@noble/curves 1.2.0 → 1.4.0

package/src/bls12-381.ts

@@ -1,15 +1,9 @@
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
 
-// bls12-381 pairing-friendly Barreto-Lynn-Scott elliptic curve construction allows to:
-// - Construct zk-SNARKs at the 128-bit security
-// - Use threshold signatures, which allows a user to sign lots of messages with one signature and
-//   verify them swiftly in a batch, using Boneh-Lynn-Shacham signature scheme.
-//
-// The library uses G1 for public keys and G2 for signatures. Support for G1 signatures is planned.
-// Compatible with Algorand, Chia, Dfinity, Ethereum, FIL, Zcash. Matches specs
-// [pairing-curves-11](https://tools.ietf.org/html/draft-irtf-cfrg-pairing-friendly-curves-11),
-// [bls-sigs-04](https:/cfrg-hash-to/tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04),
-// [hash-to-curve-12](https://tools.ietf.org/html/draft-irtf--curve-12).
+// bls12-381 is pairing-friendly Barreto-Lynn-Scott elliptic curve construction allowing to:
+// - Construct zk-SNARKs at the 120-bit security
+// - Efficiently verify N aggregate signatures with 1 pairing and N ec additions:
+//   the Boneh-Lynn-Shacham signature scheme is orders of magnitude more efficient than Schnorr
 //
 // ### Summary
 // 1. BLS Relies on Bilinear Pairing (expensive)
@@ -25,8 +19,17 @@
 // - `S = pk x H(m)` - signing
 // - `e(P, H(m)) == e(G, S)` - verification using pairings
 // - `e(G, S) = e(G, SUM(n)(Si)) = MUL(n)(e(G, Si))` - signature aggregation
-// Filecoin uses little endian byte arrays for private keys -
-// so ensure to reverse byte order if you'll use it with FIL.
+//
+// ### Compatibility and notes
+// 1. It is compatible with Algorand, Chia, Dfinity, Ethereum, Filecoin, ZEC
+//    Filecoin uses little endian byte arrays for private keys - make sure to reverse byte order.
+// 2. Some projects use G2 for public keys and G1 for signatures. It's called "short signature"
+// 3. Curve security level is about 120 bits as per Barbulescu-Duquesne 2017
+//    https://hal.science/hal-01534101/file/main.pdf
+// 4. Compatible with specs:
+// [cfrg-pairing-friendly-curves-11](https://tools.ietf.org/html/draft-irtf-cfrg-pairing-friendly-curves-11),
+// [cfrg-bls-signature-05](https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-bls-signature-05),
+// [RFC 9380](https://www.rfc-editor.org/rfc/rfc9380).
 import { sha256 } from '@noble/hashes/sha256';
 import { randomBytes } from '@noble/hashes/utils';
 import { bls, CurveFn } from './abstract/bls.js';
@@ -37,7 +40,6 @@ import {
   numberToBytesBE,
   bytesToNumberBE,
   bitLen,
-  bitSet,
   bitGet,
   Hex,
   bitMask,
@@ -1016,11 +1018,41 @@ const htfDefaults = Object.freeze({
 
 // Encoding utils
 // Point on G1 curve: (x, y)
-const C_BIT_POS = Fp.BITS; // C_bit, compression bit for serialization flag
-const I_BIT_POS = Fp.BITS + 1; // I_bit, point-at-infinity bit for serialization flag
-const S_BIT_POS = Fp.BITS + 2; // S_bit, sign bit for serialization flag
+
 // Compressed point of infinity
-const COMPRESSED_ZERO = Fp.toBytes(bitSet(bitSet(_0n, I_BIT_POS, true), S_BIT_POS, true)); // set compressed & point-at-infinity bits
+const COMPRESSED_ZERO = setMask(Fp.toBytes(_0n), { infinity: true, compressed: true }); // set compressed & point-at-infinity bits
+
+function parseMask(bytes: Uint8Array) {
+  // Copy, so we can remove mask data. It will be removed also later, when Fp.create will call modulo.
+  bytes = bytes.slice();
+  const mask = bytes[0] & 0b1110_0000;
+  const compressed = !!((mask >> 7) & 1); // compression bit (0b1000_0000)
+  const infinity = !!((mask >> 6) & 1); // point at infinity bit (0b0100_0000)
+  const sort = !!((mask >> 5) & 1); // sort bit (0b0010_0000)
+  bytes[0] &= 0b0001_1111; // clear mask (zero first 3 bits)
+  return { compressed, infinity, sort, value: bytes };
+}
+
+function setMask(
+  bytes: Uint8Array,
+  mask: { compressed?: boolean; infinity?: boolean; sort?: boolean }
+) {
+  if (bytes[0] & 0b1110_0000) throw new Error('setMask: non-empty mask');
+  if (mask.compressed) bytes[0] |= 0b1000_0000;
+  if (mask.infinity) bytes[0] |= 0b0100_0000;
+  if (mask.sort) bytes[0] |= 0b0010_0000;
+  return bytes;
+}
+
+function signatureG1ToRawBytes(point: ProjPointType<Fp>) {
+  point.assertValidity();
+  const isZero = point.equals(bls12_381.G1.ProjectivePoint.ZERO);
+  const { x, y } = point.toAffine();
+  if (isZero) return COMPRESSED_ZERO.slice();
+  const P = Fp.ORDER;
+  const sort = Boolean((y * _2n) / P);
+  return setMask(numberToBytesBE(x, Fp.BYTES), { compressed: true, sort });
+}
 
 function signatureG2ToRawBytes(point: ProjPointType<Fp2>) {
   // NOTE: by some reasons it was missed in bls12-381, looks like bug
@@ -1032,10 +1064,12 @@ function signatureG2ToRawBytes(point: ProjPointType<Fp2>) {
   const { re: x0, im: x1 } = Fp2.reim(x);
   const { re: y0, im: y1 } = Fp2.reim(y);
   const tmp = y1 > _0n ? y1 * _2n : y0 * _2n;
-  const aflag1 = Boolean((tmp / Fp.ORDER) & _1n);
-  const z1 = bitSet(bitSet(x1, 381, aflag1), S_BIT_POS, true);
+  const sort = Boolean((tmp / Fp.ORDER) & _1n);
   const z2 = x0;
-  return concatB(numberToBytesBE(z1, len), numberToBytesBE(z2, len));
+  return concatB(
+    setMask(numberToBytesBE(x1, len), { sort, compressed: true }),
+    numberToBytesBE(z2, len)
+  );
 }
 
 // To verify curve parameters, see pairing-friendly-curves spec:
@@ -1074,7 +1108,7 @@ export const bls12_381: CurveFn<Fp, Fp2, Fp6, Fp12> = bls({
     ),
     a: Fp.ZERO,
     b: _4n,
-    htfDefaults: { ...htfDefaults, m: 1 },
+    htfDefaults: { ...htfDefaults, m: 1, DST: 'BLS_SIG_BLS12381G1_XMD:SHA-256_SSWU_RO_NUL_' },
     wrapPrivateKey: true,
     allowInfinityPoint: true,
     // Checks is the point resides in prime-order subgroup.
@@ -1116,26 +1150,30 @@ export const bls12_381: CurveFn<Fp, Fp2, Fp6, Fp12> = bls({
       return isogenyMapG1(x, y);
     },
     fromBytes: (bytes: Uint8Array): AffinePoint<Fp> => {
-      bytes = bytes.slice();
-      if (bytes.length === 48) {
+      const { compressed, infinity, sort, value } = parseMask(bytes);
+      if (value.length === 48 && compressed) {
         // TODO: Fp.bytes
         const P = Fp.ORDER;
-        const compressedValue = bytesToNumberBE(bytes);
-        const bflag = bitGet(compressedValue, I_BIT_POS);
+        const compressedValue = bytesToNumberBE(value);
         // Zero
-        if (bflag === _1n) return { x: _0n, y: _0n };
         const x = Fp.create(compressedValue & Fp.MASK);
+        if (infinity) {
+          if (x !== _0n) throw new Error('G1: non-empty compressed point at infinity');
+          return { x: _0n, y: _0n };
+        }
         const right = Fp.add(Fp.pow(x, _3n), Fp.create(bls12_381.params.G1b)); // y² = x³ + b
         let y = Fp.sqrt(right);
         if (!y) throw new Error('Invalid compressed G1 point');
-        const aflag = bitGet(compressedValue, C_BIT_POS);
-        if ((y * _2n) / P !== aflag) y = Fp.neg(y);
+        if ((y * _2n) / P !== BigInt(sort)) y = Fp.neg(y);
         return { x: Fp.create(x), y: Fp.create(y) };
-      } else if (bytes.length === 96) {
+      } else if (value.length === 96 && !compressed) {
         // Check if the infinity flag is set
-        if ((bytes[0] & (1 << 6)) !== 0) return bls12_381.G1.ProjectivePoint.ZERO.toAffine();
-        const x = bytesToNumberBE(bytes.subarray(0, Fp.BYTES));
-        const y = bytesToNumberBE(bytes.subarray(Fp.BYTES));
+        const x = bytesToNumberBE(value.subarray(0, Fp.BYTES));
+        const y = bytesToNumberBE(value.subarray(Fp.BYTES));
+        if (infinity) {
+          if (x !== _0n || y !== _0n) throw new Error('G1: non-empty point at infinity');
+          return bls12_381.G1.ProjectivePoint.ZERO.toAffine();
+        }
         return { x: Fp.create(x), y: Fp.create(y) };
       } else {
         throw new Error('Invalid point G1, expected 48/96 bytes');
@@ -1147,10 +1185,8 @@ export const bls12_381: CurveFn<Fp, Fp2, Fp6, Fp12> = bls({
       if (isCompressed) {
         if (isZero) return COMPRESSED_ZERO.slice();
         const P = Fp.ORDER;
-        let num;
-        num = bitSet(x, C_BIT_POS, Boolean((y * _2n) / P)); // set aflag
-        num = bitSet(num, S_BIT_POS, true);
-        return numberToBytesBE(num, Fp.BYTES);
+        const sort = Boolean((y * _2n) / P);
+        return setMask(numberToBytesBE(x, Fp.BYTES), { compressed: true, sort });
       } else {
         if (isZero) {
           // 2x PUBLIC_KEY_LENGTH
@@ -1161,6 +1197,30 @@ export const bls12_381: CurveFn<Fp, Fp2, Fp6, Fp12> = bls({
         }
       }
     },
+    ShortSignature: {
+      fromHex(hex: Hex): ProjPointType<Fp> {
+        const { infinity, sort, value } = parseMask(ensureBytes('signatureHex', hex, 48));
+        const P = Fp.ORDER;
+        const compressedValue = bytesToNumberBE(value);
+        // Zero
+        if (infinity) return bls12_381.G1.ProjectivePoint.ZERO;
+        const x = Fp.create(compressedValue & Fp.MASK);
+        const right = Fp.add(Fp.pow(x, _3n), Fp.create(bls12_381.params.G1b)); // y² = x³ + b
+        let y = Fp.sqrt(right);
+        if (!y) throw new Error('Invalid compressed G1 point');
+        const aflag = BigInt(sort);
+        if ((y * _2n) / P !== aflag) y = Fp.neg(y);
+        const point = bls12_381.G1.ProjectivePoint.fromAffine({ x, y });
+        point.assertValidity();
+        return point;
+      },
+      toRawBytes(point: ProjPointType<Fp>) {
+        return signatureG1ToRawBytes(point);
+      },
+      toHex(point: ProjPointType<Fp>) {
+        return bytesToHex(signatureG1ToRawBytes(point));
+      },
+    },
   },
   // G2 is the order-q subgroup of E2(Fp²) : y² = x³+4(1+√−1),
   // where Fp2 is Fp[√−1]/(x2+1). #E2(Fp2 ) = h2q, where
@@ -1232,45 +1292,45 @@ export const bls12_381: CurveFn<Fp, Fp2, Fp6, Fp12> = bls({
       return Q;                               // [x²-x-1]P + [x-1]Ψ(P) + Ψ²(2P)
     },
     fromBytes: (bytes: Uint8Array): AffinePoint<Fp2> => {
-      bytes = bytes.slice();
-      const m_byte = bytes[0] & 0xe0;
-      if (m_byte === 0x20 || m_byte === 0x60 || m_byte === 0xe0) {
-        throw new Error('Invalid encoding flag: ' + m_byte);
+      const { compressed, infinity, sort, value } = parseMask(bytes);
+      if (
+        (!compressed && !infinity && sort) || // 00100000
+        (!compressed && infinity && sort) || // 01100000
+        (sort && infinity && compressed) // 11100000
+      ) {
+        throw new Error('Invalid encoding flag: ' + (bytes[0] & 0b1110_0000));
       }
-      const bitC = m_byte & 0x80; // compression bit
-      const bitI = m_byte & 0x40; // point at infinity bit
-      const bitS = m_byte & 0x20; // sign bit
       const L = Fp.BYTES;
       const slc = (b: Uint8Array, from: number, to?: number) => bytesToNumberBE(b.slice(from, to));
-      if (bytes.length === 96 && bitC) {
+      if (value.length === 96 && compressed) {
         const b = bls12_381.params.G2b;
         const P = Fp.ORDER;
-
-        bytes[0] = bytes[0] & 0x1f; // clear flags
-        if (bitI) {
+        if (infinity) {
           // check that all bytes are 0
-          if (bytes.reduce((p, c) => (p !== 0 ? c + 1 : c), 0) > 0) {
+          if (value.reduce((p, c) => (p !== 0 ? c + 1 : c), 0) > 0) {
             throw new Error('Invalid compressed G2 point');
           }
           return { x: Fp2.ZERO, y: Fp2.ZERO };
         }
-        const x_1 = slc(bytes, 0, L);
-        const x_0 = slc(bytes, L, 2 * L);
+        const x_1 = slc(value, 0, L);
+        const x_0 = slc(value, L, 2 * L);
         const x = Fp2.create({ c0: Fp.create(x_0), c1: Fp.create(x_1) });
         const right = Fp2.add(Fp2.pow(x, _3n), b); // y² = x³ + 4 * (u+1) = x³ + b
         let y = Fp2.sqrt(right);
         const Y_bit = y.c1 === _0n ? (y.c0 * _2n) / P : (y.c1 * _2n) / P ? _1n : _0n;
-        y = bitS > 0 && Y_bit > 0 ? y : Fp2.neg(y);
+        y = sort && Y_bit > 0 ? y : Fp2.neg(y);
         return { x, y };
-      } else if (bytes.length === 192 && !bitC) {
-        // Check if the infinity flag is set
-        if ((bytes[0] & (1 << 6)) !== 0) {
+      } else if (value.length === 192 && !compressed) {
+        if (infinity) {
+          if (value.reduce((p, c) => (p !== 0 ? c + 1 : c), 0) > 0) {
+            throw new Error('Invalid uncompressed G2 point');
+          }
           return { x: Fp2.ZERO, y: Fp2.ZERO };
         }
-        const x1 = slc(bytes, 0, L);
-        const x0 = slc(bytes, L, 2 * L);
-        const y1 = slc(bytes, 2 * L, 3 * L);
-        const y0 = slc(bytes, 3 * L, 4 * L);
+        const x1 = slc(value, 0, L);
+        const x0 = slc(value, L, 2 * L);
+        const y1 = slc(value, 2 * L, 3 * L);
+        const y0 = slc(value, 3 * L, 4 * L);
         return { x: Fp2.fromBigTuple([x0, x1]), y: Fp2.fromBigTuple([y0, y1]) };
       } else {
         throw new Error('Invalid point G2, expected 96/192 bytes');
@@ -1283,10 +1343,10 @@ export const bls12_381: CurveFn<Fp, Fp2, Fp6, Fp12> = bls({
       if (isCompressed) {
         if (isZero) return concatB(COMPRESSED_ZERO, numberToBytesBE(_0n, len));
         const flag = Boolean(y.c1 === _0n ? (y.c0 * _2n) / P : (y.c1 * _2n) / P);
-        // set compressed & sign bits (looks like different offsets than for G1/Fp?)
-        let x_1 = bitSet(x.c1, C_BIT_POS, flag);
-        x_1 = bitSet(x_1, S_BIT_POS, true);
-        return concatB(numberToBytesBE(x_1, len), numberToBytesBE(x.c0, len));
+        return concatB(
+          setMask(numberToBytesBE(x.c1, len), { compressed: true, sort: flag }),
+          numberToBytesBE(x.c0, len)
+        );
       } else {
         if (isZero) return concatB(new Uint8Array([0x40]), new Uint8Array(4 * len - 1)); // bytes[0] |= 1 << 6;
         const { re: x0, im: x1 } = Fp2.reim(x);
@@ -1302,17 +1362,15 @@ export const bls12_381: CurveFn<Fp, Fp2, Fp6, Fp12> = bls({
     Signature: {
       // TODO: Optimize, it's very slow because of sqrt.
       fromHex(hex: Hex): ProjPointType<Fp2> {
-        hex = ensureBytes('signatureHex', hex);
+        const { infinity, sort, value } = parseMask(ensureBytes('signatureHex', hex));
         const P = Fp.ORDER;
-        const half = hex.length / 2;
+        const half = value.length / 2;
         if (half !== 48 && half !== 96)
           throw new Error('Invalid compressed signature length, must be 96 or 192');
-        const z1 = bytesToNumberBE(hex.slice(0, half));
-        const z2 = bytesToNumberBE(hex.slice(half));
+        const z1 = bytesToNumberBE(value.slice(0, half));
+        const z2 = bytesToNumberBE(value.slice(half));
         // Indicates the infinity point
-        const bflag1 = bitGet(z1, I_BIT_POS);
-        if (bflag1 === _1n) return bls12_381.G2.ProjectivePoint.ZERO;
-
+        if (infinity) return bls12_381.G2.ProjectivePoint.ZERO;
         const x1 = Fp.create(z1 & Fp.MASK);
         const x2 = Fp.create(z2);
         const x = Fp2.create({ c0: x2, c1: x1 });
@@ -1324,7 +1382,7 @@ export const bls12_381: CurveFn<Fp, Fp2, Fp6, Fp12> = bls({
         // Choose the y whose leftmost bit of the imaginary part is equal to the a_flag1
         // If y1 happens to be zero, then use the bit of y0
         const { re: y0, im: y1 } = Fp2.reim(y);
-        const aflag1 = bitGet(z1, 381);
+        const aflag1 = BigInt(sort);
         const isGreater = y1 > _0n && (y1 * _2n) / P !== aflag1;
         const isZero = y1 === _0n && (y0 * _2n) / P !== aflag1;
         if (isGreater || isZero) y = Fp2.neg(y);

package/src/bn254.ts

@@ -6,8 +6,9 @@ import { Field } from './abstract/modular.js';
 /**
  * bn254 pairing-friendly curve.
  * Previously known as alt_bn_128, when it had 128-bit security.
- * Recent research shown it's weaker, the naming has been adjusted to its prime bit count.
- * https://github.com/zcash/zcash/issues/2502
+ * Barbulescu-Duquesne 2017 shown it's weaker: just about 100 bits,
+ * so the naming has been adjusted to its prime bit count
+ * https://hal.science/hal-01534101/file/main.pdf
  */
 export const bn254 = weierstrass({
   a: BigInt(0),

package/src/ed25519.ts

@@ -13,7 +13,7 @@ import {
   numberToBytesLE,
 } from './abstract/utils.js';
 import { createHasher, htfBasicOpts, expand_message_xmd } from './abstract/hash-to-curve.js';
-import { AffinePoint } from './abstract/curve.js';
+import { AffinePoint, Group } from './abstract/curve.js';
 
 /**
  * ed25519 Twisted Edwards curve with following addons:
@@ -343,7 +343,7 @@ function calcElligatorRistrettoMap(r0: bigint): ExtendedPoint {
  * but it should work in its own namespace: do not combine those two.
  * https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448
  */
-class RistPoint {
+class RistPoint implements Group<RistPoint> {
   static BASE: RistPoint;
   static ZERO: RistPoint;
   // Private property to discourage combining ExtendedPoint + RistrettoPoint
@@ -471,6 +471,14 @@ class RistPoint {
   multiplyUnsafe(scalar: bigint): RistPoint {
     return new RistPoint(this.ep.multiplyUnsafe(scalar));
   }
+
+  double(): RistPoint {
+    return new RistPoint(this.ep.double());
+  }
+
+  negate(): RistPoint {
+    return new RistPoint(this.ep.negate());
+  }
 }
 export const RistrettoPoint = /* @__PURE__ */ (() => {
   if (!RistPoint.BASE) RistPoint.BASE = new RistPoint(ed25519.ExtendedPoint.BASE);

package/src/ed448.ts

@@ -13,7 +13,7 @@ import {
   Hex,
   numberToBytesLE,
 } from './abstract/utils.js';
-import { AffinePoint } from './abstract/curve.js';
+import { AffinePoint, Group } from './abstract/curve.js';
 
 /**
  * Edwards448 (not Ed448-Goldilocks) curve with following addons:
@@ -103,6 +103,7 @@ const ED448_DEF = {
   n: BigInt(
     '181709681073901722637330951972001133588410340171829515070372549795146003961539585716195755291692375963310293709091662304773755859649779'
   ),
+  // RFC 7748 has 56-byte keys, RFC 8032 has 57-byte keys
   nBitLength: 456,
   // Cofactor
   h: BigInt(4),
@@ -137,8 +138,9 @@ export const ed448ph = /* @__PURE__ */ twistedEdwards({ ...ED448_DEF, prehash: s
 export const x448 = /* @__PURE__ */ (() =>
   montgomery({
     a: BigInt(156326),
+    // RFC 7748 has 56-byte keys, RFC 8032 has 57-byte keys
     montgomeryBits: 448,
-    nByteLength: 57,
+    nByteLength: 56,
     P: ed448P,
     Gu: BigInt(5),
     powPminus2: (x: bigint): bigint => {
@@ -164,11 +166,14 @@ export function edwardsToMontgomeryPub(edwardsPub: string | Uint8Array): Uint8Ar
   const _1n = BigInt(1);
   return Fp.toBytes(Fp.create((y - _1n) * Fp.inv(y + _1n)));
 }
+
 export const edwardsToMontgomery = edwardsToMontgomeryPub; // deprecated
+// TODO: add edwardsToMontgomeryPriv, similar to ed25519 version
 
 // Hash To Curve Elligator2 Map
 const ELL2_C1 = (Fp.ORDER - BigInt(3)) / BigInt(4); // 1. c1 = (q - 3) / 4         # Integer arithmetic
 const ELL2_J = BigInt(156326);
+
 function map_to_curve_elligator2_curve448(u: bigint) {
   let tv1 = Fp.sqr(u); // 1.  tv1 = u^2
   let e1 = Fp.eql(tv1, Fp.ONE); // 2.   e1 = tv1 == 1
@@ -198,6 +203,7 @@ function map_to_curve_elligator2_curve448(u: bigint) {
   y = Fp.cmov(y, Fp.neg(y), e2 !== e3); // 26.   y = CMOV(y, -y, e2 XOR e3)
   return { xn, xd, yn: y, yd: Fp.ONE }; // 27. return (xn, xd, y, 1)
 }
+
 function map_to_curve_elligator2_edwards448(u: bigint) {
   let { xn, xd, yn, yd } = map_to_curve_elligator2_curve448(u); // 1. (xn, xd, yn, yd) = map_to_curve_elligator2_curve448(u)
   let xn2 = Fp.sqr(xn); // 2.  xn2 = xn^2
@@ -323,7 +329,7 @@ function calcElligatorDecafMap(r0: bigint): ExtendedPoint {
  * but it should work in its own namespace: do not combine those two.
  * https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448
  */
-class DcfPoint {
+class DcfPoint implements Group<DcfPoint> {
   static BASE: DcfPoint;
   static ZERO: DcfPoint;
   // Private property to discourage combining ExtendedPoint + DecafPoint
@@ -445,7 +451,16 @@ class DcfPoint {
   multiplyUnsafe(scalar: bigint): DcfPoint {
     return new DcfPoint(this.ep.multiplyUnsafe(scalar));
   }
+
+  double(): DcfPoint {
+    return new DcfPoint(this.ep.double());
+  }
+
+  negate(): DcfPoint {
+    return new DcfPoint(this.ep.negate());
+  }
 }
+
 export const DecafPoint = /* @__PURE__ */ (() => {
   // decaf448 base point is ed448 base x 2
   // https://github.com/dalek-cryptography/curve25519-dalek/blob/59837c6ecff02b77b9d5ff84dbc239d0cf33ef90/vendor/ristretto.sage#L699

package/src/package.json

@@ -0,0 +1,3 @@
+{
+  "type": "module"
+}