@chainsafe/libp2p-noise - npm Package Compare versions

Comparing version 11.0.1 to 11.0.2

dist/src/handshakes/abstract-handshake.d.ts

@@ -5,2 +5,10 @@ import type { bytes, bytes32 } from '../@types/basic.js';
 import { Nonce } from '../nonce.js';
+export interface DecryptedResult {
+    plaintext: bytes;
+    valid: boolean;
+}
+export interface SplitState {
+    cs1: CipherState;
+    cs2: CipherState;
+}
 export declare abstract class AbstractHandshake {
@@ -10,6 +18,3 @@ crypto: ICryptoInterface;
     encryptWithAd(cs: CipherState, ad: Uint8Array, plaintext: Uint8Array): bytes;
-    decryptWithAd(cs: CipherState, ad: Uint8Array, ciphertext: Uint8Array, dst?: Uint8Array): {
-        plaintext: bytes;
-        valid: boolean;
-    };
+    decryptWithAd(cs: CipherState, ad: Uint8Array, ciphertext: Uint8Array, dst?: Uint8Array): DecryptedResult;
     protected hasKey(cs: CipherState): boolean;
@@ -20,10 +25,4 @@ protected createEmptyKey(): bytes32;
     protected encryptAndHash(ss: SymmetricState, plaintext: bytes): bytes;
-    protected decrypt(k: bytes32, n: Nonce, ad: bytes, ciphertext: bytes, dst?: Uint8Array): {
-        plaintext: bytes;
-        valid: boolean;
-    };
-    protected decryptAndHash(ss: SymmetricState, ciphertext: bytes): {
-        plaintext: bytes;
-        valid: boolean;
-    };
+    protected decrypt(k: bytes32, n: Nonce, ad: bytes, ciphertext: bytes, dst?: Uint8Array): DecryptedResult;
+    protected decryptAndHash(ss: SymmetricState, ciphertext: bytes): DecryptedResult;
     protected dh(privateKey: bytes32, publicKey: bytes32): bytes32;
@@ -36,12 +35,6 @@ protected mixHash(ss: SymmetricState, data: bytes): void;
     protected hashProtocolName(protocolName: Uint8Array): bytes32;
-    protected split(ss: SymmetricState): {
-        cs1: CipherState;
-        cs2: CipherState;
-    };
+    protected split(ss: SymmetricState): SplitState;
     protected writeMessageRegular(cs: CipherState, payload: bytes): MessageBuffer;
-    protected readMessageRegular(cs: CipherState, message: MessageBuffer): {
-        plaintext: bytes;
-        valid: boolean;
-    };
+    protected readMessageRegular(cs: CipherState, message: MessageBuffer): DecryptedResult;
 }
 //# sourceMappingURL=abstract-handshake.d.ts.map

dist/src/handshakes/xx.d.ts

 import type { bytes32, bytes } from '../@types/basic.js';
 import type { KeyPair } from '../@types/libp2p.js';
 import type { MessageBuffer, NoiseSession } from '../@types/handshake.js';
-import { AbstractHandshake } from './abstract-handshake.js';
+import { AbstractHandshake, DecryptedResult } from './abstract-handshake.js';
 export declare class XX extends AbstractHandshake {
@@ -16,7 +16,4 @@ private initializeInitiator;
     sendMessage(session: NoiseSession, message: bytes, ephemeral?: KeyPair): MessageBuffer;
-    recvMessage(session: NoiseSession, message: MessageBuffer): {
-        plaintext: bytes;
-        valid: boolean;
-    };
+    recvMessage(session: NoiseSession, message: MessageBuffer): DecryptedResult;
 }
 //# sourceMappingURL=xx.d.ts.map

dist/src/metrics.d.ts

@@ -1,10 +0,4 @@
-import type { Metrics } from '@libp2p/interface-metrics';
-export type MetricsRegistry = ReturnType<typeof registerMetrics>;
-export declare function registerMetrics(metrics: Metrics): {
-    xxHandshakeSuccesses: import("@libp2p/interface-metrics").Counter;
-    xxHandshakeErrors: import("@libp2p/interface-metrics").Counter;
-    encryptedPackets: import("@libp2p/interface-metrics").Counter;
-    decryptedPackets: import("@libp2p/interface-metrics").Counter;
-    decryptErrors: import("@libp2p/interface-metrics").Counter;
-};
+import type { Counter, Metrics } from '@libp2p/interface-metrics';
+export type MetricsRegistry = Record<string, Counter>;
+export declare function registerMetrics(metrics: Metrics): MetricsRegistry;
 //# sourceMappingURL=metrics.d.ts.map

dist/src/proto/payload.d.ts

@@ -0,3 +1,3 @@
+import type { Codec } from 'protons-runtime';
 import type { Uint8ArrayList } from 'uint8arraylist';
-import type { Codec } from 'protons-runtime';
 export interface NoiseExtensions {
@@ -8,3 +8,3 @@ webtransportCerthashes: Uint8Array[];
     const codec: () => Codec<NoiseExtensions>;
-    const encode: (obj: NoiseExtensions) => Uint8Array;
+    const encode: (obj: Partial<NoiseExtensions>) => Uint8Array;
     const decode: (buf: Uint8Array | Uint8ArrayList) => NoiseExtensions;
@@ -19,5 +19,5 @@ }
     const codec: () => Codec<NoiseHandshakePayload>;
-    const encode: (obj: NoiseHandshakePayload) => Uint8Array;
+    const encode: (obj: Partial<NoiseHandshakePayload>) => Uint8Array;
     const decode: (buf: Uint8Array | Uint8ArrayList) => NoiseHandshakePayload;
 }
 //# sourceMappingURL=payload.d.ts.map

dist/src/proto/payload.js

@@ -5,2 +5,3 @@ /* eslint-disable import/export */
 /* eslint-disable @typescript-eslint/no-unnecessary-boolean-literal-compare */
+/* eslint-disable @typescript-eslint/no-empty-interface */
 import { encodeMessage, decodeMessage, message } from 'protons-runtime';
@@ -64,7 +65,7 @@ export var NoiseExtensions;
                     w.uint32(10);
-                    w.bytes(obj.identityKey);
+                    w.bytes(obj.identityKey ?? new Uint8Array(0));
                 }
                 if (opts.writeDefaults === true || (obj.identitySig != null && obj.identitySig.byteLength > 0)) {
                     w.uint32(18);
-                    w.bytes(obj.identitySig);
+                    w.bytes(obj.identitySig ?? new Uint8Array(0));
                 }
@@ -71,0 +72,0 @@ if (obj.extensions != null) {

dist/src/proto/payload.ts

@@ -5,6 +5,7 @@ /* eslint-disable import/export */
 /* eslint-disable @typescript-eslint/no-unnecessary-boolean-literal-compare */
+/* eslint-disable @typescript-eslint/no-empty-interface */
 
 import { encodeMessage, decodeMessage, message } from 'protons-runtime'
+import type { Codec } from 'protons-runtime'
 import type { Uint8ArrayList } from 'uint8arraylist'
-import type { Codec } from 'protons-runtime'
 
@@ -62,3 +63,3 @@ export interface NoiseExtensions {
 
-  export const encode = (obj: NoiseExtensions): Uint8Array => {
+  export const encode = (obj: Partial<NoiseExtensions>): Uint8Array => {
     return encodeMessage(obj, NoiseExtensions.codec())
@@ -90,3 +91,3 @@ }
           w.uint32(10)
-          w.bytes(obj.identityKey)
+          w.bytes(obj.identityKey ?? new Uint8Array(0))
         }
@@ -96,3 +97,3 @@
           w.uint32(18)
-          w.bytes(obj.identitySig)
+          w.bytes(obj.identitySig ?? new Uint8Array(0))
         }
@@ -144,3 +145,3 @@
 
-  export const encode = (obj: NoiseHandshakePayload): Uint8Array => {
+  export const encode = (obj: Partial<NoiseHandshakePayload>): Uint8Array => {
     return encodeMessage(obj, NoiseHandshakePayload.codec())
@@ -147,0 +148,0 @@ }

package.json

 {
   "name": "@chainsafe/libp2p-noise",
-  "version": "11.0.1",
+  "version": "11.0.2",
   "author": "ChainSafe <info@chainsafe.io>",
@@ -27,3 +27,3 @@ "license": "Apache-2.0 OR MIT",
     "src",
-    "dist/src",
+    "dist",
     "!dist/test",
@@ -84,6 +84,6 @@ "!**/*.tsbuildinfo"
     "it-pair": "^2.0.2",
-    "it-pb-stream": "^2.0.2",
+    "it-pb-stream": "^3.2.0",
     "it-pipe": "^2.0.3",
     "it-stream-types": "^1.0.4",
-    "protons-runtime": "^4.0.1",
+    "protons-runtime": "^5.0.0",
     "uint8arraylist": "^2.3.2",
@@ -93,6 +93,6 @@ "uint8arrays": "^4.0.2"
   "devDependencies": {
-    "@libp2p/daemon-client": "^4.0.1",
+    "@libp2p/daemon-client": "^5.0.0",
     "@libp2p/daemon-server": "^4.0.1",
     "@libp2p/interface-connection-encrypter-compliance-tests": "^4.0.0",
-    "@libp2p/interop": "^4.0.2",
+    "@libp2p/interop": "^7.0.3",
     "@libp2p/mplex": "^7.0.0",
@@ -102,3 +102,3 @@ "@libp2p/peer-id-factory": "^2.0.0",
     "@multiformats/multiaddr": "^11.0.3",
-    "aegir": "^37.3.0",
+    "aegir": "^38.1.7",
     "benchmark": "^2.1.4",
@@ -111,3 +111,3 @@ "execa": "^7.0.0",
     "p-defer": "^4.0.0",
-    "protons": "^6.0.0",
+    "protons": "^7.0.0",
     "sinon": "^15.0.0",
@@ -114,0 +114,0 @@ "util": "^0.12.4"

src/handshakes/abstract-handshake.ts

@@ -10,2 +10,12 @@ import { equals as uint8ArrayEquals } from 'uint8arrays/equals'
 
+export interface DecryptedResult {
+  plaintext: bytes
+  valid: boolean
+}
+
+export interface SplitState {
+  cs1: CipherState
+  cs2: CipherState
+}
+
 export abstract class AbstractHandshake {
@@ -25,3 +35,3 @@ public crypto: ICryptoInterface
 
-  public decryptWithAd (cs: CipherState, ad: Uint8Array, ciphertext: Uint8Array, dst?: Uint8Array): {plaintext: bytes, valid: boolean} {
+  public decryptWithAd (cs: CipherState, ad: Uint8Array, ciphertext: Uint8Array, dst?: Uint8Array): DecryptedResult {
     const { plaintext, valid } = this.decrypt(cs.k, cs.n, ad, ciphertext, dst)
@@ -65,3 +75,3 @@ if (valid) cs.n.increment()
 
-  protected decrypt (k: bytes32, n: Nonce, ad: bytes, ciphertext: bytes, dst?: Uint8Array): {plaintext: bytes, valid: boolean} {
+  protected decrypt (k: bytes32, n: Nonce, ad: bytes, ciphertext: bytes, dst?: Uint8Array): DecryptedResult {
     n.assertValue()
@@ -84,3 +94,3 @@
 
-  protected decryptAndHash (ss: SymmetricState, ciphertext: bytes): {plaintext: bytes, valid: boolean} {
+  protected decryptAndHash (ss: SymmetricState, ciphertext: bytes): DecryptedResult {
     let plaintext: bytes; let valid = true
@@ -155,3 +165,3 @@ if (this.hasKey(ss.cs)) {
 
-  protected split (ss: SymmetricState): {cs1: CipherState, cs2: CipherState} {
+  protected split (ss: SymmetricState): SplitState {
     const [tempk1, tempk2] = this.crypto.getHKDF(ss.ck, new Uint8Array(0))
@@ -172,5 +182,5 @@ const cs1 = this.initializeKey(tempk1)
 
-  protected readMessageRegular (cs: CipherState, message: MessageBuffer): {plaintext: bytes, valid: boolean} {
+  protected readMessageRegular (cs: CipherState, message: MessageBuffer): DecryptedResult {
     return this.decryptWithAd(cs, new Uint8Array(0), message.ciphertext)
   }
 }

src/handshakes/xx.ts

@@ -5,3 +5,3 @@ import type { bytes32, bytes } from '../@types/basic.js'
 import type { CipherState, HandshakeState, MessageBuffer, NoiseSession } from '../@types/handshake.js'
-import { AbstractHandshake } from './abstract-handshake.js'
+import { AbstractHandshake, DecryptedResult } from './abstract-handshake.js'
 
@@ -71,3 +71,3 @@ export class XX extends AbstractHandshake {
 
-  private readMessageA (hs: HandshakeState, message: MessageBuffer): {plaintext: bytes, valid: boolean} {
+  private readMessageA (hs: HandshakeState, message: MessageBuffer): DecryptedResult {
     if (isValidPublicKey(message.ne)) {
@@ -81,3 +81,3 @@ hs.re = message.ne
 
-  private readMessageB (hs: HandshakeState, message: MessageBuffer): {plaintext: bytes, valid: boolean} {
+  private readMessageB (hs: HandshakeState, message: MessageBuffer): DecryptedResult {
     if (isValidPublicKey(message.ne)) {
@@ -101,3 +101,3 @@ hs.re = message.ne
 
-  private readMessageC (hs: HandshakeState, message: MessageBuffer): {h: bytes, plaintext: bytes, valid: boolean, cs1: CipherState, cs2: CipherState} {
+  private readMessageC (hs: HandshakeState, message: MessageBuffer): { h: bytes, plaintext: bytes, valid: boolean, cs1: CipherState, cs2: CipherState } {
     const { plaintext: ns, valid: valid1 } = this.decryptAndHash(hs.ss, message.ns)
@@ -170,3 +170,3 @@ if (valid1 && isValidPublicKey(ns)) {
 
-  public recvMessage (session: NoiseSession, message: MessageBuffer): {plaintext: bytes, valid: boolean} {
+  public recvMessage (session: NoiseSession, message: MessageBuffer): DecryptedResult {
     let plaintext: bytes = new Uint8Array(0)
@@ -173,0 +173,0 @@ let valid = false

src/logger.ts

@@ -27,3 +27,3 @@ import { Logger, logger } from '@libp2p/logger'
 
-export function logLocalEphemeralKeys (e: KeyPair|undefined): void {
+export function logLocalEphemeralKeys (e: KeyPair | undefined): void {
   if (e) {
@@ -30,0 +30,0 @@ keyLogger(`LOCAL_PUBLIC_EPHEMERAL_KEY ${uint8ArrayToString(e.publicKey, 'hex')}`)

src/metrics.ts

@@ -1,6 +0,6 @@
-import type { Metrics } from '@libp2p/interface-metrics'
+import type { Counter, Metrics } from '@libp2p/interface-metrics'
 
-export type MetricsRegistry = ReturnType<typeof registerMetrics>
+export type MetricsRegistry = Record<string, Counter>
 
-export function registerMetrics (metrics: Metrics) {
+export function registerMetrics (metrics: Metrics): MetricsRegistry {
   return {
@@ -7,0 +7,0 @@ xxHandshakeSuccesses: metrics.registerCounter(

src/proto/payload.ts

@@ -5,6 +5,7 @@ /* eslint-disable import/export */
 /* eslint-disable @typescript-eslint/no-unnecessary-boolean-literal-compare */
+/* eslint-disable @typescript-eslint/no-empty-interface */
 
 import { encodeMessage, decodeMessage, message } from 'protons-runtime'
+import type { Codec } from 'protons-runtime'
 import type { Uint8ArrayList } from 'uint8arraylist'
-import type { Codec } from 'protons-runtime'
 
@@ -62,3 +63,3 @@ export interface NoiseExtensions {
 
-  export const encode = (obj: NoiseExtensions): Uint8Array => {
+  export const encode = (obj: Partial<NoiseExtensions>): Uint8Array => {
     return encodeMessage(obj, NoiseExtensions.codec())
@@ -90,3 +91,3 @@ }
           w.uint32(10)
-          w.bytes(obj.identityKey)
+          w.bytes(obj.identityKey ?? new Uint8Array(0))
         }
@@ -96,3 +97,3 @@
           w.uint32(18)
-          w.bytes(obj.identitySig)
+          w.bytes(obj.identitySig ?? new Uint8Array(0))
         }
@@ -144,3 +145,3 @@
 
-  export const encode = (obj: NoiseHandshakePayload): Uint8Array => {
+  export const encode = (obj: Partial<NoiseHandshakePayload>): Uint8Array => {
     return encodeMessage(obj, NoiseHandshakePayload.codec())
@@ -147,0 +148,0 @@ }

New alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Minified code

Quality

This package contains minified code. This may be harmless in some cases where minified code is included in packaged libraries, however packages on npm should not minify code.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

474055

increased by186.76%

Number of package files

102

increased by0.99%

Lines of code

3841

increased by44.78%

Worsened metrics

Number of low quality alerts

1

increased byInfinity%

Number of low supply chain risk alerts

4

increased byInfinity%

Number of medium supply chain risk alerts

1

increased byInfinity%

Dependency changes

• + Addedit-length-prefixed@9.1.1(transitive)

• + Addedit-pb-stream@3.2.1(transitive)

• - Removed@protobufjs/aspromise@1.1.2(transitive)

• - Removed@protobufjs/base64@1.1.2(transitive)

• - Removed@protobufjs/codegen@2.0.4(transitive)

• - Removed@protobufjs/eventemitter@1.1.0(transitive)

• - Removed@protobufjs/fetch@1.1.0(transitive)

• - Removed@protobufjs/float@1.0.2(transitive)

• - Removed@protobufjs/inquire@1.1.0(transitive)

• - Removed@protobufjs/path@1.1.2(transitive)

• - Removed@protobufjs/pool@1.1.0(transitive)

• - Removed@protobufjs/utf8@1.1.0(transitive)

• - Removedit-handshake@4.1.3(transitive)

• - Removedit-pb-stream@2.0.4(transitive)

• - Removedlong@5.3.1(transitive)

• - Removedprotobufjs@7.4.0(transitive)

• - Removedprotons-runtime@4.0.2(transitive)

• Updatedit-pb-stream@^3.2.0

• Updatedprotons-runtime@^5.0.0