A javascript Syscoin library for node.js and browsers.
Released under the terms of the MIT LICENSE.
If you are thinking of using the master branch of this library in production, stop. Master is not stable; it is our development branch, and only tagged releases may be classified as stable.
Don't trust. Verify.
We recommend every user of this library and the syscoin ecosystem audit and verify any underlying code for its validity and suitability, including reviewing any and all of your project's dependencies.
Mistakes and bugs happen, but with your help in resolving and reporting issues, together we can produce open source software that is:
- Easy to audit and verify,
- Tested, with test coverage >95%,
- Advanced and feature rich,
- Standardized, using prettier and Node
Buffer
's throughout, and - Friendly, with a strong and helpful community, ready to answer questions.
Presently, we do not have any formal documentation other than our examples, please ask for help if our examples aren't enough to guide you.
npm install syscoinjs-lib
Typically we support the Node Maintenance LTS version. If in doubt, see the .travis.yml for what versions are used by our continuous integration tests.
WARNING: We presently don't provide any tooling to verify that the release on npm
matches GitHub. As such, you should verify anything downloaded by npm
against your own verified copy.
Crypto is hard.
When working with private keys, the random number generator is fundamentally one of the most important parts of any software you write.
For random number generation, we default to the randombytes
module, which uses window.crypto.getRandomValues
in the browser, or Node js' crypto.randomBytes
, depending on your build system.
Although this default is ~OK, there is no simple way to detect if the underlying RNG provided is good enough, or if it is catastrophically bad.
You should always verify this yourself to your own standards.
This library uses bitcoinjs-lib which uses tiny-secp256k1, which uses RFC6979 to help prevent k
re-use and exploitation.
Unfortunately, this isn't a silver bullet.
Often, Javascript itself is working against us by bypassing these counter-measures.
Problems in Buffer (UInt8Array)
, for example, can trivially result in catastrophic fund loss without any warning.
It can do this through undermining your random number generation, accidentally producing a duplicate k
value, sending Bitcoin to a malformed output script, or any of a million different ways.
Running tests in your target environment is important and a recommended step to verify continuously.
Finally, adhere to best practice. We are not an authorative source of best practice, but, at the very least:
- Don't re-use addresses.
- Don't share BIP32 extended public keys ('xpubs'). They are a liability, and it only takes 1 misplaced private key (or a buggy implementation!) and you are vulnerable to catastrophic fund loss.
- Don't use
Math.random
- in any way - don't. - Enforce that users always verify (manually) a freshly-decoded human-readable version of their intended transaction before broadcast.
- Don't ask users to generate mnemonics, or 'brain wallets', humans are terrible random number generators.
The recommended method of using syscoinjs-lib
in your browser is through Browserify.
If you're familiar with how to use browserify, ignore this and carry on, otherwise, it is recommended to read the tutorial at https://browserify.org/.
NOTE: We use Node Maintenance LTS features, if you need strict ES5, use --transform babelify
in conjunction with your browserify
step (using an es2015
preset).
WARNING: iOS devices have problems, use atleast [email protected] or greater, and enforce the test suites (for Buffer
, and any other dependency) pass before use.
These are the functions available on SyscoinJS library with links to the code which has commenting on the function itself:
- SyscoinJSLib()
- getNotarizationSignatures()
- createAndSignPSBTFromRes()
- sign()
- createTransaction()
- assetNew()
- assetUpdate()
- assetSend()
- assetAllocationSend()
- assetAllocationBurn()
- assetAllocationMint()
- syscoinBurnToAssetAllocation()
These are some supporting functions used to support the library like working with backend providers (Blockbook) and sanitizing data from the providers:
- fetchNotarizationFromEndPoint()
- fetchBackendAsset()
- fetchBackendUTXOS()
- fetchBackendAccount()
- sendRawTransaction()
- fetchBackendRawTx()
- buildEthProof()
- sanitizeBlockbookUTXOs()
These are the HDSigner exported functions, HDSigner is used to manage and sign transactions internally using your XPUB (HD wallets). BIP44/BIP84 are supported. P2WPKH, P2WSH, P2PKH, P2SH:
- HDSigner()
- getMasterFingerprint()
- deriveAccount()
- setAccountIndex()
- restore()
- backup()
- getNewChangeAddress()
- getNewReceivingAddress()
- createAccount()
- getAccountXpub()
- createPSBTFromRes()
- setLatestIndexesFromXPubTokens()
- createKeypair()
- getAddressFromKeypair()
- getAddressFromPubKey()
- deriveKeypair()
- derivePubKey()
- getRootNode()
If you are looking to generate addresses, use WIFs or anything specific around crafting or doing blockchainy things not related to transaction creation, you may use bitcoinjs-lib and use the Syscoin network parameters (see utils.js for the exported syscoinNetworks parameters).
The below examples are implemented as example tests, they should be very easy to understand. Otherwise, pull requests are appreciated.
- Create standard Syscoin transaction
- Create new SPT
- Updating SPT
- Distributing SPT
- Sending SPT
- Burning SYSX SPT for Syscoin
- Burning SYS for SYSX SPT
- Burning SPT for SysEtheruem bridge
- Minting SPT from SysEthereum bridge (custom proof)
- Minting SPT from SysEthereum bridge (automated with txid)
If you have a use case that you feel could be listed here, please ask for it!
See CONTRIBUTING.md.
npm test
npm run-script coverage
This library consumes syscointx-js for raw transaction serializing and deserializing, that library consumes coinselectsyscoin for the UTXO selection and transaction funding algorithms. Other supporting libraries are:
- bn.js - BigNum in pure javascript.
- bitcoinjs-lib - A javascript Bitcoin library for node.js and browsers. Configurable with Syscoin network settings to work with Syscoin addresses and message signing.
- bitcoin-ops - A javascript Bitcoin OP code library for referencing script OP codes for Bitcoin's script
- varuint-bitcoin - encode/decode number as bitcoin variable length integer
- BIP84 - P2WPKH/P2WSH HD wallet derivation library for BECH32 addresses
- crypto-js - JavaScript library of crypto standards. Used for AES Encrypt/Decrypt of sensitive HD wallet info to local storage.
- axios - Promise based HTTP client for the browser and node.js. Used for backend communication with a Blockbook API as well as notary endpoints where applicable.
- eth-object - Ethereum Trie / LevelDB data from hex, buffers and rpc.
- eth-proof - Generalized merkle-patricia-proof module that supports ethereum state proofs. Used for Eth SPV proofs.
- rlp - Recursive Length Prefix Encoding for node.js.
- web3 - Ethereum JavaScript API which connects to the Generic JSON-RPC spec.