Dsteem Milestone - Code Published to BlazeDevelopment branch
A quick interlude between Phase 7 and Phase 8: the modernization work is live on GitHub. Eight days of phased work just landed as a single commit on the
BlazeDevelopmentbranch ofblazeapps007/dsteem. The push also triggered the new GitHub Actions matrix — all green on Node 22, Node 24, and the Playwright browser smoke (Chromium + Firefox + WebKit). This post is the announcement; the full testing report (real broadcast, drop-in upgrade trial, bundle analysis) comes in the next post. For now: the code is there, CI is green, you can clone the branch and try it.
Commit
Branch: BlazeDevelopment
Commit: bef8443
Message: Modernize CI/toolchain, add docs & tests
That's the full eight days of work, squashed and pushed. Everything from the Phase 0 golden fixtures all the way through Phase 7's typedoc regeneration is in there.
The Full Series (Catch Up Before Testing)
If you're seeing this post first, here's the whole series to date:
- Day 1 — Phase 0: dsteem Modernization Plan: Bringing a Core Steem Library into Latest Compatibility (the plan + all locked technical decisions)
- Day 2 — Phase 1: CI Plumbing on GitHub Actions
- Day 3 — Phase 2: Retiring tslint, Adopting ESLint 9
- Day 4 — Phase 3: TypeScript 3.1 → 5.6 + Strict Mode
- Day 5 — Phase 4: The @noble Crypto Swap
- Day 6 — Phase 5: tsup, Dual ESM/CJS, and 606 Packages Deleted
- Day 7 — Phase 6: Mocha 11, c8 Coverage, and Playwright Browser Tests
- Day 8 — Phase 7: typedoc 0.13 → 0.28, and What's Left for Release
- Today — Milestone: Code Pushed to BlazeDevelopment Branch (you are here)
- Soon — End-to-end testing report (community welcome to break things)
- Next week — Phase 8: the
v0.12.0release ceremony +npm publish
What's In the Commit
Quick recap for anyone just arriving. The branch contains:
Removed (vulnerable / deprecated / unmaintained)
[email protected] ← native module with HIGH-severity CVE
@types/secp256k1
core-js@2 ← polyfills, EOL since 2019
regenerator-runtime ← async/await polyfill (Node 8 era)
whatwg-fetch ← fetch polyfill (Edge Legacy era)
node-fetch ← we use native Node 22 fetch now
tslint ← officially deprecated since 2019
browserify + tsify + babelify + uglifyjs + dts-generator + watchify + derequire
karma + karma-sauce-launcher + karma-mocha + karma-mocha-reporter + karma-browserify
nyc + coveralls ← replaced by c8
ts-node@7 ← old version
@babel/core + @babel/preset-env ← legacy transpilation
+ a few dozen transitive deps
Total transitive: 606 packages removed from node_modules
Added (modern / audited / maintained)
@noble/curves ← secp256k1 ECDSA (pure-JS, audited — same as ethers/viem)
@noble/hashes ← SHA256, RIPEMD160 (pure-JS, audited)
tsup ← bundler (esbuild under the hood)
esbuild-plugin-polyfill-node ← inlines Buffer for the browser build
eslint + @eslint/js + typescript-eslint + globals ← lint
c8 ← coverage with 70% gate
playwright ← browser smoke tests
Upgraded
typescript 3.1.6 → 5.6.3
@types/node 10 → 22
@types/mocha 5 → 10
mocha 5 → 11
ts-node 7 → 10
typedoc 0.13 → 0.28
New configuration files
.github/workflows/ci.yml— GitHub Actions matrix (Node 22 + 24 + Playwright browser)eslint.config.mjs— ESLint 9 flat configtsup.config.ts— dual ESM + CJS + browser-IIFE build.mocharc.cjs— Mocha 11 runner config (no Windows quote-escape pain).c8rc.json— c8 coverage config with 70% line gateplaywright.config.ts— headless Chromium/Firefox/WebKittypedoc.json— clean typedoc 0.28 configtest/fixtures/crypto-golden.json+test/crypto-golden.ts— frozen v0.11.3 signature/hash vectors
Deleted
Makefile(BSD-sed dependent, macOS-only).travis.yml,.circleci/config.yml(Node 8/9/10 era CI)tslint.jsontest/_node.js,test/_karma.js,test/_karma-sauce.js,test/_browser.js
What HAS Been Tested
Local validation (on my dev machine, also in Docker against Node 16 and Node 22)
npm install— clean (0 vulnerabilities on production deps,npm audit --omit=dev)npm run lint— 0 errorsnpm run build— producesdist/index.cjs,dist/index.mjs,dist/index.d.ts,dist/dsteem.browser.global.jsnpm test— 50 passing in ~440 msnpm run coverage— 74.9% line coverage, above the 70% gate- Live mainnet smoke against
https://api.steemit.com(head block 106461966) ✓ - Live mainnet smoke against
https://api.moecki.online(head block 106461967) ✓ - The Phase 0 golden vectors — historical v0.11.3 signatures still verify with the new
@noblebackend ✓
🟢 GitHub Actions CI (the real, clean-room verification)
After pushing the branch, the CI workflow went green end-to-end:
- ✅
test (Node 22)— lint, build, test (50 passing), coverage gate (≥70%) - ✅
test (Node 24)— same matrix on the newer LTS - ✅
browser smoke (Playwright)— built the bundle, installed Chromium + Firefox + WebKit, ran the smoke spec againstdist/dsteem.browser.global.jsin all three engines: all green
That last one is significant — it's the first time the modernized browser bundle has been validated against engines other than my local Chromium. The IIFE bundle (dist/dsteem.browser.global.js) round-trips PrivateKey.fromSeed → sign → verify → recover in real Firefox and real WebKit, not just locally. The bundle works.
What Has NOT Been Tested
Being honest. Before anyone ships this against real user funds:
- Real broadcast against mainnet — I haven't broadcast an actual transaction with the new build. The signing code passes the golden test and the canonical-form check, and signatures verify cross-engine in three browsers, but "a Steem witness will accept this on-chain" is still a claim until someone actually pushes a transfer.
- Production app drop-in — nobody has yet upgraded an existing v0.11.x app to this branch and run it under real traffic.
- Bun / Deno — should work (everything is ESM + pure-JS now) but I haven't tried.
- Memory / perf vs. v0.11.x —
@nobleis pure-JS so signing is ~5–10× slower than the nativesecp256k1for the raw operation. In practice you sign one transaction per broadcast, so it's microseconds vs. milliseconds — unmeasurable from a user's perspective. But I haven't actually benchmarked it on real data.
That's the whole point of pushing it to a branch instead of straight to npm publish: community testing window before release.
How to Try It
git clone https://github.com/blazeapps007/dsteem.git
cd dsteem
git checkout BlazeDevelopment
npm install
npm test
npm run build
Then in another project, point package.json at the branch tarball:
{
"dependencies": {
"dsteem": "github:blazeapps007/dsteem#BlazeDevelopment"
}
}
…and try whatever your app does. If anything misbehaves between v0.11.x and this branch, that's a P0 bug — file an issue on the repo, ideally with a minimal repro.
What's Next
The next post (likely tomorrow) is the full testing report:
- Real broadcast against mainnet (a tiny transfer to prove the new signing path)
- Cross-browser Playwright run (Chromium + Firefox + WebKit)
- Bundle-size analysis
- Coverage breakdown
- Anything I find when I dogfood the branch from a fresh clone
Then later in the week: Phase 8 — the actual v0.12.0 release, the npm publish, the migration guide, and the npm-vs-GitHub install instructions.
How You Can Help
- 🔍 Clone the branch:
BlazeDevelopment - 🧪 Test it against your app: drop-in replace
[email protected]with the branch and see what breaks - 🐛 File issues: anything that misbehaves vs. v0.11.x is a release blocker — API compatibility is non-negotiable
- 💬 Comment here: especially if you have a non-obvious use case the test suite doesn't exercise
The point of this branch existing publicly is to fail fast. If something is wrong, this is the right week to find it.
This work was developed with Claude AI assistance. All technical decisions reflect Steem ecosystem needs and the hard requirement of zero breaking changes .
Support Secure Steem Development
If you value proactive engineering, UX polish, and performance optimizations for the STEEM ecosystem, please consider supporting my witness: blaze.apps
🗳️ Vote Here:
Vote for blaze.apps Witness
Disclaimer: This post announces a push to the BlazeDevelopment branch. Full testing details will come in upcoming posts. The release will be tagged v0.12.0 after Phase 8 ships next week.