All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog (modification: no type change headlines) and this project adheres to Semantic Versioning.
The new RLP v3 release is accepting and returning Uint8Array
objects instead of Buffer
for improved browser compatibility and usage.
There are two new helper functions in the bytes
module from the Util
library introduced in PR #1648 to help with associated Buffer conversions (while this is our main reason for introducing these functions the functionality can of course be used for other things as well):
arrToBufArr()
: Converts aUint8Array
orNestedUint8Array
toBuffer
orNestedBufferArray
bufArrToArr()
: Converts aBuffer
orNestedBufferArray
toUint8Array
orNestedUint8Array
Note: the RLP version exposed by this package as a re-export is still RLP v2
. This won't change along additional v7
Util releases and other current monorepo libraries (VM, Tx,...) are also still using the v2
RLP version.
- New
validateNoLeadingZeroes()
function inbytes
module for validating Buffers to have no leading zeros (mainly within an RLP context), PR #1568 - New
MAX_UINT64
constant which can be used to check if aBN
instance exceeds the max. possible 64-bit integer value, PR #1568
toBuffer
(bytes
module) now throws when a negative BN is provided as input, PR #1606- Dependencies: deduplicated RLP import, PR #1549
This release replaces ethjs-util
dependency with an internal.ts
file which re-exports all the used functions (thanks to @talentlessguy for the PR).
This has a list of benefits:
- Less maintenance burden (fewer dependencies to care about)
- Better types and avoids use of deprecated APIs (e.g. new Buffer)
- Smaller bundle/install size
See: PR #1517
- Fixed a bug in
toUtf8
not working correctly with leading or trailing single 0s, see PR #1522 - Rewrote
toUtf8
function and added extended code docs, method now throws on malformed uneven hex input values, see PR #1525
- Replaced the
ethjs-util
intToHex
andintToBuffer
re-exports with own implementations which throw on wrong integer input (decimal values, non-safe integers, negative numbers,...) to allow for a safer integer type input, PR #1500
- Fixed a bug in
toType()
helper function to now returnnull
/undefined
for respective input values, PR #1477 - Add note discouraging use of
EIP-1191
format checksums when usingtoChecksumAddress()
(breaks checksum backwards compatibility in current form), PR #1463
We significantly updated our internal tool and CI setup along the work on PR #913 with an update to ESLint
from TSLint
for code linting and formatting and the introduction of a new build setup.
Packages now target ES2017
for Node.js builds (the main
entrypoint from package.json
) and introduce a separate ES5
build distributed along using the browser
directive as an entrypoint, see PR #921. This will result in performance benefits for Node.js consumers, see here for a releated discussion.
Source files from the src
folder are now included in the distribution build, see PR #1301. This allows for a better debugging experience in debug tools like Chrome DevTools by having working source map references to the original sources available for inspection.
The signature
module comes with a new helper function toCompactSig(v: BNLike, r: Buffer, s: Buffer, chainId?: BNLike): string
which allows to convert signature parameters into the format of Compact Signature Representation as defined in EIP-2098.
- Renamed
bnToRlp()
helper function tobnToUnpaddedBuffer()
, PR #1293
- Added
Address.isPrecompileOrSystemAddress()
method which returnstrue
if address is in the address range defined by EIP-1352, PR #1170 - Return
false
(instead of throwing) for non-hex-string values in account moduleisValidAddress
,isValidChecksumAddress
,isZeroAddress
methods (it now gets enough to just handle thefalse
case on function usage), PR #1173
7.0.9 - 2021-03-04
This release adds support for very high chainId
numbers exceeding MAX_SAFE_INTEGER
(an example is the chain ID 34180983699157880
used for the ephemeral Yolov3 testnet preparing for the berlin
hardfork, but high chain IDs might be used for things like private test networks and the like as well), see PR #290.
Function signatures for methods in address
and signature
are therefore expanded to allow for a BNLike
input type (BN | PrefixedHexString | number | Buffer
) for chain ID related parameters.
All function signatures are still taking in a number
input for backwards-compatibility reasons. If you use one of the following functions to implement generic use cases in your library where the chain ID is not yet known it is recommended to updated to one of the other input types (with plain Buffer
likely be the most future-proof). Note that on some functions this changes the return value as well.
account
:toChecksumAddresss(hexAddress: string, eip1191ChainId?: number): string
- ->
toChecksumAddress = function(hexAddress: string, eip1191ChainId?: BNLike): string
- ->
account
:isValidChecksumAddress(hexAddress: string, eip1191ChainId?: number)
- ->
isValidChecksumAddress(hexAddress: string, eip1191ChainId?: BNLike)
- ->
signature
:ecsign(msgHash: Buffer, privateKey: Buffer, chainId?: number): ECDSASignature
- ->
ecsign(msgHash: Buffer, privateKey: Buffer, chainId?: number): ECDSASignature
(return value stays the same onnumber
input) - ->
ecsign(msgHash: Buffer, privateKey: Buffer, chainId: BNLike): ECDSASignatureBuffer
(changed return value for other type inputs)
- ->
signature
:ecrecover(msgHash: Buffer, v: number, r: Buffer, s: Buffer, chainId?: number): Buffer
- ->
ecrecover(msgHash: Buffer, v: BNLike, r: Buffer, s: Buffer, chainId?: BNLike): Buffer
- ->
signature
:toRpcSig(v: number, r: Buffer, s: Buffer, chainId?: number): string
- ->
toRpcSig(v: BNLike, r: Buffer, s: Buffer, chainId?: BNLike): string
- ->
signature
:isValidSignature(v: number, r: Buffer, s: Buffer, homesteadOrLater: boolean = true, chainId?: number)
- ->
isValidSignature(v: BNLike, r: Buffer, s: Buffer, homesteadOrLater: boolean = true, chainId?: BNLike)
- ->
Along there is a new toType()
helper function which can be used to easily convert to a BNLike
output type.
7.0.8 - 2021-02-01
- New
Address.equals(address: Address)
function for easier address equality comparions, PR #285 - Fixed a bug in
fromRpcSig()
in thesignature
module not working correctly for chain IDs greater than 110, PR #287
7.0.7 - 2020-10-15
- Removed
stateRoot
check forAccount.isEmpty()
to make emptiness checkEIP-161
compliant, PR #279 - Added type
AddressLike
and helperbnToHex()
, PR #279 - Added
account.raw()
which returns a Buffer Array of the raw Buffers for the account in order, PR #279
7.0.6 - 2020-10-07
This release adds a new Account
class intended as a modern replacement for ethereumjs-account
. It has a shape of Account(nonce?: BN, balance?: BN, stateRoot?: Buffer, codeHash?: Buffer)
.
Instantiation
The static factory methods assist in creating an Account
object from varying data types: Object: fromAccountData
, RLP: fromRlpSerializedAccount
, and Array: fromValuesArray
.
Methods: isEmpty(): boolean
, isContract(): boolean
, serialize(): Buffer
Example usage:
import { Account, BN } from 'ethereumjs-util'
const account = new Account(
new BN(0), // nonce, default: 0
new BN(10).pow(new BN(18)), // balance, default: 0
undefined, // stateRoot, default: KECCAK256_RLP (hash of RLP of null)
undefined, // codeHash, default: KECCAK256_NULL (hash of null)
)
For more info see the documentation, examples of usage in test/account.spec.ts
or
PR #275.
A new file with helpful TypeScript types has been added to the exports of this project, see PR #275.
In this release it contains BNLike
, BufferLike
, and TransformableToBuffer
.
The Address class has as a new method address.toBuffer()
that will give you a copy of the underlying address.buf
(PR #277).
The toBuffer()
exported function now additionally converts any object with a toBuffer()
method
(PR #277).
7.0.5 - 2020-09-09
This release adds a new module address
- see README -
with a new Address
class and type which can be used for creating and representing Ethereum addresses.
Example usage:
import { Address } from 'ethereumjs-util'
const pubKey = Buffer.from(
'3a443d8381a6798a70c6ff9304bdc8cb0163c23211d11628fae52ef9e0dca11a001cf066d56a8156fc201cd5df8a36ef694eecd258903fca7086c1fae7441e1d',
'hex',
)
const address = Address.fromPublicKey(pubKey)
In TypeScript
the associated Address
type can be used to more strictly enforce type checks
(e.g. on the length of an address) on function parameters expecting an address input.
So you can declare a function like the following: myAddressRelatedFunction(Address: address)
to get more assurance that the address input is correct.
See PR #186
7.0.4 - 2020-08-04
- Fixed
BN.js
andRLP
re-export failures from TypeScript, PR #270 - Fixed an issue along large-value input due to a string copy inconsistency
within the
assertIs*
helper functions, issue affects most methods of the library, PR #269
7.0.3 - 2020-07-07
This release replaces the keccak
and secp256k1
dependencies
(PR #257)
and instead uses the
ethereum-cryptography
package that uses native JS implementations for cryptographic primitives
and makes use of modern and forward-compatible N-API implementations in Node
wherever possible.
This is part of a larger initiative led by Nomic Labs to improve the developer experience within the Ethereum developer ecosystem, see ethereum/js-team-organization#18 for context.
Other Changes:
7.0.2 - 2020-05-25
This patch release re-establishes the state of v7.0.0
release and upgrades
the BN.js
re-export version back to v5
since quick patches for both
the v5
(v5.1.2) and
the v4
branch (v4.11.9)
have been released to fix interoperability issues between the BN.js
versions.
This now makes it possible to move to the latest BN.js
v5
version and profit
from future upgrades and patches.
An upgrade is highly recommended, the v7.0.1
release will be marked as
deprecated along this release.
See: Issue #250
7.0.1 - 2020-05-15
[DEPRECATED in favour of v7.0.2]
This patch release downgrades the re-exported BN.js
version from v5
to
v4
(so a continuation of what has being used within the v6.x
versions).
This is due to some unexpected interoperability problems in libraries using
the older v4
BN.js
branch in their some of their respective dependencies.
An upgrade is highly recommended, the v7.0.0
release will be marked as
deprecated along this release.
See: Issue #250
7.0.0 - 2020-04-30
[DEPRECATED in favour of v7.0.1]
This release comes with significant changes to the API, updated versions of the core crypto libraries and substantial developer improvements in the form of a refactored test suite and API documentation.
Changes to the API have been discussed in Issue #172 and are guided by the principles of:
- Make the API more typestrict
- Be less ambiguous regarding accepted values
- Avoid implicit type conversions
- Be more explicit on wrong input (just: throw)
While the implemented changes come with some additional need for manual type conversions depending on the usage context, they should finally lead to cleaner usage patterns on the cosuming side and a more predictable, robust and less error-prone control flow.
Some note: for methods where Buffer
usage is now enforced you can use the
Bytes.toBuffer()
method for conversion.
PR: #241
Hex prefixing is now enforced for all address string inputs and functions will throw if a non-hex string is provided:
Account.isValidAddress()
Account.isZeroAddress()
Account.toChecksumAddress()
Account.isValidChecksumAddress()
The Account.isPrecompile()
method was removed from the code base,
PR #242
PR: #245
Implicit Buffer
conversions for the following methods have been removed
and Buffer
inputs are now enforced:
Account.generateAddress()
Account.generateAddress2()
Account.pubToAddress()
AccountprivateToPublic()
AccountimportPublic()
PR: #244
- Enforced
Buffer
input forBytes.setLengthLeft()
,Bytes.setLengthRight()
Bytes.setLength()
has been removed (alias forBytes.setLengthLeft()
)Bytes.stripZeros()
has been removed (alias forBytes.unPad()
)Bytes.unpad
has been split up into:Bytes.unpadBuffer()
Bytes.unpadHexString()
Bytes.unpadArray()
PR #247
The following methods are now Buffer
-only:
Hash.keccak()
Hash.keccak256()
Hash.sha256()
Hash.ripemd160()
Hash.keccak()
gets the following additional convenience methods:
Hash.keccakFromString()
Hash.keccakFromHexString()
(hex string enforced)Hash.keccakFromArray()
Hash.sha256()
gets the following additional convenience methods:
Hash.sha256FromString()
Hash.sha256FromArray()
Hash.ripemd160()
gets the following additional convenience methods:
Hash.ripemd160FromString()
Hash.ripemd160FromArray()
- Added support for Node 14, PR #249
- Dropped support for Node
8
along PR #228 - Updated
BN.js
library re-export from4.x
to5.x
, PR [#249], ethereumjs/ethereumjs-util#249 - Removed
secp2561
re-export (use methods provided or import directly), PR #228
Keccak
dependency has been updated from 2.1.0
to 3.0.0
. This version
comes with prebuilds for Linux, MacOS and Windows so most users won't need
to have node-gyp
run on installation.
The version update also brings in feature compatibility with newer Node.js versions.
The secp2561
ECDSA dependency has been updated from 3.0.1
to 4.0.1
.
- Refactored test suite (module split-up, headless Firefox and Chrome), PR #231
- Moved CI from Travis to GitHub Actions, PR #231
- Improved and updated
TypeDoc
API documentation, PR #232 and PR #236 - Basic API tests for re-exports (BN.js, RLP, ethjsUtil), PR #235
6.2.0 - 2019-11-06
This release comes with a new file structure, related functionality is now broken
down into separate files (like account.js
) allowing for more oversight and
modular integration. All functionality is additionally exposed through an
aggregating index.js
file, so this version remains backwards-compatible.
Overview on the new structure:
account
: Private/public key and address-related functionality (creation, validation, conversion)byte
: Byte-related helper and conversion functionsconstants
: Exposed constants (e.g.KECCAK256_NULL_S
for the string representation of the Keccak-256 hash of null)hash
: Hash functionsobject
: Helper function for creating a binary object (DEPRECATED
)signature
: Signing, signature validation, conversion, recovery
See associated PRs #182 and #179.
Features
account
: AddedEIP-1191
address checksum algorithm support fortoChecksumAddress()
, PR #204
Bug Fixes
bytes
:toBuffer()
conversion function now throws if strings aren't0x
-prefixed hex values making the behavior oftoBuffer()
more predictable respectively less error-prone (you might generally want to check cases in your code where you eventually allowed non-0x
-prefixed input before), PR #197
Dependencies / Environment
- Dropped Node
6
, added Node11
and12
to officially supported Node versions, PR #207 - Dropped
safe-buffer
dependency, PR #182 - Updated
rlp
dependency fromv2.0.0
tov2.2.3
(TypeScript
improvements for RLP hash functionality), PR #187 - Made
@types/bn.js
adependency
instead of adevDependency
, PR #205 - Updated
keccak256
dependency fromv1.4.0
tov2.0.0
, PR #168
6.1.0 - 2019-02-12
First TypeScript based release of the library, now also including a type declaration file distributed along with the package published, see PR #170.
Bug Fixes
- Fixed a bug in
isValidSignature()
not correctly returningfalse
if passed ans
-value greater thansecp256k1n/2
onhomestead
or later. If you use the method signature with more than three arguments (so not just passing inv
,r
,s
and use it likeisValidSignature(v, r, s)
and omit the optional args) please read the thread from PR #171 carefully and check your code.
Development
- Updated
@types/node
to Node11
types, PR #175 - Changed browser from Chrome to ChromeHeadless, PR #156
6.0.0 - 2018-10-08
- Support for
EIP-155
replay protection by adding an optionalchainId
parameter toecsign()
,ecrecover()
,toRpcSig()
andisValidSignature()
, if present the new signature format relying on thechainId
is used, see PR #143 - New
generateAddress2()
forCREATE2
opcode (EIP-1014
) address creation (Constantinople HF), see PR #146 - [BREAKING] Fixed signature to comply with Geth and Parity in
toRpcSig()
changingv
from 0/1 to 27/28, this changes the resulting signature buffer, see PR #139 - [BREAKING] Remove deprecated
sha3
-named constants and methods (seev5.2.0
release), see PR #154
5.2.0 - 2018-04-27
- Rename all
sha3
hash related constants and functions tokeccak
, see this EIP discussion for context (tl;dr: Ethereum uses a slightly different hash algorithm then in the officialSHA-3
standard) - Renamed constants:
SHA3_NULL_S
->KECCAK256_NULL_S
SHA3_NULL
->KECCAK256_NULL
SHA3_RLP_ARRAY_S
->KECCAK256_RLP_ARRAY_S
SHA3_RLP_ARRAY
->KECCAK256_RLP_ARRAY
SHA3_RLP_S
->KECCAK256_RLP_S
SHA3_RLP
->KECCAK256_RLP
- Renamed functions:
sha3()
->keccak()
(number of bits determined in arguments)
- New
keccak256()
alias function forkeccak(a, 256)
- The usage of the
sha
-named versions is nowDEPRECATED
and the related constants and functions will be removed on the next major releasev6.0.0
5.1.5 - 2018-02-28
- Fix
browserify
issue leading to 3rd-party build problems, PR #119
5.1.4 - 2018-02-03
- Moved to
ES5
Node distribution version for easier toolchain integration, PR #114 - Updated
isPrecompile()
with Byzantium precompile address range, PR #115
5.1.3 - 2018-01-03
ES6
syntax updates- Dropped Node
5
support - Moved babel to dev dependencies, switched to
env
preset - Usage of
safe-buffer
instead of NodeBuffer
- Do not allow capital
0X
as valid address inisValidAddress()
- New methods
zeroAddress()
andisZeroAddress()
- Updated dependencies
5.1.2 - 2017-05-31
- Add browserify for
ES2015
compatibility - Fix hex validation
5.1.1 - 2017-02-10
- Use hex utils from
ethjs-util
- Move secp vars into functions
- Dependency updates
5.1.0 - 2017-02-04
- Fix
toRpcSig()
function - Updated Buffer creation (
Buffer.from
) - Dependency updates
- Fix npm error
- Use
keccak
package instead ofkeccakjs
- Helpers for
eth_sign
RPC call
5.0.1 - 2016-11-08
- Fix
bufferToHex()
5.0.0 - 2016-11-08
- Added
isValidSignature()
(ECDSA signature validation) - Change
v
param inecrecover()
fromBuffer
toint
(breaking change!) - Fix property alias for setting with initial parameters
- Reject invalid signature lengths for
fromRpcSig()
- Fix
sha3()
width
param (byte -> bit) - Fix overflow bug in
bufferToInt()
4.5.0 - 2016-17-12
- Introduced
toMessageSig()
andfromMessageSig()