Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
graphenejs-lib
Advanced tools
Pure JavaScript Bitshares/Graphene library for node.js and browsers. Can be used to construct, sign and broadcast transactions in JavaScript, and to easily obtain data from the blockchain via public apis.
Most of this code was written by jcalfeee, my work was mostly just repackaging to a discrete npm package.
This library can be obtained through npm:
npm install graphenejs-lib
Three sub-libraries are included: ECC
, Chain
and Serializer
. Generally only the ECC
and Chain
libraries need to be used directly.
This library provides utility functions to handle blockchain state as well as a login class that can be used for simple login functionality using a specific key seed.
The login class uses the following format for keys:
keySeed = accountName + role + password
Using this seed, private keys are generated for either the default roles active, owner, memo
, or as specified. A minimum password length of 12 characters is enforced, but an even longer password is recommended. Three methods are provided:
generateKeys(account, password, [roles])
checkKeys(account, password, auths)
signTransaction(tr)
The auths object should contain the auth arrays from the account object. An example is this:
{
active: [
["GPH5Abm5dCdy3hJ1C5ckXkqUH2Me7dXqi9Y7yjn9ACaiSJ9h8r8mL", 1]
]
}
If checkKeys is successful, you can use signTransaction to sign a TransactionBuilder transaction using the private keys for that account.
The Chain library contains a complete state container called the ChainStore. The ChainStore will automatically configure the set_subscribe_callback
and handle any incoming state changes appropriately. It uses Immutable.js for storing the state, so all objects are return as immutable objects. It has its own subscribe
method that can be used to register a callback that will be called whenever a state change happens.
The ChainStore has several useful methods to retrieve, among other things, objects, assets and accounts using either object ids or asset/account names. These methods are synchronous and will return undefined
to indicate fetching in progress, and null
to indicate that the object does not exist.
var {Apis} = require("graphenejs-ws");
var {ChainStore} = require("graphenejs-lib");
Apis.instance("wss://bitshares.openledger.info/ws").init_promise.then((res) => {
console.log("connected to:", res[0].network);
ChainStore.init().then(() => {
ChainStore.subscribe(updateState);
});
});
let dynamicGlobal = null;
function updateState(object) {
dynamicGlobal = ChainStore.getObject("2.1.0");
console.log("ChainStore object update\n", dynamicGlobal ? dynamicGlobal.toJS() : dynamicGlobal);
}
The ECC library contains all the crypto functions for private and public keys as well as transaction creation/signing.
As a quick example, here's how to generate a new private key from a seed (a brainkey for example):
var {PrivateKey, key} = require("graphenejs-lib");
let seed = "THIS IS A TERRIBLE BRAINKEY SEED WORD SEQUENCE";
let pkey = PrivateKey.fromSeed( key.normalize_brainKey(seed) );
console.log("\nPrivate key:", pkey.toWif());
console.log("Public key :", pkey.toPublicKey().toString(), "\n");
TODO transaction signing example
npm i -g esdoc esdoc-es7-plugin
esdoc -c ./esdoc.json
open out/esdoc/index.html
FAQs
Pure JavaScript Bitshares/Graphene library for node.js and browsers.
The npm package graphenejs-lib receives a total of 7 weekly downloads. As such, graphenejs-lib popularity was classified as not popular.
We found that graphenejs-lib demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.