Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
ethereumjs-util
Advanced tools
Package description
The ethereumjs-util package provides a set of utility functions for Ethereum. These utilities include functions for handling addresses, big numbers, hashing, and encoding/decoding data according to the Ethereum protocol standards. It is a foundational package that can be used to develop Ethereum-based applications, facilitating tasks such as transaction formatting, signature verification, and data conversion.
Address Formatting
Converts an Ethereum address to its checksummed version to prevent case sensitivity errors.
const { toChecksumAddress } = require('ethereumjs-util');
const checksumAddress = toChecksumAddress('0xfb6916095ca1df60bb79ce92ce3ea74c37c5d359');
console.log(checksumAddress);
Hashing
Generates a keccak256 hash of the input data, a common hashing function used in Ethereum.
const { keccak256 } = require('ethereumjs-util');
const hash = keccak256(Buffer.from('hello'));
console.log('Hash:', hash.toString('hex'));
Signature Verification
Signs a message hash with a private key and serializes the signature in a format compatible with RPC calls.
const { ecsign, toRpcSig } = require('ethereumjs-util');
const privateKey = Buffer.from('c87509a1c067bbde7aebb4d3c0a0b8ab8bd02b676c91662b5f41c4ec9863d8ee', 'hex');
const msgHash = keccak256(Buffer.from('hello'));
const sig = ecsign(msgHash, privateKey);
const serializedSig = toRpcSig(sig.v, sig.r, sig.s);
console.log('Signature:', serializedSig);
Web3 is a comprehensive Ethereum library that includes utilities similar to ethereumjs-util but also provides a wide range of functionalities to interact with Ethereum nodes directly. It covers the entire Ethereum API and is more extensive for building DApps.
Ethers is a lightweight library that aims to be a complete and compact library for interacting with the Ethereum Blockchain and its ecosystem. It includes utilities for addresses, big numbers, and hashing, similar to ethereumjs-util, but also features a complete set of functions to interact with smart contracts and blockchain data.
Readme
A collection of utility functions for Ethereum. It can be used in Node.js and in the browser with browserify.
npm install ethereumjs-util
import assert from 'assert'
import { isValidChecksumAddress, unpadBuffer, BN } from 'ethereumjs-util'
assert.ok(isValidChecksumAddress('0x2F015C60E0be116B1f0CD534704Db9c92118FB6A'))
assert.ok(unpadBuffer(Buffer.from('000000006600', 'hex')).equals(Buffer.from('6600', 'hex')))
assert.ok(new BN('dead', 16).add(new BN('101010', 2)).eqn(57047))
Read the API docs.
KECCAK256_NULL_S
for string representation of Keccak-256 hash of nullDEPRECATED
)BN
, rlp
The following methods are available by an internalized version of the ethjs-util package (MIT
license), see internal.ts. The original package is not maintained any more and the original functionality will be replaced by own implementations over time (starting with the v7.1.3
release, October 2021).
They can be imported by name:
import { stripHexPrefix } from 'ethereumjs-util'
ethereumjs-util
re-exports the following commonly-used libraries:
They can be imported by name:
import { BN, rlp } from 'ethereumjs-util'
See our organizational documentation for an introduction to EthereumJS
as well as information on current standards and best practices.
If you want to join for work or do improvements on the libraries have a look at our contribution guidelines.
MPL-2.0
FAQs
A collection of utility functions for Ethereum
The npm package ethereumjs-util receives a total of 1,247,611 weekly downloads. As such, ethereumjs-util popularity was classified as popular.
We found that ethereumjs-util demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.