As BON (Build On Nexa) expands developer access to the Nexa ecosystem, independently validated SDK security helps protect wallets, dApps, and enterprise integrations built on top.
Hashlock, a leading Web3 security firm, has completed an independent security audit of libnexa-ts, Nexa’s open-source TypeScript/JavaScript SDK designed for applications that interface directly with the Nexa network. Following the audit and remediation process, Hashlock has awarded libnexa-ts a “Secure” security rating, indicating the reviewed codebase is robust and suitable for production use.
Developer tooling sits at the root of every ecosystem. When an SDK is used across wallets, payment processors, exchanges, and dApps, security assurance at the library level becomes a multiplier for overall ecosystem safety. This is particularly important as Nexa continues to scale its developer onboarding initiatives through BON (Build On Nexa), its official builder program and documentation hub for developers building applications, tools, and services on Nexa.
What is libnexa-ts?
libnexa-ts is a developer-focused SDK that enables TypeScript and JavaScript applications to interact with the Nexa network using a reliable, open-source codebase. The library supports modern developer workflows and can be installed via npm, with documentation covering core modules and practical integration patterns. The SDK is built for both server-side Node.js environments and modern browsers, supporting a wide range of application types—from web apps and wallets to backend services and smart contract interactions.
Audit Overview
Hashlock’s audit focused on the libnexa-ts (Nexa SDK) codebase, using a manual line-by-line review supported by software-assisted testing. The assessment evaluated security and efficiency across the audited repository and commit reference, with an emphasis on correctness, reliability, and preventing downstream integration risk for developers and end users.
The final audit report notes that Hashlock identified one high-severity issue alongside additional quality assurance items during the review process. Following remediation, the final assessment confirms that all initially identified vulnerabilities have been resolved, resulting in the SDK receiving a “Secure” rating.
What a “Secure” Rating Signifies
Hashlock’s security rating system is designed to provide clear guidance on deployment readiness and risk posture. A “Secure” rating indicates the audited codebase is suitable for production deployment based on the scope reviewed, and that identified issues have been addressed. Hashlock also notes that ratings below “Secure” should not be deployed, while the separate “Hashlocked” designation is reserved for projects that invest in ongoing security measures beyond an initial audit, such as monitoring or bug bounty programs.
On Nexa
Nexa is a Proof-of-Work, UTXO Layer-1 blockchain built for high-throughput applications and scalable peer-to-peer finance. The Nexa ecosystem supports native token services and smart contract capabilities, enabling developers to build decentralized applications and automate complex transactions directly on-chain. Nexa’s broader vision is supported by BON (Build On Nexa), which outlines developer resources and a growing suite of ecosystem libraries for building everything from payment applications and merchant integrations to gaming economies, provenance tracking, and tokenized assets.
Why This Matters for Builders
As Web3 moves toward real-world scale, developer tooling becomes a critical part of the security perimeter. Auditing core SDK infrastructure like libnexa-ts helps reduce the risk of systemic bugs propagating across multiple applications, strengthens confidence for ecosystem partners, and improves the safety of end users interacting with wallets, dApps, and other integrations built on Nexa.
Hashlock Audit Page (Nexa / libnexa-ts): https://hashlock.com/audits/nexa
Documentation/Resources:
libnexa-ts Documentation: https://nexa.gitlab.io/libnexa-ts/
libnexa-ts GitLab Repository: https://gitlab.com/nexa/libnexa-ts
BON (Build On Nexa) Documentation Hub: https://build.nexa.org/
Nexa Website: https://www.nexa.org/
Bitcoin Unlimited: https://www.bitcoinunlimited.info/
About Hashlock
Hashlock is a leading Web3 security firm specializing in manual smart contract audits, blockchain protocol reviews, and cybersecurity services across multiple ecosystems. Hashlock’s security researchers work with builders to identify vulnerabilities, strengthen code quality, and support safer deployments across DeFi, infrastructure, gaming, and enterprise use cases.
Website: https://hashlock.com/
About Nexa / Bitcoin Unlimited
Nexa is developed under the Bitcoin Unlimited organization, which focuses on advancing scalable peer-to-peer money through protocol innovation, research, and community collaboration. Bitcoin Unlimited’s work spans multiple blockchain implementations, including prior work on Bitcoin Cash client infrastructure and ongoing development of Nexa as a next-generation UTXO Layer-1 blockchain.
Nexa Website: https://www.nexa.org/
Bitcoin Unlimited: https://www.bitcoinunlimited.info/