npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@ledgerhq/xpub-scan

v1.0.4

Published

Master public key analysis tool

Downloads

160

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ledger-releaserledger-releaserthomas.coudraythomas.coudrayldg-github-cildg-github-ciaboissiereaboissierevbouzonvbouzongbrahm-ledgergbrahm-ledgersergii-shkolinsergii-shkolinphenry-ledgerphenry-ledger

Keywords

Readme

Xpub Scan

XPUB

Blockchain test oracle and forensics tool.

Given an extended public key (xpub, Ltub, etc.), get the balances of its derived active addresses and the associated list of operations, or check whether an address has been derived from it.

Xpub Scan demo

Features

  • Privacy Friendly: master public keys are never sent over the Internet: only their derived addresses are
  • Derives specific addresses (by account+index) or all active ones
  • Searches if a given address has been derived from a given master public key (perfect and partial match)
  • Supports legacy, SegWit, and Native SegWit
  • Automatically checks supported CSV or JSON files containing operations history

Prerequisites

Install

With yarn:

$ yarn global add @ledgerhq/xpub-scan

With npm:

$ npm i -g @ledgerhq/xpub-scan

Usage

Bitcoin, Litecoin

$ xpub-scan <xpub> [options]

Ethereum

$ xpub-scan <address> --currency eth [options]

Running programmatically example:

import { Scanner } from "../src/actions/scanner";

const scanResult = async (xpub: string) => {
  await new Scanner({ itemToScan: xpub }).scan();
};

scanResult("your_xpub");

Development

Install dependencies:

$ npm ci

Build the project

$ npm run build

Run the built version:

$ node ./lib/scan.js [options] <xpub>

Alternatively, if you want to use the locally-built version of xpub-scan with just xpub-scan command, you can:

$ yarn link

Currencies

By default, Bitcoin xpubs and Litecoin ltubs are automatically detected.

To scan Bitcoin Cash xpubs, use the --currency bch argument:

$ xpub-scan --currency bch <xpub> …

To scan Litecoin xpubs, use the --currency ltc argument:

$ xpub-scan --currency ltc <xpub> …

Usage 1. Check Balances

In the following instructions, the generic xpub term is used to designate a master public key. It can be substituted with another type of supported public key, such as Ltub (Litecoin).

Scan for a Specific Account and an Index

$ xpub-scan <xpub> --account <account> --index <index>

Example: $ xpub-scan xpub6C...44dXs7p -a 0 -i 10 [addresses at account 0, index 10]

ScanLimits Scan | Scan Addresses Derived From Index A to Index B

$ xpub-scan <xpub> --account <account> --from-index <index A> [--to-index <index B>]

Example 1: $ xpub-scan xpub6C...44dXs7p -a 0 --from-index 0 --to-index 100 [addresses at account 0, from index 0 to index 100, included]

Example 2: $ xpub-scan xpub6C...44dXs7p -a 1 --from-index 29 [addresses at account 0, from index 29 until no active address]

Note: in order to perform the analysis in this context, Xpub Scan needs to pre-derive addresses. By default, it derives 2,000 addresses per account number. If needed, this number of addresses can be adjusted using the --pre-derivation-size option (useful with xpub associated with a large number of addresses).

Full Scan | Scan All Active Addresses

$ xpub-scan <xpub>

Example: $ xpub-scan xpub6C...44dXs7p

Compare Imported Data With Actual Data

Balance --balance <balance>

$ xpub-scan <xpub> --balance <balance (in base unit such as satoshis)>

Addresses --addresses <filepath>

(Not implemented yet)

$ xpub-scan <xpub> --addresses <file path>

UTXOs --utxos <filepath>

(Not implemented yet)

$ xpub-scan <xpub> --utxos <file path>

Operations --operations <filepath>

$ xpub-scan <xpub> --operations <file path>

Example: $ xpub-scan xpub6C...44dXs7p --operations /Users/Test/Downloads/export.csv

General Example

$ xpub-scan xpub6C...44dXs7p --operations /Users/Test/Downloads/export.csv --balance 12345 --diff displays at the end of the analysis the results of the comparison between the 12345 satoshis balance and the actual one, as well as the potential mismatches between the imported operations and the actual ones.

Generate JSON and HTML Reports (Scan Only)

$ xpub-scan <xpub> [args...] --save <directory>

The files are saved as <xpub>.json and <xpub>.html.

Note: --save stdout can be used to display the JSON instead of saving the files. Furthermore, the --quiet option does not display the analysis progress while the --silent option does not display the progress nor the results.

Comparisons-Related Option

  • --diff displays the mismatches (if any) between the imported and actual operations.

Usage 2. Check Address Against Xpub

Check if an address has been derived from a master public key.

Perfect Match

$ xpub-scan <xpub> --address <address>

Partial Match

Add ? where there is uncertainty about a character in the address. For instance: 1MYaYeZhDp?m3YtvqBMXQQN??YCz?7NqgF

Docker

Build: $ docker build -t xpubscan .

Run: $ docker run xpubscan <xpub> [optional: <args>]

Interface

Check Balance

When an analysis is performed, 3 elements are displayed in the following order:

  • The analysis of each derived active address (type, path, address, current balance, total in , total out )
  • The transactions ordered by date (date, block number, address, in | out | sent to self | sent to sibling | received as change from non-sibling c)
  • A summary: total number of transactions and total balance by address type

Xpub and Address Comparison

The derived addresses are displayed during the analysis. Perfect matches are displayed in green (with the corresponding derivation path). Partial matches are displayed in blue (also with the derivation path). No matches are rendered in red.

Configure

Change Settings

  1. Modify ./src/settings.ts
  2. rebuild the tool: $ yarn build
  3. Re-run it: $ node ./lib/scan.js <xpub> …

Change External Provider

It is strongly encouraged to use the custom provider for reliable results.

Crypto APIs can be used as a custom provider. In this context, a valid v2 API key is required.

  1. At the root of the project, rename .env.template to .env
  2. In .env, set the XPUB_SCAN_CUSTOM_API_KEY_V2 (corresponding to your Crypto APIs v2 API key—e.g.: XPUB_SCAN_CUSTOM_API_KEY_V2=abcd6eacca264f7530eb2f7025a84f8)
  3. rebuild the tool: $ yarn build
  4. Re-run it: $ node ./lib/scan.js <xpub> …
  5. Ensure that, when running the tool, it shows that the custom provider is being used