Skip to content

Switch to secure Base58 library #1433

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Feb 19, 2025
Merged

Switch to secure Base58 library #1433

merged 4 commits into from
Feb 19, 2025

Conversation

r-near
Copy link
Contributor

@r-near r-near commented Nov 23, 2024
edited
Loading

Pre-flight checklist

  • I have read the Contributing Guidelines on pull requests.
  • Commit messages follow the conventional commits spec
  • If this is a code change: I have written unit tests.
  • If this changes code in a published package: I have run pnpm changeset to create a changeset JSON document appropriate for this change.
  • If this is a new API or substantial change: the PR has an accompanying issue (closes #0000) and the maintainers have approved on my working plan.

Motivation

This PR switches the Base58 implementation to a secure, audited & 0-deps implementation. The existing bs58 library is old, poorly maintained, and incompatible with Vite due to its use of Node.js primitives (Buffer).

This PR should resolve the following:

Test Plan

Related issues/PRs

Note

This project still indirectly relies on bs58 through near-workspaces:

near-workspaces 3.5.0
├─┬ borsh 0.5.0
│ └── bs58 4.0.0
├── bs58 4.0.1

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Nov 23, 2024
edited
Loading

🦋 Changeset detected

Latest commit: 3ff3632

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 13 packages
Name Type
@near-js/accounts Minor
near-api-js Minor
@near-js/utils Minor
@near-js/wallet-account Patch
@near-js/biometric-ed25519 Patch
@near-js/client Patch
@near-js/crypto Patch
@near-js/providers Patch
@near-js/transactions Patch
@near-js/keystores-browser Patch
@near-js/keystores-node Patch
@near-js/keystores Patch
@near-js/signers Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@r-near r-near marked this pull request as draft November 23, 2024 03:27
@r-near
Copy link
Contributor Author

r-near commented Nov 23, 2024

We'll need to do this in parts:

  1. First, we need to release new packages for these libraries
  2. Then, we need to update near-workspace to use the new libraries that don't depend on bs58, along with stripping the existing bs58 dependency
  3. Release a new version of near-workspace with 0 dependency on bs58
  4. Bump near-workspace version in near-api-js and make a new release

@r-near r-near marked this pull request as ready for review November 23, 2024 03:54
@r-near r-near mentioned this pull request Nov 23, 2024
Closed
@r-near r-near merged commit c85d12d into master Feb 19, 2025
1 check passed
@r-near r-near deleted the base58-fixes branch February 19, 2025 15:39
@github-actions github-actions bot mentioned this pull request Feb 19, 2025
Merged
This was referenced Feb 19, 2025
Closed
Closed
@r-near r-near mentioned this pull request Jun 13, 2025
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gagdiez gagdiez gagdiez approved these changes

@andy-haynes andy-haynes Awaiting requested review from andy-haynes

@thisisjoshford thisisjoshford Awaiting requested review from thisisjoshford

Assignees
No one assigned
Labels
None yet
Projects
DevTools
Status: Shipped 🚀
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@r-near @gagdiez