Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@kaciras-blog/nativelib
Advanced tools
Kaciras 博客的 Node 本地扩展,包含了一些需要在底层实现的功能。
xxHash 是一个非加密 Hash 函数系列,拥有很快的运算速度。本项包含 xxHash3_128 算法的 Node 扩展。
npm i @kaciras-blog/nativelib
默认情况将从 GitHub Release 上下载编译好的二进制文件,如果需要自己编译请添加--no-prebuild
参数。
使用跟 crypto 模块相似的 API:
const { createXXH3_128 } = require("@kaciras-blog/nativelib");
console.log(createXXH3_128().update("xxhash").digest("hex"));
// 9c8b437c78cac00a376072e24bfdf4d2
使用快捷函数:
const { xxHash3_128 } = require("@kaciras-blog/nativelib");
console.log(xxHash3_128("xxhash", "base64url")); // nItDfHjKwAo3YHLiS_300g
xxHash 算法非常快,故没有提供异步的版本。
计算一个对象的 Hash,底层使用 xxHash3_128 算法,返回 16 字节的 buffer 对象。该函数可以作为 hash-sum 的替代。
const { hashSum } = require("@kaciras-blog/nativelib");
const hash = hashSum({
a: 12345,
b: null,
c: ["foo", "bar"],
d: { foo: true },
});
console.log(hash.toString("base64url")); // n2mK3P2WyGed560H01IaTA
FAQs
Node addon for Kaciras Blog
We found that @kaciras-blog/nativelib demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.