npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@ledgerhq/bitcoin_signer

v0.3.0

Published

[Internal development use] INSECURE CLI BTC transaction signer for integration tests

Downloads

11

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ledger-releaserledger-releaserthomas.coudraythomas.coudrayldg-github-cildg-github-ciaboissiereaboissierevbouzonvbouzongbrahm-ledgergbrahm-ledgersergii-shkolinsergii-shkolinphenry-ledgerphenry-ledger

Keywords

bitcointestsigning

Readme

This is INSECURE you WILL LOSE MONEY

Maybe you won't lose money, but this tool's sole purpose is to be a quick and dirty offline signer. Development will never stop to consider security risks, and dependencies were not audited (by the author, at least).

So don't trust this software with funds you care about.

Bitcoin CLI Signing utility

This is a small library/CLI utility for signing BTC-like transactions using bitcoinlib-js. As an extra, it can also use internal Ledger Wallet Daemon and Praline mock-node/explorer infrastructure to run broadcasting-based scenarii for component testing.

Install

Install from npm registry:

npm i -g @ledgerhq/bitcoin_signer

or

yarn global add @ledgerhq/bitcoin_signer

Dev quickstart

 # Create a mnenomic and saves the string in a file
echo "abandon abandon abandon" > .mnemonic
 # Build the stuff
npm install && npm run build # Or yarn install && yarn build
 # Test the stuff
./dist/index.js sign .mnemonic .tx-test

It will fail with messages like

pubkeyhash not supported (OP_DUP OP_HASH160 ed176f89c975db1fb6c9b798e446fba6023a9b10 OP_EQUALVERIFY OP_CHECKSIG)

if the key pair doesn't match one of the input to sign

Testing with Wallet Daemon / Praline

Note: The docker-compose file uses ghcr images, so configure your docker CLI accordingly. (And unauthorized people won't be able to run this test, even including myself eventually)

There is a testing scenario that uses commands to successively :

  • faucet some BTC on Praline handling a testnet
  • build, sign, and broadcast a transaction using Wallet Daemon, Praline, and Wallet Daemon respectively.

This basic scenario uses the Faucet and Send commands and serves the purpose of dogfooding the API in lib, as well as showing examples for building other workflows.

docker-compose up -d
 # Wait for all containers to start, lasts approx. 1min. You can monitor your CPU load
./tooling/scenarii/btc_testnet_praline.sh
 # Or the eth one
./tooling/scenarii/eth_ropsten_real.sh

Design decisions and limitations

UTXO consolidation

It probably won't be able to sign transactions with inputs from different addresses. At least it's not planned now.

TransactionBuilder vs. PSBT

This tool is being created to help with Ledger testing, so the TransactionBuilder format is way easier to use with the rawTransaction format lib-ledger-core uses for communication.

That also means that this project uses deprecated code and will keep using old code to be able to keep working.

Half a roadmap

Targeted minimal features

  • [ ] Better Quickstart in 1 line
  • [ ] Better packaging of the executable in one command
  • [x] Import a BIP39 mnemonic as the wallet
  • [x] Read transaction from hex string on path
  • [x] Return the signature for a transaction

Other features

  • [x] Import a single xpub Use the xpub seed, and then just use it a root in the keychain
  • [ ] Import a single address
  • [ ] Show addresses to receive funds if necessary
  • [ ] Add network as argument (and a .ts file that adds all common networks as dict outside of mainnet/regtest/testnet)
  • [ ] Add path as argument, with a default that depends on network