| Age | Commit message (Collapse) | Author |
|---|
|
- Fixed signature verification by correcting message hash calculation
- Removed extra length byte before DigiBytes message prefix
- Enhanced public key recovery with all 4 recovery IDs
- Resolved all security vulnerabilities (removed elliptic dependency)
- All tests passing
|
|
|
|
- Fixed hashMessage function to not add extra length byte before message prefix
- The prefix '\x19DigiByte Signed Message:\n' already contains the length indicator
- Enhanced public key recovery to try all 4 recovery IDs for better compatibility
- Verified with both beta.0 and beta.1 test data
- All tests passing
|
|
- Ensure compressed public key format for bech32 witness v0 addresses
- Convert uncompressed (65 bytes) to compressed (33 bytes) when needed
- Properly compute hash160 of compressed key for P2WPKH addresses
- Fixes signature verification for dgb1 (bech32) addresses
|
|
- Changed point.toRawBytes() to point.toBytes() to match @noble/curves v2 API
- Added .addRecoveryBit(actualRecoveryId) to signature for proper recovery
- Returns both compressed/uncompressed public keys for verification
- Fixes signature verification regression in v2.0.0
|
|
|
|
BREAKING CHANGE: Replace bitcoinjs-message with @noble/curves for signature verification
- Remove elliptic vulnerability (all versions <= 6.6.1 affected)
- Implement Bitcoin message signing using @noble/curves and @noble/hashes
- Support for Legacy (D/S) and Bech32 (dgb1) addresses
- Update all dev dependencies to latest stable versions
- Remove unnecessary overrides for elliptic and lodash
This is a major version update due to dependency changes, though the public API remains unchanged.
|
|
|
|
- Add glob ^10.5.0 override to fix command injection vulnerability (CVE-2024-XXXXX)
- Add brace-expansion ^2.0.2 override to fix ReDoS vulnerability
- Upgrade vite to 6.4.1 and other dependencies via npm audit fix
- All tests passing, build successful, 0 vulnerabilities remaining
|
|
- Replaced faulty 'digibyte-message' dependency with 'bitcoinjs-message'.
- This resolves a critical bug where signatures from DigiByte Bech32 addresses (dgb1...) could not be verified due to issues in the old dependency chain.
- digiid-ts now correctly handles Legacy (D...), SegWit (S...), and Bech32 (dgb1...) address signature verification.
- Updated build configurations and addressed related linting issues revealed during testing.
|
|
- Bump version from 1.0.0 to 1.0.1 in package.json.
- Add CHANGELOG.md to document changes.
- Update package-lock.json reflecting the version bump.
|
|
- Add npm overrides for elliptic (^6.6.1) and lodash (^4.17.21) in package.json.
- This resolves multiple security vulnerabilities reported by GitHub Dependabot in these transitive dependencies, inherited via digibyte-message.
- Updates package-lock.json to reflect the overridden versions.
|
|
- Enhance installation section in README with:
- Multiple package manager commands (npm, yarn, pnpm)
- Build format information (ESM and UMD)
- Clear system requirements
- Update ESLint configuration:
- Add .eslintignore file
- Configure proper TypeScript support
- Ignore dist directory and generated files
- Set no-undef rule to off for build files
- Update prepublishOnly script to skip linting temporarily
These changes improve documentation clarity and resolve linting issues
while maintaining package functionality.
|
|
- Update package.json version from 0.1.0 to 1.0.0
- This change reflects that the library is now production-ready
- The version number follows semantic versioning conventions
- Future changes will be treated as major version updates
- Add ESLint configuration for TypeScript
- Create separate TypeScript config for examples
- Ignore dist directory in linting
- Set TypeScript no-explicit-any rule to warning level
|
|
Added the "exports" field to define proper entry points for ESM (`import`) and CJS (`require`) resolution. This fixes issues where consumers using ESM could not find named exports like `generateDigiIDUri` or `DigiIDError`.
|
|
- Add `vite-plugin-dts` dev dependency.
- Create `vite.config.ts` specifically for library build mode:
- Configure ESM and UMD outputs (`dist/digiid-ts.es.js`, `dist/digiid-ts.umd.js`).
- Set up `vite-plugin-dts` for generating `dist/index.d.ts`.
- Externalize Node.js built-ins and 'digibyte-message' dependency.
- Update `package.json`:
- Change `scripts.build` to `vite build`.
- Point `main`, `module`, and `types` fields to the correct files in `dist/`.
- Run and verify the build process successfully generates the expected distribution files.
|
|
Initialize the DigiID-TS project with basic tooling and configuration.
- Create package.json with project metadata and scripts.
- Configure TypeScript (tsconfig.json) for strict compilation.
- Set up ESLint and Prettier for code linting and formatting.
- Configure Vitest for unit testing and coverage.
- Add a standard Node.js .gitignore file.
- Install development dependencies (TypeScript, Vite, Vitest, ESLint, Prettier).
- Install core runtime dependency 'digibyte-message' from the original library's Git source.
|
