Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The bs58 npm package is a utility for encoding and decoding data in Base58, which is a binary-to-text encoding scheme. It is commonly used in cryptocurrency applications, particularly Bitcoin, for encoding addresses and other data in a compact, human-readable format.
Encoding a Buffer to Base58
This feature allows you to encode a buffer of binary data into a Base58 string. The code sample demonstrates encoding the UTF-8 string 'Hello World' into Base58.
"use strict"; const bs58 = require('bs58'); const bytes = Buffer.from('Hello World', 'utf8'); const encoded = bs58.encode(bytes); console.log(encoded);
Decoding a Base58 String to a Buffer
This feature allows you to decode a Base58 string back into its original binary form, represented as a Buffer. The code sample demonstrates decoding a Base58 string back into the original UTF-8 string.
"use strict"; const bs58 = require('bs58'); const encoded = 'JxF12TrwUP45BMd'; const bytes = bs58.decode(encoded); console.log(bytes.toString('utf8'));
The base-x package is a general-purpose base encoding/decoding library that supports multiple bases, such as Base58, Base64, etc. It is more flexible than bs58 as it can handle a variety of encodings, but it might be slightly more complex to use for Base58 specifically.
The base58check package is similar to bs58 but includes additional functionality for adding and verifying checksums, which is a common requirement in Bitcoin address encoding. This makes it more suitable for applications that require checksum validation.
JavaScript component to compute Base58 check encoding for Bitcoin. See this article for more details: bitcoin address.
npm install --save bs58
You can use this module in the browser. Install Browserify:
npm install -g browserify
then run:
browserify < lib/bs58.js > lib/bs85.bundle.js
input
can be either a hex string, an array of bytes, or a Buffer. It returns a string
.
example (hex string):
var base58 = require('bs58');
var unencodedData = "0x003c176e659bea0f29a3e9bf7880c112b1b31b4dc826268187"; //<-- notice the "0x" prefix?
var out = base58.encode(unencodedData);
console.log(out); // => 16UjcYNBG9GTK4uq2f7yYEbuifqCzoLMGS"
** example (byte array)**:
var base58 = require('bs58');
var conv = require('binstring')
var unencodedData = "003c176e659bea0f29a3e9bf7880c112b1b31b4dc826268187";
var out = base58.encode(conv(unencodedData: {in: 'hex', out: 'bytes'}));
console.log(out); // => 16UjcYNBG9GTK4uq2f7yYEbuifqCzoLMGS"
** example (Buffer)**:
var base58 = require('bs58');
var conv = require('binstring')
var unencodedData = "003c176e659bea0f29a3e9bf7880c112b1b31b4dc826268187";
var out = base58.encode(conv(unencodedData: {in: 'hex', out: 'buffer'}));
console.log(out); // => 16UjcYNBG9GTK4uq2f7yYEbuifqCzoLMGS"
input
must be a base 58 encoded string. Returns a Buffer
.
exmample:
var base58 = require('base58');
var address = "16UjcYNBG9GTK4uq2f7yYEbuifqCzoLMGS";
var out = base58.decode(address)
console.log(out.toString('hex')); // => 003c176e659bea0f29a3e9bf7880c112b1b31b4dc826268187
Most of the code from Stefan Thomas in https://github.com/bitcoinjs/bitcoinjs-lib
(MIT License)
FAQs
Base 58 encoding / decoding
The npm package bs58 receives a total of 1,729,694 weekly downloads. As such, bs58 popularity was classified as popular.
We found that bs58 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.