@xchainjs/xchain-dash 2.2.3 → 2.2.4

package/lib/index.esm.js

@@ -1,8 +1,8 @@
-import { ExplorerProvider, Network, TxType, FeeOption, checkFeeBounds } from '@xchainjs/xchain-client';
-import { AssetType, assetToBase, assetAmount, baseAmount } from '@xchainjs/xchain-util';
+import { ExplorerProvider, Network, FeeOption, checkFeeBounds } from '@xchainjs/xchain-client';
+import { AssetType } from '@xchainjs/xchain-util';
 import { BlockcypherProvider, BlockcypherNetwork, BitgoProvider } from '@xchainjs/xchain-utxo-providers';
 import dashcore from '@dashevo/dashcore-lib';
-import { toBitcoinJS, Client as Client$1, UtxoTransactionValidator, UtxoError } from '@xchainjs/xchain-utxo';
+import { toBitcoinJS, Client as Client$1, UtxoError, UtxoTransactionValidator } from '@xchainjs/xchain-utxo';
 import * as Dash from 'bitcoinjs-lib';
 import accumulative from 'coinselect/accumulative.js';
 import * as ecc from '@bitcoin-js/tiny-secp256k1-asmjs';
@@ -47,7 +47,7 @@ const AssetDASH = { chain: DASHChain, symbol: 'DASH', ticker: 'DASH', type: Asse
 /**
  * Explorer provider for Dash mainnet.
  */
-const DASH_MAINNET_EXPLORER = new ExplorerProvider('https://insight.dash.org/insight', 'https://insight.dash.org/insight/address/%%ADDRESS%%', 'https://insight.dash.org/insight/tx/%%TX_ID%%');
+const DASH_MAINNET_EXPLORER = new ExplorerProvider('https://blockchair.com/dash', 'https://blockchair.com/dash/address/%%ADDRESS%%', 'https://blockchair.com/dash/transaction/%%TX_ID%%');
 /**
  * Explorer provider for Dash testnet.
  */
@@ -390,16 +390,16 @@ const G = getGlobal();
 const FormDataCtor = typeof G.FormData !== 'undefined' ? G.FormData : undefined;
 
 const isFormData = (thing) => {
-  let kind;
-  return thing && (
-    (FormDataCtor && thing instanceof FormDataCtor) || (
-      isFunction$1(thing.append) && (
-        (kind = kindOf(thing)) === 'formdata' ||
-        // detect form-data instance
-        (kind === 'object' && isFunction$1(thing.toString) && thing.toString() === '[object FormData]')
-      )
-    )
-  );
+  if (!thing) return false;
+  if (FormDataCtor && thing instanceof FormDataCtor) return true;
+  // Reject plain objects inheriting directly from Object.prototype so prototype-pollution gadgets can't spoof FormData (GHSA-6chq-wfr3-2hj9).
+  const proto = getPrototypeOf(thing);
+  if (!proto || proto === Object.prototype) return false;
+  if (!isFunction$1(thing.append)) return false;
+  const kind = kindOf(thing);
+  return kind === 'formdata' ||
+    // detect form-data instance
+    (kind === 'object' && isFunction$1(thing.toString) && thing.toString() === '[object FormData]');
 };
 
 /**
@@ -1066,40 +1066,40 @@ let AxiosError$1 = class AxiosError extends Error {
     return axiosError;
   }
 
-    /**
-     * Create an Error with the specified message, config, error code, request and response.
-     *
-     * @param {string} message The error message.
-     * @param {string} [code] The error code (for example, 'ECONNABORTED').
-     * @param {Object} [config] The config.
-     * @param {Object} [request] The request.
-     * @param {Object} [response] The response.
-     *
-     * @returns {Error} The created error.
-     */
-    constructor(message, code, config, request, response) {
-      super(message);
-      
-      // Make message enumerable to maintain backward compatibility
-      // The native Error constructor sets message as non-enumerable,
-      // but axios < v1.13.3 had it as enumerable
-      Object.defineProperty(this, 'message', {
-          value: message,
-          enumerable: true,
-          writable: true,
-          configurable: true
-      });
-      
-      this.name = 'AxiosError';
-      this.isAxiosError = true;
-      code && (this.code = code);
-      config && (this.config = config);
-      request && (this.request = request);
-      if (response) {
-          this.response = response;
-          this.status = response.status;
-      }
+  /**
+   * Create an Error with the specified message, config, error code, request and response.
+   *
+   * @param {string} message The error message.
+   * @param {string} [code] The error code (for example, 'ECONNABORTED').
+   * @param {Object} [config] The config.
+   * @param {Object} [request] The request.
+   * @param {Object} [response] The response.
+   *
+   * @returns {Error} The created error.
+   */
+  constructor(message, code, config, request, response) {
+    super(message);
+
+    // Make message enumerable to maintain backward compatibility
+    // The native Error constructor sets message as non-enumerable,
+    // but axios < v1.13.3 had it as enumerable
+    Object.defineProperty(this, 'message', {
+      value: message,
+      enumerable: true,
+      writable: true,
+      configurable: true,
+    });
+
+    this.name = 'AxiosError';
+    this.isAxiosError = true;
+    code && (this.code = code);
+    config && (this.config = config);
+    request && (this.request = request);
+    if (response) {
+      this.response = response;
+      this.status = response.status;
     }
+  }
 
   toJSON() {
     return {
@@ -1135,6 +1135,7 @@ AxiosError$1.ERR_BAD_REQUEST = 'ERR_BAD_REQUEST';
 AxiosError$1.ERR_CANCELED = 'ERR_CANCELED';
 AxiosError$1.ERR_NOT_SUPPORT = 'ERR_NOT_SUPPORT';
 AxiosError$1.ERR_INVALID_URL = 'ERR_INVALID_URL';
+AxiosError$1.ERR_FORM_DATA_DEPTH_EXCEEDED = 'ERR_FORM_DATA_DEPTH_EXCEEDED';
 
 // eslint-disable-next-line strict
 var httpAdapter = null;
@@ -1249,6 +1250,7 @@ function toFormData$1(obj, formData, options) {
   const dots = options.dots;
   const indexes = options.indexes;
   const _Blob = options.Blob || (typeof Blob !== 'undefined' && Blob);
+  const maxDepth = options.maxDepth === undefined ? 100 : options.maxDepth;
   const useBlob = _Blob && utils$1.isSpecCompliantForm(formData);
 
   if (!utils$1.isFunction(visitor)) {
@@ -1341,9 +1343,16 @@ function toFormData$1(obj, formData, options) {
     isVisitable,
   });
 
-  function build(value, path) {
+  function build(value, path, depth = 0) {
     if (utils$1.isUndefined(value)) return;
 
+    if (depth > maxDepth) {
+      throw new AxiosError$1(
+        'Object is too deeply nested (' + depth + ' levels). Max depth: ' + maxDepth,
+        AxiosError$1.ERR_FORM_DATA_DEPTH_EXCEEDED
+      );
+    }
+
     if (stack.indexOf(value) !== -1) {
       throw Error('Circular reference detected in ' + path.join('.'));
     }
@@ -1356,7 +1365,7 @@ function toFormData$1(obj, formData, options) {
         visitor.call(formData, el, utils$1.isString(key) ? key.trim() : key, path, exposedHelpers);
 
       if (result === true) {
-        build(el, path ? path.concat(key) : [key]);
+        build(el, path ? path.concat(key) : [key], depth + 1);
       }
     });
 
@@ -1388,9 +1397,8 @@ function encode$1(str) {
     ')': '%29',
     '~': '%7E',
     '%20': '+',
-    '%00': '\x00',
   };
-  return encodeURIComponent(str).replace(/[!'()~]|%20|%00/g, function replacer(match) {
+  return encodeURIComponent(str).replace(/[!'()~]|%20/g, function replacer(match) {
     return charMap[match];
   });
 }
@@ -1710,7 +1718,9 @@ function formDataToJSON(formData) {
 
     if (isLast) {
       if (utils$1.hasOwnProp(target, name)) {
-        target[name] = [target[name], value];
+        target[name] = utils$1.isArray(target[name])
+          ? target[name].concat(value)
+          : [target[name], value];
       } else {
         target[name] = value;
       }
@@ -1744,6 +1754,8 @@ function formDataToJSON(formData) {
   return null;
 }
 
+const own = (obj, key) => (obj != null && utils$1.hasOwnProp(obj, key) ? obj[key] : undefined);
+
 /**
  * It takes a string, tries to parse it, and if it fails, it returns the stringified version
  * of the input
@@ -1811,20 +1823,22 @@ const defaults = {
       let isFileList;
 
       if (isObjectPayload) {
+        const formSerializer = own(this, 'formSerializer');
         if (contentType.indexOf('application/x-www-form-urlencoded') > -1) {
-          return toURLEncodedForm(data, this.formSerializer).toString();
+          return toURLEncodedForm(data, formSerializer).toString();
         }
 
         if (
           (isFileList = utils$1.isFileList(data)) ||
           contentType.indexOf('multipart/form-data') > -1
         ) {
-          const _FormData = this.env && this.env.FormData;
+          const env = own(this, 'env');
+          const _FormData = env && env.FormData;
 
           return toFormData$1(
             isFileList ? { 'files[]': data } : data,
             _FormData && new _FormData(),
-            this.formSerializer
+            formSerializer
           );
         }
       }
@@ -1840,9 +1854,10 @@ const defaults = {
 
   transformResponse: [
     function transformResponse(data) {
-      const transitional = this.transitional || defaults.transitional;
+      const transitional = own(this, 'transitional') || defaults.transitional;
       const forcedJSONParsing = transitional && transitional.forcedJSONParsing;
-      const JSONRequested = this.responseType === 'json';
+      const responseType = own(this, 'responseType');
+      const JSONRequested = responseType === 'json';
 
       if (utils$1.isResponse(data) || utils$1.isReadableStream(data)) {
         return data;
@@ -1851,17 +1866,17 @@ const defaults = {
       if (
         data &&
         utils$1.isString(data) &&
-        ((forcedJSONParsing && !this.responseType) || JSONRequested)
+        ((forcedJSONParsing && !responseType) || JSONRequested)
       ) {
         const silentJSONParsing = transitional && transitional.silentJSONParsing;
         const strictJSONParsing = !silentJSONParsing && JSONRequested;
 
         try {
-          return JSON.parse(data, this.parseReviver);
+          return JSON.parse(data, own(this, 'parseReviver'));
         } catch (e) {
           if (strictJSONParsing) {
             if (e.name === 'SyntaxError') {
-              throw AxiosError$1.from(e, AxiosError$1.ERR_BAD_RESPONSE, this, null, this.response);
+              throw AxiosError$1.from(e, AxiosError$1.ERR_BAD_RESPONSE, this, null, own(this, 'response'));
             }
             throw e;
           }
@@ -1973,41 +1988,41 @@ var parseHeaders = (rawHeaders) => {
 
 const $internals = Symbol('internals');
 
-const isValidHeaderValue = (value) => !/[\r\n]/.test(value);
+const INVALID_HEADER_VALUE_CHARS_RE = /[^\x09\x20-\x7E\x80-\xFF]/g;
 
-function assertValidHeaderValue(value, header) {
-  if (value === false || value == null) {
-    return;
-  }
-
-  if (utils$1.isArray(value)) {
-    value.forEach((v) => assertValidHeaderValue(v, header));
-    return;
-  }
+function trimSPorHTAB(str) {
+  let start = 0;
+  let end = str.length;
 
-  if (!isValidHeaderValue(String(value))) {
-    throw new Error(`Invalid character in header content ["${header}"]`);
-  }
-}
+  while (start < end) {
+    const code = str.charCodeAt(start);
 
-function normalizeHeader(header) {
-  return header && String(header).trim().toLowerCase();
-}
+    if (code !== 0x09 && code !== 0x20) {
+      break;
+    }
 
-function stripTrailingCRLF(str) {
-  let end = str.length;
+    start += 1;
+  }
 
-  while (end > 0) {
-    const charCode = str.charCodeAt(end - 1);
+  while (end > start) {
+    const code = str.charCodeAt(end - 1);
 
-    if (charCode !== 10 && charCode !== 13) {
+    if (code !== 0x09 && code !== 0x20) {
       break;
     }
 
     end -= 1;
   }
 
-  return end === str.length ? str : str.slice(0, end);
+  return start === 0 && end === str.length ? str : str.slice(start, end);
+}
+
+function normalizeHeader(header) {
+  return header && String(header).trim().toLowerCase();
+}
+
+function sanitizeHeaderValue(str) {
+  return trimSPorHTAB(str.replace(INVALID_HEADER_VALUE_CHARS_RE, ''));
 }
 
 function normalizeValue(value) {
@@ -2015,7 +2030,7 @@ function normalizeValue(value) {
     return value;
   }
 
-  return utils$1.isArray(value) ? value.map(normalizeValue) : stripTrailingCRLF(String(value));
+  return utils$1.isArray(value) ? value.map(normalizeValue) : sanitizeHeaderValue(String(value));
 }
 
 function parseTokens(str) {
@@ -2097,7 +2112,6 @@ let AxiosHeaders$1 = class AxiosHeaders {
         _rewrite === true ||
         (_rewrite === undefined && self[key] !== false)
       ) {
-        assertValidHeaderValue(_value, _header);
         self[key || _header] = normalizeValue(_value);
       }
     }
@@ -2520,13 +2534,13 @@ const progressEventReducer = (listener, isDownloadStream, freq = 3) => {
   const _speedometer = speedometer(50, 250);
 
   return throttle((e) => {
-    const loaded = e.loaded;
+    const rawLoaded = e.loaded;
     const total = e.lengthComputable ? e.total : undefined;
-    const progressBytes = loaded - bytesNotified;
+    const loaded = total != null ? Math.min(rawLoaded, total) : rawLoaded;
+    const progressBytes = Math.max(0, loaded - bytesNotified);
     const rate = _speedometer(progressBytes);
-    const inRange = loaded <= total;
 
-    bytesNotified = loaded;
+    bytesNotified = Math.max(bytesNotified, loaded);
 
     const data = {
       loaded,
@@ -2534,7 +2548,7 @@ const progressEventReducer = (listener, isDownloadStream, freq = 3) => {
       progress: total ? loaded / total : undefined,
       bytes: progressBytes,
       rate: rate ? rate : undefined,
-      estimated: rate && total && inRange ? (total - loaded) / rate : undefined,
+      estimated: rate && total ? (total - loaded) / rate : undefined,
       event: e,
       lengthComputable: total != null,
       [isDownloadStream ? 'download' : 'upload']: true,
@@ -2668,7 +2682,7 @@ function combineURLs(baseURL, relativeURL) {
  */
 function buildFullPath(baseURL, requestedURL, allowAbsoluteUrls) {
   let isRelativeUrl = !isAbsoluteURL(requestedURL);
-  if (baseURL && (isRelativeUrl || allowAbsoluteUrls == false)) {
+  if (baseURL && (isRelativeUrl || allowAbsoluteUrls === false)) {
     return combineURLs(baseURL, requestedURL);
   }
   return requestedURL;
@@ -2688,7 +2702,18 @@ const headersToObject = (thing) => (thing instanceof AxiosHeaders$1 ? { ...thing
 function mergeConfig$1(config1, config2) {
   // eslint-disable-next-line no-param-reassign
   config2 = config2 || {};
-  const config = {};
+
+  // Use a null-prototype object so that downstream reads such as `config.auth`
+  // or `config.baseURL` cannot inherit polluted values from Object.prototype
+  // (see GHSA-q8qp-cvcw-x6jj). `hasOwnProperty` is restored as a non-enumerable
+  // own slot to preserve ergonomics for user code that relies on it.
+  const config = Object.create(null);
+  Object.defineProperty(config, 'hasOwnProperty', {
+    value: Object.prototype.hasOwnProperty,
+    enumerable: false,
+    writable: true,
+    configurable: true,
+  });
 
   function getMergedValue(target, source, prop, caseless) {
     if (utils$1.isPlainObject(target) && utils$1.isPlainObject(source)) {
@@ -2727,9 +2752,9 @@ function mergeConfig$1(config1, config2) {
 
   // eslint-disable-next-line consistent-return
   function mergeDirectKeys(a, b, prop) {
-    if (prop in config2) {
+    if (utils$1.hasOwnProp(config2, prop)) {
       return getMergedValue(a, b);
-    } else if (prop in config1) {
+    } else if (utils$1.hasOwnProp(config1, prop)) {
       return getMergedValue(undefined, a);
     }
   }
@@ -2761,6 +2786,7 @@ function mergeConfig$1(config1, config2) {
     httpsAgent: defaultToConfig2,
     cancelToken: defaultToConfig2,
     socketPath: defaultToConfig2,
+    allowedSocketPaths: defaultToConfig2,
     responseEncoding: defaultToConfig2,
     validateStatus: mergeDirectKeys,
     headers: (a, b, prop) =>
@@ -2770,7 +2796,9 @@ function mergeConfig$1(config1, config2) {
   utils$1.forEach(Object.keys({ ...config1, ...config2 }), function computeConfigValue(prop) {
     if (prop === '__proto__' || prop === 'constructor' || prop === 'prototype') return;
     const merge = utils$1.hasOwnProp(mergeMap, prop) ? mergeMap[prop] : mergeDeepProperties;
-    const configValue = merge(config1[prop], config2[prop], prop);
+    const a = utils$1.hasOwnProp(config1, prop) ? config1[prop] : undefined;
+    const b = utils$1.hasOwnProp(config2, prop) ? config2[prop] : undefined;
+    const configValue = merge(a, b, prop);
     (utils$1.isUndefined(configValue) && merge !== mergeDirectKeys) || (config[prop] = configValue);
   });
 
@@ -2780,12 +2808,24 @@ function mergeConfig$1(config1, config2) {
 var resolveConfig = (config) => {
   const newConfig = mergeConfig$1({}, config);
 
-  let { data, withXSRFToken, xsrfHeaderName, xsrfCookieName, headers, auth } = newConfig;
+  // Read only own properties to prevent prototype pollution gadgets
+  // (e.g. Object.prototype.baseURL = 'https://evil.com'). See GHSA-q8qp-cvcw-x6jj.
+  const own = (key) => (utils$1.hasOwnProp(newConfig, key) ? newConfig[key] : undefined);
+
+  const data = own('data');
+  let withXSRFToken = own('withXSRFToken');
+  const xsrfHeaderName = own('xsrfHeaderName');
+  const xsrfCookieName = own('xsrfCookieName');
+  let headers = own('headers');
+  const auth = own('auth');
+  const baseURL = own('baseURL');
+  const allowAbsoluteUrls = own('allowAbsoluteUrls');
+  const url = own('url');
 
   newConfig.headers = headers = AxiosHeaders$1.from(headers);
 
   newConfig.url = buildURL(
-    buildFullPath(newConfig.baseURL, newConfig.url, newConfig.allowAbsoluteUrls),
+    buildFullPath(baseURL, url, allowAbsoluteUrls),
     config.params,
     config.paramsSerializer
   );
@@ -2824,10 +2864,18 @@ var resolveConfig = (config) => {
   // Specifically not if we're in a web worker, or react-native.
 
   if (platform.hasStandardBrowserEnv) {
-    withXSRFToken && utils$1.isFunction(withXSRFToken) && (withXSRFToken = withXSRFToken(newConfig));
+    if (utils$1.isFunction(withXSRFToken)) {
+      withXSRFToken = withXSRFToken(newConfig);
+    }
 
-    if (withXSRFToken || (withXSRFToken !== false && isURLSameOrigin(newConfig.url))) {
-      // Add xsrf header
+    // Strict boolean check — prevents proto-pollution gadgets (e.g. Object.prototype.withXSRFToken = 1)
+    // and misconfigurations (e.g. "false") from short-circuiting the same-origin check and leaking
+    // the XSRF token cross-origin. See GHSA-xx6v-rp6x-q39c.
+    const shouldSendXSRF =
+      withXSRFToken === true ||
+      (withXSRFToken == null && isURLSameOrigin(newConfig.url));
+
+    if (shouldSendXSRF) {
       const xsrfValue = xsrfHeaderName && xsrfCookieName && cookies.read(xsrfCookieName);
 
       if (xsrfValue) {
@@ -3246,18 +3294,20 @@ const factory = (env) => {
     test(() => {
       let duplexAccessed = false;
 
-      const body = new ReadableStream$1();
-
-      const hasContentType = new Request(platform.origin, {
-        body,
+      const request = new Request(platform.origin, {
+        body: new ReadableStream$1(),
         method: 'POST',
         get duplex() {
           duplexAccessed = true;
           return 'half';
         },
-      }).headers.has('Content-Type');
+      });
 
-      body.cancel();
+      const hasContentType = request.headers.has('Content-Type');
+
+      if (request.body != null) {
+        request.body.cancel();
+      }
 
       return duplexAccessed && !hasContentType;
     });
@@ -3401,6 +3451,19 @@ const factory = (env) => {
       // see https://github.com/cloudflare/workerd/issues/902
       const isCredentialsSupported = isRequestSupported && 'credentials' in Request.prototype;
 
+      // If data is FormData and Content-Type is multipart/form-data without boundary,
+      // delete it so fetch can set it correctly with the boundary
+      if (utils$1.isFormData(data)) {
+        const contentType = headers.getContentType();
+        if (
+          contentType &&
+          /^multipart\/form-data/i.test(contentType) &&
+          !/boundary=/i.test(contentType)
+        ) {
+          headers.delete('content-type');
+        }
+      }
+
       const resolvedOptions = {
         ...fetchOptions,
         signal: composedSignal,
@@ -3709,7 +3772,7 @@ function dispatchRequest(config) {
   );
 }
 
-const VERSION$1 = "1.15.0";
+const VERSION$1 = "1.15.2";
 
 const validators$1 = {};
 
@@ -3794,7 +3857,9 @@ function assertOptions(options, schema, allowUnknown) {
   let i = keys.length;
   while (i-- > 0) {
     const opt = keys[i];
-    const validator = schema[opt];
+    // Use hasOwnProperty so a polluted Object.prototype.<opt> cannot supply
+    // a non-function validator and cause a TypeError. See GHSA-q8qp-cvcw-x6jj.
+    const validator = Object.prototype.hasOwnProperty.call(schema, opt) ? schema[opt] : undefined;
     if (validator) {
       const value = options[opt];
       const result = value === undefined || validator(value, opt, options);
@@ -4427,26 +4492,6 @@ const urlForNetwork = (network) => {
             return 'http://insight.testnet.networks.dash.org:3001/insight-api';
     }
 };
-/**
- * Fetch address details from the Insight API.
- *
- * @param {InsightAddressParams} p Parameters for fetching address details.
- * @returns {Promise<InsightAddressResponse>} Address details fetched from the Insight API.
- */
-const getAddress = (p) => __awaiter(void 0, void 0, void 0, function* () {
-    const data = (yield axios.get(`${urlForNetwork(p.network)}/addr/${p.address}`)).data;
-    return data;
-});
-/**
- * Fetch transactions associated with an address from the Insight API.
- *
- * @param {InsightAddressParams} p Parameters for fetching address transactions.
- * @returns {Promise<{ txs: InsightTxResponse[]; pagesTotal: number }>} Transactions associated with the address.
- */
-const getAddressTxs = (p) => __awaiter(void 0, void 0, void 0, function* () {
-    const pageNum = (p === null || p === void 0 ? void 0 : p.pageNum) || 0;
-    return (yield axios.get(`${urlForNetwork(p.network)}/txs?address=${p.address}&pageNum=${pageNum}`)).data;
-});
 /**
  * Fetch UTXOs associated with an address from the Insight API.
  *
@@ -4456,15 +4501,6 @@ const getAddressTxs = (p) => __awaiter(void 0, void 0, void 0, function* () {
 const getAddressUtxos = (p) => __awaiter(void 0, void 0, void 0, function* () {
     return (yield axios.get(`${urlForNetwork(p.network)}/addr/${p.address}/utxo`)).data;
 });
-/**
- * Fetch transaction details from the Insight API.
- *
- * @param {InsightTransactionParams} p Parameters for fetching transaction details.
- * @returns {Promise<InsightTxResponse>} Transaction details fetched from the Insight API.
- */
-const getTx = (p) => __awaiter(void 0, void 0, void 0, function* () {
-    return (yield axios.get(`${urlForNetwork(p.network)}/tx/${p.txid}`)).data;
-});
 /**
  * Fetch raw transaction data from the Insight API.
  *
@@ -4616,7 +4652,7 @@ const defaultDashParams = {
     network: Network.Mainnet,
     phrase: '',
     explorerProviders: explorerProviders,
-    dataProviders: [BitgoProviders, BlockcypherDataProviders],
+    dataProviders: [BlockcypherDataProviders, BitgoProviders],
     rootDerivationPaths: {
         [Network.Mainnet]: `m/44'/5'/0'/0/`,
         [Network.Stagenet]: `m/44'/5'/0'/0/`,
@@ -4667,120 +4703,6 @@ class Client extends Client$1 {
     validateAddress(address) {
         return validateAddress(address, this.network);
     }
-    /**
-     * Asynchronously get the balance for a DASH address.
-     * @param {string} address The DASH address.
-     * @returns {Promise<Balance[]>} A promise resolving to an array of balances.
-     */
-    getBalance(address) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const addressResponse = yield getAddress({ network: this.network, address });
-            const confirmed = baseAmount(addressResponse.balanceSat);
-            const unconfirmed = baseAmount(addressResponse.unconfirmedBalanceSat);
-            return [
-                {
-                    asset: AssetDASH,
-                    amount: confirmed.plus(unconfirmed),
-                },
-            ];
-        });
-    }
-    /**
-     * Asynchronously retrieves transactions for a given address.
-     * @param {TxHistoryParams} params - Parameters for transaction retrieval.
-     * @returns {Promise<TxsPage>} A promise resolving to a page of transactions.
-     */
-    getTransactions(params) {
-        return __awaiter(this, void 0, void 0, function* () {
-            var _a;
-            // Extract offset and limit from parameters or set default values
-            const offset = (_a = params === null || params === void 0 ? void 0 : params.offset) !== null && _a !== void 0 ? _a : 0;
-            const limit = (params === null || params === void 0 ? void 0 : params.limit) || 10;
-            // Insight uses pages rather than offset/limit indexes, so we have to
-            // iterate through each page within the offset/limit range.
-            const perPage = 10;
-            const startPage = Math.floor(offset / perPage);
-            const endPage = Math.floor((offset + limit - 1) / perPage);
-            const firstPageOffset = offset % perPage;
-            const lastPageLimit = (firstPageOffset + (limit - 1)) % perPage;
-            let totalPages = -1;
-            let lastPageTotal = -1;
-            let insightTxs = [];
-            // Iterate through each page within the offset/limit range
-            for (let pageNum = startPage; pageNum <= endPage; pageNum++) {
-                const response = yield getAddressTxs({
-                    network: this.network,
-                    address: `${params === null || params === void 0 ? void 0 : params.address}`,
-                    pageNum,
-                });
-                let startIndex = 0;
-                let endIndex = perPage - 1;
-                if (pageNum == startPage) {
-                    startIndex = firstPageOffset;
-                }
-                if (pageNum === endPage) {
-                    endIndex = lastPageLimit;
-                }
-                insightTxs = [...insightTxs, ...response.txs.slice(startIndex, endIndex + 1)];
-                // Insight only returns the number of pages not the total number of
-                // transactions. If the last page is within the offset/limit range then we
-                // can set the lastPageTotal here and avoid having to send another request,
-                // otherwise we can fetch the last page later to determine the total
-                // transaction count
-                totalPages = response.pagesTotal;
-                if (pageNum === totalPages - 1) {
-                    lastPageTotal = response.txs.length;
-                }
-            }
-            // Map insight transactions to XChain transactions
-            const txs = insightTxs.map(this.insightTxToXChainTx);
-            // Fetch transactions count for last page if not obtained
-            if (lastPageTotal < 0) {
-                const lastPageResponse = yield getAddressTxs({
-                    network: this.network,
-                    address: `${params === null || params === void 0 ? void 0 : params.address}`,
-                    pageNum: totalPages - 1,
-                });
-                lastPageTotal = lastPageResponse.txs.length;
-            }
-            // Calculate total transactions count and return the page of transactions
-            return {
-                total: (totalPages - 1) * perPage + lastPageTotal,
-                txs,
-            };
-        });
-    }
-    /**
-     * Asynchronously retrieves transaction data for a given transaction ID.
-     * @param {string} txid - The transaction ID.
-     * @returns {Promise<Tx>} A promise resolving to the transaction data.
-     */
-    getTransactionData(txid) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const tx = yield getTx({ network: this.network, txid });
-            return this.insightTxToXChainTx(tx);
-        });
-    }
-    /**
-     * Converts an Insight transaction response to XChain transaction.
-     * @param {InsightTxResponse} tx - The Insight transaction response.
-     * @returns {Tx} The XChain transaction.
-     */
-    insightTxToXChainTx(tx) {
-        return {
-            asset: AssetDASH,
-            from: tx.vin.map((i) => ({
-                from: i.addr,
-                amount: assetToBase(assetAmount(i.value)),
-            })),
-            to: tx.vout
-                .filter((i) => i.scriptPubKey.type !== 'nulldata')
-                .map((i) => { var _a; return ({ to: (_a = i.scriptPubKey.addresses) === null || _a === void 0 ? void 0 : _a[0], amount: assetToBase(assetAmount(i.value)) }); }),
-            date: new Date(tx.time * 1000),
-            type: TxType.Transfer,
-            hash: tx.txid,
-        };
-    }
     /**
      * Asynchronously prepares a transaction for sending assets.
      * @deprecated Use `prepareTxEnhanced` instead for better UTXO selection and error handling.
@@ -4850,6 +4772,15 @@ class Client extends Client$1 {
         // Ensure fee meets minimum requirement
         return fee > TX_MIN_FEE ? fee : TX_MIN_FEE;
     }
+    getUtxoScriptHex(utxo) {
+        var _a;
+        // Providers may populate either scriptPubKey (Insight) or witnessUtxo.script (Blockcypher)
+        const scriptHex = utxo.scriptPubKey || ((_a = utxo.witnessUtxo) === null || _a === void 0 ? void 0 : _a.script.toString('hex'));
+        if (!scriptHex) {
+            throw UtxoError.validationError(`UTXO ${utxo.hash}:${utxo.index} is missing scriptPubKey and witnessUtxo.script`);
+        }
+        return scriptHex;
+    }
     // ==================== Enhanced Transaction Methods ====================
     /**
      * Prepare transaction with enhanced UTXO selection.
@@ -4885,7 +4816,7 @@ class Client extends Client$1 {
                 const tx = new dashcore.Transaction().to(recipient, targetValue);
                 // Add selected inputs
                 for (const utxo of selectionResult.inputs) {
-                    const scriptBuffer = Buffer.from(utxo.scriptPubKey || '', 'hex');
+                    const scriptBuffer = Buffer.from(this.getUtxoScriptHex(utxo), 'hex');
                     const script = new dashcore.Script(scriptBuffer);
                     const input = new dashcore.Transaction.Input.PublicKeyHash({
                         prevTxId: Buffer.from(utxo.hash, 'hex'),
@@ -4946,7 +4877,7 @@ class Client extends Client$1 {
                 const tx = new dashcore.Transaction().to(recipient, maxCalc.amount);
                 // Add inputs
                 for (const utxo of maxCalc.inputs) {
-                    const scriptBuffer = Buffer.from(utxo.scriptPubKey || '', 'hex');
+                    const scriptBuffer = Buffer.from(this.getUtxoScriptHex(utxo), 'hex');
                     const script = new dashcore.Script(scriptBuffer);
                     const input = new dashcore.Transaction.Input.PublicKeyHash({
                         prevTxId: Buffer.from(utxo.hash, 'hex'),
@@ -4983,37 +4914,6 @@ class Client extends Client$1 {
     }
 }
 
-/**
- * Function to broadcast a transaction to the Dash network.
- *
- * @param {BroadcastTxParams} params Parameters for broadcasting the transaction.
- * @returns {Promise<TxHash>} Promise that resolves with the transaction hash if successful, or rejects with an error message if unsuccessful.
- */
-const broadcastTx = (params) => __awaiter(void 0, void 0, void 0, function* () {
-    const uniqueId = new Date().getTime().toString(); // Generate a unique identifier for the transaction request.
-    try {
-        const response = (yield axios.post(`${params.nodeUrl}/tx/send`, // URL endpoint for broadcasting the transaction.
-        {
-            jsonrpc: '2.0',
-            rawtx: [params.txHex], // Include the hexadecimal transaction in the request body.
-            id: uniqueId,
-        }, {
-            auth: params.auth, // Include authentication credentials if provided.
-            timeout: 30 * 1000, // Set a timeout for the request.
-        })).data;
-        if (response.error) {
-            // If there is an error in the response, reject the promise with the error message.
-            return Promise.reject(Error(`failed to broadcast a transaction: ${response.error}`));
-        }
-        // If no error, return the transaction ID indicating successful broadcast.
-        return response.txid;
-    }
-    catch (ex) {
-        // If an exception occurs during the request, reject the promise with the caught error message.
-        return Promise.reject(Error(`failed to broadcast a transaction caught: ${String(ex)}`));
-    }
-});
-
 const ECPair = ECPairFactory(ecc);
 class ClientKeystore extends Client {
     /**
@@ -5086,13 +4986,16 @@ class ClientKeystore extends Client {
             const tx = new dashcore.Transaction(rawUnsignedTx);
             // eslint-disable-next-line @typescript-eslint/no-explicit-any
             tx.inputs.forEach((input, index) => {
+                var _a;
                 const insightUtxo = utxos.find((utxo) => {
                     return utxo.hash === input.prevTxId.toString('hex') && utxo.index == input.outputIndex;
                 });
                 if (!insightUtxo) {
                     throw new Error('Unable to match accumulative inputs with insight utxos');
                 }
-                const scriptBuffer = Buffer.from(insightUtxo.scriptPubKey || '', 'hex');
+                // Providers may populate either scriptPubKey (Insight) or witnessUtxo.script (Blockcypher)
+                const scriptHex = insightUtxo.scriptPubKey || ((_a = insightUtxo.witnessUtxo) === null || _a === void 0 ? void 0 : _a.script.toString('hex')) || '';
+                const scriptBuffer = Buffer.from(scriptHex, 'hex');
                 const script = new dashcore.Script(scriptBuffer);
                 tx.inputs[index] = new dashcore.Transaction.Input.PublicKeyHash({
                     prevTxId: Buffer.from(insightUtxo.hash, 'hex'),
@@ -5107,11 +5010,7 @@ class ClientKeystore extends Client {
             const dashKeys = this.getDashKeys(this.phrase, fromAddressIndex);
             tx.sign(`${(_a = dashKeys.privateKey) === null || _a === void 0 ? void 0 : _a.toString('hex')}`);
             const txHex = tx.checkedSerialize({});
-            return yield broadcastTx({
-                txHex,
-                nodeUrl: this.nodeUrls[this.network],
-                auth: this.nodeAuth,
-            });
+            return yield this.broadcastTx(txHex);
         });
     }
     /**
@@ -5144,13 +5043,16 @@ class ClientKeystore extends Client {
             const tx = new dashcore.Transaction(rawUnsignedTx);
             // eslint-disable-next-line @typescript-eslint/no-explicit-any
             tx.inputs.forEach((input, index) => {
+                var _a;
                 const insightUtxo = utxos.find((utxo) => {
                     return utxo.hash === input.prevTxId.toString('hex') && utxo.index == input.outputIndex;
                 });
                 if (!insightUtxo) {
                     throw new Error('Unable to match accumulative inputs with insight utxos');
                 }
-                const scriptBuffer = Buffer.from(insightUtxo.scriptPubKey || '', 'hex');
+                // Providers may populate either scriptPubKey (Insight) or witnessUtxo.script (Blockcypher)
+                const scriptHex = insightUtxo.scriptPubKey || ((_a = insightUtxo.witnessUtxo) === null || _a === void 0 ? void 0 : _a.script.toString('hex')) || '';
+                const scriptBuffer = Buffer.from(scriptHex, 'hex');
                 const script = new dashcore.Script(scriptBuffer);
                 tx.inputs[index] = new dashcore.Transaction.Input.PublicKeyHash({
                     prevTxId: Buffer.from(insightUtxo.hash, 'hex'),
@@ -5165,11 +5067,7 @@ class ClientKeystore extends Client {
             const dashKeys = this.getDashKeys(this.phrase, fromAddressIndex);
             tx.sign(`${(_a = dashKeys.privateKey) === null || _a === void 0 ? void 0 : _a.toString('hex')}`);
             const txHex = tx.checkedSerialize({});
-            const hash = yield broadcastTx({
-                txHex,
-                nodeUrl: this.nodeUrls[this.network],
-                auth: this.nodeAuth,
-            });
+            const hash = yield this.broadcastTx(txHex);
             return { hash, maxAmount, fee };
         });
     }
@@ -5252,13 +5150,8 @@ class ClientLedger extends Client {
                 useTrustedInputForSegwit: false,
                 additionals: [],
             });
-            // Broadcast transaction
-            const txHash = yield broadcastTx({
-                txHex,
-                nodeUrl: this.nodeUrls[this.network],
-                auth: this.nodeAuth,
-            });
-            // Throw error if no transaction hash is received
+            // Broadcast transaction via the configured data providers
+            const txHash = yield this.broadcastTx(txHex);
             if (!txHash) {
                 throw Error('No Tx hash');
             }
@@ -5306,11 +5199,7 @@ class ClientLedger extends Client {
                 useTrustedInputForSegwit: false,
                 additionals: [],
             });
-            const hash = yield broadcastTx({
-                txHex,
-                nodeUrl: this.nodeUrls[this.network],
-                auth: this.nodeAuth,
-            });
+            const hash = yield this.broadcastTx(txHex);
             if (!hash) {
                 throw Error('No Tx hash');
             }