ethereumjs-tx - npm Package Compare versions

Comparing version 0.5.7 to 0.5.8

index.js

@@ -1,7 +0,6 @@
-const BN = require('bn.js')
 const rlp = require('rlp')
 const ethUtil = require('ethereumjs-util')
 const fees = require('ethereum-common').fees
-const ecdsaOps = require('./ecdsaOps.js')
-// const ecdsaOps = require('./ecdsaOpsBrowser.js')
+const ecdsa = require('secp256k1')
+const BN = ethUtil.BN
 
@@ -125,4 +124,9 @@ //give browser access to Buffers
  */
-Transaction.prototype.getSenderPublicKey = ecdsaOps.txGetSenderPublicKey
+Transaction.prototype.getSenderPublicKey =  function() {
+  if (!this._senderPubKey || !this._senderPubKey.length)
+    this.verifySignature()
 
+  return this._senderPubKey
+}
+
 /**
@@ -132,4 +136,20 @@ * @method verifySignature
  */
-Transaction.prototype.verifySignature = ecdsaOps.txVerifySignature
+Transaction.prototype.verifySignature = function() {
+  var msgHash = this.hash(false)
+  var sig = {
+    signature: Buffer.concat([ethUtil.pad(this.r, 32), ethUtil.pad(this.s, 32)], 64),
+    recovery: ethUtil.bufferToInt(this.v) - 27
+  }
 
+  try{
+    this._senderPubKey = ecdsa.recover(msgHash, sig, false)
+  }catch(e){
+    return false 
+  }
+
+  if (this._senderPubKey && this._senderPubKey.toString('hex') !== '') 
+    return ecdsa.verify(msgHash, sig, this._senderPubKey)
+  else 
+    return false
+}
 /**
@@ -140,4 +160,10 @@ * sign a transaction with a given a private key
  */
-Transaction.prototype.sign = ecdsaOps.txSign
+Transaction.prototype.sign = function(privateKey) {
+  var msgHash = this.hash(false)
+  var sig = ecdsa.sign(msgHash, privateKey)
 
+  this.r = sig.signature.slice(0, 32)
+  this.s = sig.signature.slice(32, 64)
+  this.v = sig.recovery + 27
+}
 /**
@@ -144,0 +170,0 @@ * The amount of gas paid for the data in this tx

package.json

 {
   "name": "ethereumjs-tx",
-  "version": "0.5.7",
+  "version": "0.5.8",
   "description": "An simple module for creating, manipulating and signing ethereum transactions",
@@ -17,8 +17,7 @@ "main": "index.js",
   "dependencies": {
-    "bn.js": "^3.0.1",
-    "elliptic": "^5.0.0",
     "ethereum-common": "0.0.3",
     "ethereumjs-util": "^1.3.4",
     "rlp": "^1.0.1",
-    "secp256k1": "1.0.1"
+    "secp256k1": "1.0.1",
+    "secp256k1-browserify": "0.0.0"
   },
@@ -32,3 +31,3 @@ "devDependencies": {
   "browser": {
-    "./ecdsaOps.js": "./ecdsaOpsBrowser.js"
+    "secp256k1": "secp256k1-browserify"
   },
@@ -35,0 +34,0 @@ "testling": {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Native code

Supply chain risk

Contains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.

Found 2 instances in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

369700

increased by2.09%

Dependency count

5

decreased by-16.67%

Worsened metrics

Lines of code

10647

decreased by-7.03%

Number of medium supply chain risk alerts

2

increased byInfinity%

Dependency changes

• + Addedsecp256k1-browserify@0.0.0

• + Addedsecp256k1-browserify@0.0.0(transitive)

• - Removedbn.js@^3.0.1

• - Removedelliptic@^5.0.0