Socket
Socket
Sign inDemoInstall

bitcoinjs-lib

Package Overview
Dependencies
9
Maintainers
3
Versions
86
Alerts
File Explorer

Advanced tools

npm Scripts

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 6.1.0 to 6.1.1

17

package.json
{
"name": "bitcoinjs-lib",
"version": "6.1.0",
"version": "6.1.1",
"description": "Client-side Bitcoin JavaScript library",

@@ -52,10 +52,8 @@ "main": "./src/index.js",

"dependencies": {
"@noble/hashes": "^1.2.0",
"bech32": "^2.0.0",
"bip174": "^2.1.0",
"bs58check": "^2.1.2",
"create-hash": "^1.1.0",
"ripemd160": "^2.0.2",
"bs58check": "^3.0.1",
"typeforce": "^1.11.3",
"varuint-bitcoin": "^1.1.2",
"wif": "^2.0.1"
"varuint-bitcoin": "^1.1.2"
},

@@ -65,3 +63,2 @@ "devDependencies": {

"@types/bs58check": "^2.1.0",
"@types/create-hash": "^1.2.2",
"@types/mocha": "^5.2.7",

@@ -71,9 +68,7 @@ "@types/node": "^16.11.7",

"@types/randombytes": "^2.0.0",
"@types/ripemd160": "^2.0.0",
"@types/wif": "^2.0.2",
"@typescript-eslint/eslint-plugin": "^5.45.0",
"@typescript-eslint/parser": "^5.45.0",
"better-npm-audit": "^3.7.3",
"bip32": "^3.0.1",
"bip39": "^3.0.2",
"bip32": "^4.0.0",
"bip39": "^3.1.0",
"bip65": "^1.0.1",

@@ -80,0 +75,0 @@ "bip68": "^1.0.3",

2

README.md

@@ -106,4 +106,4 @@ # BitcoinJS (bitcoinjs-lib)

- [Taproot Key Spend](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/taproot.md)
- [Taproot Key Spend](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/taproot.spec.ts)
- [Generate a random address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/addresses.spec.ts)

@@ -110,0 +110,0 @@ - [Import an address via WIF](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/addresses.spec.ts)

4

src/address.js

@@ -45,7 +45,7 @@ 'use strict';

function fromBase58Check(address) {
const payload = bs58check.decode(address);
const payload = Buffer.from(bs58check.decode(address));
// TODO: 4.0.0, move to "toOutputScript"
if (payload.length < 21) throw new TypeError(address + ' is too short');
if (payload.length > 21) throw new TypeError(address + ' is too long');
const version = payload.readUInt8(0);
const version = payload.readUint8(0);
const hash = payload.slice(1);

@@ -52,0 +52,0 @@ return { version, hash };

7

src/crypto.d.ts

@@ -7,5 +7,10 @@ /// <reference types="node" />

export declare function hash256(buffer: Buffer): Buffer;
declare const TAGS: readonly ["BIP0340/challenge", "BIP0340/aux", "BIP0340/nonce", "TapLeaf", "TapBranch", "TapSighash", "TapTweak", "KeyAgg list", "KeyAgg coefficient"];
export declare const TAGS: readonly ["BIP0340/challenge", "BIP0340/aux", "BIP0340/nonce", "TapLeaf", "TapBranch", "TapSighash", "TapTweak", "KeyAgg list", "KeyAgg coefficient"];
export type TaggedHashPrefix = typeof TAGS[number];
type TaggedHashPrefixes = {
[key in TaggedHashPrefix]: Buffer;
};
/** An object mapping tags to their tagged hash prefix of [SHA256(tag) | SHA256(tag)] */
export declare const TAGGED_HASH_PREFIXES: TaggedHashPrefixes;
export declare function taggedHash(prefix: TaggedHashPrefix, data: Buffer): Buffer;
export {};

95

src/crypto.js
'use strict';
Object.defineProperty(exports, '__esModule', { value: true });
exports.taggedHash =
exports.TAGGED_HASH_PREFIXES =
exports.TAGS =
exports.hash256 =

@@ -10,33 +12,30 @@ exports.hash160 =

void 0;
const createHash = require('create-hash');
const RipeMd160 = require('ripemd160');
const ripemd160_1 = require('@noble/hashes/ripemd160');
const sha1_1 = require('@noble/hashes/sha1');
const sha256_1 = require('@noble/hashes/sha256');
function ripemd160(buffer) {
try {
return createHash('rmd160').update(buffer).digest();
} catch (err) {
try {
return createHash('ripemd160').update(buffer).digest();
} catch (err2) {
return new RipeMd160().update(buffer).digest();
}
}
return Buffer.from((0, ripemd160_1.ripemd160)(Uint8Array.from(buffer)));
}
exports.ripemd160 = ripemd160;
function sha1(buffer) {
return createHash('sha1').update(buffer).digest();
return Buffer.from((0, sha1_1.sha1)(Uint8Array.from(buffer)));
}
exports.sha1 = sha1;
function sha256(buffer) {
return createHash('sha256').update(buffer).digest();
return Buffer.from((0, sha256_1.sha256)(Uint8Array.from(buffer)));
}
exports.sha256 = sha256;
function hash160(buffer) {
return ripemd160(sha256(buffer));
return Buffer.from(
(0, ripemd160_1.ripemd160)((0, sha256_1.sha256)(Uint8Array.from(buffer))),
);
}
exports.hash160 = hash160;
function hash256(buffer) {
return sha256(sha256(buffer));
return Buffer.from(
(0, sha256_1.sha256)((0, sha256_1.sha256)(Uint8Array.from(buffer))),
);
}
exports.hash256 = hash256;
const TAGS = [
exports.TAGS = [
'BIP0340/challenge',

@@ -53,11 +52,61 @@ 'BIP0340/aux',

/** An object mapping tags to their tagged hash prefix of [SHA256(tag) | SHA256(tag)] */
const TAGGED_HASH_PREFIXES = Object.fromEntries(
TAGS.map(tag => {
const tagHash = sha256(Buffer.from(tag));
return [tag, Buffer.concat([tagHash, tagHash])];
}),
);
exports.TAGGED_HASH_PREFIXES = {
'BIP0340/challenge': Buffer.from([
123, 181, 45, 122, 159, 239, 88, 50, 62, 177, 191, 122, 64, 125, 179, 130,
210, 243, 242, 216, 27, 177, 34, 79, 73, 254, 81, 143, 109, 72, 211, 124,
123, 181, 45, 122, 159, 239, 88, 50, 62, 177, 191, 122, 64, 125, 179, 130,
210, 243, 242, 216, 27, 177, 34, 79, 73, 254, 81, 143, 109, 72, 211, 124,
]),
'BIP0340/aux': Buffer.from([
241, 239, 78, 94, 192, 99, 202, 218, 109, 148, 202, 250, 157, 152, 126, 160,
105, 38, 88, 57, 236, 193, 31, 151, 45, 119, 165, 46, 216, 193, 204, 144,
241, 239, 78, 94, 192, 99, 202, 218, 109, 148, 202, 250, 157, 152, 126, 160,
105, 38, 88, 57, 236, 193, 31, 151, 45, 119, 165, 46, 216, 193, 204, 144,
]),
'BIP0340/nonce': Buffer.from([
7, 73, 119, 52, 167, 155, 203, 53, 91, 155, 140, 125, 3, 79, 18, 28, 244,
52, 215, 62, 247, 45, 218, 25, 135, 0, 97, 251, 82, 191, 235, 47, 7, 73,
119, 52, 167, 155, 203, 53, 91, 155, 140, 125, 3, 79, 18, 28, 244, 52, 215,
62, 247, 45, 218, 25, 135, 0, 97, 251, 82, 191, 235, 47,
]),
TapLeaf: Buffer.from([
174, 234, 143, 220, 66, 8, 152, 49, 5, 115, 75, 88, 8, 29, 30, 38, 56, 211,
95, 28, 181, 64, 8, 212, 211, 87, 202, 3, 190, 120, 233, 238, 174, 234, 143,
220, 66, 8, 152, 49, 5, 115, 75, 88, 8, 29, 30, 38, 56, 211, 95, 28, 181,
64, 8, 212, 211, 87, 202, 3, 190, 120, 233, 238,
]),
TapBranch: Buffer.from([
25, 65, 161, 242, 229, 110, 185, 95, 162, 169, 241, 148, 190, 92, 1, 247,
33, 111, 51, 237, 130, 176, 145, 70, 52, 144, 208, 91, 245, 22, 160, 21, 25,
65, 161, 242, 229, 110, 185, 95, 162, 169, 241, 148, 190, 92, 1, 247, 33,
111, 51, 237, 130, 176, 145, 70, 52, 144, 208, 91, 245, 22, 160, 21,
]),
TapSighash: Buffer.from([
244, 10, 72, 223, 75, 42, 112, 200, 180, 146, 75, 242, 101, 70, 97, 237, 61,
149, 253, 102, 163, 19, 235, 135, 35, 117, 151, 198, 40, 228, 160, 49, 244,
10, 72, 223, 75, 42, 112, 200, 180, 146, 75, 242, 101, 70, 97, 237, 61, 149,
253, 102, 163, 19, 235, 135, 35, 117, 151, 198, 40, 228, 160, 49,
]),
TapTweak: Buffer.from([
232, 15, 225, 99, 156, 156, 160, 80, 227, 175, 27, 57, 193, 67, 198, 62, 66,
156, 188, 235, 21, 217, 64, 251, 181, 197, 161, 244, 175, 87, 197, 233, 232,
15, 225, 99, 156, 156, 160, 80, 227, 175, 27, 57, 193, 67, 198, 62, 66, 156,
188, 235, 21, 217, 64, 251, 181, 197, 161, 244, 175, 87, 197, 233,
]),
'KeyAgg list': Buffer.from([
72, 28, 151, 28, 60, 11, 70, 215, 240, 178, 117, 174, 89, 141, 78, 44, 126,
215, 49, 156, 89, 74, 92, 110, 199, 158, 160, 212, 153, 2, 148, 240, 72, 28,
151, 28, 60, 11, 70, 215, 240, 178, 117, 174, 89, 141, 78, 44, 126, 215, 49,
156, 89, 74, 92, 110, 199, 158, 160, 212, 153, 2, 148, 240,
]),
'KeyAgg coefficient': Buffer.from([
191, 201, 4, 3, 77, 28, 136, 232, 200, 14, 34, 229, 61, 36, 86, 109, 100,
130, 78, 214, 66, 114, 129, 192, 145, 0, 249, 77, 205, 82, 201, 129, 191,
201, 4, 3, 77, 28, 136, 232, 200, 14, 34, 229, 61, 36, 86, 109, 100, 130,
78, 214, 66, 114, 129, 192, 145, 0, 249, 77, 205, 82, 201, 129,
]),
};
function taggedHash(prefix, data) {
return sha256(Buffer.concat([TAGGED_HASH_PREFIXES[prefix], data]));
return sha256(Buffer.concat([exports.TAGGED_HASH_PREFIXES[prefix], data]));
}
exports.taggedHash = taggedHash;

2

src/payments/p2pkh.js

@@ -30,3 +30,3 @@ 'use strict';

const _address = lazy.value(() => {
const payload = bs58check.decode(a.address);
const payload = Buffer.from(bs58check.decode(a.address));
const version = payload.readUInt8(0);

@@ -33,0 +33,0 @@ const hash = payload.slice(1);

10

src/payments/p2sh.js

@@ -51,3 +51,3 @@ 'use strict';

const _address = lazy.value(() => {
const payload = bs58check.decode(a.address);
const payload = Buffer.from(bs58check.decode(a.address));
const version = payload.readUInt8(0);

@@ -142,2 +142,10 @@ const hash = payload.slice(1);

throw new TypeError('Redeem.output too short');
if (redeem.output.byteLength > 520)
throw new TypeError(
'Redeem.output unspendable if larger than 520 bytes',
);
if (bscript.countNonPushOnlyOPs(decompile) > 201)
throw new TypeError(
'Redeem.output unspendable with more than 201 non-push ops',
);
// match hash against other sources

@@ -144,0 +152,0 @@ const hash2 = bcrypto.hash160(redeem.output);

7

src/payments/p2tr.js

@@ -34,3 +34,8 @@ 'use strict';

pubkey: types_1.typeforce.maybe(types_1.typeforce.BufferN(32)),
signature: types_1.typeforce.maybe(types_1.typeforce.BufferN(64)),
signature: types_1.typeforce.maybe(
types_1.typeforce.anyOf(
types_1.typeforce.BufferN(64),
types_1.typeforce.BufferN(65),
),
),
witness: types_1.typeforce.maybe(

@@ -37,0 +42,0 @@ types_1.typeforce.arrayOf(types_1.typeforce.Buffer),

13

src/payments/p2wsh.js

@@ -169,6 +169,15 @@ 'use strict';

throw new TypeError('Ambiguous witness source');
// is the redeem output non-empty?
// is the redeem output non-empty/valid?
if (a.redeem.output) {
if (bscript.decompile(a.redeem.output).length === 0)
const decompile = bscript.decompile(a.redeem.output);
if (!decompile || decompile.length < 1)
throw new TypeError('Redeem.output is invalid');
if (a.redeem.output.byteLength > 3600)
throw new TypeError(
'Redeem.output unspendable if larger than 3600 bytes',
);
if (bscript.countNonPushOnlyOPs(decompile) > 201)
throw new TypeError(
'Redeem.output unspendable with more than 201 non-push ops',
);
// match hash against other sources

@@ -175,0 +184,0 @@ const hash2 = bcrypto.sha256(a.redeem.output);

1

src/script.d.ts

@@ -8,2 +8,3 @@ /// <reference types="node" />

export declare function isPushOnly(value: Stack): boolean;
export declare function countNonPushOnlyOPs(value: Stack): number;
export declare function compile(chunks: Buffer | Stack): Buffer;

@@ -10,0 +11,0 @@ export declare function decompile(buffer: Buffer | Array<number | Buffer>): Array<number | Buffer> | null;

5

src/script.js

@@ -13,2 +13,3 @@ 'use strict';

exports.compile =
exports.countNonPushOnlyOPs =
exports.isPushOnly =

@@ -46,2 +47,6 @@ exports.OPS =

exports.isPushOnly = isPushOnly;
function countNonPushOnlyOPs(value) {
return value.length - value.filter(isPushOnlyChunk).length;
}
exports.countNonPushOnlyOPs = countNonPushOnlyOPs;
function asMinimalOP(buffer) {

@@ -48,0 +53,0 @@ if (buffer.length === 0) return ops_1.OPS.OP_0;

2

src/transaction.js

@@ -392,3 +392,3 @@ 'use strict';

'TapSighash',
Buffer.concat([Buffer.of(0x00), sigMsgWriter.end()]),
Buffer.concat([Buffer.from([0x00]), sigMsgWriter.end()]),
);

@@ -395,0 +395,0 @@ }

2

src/types.d.ts

@@ -33,4 +33,2 @@ /// <reference types="node" />

xOnlyPointAddTweak(p: Uint8Array, tweak: Uint8Array): XOnlyPointAddTweakResult | null;
privateAdd(d: Uint8Array, tweak: Uint8Array): Uint8Array | null;
privateNegate(d: Uint8Array): Uint8Array;
}

@@ -37,0 +35,0 @@ export declare const Buffer256bit: any;

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc