• Stars
    star
    5,592
  • Rank 7,309 (Top 0.2 %)
  • Language
    TypeScript
  • License
    MIT License
  • Created over 13 years ago
  • Updated 5 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A javascript Bitcoin library for node.js and browsers.

BitcoinJS (bitcoinjs-lib)

Github CI NPM code style: prettier

A javascript Bitcoin library for node.js and browsers. Written in TypeScript, but committing the JS files to verify.

Released under the terms of the MIT LICENSE.

Should I use this in production?

If you are thinking of using the master branch of this library in production, stop. Master is not stable; it is our development branch, and only tagged releases may be classified as stable.

Can I trust this code?

Don't trust. Verify.

We recommend every user of this library and the bitcoinjs ecosystem audit and verify any underlying code for its validity and suitability, including reviewing any and all of your project's dependencies.

Mistakes and bugs happen, but with your help in resolving and reporting issues, together we can produce open source software that is:

  • Easy to audit and verify,
  • Tested, with test coverage >95%,
  • Advanced and feature rich,
  • Standardized, using prettier and Node Buffer's throughout, and
  • Friendly, with a strong and helpful community, ready to answer questions.

Documentation

Presently, we do not have any formal documentation other than our examples, please ask for help if our examples aren't enough to guide you.

You can find a Web UI that covers most of the psbt.ts, transaction.ts and p2*.ts APIs here.

Installation

npm install bitcoinjs-lib
# optionally, install a key derivation library as well
npm install ecpair bip32
# ecpair is the ECPair class for single keys
# bip32 is for generating HD keys

Previous versions of the library included classes for key management (ECPair, HDNode(->"bip32")) but now these have been separated into different libraries. This lowers the bundle size significantly if you don't need to perform any crypto functions (converting private to public keys and deriving HD keys).

Typically we support the Node Maintenance LTS version. TypeScript target will be set to the ECMAScript version in which all features are fully supported by current Active Node LTS. However, depending on adoption among other environments (browsers etc.) we may keep the target back a year or two. If in doubt, see the main_ci.yml for what versions are used by our continuous integration tests.

WARNING: We presently don't provide any tooling to verify that the release on npm matches GitHub. As such, you should verify anything downloaded by npm against your own verified copy.

Usage

Crypto is hard.

When working with private keys, the random number generator is fundamentally one of the most important parts of any software you write. For random number generation, we default to the randombytes module, which uses window.crypto.getRandomValues in the browser, or Node js' crypto.randomBytes, depending on your build system. Although this default is ~OK, there is no simple way to detect if the underlying RNG provided is good enough, or if it is catastrophically bad. You should always verify this yourself to your own standards.

This library uses tiny-secp256k1, which uses RFC6979 to help prevent k re-use and exploitation. Unfortunately, this isn't a silver bullet. Often, Javascript itself is working against us by bypassing these counter-measures.

Problems in Buffer (UInt8Array), for example, can trivially result in catastrophic fund loss without any warning. It can do this through undermining your random number generation, accidentally producing a duplicate k value, sending Bitcoin to a malformed output script, or any of a million different ways. Running tests in your target environment is important and a recommended step to verify continuously.

Finally, adhere to best practice. We are not an authoritative source of best practice, but, at the very least:

  • Don't reuse addresses.
  • Don't share BIP32 extended public keys ('xpubs'). They are a liability, and it only takes 1 misplaced private key (or a buggy implementation!) and you are vulnerable to catastrophic fund loss.
  • Don't use Math.random - in any way - don't.
  • Enforce that users always verify (manually) a freshly-decoded human-readable version of their intended transaction before broadcast.
  • Don't ask users to generate mnemonics, or 'brain wallets', humans are terrible random number generators.
  • Lastly, if you can, use Typescript or similar.

Browser

The recommended method of using bitcoinjs-lib in your browser is through browserify.

If you'd like to use a different (more modern) build tool than browserify, you can compile just this library and its dependencies into a single JavaScript file:

$ npm install bitcoinjs-lib browserify
$ npx browserify --standalone bitcoin - -o bitcoinjs-lib.js <<<"module.exports = require('bitcoinjs-lib');"

Which you can then import as an ESM module:

<script type="module">import "/scripts/bitcoinjs-lib.js"</script>

NOTE: We use Node Maintenance LTS features, if you need strict ES5, use --transform babelify in conjunction with your browserify step (using an es2015 preset).

WARNING: iOS devices have problems, use at least [email protected] or greater, and enforce the test suites (for Buffer, and any other dependency) pass before use.

Typescript or VSCode users

Type declarations for Typescript are included in this library. Normal installation should include all the needed type information.

Examples

The below examples are implemented as integration tests, they should be very easy to understand. Otherwise, pull requests are appreciated. Some examples interact (via HTTPS) with a 3rd Party Blockchain Provider (3PBP).

If you have a use case that you feel could be listed here, please ask for it!

Contributing

See CONTRIBUTING.md.

Running the test suite

npm test
npm run-script coverage

Complementing Libraries

  • BIP21 - A BIP21 compatible URL encoding library
  • BIP38 - Passphrase-protected private keys
  • BIP39 - Mnemonic generation for deterministic keys
  • BIP32-Utils - A set of utilities for working with BIP32
  • BIP66 - Strict DER signature decoding
  • BIP68 - Relative lock-time encoding library
  • BIP69 - Lexicographical Indexing of Transaction Inputs and Outputs
  • Base58 - Base58 encoding/decoding
  • Base58 Check - Base58 check encoding/decoding
  • Bech32 - A BIP173/BIP350 compliant Bech32/Bech32m encoding library
  • coinselect - A fee-optimizing, transaction input selection module for bitcoinjs-lib.
  • merkle-lib - A performance conscious library for merkle root and tree calculations.
  • minimaldata - A module to check bitcoin policy: SCRIPT_VERIFY_MINIMALDATA

Alternatives

LICENSE MIT

More Repositories

1

bip39

JavaScript implementation of Bitcoin BIP39: Mnemonic code for generating deterministic keys
JavaScript
983
star
2

bip38

BIP38 is a standard process to encrypt Bitcoin and crypto currency private keys that is less susceptible to brute force attacks thus protecting the user.
JavaScript
206
star
3

coinselect

An unspent transaction output (UTXO) selection module for bitcoin.
JavaScript
178
star
4

bip32

A BIP32 compatible library.
JavaScript
151
star
5

bitcoinjs-message

JavaScript
126
star
6

bolt11

A library for encoding and decoding lightning network payment requests as defined in BOLT #11.
JavaScript
93
star
7

bip44-constants

This package provides BIP44 coin constants as found here: https://github.com/satoshilabs/slips/blob/master/slip-0044.md
JavaScript
87
star
8

bs58check

A straight forward implementation of base58check extending upon bs58.
JavaScript
85
star
9

bech32

Bech32 encoding / decoding
TypeScript
84
star
10

wif

Bitcoin Wallet Import Format JS encoding/decoding module
JavaScript
75
star
11

bip32-utils

A small set of utilities for use with BIP32 HD key nodes
JavaScript
74
star
12

fast-dat-parser

Superfast blockchain parser for stats
C++
73
star
13

tiny-secp256k1

A tiny secp256k1 native/JS wrapper
JavaScript
58
star
14

bip21

A BIP21 compatible URL encoding utility library
JavaScript
55
star
15

indexd

An external bitcoind index management service module
JavaScript
53
star
16

merkle-lib

A performance conscious library for merkle root and tree calculations.
JavaScript
29
star
17

bitcoinjs.org

HTML
20
star
18

bip32-wallet

A BIP32 Wallet backed by bitcoinjs-lib, lite on features but heavily tested.
JavaScript
19
star
19

regtest-client

A client library based off of the integration tests of bitcoinjs-lib. This requires a server component.
JavaScript
18
star
20

regtest-server

A regtest server for bitcoinjs-lib testing
JavaScript
18
star
21

bip174

A BIP174 compatible partial Transaction encoding library.
TypeScript
17
star
22

electrum-mnemonic

Electrum Mnemonics (electrum v2 and greater)
TypeScript
15
star
23

payjoin-client

A Payjoin Client Library in JS with TypeScript types
TypeScript
15
star
24

blkdat-stream

A blk*.dat streaming module, useful for parsing the Bitcoin blockchain
JavaScript
14
star
25

aezeed

A package for encoding, decoding, and generating mnemonics of the aezeed specification. (WIP)
TypeScript
13
star
26

bip66

Strict DER signatures
JavaScript
12
star
27

bitcoin-ops

bitcoin OP codes
JavaScript
11
star
28

ecpair

The ECPair module for bitcoinjs-lib
TypeScript
9
star
29

varuint-bitcoin

encode/decode number as bitcoin variable length integer https://en.bitcoin.it/wiki/Protocol_documentation#Variable_length_integer
JavaScript
6
star
30

bip69

Lexicographical Indexing of Transaction Inputs and Outputs
JavaScript
4
star
31

playground

Go nuts! PRs can be useful for discussion, and won't be rejected
JavaScript
3
star
32

bip65

A BIP65 absolute lock-time encoding library.
JavaScript
2
star
33

utxo

JavaScript
2
star
34

bip68

A BIP68 relative lock-time encoding library.
JavaScript
2
star
35

minimaldata

A module to check bitcoin policy: SCRIPT_VERIFY_MINIMALDATA
JavaScript
2
star
36

pushdata-bitcoin

encode/decode number as bitcoin pushdata integer
JavaScript
2
star
37

uint8array-tools

A set of tools for Uint8Array to aide in the move from Buffers.
JavaScript
1
star
38

tif

DEPRECATED: Bitcoin Transaction Interchange Format (TIF) decoding/encoding module
JavaScript
1
star