Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
JSBI is a pure-JavaScript implementation of [the ECMAScript BigInt proposal](https://tc39.es/proposal-bigint/), which officially became a part of the JavaScript language in ES2020.
JSBI is a pure-JavaScript implementation of the official ECMAScript BigInt proposal, which provides a way to represent whole numbers larger than 2^53 - 1, which is the largest number JavaScript can reliably represent with the Number primitive. JSBI is useful for performing arbitrary-precision arithmetic in JavaScript.
Arithmetic Operations
JSBI allows performing basic arithmetic operations such as addition, subtraction, multiplication, division, and finding the remainder between large integers.
const JSBI = require('jsbi');
const bigInt1 = JSBI.BigInt('123456789012345678901234567890');
const bigInt2 = JSBI.BigInt('987654321098765432109876543210');
const sum = JSBI.add(bigInt1, bigInt2);
const difference = JSBI.subtract(bigInt2, bigInt1);
const product = JSBI.multiply(bigInt1, bigInt2);
const quotient = JSBI.divide(bigInt2, bigInt1);
const remainder = JSBI.remainder(bigInt2, bigInt1);
Comparison Operations
JSBI can compare BigInt numbers to check for equality, or to see if one is greater than or less than another.
const JSBI = require('jsbi');
const bigInt1 = JSBI.BigInt('1234567890');
const bigInt2 = JSBI.BigInt('1234567890');
const bigInt3 = JSBI.BigInt('9876543210');
const isEqual = JSBI.equal(bigInt1, bigInt2); // true
const isLessThan = JSBI.lessThan(bigInt1, bigInt3); // true
const isGreaterThan = JSBI.greaterThan(bigInt3, bigInt1); // true
Bitwise Operations
JSBI supports bitwise operations such as AND, OR, and XOR, which are useful for manipulating large integers at the bit level.
const JSBI = require('jsbi');
const bigInt1 = JSBI.BigInt('1234567890');
const bigInt2 = JSBI.BigInt('9876543210');
const bitwiseAnd = JSBI.bitwiseAnd(bigInt1, bigInt2);
const bitwiseOr = JSBI.bitwiseOr(bigInt1, bigInt2);
const bitwiseXor = JSBI.bitwiseXor(bigInt1, bigInt2);
big-integer is another arbitrary-precision integer arithmetic library for JavaScript. It offers similar functionalities to JSBI but also includes additional features like primality testing, which JSBI does not support.
bignumber.js is a well-known library for working with large floating-point numbers as well as integers. It provides more features than JSBI, including support for decimal arithmetic and more advanced mathematical functions.
JSBI is a pure-JavaScript implementation of the ECMAScript BigInt proposal, which officially became a part of the JavaScript language in ES2020.
npm install jsbi --save
import JSBI from './jsbi.mjs';
const max = JSBI.BigInt(Number.MAX_SAFE_INTEGER);
console.log(String(max));
// → '9007199254740991'
const other = JSBI.BigInt('2');
const result = JSBI.add(max, other);
console.log(String(result));
// → '9007199254740993'
Note: explicitly call toString
on any JSBI
instances when console.log()
ing them to see their numeric representation (e.g. String(max)
or max.toString()
). Without it (e.g. console.log(max)
), you’ll instead see the object that represents the value.
Use babel-plugin-transform-jsbi-to-bigint to transpile JSBI code into native BigInt code.
Refer to the detailed instructions below for more information.
Native BigInts are already shipping in modern browsers (at the time of this writing, Google Chrome 67+, Opera 54+, Firefox 68+, Edge 79+, Safari 14+) and Node.js (v10.4+), but some users are still running older browsers — which means you can't use them yet if you want your code to run everywhere.
To use BigInts in code that you want to run everywhere, you need a library. But there’s a difficulty: the BigInt proposal changes the behavior of operators (like +
, >=
, etc.) to work on BigInts. These changes are impossible to polyfill directly; and they are also making it infeasible (in most cases) to transpile BigInt code to fallback code using Babel or similar tools. The reason is that such a transpilation would have to replace every single operator in the program with a call to some function that performs type checks on its inputs, which would incur an unacceptable performance penalty.
The solution is to do it the other way round: write code using a library’s syntax, and transpile it to native BigInt code when available. JSBI is designed for exactly this purpose: it provides a BigInt “polyfill” implementation that behaves exactly like the upcoming native BigInts, but with a syntax that you can ship on all browsers, today.
Its advantages over other, existing big-integer libraries are:
Except for mechanical differences in syntax, you use JSBI-BigInts just like you would use native BigInts. Some things even look the same, after you replace BigInt
with JSBI.BigInt
:
Operation | native BigInts | JSBI |
---|---|---|
Creation from String | a = BigInt('456') | a = JSBI.BigInt('456') |
Creation from Number | a = BigInt(789) | a = JSBI.BigInt(789) |
Conversion to String | a.toString(radix) | a.toString(radix) |
Conversion to Number | Number(a) | JSBI.toNumber(a) |
Truncation | BigInt.asIntN(64, a) | JSBI.asIntN(64, a) |
BigInt.asUintN(64, a) | JSBI.asUintN(64, a) | |
Type check | typeof a === 'bigint' | a instanceof JSBI |
Most operators are replaced by static functions:
Operation | native BigInts | JSBI |
---|---|---|
Addition | c = a + b | c = JSBI.add(a, b) |
Subtraction | c = a - b | c = JSBI.subtract(a, b) |
Multiplication | c = a * b | c = JSBI.multiply(a, b) |
Division | c = a / b | c = JSBI.divide(a, b) |
Remainder | c = a % b | c = JSBI.remainder(a, b) |
Exponentiation | c = a ** b | c = JSBI.exponentiate(a, b) |
Negation | b = -a | b = JSBI.unaryMinus(a) |
Bitwise negation | b = ~a | b = JSBI.bitwiseNot(a) |
Left shifting | c = a << b | c = JSBI.leftShift(a, b) |
Right shifting | c = a >> b | c = JSBI.signedRightShift(a, b) |
Bitwise “and” | c = a & b | c = JSBI.bitwiseAnd(a, b) |
Bitwise “or” | c = a | b | c = JSBI.bitwiseOr(a, b) |
Bitwise “xor” | c = a ^ b | c = JSBI.bitwiseXor(a, b) |
Comparison to other BigInts | a === b | JSBI.equal(a, b) |
a !== b | JSBI.notEqual(a, b) | |
a < b | JSBI.lessThan(a, b) | |
a <= b | JSBI.lessThanOrEqual(a, b) | |
a > b | JSBI.greaterThan(a, b) | |
a >= b | JSBI.greaterThanOrEqual(a, b) |
The functions above operate only on BigInts. (They don’t perform type checks in the current implementation, because such checks are a waste of time when we assume that you know what you’re doing. Don’t try to call them with other inputs, or you’ll get “interesting” failures!)
Some operations are particularly interesting when you give them inputs of mixed types, e.g. comparing a BigInt to a Number, or concatenating a string with a BigInt. They are implemented as static functions named after the respective native operators:
Operation | native BigInts | JSBI |
---|---|---|
Abstract equality comparison | x == y | JSBI.EQ(x, y) |
Generic “not equal” | x != y | JSBI.NE(x, y) |
Generic “less than” | x < y | JSBI.LT(x, y) |
Generic “less than or equal” | x <= y | JSBI.LE(x, y) |
Generic “greater than” | x > y | JSBI.GT(x, y) |
Generic “greater than or equal” | x >= y | JSBI.GE(x, y) |
Generic addition | x + y | JSBI.ADD(x, y) |
The variable names x
and y
here indicate that the variables can refer to anything, for example: JSBI.GT(101.5, BigInt('100'))
or str = JSBI.ADD('result: ', BigInt('0x2A'))
.
Unfortunately, there are also a few things that are not supported at all:
Unsupported operation | native BigInts | JSBI |
---|---|---|
literals | a = 123n; | N/A ☹ |
increment | a++ | N/A ☹ |
a + 1n | JSBI.add(a, JSBI.BigInt('1')) | |
decrement | a-- | N/A ☹ |
a - 1n | JSBI.subtract(a, JSBI.BigInt('1')) |
It is impossible to replicate the exact behavior of the native ++
and --
operators in a polyfill/library. Since JSBI is intended to be transpiled away eventually, it doesn’t provide a similar-but-different alternative. You can use JSBI.add()
and JSBI.subtract()
instead.
Since version 4.2.0, polyfills for DataView
operations are included (where dv
is a DataView
, i
is an index, le
is an optional boolean indicating little endian mode, and x
is a BigInt
or a JSBI
instance, respectively):
native BigInts/DataViews | JSBI |
---|---|
dv.getBigInt64(i, le) | JSBI.DataViewGetBigInt64(dv, i, le) |
dv.setBigInt64(i, x, le) | JSBI.DataViewSetBigInt64(dv, i, x, le) |
dv.getBigUint64(i, le) | JSBI.DataViewGetBigUint64(dv, i, le) |
dv.setBigUint64(i, x, le) | JSBI.DataViewSetBigUint64(dv, i, x, le) |
Now! The JSBI library is ready for use today.
Once BigInts are natively supported everywhere, use babel-plugin-transform-jsbi-to-bigint to transpile your JSBI code into native BigInt code once and for all.
View our issue tracker to learn more about out our future plans for JSBI, and please join the discussion!
A more vague future plan is to use the JSBI library (or an extension to it) as a staging ground for additional BigInt-related functionality. The official proposal is intentionally somewhat minimal, and leaves further “library functions” for follow-up proposals. Examples are a combined exp
+mod
function, and bit manipulation functions.
Clone this repository and cd
into the local directory.
Use the Node.js version specified in .nvmrc
:
nvm use
Install development dependencies:
npm install
Run the tests:
npm test
See npm run
for the list of commands.
On the main
branch, bump the version number in package.json
:
npm version patch -m 'Release v%s'
Instead of patch
, use minor
or major
as needed.
Note that this produces a Git commit + tag.
Push the release commit and tag:
git push && git push --tags
Our CI then automatically publishes the new release to npm.
FAQs
JSBI is a pure-JavaScript implementation of [the ECMAScript BigInt proposal](https://tc39.es/proposal-bigint/), which officially became a part of the JavaScript language in ES2020.
The npm package jsbi receives a total of 1,426,253 weekly downloads. As such, jsbi popularity was classified as popular.
We found that jsbi demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.