New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

js-sol-sign

Package Overview
Dependencies
Maintainers
1
Versions
3
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

js-sol-sign

A CLI tool for signing messages with Solana keypairs

latest
Source
npmnpm
Version
1.3.0
Version published
Maintainers
1
Created
Source

JS-Sol-Sign

A production-grade CLI tool for signing messages with Solana keypairs. Simple, secure, and easy to use.

npm version License: MIT

Features

  • 🔐 Sign messages with Solana keypairs from JSON files or private keys
  • Verify signatures to ensure message authenticity
  • 🔑 Generate new keypairs for development and testing
  • 📋 Multiple output formats (Base58, Hex, Base64)
  • 🛡️ Input validation for security and reliability
  • 🎨 Beautiful CLI interface with colored output
  • 🧪 Production-ready with comprehensive tests
  • 🤖 Automatic CI/CD with version bumping and npm publishing

Installation

Global Installation (Recommended)

npm install -g js-sol-sign

Local Installation

npm install js-sol-sign

Quick Start

Sign a Message with Keypair File

js-sol-sign sign -m 'Hello, Solana!' -k ./my-keypair.json

Sign a Message with Private Key

js-sol-sign sign -m 'Hello, Solana!' -p "your-private-key-here"

Verify a Signature

js-sol-sign verify -m 'Hello, Solana!' -s "signature-here" -p "public-key-here"

Generate a New Keypair

js-sol-sign keypair
js-sol-sign keypair -o ./new-keypair.json

Shell Escaping for Special Characters

When your message contains special characters like !, $, or quotes, use proper escaping:

# Use single quotes for messages with exclamation marks
js-sol-sign sign -m 'Hello World!' -k ./keypair.json

# Use double quotes and escape for single quotes
js-sol-sign sign -m "Don\'t forget this" -k ./keypair.json

# For complex messages, you can use a file
echo "Complex message: !@#$%^&*()" > message.txt
js-sol-sign sign -m "$(cat message.txt)" -k ./keypair.json

Usage

Signing Messages

Using Keypair File

# Basic signing
sol-sign sign --message "Your message" --keypair ./keypair.json

# With different output formats
sol-sign sign -m "Your message" -k ./keypair.json -o hex
sol-sign sign -m "Your message" -k ./keypair.json -o base64

# With signature verification
sol-sign sign -m "Your message" -k ./keypair.json --verify

Using Private Key

# With base58 private key
sol-sign sign -m "Your message" -p "5Kd3NBUAdUnhyzenEwVLy9pBKxSwXvE9FMPyR4UKZvpe6E6VTjLjyBXhF"

# With JSON array private key
sol-sign sign -m "Your message" -p '[1,2,3,...,64]'

Verifying Signatures

# Basic verification
sol-sign verify --message "Your message" --signature "signature-here" --public-key "public-key-here"

# With different signature formats
sol-sign verify -m "Your message" -s "hex-signature" -p "public-key" -f hex
sol-sign verify -m "Your message" -s "base64-signature" -p "public-key" -f base64

Generating Keypairs

# Generate and display keypair
sol-sign keypair

# Save keypair to file
sol-sign keypair --output ./my-new-keypair.json

# Only show public key
sol-sign keypair --public-key-only

Command Reference

js-sol-sign sign

Sign a message with a Solana keypair.

Options:

  • -m, --message <message> - Message to sign (required)
  • -k, --keypair <path> - Path to Solana keypair JSON file
  • -p, --private-key <key> - Private key as base58 string or array of bytes
  • -o, --output <format> - Output format: hex, base58, base64 (default: base58)
  • --verify - Verify the signature after signing

Examples:

js-sol-sign sign -m 'Hello World' -k ./keypair.json
js-sol-sign sign -m 'Hello World' -p "your-private-key" -o hex --verify

js-sol-sign verify

Verify a signature for a message.

Options:

  • -m, --message <message> - Original message (required)
  • -s, --signature <signature> - Signature to verify (required)
  • -p, --public-key <key> - Public key to verify against (required)
  • -f, --format <format> - Signature format: hex, base58, base64 (default: base58)

Examples:

js-sol-sign verify -m 'Hello World' -s "signature-here" -p "public-key-here"
js-sol-sign verify -m 'Hello World' -s "hex-signature" -p "public-key" -f hex

js-sol-sign keypair

Generate a new Solana keypair.

Options:

  • -o, --output <path> - Output file path for the keypair
  • --public-key-only - Only display the public key

Examples:

js-sol-sign keypair
js-sol-sign keypair -o ./new-keypair.json
js-sol-sign keypair --public-key-only

Output Formats

JS-Sol-Sign supports three output formats for signatures:

  • base58 (default) - Standard Solana format
  • hex - Hexadecimal encoding
  • base64 - Base64 encoding

Security Best Practices

  • Never share your private keys - Keep them secure and private
  • Use keypair files when possible instead of passing private keys as arguments
  • Verify signatures when security is critical
  • Use strong keypairs - Generate them with sol-sign keypair

Keypair File Format

JS-Sol-Sign expects Solana keypair files in the standard JSON array format:

[1, 2, 3, ..., 64]

This is a 64-byte array where the first 32 bytes are the private key and the last 32 bytes are the public key.

Error Handling

JS-Sol-Sign provides clear error messages for common issues:

  • Invalid keypair file format
  • Missing or incorrect private keys
  • File not found errors
  • Invalid signature formats
  • Network connectivity issues

Development

Local Development

# Clone the repository
git clone https://github.com/Aryamanraj/js-sol-sign.git
cd js-sol-sign

# Install dependencies
npm install

# Build the project
npm run build

# Run tests
npm test

# Run in development mode
npm run dev sign -m "test message" -k ./test-keypair.json

Testing

# Run all tests
npm test

# Run tests in watch mode
npm run test:watch

# Run with coverage
npm test -- --coverage

Linting and Formatting

# Lint code
npm run lint

# Fix linting issues
npm run lint:fix

# Format code
npm run format

API Reference

JS-Sol-Sign can also be used as a library in your Node.js projects:

import { SolanaMessageSigner } from 'js-sol-sign';

const signer = new SolanaMessageSigner();

// Sign with keypair file
const result = await signer.signWithKeypairFile('message', './keypair.json');

// Sign with private key
const result2 = await signer.signWithPrivateKey('message', 'private-key');

// Verify signature
const isValid = await signer.verifySignature('message', 'signature', 'public-key');

// Generate keypair
const keypair = signer.generateKeypair();

Contributing

Contributions are welcome! Please read our Contributing Guide for details on our code of conduct and the process for submitting pull requests.

  • Fork the repository
  • Create your feature branch (git checkout -b feature/amazing-feature)
  • Commit your changes (git commit -m 'Add some amazing feature')
  • Push to the branch (git push origin feature/amazing-feature)
  • Open a Pull Request

License

This project is licensed under the MIT License - see the LICENSE file for details.

Support

Changelog

See CHANGELOG.md for a detailed history of changes.

Made with ❤️ for the Solana community

Keywords

solana
crypto
signing
cli
blockchain
keypair

FAQs

Package last updated on 28 Aug 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Security News

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.

By Sarah Gooding  -  Apr 03, 2026