secp256k1 - npm Package Compare versions
Comparing version 0.0.8 to 0.0.9
12
index.js
@@ -148,6 +148,6 @@ var crypto = require('crypto'); | ||
| * @param {Buffer} sig the signature as 64 byte buffer | ||
| * @param {Integer} recid the recovery id (as returned by ecdsa_sign_compact) | ||
| * @param {Integer} recid the recovery id (as returned by ecdsa_sign_compact). should be [0,3] | ||
| * @param {Boolean} compressed whether to recover a compressed or uncompressed pubkey | ||
| * @param {Function} [cb] | ||
| * @return {Buffer} the pubkey, a 33 or 65 byte buffer | ||
| * @return {Buffer|null} the pubkey, a 33 or 65 byte buffer, or null if invalid input | ||
| */ | ||
@@ -158,2 +158,10 @@ exports.recoverCompact = function(msg, sig, recid, compressed, cb){ | ||
| if (recid < 0 || recid > 3) { | ||
| if (!cb) { | ||
| return null; | ||
| } else { | ||
| return cb('failed recid >= 0 && recid <= 3'); | ||
| } | ||
| } | ||
| if(!cb){ | ||
@@ -160,0 +168,0 @@ return secpNode.recoverCompact(msg, sig, compressed, recid); |
| { | ||
| "name": "secp256k1", | ||
| "version": "0.0.8", | ||
| "version": "0.0.9", | ||
| "description": "This module provides native bindings to ecdsa secp256k1 functions", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -45,2 +45,10 @@ //tests against the `ecdsa` module | ||
| it('should NOT verify an invalid signature', function () { | ||
| //testing verification | ||
| var sig2 = ecdsa.sign(msg, ck.privateKey); | ||
| sig2 = new Buffer(ecdsa.serializeSig(sig2)); | ||
| sig2[0] = 0xff; | ||
| assert(ecdsaNative.verify(pubKey, msg, sig2) === -2, 'should NOT verify invalid signature'); | ||
| }); | ||
| it('should verify a signature async', function (done) { | ||
@@ -98,2 +106,15 @@ //testing verification | ||
| }); | ||
| it('should not crash when recoverId is out of bounds - sync', function() { | ||
| var sig = ecdsaNative.recoverCompact(msg, compactSig.signature, -27, true); | ||
| assert.strictEqual(sig, null); | ||
| }); | ||
| it('should not crash when recoverId is out of bounds - async', function(done) { | ||
| ecdsaNative.recoverCompact(msg, compactSig.signature, -27, true, function(err, sig) { | ||
| assert.strictEqual(err, 'failed recid >= 0 && recid <= 3'); | ||
| assert.strictEqual(sig, undefined); | ||
| done(); | ||
| }); | ||
| }); | ||
| }); |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Native code
Supply chain riskContains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.
Found 4 instances in 1 package
Improved metrics
- Lines of code
- increased by10.68%
311
- Number of medium supply chain risk alerts
- decreased by-80%
1
Worsened metrics
- Total package byte prevSize
- decreased by-71.06%
233740
- Number of package files
- decreased by-16.13%
52