Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
ethereumjs-util
Advanced tools
The ethereumjs-util package provides a set of utility functions for Ethereum. These utilities include functions for handling addresses, big numbers, hashing, and encoding/decoding data according to the Ethereum protocol standards. It is a foundational package that can be used to develop Ethereum-based applications, facilitating tasks such as transaction formatting, signature verification, and data conversion.
Address Formatting
Converts an Ethereum address to its checksummed version to prevent case sensitivity errors.
const { toChecksumAddress } = require('ethereumjs-util');
const checksumAddress = toChecksumAddress('0xfb6916095ca1df60bb79ce92ce3ea74c37c5d359');
console.log(checksumAddress);
Hashing
Generates a keccak256 hash of the input data, a common hashing function used in Ethereum.
const { keccak256 } = require('ethereumjs-util');
const hash = keccak256(Buffer.from('hello'));
console.log('Hash:', hash.toString('hex'));
Signature Verification
Signs a message hash with a private key and serializes the signature in a format compatible with RPC calls.
const { ecsign, toRpcSig } = require('ethereumjs-util');
const privateKey = Buffer.from('c87509a1c067bbde7aebb4d3c0a0b8ab8bd02b676c91662b5f41c4ec9863d8ee', 'hex');
const msgHash = keccak256(Buffer.from('hello'));
const sig = ecsign(msgHash, privateKey);
const serializedSig = toRpcSig(sig.v, sig.r, sig.s);
console.log('Signature:', serializedSig);
Web3 is a comprehensive Ethereum library that includes utilities similar to ethereumjs-util but also provides a wide range of functionalities to interact with Ethereum nodes directly. It covers the entire Ethereum API and is more extensive for building DApps.
Ethers is a lightweight library that aims to be a complete and compact library for interacting with the Ethereum Blockchain and its ecosystem. It includes utilities for addresses, big numbers, and hashing, similar to ethereumjs-util, but also features a complete set of functions to interact with smart contracts and blockchain data.
A collection of utility functions for ethereum. It can be used in node.js or can be in the browser with browserify.
MAX_INTEGER
- The max interger that the VM can handleTWO_POW256
- 2^256SHA3_NULL
- SHA3-256 hash of null
SHA3_RLP_ARRAY
- SHA3-256 of an rlp of an empty arraySHA3_RLP
- SHA3-256 hash of the rlp of null
ETH_UNITS
- an array of ethereum unitszeros(number)
Returns buffer filled with 0's
number
- the number bytes to to returnpad(val, length)
pads an array
or buffer
with leading zeros till it has length
bytes
val
- the value to padlength
- the of the resulting valueunpad(val)
Trims leading zeros from a buffer or an array
val
- a buffer
to unpadintToHex(int)
Converts an Integer
into a hex String
int
intToBuffer(int)
Converts an Integer
to a Buffer
int
bufferToInt(buf)
converts a Buffer
to an Interger
buf
fromSigned(buf)
interpets a Buffer
as a signed Integer
and returns a Bignum
buf
toUnsigned(num)
Converts a bignum
to an unsigned interger and returns it as a buffer
num
- a bignum
pubToAddress(pubKey)
Returns the ethereum address of a given public key
pubKey
- the public key as a buffer
defineProperties(self, fields)
defines properties on a Object
self
- the Object
to define properties onfields
- an array fields to definevalidate(fields, data)
Validate defined fields
fields
data
printBA(ba)
Print a Buffer Array
ba
- an Array
of Buffers
baToJSON(ba)
converts a buffer array to JSON
ba
- an Array
of Buffers
Node.js Tests use Mocha. Test in the browser use Testling.
GPL
FAQs
A collection of utility functions for Ethereum
The npm package ethereumjs-util receives a total of 1,253,744 weekly downloads. As such, ethereumjs-util popularity was classified as popular.
We found that ethereumjs-util demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.