Update build steps to use jsbt

.github/workflows/nodejs-polyfill.yml

@@ -0,0 +1,23 @@
+name: Run node.js tests with polyfill
+on:
+  - push
+  - pull_request
+jobs:
+  test:
+    name: v${{ matrix.node }} @ ubuntu-latest
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node:
+          - 18
+          - 20
+    steps:
+      - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4
+      - name: Use Node.js ${{ matrix.node }}
+        uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4
+        with:
+          node-version: ${{ matrix.node }}
+      - run: npm install
+      - run: npm run build --if-present
+      - run: npm test:webcrypto
+      - run: npm run lint --if-present

.github/workflows/nodejs.yml

@@ -1,36 +1,23 @@
-name: Node CI
-
-on: [push, pull_request]
+name: Run node.js tests
+on:
+  - push
+  - pull_request
 jobs:
   test:
-    name: node @ ubuntu-latest
+    name: v${{ matrix.node }} @ ubuntu-latest
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        node-version: [20.x]
+        node:
+          - 18
+          - 20
     steps:
-    - uses: actions/checkout@v3
-    - name: Use Node.js ${{ matrix.node }}
-      uses: actions/setup-node@v3
-      with:
-        node-version: ${{ matrix.node-version }}
-    - run: npm install
-    - run: npm run build --if-present
-    - run: npm test
-    - run: npm run lint --if-present
-  test-polyfill:
-    name: node+webcrypto @ ubuntu-latest
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        node-version: [16.x, 18.x, 20.x]
-    steps:
-    - uses: actions/checkout@v3
-    - name: Use Node.js ${{ matrix.node }}
-      uses: actions/setup-node@v3
-      with:
-        node-version: ${{ matrix.node-version }}
-    - run: npm install
-    - run: npm run build --if-present
-    - run: npm run test:webcrypto
-    - run: npm run lint --if-present
+      - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4
+      - name: Use Node.js ${{ matrix.node }}
+        uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4
+        with:
+          node-version: ${{ matrix.node }}
+      - run: npm install
+      - run: npm run build --if-present
+      - run: npm test
+      - run: npm run lint --if-present

.github/workflows/publish-npm.yml

@@ -1,23 +1,23 @@
-name: Publish Package to npm
+name: Publish package to npm
 on:
- release:
-   types: [created]
+  release:
+    types: [created]
 jobs:
- build:
-   runs-on: ubuntu-latest
-   permissions:
-     contents: read
-     id-token: write
-   steps:
-     - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
-     - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3
-       with:
-         node-version: 20
-         registry-url: 'https://registry.npmjs.org'
-         cache: npm
-     - run: npm install -g npm
-     - run: npm ci
-     - run: npm run build
-     - run: npm publish --provenance --access public
-       env:
-         NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4
+      - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4
+        with:
+          node-version: 20
+          registry-url: 'https://registry.npmjs.org'
+          cache: npm
+      - run: npm install -g npm
+      - run: npm ci
+      - run: npm run build
+      - run: npm publish --provenance --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}

README.md

@@ -22,6 +22,7 @@ if you need additional features such as common.js, Schnorr signatures, DER encod
   [ciphers](https://github.com/paulmillr/noble-ciphers),
   [curves](https://github.com/paulmillr/noble-curves),
   [hashes](https://github.com/paulmillr/noble-hashes),
+  [post-quantum](https://github.com/paulmillr/noble-post-quantum),
   4kb [secp256k1](https://github.com/paulmillr/noble-secp256k1) /
   [ed25519](https://github.com/paulmillr/noble-ed25519)
 
@@ -62,7 +63,7 @@ secp.etc.hmacSha256Sync = (k, ...m) => hmac(sha256, k, secp.etc.concatBytes(...m
 // Sync methods can be used now:
 // secp.sign(msgHash, privKey);
 
-// 2. node.js 18 and earlier, requires polyfilling globalThis.crypto
+// 2. node.js 18 and older, requires polyfilling globalThis.crypto
 import { webcrypto } from 'node:crypto';
 // @ts-ignore
 if (!globalThis.crypto) globalThis.crypto = webcrypto;
@@ -221,6 +222,7 @@ class Signature {
   readonly recovery?: number | undefined;
   ok(): Signature;
   hasHighS(): boolean;
+  normalizeS(): Signature;
   recoverPublicKey(msgh: Hex): Point;
   toCompactRawBytes(): Bytes;
   toCompactHex(): string;

index.js

@@ -435,9 +435,9 @@ function hashToPrivateKey(hash) {
     return n2b(num);
 }
 const etc = {
-    hexToBytes: h2b, bytesToHex: b2h,
+    hexToBytes: h2b, bytesToHex: b2h, // share API with noble-curves.
     concatBytes: concatB, bytesToNumberBE: b2n, numberToBytesBE: n2b,
-    mod, invert: inv,
+    mod, invert: inv, // math utilities
     hmacSha256Async: async (key, ...msgs) => {
         const c = cr(); // async HMAC-SHA256, no sync built-in!
         const s = c && c.subtle; // For React Native support, see README.
@@ -446,7 +446,7 @@ const etc = {
         const k = await s.importKey('raw', key, { name: 'HMAC', hash: { name: 'SHA-256' } }, false, ['sign']);
         return u8n(await s.sign('HMAC', k, concatB(...msgs)));
     },
-    hmacSha256Sync: _hmacSync,
+    hmacSha256Sync: _hmacSync, // For TypeScript. Actual logic is below
     hashToPrivateKey,
     randomBytes: (len = 32) => {
         const crypto = cr(); // Must be shimmed in node.js <= 18 to prevent error. See README.
@@ -463,7 +463,7 @@ const utils = {
     catch (e) {
         return false;
     } },
-    randomPrivateKey: () => hashToPrivateKey(etc.randomBytes(fLen + 16)),
+    randomPrivateKey: () => hashToPrivateKey(etc.randomBytes(fLen + 16)), // FIPS 186 B.4.1.
     precompute(w = 8, p = G) { p.multiply(3n); w; return p; }, // no-op
 };
 Object.defineProperties(etc, { hmacSha256Sync: {

package.json

@@ -29,11 +29,12 @@
   },
   "license": "MIT",
   "devDependencies": {
-    "@noble/hashes": "1.3.2",
+    "@noble/hashes": "1.4.0",
+    "@paulmillr/jsbt": "0.1.0",
     "fast-check": "3.0.0",
     "micro-bmark": "0.3.0",
     "micro-should": "0.4.0",
-    "typescript": "5.0.2"
+    "typescript": "5.3.2"
   },
   "keywords": [
     "secp256k1",

tsconfig.json

@@ -1,23 +1,8 @@
 {
+  "extends": "@paulmillr/jsbt/tsconfigs/esm.json",
   "compilerOptions": {
-    "target": "es2020",
-    "lib": ["es2020"],
-    "module": "es6",
-    "moduleResolution": "bundler",
     "outDir": ".",
-    "baseUrl": ".",
-    "sourceMap": false,
-    "declaration": true,
-    "declarationMap": false,
-    "strict": true,
-    "allowSyntheticDefaultImports": false,
-    "allowUnreachableCode": false,
-    "esModuleInterop": false,
-    "noFallthroughCasesInSwitch": true,
-    "noImplicitReturns": true,
-    "noUncheckedIndexedAccess": false,
-    "noUnusedLocals": true,
-    "noUnusedParameters": true,
+    "sourceMap": false
   },
   "include": ["index.ts"],
   "exclude": ["node_modules", "lib"]