@scure/bip32

Using @scure/bip32 in production crypto projects has been largely positive. The API is straightforward - HDKey.fromMasterSeed() and derive() methods work exactly as you'd expect. TypeScript support is excellent with proper type exports and inference. The library is genuinely minimal with no surprises, which is exactly what you want for security-critical code.

The main pain point is documentation. The README gives you the basics, but you'll find yourself cross-referencing BIP32 specs and other implementations to understand derivation paths, hardened vs non-hardened keys, and edge cases. Error messages are technically accurate but terse - you get "Invalid private key" without context about what makes it invalid or how to fix it.

Day-to-day usage is smooth once you're past the initial learning curve. The library handles the cryptographic heavy lifting reliably, and the small bundle size is appreciated. IDE autocomplete works well thanks to clean TypeScript definitions, though JSDoc comments are minimal so you won't get much inline help.

Using @scure/bip32 in production has been refreshing after dealing with bloated crypto libraries. The API is intentionally minimal—HDKey class with clear derivation methods, explicit seed-to-key conversions, and zero surprises. Error handling is explicit: invalid paths throw immediately, bad entropy is caught at construction time, and there's no silent failure masking.

The library enforces secure-by-default principles rigorously. Private keys are validated on import, derivation indices are bounds-checked, and the code makes it difficult to accidentally expose sensitive material through logging (no .toString() leaks). The audit trail from Cure53 provides reassurance for handling user funds. TypeScript definitions are comprehensive and accurate.

Dependency hygiene is exceptional—only @noble/hashes and @noble/secp256k1 from the same author, both audited. No transitive dependency sprawl means minimal supply chain risk. The constant-time operations and proper zeroization of sensitive buffers show attention to side-channel concerns rarely seen in JS crypto libraries.

After using @scure/bip32 in production wallet applications, I've found it to be a reliable and well-designed library. The API is straightforward with HDKey as the main class—derivation is intuitive with `.derive()` and `.deriveChild()` methods. TypeScript definitions are first-class, giving excellent autocomplete for properties like `privateKey`, `publicKey`, and `chainCode`. The library correctly handles both Buffer and Uint8Array, which is appreciated in modern JavaScript.

Error handling is clear when you pass invalid paths or try to derive hardened keys from public-only HDKey instances. The library throws descriptive errors like "Missing private key" rather than cryptic messages. Documentation in the README covers the essential API surface well, though I wish there were more real-world examples beyond basic derivation.

One gotcha: the library is minimal by design, so you'll need companion packages like @scure/bip39 for mnemonics. This modular approach keeps bundle sizes down but means more dependencies to manage. Overall, it's become my go-to for BIP32 operations—audited, maintained, and just works.