npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@bananapus/address-registry-v6

v0.0.9

Published

Knowing who deployed a contract is the first step toward trusting it. This registry lets anyone prove a contract's deployer on-chain -- no access control and no admin keys.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

simplemachinesimplemachineme.jangome.jangofilipvizfilipviz

Keywords

Readme

Juicebox Address Registry

Knowing who deployed a contract is the first step toward trusting it. This registry lets anyone prove a contract's deployer on-chain -- no access control and no admin keys.

JBAddressRegistry maps contract addresses to their deployers using deterministic address computation. Provide the deployer address and deployment parameters, and the registry verifies the relationship and stores it permanently. Frontend clients can then look up any registered contract to see who deployed it, which is especially useful for vetting Juicebox pay and cash-out hooks before interacting with them.

Deployed Address

JBAddressRegistry is deployed at the same address on all supported networks via deterministic create2 deployment:

0x2d9b78cb37ca724cfb9b32cd8e9a5dc1c88bc7bb

| Network | Chain ID | |---------|----------| | Ethereum | 1 | | Optimism | 10 | | Arbitrum | 42161 | | Base | 8453 | | Ethereum Sepolia | 11155111 | | Optimism Sepolia | 11155420 | | Arbitrum Sepolia | 421614 | | Base Sepolia | 84532 |

Architecture

| Contract | Description | |----------|-------------| | JBAddressRegistry | Standalone registry. Computes deployed addresses deterministically from deployer parameters and stores the deployer in deployerOf. No constructor arguments, no access control, no external dependencies. |

Interface

| Type | Description | |------|-------------| | IJBAddressRegistry | Interface exposing deployerOf, both registerAddress overloads, and the AddressRegistered event. |

How It Works

Anyone can register a contract by providing its deployer and deployment parameters:

  • create deployments: Provide the deployer address and the nonce at the time of deployment. The registry reconstructs the address using RLP encoding (the same encoding the EVM uses internally to compute create addresses).
  • create2 deployments: Provide the deployer address, the create2 salt, and the full deployment bytecode (creation code + encoded constructor arguments). The registry computes keccak256(0xff ++ deployer ++ salt ++ keccak256(bytecode)).

In both cases, the registry stores the mapping deployerOf[computedAddress] = deployer and emits an AddressRegistered event. Frontend clients can then look up any contract's deployer to verify trust.

No access control is needed -- only the correct deployer + parameters can produce a given address, so registrations cannot be faked.

Events

| Event | Fields | Emitted When | |-------|--------|-------------| | AddressRegistered | address indexed addr, address indexed deployer, address caller | A contract address is registered via either registerAddress overload. caller is msg.sender, which may differ from the deployer. |

Risks

Hooks have token minting access, making malicious hooks dangerous. A registered deployer does not guarantee a hook is safe -- it only tells you who deployed it. Clients should warn project owners and users about any potential for unintended or adversarial behavior, especially for unknown hooks.

Deployers can be exploited or act maliciously. Clients should still communicate risk to users even when the deployer is a known entity.

Limitations

  • The _addressFrom function for create addresses uses RLP encoding that only supports nonces up to 2^32 (4,294,967,295). Higher nonces are silently truncated via uint32 cast, producing incorrect addresses. In practice, this limit is unreachable.
  • No overwrite protection: registering the same computed address again overwrites the previous deployer. This is safe because only the correct deployer + parameters produce a given address -- a second call with the same inputs just re-registers the same deployer.
  • Registration is permissionless -- anyone can call registerAddress, not just the deployer. Security relies entirely on deterministic address computation.

Deployment

The deploy script uses Sphinx for deterministic multi-chain deployment. The registry is deployed via create2 with the salt _JBAddressRegistryV6_, ensuring the same address on every chain. The script skips deployment if the bytecode is already present at the computed address.

A helper library AddressRegistryDeploymentLib is provided in script/helpers/ to resolve deployed addresses from Sphinx deployment artifacts at runtime.

Install

npm install

Develop

| Command | Description | |---------|-------------| | forge build | Compile contracts | | forge test | Run unit tests | | FOUNDRY_PROFILE=CI forge test | Run fork tests (requires RPC_ETHEREUM_MAINNET env var) | | forge coverage --match-path "./src/*.sol" --report lcov --report summary | Generate coverage report | | npm run deploy:mainnets | Propose mainnet deployment via Sphinx | | npm run deploy:testnets | Propose testnet deployment via Sphinx |