Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@aws-crypto/sha256-browser
Advanced tools
SHA256 wrapper for browsers that prefers `window.crypto.subtle` but will fall back to a pure JS implementation in @aws/crypto-sha256-js to provide a consistent interface for SHA256.
The @aws-crypto/sha256-browser npm package is a JavaScript implementation of the SHA-256 cryptographic hash function specifically optimized for browser environments. It is part of the AWS SDK for JavaScript and is used to generate SHA-256 hashes of data, which is a common requirement for various security-related operations such as data integrity checks, digital signatures, and password hashing.
Generating SHA-256 hash
This feature allows you to generate a SHA-256 hash of the given data. The code sample demonstrates how to import the Sha256 class, create a new instance, update it with data, and then obtain the digest (the hash) as a promise.
import { Sha256 } from '@aws-crypto/sha256-browser';
async function hashData(data) {
const hash = new Sha256();
hash.update(data);
return hash.digest();
}
const data = new Uint8Array([/* data bytes here */]);
hashData(data).then(digest => {
console.log(digest);
});
Crypto-js is a popular package that provides a variety of cryptographic algorithms including SHA-256. It is not specific to AWS and can be used in both browser and Node.js environments. Compared to @aws-crypto/sha256-browser, crypto-js offers a broader range of cryptographic functions.
js-sha256 is a simple SHA-256 hash function for JavaScript that supports UTF-8 encoding. It is smaller and may be faster than @aws-crypto/sha256-browser but lacks the AWS SDK integration and optimizations for AWS services.
hash.js is a JavaScript hash library that supports several hash functions including SHA-256. It is designed to work in both Node.js and browser environments. While it provides similar functionality to @aws-crypto/sha256-browser, it is not tied to AWS and offers a wider range of hash functions.
SHA256 wrapper for browsers that prefers window.crypto.subtle
but will
fall back to a pure JS implementation in @aws/crypto-sha256-js
to provide a consistent interface for SHA256.
import {Sha256} from '@aws/crypto-sha256-browser'
const hash = new Sha256();
hash.update('some data');
const result = await hash.digest();
npm test
FAQs
SHA256 wrapper for browsers that prefers `window.crypto.subtle` but will fall back to a pure JS implementation in @aws-crypto/sha256-js to provide a consistent interface for SHA256.
The npm package @aws-crypto/sha256-browser receives a total of 12,983,676 weekly downloads. As such, @aws-crypto/sha256-browser popularity was classified as popular.
We found that @aws-crypto/sha256-browser demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.