npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@grifortis/schiavinato-sharing

v0.4.1

Published

Human-executable secret sharing for BIP39 mnemonics using GF(2053) - Universal multi-chain custody for Bitcoin, Ethereum, and all BIP39-compatible wallets

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

renatoslopesrenatoslopes

Keywords

bip39shamirsecret-sharingmnemoniccryptocurrencybitcoinethereummulti-chaininheritancebackupschiavinatogf2053threshold-cryptographywalletcustodydisaster-recovery

Readme

Schiavinato Sharing (JS/TS)

Security: Experimental CI CodeQL codecov npm version Node.js Version License: MIT

⚠️ WARNING: EXPERIMENTAL SOFTWARE ⚠️

DO NOT USE IT FOR REAL FUNDS!

Schiavinato Sharing specification and implementations have NOT been audited. Use for testing, learning, and experimentation only. See SECURITY for details.

We invite cryptographers and developers to review the spec and software. See CONTRIBUTING to know more.

JavaScript/TypeScript implementation of Schiavinato Sharing: dual-mode (manual + software) (k)-of-(n) threshold secret sharing for BIP39 mnemonics over GF(2053). Designed for offline/air-gapped workflows, with manual-fallback compatibility.

What is this?

Schiavinato Sharing is a dual-mode (manual + software) (k)-of-(n) threshold secret sharing scheme for BIP39 mnemonics. It operates directly on the 1-indexed BIP39 word indices over the prime field GF(2053), so the recovered secret is a standard BIP39 mnemonic compatible with modern wallets.

In this JS implementation, you can:

  • Split a BIP39 mnemonic into (k)-of-(n) shares (Share[])
  • Recover the original BIP39 mnemonic from (k) shares (RecoveryResult)
  • Validate inputs and share integrity during split/recovery to prevent silent mistakes

Links

Security

This library implements well-established cryptographic principles but has NOT been professionally audited.

Use only for: testing, learning, experimentation.

Canonical security posture: schiavinato-sharing/SECURITY

Verify Before Use (Required)

CRITICAL: Before using with real crypto seeds, verify the package and/or release artifacts haven't been tampered with.

Option A: Verify release artifacts (recommended for highest assurance)

This repository's releases include:

  • CHECKSUMS-LIBRARY.txt (+ detached signature CHECKSUMS-LIBRARY.txt.asc)
  • A signed release tarball schiavinato-sharing-vX.Y.Z.tar.gz (+ *.asc + *.sha256)

Import the GRIFORTIS public key and verify signatures before use.

curl -fsSL https://raw.githubusercontent.com/GRIFORTIS/schiavinato-sharing-js/main/GRIFORTIS-PGP-PUBLIC-KEY.asc | gpg --import
gpg --fingerprint [email protected]

Expected: 7921 FD56 9450 8DA4 020E 671F 4CFE 6248 C57F 15DF

Then verify release assets (examples):

gpg --verify CHECKSUMS-LIBRARY.txt.asc CHECKSUMS-LIBRARY.txt
gpg --verify schiavinato-sharing-vX.Y.Z.tar.gz.asc schiavinato-sharing-vX.Y.Z.tar.gz

If you've built the library locally, you can also verify the built outputs against the latest release checksums:

npm run build
npm run build:browser
npm run verify:latest

Option B: Verify the NPM tarball identity (supply-chain sanity check)

For NPM installs, verify the published tarball matches the tag/build:

  • Compare dist.shasum / dist.integrity from npm view against the values produced by npm pack --json
  • Pin exact versions and use lockfiles for repeatable installs

Installation

npm install @grifortis/schiavinato-sharing

Quick Start

Split a mnemonic

import { recoverMnemonic, splitMnemonic } from '@grifortis/schiavinato-sharing';

async function main() {
  const mnemonic =
    'abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about';

  const shares = await splitMnemonic(mnemonic, 2, 3);
  const result = await recoverMnemonic([shares[0], shares[1]], 12);

  if (!result.success) throw new Error(String(result.errors.generic ?? 'Recovery failed'));
  console.log(result.mnemonic);
}

main();

Recover a mnemonic

Use recoverMnemonic(shares, wordCount) and check result.success (it returns a report object instead of throwing on validation failures).

API Reference (high-level)

Stable entry points:

  • splitMnemonic(mnemonic, k, n, options?) (async)
  • recoverMnemonic(shares, wordCount, options?) (async)
  • validateBip39Mnemonic(mnemonic)

Advanced exports (field arithmetic, Lagrange helpers, checksum helpers, secure wipe utilities) are also available for integration/testing; see the TypeScript types and module exports in src/index.ts.

Conformance Validation

This implementation is validated against canonical test vectors:

Functional Validation (Run Tests)

npm ci
npm test
npm run test:coverage
npm run lint
npm run typecheck

See TESTING.md for details.

Validator (Dev Tool Only)

This repo includes a browser-based validator under validator/ for development/testing/auditing workflows. It is not a wallet tool and must not be used with real funds.

See validator/README for features, required validation steps, and usage.

Compatibility

  • Spec version: v0.4.0
  • Node.js: 18+

Contributing

See CONTRIBUTING.md.

License

MIT License