Library needs much more usage examples. Also it would be great to document them right in the API docs using the jsdoc tutorial mechanism:
http://usejsdoc.org/about-tutorials.html

Do we also need to duplicate them in README Usages section or just link them?

Generate documentation using JSDoc (with the Markdown plugin) and host it at GitHub Pages for this repository.

Transports should probably be extracted into the separate library bitmessage-transports. They aren't always needed and ws/wrtc/bitmessage.lib.net packages are rather heavy.

Also it should simplify modules structure a bit as recommended here: http://blog.izs.me/post/44149270867/why-no-directories-lib-in-node-the-less-snarky

Decoded objects should be validated as much as possible. Existing validation in PyBitmessage may help. Examples:

• Messages must be decrypted using identity with the same ripe as in the destination_ripe field [↱]
• Broadcasts must be decrypted using identity with the same ripe as the one constructed from the keys fields [↱]
• Better checks for version ranges, streams; also sender's version should justify used object's version (msg, broadcast) [↱]

• Fix compilation with nan 2.1.0
• Fix/drop secp256k1 compilation on node 0.10
• Publish and require latest eccrypto

bignum currently is in optional dependencies, but library is actually not usable without it.

• var_int.value vs var_str.str vs var_list.list
• net_addr.addrs vs inv.inventory vs error.vector
• pubkey.needed vs msg.identities vs broadcast.subscriptions
• bootstrap/connect/listen API: it's better to always use objects instead of positional arguments. (E.g. {host: "1.2.3.4", port: 8444})
• connection pass 3 positional arguments (should it pass transport, {host, port} instead?)
• error message fatal field is nonintuitive (better to use something like type)
• version message version field is nonintuitive (better to use something like protoVersion)
• version message streamNumbers field is awkward
• High-level checkings (like connection to self detection) probably should lie in transport code
• Exceptions in transport callbacks propogated further: do we want to auto-catch and warn about them?
• Somehow make it clear that methods like tryDecode and validate don't throw exceptions

It would be good to have WebRTC transport as well. Browsers (Firefox, Chrome) have native implementations, package for node: wrtc.

For the first phase of SHA-1→SHA-256 switching we should accept both SHA-1 and SHA-256 signatures.

See yann2192/pyelliptic#32 and Bitmessage/PyBitmessage#792 for details.

Create the directory with various benchmarks in order to fully understand the bottlenecks:

• SHA512/SHA256: WebCryptoAPI vs OpenSSL vs hash.js vs some-other-pure-js-implementation
• RIPEMD160: OpenSSL vs CryptoJS vs hash.js
• getPublic: secp256k1 vs elliptic vs ecurve
• keys2ripe/tryKey: Node vs Browser

Comparision of POW speed in different environments

Implementation sources: https://gist.github.com/Kagami/e15186b5d73224ca8c47

POW

target = 297422593171
initialHash = "8ff2d685db89a0af2e3dbfd3f700ae96ef4d9a1eac72fd778bbb368c7510cddda349e03207e1c4965bd95c6f7265e8f1a481a08afab3874eaafb9ade09a10880" (hex)
nonce = 21997550
trialValue = 120283692955

fastcpu (OpenSSL, 8 threads)

Run test POW for ~10-60 seconds, please be patient
Result nonce should be equal to 45833041
Done in 4.78248214722s: nonce = 21997550 with trial value 120283692955 < 297422593171 target

(5 seconds)

PyBitmessage (8 processes)

@@@ CALCULATE TARGET 297422593171 = 18446744073709551616 1000 628 8 1000 2418984 628 8 1000 65536
@@@ START AT: 1420638468
@@@ INPUT: 297422593171 8ff2d685db89a0af2e3dbfd3f700ae96ef4d9a1eac72fd778bbb368c7510cddda349e03207e1c4965bd95c6f7265e8f1a481a08afab3874eaafb9ade09a10880
@@@ END AT: 1420638483
@@@ RESULT: 120283692955 21997550

(15 seconds)

C (OpenSSL, 1 thread)

nonce = 21997550, trial = 120283692955 <= 297422593171 target
Resulting hash is: 0000001c01777f9bd7215852b3ff39ed5cd1b67ae81df304d05b136e38ae59330173f630fcf46665be38d5415d02ae48adcbea9bc8e29862c9888bcf22789308
./pow  19.28s user 0.00s system 99% cpu 19.278 total

(20 seconds)

JS (sha.js, 8 web workers)

Chrome

runPow()
undefined
index.browserify.js:17 pow: 132104.604ms
index.browserify.js:18 Result nonce: 21997550

(132 seconds, 2.25 minutes)

Firefox

pow: timer started index.browserify.js:5
pow: 230391.8ms index.browserify.js:17
"Result nonce: 21997550"

(230 seconds, 4 minutes)

JS (sha.js, 1 thread)

Chrome

runPow()
index.browserify.js:45 pow: 632656.147ms
21997550

(633 seconds, 10.5 minutes)

When encoding msg object, library should automatically generate acknowledgement object by default (user should be able to provide his/her own object or include empty ack). It should also parse and validate ack's POW on decode.

Conventions used throughout the library should be documented in CONVENTIONS.md or somewhere in the docs. Some of them are:

• Structure of the modules
• Structs/messages/objects namespaces
• decode/encode common behavior: input, output, exceptions
• Exception-free methods like tryDecode and validate

We shouldn't accept (and shouldn't encode?) addresses from private IP ranges in addr messages. See reference:
https://github.com/Bitmessage/PyBitmessage/blob/master/src/class_receiveDataThread.py#L491-L514

Library should provide better error handling interface so the end-user may easily detect and process various errors events. Probably we should use custom Error (exception) classes.

We should do our best to protect library users from timing/side-channel attacks. Starting with signing/encryption (this is primary eccrypto/elliptic/secp256k1 issue) and up to processing objects in near constant time. References:

• https://bitmessage.org/Bitmessage%20Technical%20Paper.pdf (page 14)
• https://github.com/Bitmessage/PyBitmessage/blob/master/src/class_receiveDataThread.py#L387