Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement →
@ladjs/shared-config
Advanced tools
@ladjs/shared-config - npm Package Compare versions
+30
-4
@@ -46,4 +46,20 @@ const fs = require('node:fs'); | ||
| // | ||
| // Modeled after WildDuck and Haraka cipher lists, but | ||
| // with RSA key exchange removed (no forward secrecy). | ||
| // | ||
| // Cipher ordering: | ||
| // 1. AEAD ciphers with ECDHE (best) | ||
| // 2. AEAD ciphers with DHE (good) | ||
| // 3. CBC ciphers with ECDHE + SHA-256/SHA-384 (TLS 1.2 CBC) | ||
| // 4. CBC ciphers with DHE + SHA-256 (TLS 1.2 CBC) | ||
| // 5. CBC ciphers with ECDHE + SHA-1 (TLS 1.0/1.1 compat) | ||
| // 6. CBC ciphers with DHE + SHA-1 (TLS 1.0/1.1 compat) | ||
| // | ||
| // NOTE: RSA key exchange is still excluded (no forward secrecy). | ||
| // NOTE: 3DES is excluded (too weak, CVE-2016-2183 Sweet32). | ||
| // NOTE: ARIA is excluded (internet.nl marks as "phase out"). | ||
| // | ||
| const TLS_COMPAT_CIPHERS = [ | ||
| // AEAD ciphers first (preferred) | ||
| // === AEAD ciphers with forward secrecy (preferred) === | ||
| // ECDHE + AES-GCM | ||
| 'ECDHE-ECDSA-AES256-GCM-SHA384', | ||
@@ -53,8 +69,13 @@ 'ECDHE-RSA-AES256-GCM-SHA384', | ||
| 'ECDHE-RSA-AES128-GCM-SHA256', | ||
| // ECDHE + CHACHA20-POLY1305 | ||
| 'ECDHE-ECDSA-CHACHA20-POLY1305', | ||
| 'ECDHE-RSA-CHACHA20-POLY1305', | ||
| // DHE + AES-GCM | ||
| 'DHE-RSA-AES256-GCM-SHA384', | ||
| 'DHE-RSA-AES128-GCM-SHA256', | ||
| // DHE + CHACHA20-POLY1305 | ||
| 'DHE-RSA-CHACHA20-POLY1305', | ||
| // CBC ciphers with forward secrecy (for TLS 1.0/1.1 compat) | ||
| // === CBC ciphers with forward secrecy + SHA-256/SHA-384 MACs === | ||
| // (TLS 1.2 CBC - for clients that support TLS 1.2 but not AEAD) | ||
| 'ECDHE-ECDSA-AES256-SHA384', | ||
@@ -64,2 +85,9 @@ 'ECDHE-RSA-AES256-SHA384', | ||
| 'ECDHE-RSA-AES128-SHA256', | ||
| 'DHE-RSA-AES256-SHA256', | ||
| 'DHE-RSA-AES128-SHA256', | ||
| // === CBC ciphers with forward secrecy + SHA-1 MACs === | ||
| // (TLS 1.0/1.1 compat - for very old SMTP clients/servers) | ||
| // NOTE: SHA-1 in HMAC-SHA1 for record MAC is NOT the same as SHA-1 | ||
| // in signatures; HMAC-SHA1 is still considered secure for MAC usage. | ||
| 'ECDHE-ECDSA-AES256-SHA', | ||
@@ -69,4 +97,2 @@ 'ECDHE-RSA-AES256-SHA', | ||
| 'ECDHE-RSA-AES128-SHA', | ||
| 'DHE-RSA-AES256-SHA256', | ||
| 'DHE-RSA-AES128-SHA256', | ||
| 'DHE-RSA-AES256-SHA', | ||
@@ -73,0 +99,0 @@ 'DHE-RSA-AES128-SHA' |
+1
-1
| { | ||
| "name": "@ladjs/shared-config", | ||
| "description": "Shared configuration for Lad's API and Web servers", | ||
| "version": "10.0.0", | ||
| "version": "10.0.1", | ||
| "author": "Nick Baugh <niftylettuce@gmail.com> (http://niftylettuce.com/)", | ||
@@ -6,0 +6,0 @@ "bugs": { |
New alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 2 instances in 1 package
Fixed alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 2 instances in 1 package
Improved metrics
- Total package byte prevSize
13566
8.82%- Lines of code
253
10.48%No dependency changes