JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 44
  • Score
    100M100P100Q78295F
  • License MIT

Core module of Mybucks.online Crypto Wallet

Package Exports

  • @mybucks.online/core
  • @mybucks.online/core/index.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@mybucks.online/core) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

@mybucks.online/core

This is a core part of mybucks.online crypto wallet, involving hash and private key generation, generate and parse transfer-link token.

mybucks.online

Mybucks.online is a seedless, disposable crypto wallet designed for speed and convenience. It generates a private key from your passphrase and PIN using an industry-standard, verified one-way hash function. Your private key forms your account, allowing you to transfer, receive, and hold your crypto assets instantly.

As a hash function, the Scrypt Key Derivation Function (KDF) increases the computational effort required to crack credentials, effectively delaying brute-force attacks and making them impractical.

It fully runs on your browser side without using any storage or invoking any 3rd-party APIs for key management. It instantly generates your private key from your credentials input, and whenever you close or refresh, there is no footprint. This absolutely protects your privacy.

With mybucks.online, you can send cryptocurrency and even wallet itself via a URL. The recipient simply clicks the link to open the wallet and take full ownership. This feature allows you to create a one-time wallet and put stablecoins or memecoins into it. You can transfer full ownership as a gift without ever asking for a recipient's wallet address. These serve as a "starter" wallet for the recipients, who can then easily withdraw the funds into their own personal pockets or primary wallets.

This is a powerful tool for bulk distribution and massive airdrops to many people simultaneously. You no longer need to ask for a wallet address or force users to connect their wallet to your app for a small $5 referral fee. You simply share the unique links through any messaging platform, social media, or email.

Zero Footprint

  • No servers, no databases, no storage and no tracking.
  • 100% browser-based.
  • Your credentials never leave your device.
  • Your account is generated whenever you open it. Closing or refreshing your browser erases all traces/history.

Fast and Easy

  • No app installs, no browser extensions, no registration and no KYC.
  • You can create or open your wallet in seconds - all you need is your browser.
  • Passphrase is easier to handle and remember than seed phrases.

1-Click Gifting

  • Stop asking your friends for their wallet addresses.
  • Send a wallet as a URL rather than just sending coins.
  • The recipient clicks the URL and takes full ownership instantly.
  • This makes gifting or airdropping perfectly easy and enables massive micro-gifting in seconds.

By integrating this library, you can programmatically generate thousands of unique wallet links and distribute them via your own marketing platforms, email lists, or social media campaigns.

Quick start

1. Install

npm install @mybucks.online/core

2. Generate hash, private-key and wallet address

Passphrase and PIN are validated with zxcvbn before hashing. Weak passphrase or PIN will yield an empty hash or null token.

import { 
  getEvmPrivateKey, 
  getEvmWalletAddress, 
  getTronWalletAddress,
  generateHash
} from "@mybucks.online/core";

const showProgress = (p) => {
  console.log(`progress: ${p * 100}%`);
};

const hash = await generateHash(passphrase, pin, showProgress);

const privateKey = getEvmPrivateKey(hash);
console.log("Private key: ", privateKey);

const address1 = getEvmWalletAddress(hash);
console.log("EVM Address: ", address1);

const address2 = getTronWalletAddress(hash);
console.log("TRON Address: ", address2);

3. Generate and parse (transfer-link's)token

import { generateToken } from "@mybucks.online/core";
const token = generateToken(passphrase, pin, network);

console.log("https://app.mybucks.online/#wallet=" + token);
import { parseToken } from "@mybucks.online/core";
const [passphrase, pin, network, legacy] = parseToken(token);
console.log("Account credentials are: ", passphrase, pin);
console.log("Network: ", network);
console.log("Legacy token: ", legacy); // true if token was in legacy format

4. Generate random credentials

randomPassphrase and randomPIN generate cryptographically random credentials that are guaranteed to pass the zxcvbn strength thresholds required by generateHash (PASSPHRASE_MIN_ZXCVBN_SCORE = 3, PIN_MIN_ZXCVBN_SCORE = 1).

import { randomPassphrase, randomPIN } from "@mybucks.online/core";

const passphrase = randomPassphrase(); // e.g. "Ax3!-bQ2#-mK7@-zP1$"
const pin = randomPIN();               // e.g. "k4r9w2"

const hash = await generateHash(passphrase, pin, showProgress);

Changes (default vs legacy)

To make the wallet more secure and resilient against attacks, and to meet standards and follow best practices (e.g. NIST SP 800-132, OWASP, RFC 7914), we introduced a new version that is now the default. A legacy flag is available for backward compatibility with existing wallets and tokens.

Scrypt parameters (default)

  • N is increased from 2^15 to 2^17 to raise the memory cost and make GPU/ASIC brute-force attacks much harder.
  • p is reduced from 5 to 1 so hashing time stays the same or lower for users while resistance to brute-force is improved.

Salt generation (default)

  • Legacy used only the last 4 characters of the passphrase plus the pin, which discarded most of the passphrase entropy.
  • The default now derives the salt from the full passphrase and pin via a structured encoding and adds a domain separator so hashes are bound to this KDF and not reusable in other protocols or versions.

Token generation (default)

  • Legacy encoded the transfer-link token by concatenating passphrase, pin and network with a delimiter, which is ambiguous for some inputs.
  • The default uses a compact length-prefixed payload (version byte + lengths + UTF-8 bytes) so there is no concatenation ambiguity and the URL fragment stays short.
  • parseToken accepts both legacy and default token formats automatically and returns [passphrase, pin, network, legacy], where legacy is true if the token was in legacy format.

Use generateHash(passphrase, pin, cb, true) or generateToken(passphrase, pin, network, true) only when you need to match existing legacy wallets or tokens.

Test

npm run test

Docs

Find the docs here.

Live example