gitmyhub

bitcoinjs-lib

JavaScript ★ 6.0k updated 4mo ago

A javascript Bitcoin library for node.js and browsers.

A JavaScript library for building Bitcoin applications, create and sign transactions, generate addresses, and parse raw Bitcoin data, usable in both Node.js servers and web browsers, with strong security guidance built into the documentation.

TypeScriptJavaScriptNode.jssetup: moderatecomplexity 4/5

This is a JavaScript library for working with Bitcoin, usable in both Node.js server environments and web browsers. It gives developers the building blocks they need to create Bitcoin transactions, generate addresses, sign data, and interact with the Bitcoin network at a code level. It is written in TypeScript but also ships compiled JavaScript files.

The library handles the lower-level mechanics of Bitcoin: creating and signing transactions, parsing raw transaction data, and working with address formats. Key management, meaning generating and storing private keys, was split out into separate companion libraries called ecpair and bip32, which you install on top of this one if your application needs to create or derive keys.

The maintainers are unusually direct about risk. The README warns that cryptography is hard, that the quality of your random number generator matters enormously when dealing with private keys, and that bugs in seemingly unrelated parts of the JavaScript ecosystem can lead to loss of funds without any warning. They list specific practices to follow: do not reuse Bitcoin addresses, do not share extended public keys carelessly, do not use Math.random for anything security-related, and always have users confirm a readable version of a transaction before it is broadcast.

Installing is straightforward via npm. The library has over 95% test coverage and follows a consistent code style. Communication happens through GitHub issues and public chat rooms on IRC and Matrix. The maintainers explicitly say they will not create a Discord.

This repository is intended for developers building Bitcoin applications, wallets, or tools, not for end users. If you are not writing code, this library is not something you interact with directly. Only tagged releases are considered stable; the main development branch is not safe for production use.

Where it fits