@steemit/steem-js 0.0.8

package/README.md

@@ -0,0 +1,232 @@
+# Steem.js
+
+Steem.js is a JavaScript/TypeScript library for interacting with the Steem blockchain.
+
+## Status
+
+This is a complete refactoring of the original steem-js library, migrating from JavaScript to TypeScript with modern tooling and improved code quality. Published as `@steemit/steem-js`.
+
+### Refactoring Progress
+
+- ✅ **TypeScript Migration**: Complete migration from JavaScript to TypeScript
+- ✅ **Build System**: Migrated from Webpack to Rollup
+- ✅ **Testing**: Migrated from Mocha to Vitest
+- ✅ **Core Modules**: All core functionality implemented
+  - API module with HTTP and WebSocket transports
+  - Authentication and encryption (ECC secp256k1)
+  - Broadcast operations
+  - Memo encryption/decryption
+  - Transaction serialization
+- ✅ **Security**: Fixed insecure random number generation, implemented proper cryptographic functions
+- ✅ **Tests**: 174 tests passing, 12 skipped (network-dependent integration tests)
+
+## Installation
+
+```bash
+pnpm install
+# or
+npm install
+```
+
+## Installation
+
+### npm / pnpm / yarn
+
+```bash
+npm install @steemit/steem-js
+# or
+pnpm install @steemit/steem-js
+# or
+yarn add @steemit/steem-js
+```
+
+### Browser (CDN)
+
+```html
+<!-- Include @steemit/steem-js (all dependencies are bundled) -->
+<script src="https://cdn.jsdelivr.net/npm/@steemit/steem-js/dist/index.umd.js"></script>
+```
+
+**Note**: The UMD build includes all necessary polyfills (axios, events, buffer, util, stream, assert, crypto). No additional dependencies are required.
+
+## Usage
+
+### Node.js / TypeScript / ES Modules
+
+```typescript
+import { steem } from '@steemit/steem-js';
+
+// Configure the API endpoint
+steem.config.set({
+  node: 'https://api.steemit.com',
+  address_prefix: 'STM',
+  chain_id: '0000000000000000000000000000000000000000000000000000000000000000'
+});
+
+// Get account information
+const account = await steem.api.getAccountAsync('ned');
+console.log(account);
+
+// Generate keys
+const keys = steem.auth.generateKeys('username', 'password', ['owner', 'active', 'posting', 'memo']);
+console.log(keys);
+
+// Sign and verify messages
+import { generateKeyPair, sign, verify } from '@steemit/steem-js/crypto';
+const keyPair = generateKeyPair();
+const message = 'Hello, Steem!';
+const signature = sign(message, keyPair.privateKey);
+const isValid = verify(message, signature, keyPair.publicKey);
+console.log('Signature valid:', isValid);
+```
+
+### Node.js / CommonJS
+
+```javascript
+const { steem } = require('@steemit/steem-js');
+
+steem.config.set({
+  node: 'https://api.steemit.com',
+  address_prefix: 'STM'
+});
+
+const account = await steem.api.getAccountAsync('ned');
+console.log(account);
+```
+
+### Browser (Script Tag)
+
+The UMD build includes all necessary dependencies and polyfills, so you can use it directly without any additional setup.
+
+```html
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Steem.js Example</title>
+  <!-- Include @steemit/steem-js (all dependencies bundled) -->
+  <script src="https://cdn.jsdelivr.net/npm/@steemit/steem-js/dist/index.umd.js"></script>
+</head>
+<body>
+  <script>
+    // Use the global 'steem' object
+    steem.config.set({
+      node: 'https://api.steemit.com',
+      address_prefix: 'STM'
+    });
+
+    // Get account information
+    steem.api.getAccountAsync('ned')
+      .then(account => {
+        console.log('Account:', account);
+      })
+      .catch(error => {
+        console.error('Error:', error);
+      });
+  </script>
+</body>
+</html>
+```
+
+**Note**: The UMD build (1.7MB) includes all polyfills, making it ready to use in browsers without additional dependencies. For production use with bundlers (Webpack, Vite, Rollup), use the ES Module or CommonJS builds instead.
+
+### Broadcast Operations
+
+```typescript
+import { steem } from '@steemit/steem-js';
+
+// Vote on a post
+const postingWif = steem.auth.toWif('username', 'password', 'posting');
+await steem.broadcast.voteAsync(
+  postingWif,
+  'voter',
+  'author',
+  'permlink',
+  10000 // weight
+);
+
+// Transfer STEEM
+await steem.broadcast.transferAsync(
+  activeWif,
+  'from',
+  'to',
+  '1.000 STEEM',
+  'memo'
+);
+```
+
+## Development
+
+### Build
+
+```bash
+pnpm build
+```
+
+### Test
+
+```bash
+# Run all tests
+pnpm test
+
+# Run tests in watch mode
+pnpm test:watch
+
+# Run tests with coverage
+pnpm test:coverage
+```
+
+### Type Check
+
+```bash
+pnpm typecheck
+```
+
+### Lint
+
+```bash
+pnpm lint
+```
+
+## Project Structure
+
+```
+src/
+  api/          # API client with HTTP and WebSocket transports
+  auth/         # Authentication and key management
+  broadcast/    # Transaction broadcasting
+  crypto/       # Cryptographic utilities
+  formatter/    # Data formatting
+  memo/         # Encrypted memo handling
+  operations/   # Operation type definitions
+  serializer/   # Transaction serialization
+  utils/        # Utility functions
+```
+
+## Key Features
+
+- **Type Safety**: Full TypeScript support with type definitions
+- **Modern ES Modules**: Uses ES modules with CommonJS fallback
+- **Secure Cryptography**: Proper implementation using Node.js crypto module
+- **Multiple Transports**: Supports both HTTP and WebSocket connections
+- **Promise and Callback Support**: Compatible with both async/await and callback patterns
+
+## Breaking Changes from Original
+
+This is a complete refactor with the following changes:
+
+1. **TypeScript**: All code is now TypeScript
+2. **ES Modules**: Uses ES modules by default (CommonJS available)
+3. **Build System**: Uses Rollup instead of Webpack
+4. **Testing**: Uses Vitest instead of Mocha
+5. **API**: Some method signatures may have changed for better type safety
+
+## Security Notes
+
+- Private keys are never logged or exposed
+- Uses cryptographically secure random number generation
+- All cryptographic operations use proper implementations
+
+## License
+
+MIT
+

package/dist/api/index.d.ts

@@ -0,0 +1,115 @@
+import { EventEmitter } from 'events';
+import Bluebird from 'bluebird';
+interface ApiOptions {
+    url?: string;
+    uri?: string;
+    websocket?: string;
+    transport?: string | any;
+    logger?: any;
+    useTestNet?: boolean;
+    useAppbaseApi?: boolean;
+}
+export declare class Api extends EventEmitter {
+    private seqNo;
+    private _transportType;
+    private transport;
+    private options;
+    private __logger;
+    private static _wrapWithPromise;
+    constructor(options?: ApiOptions);
+    private _setTransport;
+    private _setLogger;
+    log(logLevel: string, ...args: any[]): void;
+    start(): any;
+    stop(): any;
+    send(api: string, data: any, callback: any): any;
+    call(method: string, params: any[], callback: any): void;
+    signedCall(method: string, params: any[], account: string, key: string, callback: any): void;
+    setOptions(options: ApiOptions): void;
+    setWebSocket(url: string): void;
+    setUri(url: string): void;
+    streamBlockNumber(mode: string | undefined, callback: any, ts?: number): () => void;
+    streamBlock(mode: string | undefined, callback: any): () => void;
+    streamTransactions(mode: string | undefined, callback: any): () => void;
+    streamOperations(mode: string | undefined, callback: any): () => void;
+    broadcastTransactionSynchronousWith(options: any, callback: any): void;
+    /**
+     * Broadcast a transaction to the blockchain.
+     * @param trx The transaction object
+     * @param callback Callback function
+     */
+    broadcastTransaction(trx: any, callback: any): void;
+    /**
+     * Sign a transaction with the provided private key(s).
+     * @param trx The transaction object
+     * @param keys Array of WIF private keys
+     * @returns Signed transaction object
+     */
+    signTransaction(trx: any, keys: string[]): any;
+    /**
+     * Get a single account by name (backward compatibility).
+     * @param name The account name
+     * @param callback Optional callback
+     * @returns Account object or Promise
+     */
+    getAccount(name: string, callback?: (err: any, result?: any) => void): Bluebird<any> | void;
+    /**
+     * Get followers for an account (backward compatibility).
+     * @param account The account name
+     * @param startFollower The follower to start from
+     * @param type The type of follow
+     * @param limit The number of followers to return
+     * @param callback Optional callback
+     * @returns Array of followers or Promise
+     */
+    getFollowers(account: string, startFollower: string, type: string, limit: number, callback?: (err: any, result?: any) => void): Bluebird<any[]> | void;
+    /**
+     * Broadcast a transaction with a confirmation callback.
+     * @param confirmationCallback Callback function for transaction confirmation
+     * @param trx Transaction object to broadcast
+     * @param callback Callback function
+     */
+    broadcastTransactionWithCallback(confirmationCallback: any, trx: any, callback: any): void;
+    /**
+     * Broadcast a block to the network.
+     * @param block Block object to broadcast
+     * @param callback Callback function
+     */
+    broadcastBlock(block: any, callback: any): void;
+    /**
+     * Set the maximum block age for transaction acceptance.
+     * @param maxBlockAge Maximum block age in seconds
+     * @param callback Callback function
+     */
+    setMaxBlockAge(maxBlockAge: number, callback: any): void;
+    /**
+     * Verify transaction authority.
+     * @param trx Transaction object to verify
+     * @param callback Optional callback function
+     * @returns Promise with verification result if no callback provided
+     */
+    verifyAuthority(trx: any, callback?: (err: any, result?: boolean) => void): Bluebird<boolean> | void;
+    /**
+     * Verify account authority.
+     * @param nameOrId Account name or ID
+     * @param signers Array of signer public keys
+     * @param callback Optional callback function
+     * @returns Promise with verification result if no callback provided
+     */
+    verifyAccountAuthority(nameOrId: string, signers: string[], callback?: (err: any, result?: boolean) => void): Bluebird<boolean> | void;
+}
+declare const api: Api;
+export declare function setOptions(options: ApiOptions): void;
+export declare function call(method: string, params: any[], callback: any): void;
+export declare function signTransaction(trx: any, keys: string[]): any;
+export declare function verifyAuthority(..._args: any[]): boolean;
+export default api;
+export declare const getDynamicGlobalPropertiesAsync: any;
+export declare const getBlockAsync: any;
+export declare const getFollowersAsync: any;
+export declare const getContentAsync: any;
+export declare const listeners: (...args: any[]) => any;
+export declare const streamBlockNumber: (...args: any[]) => any;
+export declare const streamBlock: (...args: any[]) => any;
+export declare const streamTransactions: (...args: any[]) => any;
+export declare const streamOperations: (...args: any[]) => any;

package/dist/api/methods.d.ts

@@ -0,0 +1,9 @@
+interface ApiMethod {
+    api: string;
+    method: string;
+    method_name?: string;
+    params?: string[];
+    is_object?: boolean;
+}
+declare const methods: ApiMethod[];
+export default methods;

package/dist/api/rpc-auth.d.ts

@@ -0,0 +1,43 @@
+interface RpcRequest {
+    method: string;
+    params: any[];
+    id: number;
+}
+interface SignedRequest {
+    jsonrpc: string;
+    method: string;
+    id: number;
+    params: {
+        __signed: {
+            account: string;
+            nonce: string;
+            params: string;
+            signatures: string[];
+            timestamp: string;
+        };
+    };
+}
+/**
+ * Signing constant used to reserve opcode space and prevent cross-protocol attacks.
+ * Output of `sha256('steem_jsonrpc_auth')`.
+ */
+export declare const K: Buffer<ArrayBuffer>;
+/**
+ * Sign a JSON RPC Request.
+ */
+export declare function sign(request: RpcRequest, account: string, keys: string[]): SignedRequest;
+/**
+ * Validate a signed JSON RPC request.
+ * Throws a ValidationError if the request fails validation.
+ *
+ * @param request The signed JSON RPC request to validate
+ * @param verify Function to verify signatures against public keys
+ * @returns Resolved request params
+ */
+export declare function validate(request: SignedRequest, verify: (message: Buffer, signatures: string[], account: string) => Promise<void>): Promise<any>;
+declare const _default: {
+    sign: typeof sign;
+    validate: typeof validate;
+    K: Buffer<ArrayBuffer>;
+};
+export default _default;

package/dist/api/transports/base.d.ts

@@ -0,0 +1,13 @@
+import { EventEmitter } from 'events';
+import { Transport, TransportOptions } from './types';
+export declare class BaseTransport extends EventEmitter implements Transport {
+    options: TransportOptions;
+    id: number;
+    constructor(options?: TransportOptions);
+    setOptions(options: TransportOptions): void;
+    listenTo(target: EventEmitter, eventName: string, callback: (...args: any[]) => void): () => void;
+    send(_api: string, _data: any, _callback: (error: any, result?: any) => void): void;
+    start(): Promise<void>;
+    stop(): Promise<void>;
+}
+export default BaseTransport;

package/dist/api/transports/http.d.ts

@@ -0,0 +1,9 @@
+import { TransportOptions, JsonRpcRequest } from './types';
+import { BaseTransport } from './base';
+export declare const jsonRpc: (uri: string, request: Partial<JsonRpcRequest>) => Promise<any>;
+export declare class HttpTransport extends BaseTransport {
+    constructor(options: TransportOptions);
+    get nonRetriableOperations(): string[];
+    isBroadcastOperation(method: string): boolean;
+    send(api: string, data: any, callback?: (err: any, result?: any, attempt?: number) => void): void;
+}

package/dist/api/transports/index.d.ts

@@ -0,0 +1,9 @@
+import { HttpTransport } from './http';
+import { WsTransport } from './ws';
+import { BaseTransport } from './base';
+export * from './types';
+export declare const transports: {
+    http: typeof HttpTransport;
+    ws: typeof WsTransport;
+};
+export { BaseTransport };

package/dist/api/transports/types.d.ts

@@ -0,0 +1,29 @@
+export interface TransportOptions {
+    url?: string;
+    uri?: string;
+    websocket?: string;
+    transport?: string | any;
+    [key: string]: any;
+}
+export interface JsonRpcRequest {
+    id: number;
+    method: string;
+    params: any[];
+    jsonrpc?: string;
+}
+export interface JsonRpcResponse {
+    id: number;
+    result: any;
+    error?: {
+        code: number;
+        message: string;
+        data?: any;
+    };
+}
+export interface Transport {
+    options: TransportOptions;
+    start(): Promise<void>;
+    stop(): Promise<void>;
+    setOptions(options: TransportOptions): void;
+    send(api: string, data: any, callback: (error: any, result?: any) => void): void | Promise<void>;
+}

package/dist/api/transports/ws.d.ts

@@ -0,0 +1,11 @@
+import { TransportOptions } from './types';
+import { BaseTransport } from './base';
+export declare class WsTransport extends BaseTransport {
+    private ws;
+    private _requests;
+    private seqNo;
+    constructor(options: TransportOptions);
+    start(): Promise<void>;
+    stop(): Promise<void>;
+    send(api: string, data: any, callback: (error: any, result?: any) => void): void;
+}

package/dist/auth/ecc/index.d.ts

@@ -0,0 +1,9 @@
+export { Address } from './src/address';
+export { Aes } from './src/aes';
+export { PrivateKey } from './src/key_private';
+export { PublicKey } from './src/key_public';
+export { Signature } from './src/signature';
+export { normalize as brainKey } from './src/brain_key';
+export * as key_utils from './src/key_utils';
+export * as hash from './src/hash';
+export { Config as ecc_config } from '../../config';

package/dist/auth/ecc/src/address.d.ts

@@ -0,0 +1,13 @@
+import { PublicKey } from './key_public';
+export declare class Address {
+    private addy;
+    constructor(addy: Buffer);
+    static fromBuffer(buffer: Buffer): string;
+    static fromString(address: string): Buffer;
+    static fromPublicKey(public_key: PublicKey, compressed?: boolean): string;
+    static fromPublic(public_key: PublicKey, compressed?: boolean, version?: number): Address;
+    static toBuffer(address: string): Buffer;
+    toBuffer(): Buffer;
+    getVersion(): number;
+    toString(address_prefix?: string): string;
+}

package/dist/auth/ecc/src/aes.d.ts

@@ -0,0 +1,16 @@
+import { PrivateKey } from './key_private';
+import { PublicKey } from './key_public';
+export declare class Aes {
+    static uniqueNonce(): string;
+    static encrypt(private_key: PrivateKey, public_key: PublicKey, message: Buffer | string, nonce?: string): {
+        nonce: string;
+        message: string;
+        checksum: number;
+    };
+    static decrypt(private_key: PrivateKey, public_key: PublicKey, nonce: string, message: string, checksum: number): Buffer;
+    static fromSeed(seed: string): Buffer;
+    static fromBuffer(buffer: Buffer): Buffer;
+    static fromString(string: string): Buffer;
+    static toBuffer(aes: Buffer): Buffer;
+    static toString(aes: Buffer): string;
+}

package/dist/auth/ecc/src/brain_key.d.ts

@@ -0,0 +1 @@
+export declare function normalize(brain_key: string): string;

package/dist/auth/ecc/src/ecdsa.d.ts

@@ -0,0 +1,28 @@
+import BigInteger from 'bigi';
+import ECSignature from './ecsignature';
+type Curve = any;
+type Point = any;
+export declare function sign(curve: Curve, hash: Buffer, d: BigInteger, nonce?: number): ECSignature;
+export declare function verify(curve: Curve, hash: Buffer, signature: ECSignature, Q: Point): boolean;
+/**
+ * Recover a public key from a signature.
+ *
+ * See SEC 1: Elliptic Curve Cryptography, section 4.1.6, "Public
+ * Key Recovery Operation".
+ *
+ * http://www.secg.org/download/aid-780/sec1-v2.pdf
+ */
+export declare function recoverPubKey(curve: Curve, e: BigInteger, signature: ECSignature, i: number): Point;
+/**
+ * Calculate pubkey extraction parameter.
+ *
+ * When extracting a pubkey from a signature, we have to
+ * distinguish four different cases. Rather than putting this
+ * burden on the verifier, Bitcoin includes a 2-bit value with the
+ * signature.
+ *
+ * This function simply tries all four cases and returns the value
+ * that resulted in a successful pubkey recovery.
+ */
+export declare function calcPubKeyRecoveryParam(curve: Curve, e: BigInteger, signature: ECSignature, Q: Point): number;
+export {};

package/dist/auth/ecc/src/ecsignature.d.ts

@@ -0,0 +1,19 @@
+import BigInteger from 'bigi';
+export default class ECSignature {
+    r: BigInteger;
+    s: BigInteger;
+    constructor(r: BigInteger, s: BigInteger);
+    static parseCompact(buffer: Buffer): {
+        compressed: boolean;
+        i: number;
+        signature: ECSignature;
+    };
+    static fromDER(buffer: Buffer): ECSignature;
+    static parseScriptSignature(buffer: Buffer): {
+        signature: ECSignature;
+        hashType: number;
+    };
+    toCompact(i: number, compressed: boolean): Buffer;
+    toDER(): Buffer;
+    toScriptSignature(hashType: number): Buffer;
+}

package/dist/auth/ecc/src/enforce_types.d.ts

@@ -0,0 +1,5 @@
+type TypeName = 'Array' | 'Boolean' | 'Buffer' | 'Number' | 'String' | {
+    new (...args: any[]): any;
+};
+export default function enforce(type: TypeName, value: any): void;
+export {};

package/dist/auth/ecc/src/hash.d.ts

@@ -0,0 +1,25 @@
+/** @arg {string|Buffer} data
+    @arg {string} [digest = null] - 'hex', 'binary' or 'base64'
+    @return {string|Buffer} - Buffer when digest is null, or string
+*/
+export declare function sha1(data: string | Buffer, encoding?: BufferEncoding): string | Buffer;
+/** @arg {string|Buffer} data
+    @arg {string} [digest = null] - 'hex', 'binary' or 'base64'
+    @return {string|Buffer} - Buffer when digest is null, or string
+*/
+export declare function sha256(data: string | Buffer, encoding?: BufferEncoding): Buffer;
+/** @arg {string|Buffer} data
+    @arg {string} [digest = null] - 'hex', 'binary' or 'base64'
+    @return {string|Buffer} - Buffer when digest is null, or string
+*/
+export declare function sha512(data: string | Buffer, encoding?: BufferEncoding): Buffer;
+export declare function HmacSHA256(buffer: Buffer, secret: Buffer): Buffer;
+export declare function ripemd160(data: string | Buffer): Buffer;
+declare const _default: {
+    sha1: typeof sha1;
+    sha256: typeof sha256;
+    sha512: typeof sha512;
+    HmacSHA256: typeof HmacSHA256;
+    ripemd160: typeof ripemd160;
+};
+export default _default;

package/dist/auth/ecc/src/index.d.ts

@@ -0,0 +1,9 @@
+export { Address } from './address';
+export { Aes } from './aes';
+export { PrivateKey } from './key_private';
+export { PublicKey } from './key_public';
+export { Signature } from './signature';
+export { normalize as brainKey } from './brain_key';
+export * as key_utils from './key_utils';
+export * as hash from './hash';
+export { Config as ecc_config } from '../../../config';

package/dist/auth/ecc/src/key_private.d.ts

@@ -0,0 +1,38 @@
+import BigInteger from 'bigi';
+import { PublicKey } from './key_public';
+type Point = any;
+export declare class PrivateKey {
+    d: BigInteger;
+    public_key?: PublicKey;
+    /**
+     * @private see static functions
+     * @param {BigInteger} d
+     */
+    constructor(d: BigInteger);
+    static fromBuffer(buf: Buffer): PrivateKey;
+    /** @arg {string} seed - any length string. This is private, the same seed produces the same private key every time. */
+    static fromSeed(seed: string): PrivateKey;
+    static isWif(text: string): boolean;
+    /**
+     * @throws {AssertError|Error} parsing key
+     * @return {string} Wallet Import Format (still a secret, Not encrypted)
+     */
+    static fromWif(private_wif: string): PrivateKey;
+    toWif(): string;
+    /** Alias for {@link toWif} */
+    toString(): string;
+    /**
+     * @return {Point}
+     */
+    toPublicKeyPoint(): Point;
+    toPublic(): PublicKey;
+    toBuffer(): Buffer;
+    /** ECIES */
+    get_shared_secret(public_key: PublicKey | string): Buffer;
+    /** @throws {Error} - overflow of the key could not be derived */
+    child(offset: Buffer): PrivateKey;
+    static fromHex(hex: string): PrivateKey;
+    toHex(): string;
+    toPublicKey(): PublicKey;
+}
+export {};