There are a few instances where this library manipulates the input by calling toUpperCase() before inserting the leaf. This causes subsequent derived hashes to be incorrect preventing the proper verification of different leaves in the tree by another party.

I'd suggest removing all instances of toUpperCase() on input, or am I missing something here?

toUpperCase() is here for historical reasons I guess, I will have a look to remove it an publish a v0.4.0.

I've added an option when using merkle defining upper case usage (default is true to avoid breaking changes):

var use_uppercase = false;
merkle('sha256', use_uppercase);

I published 0.5.0 for this purpose.

Great, thanks! 👍