npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@tradle/protocol

v5.1.2

Published

Tradle protocol v2

Downloads

86

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

spwilkospwilkoleichtgewichtleichtgewichtgenevayngribgenevayngribtenaciousmvtenaciousmvpgmemkpgmemk

Keywords

Readme

protocol

Tradle protocol v2

Purpose

Alice sends Bob a message on some channel or other. Later, Bob wants to prove who send what and when. Digital signatures get you 90% of the way there, but you still need an identity server (in our case the blockchain), and message timestamping (you got it, also the blockchain).

The sender and recipient separately derive per-message public keys based on message content and recipient's public key. The proving party, who can be either the sender or the recipient, sends a blockchain transaction to the address corresponding to the generated key. The recipient monitors the same address to get a confidential but auditable proof.

Methods

Better docs coming soon, for now see documentation embedded in code.

send({ pub: ECPubKey, message: Object })

receive({ pub: ECPrivKey, message: Object })

tree({ leaf: ?Function, parent: ?Function, message: Object })

prove({ tree: Array, leaves: Array })

verify({ proof: Array, node: Node })

Usage

const ec = require('elliptic').ec('secp256k1')
const alice = secp256k1.keyFromPrivate('a243732f222cae6f8fc85c302ac6e704799a6b95660fe53b0718a2e84218a718', 'hex')
const bob = secp256k1.keyFromPrivate('06e5db45f217a0bc399a4fd1836ca3bcde392a05b1d67e77d681e490a1039eef', 'hex')

const a = protocol.send({
  pub: bob.getPublic(),
  message: {
    a: 1,
    b: 2
  }
})

const b = protocol.receive({
  priv: bob.priv,
  message: {
    a: 1,
    b: 2
  }
})

// a.destKey.getPublic(true, 'hex') === b.destKey.getPublic(true, 'hex')

Objects

Objects are plain JSON objects that:

  • must bear the signature of their creator (the merkle root of the object is signed)
  • if the object is not the first version:
    • must link to the previous version of the object
    • optionally link to the original version of the object (if it exists)

Merkle root

To build a merkle tree for an object, sort the properties alphabetically, then set the leaves to be key1, value1, key2, value2, etc.

Object headers

Properties in an object header are omitted from the merkle tree. Header properties include:

  • signature

Messages

Messages are objects as described above, with the following properties:

  • object: another object
  • sender: sender pub key
  • recipient: recipient pub key
  • prev: link to previous message to this recipient

Links

A link to an object is the sha256 hash of its stringified header, currently:

var header = {
  // merkle root of tree described above
  _s: sign(merkle_root(object))
}

Seals

Seals are public keys that are created as combination of a blockchain transaction creator's known public key and an object:

p1 = link // private key derived from object link P1 = ec_point(p1) P2 = transaction creator pub key

Seal pub key = P1 + P2

When a version of an object is created, two seals are created, one for the current version, and one linking to the previous. The seal pub key for the previous is calculated slightly differently so that it doesn't end up being identical to the previous version's:

p1 = sha256(prev_version_link) ... // same as above

Todo

decide when to check that signer of prev and current version is the same