Pure-JS drop-in replacement for bigint-buffer. Fixes CVE-2025-3194.
- User has bigint-buffer in their dependency tree
- User sees CVE-2025-3194 in npm audit
- User sees "bigint: Failed to load bindings" warning
- User is on @solana/web3.js v1.x and has buffer overflow vulnerabilities
- User asks about fixing transitive dependency vulnerabilities in Solana projects
npm install bigint-buffer-safeOr as a drop-in override:
{ "overrides": { "bigint-buffer": "npm:bigint-buffer-safe@^1.0.0" } }npm install
npm run build # tsup, CJS + ESM + DTS
npm test # vitest, 64 tests- Pure JavaScript, no N-API native bindings
- Input validation (throws TypeError instead of crashing)
- Zero dependencies
- Works in browsers and bundlers