digiid-ts 1.0.0 → 1.1.0

package/README.md

@@ -8,18 +8,32 @@ Provides utilities for generating Digi-ID URIs for QR code display and verifying
 
 *   Generates Digi-ID URIs according to the specification.
 *   Verifies Digi-ID callback signatures and data.
+*   Verifies signatures from all standard DigiByte address types (Legacy, SegWit P2SH, Native SegWit/Bech32).
 *   Full TypeScript support with comprehensive type definitions.
 *   Modern ES modules support.
-*   Zero dependencies (except for Node.js built-ins).
+*   Minimal dependencies, relying on standard cryptographic libraries.
 *   Comprehensive test coverage.
 *   Detailed error messages for debugging.
 
 ## Installation
 
 ```bash
+# Using npm
 npm install digiid-ts
+
+# Using yarn
+yarn add digiid-ts
+
+# Using pnpm
+pnpm add digiid-ts
 ```
 
+The package provides both ESM and UMD builds, with full TypeScript type definitions.
+
+### Requirements
+- Node.js 16.0.0 or higher
+- TypeScript 4.5 or higher (for TypeScript users)
+
 ## Usage
 
 ### Generating a Digi-ID URI

package/dist/__tests__/digiid.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=digiid.test.d.ts.map

package/dist/__tests__/digiid.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"digiid.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/digiid.test.ts"],"names":[],"mappings":""}

package/dist/digiid-ts.es.js

@@ -1,23 +1,33 @@
-import { randomBytes as m } from "crypto";
-import { createRequire as U } from "module";
+import { randomBytes as f } from "crypto";
+import * as m from "bitcoinjs-message";
 class e extends Error {
   constructor(r) {
     super(r), this.name = "DigiIDError";
   }
 }
-async function f(t, r, i) {
-  const s = U(import.meta.url)("digibyte-message");
+async function U(t, r, i) {
+  const c = `DigiByte Signed Message:
+`;
   try {
-    const a = new s(t);
-    return !!await Promise.resolve(
-      a.verify(r, i)
+    return !!m.verify(
+      t,
+      // The message that was signed (the DigiID URI)
+      r,
+      // The DigiByte address (D..., S..., or dgb1...)
+      i,
+      // The signature string (Base64 encoded)
+      c,
+      // The DigiByte specific message prefix
+      !0
+      // Set checkSegwitAlways to true to handle all address types correctly
     );
   } catch (a) {
-    throw new e(`Signature verification failed: ${a.message || a}`);
+    const s = a instanceof Error ? a.message : String(a);
+    throw new e(`Signature verification failed: ${s}`);
   }
 }
 function b(t = 16) {
-  return m(t).toString("hex");
+  return f(t).toString("hex");
 }
 function k(t) {
   if (!t.callbackUrl)
@@ -28,16 +38,16 @@ function k(t) {
   } catch (o) {
     throw new e(`Invalid callback URL: ${o.message}`);
   }
-  const i = r.host + r.pathname, c = t.nonce || b(), s = t.unsecure ? "1" : "0";
+  const i = r.host + r.pathname, c = t.nonce || b(), a = t.unsecure ? "1" : "0";
   if (t.unsecure && r.protocol !== "http:")
     throw new e("Unsecure flag is true, but callback URL does not use http protocol.");
   if (!t.unsecure && r.protocol !== "https:")
     throw new e("Callback URL must use https protocol unless unsecure flag is set to true.");
-  return `digiid://${i}?x=${c}&u=${s}`;
+  return `digiid://${i}?x=${c}&u=${a}`;
 }
-async function v(t, r) {
-  const { address: i, uri: c, signature: s } = t, { expectedCallbackUrl: a, expectedNonce: o } = r;
-  if (!i || !c || !s)
+async function R(t, r) {
+  const { address: i, uri: c, signature: a } = t, { expectedCallbackUrl: s, expectedNonce: o } = r;
+  if (!i || !c || !a)
     throw new e("Missing required callback data: address, uri, or signature.");
   let l;
   try {
@@ -51,7 +61,7 @@ async function v(t, r) {
     throw new e("URI missing nonce (x) or unsecure (u) parameter.");
   let d;
   try {
-    d = typeof a == "string" ? new URL(a) : a;
+    d = typeof s == "string" ? new URL(s) : s;
   } catch (n) {
     throw new e(`Invalid expectedCallbackUrl provided: ${n.message}`);
   }
@@ -66,7 +76,7 @@ async function v(t, r) {
   if (o && u !== o)
     throw new e(`Nonce mismatch: URI contained "${u}", expected "${o}". Possible replay attack.`);
   try {
-    if (!await f(c, i, s))
+    if (!await U(c, i, a))
       throw new e("Invalid signature.");
   } catch (n) {
     throw n instanceof e ? n : new e(`Unexpected error during signature verification: ${n.message}`);
@@ -80,8 +90,8 @@ async function v(t, r) {
 }
 export {
   e as DigiIDError,
-  f as _internalVerifySignature,
+  U as _internalVerifySignature,
   k as generateDigiIDUri,
-  v as verifyDigiIDCallback
+  R as verifyDigiIDCallback
 };
 //# sourceMappingURL=digiid-ts.es.js.map

package/dist/digiid-ts.es.js.map

@@ -1 +1 @@
-{"version":3,"file":"digiid-ts.es.js","sources":["../src/types.ts","../src/digiid.ts"],"sourcesContent":["/**\n * Options for generating a DigiID URI.\n */\nexport interface DigiIDUriOptions {\n  /** The full URL that the user's DigiID wallet will send the verification data back to. */\n  callbackUrl: string;\n  /** A unique, unpredictable nonce (number used once) for this authentication request. If not provided, a secure random one might be generated (implementation specific). */\n  nonce?: string;\n  /** Set to true for testing over HTTP (insecure), defaults to false (HTTPS required). */\n  unsecure?: boolean;\n}\n\n/**\n * Data structure typically received from the DigiID wallet callback.\n */\nexport interface DigiIDCallbackData {\n  /** The DigiByte address used for signing. */\n  address: string;\n  /** The DigiID URI that was originally presented to the user. */\n  uri: string;\n  /** The signature proving ownership of the address, signing the URI. */\n  signature: string;\n}\n\n/**\n * Options for verifying a DigiID callback.\n */\nexport interface DigiIDVerifyOptions {\n  /** The expected callback URL (or parts of it, like domain/path) that should match the one in the received URI. */\n  expectedCallbackUrl: string | URL;\n  /** The specific nonce that was originally generated for this authentication attempt, to prevent replay attacks. */\n  expectedNonce?: string;\n}\n\n/**\n * Result of a successful DigiID verification.\n */\nexport interface DigiIDVerificationResult {\n  /** Indicates the verification was successful. */\n  isValid: true;\n  /** The DigiByte address that was successfully verified. */\n  address: string;\n  /** The nonce extracted from the verified URI. */\n  nonce: string;\n}\n\n/**\n * Represents an error during DigiID processing.\n */\nexport class DigiIDError extends Error {\n  constructor(message: string) {\n    super(message);\n    this.name = 'DigiIDError';\n  }\n}\n","import { randomBytes } from 'crypto';\n// Import createRequire for CJS dependencies in ESM\nimport { createRequire } from 'module';\nimport { \n  DigiIDUriOptions, \n  DigiIDError, \n  DigiIDCallbackData, \n  DigiIDVerifyOptions, \n  DigiIDVerificationResult \n} from './types';\n\n// Moved require inside the function that uses it to potentially help mocking\n// and avoid top-level side effects if require itself does something complex.\n\n/**\n * INTERNAL: Verifies the signature using the digibyte-message library.\n * Exported primarily for testing purposes (mocking/spying).\n * @internal\n */\nexport async function _internalVerifySignature(\n  uri: string,\n  address: string,\n  signature: string\n): Promise<boolean> {\n  // Create a require function scoped to this module\n  const require = createRequire(import.meta.url);\n  // eslint-disable-next-line @typescript-eslint/no-var-requires\n  const Message = require('digibyte-message');\n  try {\n    const messageInstance = new Message(uri);\n    // Assuming synchronous based on common bitcore patterns, but wrapping for safety\n    const isValidSignature = await Promise.resolve(\n      messageInstance.verify(address, signature)\n    );\n    return !!isValidSignature; // Ensure boolean return\n  } catch (e: any) {\n    // Re-throw specific errors (like format/checksum errors) from the underlying library\n    // to be caught by the main verification function.\n    throw new DigiIDError(`Signature verification failed: ${e.message || e}`);\n  }\n}\n\n/**\n * Generates a secure random nonce (hex string).\n * @param length - The number of bytes to generate (default: 16, resulting in 32 hex chars).\n * @returns A hex-encoded random string.\n */\nfunction generateNonce(length = 16): string {\n  return randomBytes(length).toString('hex');\n}\n\n/**\n * Generates a DigiID authentication URI.\n *\n * @param options - Options for URI generation, including the callback URL.\n * @returns The generated DigiID URI string.\n * @throws {DigiIDError} If the callback URL is invalid or missing.\n */\nexport function generateDigiIDUri(options: DigiIDUriOptions): string {\n  if (!options.callbackUrl) {\n    throw new DigiIDError('Callback URL is required.');\n  }\n\n  let parsedUrl: URL;\n  try {\n    parsedUrl = new URL(options.callbackUrl);\n  } catch (e) {\n    throw new DigiIDError(`Invalid callback URL: ${(e as Error).message}`);\n  }\n\n  // DigiID spec requires stripping the scheme (http/https)\n  const domainAndPath = parsedUrl.host + parsedUrl.pathname;\n\n  const nonce = options.nonce || generateNonce();\n  const unsecureFlag = options.unsecure ? '1' : '0'; // 1 for http, 0 for https\n\n  // Validate scheme based on unsecure flag\n  if (options.unsecure && parsedUrl.protocol !== 'http:') {\n    throw new DigiIDError('Unsecure flag is true, but callback URL does not use http protocol.');\n  }\n  if (!options.unsecure && parsedUrl.protocol !== 'https:') {\n    throw new DigiIDError('Callback URL must use https protocol unless unsecure flag is set to true.');\n  }\n\n  // Construct the URI\n  // Example: digiid://example.com/callback?x=nonce_value&u=0\n  const uri = `digiid://${domainAndPath}?x=${nonce}&u=${unsecureFlag}`;\n\n  // Clean up potential trailing slash in path if no query params exist (though DigiID always has params)\n  // This check might be redundant given DigiID structure, but good practice\n  // const cleanedUri = uri.endsWith('/') && parsedUrl.search === '' ? uri.slice(0, -1) : uri;\n\n  return uri;\n}\n\n/**\n * Verifies the signature and data received from a DigiID callback.\n *\n * @param callbackData - The data received from the wallet (address, uri, signature).\n * @param verifyOptions - Options for verification, including the expected callback URL and nonce.\n * @returns {Promise<DigiIDVerificationResult>} A promise that resolves with verification details if successful.\n * @throws {DigiIDError} If validation or signature verification fails.\n */\nexport async function verifyDigiIDCallback(\n  callbackData: DigiIDCallbackData,\n  verifyOptions: DigiIDVerifyOptions\n): Promise<DigiIDVerificationResult> {\n  const { address, uri, signature } = callbackData;\n  const { expectedCallbackUrl, expectedNonce } = verifyOptions;\n\n  if (!address || !uri || !signature) {\n    throw new DigiIDError('Missing required callback data: address, uri, or signature.');\n  }\n\n  // 1. Parse the received URI\n  let parsedReceivedUri: URL;\n  try {\n    // Temporarily replace digiid:// with http:// for standard URL parsing\n    const parsableUri = uri.replace(/^digiid:/, 'http:');\n    parsedReceivedUri = new URL(parsableUri);\n  } catch (e) {\n    throw new DigiIDError(`Invalid URI received in callback: ${(e as Error).message}`);\n  }\n\n  const receivedNonce = parsedReceivedUri.searchParams.get('x');\n  const receivedUnsecure = parsedReceivedUri.searchParams.get('u'); // 0 or 1\n  const receivedDomainAndPath = parsedReceivedUri.host + parsedReceivedUri.pathname;\n\n  if (receivedNonce === null || receivedUnsecure === null) {\n    throw new DigiIDError('URI missing nonce (x) or unsecure (u) parameter.');\n  }\n\n  // 2. Validate Callback URL\n  let parsedExpectedUrl: URL;\n  try {\n    // Allow expectedCallbackUrl to be a string or URL object\n    parsedExpectedUrl = typeof expectedCallbackUrl === 'string' ? new URL(expectedCallbackUrl) : expectedCallbackUrl;\n  } catch (e) {\n    throw new DigiIDError(`Invalid expectedCallbackUrl provided: ${(e as Error).message}`);\n  }\n\n  const expectedDomainAndPath = parsedExpectedUrl.host + parsedExpectedUrl.pathname;\n\n  if (receivedDomainAndPath !== expectedDomainAndPath) {\n    throw new DigiIDError(`Callback URL mismatch: URI contained \"${receivedDomainAndPath}\", expected \"${expectedDomainAndPath}\"`);\n  }\n\n  // Validate scheme consistency\n  const expectedScheme = parsedExpectedUrl.protocol;\n  if (receivedUnsecure === '1' && expectedScheme !== 'http:') {\n    throw new DigiIDError('URI indicates unsecure (u=1), but expectedCallbackUrl is not http.');\n  }\n  if (receivedUnsecure === '0' && expectedScheme !== 'https:') {\n    throw new DigiIDError('URI indicates secure (u=0), but expectedCallbackUrl is not https.');\n  }\n\n  // 3. Validate Nonce (optional)\n  if (expectedNonce && receivedNonce !== expectedNonce) {\n    throw new DigiIDError(`Nonce mismatch: URI contained \"${receivedNonce}\", expected \"${expectedNonce}\". Possible replay attack.`);\n  }\n\n  // 4. Verify Signature using internal helper\n  try {\n    const isValidSignature = await _internalVerifySignature(uri, address, signature);\n    if (!isValidSignature) {\n        // If the helper returns false, throw the standard invalid signature error\n        throw new DigiIDError('Invalid signature.');\n    }\n  } catch (error) {\n     // If _internalVerifySignature throws (e.g., due to format/checksum errors from the lib, or our re-thrown error),\n     // re-throw it. It should already be a DigiIDError.\n     if (error instanceof DigiIDError) {\n        throw error;\n     } else {\n        // Catch any unexpected errors and wrap them\n        throw new DigiIDError(`Unexpected error during signature verification: ${(error as Error).message}`);\n     }\n  }\n\n  // 5. Return successful result\n  return {\n    isValid: true,\n    address: address,\n    nonce: receivedNonce, // Return the nonce from the URI\n  };\n}\n"],"names":["DigiIDError","message","_internalVerifySignature","uri","address","signature","Message","createRequire","messageInstance","e","generateNonce","length","randomBytes","generateDigiIDUri","options","parsedUrl","domainAndPath","nonce","unsecureFlag","verifyDigiIDCallback","callbackData","verifyOptions","expectedCallbackUrl","expectedNonce","parsedReceivedUri","parsableUri","receivedNonce","receivedUnsecure","receivedDomainAndPath","parsedExpectedUrl","expectedDomainAndPath","expectedScheme","error"],"mappings":";;AAiDO,MAAMA,UAAoB,MAAM;AAAA,EACrC,YAAYC,GAAiB;AAC3B,UAAMA,CAAO,GACb,KAAK,OAAO;AAAA,EAAA;AAEhB;ACnCsB,eAAAC,EACpBC,GACAC,GACAC,GACkB;AAIZ,QAAAC,IAFUC,EAAc,YAAY,GAAG,EAErB,kBAAkB;AACtC,MAAA;AACI,UAAAC,IAAkB,IAAIF,EAAQH,CAAG;AAKvC,WAAO,CAAC,CAHiB,MAAM,QAAQ;AAAA,MACrCK,EAAgB,OAAOJ,GAASC,CAAS;AAAA,IAC3C;AAAA,WAEOI,GAAQ;AAGf,UAAM,IAAIT,EAAY,kCAAkCS,EAAE,WAAWA,CAAC,EAAE;AAAA,EAAA;AAE5E;AAOA,SAASC,EAAcC,IAAS,IAAY;AAC1C,SAAOC,EAAYD,CAAM,EAAE,SAAS,KAAK;AAC3C;AASO,SAASE,EAAkBC,GAAmC;AAC/D,MAAA,CAACA,EAAQ;AACL,UAAA,IAAId,EAAY,2BAA2B;AAG/C,MAAAe;AACA,MAAA;AACU,IAAAA,IAAA,IAAI,IAAID,EAAQ,WAAW;AAAA,WAChCL,GAAG;AACV,UAAM,IAAIT,EAAY,yBAA0BS,EAAY,OAAO,EAAE;AAAA,EAAA;AAIjE,QAAAO,IAAgBD,EAAU,OAAOA,EAAU,UAE3CE,IAAQH,EAAQ,SAASJ,EAAc,GACvCQ,IAAeJ,EAAQ,WAAW,MAAM;AAG9C,MAAIA,EAAQ,YAAYC,EAAU,aAAa;AACvC,UAAA,IAAIf,EAAY,qEAAqE;AAE7F,MAAI,CAACc,EAAQ,YAAYC,EAAU,aAAa;AACxC,UAAA,IAAIf,EAAY,2EAA2E;AAW5F,SANK,YAAYgB,CAAa,MAAMC,CAAK,MAAMC,CAAY;AAOpE;AAUsB,eAAAC,EACpBC,GACAC,GACmC;AACnC,QAAM,EAAE,SAAAjB,GAAS,KAAAD,GAAK,WAAAE,EAAc,IAAAe,GAC9B,EAAE,qBAAAE,GAAqB,eAAAC,EAAA,IAAkBF;AAE/C,MAAI,CAACjB,KAAW,CAACD,KAAO,CAACE;AACjB,UAAA,IAAIL,EAAY,6DAA6D;AAIjF,MAAAwB;AACA,MAAA;AAEF,UAAMC,IAActB,EAAI,QAAQ,YAAY,OAAO;AAC/B,IAAAqB,IAAA,IAAI,IAAIC,CAAW;AAAA,WAChChB,GAAG;AACV,UAAM,IAAIT,EAAY,qCAAsCS,EAAY,OAAO,EAAE;AAAA,EAAA;AAGnF,QAAMiB,IAAgBF,EAAkB,aAAa,IAAI,GAAG,GACtDG,IAAmBH,EAAkB,aAAa,IAAI,GAAG,GACzDI,IAAwBJ,EAAkB,OAAOA,EAAkB;AAErE,MAAAE,MAAkB,QAAQC,MAAqB;AAC3C,UAAA,IAAI3B,EAAY,kDAAkD;AAItE,MAAA6B;AACA,MAAA;AAEF,IAAAA,IAAoB,OAAOP,KAAwB,WAAW,IAAI,IAAIA,CAAmB,IAAIA;AAAA,WACtFb,GAAG;AACV,UAAM,IAAIT,EAAY,yCAA0CS,EAAY,OAAO,EAAE;AAAA,EAAA;AAGjF,QAAAqB,IAAwBD,EAAkB,OAAOA,EAAkB;AAEzE,MAAID,MAA0BE;AAC5B,UAAM,IAAI9B,EAAY,yCAAyC4B,CAAqB,gBAAgBE,CAAqB,GAAG;AAI9H,QAAMC,IAAiBF,EAAkB;AACrC,MAAAF,MAAqB,OAAOI,MAAmB;AAC3C,UAAA,IAAI/B,EAAY,oEAAoE;AAExF,MAAA2B,MAAqB,OAAOI,MAAmB;AAC3C,UAAA,IAAI/B,EAAY,mEAAmE;AAIvF,MAAAuB,KAAiBG,MAAkBH;AACrC,UAAM,IAAIvB,EAAY,kCAAkC0B,CAAa,gBAAgBH,CAAa,4BAA4B;AAI5H,MAAA;AAEF,QAAI,CADqB,MAAMrB,EAAyBC,GAAKC,GAASC,CAAS;AAGrE,YAAA,IAAIL,EAAY,oBAAoB;AAAA,WAEvCgC,GAAO;AAGb,UAAIA,aAAiBhC,IACZgC,IAGA,IAAIhC,EAAY,mDAAoDgC,EAAgB,OAAO,EAAE;AAAA,EACtG;AAII,SAAA;AAAA,IACL,SAAS;AAAA,IACT,SAAA5B;AAAA,IACA,OAAOsB;AAAA;AAAA,EACT;AACF;"}
+{"version":3,"file":"digiid-ts.es.js","sources":["../src/types.ts","../src/digiid.ts"],"sourcesContent":["/**\n * Options for generating a DigiID URI.\n */\nexport interface DigiIDUriOptions {\n  /** The full URL that the user's DigiID wallet will send the verification data back to. */\n  callbackUrl: string;\n  /** A unique, unpredictable nonce (number used once) for this authentication request. If not provided, a secure random one might be generated (implementation specific). */\n  nonce?: string;\n  /** Set to true for testing over HTTP (insecure), defaults to false (HTTPS required). */\n  unsecure?: boolean;\n}\n\n/**\n * Data structure typically received from the DigiID wallet callback.\n */\nexport interface DigiIDCallbackData {\n  /** The DigiByte address used for signing. */\n  address: string;\n  /** The DigiID URI that was originally presented to the user. */\n  uri: string;\n  /** The signature proving ownership of the address, signing the URI. */\n  signature: string;\n}\n\n/**\n * Options for verifying a DigiID callback.\n */\nexport interface DigiIDVerifyOptions {\n  /** The expected callback URL (or parts of it, like domain/path) that should match the one in the received URI. */\n  expectedCallbackUrl: string | URL;\n  /** The specific nonce that was originally generated for this authentication attempt, to prevent replay attacks. */\n  expectedNonce?: string;\n}\n\n/**\n * Result of a successful DigiID verification.\n */\nexport interface DigiIDVerificationResult {\n  /** Indicates the verification was successful. */\n  isValid: true;\n  /** The DigiByte address that was successfully verified. */\n  address: string;\n  /** The nonce extracted from the verified URI. */\n  nonce: string;\n}\n\n/**\n * Represents an error during DigiID processing.\n */\nexport class DigiIDError extends Error {\n  constructor(message: string) {\n    super(message);\n    this.name = 'DigiIDError';\n  }\n}\n","import { randomBytes } from 'crypto';\n// Import createRequire for CJS dependencies in ESM\n// import { createRequire } from 'module'; // No longer needed for bitcoinjs-message\nimport * as bitcoinMessage from 'bitcoinjs-message';\nimport {\n  DigiIDCallbackData,\n  DigiIDError,\n  DigiIDUriOptions,\n  DigiIDVerificationResult,\n  DigiIDVerifyOptions\n} from './types';\n\n// Moved require inside the function that uses it to potentially help mocking\n// and avoid top-level side effects if require itself does something complex.\n\n/**\n * INTERNAL: Verifies the signature using the bitcoinjs-message library.\n * Exported primarily for testing purposes (mocking/spying).\n * @internal\n */\nexport async function _internalVerifySignature(\n  uri: string,\n  address: string,\n  signature: string\n): Promise<boolean> {\n  // DigiByte Message Prefix\n  const messagePrefix = '\\x19DigiByte Signed Message:\\n';\n\n  try {\n    // bitcoinjs-message verify function\n    const isValidSignature = bitcoinMessage.verify(\n      uri,              // The message that was signed (the DigiID URI)\n      address,          // The DigiByte address (D..., S..., or dgb1...)\n      signature,        // The signature string (Base64 encoded)\n      messagePrefix,    // The DigiByte specific message prefix\n      true              // Set checkSegwitAlways to true to handle all address types correctly\n    );\n    return !!isValidSignature; // Ensure boolean return\n  } catch (e: unknown) {\n    // Catch potential errors from bitcoinjs-message (e.g., invalid address format, invalid signature format)\n    const errorMessage = e instanceof Error ? e.message : String(e);\n    throw new DigiIDError(`Signature verification failed: ${errorMessage}`);\n  }\n}\n\n/**\n * Generates a secure random nonce (hex string).\n * @param length - The number of bytes to generate (default: 16, resulting in 32 hex chars).\n * @returns A hex-encoded random string.\n */\nfunction generateNonce(length = 16): string {\n  return randomBytes(length).toString('hex');\n}\n\n/**\n * Generates a DigiID authentication URI.\n *\n * @param options - Options for URI generation, including the callback URL.\n * @returns The generated DigiID URI string.\n * @throws {DigiIDError} If the callback URL is invalid or missing.\n */\nexport function generateDigiIDUri(options: DigiIDUriOptions): string {\n  if (!options.callbackUrl) {\n    throw new DigiIDError('Callback URL is required.');\n  }\n\n  let parsedUrl: URL;\n  try {\n    parsedUrl = new URL(options.callbackUrl);\n  } catch (e) {\n    throw new DigiIDError(`Invalid callback URL: ${(e as Error).message}`);\n  }\n\n  // DigiID spec requires stripping the scheme (http/https)\n  const domainAndPath = parsedUrl.host + parsedUrl.pathname;\n\n  const nonce = options.nonce || generateNonce();\n  const unsecureFlag = options.unsecure ? '1' : '0'; // 1 for http, 0 for https\n\n  // Validate scheme based on unsecure flag\n  if (options.unsecure && parsedUrl.protocol !== 'http:') {\n    throw new DigiIDError('Unsecure flag is true, but callback URL does not use http protocol.');\n  }\n  if (!options.unsecure && parsedUrl.protocol !== 'https:') {\n    throw new DigiIDError('Callback URL must use https protocol unless unsecure flag is set to true.');\n  }\n\n  // Construct the URI\n  // Example: digiid://example.com/callback?x=nonce_value&u=0\n  const uri = `digiid://${domainAndPath}?x=${nonce}&u=${unsecureFlag}`;\n\n  // Clean up potential trailing slash in path if no query params exist (though DigiID always has params)\n  // This check might be redundant given DigiID structure, but good practice\n  // const cleanedUri = uri.endsWith('/') && parsedUrl.search === '' ? uri.slice(0, -1) : uri;\n\n  return uri;\n}\n\n/**\n * Verifies the signature and data received from a DigiID callback.\n *\n * @param callbackData - The data received from the wallet (address, uri, signature).\n * @param verifyOptions - Options for verification, including the expected callback URL and nonce.\n * @returns {Promise<DigiIDVerificationResult>} A promise that resolves with verification details if successful.\n * @throws {DigiIDError} If validation or signature verification fails.\n */\nexport async function verifyDigiIDCallback(\n  callbackData: DigiIDCallbackData,\n  verifyOptions: DigiIDVerifyOptions\n): Promise<DigiIDVerificationResult> {\n  const { address, uri, signature } = callbackData;\n  const { expectedCallbackUrl, expectedNonce } = verifyOptions;\n\n  if (!address || !uri || !signature) {\n    throw new DigiIDError('Missing required callback data: address, uri, or signature.');\n  }\n\n  // 1. Parse the received URI\n  let parsedReceivedUri: URL;\n  try {\n    // Temporarily replace digiid:// with http:// for standard URL parsing\n    const parsableUri = uri.replace(/^digiid:/, 'http:');\n    parsedReceivedUri = new URL(parsableUri);\n  } catch (e) {\n    throw new DigiIDError(`Invalid URI received in callback: ${(e as Error).message}`);\n  }\n\n  const receivedNonce = parsedReceivedUri.searchParams.get('x');\n  const receivedUnsecure = parsedReceivedUri.searchParams.get('u'); // 0 or 1\n  const receivedDomainAndPath = parsedReceivedUri.host + parsedReceivedUri.pathname;\n\n  if (receivedNonce === null || receivedUnsecure === null) {\n    throw new DigiIDError('URI missing nonce (x) or unsecure (u) parameter.');\n  }\n\n  // 2. Validate Callback URL\n  let parsedExpectedUrl: URL;\n  try {\n    // Allow expectedCallbackUrl to be a string or URL object\n    parsedExpectedUrl = typeof expectedCallbackUrl === 'string' ? new URL(expectedCallbackUrl) : expectedCallbackUrl;\n  } catch (e) {\n    throw new DigiIDError(`Invalid expectedCallbackUrl provided: ${(e as Error).message}`);\n  }\n\n  const expectedDomainAndPath = parsedExpectedUrl.host + parsedExpectedUrl.pathname;\n\n  if (receivedDomainAndPath !== expectedDomainAndPath) {\n    throw new DigiIDError(`Callback URL mismatch: URI contained \"${receivedDomainAndPath}\", expected \"${expectedDomainAndPath}\"`);\n  }\n\n  // Validate scheme consistency\n  const expectedScheme = parsedExpectedUrl.protocol;\n  if (receivedUnsecure === '1' && expectedScheme !== 'http:') {\n    throw new DigiIDError('URI indicates unsecure (u=1), but expectedCallbackUrl is not http.');\n  }\n  if (receivedUnsecure === '0' && expectedScheme !== 'https:') {\n    throw new DigiIDError('URI indicates secure (u=0), but expectedCallbackUrl is not https.');\n  }\n\n  // 3. Validate Nonce (optional)\n  if (expectedNonce && receivedNonce !== expectedNonce) {\n    throw new DigiIDError(`Nonce mismatch: URI contained \"${receivedNonce}\", expected \"${expectedNonce}\". Possible replay attack.`);\n  }\n\n  // 4. Verify Signature using internal helper\n  try {\n    const isValidSignature = await _internalVerifySignature(uri, address, signature);\n    if (!isValidSignature) {\n      // If the helper returns false, throw the standard invalid signature error\n      throw new DigiIDError('Invalid signature.');\n    }\n  } catch (error) {\n    // If _internalVerifySignature throws (e.g., due to format/checksum errors from the lib, or our re-thrown error),\n    // re-throw it. It should already be a DigiIDError.\n    if (error instanceof DigiIDError) {\n      throw error;\n    } else {\n      // Catch any unexpected errors and wrap them\n      throw new DigiIDError(`Unexpected error during signature verification: ${(error as Error).message}`);\n    }\n  }\n\n  // 5. Return successful result\n  return {\n    isValid: true,\n    address: address,\n    nonce: receivedNonce, // Return the nonce from the URI\n  };\n}\n"],"names":["DigiIDError","message","_internalVerifySignature","uri","address","signature","messagePrefix","bitcoinMessage","e","errorMessage","generateNonce","length","randomBytes","generateDigiIDUri","options","parsedUrl","domainAndPath","nonce","unsecureFlag","verifyDigiIDCallback","callbackData","verifyOptions","expectedCallbackUrl","expectedNonce","parsedReceivedUri","parsableUri","receivedNonce","receivedUnsecure","receivedDomainAndPath","parsedExpectedUrl","expectedDomainAndPath","expectedScheme","error"],"mappings":";;AAiDO,MAAMA,UAAoB,MAAM;AAAA,EACrC,YAAYC,GAAiB;AAC3B,UAAMA,CAAO,GACb,KAAK,OAAO;AAAA,EAAA;AAEhB;AClCsB,eAAAC,EACpBC,GACAC,GACAC,GACkB;AAElB,QAAMC,IAAgB;AAAA;AAElB,MAAA;AASF,WAAO,CAAC,CAPiBC,EAAe;AAAA,MACtCJ;AAAA;AAAA,MACAC;AAAA;AAAA,MACAC;AAAA;AAAA,MACAC;AAAA;AAAA,MACA;AAAA;AAAA,IACF;AAAA,WAEOE,GAAY;AAEnB,UAAMC,IAAeD,aAAa,QAAQA,EAAE,UAAU,OAAOA,CAAC;AAC9D,UAAM,IAAIR,EAAY,kCAAkCS,CAAY,EAAE;AAAA,EAAA;AAE1E;AAOA,SAASC,EAAcC,IAAS,IAAY;AAC1C,SAAOC,EAAYD,CAAM,EAAE,SAAS,KAAK;AAC3C;AASO,SAASE,EAAkBC,GAAmC;AAC/D,MAAA,CAACA,EAAQ;AACL,UAAA,IAAId,EAAY,2BAA2B;AAG/C,MAAAe;AACA,MAAA;AACU,IAAAA,IAAA,IAAI,IAAID,EAAQ,WAAW;AAAA,WAChCN,GAAG;AACV,UAAM,IAAIR,EAAY,yBAA0BQ,EAAY,OAAO,EAAE;AAAA,EAAA;AAIjE,QAAAQ,IAAgBD,EAAU,OAAOA,EAAU,UAE3CE,IAAQH,EAAQ,SAASJ,EAAc,GACvCQ,IAAeJ,EAAQ,WAAW,MAAM;AAG9C,MAAIA,EAAQ,YAAYC,EAAU,aAAa;AACvC,UAAA,IAAIf,EAAY,qEAAqE;AAE7F,MAAI,CAACc,EAAQ,YAAYC,EAAU,aAAa;AACxC,UAAA,IAAIf,EAAY,2EAA2E;AAW5F,SANK,YAAYgB,CAAa,MAAMC,CAAK,MAAMC,CAAY;AAOpE;AAUsB,eAAAC,EACpBC,GACAC,GACmC;AACnC,QAAM,EAAE,SAAAjB,GAAS,KAAAD,GAAK,WAAAE,EAAc,IAAAe,GAC9B,EAAE,qBAAAE,GAAqB,eAAAC,EAAA,IAAkBF;AAE/C,MAAI,CAACjB,KAAW,CAACD,KAAO,CAACE;AACjB,UAAA,IAAIL,EAAY,6DAA6D;AAIjF,MAAAwB;AACA,MAAA;AAEF,UAAMC,IAActB,EAAI,QAAQ,YAAY,OAAO;AAC/B,IAAAqB,IAAA,IAAI,IAAIC,CAAW;AAAA,WAChCjB,GAAG;AACV,UAAM,IAAIR,EAAY,qCAAsCQ,EAAY,OAAO,EAAE;AAAA,EAAA;AAGnF,QAAMkB,IAAgBF,EAAkB,aAAa,IAAI,GAAG,GACtDG,IAAmBH,EAAkB,aAAa,IAAI,GAAG,GACzDI,IAAwBJ,EAAkB,OAAOA,EAAkB;AAErE,MAAAE,MAAkB,QAAQC,MAAqB;AAC3C,UAAA,IAAI3B,EAAY,kDAAkD;AAItE,MAAA6B;AACA,MAAA;AAEF,IAAAA,IAAoB,OAAOP,KAAwB,WAAW,IAAI,IAAIA,CAAmB,IAAIA;AAAA,WACtFd,GAAG;AACV,UAAM,IAAIR,EAAY,yCAA0CQ,EAAY,OAAO,EAAE;AAAA,EAAA;AAGjF,QAAAsB,IAAwBD,EAAkB,OAAOA,EAAkB;AAEzE,MAAID,MAA0BE;AAC5B,UAAM,IAAI9B,EAAY,yCAAyC4B,CAAqB,gBAAgBE,CAAqB,GAAG;AAI9H,QAAMC,IAAiBF,EAAkB;AACrC,MAAAF,MAAqB,OAAOI,MAAmB;AAC3C,UAAA,IAAI/B,EAAY,oEAAoE;AAExF,MAAA2B,MAAqB,OAAOI,MAAmB;AAC3C,UAAA,IAAI/B,EAAY,mEAAmE;AAIvF,MAAAuB,KAAiBG,MAAkBH;AACrC,UAAM,IAAIvB,EAAY,kCAAkC0B,CAAa,gBAAgBH,CAAa,4BAA4B;AAI5H,MAAA;AAEF,QAAI,CADqB,MAAMrB,EAAyBC,GAAKC,GAASC,CAAS;AAGvE,YAAA,IAAIL,EAAY,oBAAoB;AAAA,WAErCgC,GAAO;AAGd,UAAIA,aAAiBhC,IACbgC,IAGA,IAAIhC,EAAY,mDAAoDgC,EAAgB,OAAO,EAAE;AAAA,EACrG;AAIK,SAAA;AAAA,IACL,SAAS;AAAA,IACT,SAAA5B;AAAA,IACA,OAAOsB;AAAA;AAAA,EACT;AACF;"}

package/dist/digiid-ts.umd.js

@@ -1,2 +1,3 @@
-(function(r,d){typeof exports=="object"&&typeof module<"u"?d(exports,require("crypto"),require("module")):typeof define=="function"&&define.amd?define(["exports","crypto","module"],d):(r=typeof globalThis<"u"?globalThis:r||self,d(r.DigiIDTs={},r.crypto,r.module))})(this,function(r,d,b){"use strict";var p=typeof document<"u"?document.currentScript:null;class e extends Error{constructor(n){super(n),this.name="DigiIDError"}}async function m(t,n,c){const o=b.createRequire(typeof document>"u"&&typeof location>"u"?require("url").pathToFileURL(__filename).href:typeof document>"u"?location.href:p&&p.tagName.toUpperCase()==="SCRIPT"&&p.src||new URL("digiid-ts.umd.js",document.baseURI).href)("digibyte-message");try{const a=new o(t);return!!await Promise.resolve(a.verify(n,c))}catch(a){throw new e(`Signature verification failed: ${a.message||a}`)}}function I(t=16){return d.randomBytes(t).toString("hex")}function R(t){if(!t.callbackUrl)throw new e("Callback URL is required.");let n;try{n=new URL(t.callbackUrl)}catch(u){throw new e(`Invalid callback URL: ${u.message}`)}const c=n.host+n.pathname,s=t.nonce||I(),o=t.unsecure?"1":"0";if(t.unsecure&&n.protocol!=="http:")throw new e("Unsecure flag is true, but callback URL does not use http protocol.");if(!t.unsecure&&n.protocol!=="https:")throw new e("Callback URL must use https protocol unless unsecure flag is set to true.");return`digiid://${c}?x=${s}&u=${o}`}async function v(t,n){const{address:c,uri:s,signature:o}=t,{expectedCallbackUrl:a,expectedNonce:u}=n;if(!c||!s||!o)throw new e("Missing required callback data: address, uri, or signature.");let l;try{const i=s.replace(/^digiid:/,"http:");l=new URL(i)}catch(i){throw new e(`Invalid URI received in callback: ${i.message}`)}const h=l.searchParams.get("x"),g=l.searchParams.get("u"),w=l.host+l.pathname;if(h===null||g===null)throw new e("URI missing nonce (x) or unsecure (u) parameter.");let f;try{f=typeof a=="string"?new URL(a):a}catch(i){throw new e(`Invalid expectedCallbackUrl provided: ${i.message}`)}const U=f.host+f.pathname;if(w!==U)throw new e(`Callback URL mismatch: URI contained "${w}", expected "${U}"`);const y=f.protocol;if(g==="1"&&y!=="http:")throw new e("URI indicates unsecure (u=1), but expectedCallbackUrl is not http.");if(g==="0"&&y!=="https:")throw new e("URI indicates secure (u=0), but expectedCallbackUrl is not https.");if(u&&h!==u)throw new e(`Nonce mismatch: URI contained "${h}", expected "${u}". Possible replay attack.`);try{if(!await m(s,c,o))throw new e("Invalid signature.")}catch(i){throw i instanceof e?i:new e(`Unexpected error during signature verification: ${i.message}`)}return{isValid:!0,address:c,nonce:h}}r.DigiIDError=e,r._internalVerifySignature=m,r.generateDigiIDUri=R,r.verifyDigiIDCallback=v,Object.defineProperty(r,Symbol.toStringTag,{value:"Module"})});
+(function(i,u){typeof exports=="object"&&typeof module<"u"?u(exports,require("crypto"),require("bitcoinjs-message")):typeof define=="function"&&define.amd?define(["exports","crypto","bitcoinjs-message"],u):(i=typeof globalThis<"u"?globalThis:i||self,u(i.DigiIDTs={},i.crypto,i.bitcoinjsMessage))})(this,function(i,u,U){"use strict";function y(e){const r=Object.create(null,{[Symbol.toStringTag]:{value:"Module"}});if(e){for(const n in e)if(n!=="default"){const a=Object.getOwnPropertyDescriptor(e,n);Object.defineProperty(r,n,a.get?a:{enumerable:!0,get:()=>e[n]})}}return r.default=e,Object.freeze(r)}const D=y(U);class t extends Error{constructor(r){super(r),this.name="DigiIDError"}}async function p(e,r,n){const a=`DigiByte Signed Message:
+`;try{return!!D.verify(e,r,n,a,!0)}catch(s){const o=s instanceof Error?s.message:String(s);throw new t(`Signature verification failed: ${o}`)}}function I(e=16){return u.randomBytes(e).toString("hex")}function k(e){if(!e.callbackUrl)throw new t("Callback URL is required.");let r;try{r=new URL(e.callbackUrl)}catch(l){throw new t(`Invalid callback URL: ${l.message}`)}const n=r.host+r.pathname,a=e.nonce||I(),s=e.unsecure?"1":"0";if(e.unsecure&&r.protocol!=="http:")throw new t("Unsecure flag is true, but callback URL does not use http protocol.");if(!e.unsecure&&r.protocol!=="https:")throw new t("Callback URL must use https protocol unless unsecure flag is set to true.");return`digiid://${n}?x=${a}&u=${s}`}async function v(e,r){const{address:n,uri:a,signature:s}=e,{expectedCallbackUrl:o,expectedNonce:l}=r;if(!n||!a||!s)throw new t("Missing required callback data: address, uri, or signature.");let d;try{const c=a.replace(/^digiid:/,"http:");d=new URL(c)}catch(c){throw new t(`Invalid URI received in callback: ${c.message}`)}const g=d.searchParams.get("x"),h=d.searchParams.get("u"),w=d.host+d.pathname;if(g===null||h===null)throw new t("URI missing nonce (x) or unsecure (u) parameter.");let f;try{f=typeof o=="string"?new URL(o):o}catch(c){throw new t(`Invalid expectedCallbackUrl provided: ${c.message}`)}const m=f.host+f.pathname;if(w!==m)throw new t(`Callback URL mismatch: URI contained "${w}", expected "${m}"`);const b=f.protocol;if(h==="1"&&b!=="http:")throw new t("URI indicates unsecure (u=1), but expectedCallbackUrl is not http.");if(h==="0"&&b!=="https:")throw new t("URI indicates secure (u=0), but expectedCallbackUrl is not https.");if(l&&g!==l)throw new t(`Nonce mismatch: URI contained "${g}", expected "${l}". Possible replay attack.`);try{if(!await p(a,n,s))throw new t("Invalid signature.")}catch(c){throw c instanceof t?c:new t(`Unexpected error during signature verification: ${c.message}`)}return{isValid:!0,address:n,nonce:g}}i.DigiIDError=t,i._internalVerifySignature=p,i.generateDigiIDUri=k,i.verifyDigiIDCallback=v,Object.defineProperty(i,Symbol.toStringTag,{value:"Module"})});
 //# sourceMappingURL=digiid-ts.umd.js.map

package/dist/digiid-ts.umd.js.map

@@ -1 +1 @@
-{"version":3,"file":"digiid-ts.umd.js","sources":["../src/types.ts","../src/digiid.ts"],"sourcesContent":["/**\n * Options for generating a DigiID URI.\n */\nexport interface DigiIDUriOptions {\n  /** The full URL that the user's DigiID wallet will send the verification data back to. */\n  callbackUrl: string;\n  /** A unique, unpredictable nonce (number used once) for this authentication request. If not provided, a secure random one might be generated (implementation specific). */\n  nonce?: string;\n  /** Set to true for testing over HTTP (insecure), defaults to false (HTTPS required). */\n  unsecure?: boolean;\n}\n\n/**\n * Data structure typically received from the DigiID wallet callback.\n */\nexport interface DigiIDCallbackData {\n  /** The DigiByte address used for signing. */\n  address: string;\n  /** The DigiID URI that was originally presented to the user. */\n  uri: string;\n  /** The signature proving ownership of the address, signing the URI. */\n  signature: string;\n}\n\n/**\n * Options for verifying a DigiID callback.\n */\nexport interface DigiIDVerifyOptions {\n  /** The expected callback URL (or parts of it, like domain/path) that should match the one in the received URI. */\n  expectedCallbackUrl: string | URL;\n  /** The specific nonce that was originally generated for this authentication attempt, to prevent replay attacks. */\n  expectedNonce?: string;\n}\n\n/**\n * Result of a successful DigiID verification.\n */\nexport interface DigiIDVerificationResult {\n  /** Indicates the verification was successful. */\n  isValid: true;\n  /** The DigiByte address that was successfully verified. */\n  address: string;\n  /** The nonce extracted from the verified URI. */\n  nonce: string;\n}\n\n/**\n * Represents an error during DigiID processing.\n */\nexport class DigiIDError extends Error {\n  constructor(message: string) {\n    super(message);\n    this.name = 'DigiIDError';\n  }\n}\n","import { randomBytes } from 'crypto';\n// Import createRequire for CJS dependencies in ESM\nimport { createRequire } from 'module';\nimport { \n  DigiIDUriOptions, \n  DigiIDError, \n  DigiIDCallbackData, \n  DigiIDVerifyOptions, \n  DigiIDVerificationResult \n} from './types';\n\n// Moved require inside the function that uses it to potentially help mocking\n// and avoid top-level side effects if require itself does something complex.\n\n/**\n * INTERNAL: Verifies the signature using the digibyte-message library.\n * Exported primarily for testing purposes (mocking/spying).\n * @internal\n */\nexport async function _internalVerifySignature(\n  uri: string,\n  address: string,\n  signature: string\n): Promise<boolean> {\n  // Create a require function scoped to this module\n  const require = createRequire(import.meta.url);\n  // eslint-disable-next-line @typescript-eslint/no-var-requires\n  const Message = require('digibyte-message');\n  try {\n    const messageInstance = new Message(uri);\n    // Assuming synchronous based on common bitcore patterns, but wrapping for safety\n    const isValidSignature = await Promise.resolve(\n      messageInstance.verify(address, signature)\n    );\n    return !!isValidSignature; // Ensure boolean return\n  } catch (e: any) {\n    // Re-throw specific errors (like format/checksum errors) from the underlying library\n    // to be caught by the main verification function.\n    throw new DigiIDError(`Signature verification failed: ${e.message || e}`);\n  }\n}\n\n/**\n * Generates a secure random nonce (hex string).\n * @param length - The number of bytes to generate (default: 16, resulting in 32 hex chars).\n * @returns A hex-encoded random string.\n */\nfunction generateNonce(length = 16): string {\n  return randomBytes(length).toString('hex');\n}\n\n/**\n * Generates a DigiID authentication URI.\n *\n * @param options - Options for URI generation, including the callback URL.\n * @returns The generated DigiID URI string.\n * @throws {DigiIDError} If the callback URL is invalid or missing.\n */\nexport function generateDigiIDUri(options: DigiIDUriOptions): string {\n  if (!options.callbackUrl) {\n    throw new DigiIDError('Callback URL is required.');\n  }\n\n  let parsedUrl: URL;\n  try {\n    parsedUrl = new URL(options.callbackUrl);\n  } catch (e) {\n    throw new DigiIDError(`Invalid callback URL: ${(e as Error).message}`);\n  }\n\n  // DigiID spec requires stripping the scheme (http/https)\n  const domainAndPath = parsedUrl.host + parsedUrl.pathname;\n\n  const nonce = options.nonce || generateNonce();\n  const unsecureFlag = options.unsecure ? '1' : '0'; // 1 for http, 0 for https\n\n  // Validate scheme based on unsecure flag\n  if (options.unsecure && parsedUrl.protocol !== 'http:') {\n    throw new DigiIDError('Unsecure flag is true, but callback URL does not use http protocol.');\n  }\n  if (!options.unsecure && parsedUrl.protocol !== 'https:') {\n    throw new DigiIDError('Callback URL must use https protocol unless unsecure flag is set to true.');\n  }\n\n  // Construct the URI\n  // Example: digiid://example.com/callback?x=nonce_value&u=0\n  const uri = `digiid://${domainAndPath}?x=${nonce}&u=${unsecureFlag}`;\n\n  // Clean up potential trailing slash in path if no query params exist (though DigiID always has params)\n  // This check might be redundant given DigiID structure, but good practice\n  // const cleanedUri = uri.endsWith('/') && parsedUrl.search === '' ? uri.slice(0, -1) : uri;\n\n  return uri;\n}\n\n/**\n * Verifies the signature and data received from a DigiID callback.\n *\n * @param callbackData - The data received from the wallet (address, uri, signature).\n * @param verifyOptions - Options for verification, including the expected callback URL and nonce.\n * @returns {Promise<DigiIDVerificationResult>} A promise that resolves with verification details if successful.\n * @throws {DigiIDError} If validation or signature verification fails.\n */\nexport async function verifyDigiIDCallback(\n  callbackData: DigiIDCallbackData,\n  verifyOptions: DigiIDVerifyOptions\n): Promise<DigiIDVerificationResult> {\n  const { address, uri, signature } = callbackData;\n  const { expectedCallbackUrl, expectedNonce } = verifyOptions;\n\n  if (!address || !uri || !signature) {\n    throw new DigiIDError('Missing required callback data: address, uri, or signature.');\n  }\n\n  // 1. Parse the received URI\n  let parsedReceivedUri: URL;\n  try {\n    // Temporarily replace digiid:// with http:// for standard URL parsing\n    const parsableUri = uri.replace(/^digiid:/, 'http:');\n    parsedReceivedUri = new URL(parsableUri);\n  } catch (e) {\n    throw new DigiIDError(`Invalid URI received in callback: ${(e as Error).message}`);\n  }\n\n  const receivedNonce = parsedReceivedUri.searchParams.get('x');\n  const receivedUnsecure = parsedReceivedUri.searchParams.get('u'); // 0 or 1\n  const receivedDomainAndPath = parsedReceivedUri.host + parsedReceivedUri.pathname;\n\n  if (receivedNonce === null || receivedUnsecure === null) {\n    throw new DigiIDError('URI missing nonce (x) or unsecure (u) parameter.');\n  }\n\n  // 2. Validate Callback URL\n  let parsedExpectedUrl: URL;\n  try {\n    // Allow expectedCallbackUrl to be a string or URL object\n    parsedExpectedUrl = typeof expectedCallbackUrl === 'string' ? new URL(expectedCallbackUrl) : expectedCallbackUrl;\n  } catch (e) {\n    throw new DigiIDError(`Invalid expectedCallbackUrl provided: ${(e as Error).message}`);\n  }\n\n  const expectedDomainAndPath = parsedExpectedUrl.host + parsedExpectedUrl.pathname;\n\n  if (receivedDomainAndPath !== expectedDomainAndPath) {\n    throw new DigiIDError(`Callback URL mismatch: URI contained \"${receivedDomainAndPath}\", expected \"${expectedDomainAndPath}\"`);\n  }\n\n  // Validate scheme consistency\n  const expectedScheme = parsedExpectedUrl.protocol;\n  if (receivedUnsecure === '1' && expectedScheme !== 'http:') {\n    throw new DigiIDError('URI indicates unsecure (u=1), but expectedCallbackUrl is not http.');\n  }\n  if (receivedUnsecure === '0' && expectedScheme !== 'https:') {\n    throw new DigiIDError('URI indicates secure (u=0), but expectedCallbackUrl is not https.');\n  }\n\n  // 3. Validate Nonce (optional)\n  if (expectedNonce && receivedNonce !== expectedNonce) {\n    throw new DigiIDError(`Nonce mismatch: URI contained \"${receivedNonce}\", expected \"${expectedNonce}\". Possible replay attack.`);\n  }\n\n  // 4. Verify Signature using internal helper\n  try {\n    const isValidSignature = await _internalVerifySignature(uri, address, signature);\n    if (!isValidSignature) {\n        // If the helper returns false, throw the standard invalid signature error\n        throw new DigiIDError('Invalid signature.');\n    }\n  } catch (error) {\n     // If _internalVerifySignature throws (e.g., due to format/checksum errors from the lib, or our re-thrown error),\n     // re-throw it. It should already be a DigiIDError.\n     if (error instanceof DigiIDError) {\n        throw error;\n     } else {\n        // Catch any unexpected errors and wrap them\n        throw new DigiIDError(`Unexpected error during signature verification: ${(error as Error).message}`);\n     }\n  }\n\n  // 5. Return successful result\n  return {\n    isValid: true,\n    address: address,\n    nonce: receivedNonce, // Return the nonce from the URI\n  };\n}\n"],"names":["DigiIDError","message","_internalVerifySignature","uri","address","signature","Message","createRequire","messageInstance","e","generateNonce","length","randomBytes","generateDigiIDUri","options","parsedUrl","domainAndPath","nonce","unsecureFlag","verifyDigiIDCallback","callbackData","verifyOptions","expectedCallbackUrl","expectedNonce","parsedReceivedUri","parsableUri","receivedNonce","receivedUnsecure","receivedDomainAndPath","parsedExpectedUrl","expectedDomainAndPath","expectedScheme","error"],"mappings":"kWAiDO,MAAMA,UAAoB,KAAM,CACrC,YAAYC,EAAiB,CAC3B,MAAMA,CAAO,EACb,KAAK,KAAO,aAAA,CAEhB,CCnCsB,eAAAC,EACpBC,EACAC,EACAC,EACkB,CAIZ,MAAAC,EAFUC,EAAc,sOAAe,EAErB,kBAAkB,EACtC,GAAA,CACI,MAAAC,EAAkB,IAAIF,EAAQH,CAAG,EAKvC,MAAO,CAAC,CAHiB,MAAM,QAAQ,QACrCK,EAAgB,OAAOJ,EAASC,CAAS,CAC3C,QAEOI,EAAQ,CAGf,MAAM,IAAIT,EAAY,kCAAkCS,EAAE,SAAWA,CAAC,EAAE,CAAA,CAE5E,CAOA,SAASC,EAAcC,EAAS,GAAY,CAC1C,OAAOC,cAAYD,CAAM,EAAE,SAAS,KAAK,CAC3C,CASO,SAASE,EAAkBC,EAAmC,CAC/D,GAAA,CAACA,EAAQ,YACL,MAAA,IAAId,EAAY,2BAA2B,EAG/C,IAAAe,EACA,GAAA,CACUA,EAAA,IAAI,IAAID,EAAQ,WAAW,QAChCL,EAAG,CACV,MAAM,IAAIT,EAAY,yBAA0BS,EAAY,OAAO,EAAE,CAAA,CAIjE,MAAAO,EAAgBD,EAAU,KAAOA,EAAU,SAE3CE,EAAQH,EAAQ,OAASJ,EAAc,EACvCQ,EAAeJ,EAAQ,SAAW,IAAM,IAG9C,GAAIA,EAAQ,UAAYC,EAAU,WAAa,QACvC,MAAA,IAAIf,EAAY,qEAAqE,EAE7F,GAAI,CAACc,EAAQ,UAAYC,EAAU,WAAa,SACxC,MAAA,IAAIf,EAAY,2EAA2E,EAW5F,MANK,YAAYgB,CAAa,MAAMC,CAAK,MAAMC,CAAY,EAOpE,CAUsB,eAAAC,EACpBC,EACAC,EACmC,CACnC,KAAM,CAAE,QAAAjB,EAAS,IAAAD,EAAK,UAAAE,CAAc,EAAAe,EAC9B,CAAE,oBAAAE,EAAqB,cAAAC,CAAA,EAAkBF,EAE/C,GAAI,CAACjB,GAAW,CAACD,GAAO,CAACE,EACjB,MAAA,IAAIL,EAAY,6DAA6D,EAIjF,IAAAwB,EACA,GAAA,CAEF,MAAMC,EAActB,EAAI,QAAQ,WAAY,OAAO,EAC/BqB,EAAA,IAAI,IAAIC,CAAW,QAChChB,EAAG,CACV,MAAM,IAAIT,EAAY,qCAAsCS,EAAY,OAAO,EAAE,CAAA,CAGnF,MAAMiB,EAAgBF,EAAkB,aAAa,IAAI,GAAG,EACtDG,EAAmBH,EAAkB,aAAa,IAAI,GAAG,EACzDI,EAAwBJ,EAAkB,KAAOA,EAAkB,SAErE,GAAAE,IAAkB,MAAQC,IAAqB,KAC3C,MAAA,IAAI3B,EAAY,kDAAkD,EAItE,IAAA6B,EACA,GAAA,CAEFA,EAAoB,OAAOP,GAAwB,SAAW,IAAI,IAAIA,CAAmB,EAAIA,QACtFb,EAAG,CACV,MAAM,IAAIT,EAAY,yCAA0CS,EAAY,OAAO,EAAE,CAAA,CAGjF,MAAAqB,EAAwBD,EAAkB,KAAOA,EAAkB,SAEzE,GAAID,IAA0BE,EAC5B,MAAM,IAAI9B,EAAY,yCAAyC4B,CAAqB,gBAAgBE,CAAqB,GAAG,EAI9H,MAAMC,EAAiBF,EAAkB,SACrC,GAAAF,IAAqB,KAAOI,IAAmB,QAC3C,MAAA,IAAI/B,EAAY,oEAAoE,EAExF,GAAA2B,IAAqB,KAAOI,IAAmB,SAC3C,MAAA,IAAI/B,EAAY,mEAAmE,EAIvF,GAAAuB,GAAiBG,IAAkBH,EACrC,MAAM,IAAIvB,EAAY,kCAAkC0B,CAAa,gBAAgBH,CAAa,4BAA4B,EAI5H,GAAA,CAEF,GAAI,CADqB,MAAMrB,EAAyBC,EAAKC,EAASC,CAAS,EAGrE,MAAA,IAAIL,EAAY,oBAAoB,QAEvCgC,EAAO,CAGb,MAAIA,aAAiBhC,EACZgC,EAGA,IAAIhC,EAAY,mDAAoDgC,EAAgB,OAAO,EAAE,CACtG,CAII,MAAA,CACL,QAAS,GACT,QAAA5B,EACA,MAAOsB,CACT,CACF"}
+{"version":3,"file":"digiid-ts.umd.js","sources":["../src/types.ts","../src/digiid.ts"],"sourcesContent":["/**\n * Options for generating a DigiID URI.\n */\nexport interface DigiIDUriOptions {\n  /** The full URL that the user's DigiID wallet will send the verification data back to. */\n  callbackUrl: string;\n  /** A unique, unpredictable nonce (number used once) for this authentication request. If not provided, a secure random one might be generated (implementation specific). */\n  nonce?: string;\n  /** Set to true for testing over HTTP (insecure), defaults to false (HTTPS required). */\n  unsecure?: boolean;\n}\n\n/**\n * Data structure typically received from the DigiID wallet callback.\n */\nexport interface DigiIDCallbackData {\n  /** The DigiByte address used for signing. */\n  address: string;\n  /** The DigiID URI that was originally presented to the user. */\n  uri: string;\n  /** The signature proving ownership of the address, signing the URI. */\n  signature: string;\n}\n\n/**\n * Options for verifying a DigiID callback.\n */\nexport interface DigiIDVerifyOptions {\n  /** The expected callback URL (or parts of it, like domain/path) that should match the one in the received URI. */\n  expectedCallbackUrl: string | URL;\n  /** The specific nonce that was originally generated for this authentication attempt, to prevent replay attacks. */\n  expectedNonce?: string;\n}\n\n/**\n * Result of a successful DigiID verification.\n */\nexport interface DigiIDVerificationResult {\n  /** Indicates the verification was successful. */\n  isValid: true;\n  /** The DigiByte address that was successfully verified. */\n  address: string;\n  /** The nonce extracted from the verified URI. */\n  nonce: string;\n}\n\n/**\n * Represents an error during DigiID processing.\n */\nexport class DigiIDError extends Error {\n  constructor(message: string) {\n    super(message);\n    this.name = 'DigiIDError';\n  }\n}\n","import { randomBytes } from 'crypto';\n// Import createRequire for CJS dependencies in ESM\n// import { createRequire } from 'module'; // No longer needed for bitcoinjs-message\nimport * as bitcoinMessage from 'bitcoinjs-message';\nimport {\n  DigiIDCallbackData,\n  DigiIDError,\n  DigiIDUriOptions,\n  DigiIDVerificationResult,\n  DigiIDVerifyOptions\n} from './types';\n\n// Moved require inside the function that uses it to potentially help mocking\n// and avoid top-level side effects if require itself does something complex.\n\n/**\n * INTERNAL: Verifies the signature using the bitcoinjs-message library.\n * Exported primarily for testing purposes (mocking/spying).\n * @internal\n */\nexport async function _internalVerifySignature(\n  uri: string,\n  address: string,\n  signature: string\n): Promise<boolean> {\n  // DigiByte Message Prefix\n  const messagePrefix = '\\x19DigiByte Signed Message:\\n';\n\n  try {\n    // bitcoinjs-message verify function\n    const isValidSignature = bitcoinMessage.verify(\n      uri,              // The message that was signed (the DigiID URI)\n      address,          // The DigiByte address (D..., S..., or dgb1...)\n      signature,        // The signature string (Base64 encoded)\n      messagePrefix,    // The DigiByte specific message prefix\n      true              // Set checkSegwitAlways to true to handle all address types correctly\n    );\n    return !!isValidSignature; // Ensure boolean return\n  } catch (e: unknown) {\n    // Catch potential errors from bitcoinjs-message (e.g., invalid address format, invalid signature format)\n    const errorMessage = e instanceof Error ? e.message : String(e);\n    throw new DigiIDError(`Signature verification failed: ${errorMessage}`);\n  }\n}\n\n/**\n * Generates a secure random nonce (hex string).\n * @param length - The number of bytes to generate (default: 16, resulting in 32 hex chars).\n * @returns A hex-encoded random string.\n */\nfunction generateNonce(length = 16): string {\n  return randomBytes(length).toString('hex');\n}\n\n/**\n * Generates a DigiID authentication URI.\n *\n * @param options - Options for URI generation, including the callback URL.\n * @returns The generated DigiID URI string.\n * @throws {DigiIDError} If the callback URL is invalid or missing.\n */\nexport function generateDigiIDUri(options: DigiIDUriOptions): string {\n  if (!options.callbackUrl) {\n    throw new DigiIDError('Callback URL is required.');\n  }\n\n  let parsedUrl: URL;\n  try {\n    parsedUrl = new URL(options.callbackUrl);\n  } catch (e) {\n    throw new DigiIDError(`Invalid callback URL: ${(e as Error).message}`);\n  }\n\n  // DigiID spec requires stripping the scheme (http/https)\n  const domainAndPath = parsedUrl.host + parsedUrl.pathname;\n\n  const nonce = options.nonce || generateNonce();\n  const unsecureFlag = options.unsecure ? '1' : '0'; // 1 for http, 0 for https\n\n  // Validate scheme based on unsecure flag\n  if (options.unsecure && parsedUrl.protocol !== 'http:') {\n    throw new DigiIDError('Unsecure flag is true, but callback URL does not use http protocol.');\n  }\n  if (!options.unsecure && parsedUrl.protocol !== 'https:') {\n    throw new DigiIDError('Callback URL must use https protocol unless unsecure flag is set to true.');\n  }\n\n  // Construct the URI\n  // Example: digiid://example.com/callback?x=nonce_value&u=0\n  const uri = `digiid://${domainAndPath}?x=${nonce}&u=${unsecureFlag}`;\n\n  // Clean up potential trailing slash in path if no query params exist (though DigiID always has params)\n  // This check might be redundant given DigiID structure, but good practice\n  // const cleanedUri = uri.endsWith('/') && parsedUrl.search === '' ? uri.slice(0, -1) : uri;\n\n  return uri;\n}\n\n/**\n * Verifies the signature and data received from a DigiID callback.\n *\n * @param callbackData - The data received from the wallet (address, uri, signature).\n * @param verifyOptions - Options for verification, including the expected callback URL and nonce.\n * @returns {Promise<DigiIDVerificationResult>} A promise that resolves with verification details if successful.\n * @throws {DigiIDError} If validation or signature verification fails.\n */\nexport async function verifyDigiIDCallback(\n  callbackData: DigiIDCallbackData,\n  verifyOptions: DigiIDVerifyOptions\n): Promise<DigiIDVerificationResult> {\n  const { address, uri, signature } = callbackData;\n  const { expectedCallbackUrl, expectedNonce } = verifyOptions;\n\n  if (!address || !uri || !signature) {\n    throw new DigiIDError('Missing required callback data: address, uri, or signature.');\n  }\n\n  // 1. Parse the received URI\n  let parsedReceivedUri: URL;\n  try {\n    // Temporarily replace digiid:// with http:// for standard URL parsing\n    const parsableUri = uri.replace(/^digiid:/, 'http:');\n    parsedReceivedUri = new URL(parsableUri);\n  } catch (e) {\n    throw new DigiIDError(`Invalid URI received in callback: ${(e as Error).message}`);\n  }\n\n  const receivedNonce = parsedReceivedUri.searchParams.get('x');\n  const receivedUnsecure = parsedReceivedUri.searchParams.get('u'); // 0 or 1\n  const receivedDomainAndPath = parsedReceivedUri.host + parsedReceivedUri.pathname;\n\n  if (receivedNonce === null || receivedUnsecure === null) {\n    throw new DigiIDError('URI missing nonce (x) or unsecure (u) parameter.');\n  }\n\n  // 2. Validate Callback URL\n  let parsedExpectedUrl: URL;\n  try {\n    // Allow expectedCallbackUrl to be a string or URL object\n    parsedExpectedUrl = typeof expectedCallbackUrl === 'string' ? new URL(expectedCallbackUrl) : expectedCallbackUrl;\n  } catch (e) {\n    throw new DigiIDError(`Invalid expectedCallbackUrl provided: ${(e as Error).message}`);\n  }\n\n  const expectedDomainAndPath = parsedExpectedUrl.host + parsedExpectedUrl.pathname;\n\n  if (receivedDomainAndPath !== expectedDomainAndPath) {\n    throw new DigiIDError(`Callback URL mismatch: URI contained \"${receivedDomainAndPath}\", expected \"${expectedDomainAndPath}\"`);\n  }\n\n  // Validate scheme consistency\n  const expectedScheme = parsedExpectedUrl.protocol;\n  if (receivedUnsecure === '1' && expectedScheme !== 'http:') {\n    throw new DigiIDError('URI indicates unsecure (u=1), but expectedCallbackUrl is not http.');\n  }\n  if (receivedUnsecure === '0' && expectedScheme !== 'https:') {\n    throw new DigiIDError('URI indicates secure (u=0), but expectedCallbackUrl is not https.');\n  }\n\n  // 3. Validate Nonce (optional)\n  if (expectedNonce && receivedNonce !== expectedNonce) {\n    throw new DigiIDError(`Nonce mismatch: URI contained \"${receivedNonce}\", expected \"${expectedNonce}\". Possible replay attack.`);\n  }\n\n  // 4. Verify Signature using internal helper\n  try {\n    const isValidSignature = await _internalVerifySignature(uri, address, signature);\n    if (!isValidSignature) {\n      // If the helper returns false, throw the standard invalid signature error\n      throw new DigiIDError('Invalid signature.');\n    }\n  } catch (error) {\n    // If _internalVerifySignature throws (e.g., due to format/checksum errors from the lib, or our re-thrown error),\n    // re-throw it. It should already be a DigiIDError.\n    if (error instanceof DigiIDError) {\n      throw error;\n    } else {\n      // Catch any unexpected errors and wrap them\n      throw new DigiIDError(`Unexpected error during signature verification: ${(error as Error).message}`);\n    }\n  }\n\n  // 5. Return successful result\n  return {\n    isValid: true,\n    address: address,\n    nonce: receivedNonce, // Return the nonce from the URI\n  };\n}\n"],"names":["DigiIDError","message","_internalVerifySignature","uri","address","signature","messagePrefix","bitcoinMessage","e","errorMessage","generateNonce","length","randomBytes","generateDigiIDUri","options","parsedUrl","domainAndPath","nonce","unsecureFlag","verifyDigiIDCallback","callbackData","verifyOptions","expectedCallbackUrl","expectedNonce","parsedReceivedUri","parsableUri","receivedNonce","receivedUnsecure","receivedDomainAndPath","parsedExpectedUrl","expectedDomainAndPath","expectedScheme","error"],"mappings":"smBAiDO,MAAMA,UAAoB,KAAM,CACrC,YAAYC,EAAiB,CAC3B,MAAMA,CAAO,EACb,KAAK,KAAO,aAAA,CAEhB,CClCsB,eAAAC,EACpBC,EACAC,EACAC,EACkB,CAElB,MAAMC,EAAgB;AAAA,EAElB,GAAA,CASF,MAAO,CAAC,CAPiBC,EAAe,OACtCJ,EACAC,EACAC,EACAC,EACA,EACF,QAEOE,EAAY,CAEnB,MAAMC,EAAeD,aAAa,MAAQA,EAAE,QAAU,OAAOA,CAAC,EAC9D,MAAM,IAAIR,EAAY,kCAAkCS,CAAY,EAAE,CAAA,CAE1E,CAOA,SAASC,EAAcC,EAAS,GAAY,CAC1C,OAAOC,cAAYD,CAAM,EAAE,SAAS,KAAK,CAC3C,CASO,SAASE,EAAkBC,EAAmC,CAC/D,GAAA,CAACA,EAAQ,YACL,MAAA,IAAId,EAAY,2BAA2B,EAG/C,IAAAe,EACA,GAAA,CACUA,EAAA,IAAI,IAAID,EAAQ,WAAW,QAChCN,EAAG,CACV,MAAM,IAAIR,EAAY,yBAA0BQ,EAAY,OAAO,EAAE,CAAA,CAIjE,MAAAQ,EAAgBD,EAAU,KAAOA,EAAU,SAE3CE,EAAQH,EAAQ,OAASJ,EAAc,EACvCQ,EAAeJ,EAAQ,SAAW,IAAM,IAG9C,GAAIA,EAAQ,UAAYC,EAAU,WAAa,QACvC,MAAA,IAAIf,EAAY,qEAAqE,EAE7F,GAAI,CAACc,EAAQ,UAAYC,EAAU,WAAa,SACxC,MAAA,IAAIf,EAAY,2EAA2E,EAW5F,MANK,YAAYgB,CAAa,MAAMC,CAAK,MAAMC,CAAY,EAOpE,CAUsB,eAAAC,EACpBC,EACAC,EACmC,CACnC,KAAM,CAAE,QAAAjB,EAAS,IAAAD,EAAK,UAAAE,CAAc,EAAAe,EAC9B,CAAE,oBAAAE,EAAqB,cAAAC,CAAA,EAAkBF,EAE/C,GAAI,CAACjB,GAAW,CAACD,GAAO,CAACE,EACjB,MAAA,IAAIL,EAAY,6DAA6D,EAIjF,IAAAwB,EACA,GAAA,CAEF,MAAMC,EAActB,EAAI,QAAQ,WAAY,OAAO,EAC/BqB,EAAA,IAAI,IAAIC,CAAW,QAChCjB,EAAG,CACV,MAAM,IAAIR,EAAY,qCAAsCQ,EAAY,OAAO,EAAE,CAAA,CAGnF,MAAMkB,EAAgBF,EAAkB,aAAa,IAAI,GAAG,EACtDG,EAAmBH,EAAkB,aAAa,IAAI,GAAG,EACzDI,EAAwBJ,EAAkB,KAAOA,EAAkB,SAErE,GAAAE,IAAkB,MAAQC,IAAqB,KAC3C,MAAA,IAAI3B,EAAY,kDAAkD,EAItE,IAAA6B,EACA,GAAA,CAEFA,EAAoB,OAAOP,GAAwB,SAAW,IAAI,IAAIA,CAAmB,EAAIA,QACtFd,EAAG,CACV,MAAM,IAAIR,EAAY,yCAA0CQ,EAAY,OAAO,EAAE,CAAA,CAGjF,MAAAsB,EAAwBD,EAAkB,KAAOA,EAAkB,SAEzE,GAAID,IAA0BE,EAC5B,MAAM,IAAI9B,EAAY,yCAAyC4B,CAAqB,gBAAgBE,CAAqB,GAAG,EAI9H,MAAMC,EAAiBF,EAAkB,SACrC,GAAAF,IAAqB,KAAOI,IAAmB,QAC3C,MAAA,IAAI/B,EAAY,oEAAoE,EAExF,GAAA2B,IAAqB,KAAOI,IAAmB,SAC3C,MAAA,IAAI/B,EAAY,mEAAmE,EAIvF,GAAAuB,GAAiBG,IAAkBH,EACrC,MAAM,IAAIvB,EAAY,kCAAkC0B,CAAa,gBAAgBH,CAAa,4BAA4B,EAI5H,GAAA,CAEF,GAAI,CADqB,MAAMrB,EAAyBC,EAAKC,EAASC,CAAS,EAGvE,MAAA,IAAIL,EAAY,oBAAoB,QAErCgC,EAAO,CAGd,MAAIA,aAAiBhC,EACbgC,EAGA,IAAIhC,EAAY,mDAAoDgC,EAAgB,OAAO,EAAE,CACrG,CAIK,MAAA,CACL,QAAS,GACT,QAAA5B,EACA,MAAOsB,CACT,CACF"}

package/dist/digiid.d.ts

@@ -1,6 +1,6 @@
-import { DigiIDUriOptions, DigiIDCallbackData, DigiIDVerifyOptions, DigiIDVerificationResult } from './types';
+import { DigiIDCallbackData, DigiIDUriOptions, DigiIDVerificationResult, DigiIDVerifyOptions } from './types';
 /**
- * INTERNAL: Verifies the signature using the digibyte-message library.
+ * INTERNAL: Verifies the signature using the bitcoinjs-message library.
  * Exported primarily for testing purposes (mocking/spying).
  * @internal
  */

package/dist/digiid.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"digiid.d.ts","sourceRoot":"","sources":["../src/digiid.ts"],"names":[],"mappings":"AAGA,OAAO,EACL,gBAAgB,EAEhB,kBAAkB,EAClB,mBAAmB,EACnB,wBAAwB,EACzB,MAAM,SAAS,CAAC;AAKjB;;;;GAIG;AACH,wBAAsB,wBAAwB,CAC5C,GAAG,EAAE,MAAM,EACX,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,OAAO,CAAC,CAiBlB;AAWD;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,gBAAgB,GAAG,MAAM,CAmCnE;AAED;;;;;;;GAOG;AACH,wBAAsB,oBAAoB,CACxC,YAAY,EAAE,kBAAkB,EAChC,aAAa,EAAE,mBAAmB,GACjC,OAAO,CAAC,wBAAwB,CAAC,CA+EnC"}
+{"version":3,"file":"digiid.d.ts","sourceRoot":"","sources":["../src/digiid.ts"],"names":[],"mappings":"AAIA,OAAO,EACL,kBAAkB,EAElB,gBAAgB,EAChB,wBAAwB,EACxB,mBAAmB,EACpB,MAAM,SAAS,CAAC;AAKjB;;;;GAIG;AACH,wBAAsB,wBAAwB,CAC5C,GAAG,EAAE,MAAM,EACX,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,OAAO,CAAC,CAmBlB;AAWD;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,gBAAgB,GAAG,MAAM,CAmCnE;AAED;;;;;;;GAOG;AACH,wBAAsB,oBAAoB,CACxC,YAAY,EAAE,kBAAkB,EAChC,aAAa,EAAE,mBAAmB,GACjC,OAAO,CAAC,wBAAwB,CAAC,CA+EnC"}

package/package.json

@@ -1,22 +1,22 @@
 {
   "name": "digiid-ts",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "description": "A modern TypeScript implementation of the DigiID authentication protocol.",
   "main": "dist/digiid-ts.umd.js",
   "module": "dist/digiid-ts.es.js",
   "types": "dist/index.d.ts",
   "type": "module",
-  "exports": { 
-    ".": { 
-      "import": { 
-        "types": "./dist/index.d.ts", 
-        "default": "./dist/digiid-ts.es.js" 
-      }, 
-      "require": { 
-        "types": "./dist/index.d.ts", 
-        "default": "./dist/digiid-ts.umd.js" 
-      } 
-    } 
+  "exports": {
+    ".": {
+      "import": {
+        "types": "./dist/index.d.ts",
+        "default": "./dist/digiid-ts.es.js"
+      },
+      "require": {
+        "types": "./dist/index.d.ts",
+        "default": "./dist/digiid-ts.umd.js"
+      }
+    }
   },
   "files": [
     "dist"
@@ -71,6 +71,10 @@
     "vitest": "^3.1.1"
   },
   "dependencies": {
-    "digibyte-message": "github:digicontributer/bitcore-message#9d9c8ad30158db25f683e2dee746a14a9d7ec8a0"
+    "bitcoinjs-message": "^2.2.0"
+  },
+  "overrides": {
+    "elliptic": "^6.6.1",
+    "lodash": "^4.17.21"
   }
-}
+}