Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt - Nov 14, 2025
@dsnp/hash-util
Advanced tools
Overview
This package is a TypeScript implementation of hash-related utilities to support DSNP applications and services.
Background
DSNP anchors content to announcements via a URL and hashes. This ensures integrity of resources and also provides for relocatable content, as hashes can be generated and verified regardless of location.
This library provides a simple implementation that checks whether a data "file" matches at least one of the hash values provided.
Dependencies
This library utilizes a number of open source projects and the authors are grateful for the efforts of the following projects:
- The Multiformats Project, which specifies multihashes, multibase encodings, and CIDs, among other things
- IPLD (InterPlanetary Linked Data), used for the dag-pb codec
- IPFS (InterPlanetary File System), a content addressed distributed file system
Usage
Given a Uint8Array and an array of strings representing DSNP hashes, use the following function to verify if there is a matching hash.
import { compareBinaryToMultibaseHashes } from "@dsnp/hash-util";
const result = await compareBinaryToMultibaseHashes(binaryU8A, hashes);
It can also be used to generate the CID for a Uint8Array (this is used internally in compareBinaryToMultibaseHashes):
import { generateCID } from "@dsnp/hash-util";
const cidString = await generateCID(binaryU8A);
Compatibility
The library will verify the following types of hashes:
- multihash values
- any standard multibase encoding e.g.
base32orbase58btc sha2-256orblake2b-256hash
- any standard multibase encoding e.g.
- CID version 1 values as emitted by the default configuration of
ipfs add --cid-version=1 ...base32base encodingdag-pbcodec for input longer than 256*1024 bytesrawcodec for shorter (single-block) inputsha2-256hash
Limitations
All comparisons are done in-memory, meaning that there is no attempt to limit the size of the byte array or memory requirements. Callers should therefore perform their own sanity checks.
Development
npm i
npm run build
npm run test
Please use the github issues area to report bugs or suggest enhancements. Pull requests are gratefully welcomed.
FAQs
A library to verify hashes compatible with DSNP
The npm package @dsnp/hash-util receives a total of 0 weekly downloads. As such, @dsnp/hash-util popularity was classified as not popular.
We found that @dsnp/hash-util demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 09 Apr 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025