@mybucks.online/core 1.1.0 → 1.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +6 -0
- package/index.js +18 -3
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -10,6 +10,10 @@ As a hash function, the **Scrypt** Key Derivation Function (KDF) increases the c
|
|
|
10
10
|
|
|
11
11
|
It fully runs on your **browser side** without using any storage or invoking any 3rd-party APIs for key management. It instantly generates your private key from your credentials input, and whenever you close or refresh, there is **no footprint**. This absolutely protects your privacy.
|
|
12
12
|
|
|
13
|
+
With mybucks.online, you can send cryptocurrency and even **wallet itself via a URL**. The recipient simply clicks the link to open the wallet and take full ownership. This feature allows you to create a one-time wallet and put stablecoins or memecoins into it. You can **transfer full ownership as a gift** without ever asking for a recipient's wallet address. These serve as a "starter" wallet for the recipients, who can then easily withdraw the funds into their own personal pockets or primary wallets.
|
|
14
|
+
|
|
15
|
+
This is a powerful tool for **bulk distribution** and **massive airdrops** to many people simultaneously. You no longer need to ask for a wallet address or force users to connect their wallet to your app for a small $5 referral fee. You simply share the unique links through any messaging platform, social media, or email.
|
|
16
|
+
|
|
13
17
|
### Zero Footprint
|
|
14
18
|
- No servers, no databases, no storage and no tracking.
|
|
15
19
|
- 100% browser-based.
|
|
@@ -39,6 +43,8 @@ npm install @mybucks.online/core
|
|
|
39
43
|
|
|
40
44
|
### 2. Generate hash, private-key and wallet address
|
|
41
45
|
|
|
46
|
+
Passphrase and PIN are validated with **zxcvbn** before hashing. Weak passphrase or PIN will yield an empty hash or `null` token.
|
|
47
|
+
|
|
42
48
|
```javascript
|
|
43
49
|
import {
|
|
44
50
|
getEvmPrivateKey,
|
package/index.js
CHANGED
|
@@ -15,12 +15,17 @@ const HASH_OPTIONS = {
|
|
|
15
15
|
keyLen: 64,
|
|
16
16
|
};
|
|
17
17
|
|
|
18
|
+
export const PASSPHRASE_MIN_LENGTH = 12;
|
|
19
|
+
export const PASSPHRASE_MAX_LENGTH = 128;
|
|
20
|
+
export const PIN_MIN_LENGTH = 6;
|
|
21
|
+
export const PIN_MAX_LENGTH = 16;
|
|
22
|
+
|
|
18
23
|
/**
|
|
19
24
|
* This function computes the scrypt hash using provided passphrase and pin inputs.
|
|
20
|
-
* Passphrase and pin are validated
|
|
25
|
+
* Passphrase and pin are validated by length (see PASSPHRASE_MIN/MAX_LENGTH, PIN_MIN/MAX_LENGTH) and zxcvbn; invalid or weak values are rejected (returns "").
|
|
21
26
|
*
|
|
22
|
-
* @param {*} passphrase -
|
|
23
|
-
* @param {*} pin -
|
|
27
|
+
* @param {*} passphrase - Length in [PASSPHRASE_MIN_LENGTH, PASSPHRASE_MAX_LENGTH], zxcvbn score >= 3
|
|
28
|
+
* @param {*} pin - Length in [PIN_MIN_LENGTH, PIN_MAX_LENGTH], zxcvbn score >= 1
|
|
24
29
|
* @param {*} cb a callback function designed to receive the progress updates during the scrypt hashing process.
|
|
25
30
|
* @returns hash result as string format, or "" if passphrase/pin missing or too weak
|
|
26
31
|
*/
|
|
@@ -29,6 +34,16 @@ export async function generateHash(passphrase, pin, cb = () => {}) {
|
|
|
29
34
|
return "";
|
|
30
35
|
}
|
|
31
36
|
|
|
37
|
+
const passphraseLen = String(passphrase).length;
|
|
38
|
+
if (passphraseLen < PASSPHRASE_MIN_LENGTH || passphraseLen > PASSPHRASE_MAX_LENGTH) {
|
|
39
|
+
return "";
|
|
40
|
+
}
|
|
41
|
+
|
|
42
|
+
const pinLen = String(pin).length;
|
|
43
|
+
if (pinLen < PIN_MIN_LENGTH || pinLen > PIN_MAX_LENGTH) {
|
|
44
|
+
return "";
|
|
45
|
+
}
|
|
46
|
+
|
|
32
47
|
const passphraseResult = zxcvbn(passphrase);
|
|
33
48
|
if (passphraseResult.score < 3) {
|
|
34
49
|
return "";
|