Security News
How Threat Actors are Abusing GitHub’s File Upload Feature to Host Malware
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
@aws-crypto/supports-web-crypto
Advanced tools
Package description
The @aws-crypto/supports-web-crypto npm package is designed to check if the current runtime environment supports the Web Cryptography API. This is particularly useful for applications that need to perform cryptographic operations in environments where support for Web Crypto might vary, such as in different browsers or Node.js versions. By using this package, developers can ensure that their applications only attempt to use Web Crypto features when they are available, thereby avoiding potential errors in unsupported environments.
Checking Web Crypto Support
This feature allows developers to programmatically check if the Web Cryptography API is supported in the current runtime environment. The provided code sample demonstrates how to import the `supportsWebCrypto` function from the package and use it to perform this check. Depending on the result, it logs a message indicating whether or not Web Crypto is supported.
import { supportsWebCrypto } from '@aws-crypto/supports-web-crypto';
if (supportsWebCrypto()) {
console.log('Web Crypto is supported in this environment.');
} else {
console.log('Web Crypto is not supported in this environment.');
}
The crypto-browserify package is a port of Node.js's crypto module to the browser. While it does not specifically check for Web Crypto support like @aws-crypto/supports-web-crypto, it provides a way to use cryptographic functions in environments that do not support the Web Cryptography API natively. This makes it a useful alternative for developers looking to perform cryptographic operations in a wide range of environments.
Webcrypto-liner is a polyfill for the Web Cryptography API that aims to provide a consistent API across different environments, including those that do not support Web Crypto natively. Unlike @aws-crypto/supports-web-crypto, which checks for support, webcrypto-liner attempts to fill in the gaps when support is lacking. This makes it a complementary solution for ensuring that cryptographic operations can be performed regardless of the environment's native support.
Readme
Functions to check web crypto support for browsers.
import {supportsWebCrypto} from '@aws-crypto/supports-web-crypto';
if (supportsWebCrypto(window)) {
// window.crypto.subtle.encrypt will exist
}
Used to make sure window.crypto.subtle
exists and implements crypto functions
as well as a cryptographic secure random source exists.
Used to make sure that a cryptographic secure random source exists.
Does not check for window.crypto.subtle
.
npm test
FAQs
Provides functions for detecting if the host environment supports the WebCrypto API
The npm package @aws-crypto/supports-web-crypto receives a total of 9,465,306 weekly downloads. As such, @aws-crypto/supports-web-crypto popularity was classified as popular.
We found that @aws-crypto/supports-web-crypto demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.