A javascript Bitcoin library for node.js and browsers.
Find a file
Jonathan Underwood c7b3506f48
Update main_ci.yml
2021-02-19 21:00:57 +09:00
.github/workflows Update main_ci.yml 2021-02-19 21:00:57 +09:00
src #4 do not add empty redeem script name 2020-10-01 15:10:49 +03:00
test #5 remove redeem script name 2020-10-01 15:12:54 +03:00
ts_src #1470 Bring over TransactionInput & TransactionOutputfrom BIP174 2020-11-26 19:23:01 +02:00
types #1470 Bring over TransactionInput & TransactionOutputfrom BIP174 2020-11-26 19:23:01 +02:00
.gitignore Move tests to TypeScript (coverage is still JS based) 2019-09-11 07:25:47 +09:00
.prettierignore style: add prettier 2019-03-04 22:09:53 +09:00
.prettierrc.json style: add prettier 2019-03-04 22:09:53 +09:00
CHANGELOG.md 5.2.0 2020-09-12 00:49:05 +09:00
CONTRIBUTING.md Add TypeScript section to CONTRIBUTING 2019-03-07 16:43:12 +09:00
LICENSE Update License 2020-01-06 16:58:59 +09:00
package-lock.json #1470 update tiny-secp256k1 to v1.1.6 2020-12-02 11:40:29 +02:00
package.json #1470 update tiny-secp256k1 to v1.1.6 2020-12-02 11:40:29 +02:00
README.md #1654 add link to Web UI in README 2021-02-01 12:28:54 +02:00
tsconfig.json build: add compiler options to forbid unused local variables and parameters 2019-03-04 00:10:12 +09:00
tslint.json Add tslint to tests 2019-09-12 17:35:08 +09:00

BitcoinJS (bitcoinjs-lib)

Build Status NPM

code style: prettier

A javascript Bitcoin library for node.js and browsers. Written in TypeScript, but committing the JS files to verify.

Released under the terms of the MIT LICENSE.

Should I use this in production?

If you are thinking of using the master branch of this library in production, stop. Master is not stable; it is our development branch, and only tagged releases may be classified as stable.

Can I trust this code?

Don't trust. Verify.

We recommend every user of this library and the bitcoinjs ecosystem audit and verify any underlying code for its validity and suitability, including reviewing any and all of your project's dependencies.

Mistakes and bugs happen, but with your help in resolving and reporting issues, together we can produce open source software that is:

  • Easy to audit and verify,
  • Tested, with test coverage >95%,
  • Advanced and feature rich,
  • Standardized, using prettier and Node Buffer's throughout, and
  • Friendly, with a strong and helpful community, ready to answer questions.

Documentation

Presently, we do not have any formal documentation other than our examples, please ask for help if our examples aren't enough to guide you.

You can find a Web UI that covers most of the psbt.ts, transaction.ts and p2*.ts APIs here.

Installation

npm install bitcoinjs-lib

Typically we support the Node Maintenance LTS version. If in doubt, see the .travis.yml for what versions are used by our continuous integration tests.

WARNING: We presently don't provide any tooling to verify that the release on npm matches GitHub. As such, you should verify anything downloaded by npm against your own verified copy.

Usage

Crypto is hard.

When working with private keys, the random number generator is fundamentally one of the most important parts of any software you write. For random number generation, we default to the randombytes module, which uses window.crypto.getRandomValues in the browser, or Node js' crypto.randomBytes, depending on your build system. Although this default is ~OK, there is no simple way to detect if the underlying RNG provided is good enough, or if it is catastrophically bad. You should always verify this yourself to your own standards.

This library uses tiny-secp256k1, which uses RFC6979 to help prevent k re-use and exploitation. Unfortunately, this isn't a silver bullet. Often, Javascript itself is working against us by bypassing these counter-measures.

Problems in Buffer (UInt8Array), for example, can trivially result in catastrophic fund loss without any warning. It can do this through undermining your random number generation, accidentally producing a duplicate k value, sending Bitcoin to a malformed output script, or any of a million different ways. Running tests in your target environment is important and a recommended step to verify continuously.

Finally, adhere to best practice. We are not an authorative source of best practice, but, at the very least:

Browser

The recommended method of using bitcoinjs-lib in your browser is through Browserify. If you're familiar with how to use browserify, ignore this and carry on, otherwise, it is recommended to read the tutorial at https://browserify.org/.

NOTE: We use Node Maintenance LTS features, if you need strict ES5, use --transform babelify in conjunction with your browserify step (using an es2015 preset).

WARNING: iOS devices have problems, use atleast buffer@5.0.5 or greater, and enforce the test suites (for Buffer, and any other dependency) pass before use.

Typescript or VSCode users

Type declarations for Typescript are included in this library. Normal installation should include all the needed type information.

Examples

The below examples are implemented as integration tests, they should be very easy to understand. Otherwise, pull requests are appreciated. Some examples interact (via HTTPS) with a 3rd Party Blockchain Provider (3PBP).

If you have a use case that you feel could be listed here, please ask for it!

Contributing

See CONTRIBUTING.md.

Running the test suite

npm test
npm run-script coverage

Complementing Libraries

  • BIP21 - A BIP21 compatible URL encoding library
  • BIP38 - Passphrase-protected private keys
  • BIP39 - Mnemonic generation for deterministic keys
  • BIP32-Utils - A set of utilities for working with BIP32
  • BIP66 - Strict DER signature decoding
  • BIP68 - Relative lock-time encoding library
  • BIP69 - Lexicographical Indexing of Transaction Inputs and Outputs
  • Base58 - Base58 encoding/decoding
  • Base58 Check - Base58 check encoding/decoding
  • Bech32 - A BIP173 compliant Bech32 encoding library
  • coinselect - A fee-optimizing, transaction input selection module for bitcoinjs-lib.
  • merkle-lib - A performance conscious library for merkle root and tree calculations.
  • minimaldata - A module to check bitcoin policy: SCRIPT_VERIFY_MINIMALDATA

Alternatives

LICENSE MIT