Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@aws-crypto/supports-web-crypto
Advanced tools
Provides functions for detecting if the host environment supports the WebCrypto API
The @aws-crypto/supports-web-crypto npm package is designed to check if the current runtime environment supports the Web Cryptography API. This is particularly useful for applications that need to perform cryptographic operations in environments where support for Web Crypto might vary, such as in different browsers or Node.js versions. By using this package, developers can ensure that their applications only attempt to use Web Crypto features when they are available, thereby avoiding potential errors in unsupported environments.
Checking Web Crypto Support
This feature allows developers to programmatically check if the Web Cryptography API is supported in the current runtime environment. The provided code sample demonstrates how to import the `supportsWebCrypto` function from the package and use it to perform this check. Depending on the result, it logs a message indicating whether or not Web Crypto is supported.
import { supportsWebCrypto } from '@aws-crypto/supports-web-crypto';
if (supportsWebCrypto()) {
console.log('Web Crypto is supported in this environment.');
} else {
console.log('Web Crypto is not supported in this environment.');
}
The crypto-browserify package is a port of Node.js's crypto module to the browser. While it does not specifically check for Web Crypto support like @aws-crypto/supports-web-crypto, it provides a way to use cryptographic functions in environments that do not support the Web Cryptography API natively. This makes it a useful alternative for developers looking to perform cryptographic operations in a wide range of environments.
Webcrypto-liner is a polyfill for the Web Cryptography API that aims to provide a consistent API across different environments, including those that do not support Web Crypto natively. Unlike @aws-crypto/supports-web-crypto, which checks for support, webcrypto-liner attempts to fill in the gaps when support is lacking. This makes it a complementary solution for ensuring that cryptographic operations can be performed regardless of the environment's native support.
Functions to check web crypto support for browsers.
import {supportsWebCrypto} from '@aws-crypto/supports-web-crypto';
if (supportsWebCrypto(window)) {
// window.crypto.subtle.encrypt will exist
}
Used to make sure window.crypto.subtle
exists and implements crypto functions
as well as a cryptographic secure random source exists.
Used to make sure that a cryptographic secure random source exists.
Does not check for window.crypto.subtle
.
npm test
FAQs
Provides functions for detecting if the host environment supports the WebCrypto API
We found that @aws-crypto/supports-web-crypto demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.