// the find
pimlicolabs/permissionless.js
TypeScript utilities built on viem for ERC-4337: Account Abstraction
permissionless.js is a TypeScript library that wraps viem to implement ERC-4337 account abstraction: deploying smart accounts, submitting user operations through bundlers, and handling gas sponsorship via paymasters. It targets dapp developers who want to integrate account abstraction without writing raw bundler RPC calls or managing the EntryPoint contract directly. It's maintained by Pimlico, whose own infrastructure it's designed to work best with.
- Solid account coverage: Safe, Kernel, Biconomy, Nexus, Light, Trust, Thirdweb, Etherspot, plus EIP-7702 variants — not just toy examples. Each has its own encode/decode/sign helpers rather than one-size-fits-all logic.
- ERC-7579 module support is first-class with dedicated actions (installModule, uninstallModule, isModuleInstalled, supportsExecutionMode), which is ahead of most competing libraries.
- Test infrastructure is genuinely good: a local Alto bundler instance, mock paymaster package, and per-account-type test files that run against a real fork rather than just mocking RPC calls.
- Thin viem wrapper design means you're not fighting two type systems. Clients extend viem's client pattern, so existing viem knowledge transfers and tree-shaking works as expected.
- Heavy Pimlico vendor bias: Pimlico-specific actions (getUserOperationStatus, sponsorUserOperation, validateSponsorshipPolicies, sendCompressedUserOperation) live at the same level as standard ERC-4337 actions, and the quick-start example hardcodes Pimlico endpoints. Using a different bundler or paymaster requires more digging.
- 250 stars for a library in active production use suggests limited community adoption outside Pimlico's own ecosystem, which is a risk if Pimlico changes priorities or breaks something upstream.
- The wagmi integration package is thin (3 hooks) and hasn't received much attention; anyone trying to integrate into a wagmi-based app will likely hit gaps quickly and need to drop down to raw permissionless calls anyway.
- EntryPoint v0.6 vs v0.7 handling is spread across individual account implementations rather than abstracted behind a versioned layer, so adding a new account type requires re-implementing the version branching logic each time.