- --write > /dev/null 2>&1",
"formatjs": "npm run prettierjs -- --write",
"format:ci": "npm run prettier -- --check && npm run prettierjs -- --check",

@@ -39,4 +39,4 @@ "gitdiff:ci": "npm run build && git diff --exit-code",

"nobuild:unit": "npm run mocha:ts -- 'test/*.ts'",
"prettier": "prettier 'ts_src/**/*.ts' 'test/**/*.ts' --ignore-path ./.prettierignore",
"prettierjs": "prettier 'src/**/*.js' --ignore-path ./.prettierignore",
"prettier": "prettier \"ts_src/**/*.ts\" \"test/**/*.ts\" --ignore-path ./.prettierignore",
"prettierjs": "prettier \"src/**/*.js\" --ignore-path ./.prettierignore",
"test": "npm run build && npm run format:ci && npm run lint && npm run nobuild:coverage",

@@ -83,3 +83,3 @@ "unit": "npm run build && npm run nobuild:unit"

"minimaldata": "^1.0.2",
"mocha": "^6.2.0",
"mocha": "^7.1.1",
"nyc": "^15.0.0",

@@ -91,3 +91,3 @@ "prettier": "1.16.4",

"ts-node": "^8.3.0",
"tslint": "^5.16.0",
"tslint": "^5.20.1",
"typescript": "3.2.2"

@@ -94,0 +94,0 @@ },

2

README.md

@@ -68,3 +68,3 @@ # BitcoinJS (bitcoinjs-lib)

* Enforce that users always verify (manually) a freshly-decoded human-readable version of their intended transaction before broadcast.
* Don't *ask* users to generate mnemonics, or 'brain wallets', humans are terrible random number generators.
* [Don't *ask* users to generate mnemonics](https://en.bitcoin.it/wiki/Brainwallet#cite_note-1), or 'brain wallets', humans are terrible random number generators.
* Lastly, if you can, use [Typescript](https://www.typescriptlang.org/) or similar.

@@ -71,0 +71,0 @@

73

src/block.js

@@ -29,39 +29,20 @@ 'use strict';

if (buffer.length < 80) throw new Error('Buffer too small (< 80 bytes)');
let offset = 0;
const readSlice = n => {
offset += n;
return buffer.slice(offset - n, offset);
};
const readUInt32 = () => {
const i = buffer.readUInt32LE(offset);
offset += 4;
return i;
};
const readInt32 = () => {
const i = buffer.readInt32LE(offset);
offset += 4;
return i;
};
const bufferReader = new bufferutils_1.BufferReader(buffer);
const block = new Block();
block.version = readInt32();
block.prevHash = readSlice(32);
block.merkleRoot = readSlice(32);
block.timestamp = readUInt32();
block.bits = readUInt32();
block.nonce = readUInt32();
block.version = bufferReader.readInt32();
block.prevHash = bufferReader.readSlice(32);
block.merkleRoot = bufferReader.readSlice(32);
block.timestamp = bufferReader.readUInt32();
block.bits = bufferReader.readUInt32();
block.nonce = bufferReader.readUInt32();
if (buffer.length === 80) return block;
const readVarInt = () => {
const vi = varuint.decode(buffer, offset);
offset += varuint.decode.bytes;
return vi;
};
const readTransaction = () => {
const tx = transaction_1.Transaction.fromBuffer(
buffer.slice(offset),
bufferReader.buffer.slice(bufferReader.offset),
true,
);
offset += tx.byteLength();
bufferReader.offset += tx.byteLength();
return tx;
};
const nTransactions = readVarInt();
const nTransactions = bufferReader.readVarInt();
block.transactions = [];

@@ -158,28 +139,16 @@ for (let i = 0; i < nTransactions; ++i) {

const buffer = Buffer.allocUnsafe(this.byteLength(headersOnly));
let offset = 0;
const writeSlice = slice => {
slice.copy(buffer, offset);
offset += slice.length;
};
const writeInt32 = i => {
buffer.writeInt32LE(i, offset);
offset += 4;
};
const writeUInt32 = i => {
buffer.writeUInt32LE(i, offset);
offset += 4;
};
writeInt32(this.version);
writeSlice(this.prevHash);
writeSlice(this.merkleRoot);
writeUInt32(this.timestamp);
writeUInt32(this.bits);
writeUInt32(this.nonce);
const bufferWriter = new bufferutils_1.BufferWriter(buffer);
bufferWriter.writeInt32(this.version);
bufferWriter.writeSlice(this.prevHash);
bufferWriter.writeSlice(this.merkleRoot);
bufferWriter.writeUInt32(this.timestamp);
bufferWriter.writeUInt32(this.bits);
bufferWriter.writeUInt32(this.nonce);
if (headersOnly || !this.transactions) return buffer;
varuint.encode(this.transactions.length, buffer, offset);
offset += varuint.encode.bytes;
varuint.encode(this.transactions.length, buffer, bufferWriter.offset);
bufferWriter.offset += varuint.encode.bytes;
this.transactions.forEach(tx => {
const txSize = tx.byteLength(); // TODO: extract from toBuffer?
tx.toBuffer(buffer, offset);
offset += txSize;
tx.toBuffer(buffer, bufferWriter.offset);
bufferWriter.offset += txSize;
});

@@ -186,0 +155,0 @@ return buffer;

103

src/bufferutils.js
'use strict';
Object.defineProperty(exports, '__esModule', { value: true });
const types = require('./types');
const typeforce = require('typeforce');
const varuint = require('varuint-bitcoin');
// https://github.com/feross/buffer/blob/master/index.js#L1127

@@ -41,1 +44,101 @@ function verifuint(value, max) {

exports.reverseBuffer = reverseBuffer;
function cloneBuffer(buffer) {
const clone = Buffer.alloc(buffer.length);
buffer.copy(clone);
return buffer;
}
exports.cloneBuffer = cloneBuffer;
/**
* Helper class for serialization of bitcoin data types into a pre-allocated buffer.
*/
class BufferWriter {
constructor(buffer, offset = 0) {
this.buffer = buffer;
this.offset = offset;
typeforce(types.tuple(types.Buffer, types.UInt32), [buffer, offset]);
}
writeUInt8(i) {
this.offset = this.buffer.writeUInt8(i, this.offset);
}
writeInt32(i) {
this.offset = this.buffer.writeInt32LE(i, this.offset);
}
writeUInt32(i) {
this.offset = this.buffer.writeUInt32LE(i, this.offset);
}
writeUInt64(i) {
this.offset = writeUInt64LE(this.buffer, i, this.offset);
}
writeVarInt(i) {
varuint.encode(i, this.buffer, this.offset);
this.offset += varuint.encode.bytes;
}
writeSlice(slice) {
if (this.buffer.length < this.offset + slice.length) {
throw new Error('Cannot write slice out of bounds');
}
this.offset += slice.copy(this.buffer, this.offset);
}
writeVarSlice(slice) {
this.writeVarInt(slice.length);
this.writeSlice(slice);
}
writeVector(vector) {
this.writeVarInt(vector.length);
vector.forEach(buf => this.writeVarSlice(buf));
}
}
exports.BufferWriter = BufferWriter;
/**
* Helper class for reading of bitcoin data types from a buffer.
*/
class BufferReader {
constructor(buffer, offset = 0) {
this.buffer = buffer;
this.offset = offset;
typeforce(types.tuple(types.Buffer, types.UInt32), [buffer, offset]);
}
readUInt8() {
const result = this.buffer.readUInt8(this.offset);
this.offset++;
return result;
}
readInt32() {
const result = this.buffer.readInt32LE(this.offset);
this.offset += 4;
return result;
}
readUInt32() {
const result = this.buffer.readUInt32LE(this.offset);
this.offset += 4;
return result;
}
readUInt64() {
const result = readUInt64LE(this.buffer, this.offset);
this.offset += 8;
return result;
}
readVarInt() {
const vi = varuint.decode(this.buffer, this.offset);
this.offset += varuint.decode.bytes;
return vi;
}
readSlice(n) {
if (this.buffer.length < this.offset + n) {
throw new Error('Cannot read slice out of bounds');
}
const result = this.buffer.slice(this.offset, this.offset + n);
this.offset += n;
return result;
}
readVarSlice() {
return this.readSlice(this.readVarInt());
}
readVector() {
const count = this.readVarInt();
const vector = [];
for (let i = 0; i < count; i++) vector.push(this.readVarSlice());
return vector;
}
}
exports.BufferReader = BufferReader;

4

src/payments/p2wpkh.js

@@ -110,2 +110,4 @@ 'use strict';

else hash = pkh;
if (!ecc.isPoint(a.pubkey) || a.pubkey.length !== 33)
throw new TypeError('Invalid pubkey for p2wpkh');
}

@@ -116,3 +118,3 @@ if (a.witness) {

throw new TypeError('Witness has invalid signature');
if (!ecc.isPoint(a.witness[1]))
if (!ecc.isPoint(a.witness[1]) || a.witness[1].length !== 33)
throw new TypeError('Witness has invalid pubkey');

@@ -119,0 +121,0 @@ if (a.signature && !a.signature.equals(a.witness[0]))

36

src/payments/p2wsh.js

@@ -9,2 +9,3 @@ 'use strict';

const OPS = bscript.OPS;
const ecc = require('tiny-secp256k1');
const bech32 = require('bech32');

@@ -18,2 +19,14 @@ const EMPTY_BUFFER = Buffer.alloc(0);

}
function chunkHasUncompressedPubkey(chunk) {
if (
Buffer.isBuffer(chunk) &&
chunk.length === 65 &&
chunk[0] === 0x04 &&
ecc.isPoint(chunk)
) {
return true;
} else {
return false;
}
}
// input: <>

@@ -171,10 +184,23 @@ // witness: [redeemScriptSig ...] {redeemScript}

throw new TypeError('Witness and redeem.witness mismatch');
if (
(a.redeem.input && _rchunks().some(chunkHasUncompressedPubkey)) ||
(a.redeem.output &&
(bscript.decompile(a.redeem.output) || []).some(
chunkHasUncompressedPubkey,
))
) {
throw new TypeError(
'redeem.input or redeem.output contains uncompressed pubkey',
);
}
}
if (a.witness) {
if (a.witness && a.witness.length > 0) {
const wScript = a.witness[a.witness.length - 1];
if (a.redeem && a.redeem.output && !a.redeem.output.equals(wScript))
throw new TypeError('Witness and redeem.output mismatch');
if (
a.redeem &&
a.redeem.output &&
!a.redeem.output.equals(a.witness[a.witness.length - 1])
a.witness.some(chunkHasUncompressedPubkey) ||
(bscript.decompile(wScript) || []).some(chunkHasUncompressedPubkey)
)
throw new TypeError('Witness and redeem.output mismatch');
throw new TypeError('Witness contains uncompressed pubkey');
}

@@ -181,0 +207,0 @@ }

26

src/psbt.js

@@ -100,2 +100,28 @@ 'use strict';

}
get version() {
return this.__CACHE.__TX.version;
}
set version(version) {
this.setVersion(version);
}
get locktime() {
return this.__CACHE.__TX.locktime;
}
set locktime(locktime) {
this.setLocktime(locktime);
}
get txInputs() {
return this.__CACHE.__TX.ins.map(input => ({
hash: bufferutils_1.cloneBuffer(input.hash),
index: input.index,
sequence: input.sequence,
}));
}
get txOutputs() {
return this.__CACHE.__TX.outs.map(output => ({
script: bufferutils_1.cloneBuffer(output.script),
value: output.value,
address: address_1.fromOutputScript(output.script, this.opts.network),
}));
}
combine(...those) {

@@ -102,0 +128,0 @@ this.data.combine(...those.map(o => o.data));

195

src/transaction.js
'use strict';
Object.defineProperty(exports, '__esModule', { value: true });
const bufferutils = require('./bufferutils');
const bufferutils_1 = require('./bufferutils');

@@ -50,40 +49,7 @@ const bcrypto = require('./crypto');

static fromBuffer(buffer, _NO_STRICT) {
let offset = 0;
function readSlice(n) {
offset += n;
return buffer.slice(offset - n, offset);
}
function readUInt32() {
const i = buffer.readUInt32LE(offset);
offset += 4;
return i;
}
function readInt32() {
const i = buffer.readInt32LE(offset);
offset += 4;
return i;
}
function readUInt64() {
const i = bufferutils.readUInt64LE(buffer, offset);
offset += 8;
return i;
}
function readVarInt() {
const vi = varuint.decode(buffer, offset);
offset += varuint.decode.bytes;
return vi;
}
function readVarSlice() {
return readSlice(readVarInt());
}
function readVector() {
const count = readVarInt();
const vector = [];
for (let i = 0; i < count; i++) vector.push(readVarSlice());
return vector;
}
const bufferReader = new bufferutils_1.BufferReader(buffer);
const tx = new Transaction();
tx.version = readInt32();
const marker = buffer.readUInt8(offset);
const flag = buffer.readUInt8(offset + 1);
tx.version = bufferReader.readInt32();
const marker = bufferReader.readUInt8();
const flag = bufferReader.readUInt8();
let hasWitnesses = false;

@@ -94,20 +60,21 @@ if (

) {
offset += 2;
hasWitnesses = true;
} else {
bufferReader.offset -= 2;
}
const vinLen = readVarInt();
const vinLen = bufferReader.readVarInt();
for (let i = 0; i < vinLen; ++i) {
tx.ins.push({
hash: readSlice(32),
index: readUInt32(),
script: readVarSlice(),
sequence: readUInt32(),
hash: bufferReader.readSlice(32),
index: bufferReader.readUInt32(),
script: bufferReader.readVarSlice(),
sequence: bufferReader.readUInt32(),
witness: EMPTY_WITNESS,
});
}
const voutLen = readVarInt();
const voutLen = bufferReader.readVarInt();
for (let i = 0; i < voutLen; ++i) {
tx.outs.push({
value: readUInt64(),
script: readVarSlice(),
value: bufferReader.readUInt64(),
script: bufferReader.readVarSlice(),
});

@@ -117,3 +84,3 @@ }

for (let i = 0; i < vinLen; ++i) {
tx.ins[i].witness = readVector();
tx.ins[i].witness = bufferReader.readVector();
}

@@ -124,5 +91,5 @@ // was this pointless?

}
tx.locktime = readUInt32();
tx.locktime = bufferReader.readUInt32();
if (_NO_STRICT) return tx;
if (offset !== buffer.length)
if (bufferReader.offset !== buffer.length)
throw new Error('Transaction has unexpected data');

@@ -303,20 +270,3 @@ return tx;

let tbuffer = Buffer.from([]);
let toffset = 0;
function writeSlice(slice) {
toffset += slice.copy(tbuffer, toffset);
}
function writeUInt32(i) {
toffset = tbuffer.writeUInt32LE(i, toffset);
}
function writeUInt64(i) {
toffset = bufferutils.writeUInt64LE(tbuffer, i, toffset);
}
function writeVarInt(i) {
varuint.encode(i, tbuffer, toffset);
toffset += varuint.encode.bytes;
}
function writeVarSlice(slice) {
writeVarInt(slice.length);
writeSlice(slice);
}
let bufferWriter;
let hashOutputs = ZERO;

@@ -327,6 +277,6 @@ let hashPrevouts = ZERO;

tbuffer = Buffer.allocUnsafe(36 * this.ins.length);
toffset = 0;
bufferWriter = new bufferutils_1.BufferWriter(tbuffer, 0);
this.ins.forEach(txIn => {
writeSlice(txIn.hash);
writeUInt32(txIn.index);
bufferWriter.writeSlice(txIn.hash);
bufferWriter.writeUInt32(txIn.index);
});

@@ -341,5 +291,5 @@ hashPrevouts = bcrypto.hash256(tbuffer);

tbuffer = Buffer.allocUnsafe(4 * this.ins.length);
toffset = 0;
bufferWriter = new bufferutils_1.BufferWriter(tbuffer, 0);
this.ins.forEach(txIn => {
writeUInt32(txIn.sequence);
bufferWriter.writeUInt32(txIn.sequence);
});

@@ -356,6 +306,6 @@ hashSequence = bcrypto.hash256(tbuffer);

tbuffer = Buffer.allocUnsafe(txOutsSize);
toffset = 0;
bufferWriter = new bufferutils_1.BufferWriter(tbuffer, 0);
this.outs.forEach(out => {
writeUInt64(out.value);
writeVarSlice(out.script);
bufferWriter.writeUInt64(out.value);
bufferWriter.writeVarSlice(out.script);
});

@@ -369,21 +319,21 @@ hashOutputs = bcrypto.hash256(tbuffer);

tbuffer = Buffer.allocUnsafe(8 + varSliceSize(output.script));
toffset = 0;
writeUInt64(output.value);
writeVarSlice(output.script);
bufferWriter = new bufferutils_1.BufferWriter(tbuffer, 0);
bufferWriter.writeUInt64(output.value);
bufferWriter.writeVarSlice(output.script);
hashOutputs = bcrypto.hash256(tbuffer);
}
tbuffer = Buffer.allocUnsafe(156 + varSliceSize(prevOutScript));
toffset = 0;
bufferWriter = new bufferutils_1.BufferWriter(tbuffer, 0);
const input = this.ins[inIndex];
writeUInt32(this.version);
writeSlice(hashPrevouts);
writeSlice(hashSequence);
writeSlice(input.hash);
writeUInt32(input.index);
writeVarSlice(prevOutScript);
writeUInt64(value);
writeUInt32(input.sequence);
writeSlice(hashOutputs);
writeUInt32(this.locktime);
writeUInt32(hashType);
bufferWriter.writeUInt32(this.version);
bufferWriter.writeSlice(hashPrevouts);
bufferWriter.writeSlice(hashSequence);
bufferWriter.writeSlice(input.hash);
bufferWriter.writeUInt32(input.index);
bufferWriter.writeVarSlice(prevOutScript);
bufferWriter.writeUInt64(value);
bufferWriter.writeUInt32(input.sequence);
bufferWriter.writeSlice(hashOutputs);
bufferWriter.writeUInt32(this.locktime);
bufferWriter.writeUInt32(hashType);
return bcrypto.hash256(tbuffer);

@@ -416,60 +366,37 @@ }

if (!buffer) buffer = Buffer.allocUnsafe(this.byteLength(_ALLOW_WITNESS));
let offset = initialOffset || 0;
function writeSlice(slice) {
offset += slice.copy(buffer, offset);
}
function writeUInt8(i) {
offset = buffer.writeUInt8(i, offset);
}
function writeUInt32(i) {
offset = buffer.writeUInt32LE(i, offset);
}
function writeInt32(i) {
offset = buffer.writeInt32LE(i, offset);
}
function writeUInt64(i) {
offset = bufferutils.writeUInt64LE(buffer, i, offset);
}
function writeVarInt(i) {
varuint.encode(i, buffer, offset);
offset += varuint.encode.bytes;
}
function writeVarSlice(slice) {
writeVarInt(slice.length);
writeSlice(slice);
}
function writeVector(vector) {
writeVarInt(vector.length);
vector.forEach(writeVarSlice);
}
writeInt32(this.version);
const bufferWriter = new bufferutils_1.BufferWriter(
buffer,
initialOffset || 0,
);
bufferWriter.writeInt32(this.version);
const hasWitnesses = _ALLOW_WITNESS && this.hasWitnesses();
if (hasWitnesses) {
writeUInt8(Transaction.ADVANCED_TRANSACTION_MARKER);
writeUInt8(Transaction.ADVANCED_TRANSACTION_FLAG);
bufferWriter.writeUInt8(Transaction.ADVANCED_TRANSACTION_MARKER);
bufferWriter.writeUInt8(Transaction.ADVANCED_TRANSACTION_FLAG);
}
writeVarInt(this.ins.length);
bufferWriter.writeVarInt(this.ins.length);
this.ins.forEach(txIn => {
writeSlice(txIn.hash);
writeUInt32(txIn.index);
writeVarSlice(txIn.script);
writeUInt32(txIn.sequence);
bufferWriter.writeSlice(txIn.hash);
bufferWriter.writeUInt32(txIn.index);
bufferWriter.writeVarSlice(txIn.script);
bufferWriter.writeUInt32(txIn.sequence);
});
writeVarInt(this.outs.length);
bufferWriter.writeVarInt(this.outs.length);
this.outs.forEach(txOut => {
if (isOutput(txOut)) {
writeUInt64(txOut.value);
bufferWriter.writeUInt64(txOut.value);
} else {
writeSlice(txOut.valueBuffer);
bufferWriter.writeSlice(txOut.valueBuffer);
}
writeVarSlice(txOut.script);
bufferWriter.writeVarSlice(txOut.script);
});
if (hasWitnesses) {
this.ins.forEach(input => {
writeVector(input.witness);
bufferWriter.writeVector(input.witness);
});
}
writeUInt32(this.locktime);
bufferWriter.writeUInt32(this.locktime);
// avoid slicing unless necessary
if (initialOffset !== undefined) return buffer.slice(initialOffset, offset);
if (initialOffset !== undefined)
return buffer.slice(initialOffset, bufferWriter.offset);
return buffer;

@@ -476,0 +403,0 @@ }

33

types/bufferutils.d.ts
export declare function readUInt64LE(buffer: Buffer, offset: number): number;
export declare function writeUInt64LE(buffer: Buffer, value: number, offset: number): number;
export declare function reverseBuffer(buffer: Buffer): Buffer;
export declare function cloneBuffer(buffer: Buffer): Buffer;
/**
* Helper class for serialization of bitcoin data types into a pre-allocated buffer.
*/
export declare class BufferWriter {
buffer: Buffer;
offset: number;
constructor(buffer: Buffer, offset?: number);
writeUInt8(i: number): void;
writeInt32(i: number): void;
writeUInt32(i: number): void;
writeUInt64(i: number): void;
writeVarInt(i: number): void;
writeSlice(slice: Buffer): void;
writeVarSlice(slice: Buffer): void;
writeVector(vector: Buffer[]): void;
}
/**
* Helper class for reading of bitcoin data types from a buffer.
*/
export declare class BufferReader {
buffer: Buffer;
offset: number;
constructor(buffer: Buffer, offset?: number);
readUInt8(): number;
readInt32(): number;
readUInt32(): number;
readUInt64(): number;
readVarInt(): number;
readSlice(n: number): Buffer;
readVarSlice(): Buffer;
readVector(): Buffer[];
}

6

types/psbt.d.ts
import { Psbt as PsbtBase } from 'bip174';
import { KeyValue, PsbtGlobalUpdate, PsbtInput, PsbtInputUpdate, PsbtOutput, PsbtOutputUpdate, TransactionInput } from 'bip174/src/lib/interfaces';
import { KeyValue, PsbtGlobalUpdate, PsbtInput, PsbtInputUpdate, PsbtOutput, PsbtOutputUpdate, TransactionInput, TransactionOutput } from 'bip174/src/lib/interfaces';
import { Signer, SignerAsync } from './ecpair';

@@ -47,2 +47,6 @@ import { Network } from './networks';

readonly inputCount: number;
version: number;
locktime: number;
readonly txInputs: TransactionInput[];
readonly txOutputs: TransactionOutput[];
combine(...those: Psbt[]): this;

@@ -49,0 +53,0 @@ clone(): Psbt;

LICENSE

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc