invoices - npm Package Compare versions

Comparing version 2.0.3 to 2.0.4

bolt11/create_signed_request.js

 const {createHash} = require('crypto');
 
 const {bech32} = require('bech32');
-const {ecdsaRecover} = require('secp256k1');
+const {recover} = require('tiny-secp256k1');
 
@@ -68,3 +68,3 @@ const hexAsWords = require('./hex_as_words');
     try {
-      const key = Buffer.from(ecdsaRecover(sig, flag, hash, true));
+      const key = Buffer.from(recover(hash, sig, flag, true));
 
@@ -71,0 +71,0 @@ return key.equals(destinationKey);

bolt11/parse_payment_request.js

 const {bech32} = require('bech32');
-const {ecdsaRecover} = require('secp256k1');
+const {recover} = require('tiny-secp256k1');
 
@@ -86,3 +86,3 @@ const decodePrefix = require('./decode_prefix');
     network,
-    destination: asHex(ecdsaRecover(signature, recovery, hash, true)),
+    destination: asHex(recover(hash, signature, recovery, true)),
     details: fields.map(n => fieldAsDetails({
@@ -89,0 +89,0 @@ network,

CHANGELOG.md

 # Versions
 
-## 2.0.3
+## 2.0.4
 
@@ -5,0 +5,0 @@ ### Breaking Change

package.json

@@ -12,3 +12,3 @@ {
     "bn.js": "5.2.0",
-    "secp256k1": "4.0.3"
+    "tiny-secp256k1": "2.2.0"
   },
@@ -20,3 +20,3 @@ "description": "Methods for working with BOLT 11 payment requests",
   "engines": {
-    "node": ">=10.4.0"
+    "node": ">=12.20.0"
   },
@@ -40,3 +40,3 @@ "keywords": [
   },
-  "version": "2.0.3"
+  "version": "2.0.4"
 }

test/bolt11/test_create_unsigned_request.js

@@ -1,2 +0,2 @@
-const sign = require('secp256k1').ecdsaSign;
+const {sign} = require('tiny-secp256k1');
 
@@ -283,3 +283,3 @@ const {test} = require('@alexbosworth/tap');
 
-    const {signature} = sign(bufFromHex(hash), bufFromHex(verify.private_key));
+    const signature = sign(bufFromHex(hash), bufFromHex(verify.private_key));
 
@@ -286,0 +286,0 @@ const {request} = createSignedRequest({

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Worsened metrics

Total package byte prevSize

98514

decreased by-0.01%

Dependency changes

• + Addedtiny-secp256k1@2.2.0

• + Addedcipher-base@1.0.6(transitive)

• + Addedtiny-secp256k1@2.2.0(transitive)

• + Addeduint8array-tools@0.0.6(transitive)

• - Removedsecp256k1@4.0.3

• - Removedbn.js@4.12.1(transitive)

• - Removedbrorand@1.1.0(transitive)

• - Removedcipher-base@1.0.5(transitive)

• - Removedelliptic@6.6.1(transitive)

• - Removedhash.js@1.1.7(transitive)

• - Removedhmac-drbg@1.0.1(transitive)

• - Removedminimalistic-assert@1.0.1(transitive)

• - Removedminimalistic-crypto-utils@1.0.1(transitive)

• - Removednode-addon-api@2.0.2(transitive)

• - Removednode-gyp-build@4.8.4(transitive)

• - Removedsecp256k1@4.0.3(transitive)