		declare function number(n: number): void;
		declare function bool(b: boolean): void;
		export declare function isBytes(a: unknown): a is Uint8Array;
		declare function bytes(b: Uint8Array \| undefined, ...lengths: number[]): void;
		@@ -10,3 +11,3 @@ type Hash = {
		};
		declare function hash(hash: Hash): void;
		declare function hash(h: Hash): void;
		declare function exists(instance: any, checkFinished?: boolean): void;
		@@ -24,1 +25,2 @@ declare function output(out: any, instance: any): void;
		export default assert;
		//# sourceMappingURL=_assert.d.ts.map

_assert.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.output = exports.exists = exports.hash = exports.bytes = exports.bool = exports.number = void 0;
		exports.output = exports.exists = exports.hash = exports.bytes = exports.bool = exports.number = exports.isBytes = void 0;
		function number(n) {
		if (!Number.isSafeInteger(n) \|\| n < 0)
		throw new Error(`Wrong positive integer: ${n}`);
		throw new Error(`positive integer expected, not ${n}`);
		}
		@@ -11,3 +11,3 @@ exports.number = number;
		if (typeof b !== 'boolean')
		throw new Error(`Expected boolean, not ${b}`);
		throw new Error(`boolean expected, not ${b}`);
		}
		@@ -20,14 +20,15 @@ exports.bool = bool;
		}
		exports.isBytes = isBytes;
		function bytes(b, ...lengths) {
		if (!isBytes(b))
		throw new Error('Expected Uint8Array');
		throw new Error('Uint8Array expected');
		if (lengths.length > 0 && !lengths.includes(b.length))
		throw new Error(`Expected Uint8Array of length ${lengths}, not of length=${b.length}`);
		throw new Error(`Uint8Array expected of length ${lengths}, not of length=${b.length}`);
		}
		exports.bytes = bytes;
		function hash(hash) {
		if (typeof hash !== 'function' \|\| typeof hash.create !== 'function')
		function hash(h) {
		if (typeof h !== 'function' \|\| typeof h.create !== 'function')
		throw new Error('Hash should be wrapped by utils.wrapConstructor');
		number(hash.outputLen);
		number(hash.blockLen);
		number(h.outputLen);
		number(h.blockLen);
		}
		@@ -34,0 +35,0 @@ exports.hash = hash;

_u64.d.ts

		@@ -55,1 +55,2 @@ declare function fromBig(n: bigint, le?: boolean): {
		export default u64;
		//# sourceMappingURL=_u64.d.ts.map

argon2.d.ts

		@@ -17,1 +17,2 @@ import { Input } from './utils.js';
		export declare const argon2id: (password: Input, salt: Input, opts: ArgonOpts) => Uint8Array;
		//# sourceMappingURL=argon2.d.ts.map

argon2.js

		@@ -39,8 +39,8 @@ "use strict";
		// Temporary block buffer
		const BUF = new Uint32Array(256);
		const A2_BUF = new Uint32Array(256);
		function G(a, b, c, d) {
		let Al = BUF[2 * a], Ah = BUF[2 * a + 1]; // prettier-ignore
		let Bl = BUF[2 * b], Bh = BUF[2 * b + 1]; // prettier-ignore
		let Cl = BUF[2 * c], Ch = BUF[2 * c + 1]; // prettier-ignore
		let Dl = BUF[2 * d], Dh = BUF[2 * d + 1]; // prettier-ignore
		let Al = A2_BUF[2 * a], Ah = A2_BUF[2 * a + 1]; // prettier-ignore
		let Bl = A2_BUF[2 * b], Bh = A2_BUF[2 * b + 1]; // prettier-ignore
		let Cl = A2_BUF[2 * c], Ch = A2_BUF[2 * c + 1]; // prettier-ignore
		let Dl = A2_BUF[2 * d], Dh = A2_BUF[2 * d + 1]; // prettier-ignore
		({ h: Ah, l: Al } = blamka(Ah, Al, Bh, Bl));
		@@ -58,6 +58,6 @@ ({ Dh, Dl } = { Dh: Dh ^ Ah, Dl: Dl ^ Al });
		({ Bh, Bl } = { Bh: (0, _u64_js_1.rotrBH)(Bh, Bl, 63), Bl: (0, _u64_js_1.rotrBL)(Bh, Bl, 63) });
		(BUF[2 * a] = Al), (BUF[2 * a + 1] = Ah);
		(BUF[2 * b] = Bl), (BUF[2 * b + 1] = Bh);
		(BUF[2 * c] = Cl), (BUF[2 * c + 1] = Ch);
		(BUF[2 * d] = Dl), (BUF[2 * d + 1] = Dh);
		(A2_BUF[2 * a] = Al), (A2_BUF[2 * a + 1] = Ah);
		(A2_BUF[2 * b] = Bl), (A2_BUF[2 * b + 1] = Bh);
		(A2_BUF[2 * c] = Cl), (A2_BUF[2 * c + 1] = Ch);
		(A2_BUF[2 * d] = Dl), (A2_BUF[2 * d + 1] = Dh);
		}
		@@ -77,3 +77,3 @@ // prettier-ignore
		for (let i = 0; i < 256; i++)
		BUF[i] = x[xPos + i] ^ x[yPos + i];
		A2_BUF[i] = x[xPos + i] ^ x[yPos + i];
		// columns
		@@ -91,6 +91,6 @@ for (let i = 0; i < 128; i += 16) {
		for (let i = 0; i < 256; i++)
		x[outPos + i] ^= BUF[i] ^ x[xPos + i] ^ x[yPos + i];
		x[outPos + i] ^= A2_BUF[i] ^ x[xPos + i] ^ x[yPos + i];
		else
		for (let i = 0; i < 256; i++)
		x[outPos + i] = BUF[i] ^ x[xPos + i] ^ x[yPos + i];
		x[outPos + i] = A2_BUF[i] ^ x[xPos + i] ^ x[yPos + i];
		}
		@@ -97,0 +97,0 @@ // Variable-Length Hash Function H'

blake2b.d.ts

		@@ -1,3 +0,3 @@
		import { BLAKE2, BlakeOpts } from './_blake2.js';
		declare class BLAKE2b extends BLAKE2<BLAKE2b> {
		import { BLAKE, BlakeOpts } from './_blake.js';
		declare class BLAKE2b extends BLAKE<BLAKE2b> {
		private v0l;
		@@ -54,1 +54,2 @@ private v0h;
		export {};
		//# sourceMappingURL=blake2b.d.ts.map

172

blake2b.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.blake2b = void 0;
		const _blake2_js_1 = require("./_blake2.js");
		const _blake_js_1 = require("./_blake.js");
		const _u64_js_1 = require("./_u64.js");
		@@ -9,3 +9,3 @@ const utils_js_1 = require("./utils.js");
		// prettier-ignore
		const IV = /* @__PURE__ */ new Uint32Array([
		const B2B_IV = /* @__PURE__ */ new Uint32Array([
		0xf3bcc908, 0x6a09e667, 0x84caa73b, 0xbb67ae85, 0xfe94f82b, 0x3c6ef372, 0x5f1d36f1, 0xa54ff53a,
		@@ -15,11 +15,11 @@ 0xade682d1, 0x510e527f, 0x2b3e6c1f, 0x9b05688c, 0xfb41bd6b, 0x1f83d9ab, 0x137e2179, 0x5be0cd19
		// Temporary buffer
		const BUF = /* @__PURE__ */ new Uint32Array(32);
		const BBUF = /* @__PURE__ */ new Uint32Array(32);
		// Mixing function G splitted in two halfs
		function G1(a, b, c, d, msg, x) {
		function G1b(a, b, c, d, msg, x) {
		// NOTE: V is LE here
		const Xl = msg[x], Xh = msg[x + 1]; // prettier-ignore
		let Al = BUF[2 * a], Ah = BUF[2 * a + 1]; // prettier-ignore
		let Bl = BUF[2 * b], Bh = BUF[2 * b + 1]; // prettier-ignore
		let Cl = BUF[2 * c], Ch = BUF[2 * c + 1]; // prettier-ignore
		let Dl = BUF[2 * d], Dh = BUF[2 * d + 1]; // prettier-ignore
		let Al = BBUF[2 * a], Ah = BBUF[2 * a + 1]; // prettier-ignore
		let Bl = BBUF[2 * b], Bh = BBUF[2 * b + 1]; // prettier-ignore
		let Cl = BBUF[2 * c], Ch = BBUF[2 * c + 1]; // prettier-ignore
		let Dl = BBUF[2 * d], Dh = BBUF[2 * d + 1]; // prettier-ignore
		// v[a] = (v[a] + v[b] + x) \| 0;
		@@ -37,14 +37,14 @@ let ll = _u64_js_1.default.add3L(Al, Bl, Xl);
		({ Bh, Bl } = { Bh: _u64_js_1.default.rotrSH(Bh, Bl, 24), Bl: _u64_js_1.default.rotrSL(Bh, Bl, 24) });
		(BUF[2 * a] = Al), (BUF[2 * a + 1] = Ah);
		(BUF[2 * b] = Bl), (BUF[2 * b + 1] = Bh);
		(BUF[2 * c] = Cl), (BUF[2 * c + 1] = Ch);
		(BUF[2 * d] = Dl), (BUF[2 * d + 1] = Dh);
		(BBUF[2 * a] = Al), (BBUF[2 * a + 1] = Ah);
		(BBUF[2 * b] = Bl), (BBUF[2 * b + 1] = Bh);
		(BBUF[2 * c] = Cl), (BBUF[2 * c + 1] = Ch);
		(BBUF[2 * d] = Dl), (BBUF[2 * d + 1] = Dh);
		}
		function G2(a, b, c, d, msg, x) {
		function G2b(a, b, c, d, msg, x) {
		// NOTE: V is LE here
		const Xl = msg[x], Xh = msg[x + 1]; // prettier-ignore
		let Al = BUF[2 * a], Ah = BUF[2 * a + 1]; // prettier-ignore
		let Bl = BUF[2 * b], Bh = BUF[2 * b + 1]; // prettier-ignore
		let Cl = BUF[2 * c], Ch = BUF[2 * c + 1]; // prettier-ignore
		let Dl = BUF[2 * d], Dh = BUF[2 * d + 1]; // prettier-ignore
		let Al = BBUF[2 * a], Ah = BBUF[2 * a + 1]; // prettier-ignore
		let Bl = BBUF[2 * b], Bh = BBUF[2 * b + 1]; // prettier-ignore
		let Cl = BBUF[2 * c], Ch = BBUF[2 * c + 1]; // prettier-ignore
		let Dl = BBUF[2 * d], Dh = BBUF[2 * d + 1]; // prettier-ignore
		// v[a] = (v[a] + v[b] + x) \| 0;
		@@ -62,27 +62,27 @@ let ll = _u64_js_1.default.add3L(Al, Bl, Xl);
		({ Bh, Bl } = { Bh: _u64_js_1.default.rotrBH(Bh, Bl, 63), Bl: _u64_js_1.default.rotrBL(Bh, Bl, 63) });
		(BUF[2 * a] = Al), (BUF[2 * a + 1] = Ah);
		(BUF[2 * b] = Bl), (BUF[2 * b + 1] = Bh);
		(BUF[2 * c] = Cl), (BUF[2 * c + 1] = Ch);
		(BUF[2 * d] = Dl), (BUF[2 * d + 1] = Dh);
		(BBUF[2 * a] = Al), (BBUF[2 * a + 1] = Ah);
		(BBUF[2 * b] = Bl), (BBUF[2 * b + 1] = Bh);
		(BBUF[2 * c] = Cl), (BBUF[2 * c + 1] = Ch);
		(BBUF[2 * d] = Dl), (BBUF[2 * d + 1] = Dh);
		}
		class BLAKE2b extends _blake2_js_1.BLAKE2 {
		class BLAKE2b extends _blake_js_1.BLAKE {
		constructor(opts = {}) {
		super(128, opts.dkLen === undefined ? 64 : opts.dkLen, opts, 64, 16, 16);
		// Same as SHA-512, but LE
		this.v0l = IV[0] \| 0;
		this.v0h = IV[1] \| 0;
		this.v1l = IV[2] \| 0;
		this.v1h = IV[3] \| 0;
		this.v2l = IV[4] \| 0;
		this.v2h = IV[5] \| 0;
		this.v3l = IV[6] \| 0;
		this.v3h = IV[7] \| 0;
		this.v4l = IV[8] \| 0;
		this.v4h = IV[9] \| 0;
		this.v5l = IV[10] \| 0;
		this.v5h = IV[11] \| 0;
		this.v6l = IV[12] \| 0;
		this.v6h = IV[13] \| 0;
		this.v7l = IV[14] \| 0;
		this.v7h = IV[15] \| 0;
		this.v0l = B2B_IV[0] \| 0;
		this.v0h = B2B_IV[1] \| 0;
		this.v1l = B2B_IV[2] \| 0;
		this.v1h = B2B_IV[3] \| 0;
		this.v2l = B2B_IV[4] \| 0;
		this.v2h = B2B_IV[5] \| 0;
		this.v3l = B2B_IV[6] \| 0;
		this.v3h = B2B_IV[7] \| 0;
		this.v4l = B2B_IV[8] \| 0;
		this.v4h = B2B_IV[9] \| 0;
		this.v5l = B2B_IV[10] \| 0;
		this.v5h = B2B_IV[11] \| 0;
		this.v6l = B2B_IV[12] \| 0;
		this.v6h = B2B_IV[13] \| 0;
		this.v7l = B2B_IV[14] \| 0;
		this.v7h = B2B_IV[15] \| 0;
		const keyLength = opts.key ? opts.key.length : 0;
		@@ -92,13 +92,13 @@ this.v0l ^= this.outputLen \| (keyLength << 8) \| (0x01 << 16) \| (0x01 << 24);
		const salt = (0, utils_js_1.u32)((0, utils_js_1.toBytes)(opts.salt));
		this.v4l ^= salt[0];
		this.v4h ^= salt[1];
		this.v5l ^= salt[2];
		this.v5h ^= salt[3];
		this.v4l ^= (0, utils_js_1.byteSwapIfBE)(salt[0]);
		this.v4h ^= (0, utils_js_1.byteSwapIfBE)(salt[1]);
		this.v5l ^= (0, utils_js_1.byteSwapIfBE)(salt[2]);
		this.v5h ^= (0, utils_js_1.byteSwapIfBE)(salt[3]);
		}
		if (opts.personalization) {
		const pers = (0, utils_js_1.u32)((0, utils_js_1.toBytes)(opts.personalization));
		this.v6l ^= pers[0];
		this.v6h ^= pers[1];
		this.v7l ^= pers[2];
		this.v7h ^= pers[3];
		this.v6l ^= (0, utils_js_1.byteSwapIfBE)(pers[0]);
		this.v6h ^= (0, utils_js_1.byteSwapIfBE)(pers[1]);
		this.v7l ^= (0, utils_js_1.byteSwapIfBE)(pers[2]);
		this.v7h ^= (0, utils_js_1.byteSwapIfBE)(pers[3]);
		}
		@@ -137,49 +137,49 @@ if (opts.key) {
		compress(msg, offset, isLast) {
		this.get().forEach((v, i) => (BUF[i] = v)); // First half from state.
		BUF.set(IV, 16); // Second half from IV.
		this.get().forEach((v, i) => (BBUF[i] = v)); // First half from state.
		BBUF.set(B2B_IV, 16); // Second half from IV.
		let { h, l } = _u64_js_1.default.fromBig(BigInt(this.length));
		BUF[24] = IV[8] ^ l; // Low word of the offset.
		BUF[25] = IV[9] ^ h; // High word.
		BBUF[24] = B2B_IV[8] ^ l; // Low word of the offset.
		BBUF[25] = B2B_IV[9] ^ h; // High word.
		// Invert all bits for last block
		if (isLast) {
		BUF[28] = ~BUF[28];
		BUF[29] = ~BUF[29];
		BBUF[28] = ~BBUF[28];
		BBUF[29] = ~BBUF[29];
		}
		let j = 0;
		const s = _blake2_js_1.SIGMA;
		const s = _blake_js_1.SIGMA;
		for (let i = 0; i < 12; i++) {
		G1(0, 4, 8, 12, msg, offset + 2 * s[j++]);
		G2(0, 4, 8, 12, msg, offset + 2 * s[j++]);
		G1(1, 5, 9, 13, msg, offset + 2 * s[j++]);
		G2(1, 5, 9, 13, msg, offset + 2 * s[j++]);
		G1(2, 6, 10, 14, msg, offset + 2 * s[j++]);
		G2(2, 6, 10, 14, msg, offset + 2 * s[j++]);
		G1(3, 7, 11, 15, msg, offset + 2 * s[j++]);
		G2(3, 7, 11, 15, msg, offset + 2 * s[j++]);
		G1(0, 5, 10, 15, msg, offset + 2 * s[j++]);
		G2(0, 5, 10, 15, msg, offset + 2 * s[j++]);
		G1(1, 6, 11, 12, msg, offset + 2 * s[j++]);
		G2(1, 6, 11, 12, msg, offset + 2 * s[j++]);
		G1(2, 7, 8, 13, msg, offset + 2 * s[j++]);
		G2(2, 7, 8, 13, msg, offset + 2 * s[j++]);
		G1(3, 4, 9, 14, msg, offset + 2 * s[j++]);
		G2(3, 4, 9, 14, msg, offset + 2 * s[j++]);
		G1b(0, 4, 8, 12, msg, offset + 2 * s[j++]);
		G2b(0, 4, 8, 12, msg, offset + 2 * s[j++]);
		G1b(1, 5, 9, 13, msg, offset + 2 * s[j++]);
		G2b(1, 5, 9, 13, msg, offset + 2 * s[j++]);
		G1b(2, 6, 10, 14, msg, offset + 2 * s[j++]);
		G2b(2, 6, 10, 14, msg, offset + 2 * s[j++]);
		G1b(3, 7, 11, 15, msg, offset + 2 * s[j++]);
		G2b(3, 7, 11, 15, msg, offset + 2 * s[j++]);
		G1b(0, 5, 10, 15, msg, offset + 2 * s[j++]);
		G2b(0, 5, 10, 15, msg, offset + 2 * s[j++]);
		G1b(1, 6, 11, 12, msg, offset + 2 * s[j++]);
		G2b(1, 6, 11, 12, msg, offset + 2 * s[j++]);
		G1b(2, 7, 8, 13, msg, offset + 2 * s[j++]);
		G2b(2, 7, 8, 13, msg, offset + 2 * s[j++]);
		G1b(3, 4, 9, 14, msg, offset + 2 * s[j++]);
		G2b(3, 4, 9, 14, msg, offset + 2 * s[j++]);
		}
		this.v0l ^= BUF[0] ^ BUF[16];
		this.v0h ^= BUF[1] ^ BUF[17];
		this.v1l ^= BUF[2] ^ BUF[18];
		this.v1h ^= BUF[3] ^ BUF[19];
		this.v2l ^= BUF[4] ^ BUF[20];
		this.v2h ^= BUF[5] ^ BUF[21];
		this.v3l ^= BUF[6] ^ BUF[22];
		this.v3h ^= BUF[7] ^ BUF[23];
		this.v4l ^= BUF[8] ^ BUF[24];
		this.v4h ^= BUF[9] ^ BUF[25];
		this.v5l ^= BUF[10] ^ BUF[26];
		this.v5h ^= BUF[11] ^ BUF[27];
		this.v6l ^= BUF[12] ^ BUF[28];
		this.v6h ^= BUF[13] ^ BUF[29];
		this.v7l ^= BUF[14] ^ BUF[30];
		this.v7h ^= BUF[15] ^ BUF[31];
		BUF.fill(0);
		this.v0l ^= BBUF[0] ^ BBUF[16];
		this.v0h ^= BBUF[1] ^ BBUF[17];
		this.v1l ^= BBUF[2] ^ BBUF[18];
		this.v1h ^= BBUF[3] ^ BBUF[19];
		this.v2l ^= BBUF[4] ^ BBUF[20];
		this.v2h ^= BBUF[5] ^ BBUF[21];
		this.v3l ^= BBUF[6] ^ BBUF[22];
		this.v3h ^= BBUF[7] ^ BBUF[23];
		this.v4l ^= BBUF[8] ^ BBUF[24];
		this.v4h ^= BBUF[9] ^ BBUF[25];
		this.v5l ^= BBUF[10] ^ BBUF[26];
		this.v5h ^= BBUF[11] ^ BBUF[27];
		this.v6l ^= BBUF[12] ^ BBUF[28];
		this.v6h ^= BBUF[13] ^ BBUF[29];
		this.v7l ^= BBUF[14] ^ BBUF[30];
		this.v7h ^= BBUF[15] ^ BBUF[31];
		BBUF.fill(0);
		}
		@@ -186,0 +186,0 @@ destroy() {

blake2s.d.ts

		@@ -1,3 +0,3 @@
		import { BLAKE2, BlakeOpts } from './_blake2.js';
		export declare const IV: Uint32Array;
		import { BLAKE, BlakeOpts } from './_blake.js';
		export declare const B2S_IV: Uint32Array;
		export declare function compress(s: Uint8Array, offset: number, msg: Uint32Array, rounds: number, v0: number, v1: number, v2: number, v3: number, v4: number, v5: number, v6: number, v7: number, v8: number, v9: number, v10: number, v11: number, v12: number, v13: number, v14: number, v15: number): {
		@@ -21,3 +21,3 @@ v0: number;
		};
		declare class BLAKE2s extends BLAKE2<BLAKE2s> {
		declare class BLAKE2s extends BLAKE<BLAKE2s> {
		private v0;
		@@ -49,1 +49,2 @@ private v1;
		export {};
		//# sourceMappingURL=blake2s.d.ts.map

blake2s.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.blake2s = exports.compress = exports.IV = void 0;
		const _blake2_js_1 = require("./_blake2.js");
		exports.blake2s = exports.compress = exports.B2S_IV = void 0;
		const _blake_js_1 = require("./_blake.js");
		const _u64_js_1 = require("./_u64.js");
		const utils_js_1 = require("./utils.js");
		// Initial state:
		// first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19)
		// same as SHA-256
		// Initial state: same as SHA256
		// first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19
		// prettier-ignore
		exports.IV = new Uint32Array([0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19]);
		exports.B2S_IV = new Uint32Array([
		0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
		]);
		// Mixing function G splitted in two halfs
		function G1(a, b, c, d, x) {
		function G1s(a, b, c, d, x) {
		a = (a + b + x) \| 0;
		@@ -20,3 +21,3 @@ d = (0, utils_js_1.rotr)(d ^ a, 16);
		}
		function G2(a, b, c, d, x) {
		function G2s(a, b, c, d, x) {
		a = (a + b + x) \| 0;
		@@ -32,18 +33,18 @@ d = (0, utils_js_1.rotr)(d ^ a, 8);
		for (let i = 0; i < rounds; i++) {
		({ a: v0, b: v4, c: v8, d: v12 } = G1(v0, v4, v8, v12, msg[offset + s[j++]]));
		({ a: v0, b: v4, c: v8, d: v12 } = G2(v0, v4, v8, v12, msg[offset + s[j++]]));
		({ a: v1, b: v5, c: v9, d: v13 } = G1(v1, v5, v9, v13, msg[offset + s[j++]]));
		({ a: v1, b: v5, c: v9, d: v13 } = G2(v1, v5, v9, v13, msg[offset + s[j++]]));
		({ a: v2, b: v6, c: v10, d: v14 } = G1(v2, v6, v10, v14, msg[offset + s[j++]]));
		({ a: v2, b: v6, c: v10, d: v14 } = G2(v2, v6, v10, v14, msg[offset + s[j++]]));
		({ a: v3, b: v7, c: v11, d: v15 } = G1(v3, v7, v11, v15, msg[offset + s[j++]]));
		({ a: v3, b: v7, c: v11, d: v15 } = G2(v3, v7, v11, v15, msg[offset + s[j++]]));
		({ a: v0, b: v5, c: v10, d: v15 } = G1(v0, v5, v10, v15, msg[offset + s[j++]]));
		({ a: v0, b: v5, c: v10, d: v15 } = G2(v0, v5, v10, v15, msg[offset + s[j++]]));
		({ a: v1, b: v6, c: v11, d: v12 } = G1(v1, v6, v11, v12, msg[offset + s[j++]]));
		({ a: v1, b: v6, c: v11, d: v12 } = G2(v1, v6, v11, v12, msg[offset + s[j++]]));
		({ a: v2, b: v7, c: v8, d: v13 } = G1(v2, v7, v8, v13, msg[offset + s[j++]]));
		({ a: v2, b: v7, c: v8, d: v13 } = G2(v2, v7, v8, v13, msg[offset + s[j++]]));
		({ a: v3, b: v4, c: v9, d: v14 } = G1(v3, v4, v9, v14, msg[offset + s[j++]]));
		({ a: v3, b: v4, c: v9, d: v14 } = G2(v3, v4, v9, v14, msg[offset + s[j++]]));
		({ a: v0, b: v4, c: v8, d: v12 } = G1s(v0, v4, v8, v12, msg[offset + s[j++]]));
		({ a: v0, b: v4, c: v8, d: v12 } = G2s(v0, v4, v8, v12, msg[offset + s[j++]]));
		({ a: v1, b: v5, c: v9, d: v13 } = G1s(v1, v5, v9, v13, msg[offset + s[j++]]));
		({ a: v1, b: v5, c: v9, d: v13 } = G2s(v1, v5, v9, v13, msg[offset + s[j++]]));
		({ a: v2, b: v6, c: v10, d: v14 } = G1s(v2, v6, v10, v14, msg[offset + s[j++]]));
		({ a: v2, b: v6, c: v10, d: v14 } = G2s(v2, v6, v10, v14, msg[offset + s[j++]]));
		({ a: v3, b: v7, c: v11, d: v15 } = G1s(v3, v7, v11, v15, msg[offset + s[j++]]));
		({ a: v3, b: v7, c: v11, d: v15 } = G2s(v3, v7, v11, v15, msg[offset + s[j++]]));
		({ a: v0, b: v5, c: v10, d: v15 } = G1s(v0, v5, v10, v15, msg[offset + s[j++]]));
		({ a: v0, b: v5, c: v10, d: v15 } = G2s(v0, v5, v10, v15, msg[offset + s[j++]]));
		({ a: v1, b: v6, c: v11, d: v12 } = G1s(v1, v6, v11, v12, msg[offset + s[j++]]));
		({ a: v1, b: v6, c: v11, d: v12 } = G2s(v1, v6, v11, v12, msg[offset + s[j++]]));
		({ a: v2, b: v7, c: v8, d: v13 } = G1s(v2, v7, v8, v13, msg[offset + s[j++]]));
		({ a: v2, b: v7, c: v8, d: v13 } = G2s(v2, v7, v8, v13, msg[offset + s[j++]]));
		({ a: v3, b: v4, c: v9, d: v14 } = G1s(v3, v4, v9, v14, msg[offset + s[j++]]));
		({ a: v3, b: v4, c: v9, d: v14 } = G2s(v3, v4, v9, v14, msg[offset + s[j++]]));
		}
		@@ -53,14 +54,14 @@ return { v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15 };
		exports.compress = compress;
		class BLAKE2s extends _blake2_js_1.BLAKE2 {
		class BLAKE2s extends _blake_js_1.BLAKE {
		constructor(opts = {}) {
		super(64, opts.dkLen === undefined ? 32 : opts.dkLen, opts, 32, 8, 8);
		// Internal state, same as SHA-256
		this.v0 = exports.IV[0] \| 0;
		this.v1 = exports.IV[1] \| 0;
		this.v2 = exports.IV[2] \| 0;
		this.v3 = exports.IV[3] \| 0;
		this.v4 = exports.IV[4] \| 0;
		this.v5 = exports.IV[5] \| 0;
		this.v6 = exports.IV[6] \| 0;
		this.v7 = exports.IV[7] \| 0;
		this.v0 = exports.B2S_IV[0] \| 0;
		this.v1 = exports.B2S_IV[1] \| 0;
		this.v2 = exports.B2S_IV[2] \| 0;
		this.v3 = exports.B2S_IV[3] \| 0;
		this.v4 = exports.B2S_IV[4] \| 0;
		this.v5 = exports.B2S_IV[5] \| 0;
		this.v6 = exports.B2S_IV[6] \| 0;
		this.v7 = exports.B2S_IV[7] \| 0;
		const keyLength = opts.key ? opts.key.length : 0;
		@@ -70,9 +71,9 @@ this.v0 ^= this.outputLen \| (keyLength << 8) \| (0x01 << 16) \| (0x01 << 24);
		const salt = (0, utils_js_1.u32)((0, utils_js_1.toBytes)(opts.salt));
		this.v4 ^= salt[0];
		this.v5 ^= salt[1];
		this.v4 ^= (0, utils_js_1.byteSwapIfBE)(salt[0]);
		this.v5 ^= (0, utils_js_1.byteSwapIfBE)(salt[1]);
		}
		if (opts.personalization) {
		const pers = (0, utils_js_1.u32)((0, utils_js_1.toBytes)(opts.personalization));
		this.v6 ^= pers[0];
		this.v7 ^= pers[1];
		this.v6 ^= (0, utils_js_1.byteSwapIfBE)(pers[0]);
		this.v7 ^= (0, utils_js_1.byteSwapIfBE)(pers[1]);
		}
		@@ -104,3 +105,3 @@ if (opts.key) {
		// prettier-ignore
		const { v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15 } = compress(_blake2_js_1.SIGMA, offset, msg, 10, this.v0, this.v1, this.v2, this.v3, this.v4, this.v5, this.v6, this.v7, exports.IV[0], exports.IV[1], exports.IV[2], exports.IV[3], l ^ exports.IV[4], h ^ exports.IV[5], isLast ? ~exports.IV[6] : exports.IV[6], exports.IV[7]);
		const { v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15 } = compress(_blake_js_1.SIGMA, offset, msg, 10, this.v0, this.v1, this.v2, this.v3, this.v4, this.v5, this.v6, this.v7, exports.B2S_IV[0], exports.B2S_IV[1], exports.B2S_IV[2], exports.B2S_IV[3], l ^ exports.B2S_IV[4], h ^ exports.B2S_IV[5], isLast ? ~exports.B2S_IV[6] : exports.B2S_IV[6], exports.B2S_IV[7]);
		this.v0 ^= v0 ^ v8;
		@@ -107,0 +108,0 @@ this.v1 ^= v1 ^ v9;

blake3.d.ts

		@@ -1,2 +0,2 @@
		import { BLAKE2 } from './_blake2.js';
		import { BLAKE } from './_blake.js';
		import { Input, HashXOF } from './utils.js';
		@@ -8,3 +8,3 @@ export type Blake3Opts = {
		};
		declare class BLAKE3 extends BLAKE2<BLAKE3> implements HashXOF<BLAKE3> {
		declare class BLAKE3 extends BLAKE<BLAKE3> implements HashXOF<BLAKE3> {
		private IV;
		@@ -48,1 +48,2 @@ private flags;
		export {};
		//# sourceMappingURL=blake3.d.ts.map

blake3.js

		@@ -6,3 +6,3 @@ "use strict";
		const _u64_js_1 = require("./_u64.js");
		const _blake2_js_1 = require("./_blake2.js");
		const _blake_js_1 = require("./_blake.js");
		const blake2s_js_1 = require("./blake2s.js");
		@@ -26,3 +26,3 @@ const utils_js_1 = require("./utils.js");
		// which won't really benefit small inputs.
		class BLAKE3 extends _blake2_js_1.BLAKE2 {
		class BLAKE3 extends _blake_js_1.BLAKE {
		constructor(opts = {}, flags = 0) {
		@@ -48,13 +48,17 @@ super(64, opts.dkLen === undefined ? 32 : opts.dkLen, {}, Number.MAX_SAFE_INTEGER, 0, 0);
		this.IV = (0, utils_js_1.u32)(key);
		this.flags = flags \| 16 /* Flags.KEYED_HASH */;
		if (!utils_js_1.isLE)
		(0, utils_js_1.byteSwap32)(this.IV);
		this.flags = flags \| 16 /* B3_Flags.KEYED_HASH */;
		}
		else if (opts.context !== undefined) {
		const context_key = new BLAKE3({ dkLen: 32 }, 32 /* Flags.DERIVE_KEY_CONTEXT */)
		const context_key = new BLAKE3({ dkLen: 32 }, 32 /* B3_Flags.DERIVE_KEY_CONTEXT */)
		.update(opts.context)
		.digest();
		this.IV = (0, utils_js_1.u32)(context_key);
		this.flags = flags \| 64 /* Flags.DERIVE_KEY_MATERIAL */;
		if (!utils_js_1.isLE)
		(0, utils_js_1.byteSwap32)(this.IV);
		this.flags = flags \| 64 /* B3_Flags.DERIVE_KEY_MATERIAL */;
		}
		else {
		this.IV = blake2s_js_1.IV.slice();
		this.IV = blake2s_js_1.B2S_IV.slice();
		this.flags = flags;
		@@ -74,3 +78,3 @@ }
		// prettier-ignore
		const { v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15 } = (0, blake2s_js_1.compress)(SIGMA, bufPos, buf, 7, s[0], s[1], s[2], s[3], s[4], s[5], s[6], s[7], blake2s_js_1.IV[0], blake2s_js_1.IV[1], blake2s_js_1.IV[2], blake2s_js_1.IV[3], h, l, pos, flags);
		const { v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15 } = (0, blake2s_js_1.compress)(SIGMA, bufPos, buf, 7, s[0], s[1], s[2], s[3], s[4], s[5], s[6], s[7], blake2s_js_1.B2S_IV[0], blake2s_js_1.B2S_IV[1], blake2s_js_1.B2S_IV[2], blake2s_js_1.B2S_IV[3], h, l, pos, flags);
		s[0] = v0 ^ v8;
		@@ -89,5 +93,5 @@ s[1] = v1 ^ v9;
		if (!this.chunkPos)
		flags \|= 1 /* Flags.CHUNK_START */;
		flags \|= 1 /* B3_Flags.CHUNK_START */;
		if (this.chunkPos === 15 \|\| isLast)
		flags \|= 2 /* Flags.CHUNK_END */;
		flags \|= 2 /* B3_Flags.CHUNK_END */;
		if (!isLast)
		@@ -113,3 +117,3 @@ this.pos = this.blockLen;
		this.pos = this.blockLen;
		this.b2Compress(0, this.flags \| 4 /* Flags.PARENT */, this.buffer32, 0);
		this.b2Compress(0, this.flags \| 4 /* B3_Flags.PARENT */, this.buffer32, 0);
		chunk = this.state;
		@@ -152,4 +156,6 @@ this.state = this.IV.slice();
		const { h, l } = (0, _u64_js_1.fromBig)(BigInt(this.chunkOut++));
		if (!utils_js_1.isLE)
		(0, utils_js_1.byteSwap32)(buffer32);
		// prettier-ignore
		const { v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15 } = (0, blake2s_js_1.compress)(SIGMA, 0, buffer32, 7, s[0], s[1], s[2], s[3], s[4], s[5], s[6], s[7], blake2s_js_1.IV[0], blake2s_js_1.IV[1], blake2s_js_1.IV[2], blake2s_js_1.IV[3], l, h, pos, flags);
		const { v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15 } = (0, blake2s_js_1.compress)(SIGMA, 0, buffer32, 7, s[0], s[1], s[2], s[3], s[4], s[5], s[6], s[7], blake2s_js_1.B2S_IV[0], blake2s_js_1.B2S_IV[1], blake2s_js_1.B2S_IV[2], blake2s_js_1.B2S_IV[3], l, h, pos, flags);
		out32[0] = v0 ^ v8;
		@@ -171,2 +177,6 @@ out32[1] = v1 ^ v9;
		out32[15] = s[7] ^ v15;
		if (!utils_js_1.isLE) {
		(0, utils_js_1.byteSwap32)(buffer32);
		(0, utils_js_1.byteSwap32)(out32);
		}
		this.posOut = 0;
		@@ -181,6 +191,10 @@ }
		// Process last chunk
		let flags = this.flags \| 8 /* Flags.ROOT */;
		let flags = this.flags \| 8 /* B3_Flags.ROOT */;
		if (this.stack.length) {
		flags \|= 4 /* Flags.PARENT */;
		flags \|= 4 /* B3_Flags.PARENT */;
		if (!utils_js_1.isLE)
		(0, utils_js_1.byteSwap32)(this.buffer32);
		this.compress(this.buffer32, 0, true);
		if (!utils_js_1.isLE)
		(0, utils_js_1.byteSwap32)(this.buffer32);
		this.chunksDone = 0;
		@@ -190,3 +204,3 @@ this.pos = this.blockLen;
		else {
		flags \|= (!this.chunkPos ? 1 /* Flags.CHUNK_START / : 0) \| 2 / Flags.CHUNK_END */;
		flags \|= (!this.chunkPos ? 1 /* B3_Flags.CHUNK_START / : 0) \| 2 / B3_Flags.CHUNK_END */;
		}
		@@ -193,0 +207,0 @@ this.flags = flags;

crypto.d.ts

		export declare const crypto: any;
		//# sourceMappingURL=crypto.d.ts.map

cryptoNode.d.ts

		export declare const crypto: any;
		//# sourceMappingURL=cryptoNode.d.ts.map

eskdf.d.ts

		@@ -47,1 +47,2 @@ export declare function scrypt(password: string, salt: string): Uint8Array;
		export {};
		//# sourceMappingURL=eskdf.d.ts.map

esm/_assert.js

		function number(n) {
		if (!Number.isSafeInteger(n) \|\| n < 0)
		throw new Error(`Wrong positive integer: ${n}`);
		throw new Error(`positive integer expected, not ${n}`);
		}
		function bool(b) {
		if (typeof b !== 'boolean')
		throw new Error(`Expected boolean, not ${b}`);
		throw new Error(`boolean expected, not ${b}`);
		}
		// copied from utils
		function isBytes(a) {
		export function isBytes(a) {
		return (a instanceof Uint8Array \|\|
		@@ -16,11 +16,11 @@ (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array'));
		if (!isBytes(b))
		throw new Error('Expected Uint8Array');
		throw new Error('Uint8Array expected');
		if (lengths.length > 0 && !lengths.includes(b.length))
		throw new Error(`Expected Uint8Array of length ${lengths}, not of length=${b.length}`);
		throw new Error(`Uint8Array expected of length ${lengths}, not of length=${b.length}`);
		}
		function hash(hash) {
		if (typeof hash !== 'function' \|\| typeof hash.create !== 'function')
		function hash(h) {
		if (typeof h !== 'function' \|\| typeof h.create !== 'function')
		throw new Error('Hash should be wrapped by utils.wrapConstructor');
		number(hash.outputLen);
		number(hash.blockLen);
		number(h.outputLen);
		number(h.blockLen);
		}
		@@ -27,0 +27,0 @@ function exists(instance, checkFinished = true) {

esm/argon2.js

		@@ -36,8 +36,8 @@ import { number as assertNumber } from './_assert.js';
		// Temporary block buffer
		const BUF = new Uint32Array(256);
		const A2_BUF = new Uint32Array(256);
		function G(a, b, c, d) {
		let Al = BUF[2 * a], Ah = BUF[2 * a + 1]; // prettier-ignore
		let Bl = BUF[2 * b], Bh = BUF[2 * b + 1]; // prettier-ignore
		let Cl = BUF[2 * c], Ch = BUF[2 * c + 1]; // prettier-ignore
		let Dl = BUF[2 * d], Dh = BUF[2 * d + 1]; // prettier-ignore
		let Al = A2_BUF[2 * a], Ah = A2_BUF[2 * a + 1]; // prettier-ignore
		let Bl = A2_BUF[2 * b], Bh = A2_BUF[2 * b + 1]; // prettier-ignore
		let Cl = A2_BUF[2 * c], Ch = A2_BUF[2 * c + 1]; // prettier-ignore
		let Dl = A2_BUF[2 * d], Dh = A2_BUF[2 * d + 1]; // prettier-ignore
		({ h: Ah, l: Al } = blamka(Ah, Al, Bh, Bl));
		@@ -55,6 +55,6 @@ ({ Dh, Dl } = { Dh: Dh ^ Ah, Dl: Dl ^ Al });
		({ Bh, Bl } = { Bh: rotrBH(Bh, Bl, 63), Bl: rotrBL(Bh, Bl, 63) });
		(BUF[2 * a] = Al), (BUF[2 * a + 1] = Ah);
		(BUF[2 * b] = Bl), (BUF[2 * b + 1] = Bh);
		(BUF[2 * c] = Cl), (BUF[2 * c + 1] = Ch);
		(BUF[2 * d] = Dl), (BUF[2 * d + 1] = Dh);
		(A2_BUF[2 * a] = Al), (A2_BUF[2 * a + 1] = Ah);
		(A2_BUF[2 * b] = Bl), (A2_BUF[2 * b + 1] = Bh);
		(A2_BUF[2 * c] = Cl), (A2_BUF[2 * c + 1] = Ch);
		(A2_BUF[2 * d] = Dl), (A2_BUF[2 * d + 1] = Dh);
		}
		@@ -74,3 +74,3 @@ // prettier-ignore
		for (let i = 0; i < 256; i++)
		BUF[i] = x[xPos + i] ^ x[yPos + i];
		A2_BUF[i] = x[xPos + i] ^ x[yPos + i];
		// columns
		@@ -88,6 +88,6 @@ for (let i = 0; i < 128; i += 16) {
		for (let i = 0; i < 256; i++)
		x[outPos + i] ^= BUF[i] ^ x[xPos + i] ^ x[yPos + i];
		x[outPos + i] ^= A2_BUF[i] ^ x[xPos + i] ^ x[yPos + i];
		else
		for (let i = 0; i < 256; i++)
		x[outPos + i] = BUF[i] ^ x[xPos + i] ^ x[yPos + i];
		x[outPos + i] = A2_BUF[i] ^ x[xPos + i] ^ x[yPos + i];
		}
		@@ -94,0 +94,0 @@ // Variable-Length Hash Function H'

172

esm/blake2b.js

		@@ -1,7 +0,7 @@
		import { BLAKE2, SIGMA } from './_blake2.js';
		import { BLAKE, SIGMA } from './_blake.js';
		import u64 from './_u64.js';
		import { toBytes, u32, wrapConstructorWithOpts } from './utils.js';
		import { toBytes, u32, wrapConstructorWithOpts, byteSwapIfBE } from './utils.js';
		// Same as SHA-512 but LE
		// prettier-ignore
		const IV = /* @__PURE__ */ new Uint32Array([
		const B2B_IV = /* @__PURE__ */ new Uint32Array([
		0xf3bcc908, 0x6a09e667, 0x84caa73b, 0xbb67ae85, 0xfe94f82b, 0x3c6ef372, 0x5f1d36f1, 0xa54ff53a,
		@@ -11,11 +11,11 @@ 0xade682d1, 0x510e527f, 0x2b3e6c1f, 0x9b05688c, 0xfb41bd6b, 0x1f83d9ab, 0x137e2179, 0x5be0cd19
		// Temporary buffer
		const BUF = /* @__PURE__ */ new Uint32Array(32);
		const BBUF = /* @__PURE__ */ new Uint32Array(32);
		// Mixing function G splitted in two halfs
		function G1(a, b, c, d, msg, x) {
		function G1b(a, b, c, d, msg, x) {
		// NOTE: V is LE here
		const Xl = msg[x], Xh = msg[x + 1]; // prettier-ignore
		let Al = BUF[2 * a], Ah = BUF[2 * a + 1]; // prettier-ignore
		let Bl = BUF[2 * b], Bh = BUF[2 * b + 1]; // prettier-ignore
		let Cl = BUF[2 * c], Ch = BUF[2 * c + 1]; // prettier-ignore
		let Dl = BUF[2 * d], Dh = BUF[2 * d + 1]; // prettier-ignore
		let Al = BBUF[2 * a], Ah = BBUF[2 * a + 1]; // prettier-ignore
		let Bl = BBUF[2 * b], Bh = BBUF[2 * b + 1]; // prettier-ignore
		let Cl = BBUF[2 * c], Ch = BBUF[2 * c + 1]; // prettier-ignore
		let Dl = BBUF[2 * d], Dh = BBUF[2 * d + 1]; // prettier-ignore
		// v[a] = (v[a] + v[b] + x) \| 0;
		@@ -33,14 +33,14 @@ let ll = u64.add3L(Al, Bl, Xl);
		({ Bh, Bl } = { Bh: u64.rotrSH(Bh, Bl, 24), Bl: u64.rotrSL(Bh, Bl, 24) });
		(BUF[2 * a] = Al), (BUF[2 * a + 1] = Ah);
		(BUF[2 * b] = Bl), (BUF[2 * b + 1] = Bh);
		(BUF[2 * c] = Cl), (BUF[2 * c + 1] = Ch);
		(BUF[2 * d] = Dl), (BUF[2 * d + 1] = Dh);
		(BBUF[2 * a] = Al), (BBUF[2 * a + 1] = Ah);
		(BBUF[2 * b] = Bl), (BBUF[2 * b + 1] = Bh);
		(BBUF[2 * c] = Cl), (BBUF[2 * c + 1] = Ch);
		(BBUF[2 * d] = Dl), (BBUF[2 * d + 1] = Dh);
		}
		function G2(a, b, c, d, msg, x) {
		function G2b(a, b, c, d, msg, x) {
		// NOTE: V is LE here
		const Xl = msg[x], Xh = msg[x + 1]; // prettier-ignore
		let Al = BUF[2 * a], Ah = BUF[2 * a + 1]; // prettier-ignore
		let Bl = BUF[2 * b], Bh = BUF[2 * b + 1]; // prettier-ignore
		let Cl = BUF[2 * c], Ch = BUF[2 * c + 1]; // prettier-ignore
		let Dl = BUF[2 * d], Dh = BUF[2 * d + 1]; // prettier-ignore
		let Al = BBUF[2 * a], Ah = BBUF[2 * a + 1]; // prettier-ignore
		let Bl = BBUF[2 * b], Bh = BBUF[2 * b + 1]; // prettier-ignore
		let Cl = BBUF[2 * c], Ch = BBUF[2 * c + 1]; // prettier-ignore
		let Dl = BBUF[2 * d], Dh = BBUF[2 * d + 1]; // prettier-ignore
		// v[a] = (v[a] + v[b] + x) \| 0;
		@@ -58,27 +58,27 @@ let ll = u64.add3L(Al, Bl, Xl);
		({ Bh, Bl } = { Bh: u64.rotrBH(Bh, Bl, 63), Bl: u64.rotrBL(Bh, Bl, 63) });
		(BUF[2 * a] = Al), (BUF[2 * a + 1] = Ah);
		(BUF[2 * b] = Bl), (BUF[2 * b + 1] = Bh);
		(BUF[2 * c] = Cl), (BUF[2 * c + 1] = Ch);
		(BUF[2 * d] = Dl), (BUF[2 * d + 1] = Dh);
		(BBUF[2 * a] = Al), (BBUF[2 * a + 1] = Ah);
		(BBUF[2 * b] = Bl), (BBUF[2 * b + 1] = Bh);
		(BBUF[2 * c] = Cl), (BBUF[2 * c + 1] = Ch);
		(BBUF[2 * d] = Dl), (BBUF[2 * d + 1] = Dh);
		}
		class BLAKE2b extends BLAKE2 {
		class BLAKE2b extends BLAKE {
		constructor(opts = {}) {
		super(128, opts.dkLen === undefined ? 64 : opts.dkLen, opts, 64, 16, 16);
		// Same as SHA-512, but LE
		this.v0l = IV[0] \| 0;
		this.v0h = IV[1] \| 0;
		this.v1l = IV[2] \| 0;
		this.v1h = IV[3] \| 0;
		this.v2l = IV[4] \| 0;
		this.v2h = IV[5] \| 0;
		this.v3l = IV[6] \| 0;
		this.v3h = IV[7] \| 0;
		this.v4l = IV[8] \| 0;
		this.v4h = IV[9] \| 0;
		this.v5l = IV[10] \| 0;
		this.v5h = IV[11] \| 0;
		this.v6l = IV[12] \| 0;
		this.v6h = IV[13] \| 0;
		this.v7l = IV[14] \| 0;
		this.v7h = IV[15] \| 0;
		this.v0l = B2B_IV[0] \| 0;
		this.v0h = B2B_IV[1] \| 0;
		this.v1l = B2B_IV[2] \| 0;
		this.v1h = B2B_IV[3] \| 0;
		this.v2l = B2B_IV[4] \| 0;
		this.v2h = B2B_IV[5] \| 0;
		this.v3l = B2B_IV[6] \| 0;
		this.v3h = B2B_IV[7] \| 0;
		this.v4l = B2B_IV[8] \| 0;
		this.v4h = B2B_IV[9] \| 0;
		this.v5l = B2B_IV[10] \| 0;
		this.v5h = B2B_IV[11] \| 0;
		this.v6l = B2B_IV[12] \| 0;
		this.v6h = B2B_IV[13] \| 0;
		this.v7l = B2B_IV[14] \| 0;
		this.v7h = B2B_IV[15] \| 0;
		const keyLength = opts.key ? opts.key.length : 0;
		@@ -88,13 +88,13 @@ this.v0l ^= this.outputLen \| (keyLength << 8) \| (0x01 << 16) \| (0x01 << 24);
		const salt = u32(toBytes(opts.salt));
		this.v4l ^= salt[0];
		this.v4h ^= salt[1];
		this.v5l ^= salt[2];
		this.v5h ^= salt[3];
		this.v4l ^= byteSwapIfBE(salt[0]);
		this.v4h ^= byteSwapIfBE(salt[1]);
		this.v5l ^= byteSwapIfBE(salt[2]);
		this.v5h ^= byteSwapIfBE(salt[3]);
		}
		if (opts.personalization) {
		const pers = u32(toBytes(opts.personalization));
		this.v6l ^= pers[0];
		this.v6h ^= pers[1];
		this.v7l ^= pers[2];
		this.v7h ^= pers[3];
		this.v6l ^= byteSwapIfBE(pers[0]);
		this.v6h ^= byteSwapIfBE(pers[1]);
		this.v7l ^= byteSwapIfBE(pers[2]);
		this.v7h ^= byteSwapIfBE(pers[3]);
		}
		@@ -133,11 +133,11 @@ if (opts.key) {
		compress(msg, offset, isLast) {
		this.get().forEach((v, i) => (BUF[i] = v)); // First half from state.
		BUF.set(IV, 16); // Second half from IV.
		this.get().forEach((v, i) => (BBUF[i] = v)); // First half from state.
		BBUF.set(B2B_IV, 16); // Second half from IV.
		let { h, l } = u64.fromBig(BigInt(this.length));
		BUF[24] = IV[8] ^ l; // Low word of the offset.
		BUF[25] = IV[9] ^ h; // High word.
		BBUF[24] = B2B_IV[8] ^ l; // Low word of the offset.
		BBUF[25] = B2B_IV[9] ^ h; // High word.
		// Invert all bits for last block
		if (isLast) {
		BUF[28] = ~BUF[28];
		BUF[29] = ~BUF[29];
		BBUF[28] = ~BBUF[28];
		BBUF[29] = ~BBUF[29];
		}
		@@ -147,36 +147,36 @@ let j = 0;
		for (let i = 0; i < 12; i++) {
		G1(0, 4, 8, 12, msg, offset + 2 * s[j++]);
		G2(0, 4, 8, 12, msg, offset + 2 * s[j++]);
		G1(1, 5, 9, 13, msg, offset + 2 * s[j++]);
		G2(1, 5, 9, 13, msg, offset + 2 * s[j++]);
		G1(2, 6, 10, 14, msg, offset + 2 * s[j++]);
		G2(2, 6, 10, 14, msg, offset + 2 * s[j++]);
		G1(3, 7, 11, 15, msg, offset + 2 * s[j++]);
		G2(3, 7, 11, 15, msg, offset + 2 * s[j++]);
		G1(0, 5, 10, 15, msg, offset + 2 * s[j++]);
		G2(0, 5, 10, 15, msg, offset + 2 * s[j++]);
		G1(1, 6, 11, 12, msg, offset + 2 * s[j++]);
		G2(1, 6, 11, 12, msg, offset + 2 * s[j++]);
		G1(2, 7, 8, 13, msg, offset + 2 * s[j++]);
		G2(2, 7, 8, 13, msg, offset + 2 * s[j++]);
		G1(3, 4, 9, 14, msg, offset + 2 * s[j++]);
		G2(3, 4, 9, 14, msg, offset + 2 * s[j++]);
		G1b(0, 4, 8, 12, msg, offset + 2 * s[j++]);
		G2b(0, 4, 8, 12, msg, offset + 2 * s[j++]);
		G1b(1, 5, 9, 13, msg, offset + 2 * s[j++]);
		G2b(1, 5, 9, 13, msg, offset + 2 * s[j++]);
		G1b(2, 6, 10, 14, msg, offset + 2 * s[j++]);
		G2b(2, 6, 10, 14, msg, offset + 2 * s[j++]);
		G1b(3, 7, 11, 15, msg, offset + 2 * s[j++]);
		G2b(3, 7, 11, 15, msg, offset + 2 * s[j++]);
		G1b(0, 5, 10, 15, msg, offset + 2 * s[j++]);
		G2b(0, 5, 10, 15, msg, offset + 2 * s[j++]);
		G1b(1, 6, 11, 12, msg, offset + 2 * s[j++]);
		G2b(1, 6, 11, 12, msg, offset + 2 * s[j++]);
		G1b(2, 7, 8, 13, msg, offset + 2 * s[j++]);
		G2b(2, 7, 8, 13, msg, offset + 2 * s[j++]);
		G1b(3, 4, 9, 14, msg, offset + 2 * s[j++]);
		G2b(3, 4, 9, 14, msg, offset + 2 * s[j++]);
		}
		this.v0l ^= BUF[0] ^ BUF[16];
		this.v0h ^= BUF[1] ^ BUF[17];
		this.v1l ^= BUF[2] ^ BUF[18];
		this.v1h ^= BUF[3] ^ BUF[19];
		this.v2l ^= BUF[4] ^ BUF[20];
		this.v2h ^= BUF[5] ^ BUF[21];
		this.v3l ^= BUF[6] ^ BUF[22];
		this.v3h ^= BUF[7] ^ BUF[23];
		this.v4l ^= BUF[8] ^ BUF[24];
		this.v4h ^= BUF[9] ^ BUF[25];
		this.v5l ^= BUF[10] ^ BUF[26];
		this.v5h ^= BUF[11] ^ BUF[27];
		this.v6l ^= BUF[12] ^ BUF[28];
		this.v6h ^= BUF[13] ^ BUF[29];
		this.v7l ^= BUF[14] ^ BUF[30];
		this.v7h ^= BUF[15] ^ BUF[31];
		BUF.fill(0);
		this.v0l ^= BBUF[0] ^ BBUF[16];
		this.v0h ^= BBUF[1] ^ BBUF[17];
		this.v1l ^= BBUF[2] ^ BBUF[18];
		this.v1h ^= BBUF[3] ^ BBUF[19];
		this.v2l ^= BBUF[4] ^ BBUF[20];
		this.v2h ^= BBUF[5] ^ BBUF[21];
		this.v3l ^= BBUF[6] ^ BBUF[22];
		this.v3h ^= BBUF[7] ^ BBUF[23];
		this.v4l ^= BBUF[8] ^ BBUF[24];
		this.v4h ^= BBUF[9] ^ BBUF[25];
		this.v5l ^= BBUF[10] ^ BBUF[26];
		this.v5h ^= BBUF[11] ^ BBUF[27];
		this.v6l ^= BBUF[12] ^ BBUF[28];
		this.v6h ^= BBUF[13] ^ BBUF[29];
		this.v7l ^= BBUF[14] ^ BBUF[30];
		this.v7h ^= BBUF[15] ^ BBUF[31];
		BBUF.fill(0);
		}
		@@ -183,0 +183,0 @@ destroy() {

esm/blake2s.js

		@@ -1,11 +0,12 @@
		import { BLAKE2, SIGMA } from './_blake2.js';
		import { BLAKE, SIGMA } from './_blake.js';
		import { fromBig } from './_u64.js';
		import { rotr, toBytes, wrapConstructorWithOpts, u32 } from './utils.js';
		// Initial state:
		// first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19)
		// same as SHA-256
		import { rotr, toBytes, wrapConstructorWithOpts, u32, byteSwapIfBE } from './utils.js';
		// Initial state: same as SHA256
		// first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19
		// prettier-ignore
		export const IV = /* @__PURE__ */ new Uint32Array([0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19]);
		export const B2S_IV = /* @__PURE__ */ new Uint32Array([
		0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
		]);
		// Mixing function G splitted in two halfs
		function G1(a, b, c, d, x) {
		function G1s(a, b, c, d, x) {
		a = (a + b + x) \| 0;
		@@ -17,3 +18,3 @@ d = rotr(d ^ a, 16);
		}
		function G2(a, b, c, d, x) {
		function G2s(a, b, c, d, x) {
		a = (a + b + x) \| 0;
		@@ -29,33 +30,33 @@ d = rotr(d ^ a, 8);
		for (let i = 0; i < rounds; i++) {
		({ a: v0, b: v4, c: v8, d: v12 } = G1(v0, v4, v8, v12, msg[offset + s[j++]]));
		({ a: v0, b: v4, c: v8, d: v12 } = G2(v0, v4, v8, v12, msg[offset + s[j++]]));
		({ a: v1, b: v5, c: v9, d: v13 } = G1(v1, v5, v9, v13, msg[offset + s[j++]]));
		({ a: v1, b: v5, c: v9, d: v13 } = G2(v1, v5, v9, v13, msg[offset + s[j++]]));
		({ a: v2, b: v6, c: v10, d: v14 } = G1(v2, v6, v10, v14, msg[offset + s[j++]]));
		({ a: v2, b: v6, c: v10, d: v14 } = G2(v2, v6, v10, v14, msg[offset + s[j++]]));
		({ a: v3, b: v7, c: v11, d: v15 } = G1(v3, v7, v11, v15, msg[offset + s[j++]]));
		({ a: v3, b: v7, c: v11, d: v15 } = G2(v3, v7, v11, v15, msg[offset + s[j++]]));
		({ a: v0, b: v5, c: v10, d: v15 } = G1(v0, v5, v10, v15, msg[offset + s[j++]]));
		({ a: v0, b: v5, c: v10, d: v15 } = G2(v0, v5, v10, v15, msg[offset + s[j++]]));
		({ a: v1, b: v6, c: v11, d: v12 } = G1(v1, v6, v11, v12, msg[offset + s[j++]]));
		({ a: v1, b: v6, c: v11, d: v12 } = G2(v1, v6, v11, v12, msg[offset + s[j++]]));
		({ a: v2, b: v7, c: v8, d: v13 } = G1(v2, v7, v8, v13, msg[offset + s[j++]]));
		({ a: v2, b: v7, c: v8, d: v13 } = G2(v2, v7, v8, v13, msg[offset + s[j++]]));
		({ a: v3, b: v4, c: v9, d: v14 } = G1(v3, v4, v9, v14, msg[offset + s[j++]]));
		({ a: v3, b: v4, c: v9, d: v14 } = G2(v3, v4, v9, v14, msg[offset + s[j++]]));
		({ a: v0, b: v4, c: v8, d: v12 } = G1s(v0, v4, v8, v12, msg[offset + s[j++]]));
		({ a: v0, b: v4, c: v8, d: v12 } = G2s(v0, v4, v8, v12, msg[offset + s[j++]]));
		({ a: v1, b: v5, c: v9, d: v13 } = G1s(v1, v5, v9, v13, msg[offset + s[j++]]));
		({ a: v1, b: v5, c: v9, d: v13 } = G2s(v1, v5, v9, v13, msg[offset + s[j++]]));
		({ a: v2, b: v6, c: v10, d: v14 } = G1s(v2, v6, v10, v14, msg[offset + s[j++]]));
		({ a: v2, b: v6, c: v10, d: v14 } = G2s(v2, v6, v10, v14, msg[offset + s[j++]]));
		({ a: v3, b: v7, c: v11, d: v15 } = G1s(v3, v7, v11, v15, msg[offset + s[j++]]));
		({ a: v3, b: v7, c: v11, d: v15 } = G2s(v3, v7, v11, v15, msg[offset + s[j++]]));
		({ a: v0, b: v5, c: v10, d: v15 } = G1s(v0, v5, v10, v15, msg[offset + s[j++]]));
		({ a: v0, b: v5, c: v10, d: v15 } = G2s(v0, v5, v10, v15, msg[offset + s[j++]]));
		({ a: v1, b: v6, c: v11, d: v12 } = G1s(v1, v6, v11, v12, msg[offset + s[j++]]));
		({ a: v1, b: v6, c: v11, d: v12 } = G2s(v1, v6, v11, v12, msg[offset + s[j++]]));
		({ a: v2, b: v7, c: v8, d: v13 } = G1s(v2, v7, v8, v13, msg[offset + s[j++]]));
		({ a: v2, b: v7, c: v8, d: v13 } = G2s(v2, v7, v8, v13, msg[offset + s[j++]]));
		({ a: v3, b: v4, c: v9, d: v14 } = G1s(v3, v4, v9, v14, msg[offset + s[j++]]));
		({ a: v3, b: v4, c: v9, d: v14 } = G2s(v3, v4, v9, v14, msg[offset + s[j++]]));
		}
		return { v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15 };
		}
		class BLAKE2s extends BLAKE2 {
		class BLAKE2s extends BLAKE {
		constructor(opts = {}) {
		super(64, opts.dkLen === undefined ? 32 : opts.dkLen, opts, 32, 8, 8);
		// Internal state, same as SHA-256
		this.v0 = IV[0] \| 0;
		this.v1 = IV[1] \| 0;
		this.v2 = IV[2] \| 0;
		this.v3 = IV[3] \| 0;
		this.v4 = IV[4] \| 0;
		this.v5 = IV[5] \| 0;
		this.v6 = IV[6] \| 0;
		this.v7 = IV[7] \| 0;
		this.v0 = B2S_IV[0] \| 0;
		this.v1 = B2S_IV[1] \| 0;
		this.v2 = B2S_IV[2] \| 0;
		this.v3 = B2S_IV[3] \| 0;
		this.v4 = B2S_IV[4] \| 0;
		this.v5 = B2S_IV[5] \| 0;
		this.v6 = B2S_IV[6] \| 0;
		this.v7 = B2S_IV[7] \| 0;
		const keyLength = opts.key ? opts.key.length : 0;
		@@ -65,9 +66,9 @@ this.v0 ^= this.outputLen \| (keyLength << 8) \| (0x01 << 16) \| (0x01 << 24);
		const salt = u32(toBytes(opts.salt));
		this.v4 ^= salt[0];
		this.v5 ^= salt[1];
		this.v4 ^= byteSwapIfBE(salt[0]);
		this.v5 ^= byteSwapIfBE(salt[1]);
		}
		if (opts.personalization) {
		const pers = u32(toBytes(opts.personalization));
		this.v6 ^= pers[0];
		this.v7 ^= pers[1];
		this.v6 ^= byteSwapIfBE(pers[0]);
		this.v7 ^= byteSwapIfBE(pers[1]);
		}
		@@ -99,3 +100,3 @@ if (opts.key) {
		// prettier-ignore
		const { v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15 } = compress(SIGMA, offset, msg, 10, this.v0, this.v1, this.v2, this.v3, this.v4, this.v5, this.v6, this.v7, IV[0], IV[1], IV[2], IV[3], l ^ IV[4], h ^ IV[5], isLast ? ~IV[6] : IV[6], IV[7]);
		const { v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15 } = compress(SIGMA, offset, msg, 10, this.v0, this.v1, this.v2, this.v3, this.v4, this.v5, this.v6, this.v7, B2S_IV[0], B2S_IV[1], B2S_IV[2], B2S_IV[3], l ^ B2S_IV[4], h ^ B2S_IV[5], isLast ? ~B2S_IV[6] : B2S_IV[6], B2S_IV[7]);
		this.v0 ^= v0 ^ v8;
		@@ -102,0 +103,0 @@ this.v1 ^= v1 ^ v9;

esm/blake3.js

		import { bytes, exists, number, output } from './_assert.js';
		import { fromBig } from './_u64.js';
		import { BLAKE2 } from './_blake2.js';
		import { compress, IV } from './blake2s.js';
		import { u8, u32, toBytes, wrapXOFConstructorWithOpts } from './utils.js';
		import { BLAKE } from './_blake.js';
		import { compress, B2S_IV } from './blake2s.js';
		import { u8, u32, toBytes, wrapXOFConstructorWithOpts, isLE, byteSwap32, } from './utils.js';
		const SIGMA = /* @__PURE__ */ (() => {
		@@ -22,3 +22,3 @@ const Id = Array.from({ length: 16 }, (_, i) => i);
		// which won't really benefit small inputs.
		class BLAKE3 extends BLAKE2 {
		class BLAKE3 extends BLAKE {
		constructor(opts = {}, flags = 0) {
		@@ -44,13 +44,17 @@ super(64, opts.dkLen === undefined ? 32 : opts.dkLen, {}, Number.MAX_SAFE_INTEGER, 0, 0);
		this.IV = u32(key);
		this.flags = flags \| 16 /* Flags.KEYED_HASH */;
		if (!isLE)
		byteSwap32(this.IV);
		this.flags = flags \| 16 /* B3_Flags.KEYED_HASH */;
		}
		else if (opts.context !== undefined) {
		const context_key = new BLAKE3({ dkLen: 32 }, 32 /* Flags.DERIVE_KEY_CONTEXT */)
		const context_key = new BLAKE3({ dkLen: 32 }, 32 /* B3_Flags.DERIVE_KEY_CONTEXT */)
		.update(opts.context)
		.digest();
		this.IV = u32(context_key);
		this.flags = flags \| 64 /* Flags.DERIVE_KEY_MATERIAL */;
		if (!isLE)
		byteSwap32(this.IV);
		this.flags = flags \| 64 /* B3_Flags.DERIVE_KEY_MATERIAL */;
		}
		else {
		this.IV = IV.slice();
		this.IV = B2S_IV.slice();
		this.flags = flags;
		@@ -70,3 +74,3 @@ }
		// prettier-ignore
		const { v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15 } = compress(SIGMA, bufPos, buf, 7, s[0], s[1], s[2], s[3], s[4], s[5], s[6], s[7], IV[0], IV[1], IV[2], IV[3], h, l, pos, flags);
		const { v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15 } = compress(SIGMA, bufPos, buf, 7, s[0], s[1], s[2], s[3], s[4], s[5], s[6], s[7], B2S_IV[0], B2S_IV[1], B2S_IV[2], B2S_IV[3], h, l, pos, flags);
		s[0] = v0 ^ v8;
		@@ -85,5 +89,5 @@ s[1] = v1 ^ v9;
		if (!this.chunkPos)
		flags \|= 1 /* Flags.CHUNK_START */;
		flags \|= 1 /* B3_Flags.CHUNK_START */;
		if (this.chunkPos === 15 \|\| isLast)
		flags \|= 2 /* Flags.CHUNK_END */;
		flags \|= 2 /* B3_Flags.CHUNK_END */;
		if (!isLast)
		@@ -109,3 +113,3 @@ this.pos = this.blockLen;
		this.pos = this.blockLen;
		this.b2Compress(0, this.flags \| 4 /* Flags.PARENT */, this.buffer32, 0);
		this.b2Compress(0, this.flags \| 4 /* B3_Flags.PARENT */, this.buffer32, 0);
		chunk = this.state;
		@@ -148,4 +152,6 @@ this.state = this.IV.slice();
		const { h, l } = fromBig(BigInt(this.chunkOut++));
		if (!isLE)
		byteSwap32(buffer32);
		// prettier-ignore
		const { v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15 } = compress(SIGMA, 0, buffer32, 7, s[0], s[1], s[2], s[3], s[4], s[5], s[6], s[7], IV[0], IV[1], IV[2], IV[3], l, h, pos, flags);
		const { v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15 } = compress(SIGMA, 0, buffer32, 7, s[0], s[1], s[2], s[3], s[4], s[5], s[6], s[7], B2S_IV[0], B2S_IV[1], B2S_IV[2], B2S_IV[3], l, h, pos, flags);
		out32[0] = v0 ^ v8;
		@@ -167,2 +173,6 @@ out32[1] = v1 ^ v9;
		out32[15] = s[7] ^ v15;
		if (!isLE) {
		byteSwap32(buffer32);
		byteSwap32(out32);
		}
		this.posOut = 0;
		@@ -177,6 +187,10 @@ }
		// Process last chunk
		let flags = this.flags \| 8 /* Flags.ROOT */;
		let flags = this.flags \| 8 /* B3_Flags.ROOT */;
		if (this.stack.length) {
		flags \|= 4 /* Flags.PARENT */;
		flags \|= 4 /* B3_Flags.PARENT */;
		if (!isLE)
		byteSwap32(this.buffer32);
		this.compress(this.buffer32, 0, true);
		if (!isLE)
		byteSwap32(this.buffer32);
		this.chunksDone = 0;
		@@ -186,3 +200,3 @@ this.pos = this.blockLen;
		else {
		flags \|= (!this.chunkPos ? 1 /* Flags.CHUNK_START / : 0) \| 2 / Flags.CHUNK_END */;
		flags \|= (!this.chunkPos ? 1 /* B3_Flags.CHUNK_START / : 0) \| 2 / B3_Flags.CHUNK_END */;
		}
		@@ -189,0 +203,0 @@ this.flags = flags;

esm/index.js

		@@ -1,3 +0,3 @@
		"use strict";
		throw new Error('noble-hashes have no entry-point: consult README for usage');
		export {};
		//# sourceMappingURL=index.js.map

esm/ripemd160.js

		@@ -1,7 +0,7 @@
		import { SHA2 } from './_sha2.js';
		import { wrapConstructor } from './utils.js';
		import { HashMD } from './_md.js';
		import { rotl, wrapConstructor } from './utils.js';
		// https://homes.esat.kuleuven.be/~bosselae/ripemd160.html
		// https://homes.esat.kuleuven.be/~bosselae/ripemd160/pdf/AB-9601/AB-9601.pdf
		const Rho = /* @__PURE__ */ new Uint8Array([7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8]);
		const Id = /* @__PURE__ */ Uint8Array.from({ length: 16 }, (_, i) => i);
		const Id = /* @__PURE__ */ new Uint8Array(new Array(16).fill(0).map((_, i) => i));
		const Pi = /* @__PURE__ / Id.map((i) => (9 i + 5) % 16);
		@@ -28,4 +28,2 @@ let idxL = [Id];
		]);
		// The rotate left (circular left shift) operation for uint32
		const rotl = (word, shift) => (word << shift) \| (word >>> (32 - shift));
		// It's called f() in spec.
		@@ -45,4 +43,4 @@ function f(group, x, y, z) {
		// Temporary buffer, not used to store anything between runs
		const BUF = /* @__PURE__ */ new Uint32Array(16);
		export class RIPEMD160 extends SHA2 {
		const R_BUF = /* @__PURE__ */ new Uint32Array(16);
		export class RIPEMD160 extends HashMD {
		constructor() {
		@@ -69,3 +67,3 @@ super(64, 20, 8, true);
		for (let i = 0; i < 16; i++, offset += 4)
		BUF[i] = view.getUint32(offset, true);
		R_BUF[i] = view.getUint32(offset, true);
		// prettier-ignore
		@@ -81,3 +79,3 @@ let al = this.h0 \| 0, ar = al, bl = this.h1 \| 0, br = bl, cl = this.h2 \| 0, cr = cl, dl = this.h3 \| 0, dr = dl, el = this.h4 \| 0, er = el;
		for (let i = 0; i < 16; i++) {
		const tl = (rotl(al + f(group, bl, cl, dl) + BUF[rl[i]] + hbl, sl[i]) + el) \| 0;
		const tl = (rotl(al + f(group, bl, cl, dl) + R_BUF[rl[i]] + hbl, sl[i]) + el) \| 0;
		al = el, el = dl, dl = rotl(cl, 10) \| 0, cl = bl, bl = tl; // prettier-ignore
		@@ -87,3 +85,3 @@ }
		for (let i = 0; i < 16; i++) {
		const tr = (rotl(ar + f(rGroup, br, cr, dr) + BUF[rr[i]] + hbr, sr[i]) + er) \| 0;
		const tr = (rotl(ar + f(rGroup, br, cr, dr) + R_BUF[rr[i]] + hbr, sr[i]) + er) \| 0;
		ar = er, er = dr, dr = rotl(cr, 10) \| 0, cr = br, br = tr; // prettier-ignore
		@@ -96,3 +94,3 @@ }
		roundClean() {
		BUF.fill(0);
		R_BUF.fill(0);
		}
		@@ -99,0 +97,0 @@ destroy() {

esm/scrypt.js

		import { number as assertNumber } from './_assert.js';
		import { sha256 } from './sha256.js';
		import { pbkdf2 } from './pbkdf2.js';
		import { asyncLoop, checkOpts, u32 } from './utils.js';
		import { rotl, asyncLoop, checkOpts, u32, isLE, byteSwap32 } from './utils.js';
		// RFC 7914 Scrypt KDF
		// Left rotate for uint32
		const rotl = (a, b) => (a << b) \| (a >>> (32 - b));
		// The main Scrypt loop: uses Salsa extensively.
		@@ -170,2 +168,4 @@ // Six versions of the function were tried, this is the fastest one.
		const { N, r, p, dkLen, blockSize32, V, B32, B, tmp, blockMixCb } = scryptInit(password, salt, opts);
		if (!isLE)
		byteSwap32(B32);
		for (let pi = 0; pi < p; pi++) {
		@@ -190,2 +190,4 @@ const Pi = blockSize32 * pi;
		}
		if (!isLE)
		byteSwap32(B32);
		return scryptOutput(password, dkLen, B, V, tmp);
		@@ -198,2 +200,4 @@ }
		const { N, r, p, dkLen, blockSize32, V, B32, B, tmp, blockMixCb, asyncTick } = scryptInit(password, salt, opts);
		if (!isLE)
		byteSwap32(B32);
		for (let pi = 0; pi < p; pi++) {
		@@ -219,4 +223,6 @@ const Pi = blockSize32 * pi;
		}
		if (!isLE)
		byteSwap32(B32);
		return scryptOutput(password, dkLen, B, V, tmp);
		}
		//# sourceMappingURL=scrypt.js.map

esm/sha1.js

		@@ -1,13 +0,6 @@
		import { SHA2 } from './_sha2.js';
		import { wrapConstructor } from './utils.js';
		// SHA1 was cryptographically broken.
		// It is still widely used in legacy apps. Don't use it for a new protocol.
		// RFC 3174
		const rotl = (word, shift) => (word << shift) \| ((word >>> (32 - shift)) >>> 0);
		// Choice: a ? b : c
		const Chi = (a, b, c) => (a & b) ^ (~a & c);
		// Majority function, true if any two inpust is true
		const Maj = (a, b, c) => (a & b) ^ (a & c) ^ (b & c);
		import { HashMD, Chi, Maj } from './_md.js';
		import { rotl, wrapConstructor } from './utils.js';
		// SHA1 (RFC 3174) was cryptographically broken. It's still used. Don't use it for a new protocol.
		// Initial state
		const IV = /* @__PURE__ */ new Uint32Array([
		const SHA1_IV = /* @__PURE__ */ new Uint32Array([
		0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0,
		@@ -18,10 +11,10 @@ ]);
		const SHA1_W = /* @__PURE__ */ new Uint32Array(80);
		class SHA1 extends SHA2 {
		class SHA1 extends HashMD {
		constructor() {
		super(64, 20, 8, false);
		this.A = IV[0] \| 0;
		this.B = IV[1] \| 0;
		this.C = IV[2] \| 0;
		this.D = IV[3] \| 0;
		this.E = IV[4] \| 0;
		this.A = SHA1_IV[0] \| 0;
		this.B = SHA1_IV[1] \| 0;
		this.C = SHA1_IV[2] \| 0;
		this.D = SHA1_IV[3] \| 0;
		this.E = SHA1_IV[4] \| 0;
		}
		@@ -28,0 +21,0 @@ get() {

esm/sha256.js

		@@ -1,9 +0,5 @@
		import { SHA2 } from './_sha2.js';
		import { HashMD, Chi, Maj } from './_md.js';
		import { rotr, wrapConstructor } from './utils.js';
		// SHA2-256 need to try 2^128 hashes to execute birthday attack.
		// BTC network is doing 2^67 hashes/sec as per early 2023.
		// Choice: a ? b : c
		const Chi = (a, b, c) => (a & b) ^ (~a & c);
		// Majority function, true if any two inpust is true
		const Maj = (a, b, c) => (a & b) ^ (a & c) ^ (b & c);
		// Round constants:
		@@ -22,5 +18,6 @@ // first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311)
		]);
		// Initial state (first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19):
		// Initial state:
		// first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19
		// prettier-ignore
		const IV = /* @__PURE__ */ new Uint32Array([
		const SHA256_IV = /* @__PURE__ */ new Uint32Array([
		0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
		@@ -31,3 +28,3 @@ ]);
		const SHA256_W = /* @__PURE__ */ new Uint32Array(64);
		class SHA256 extends SHA2 {
		class SHA256 extends HashMD {
		constructor() {
		@@ -37,10 +34,10 @@ super(64, 32, 8, false);
		// which means optimizer/compiler cannot use registers.
		this.A = IV[0] \| 0;
		this.B = IV[1] \| 0;
		this.C = IV[2] \| 0;
		this.D = IV[3] \| 0;
		this.E = IV[4] \| 0;
		this.F = IV[5] \| 0;
		this.G = IV[6] \| 0;
		this.H = IV[7] \| 0;
		this.A = SHA256_IV[0] \| 0;
		this.B = SHA256_IV[1] \| 0;
		this.C = SHA256_IV[2] \| 0;
		this.D = SHA256_IV[3] \| 0;
		this.E = SHA256_IV[4] \| 0;
		this.F = SHA256_IV[5] \| 0;
		this.G = SHA256_IV[6] \| 0;
		this.H = SHA256_IV[7] \| 0;
		}
		@@ -47,0 +44,0 @@ get() {

esm/sha3-addons.js

		@@ -46,3 +46,3 @@ import { number as assertNumber } from './_assert.js';
		}
		const gencShake = (suffix, blockLen, outputLen) => wrapConstructorWithOpts((opts = {}) => cshakePers(new Keccak(blockLen, suffix, chooseLen(opts, outputLen), true), opts));
		const gencShake = (suffix, blockLen, outputLen) => wrapXOFConstructorWithOpts((opts = {}) => cshakePers(new Keccak(blockLen, suffix, chooseLen(opts, outputLen), true), opts));
		export const cshake128 = /* @__PURE__ */ (() => gencShake(0x1f, 168, 128 / 8))();
		@@ -49,0 +49,0 @@ export const cshake256 = /* @__PURE__ */ (() => gencShake(0x1f, 136, 256 / 8))();

esm/sha3.js

		import { bytes, exists, number, output } from './_assert.js';
		import { rotlBH, rotlBL, rotlSH, rotlSL, split } from './_u64.js';
		import { Hash, u32, toBytes, wrapConstructor, wrapXOFConstructorWithOpts, } from './utils.js';
		import { Hash, u32, toBytes, wrapConstructor, wrapXOFConstructorWithOpts, isLE, byteSwap32, } from './utils.js';
		// SHA3 (keccak) is based on a new design: basically, the internal state is bigger than output size.
		// It's called a sponge function.
		// Various per round constants calculations
		const [SHA3_PI, SHA3_ROTL, _SHA3_IOTA] = [[], [], []];
		const SHA3_PI = [];
		const SHA3_ROTL = [];
		const _SHA3_IOTA = [];
		const _0n = /* @__PURE__ */ BigInt(0);
		@@ -101,3 +103,7 @@ const _1n = /* @__PURE__ */ BigInt(1);
		keccak() {
		if (!isLE)
		byteSwap32(this.state32);
		keccakP(this.state32, this.rounds);
		if (!isLE)
		byteSwap32(this.state32);
		this.posOut = 0;
		@@ -104,0 +110,0 @@ this.pos = 0;

esm/sha512.js

		@@ -1,2 +0,2 @@
		import { SHA2 } from './_sha2.js';
		import { HashMD } from './_md.js';
		import u64 from './_u64.js';
		@@ -31,3 +31,3 @@ import { wrapConstructor } from './utils.js';
		const SHA512_W_L = /* @__PURE__ */ new Uint32Array(80);
		export class SHA512 extends SHA2 {
		export class SHA512 extends HashMD {
		constructor() {
		@@ -34,0 +34,0 @@ super(128, 64, 16, false);

esm/utils.js

		@@ -9,9 +9,12 @@ /! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		import { crypto } from '@noble/hashes/crypto';
		import { bytes as abytes } from './_assert.js';
		// export { isBytes } from './_assert.js';
		// We can't reuse isBytes from _assert, because somehow this causes huge perf issues
		export function isBytes(a) {
		return (a instanceof Uint8Array \|\|
		(a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array'));
		}
		// Cast array to different type
		export const u8 = (arr) => new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength);
		export const u32 = (arr) => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));
		function isBytes(a) {
		return (a instanceof Uint8Array \|\|
		(a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array'));
		}
		// Cast array to view
		@@ -21,9 +24,18 @@ export const createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
		export const rotr = (word, shift) => (word << (32 - shift)) \| (word >>> shift);
		// big-endian hardware is rare. Just in case someone still decides to run hashes:
		// early-throw an error because we don't support BE yet.
		// Other libraries would silently corrupt the data instead of throwing an error,
		// when they don't support it.
		// The rotate left (circular left shift) operation for uint32
		export const rotl = (word, shift) => (word << shift) \| ((word >>> (32 - shift)) >>> 0);
		export const isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44;
		if (!isLE)
		throw new Error('Non little-endian hardware is not supported');
		// The byte swap operation for uint32
		export const byteSwap = (word) => ((word << 24) & 0xff000000) \|
		((word << 8) & 0xff0000) \|
		((word >>> 8) & 0xff00) \|
		((word >>> 24) & 0xff);
		// Conditionally byte swap if on a big-endian platform
		export const byteSwapIfBE = isLE ? (n) => n : (n) => byteSwap(n);
		// In place byte swap for Uint32Array
		export function byteSwap32(arr) {
		for (let i = 0; i < arr.length; i++) {
		arr[i] = byteSwap(arr[i]);
		}
		}
		// Array where index 0xf0 (240) is mapped to string 'f0'
		@@ -35,4 +47,3 @@ const hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));
		export function bytesToHex(bytes) {
		if (!isBytes(bytes))
		throw new Error('Uint8Array expected');
		abytes(bytes);
		// pre-caching improves the speed 6x
		@@ -111,4 +122,3 @@ let hex = '';
		data = utf8ToBytes(data);
		if (!isBytes(data))
		throw new Error(`expected Uint8Array, got ${typeof data}`);
		abytes(data);
		return data;
		@@ -123,4 +133,3 @@ }
		const a = arrays[i];
		if (!isBytes(a))
		throw new Error('Uint8Array expected');
		abytes(a);
		sum += a.length;
		@@ -127,0 +136,0 @@ }

hkdf.d.ts

		@@ -27,1 +27,2 @@ import { CHash, Input } from './utils.js';
		export declare const hkdf: (hash: CHash, ikm: Input, salt: Input \| undefined, info: Input \| undefined, length: number) => Uint8Array;
		//# sourceMappingURL=hkdf.d.ts.map

hmac.d.ts

		@@ -26,1 +26,2 @@ import { Hash, CHash, Input } from './utils.js';
		};
		//# sourceMappingURL=hmac.d.ts.map

package.json

		{
		"name": "@noble/hashes",
		"version": "1.3.3",
		"version": "1.4.0",
		"description": "Audited & minimal 0-dependency JS implementation of SHA, RIPEMD, BLAKE, HMAC, HKDF, PBKDF & Scrypt",
		@@ -17,3 +17,3 @@ "files": [
		"build": "npm run build:clean; tsc && tsc -p tsconfig.esm.json",
		"build:release": "cd build; npm i; npm run build",
		"build:release": "cd build && npm i && npm run build",
		"build:clean": "rm .{js,d.ts,js.map} esm/.{js,js.map} 2> /dev/null",
		@@ -30,3 +30,3 @@ "lint": "prettier --check 'src/*/.{js,ts}' 'test/*/.{js,ts}'",
		"type": "git",
		"url": "https://github.com/paulmillr/noble-hashes.git"
		"url": "git+https://github.com/paulmillr/noble-hashes.git"
		},
		@@ -68,6 +68,6 @@ "license": "MIT",
		},
		"./_sha2": {
		"types": "./_sha2.d.ts",
		"import": "./esm/_sha2.js",
		"default": "./_sha2.js"
		"./_md": {
		"types": "./_md.d.ts",
		"import": "./esm/_md.js",
		"default": "./_md.js"
		},
		@@ -74,0 +74,0 @@ "./argon2": {

pbkdf2.d.ts

		@@ -16,1 +16,2 @@ import { CHash, Input } from './utils.js';
		export declare function pbkdf2Async(hash: CHash, password: Input, salt: Input, opts: Pbkdf2Opt): Promise<Uint8Array>;
		//# sourceMappingURL=pbkdf2.d.ts.map

README.md

		@@ -12,10 +12,14 @@ # noble-hashes
		- 🦘 SHA3 supports Keccak, cSHAKE, KangarooTwelve, MarsupilamiFourteen and TurboSHAKE
		- 🪶 Just 3.4k lines / 17KB gzipped. SHA256-only is 240 lines / 3KB gzipped
		- 🪶 45KB for everything, 5KB for single-hash build

		The library's initial development was funded by [Ethereum Foundation](https://ethereum.org/).

		### This library belongs to _noble_ crypto
		For discussions, questions and support, visit
		[GitHub Discussions](https://github.com/paulmillr/noble-hashes/discussions)
		section of the repository.

		> noble-crypto — high-security, easily auditable set of contained cryptographic libraries and tools.
		### This library belongs to _noble_ cryptography

		> noble cryptography — high-security, easily auditable set of contained cryptographic libraries and tools.

		- Zero or minimal dependencies
		@@ -27,3 +31,6 @@ - Highly readable TypeScript / JS code
		[curves](https://github.com/paulmillr/noble-curves),
		[hashes](https://github.com/paulmillr/noble-hashes)
		[hashes](https://github.com/paulmillr/noble-hashes),
		[post-quantum](https://github.com/paulmillr/noble-post-quantum),
		4kb [secp256k1](https://github.com/paulmillr/noble-secp256k1) /
		[ed25519](https://github.com/paulmillr/noble-ed25519)
		- [Check out homepage](https://paulmillr.com/noble/)
		@@ -78,7 +85,7 @@ for reading resources, documentation and apps built with noble

		- can be called directly, with `Uint8Array`.
		- return `Uint8Array`
		- can receive `string`, which is automatically converted to `Uint8Array`
		- receive `Uint8Array` and return `Uint8Array`
		- may receive `string`, which is automatically converted to `Uint8Array`
		via utf8 encoding (not hex)
		- support hashing 4GB of data per update on 64-bit systems (unlimited with streaming)
		- support little-endian and big-endian architectures
		- can hash up to 4GB per chunk, with any amount of chunks

		@@ -85,0 +92,0 @@ ```ts

ripemd160.d.ts

		@@ -1,3 +0,3 @@
		import { SHA2 } from './_sha2.js';
		export declare class RIPEMD160 extends SHA2<RIPEMD160> {
		import { HashMD } from './_md.js';
		export declare class RIPEMD160 extends HashMD<RIPEMD160> {
		private h0;
		@@ -25,1 +25,2 @@ private h1;
		};
		//# sourceMappingURL=ripemd160.d.ts.map

ripemd160.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.ripemd160 = exports.RIPEMD160 = void 0;
		const _sha2_js_1 = require("./_sha2.js");
		const _md_js_1 = require("./_md.js");
		const utils_js_1 = require("./utils.js");
		@@ -9,3 +9,3 @@ // https://homes.esat.kuleuven.be/~bosselae/ripemd160.html
		const Rho = /* @__PURE__ */ new Uint8Array([7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8]);
		const Id = /* @__PURE__ */ Uint8Array.from({ length: 16 }, (_, i) => i);
		const Id = /* @__PURE__ */ new Uint8Array(new Array(16).fill(0).map((_, i) => i));
		const Pi = /* @__PURE__ / Id.map((i) => (9 i + 5) % 16);
		@@ -32,4 +32,2 @@ let idxL = [Id];
		]);
		// The rotate left (circular left shift) operation for uint32
		const rotl = (word, shift) => (word << shift) \| (word >>> (32 - shift));
		// It's called f() in spec.
		@@ -49,4 +47,4 @@ function f(group, x, y, z) {
		// Temporary buffer, not used to store anything between runs
		const BUF = /* @__PURE__ */ new Uint32Array(16);
		class RIPEMD160 extends _sha2_js_1.SHA2 {
		const R_BUF = /* @__PURE__ */ new Uint32Array(16);
		class RIPEMD160 extends _md_js_1.HashMD {
		constructor() {
		@@ -73,3 +71,3 @@ super(64, 20, 8, true);
		for (let i = 0; i < 16; i++, offset += 4)
		BUF[i] = view.getUint32(offset, true);
		R_BUF[i] = view.getUint32(offset, true);
		// prettier-ignore
		@@ -85,9 +83,9 @@ let al = this.h0 \| 0, ar = al, bl = this.h1 \| 0, br = bl, cl = this.h2 \| 0, cr = cl, dl = this.h3 \| 0, dr = dl, el = this.h4 \| 0, er = el;
		for (let i = 0; i < 16; i++) {
		const tl = (rotl(al + f(group, bl, cl, dl) + BUF[rl[i]] + hbl, sl[i]) + el) \| 0;
		al = el, el = dl, dl = rotl(cl, 10) \| 0, cl = bl, bl = tl; // prettier-ignore
		const tl = ((0, utils_js_1.rotl)(al + f(group, bl, cl, dl) + R_BUF[rl[i]] + hbl, sl[i]) + el) \| 0;
		al = el, el = dl, dl = (0, utils_js_1.rotl)(cl, 10) \| 0, cl = bl, bl = tl; // prettier-ignore
		}
		// 2 loops are 10% faster
		for (let i = 0; i < 16; i++) {
		const tr = (rotl(ar + f(rGroup, br, cr, dr) + BUF[rr[i]] + hbr, sr[i]) + er) \| 0;
		ar = er, er = dr, dr = rotl(cr, 10) \| 0, cr = br, br = tr; // prettier-ignore
		const tr = ((0, utils_js_1.rotl)(ar + f(rGroup, br, cr, dr) + R_BUF[rr[i]] + hbr, sr[i]) + er) \| 0;
		ar = er, er = dr, dr = (0, utils_js_1.rotl)(cr, 10) \| 0, cr = br, br = tr; // prettier-ignore
		}
		@@ -99,3 +97,3 @@ }
		roundClean() {
		BUF.fill(0);
		R_BUF.fill(0);
		}
		@@ -102,0 +100,0 @@ destroy() {

scrypt.d.ts

		@@ -30,1 +30,2 @@ import { Input } from './utils.js';
		export declare function scryptAsync(password: Input, salt: Input, opts: ScryptOpts): Promise<Uint8Array>;
		//# sourceMappingURL=scrypt.d.ts.map

scrypt.js

		@@ -9,4 +9,2 @@ "use strict";
		// RFC 7914 Scrypt KDF
		// Left rotate for uint32
		const rotl = (a, b) => (a << b) \| (a >>> (32 - b));
		// The main Scrypt loop: uses Salsa extensively.
		@@ -30,34 +28,34 @@ // Six versions of the function were tried, this is the fastest one.
		for (let i = 0; i < 8; i += 2) {
		x04 ^= rotl(x00 + x12 \| 0, 7);
		x08 ^= rotl(x04 + x00 \| 0, 9);
		x12 ^= rotl(x08 + x04 \| 0, 13);
		x00 ^= rotl(x12 + x08 \| 0, 18);
		x09 ^= rotl(x05 + x01 \| 0, 7);
		x13 ^= rotl(x09 + x05 \| 0, 9);
		x01 ^= rotl(x13 + x09 \| 0, 13);
		x05 ^= rotl(x01 + x13 \| 0, 18);
		x14 ^= rotl(x10 + x06 \| 0, 7);
		x02 ^= rotl(x14 + x10 \| 0, 9);
		x06 ^= rotl(x02 + x14 \| 0, 13);
		x10 ^= rotl(x06 + x02 \| 0, 18);
		x03 ^= rotl(x15 + x11 \| 0, 7);
		x07 ^= rotl(x03 + x15 \| 0, 9);
		x11 ^= rotl(x07 + x03 \| 0, 13);
		x15 ^= rotl(x11 + x07 \| 0, 18);
		x01 ^= rotl(x00 + x03 \| 0, 7);
		x02 ^= rotl(x01 + x00 \| 0, 9);
		x03 ^= rotl(x02 + x01 \| 0, 13);
		x00 ^= rotl(x03 + x02 \| 0, 18);
		x06 ^= rotl(x05 + x04 \| 0, 7);
		x07 ^= rotl(x06 + x05 \| 0, 9);
		x04 ^= rotl(x07 + x06 \| 0, 13);
		x05 ^= rotl(x04 + x07 \| 0, 18);
		x11 ^= rotl(x10 + x09 \| 0, 7);
		x08 ^= rotl(x11 + x10 \| 0, 9);
		x09 ^= rotl(x08 + x11 \| 0, 13);
		x10 ^= rotl(x09 + x08 \| 0, 18);
		x12 ^= rotl(x15 + x14 \| 0, 7);
		x13 ^= rotl(x12 + x15 \| 0, 9);
		x14 ^= rotl(x13 + x12 \| 0, 13);
		x15 ^= rotl(x14 + x13 \| 0, 18);
		x04 ^= (0, utils_js_1.rotl)(x00 + x12 \| 0, 7);
		x08 ^= (0, utils_js_1.rotl)(x04 + x00 \| 0, 9);
		x12 ^= (0, utils_js_1.rotl)(x08 + x04 \| 0, 13);
		x00 ^= (0, utils_js_1.rotl)(x12 + x08 \| 0, 18);
		x09 ^= (0, utils_js_1.rotl)(x05 + x01 \| 0, 7);
		x13 ^= (0, utils_js_1.rotl)(x09 + x05 \| 0, 9);
		x01 ^= (0, utils_js_1.rotl)(x13 + x09 \| 0, 13);
		x05 ^= (0, utils_js_1.rotl)(x01 + x13 \| 0, 18);
		x14 ^= (0, utils_js_1.rotl)(x10 + x06 \| 0, 7);
		x02 ^= (0, utils_js_1.rotl)(x14 + x10 \| 0, 9);
		x06 ^= (0, utils_js_1.rotl)(x02 + x14 \| 0, 13);
		x10 ^= (0, utils_js_1.rotl)(x06 + x02 \| 0, 18);
		x03 ^= (0, utils_js_1.rotl)(x15 + x11 \| 0, 7);
		x07 ^= (0, utils_js_1.rotl)(x03 + x15 \| 0, 9);
		x11 ^= (0, utils_js_1.rotl)(x07 + x03 \| 0, 13);
		x15 ^= (0, utils_js_1.rotl)(x11 + x07 \| 0, 18);
		x01 ^= (0, utils_js_1.rotl)(x00 + x03 \| 0, 7);
		x02 ^= (0, utils_js_1.rotl)(x01 + x00 \| 0, 9);
		x03 ^= (0, utils_js_1.rotl)(x02 + x01 \| 0, 13);
		x00 ^= (0, utils_js_1.rotl)(x03 + x02 \| 0, 18);
		x06 ^= (0, utils_js_1.rotl)(x05 + x04 \| 0, 7);
		x07 ^= (0, utils_js_1.rotl)(x06 + x05 \| 0, 9);
		x04 ^= (0, utils_js_1.rotl)(x07 + x06 \| 0, 13);
		x05 ^= (0, utils_js_1.rotl)(x04 + x07 \| 0, 18);
		x11 ^= (0, utils_js_1.rotl)(x10 + x09 \| 0, 7);
		x08 ^= (0, utils_js_1.rotl)(x11 + x10 \| 0, 9);
		x09 ^= (0, utils_js_1.rotl)(x08 + x11 \| 0, 13);
		x10 ^= (0, utils_js_1.rotl)(x09 + x08 \| 0, 18);
		x12 ^= (0, utils_js_1.rotl)(x15 + x14 \| 0, 7);
		x13 ^= (0, utils_js_1.rotl)(x12 + x15 \| 0, 9);
		x14 ^= (0, utils_js_1.rotl)(x13 + x12 \| 0, 13);
		x15 ^= (0, utils_js_1.rotl)(x14 + x13 \| 0, 18);
		}
		@@ -175,2 +173,4 @@ // Write output (salsa)
		const { N, r, p, dkLen, blockSize32, V, B32, B, tmp, blockMixCb } = scryptInit(password, salt, opts);
		if (!utils_js_1.isLE)
		(0, utils_js_1.byteSwap32)(B32);
		for (let pi = 0; pi < p; pi++) {
		@@ -195,2 +195,4 @@ const Pi = blockSize32 * pi;
		}
		if (!utils_js_1.isLE)
		(0, utils_js_1.byteSwap32)(B32);
		return scryptOutput(password, dkLen, B, V, tmp);
		@@ -204,2 +206,4 @@ }
		const { N, r, p, dkLen, blockSize32, V, B32, B, tmp, blockMixCb, asyncTick } = scryptInit(password, salt, opts);
		if (!utils_js_1.isLE)
		(0, utils_js_1.byteSwap32)(B32);
		for (let pi = 0; pi < p; pi++) {
		@@ -225,2 +229,4 @@ const Pi = blockSize32 * pi;
		}
		if (!utils_js_1.isLE)
		(0, utils_js_1.byteSwap32)(B32);
		return scryptOutput(password, dkLen, B, V, tmp);
		@@ -227,0 +233,0 @@ }

sha1.d.ts

		@@ -1,3 +0,3 @@
		import { SHA2 } from './_sha2.js';
		declare class SHA1 extends SHA2<SHA1> {
		import { HashMD } from './_md.js';
		declare class SHA1 extends HashMD<SHA1> {
		private A;
		@@ -22,1 +22,2 @@ private B;
		export {};
		//# sourceMappingURL=sha1.d.ts.map

sha1.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.sha1 = void 0;
		const _sha2_js_1 = require("./_sha2.js");
		const _md_js_1 = require("./_md.js");
		const utils_js_1 = require("./utils.js");
		// SHA1 was cryptographically broken.
		// It is still widely used in legacy apps. Don't use it for a new protocol.
		// RFC 3174
		const rotl = (word, shift) => (word << shift) \| ((word >>> (32 - shift)) >>> 0);
		// Choice: a ? b : c
		const Chi = (a, b, c) => (a & b) ^ (~a & c);
		// Majority function, true if any two inpust is true
		const Maj = (a, b, c) => (a & b) ^ (a & c) ^ (b & c);
		// SHA1 (RFC 3174) was cryptographically broken. It's still used. Don't use it for a new protocol.
		// Initial state
		const IV = /* @__PURE__ */ new Uint32Array([
		const SHA1_IV = /* @__PURE__ */ new Uint32Array([
		0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0,
		@@ -21,10 +14,10 @@ ]);
		const SHA1_W = /* @__PURE__ */ new Uint32Array(80);
		class SHA1 extends _sha2_js_1.SHA2 {
		class SHA1 extends _md_js_1.HashMD {
		constructor() {
		super(64, 20, 8, false);
		this.A = IV[0] \| 0;
		this.B = IV[1] \| 0;
		this.C = IV[2] \| 0;
		this.D = IV[3] \| 0;
		this.E = IV[4] \| 0;
		this.A = SHA1_IV[0] \| 0;
		this.B = SHA1_IV[1] \| 0;
		this.C = SHA1_IV[2] \| 0;
		this.D = SHA1_IV[3] \| 0;
		this.E = SHA1_IV[4] \| 0;
		}
		@@ -46,3 +39,3 @@ get() {
		for (let i = 16; i < 80; i++)
		SHA1_W[i] = rotl(SHA1_W[i - 3] ^ SHA1_W[i - 8] ^ SHA1_W[i - 14] ^ SHA1_W[i - 16], 1);
		SHA1_W[i] = (0, utils_js_1.rotl)(SHA1_W[i - 3] ^ SHA1_W[i - 8] ^ SHA1_W[i - 14] ^ SHA1_W[i - 16], 1);
		// Compression function main loop, 80 rounds
		@@ -53,3 +46,3 @@ let { A, B, C, D, E } = this;
		if (i < 20) {
		F = Chi(B, C, D);
		F = (0, _md_js_1.Chi)(B, C, D);
		K = 0x5a827999;
		@@ -62,3 +55,3 @@ }
		else if (i < 60) {
		F = Maj(B, C, D);
		F = (0, _md_js_1.Maj)(B, C, D);
		K = 0x8f1bbcdc;
		@@ -70,6 +63,6 @@ }
		}
		const T = (rotl(A, 5) + F + E + K + SHA1_W[i]) \| 0;
		const T = ((0, utils_js_1.rotl)(A, 5) + F + E + K + SHA1_W[i]) \| 0;
		E = D;
		D = C;
		C = rotl(B, 30);
		C = (0, utils_js_1.rotl)(B, 30);
		B = A;
		@@ -76,0 +69,0 @@ A = T;

sha2.d.ts

		export { sha256, sha224 } from './sha256.js';
		export { sha512, sha512_224, sha512_256, sha384 } from './sha512.js';
		//# sourceMappingURL=sha2.d.ts.map

sha256.d.ts

		@@ -1,3 +0,3 @@
		import { SHA2 } from './_sha2.js';
		declare class SHA256 extends SHA2<SHA256> {
		import { HashMD } from './_md.js';
		declare class SHA256 extends HashMD<SHA256> {
		A: number;
		@@ -35,1 +35,2 @@ B: number;
		export {};
		//# sourceMappingURL=sha256.d.ts.map

sha256.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.sha224 = exports.sha256 = void 0;
		const _sha2_js_1 = require("./_sha2.js");
		const _md_js_1 = require("./_md.js");
		const utils_js_1 = require("./utils.js");
		// SHA2-256 need to try 2^128 hashes to execute birthday attack.
		// BTC network is doing 2^67 hashes/sec as per early 2023.
		// Choice: a ? b : c
		const Chi = (a, b, c) => (a & b) ^ (~a & c);
		// Majority function, true if any two inpust is true
		const Maj = (a, b, c) => (a & b) ^ (a & c) ^ (b & c);
		// Round constants:
		@@ -25,5 +21,6 @@ // first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311)
		]);
		// Initial state (first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19):
		// Initial state:
		// first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19
		// prettier-ignore
		const IV = /* @__PURE__ */ new Uint32Array([
		const SHA256_IV = /* @__PURE__ */ new Uint32Array([
		0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
		@@ -34,3 +31,3 @@ ]);
		const SHA256_W = /* @__PURE__ */ new Uint32Array(64);
		class SHA256 extends _sha2_js_1.SHA2 {
		class SHA256 extends _md_js_1.HashMD {
		constructor() {
		@@ -40,10 +37,10 @@ super(64, 32, 8, false);
		// which means optimizer/compiler cannot use registers.
		this.A = IV[0] \| 0;
		this.B = IV[1] \| 0;
		this.C = IV[2] \| 0;
		this.D = IV[3] \| 0;
		this.E = IV[4] \| 0;
		this.F = IV[5] \| 0;
		this.G = IV[6] \| 0;
		this.H = IV[7] \| 0;
		this.A = SHA256_IV[0] \| 0;
		this.B = SHA256_IV[1] \| 0;
		this.C = SHA256_IV[2] \| 0;
		this.D = SHA256_IV[3] \| 0;
		this.E = SHA256_IV[4] \| 0;
		this.F = SHA256_IV[5] \| 0;
		this.G = SHA256_IV[6] \| 0;
		this.H = SHA256_IV[7] \| 0;
		}
		@@ -80,5 +77,5 @@ get() {
		const sigma1 = (0, utils_js_1.rotr)(E, 6) ^ (0, utils_js_1.rotr)(E, 11) ^ (0, utils_js_1.rotr)(E, 25);
		const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) \| 0;
		const T1 = (H + sigma1 + (0, _md_js_1.Chi)(E, F, G) + SHA256_K[i] + SHA256_W[i]) \| 0;
		const sigma0 = (0, utils_js_1.rotr)(A, 2) ^ (0, utils_js_1.rotr)(A, 13) ^ (0, utils_js_1.rotr)(A, 22);
		const T2 = (sigma0 + Maj(A, B, C)) \| 0;
		const T2 = (sigma0 + (0, _md_js_1.Maj)(A, B, C)) \| 0;
		H = G;
		@@ -85,0 +82,0 @@ G = F;

sha3-addons.d.ts

		@@ -11,3 +11,3 @@ import { Input, Hash, HashXOF } from './utils.js';
		blockLen: number;
		create(opts: cShakeOpts): Hash<Keccak>;
		create(opts: cShakeOpts): HashXOF<Keccak>;
		};
		@@ -18,3 +18,3 @@ export declare const cshake256: {
		blockLen: number;
		create(opts: cShakeOpts): Hash<Keccak>;
		create(opts: cShakeOpts): HashXOF<Keccak>;
		};
		@@ -156,1 +156,2 @@ declare class KMAC extends Keccak implements HashXOF<KMAC> {
		export {};
		//# sourceMappingURL=sha3-addons.d.ts.map

sha3-addons.js

		@@ -49,3 +49,3 @@ "use strict";
		}
		const gencShake = (suffix, blockLen, outputLen) => (0, utils_js_1.wrapConstructorWithOpts)((opts = {}) => cshakePers(new sha3_js_1.Keccak(blockLen, suffix, chooseLen(opts, outputLen), true), opts));
		const gencShake = (suffix, blockLen, outputLen) => (0, utils_js_1.wrapXOFConstructorWithOpts)((opts = {}) => cshakePers(new sha3_js_1.Keccak(blockLen, suffix, chooseLen(opts, outputLen), true), opts));
		exports.cshake128 = (() => gencShake(0x1f, 168, 128 / 8))();
		@@ -52,0 +52,0 @@ exports.cshake256 = (() => gencShake(0x1f, 136, 256 / 8))();

sha3.d.ts

		@@ -98,1 +98,2 @@ import { Hash, Input, HashXOF } from './utils.js';
		};
		//# sourceMappingURL=sha3.d.ts.map

sha3.js

		@@ -10,3 +10,5 @@ "use strict";
		// Various per round constants calculations
		const [SHA3_PI, SHA3_ROTL, _SHA3_IOTA] = [[], [], []];
		const SHA3_PI = [];
		const SHA3_ROTL = [];
		const _SHA3_IOTA = [];
		const _0n = /* @__PURE__ */ BigInt(0);
		@@ -106,3 +108,7 @@ const _1n = /* @__PURE__ */ BigInt(1);
		keccak() {
		if (!utils_js_1.isLE)
		(0, utils_js_1.byteSwap32)(this.state32);
		keccakP(this.state32, this.rounds);
		if (!utils_js_1.isLE)
		(0, utils_js_1.byteSwap32)(this.state32);
		this.posOut = 0;
		@@ -109,0 +115,0 @@ this.pos = 0;

sha512.d.ts

		@@ -1,3 +0,3 @@
		import { SHA2 } from './_sha2.js';
		export declare class SHA512 extends SHA2<SHA512> {
		import { HashMD } from './_md.js';
		export declare class SHA512 extends HashMD<SHA512> {
		Ah: number;
		@@ -67,1 +67,2 @@ Al: number;
		};
		//# sourceMappingURL=sha512.d.ts.map

sha512.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.sha384 = exports.sha512_256 = exports.sha512_224 = exports.sha512 = exports.SHA512 = void 0;
		const _sha2_js_1 = require("./_sha2.js");
		const _md_js_1 = require("./_md.js");
		const _u64_js_1 = require("./_u64.js");
		@@ -34,3 +34,3 @@ const utils_js_1 = require("./utils.js");
		const SHA512_W_L = /* @__PURE__ */ new Uint32Array(80);
		class SHA512 extends _sha2_js_1.SHA2 {
		class SHA512 extends _md_js_1.HashMD {
		constructor() {
		@@ -37,0 +37,0 @@ super(128, 64, 16, false);

src/_assert.ts

		function number(n: number) {
		if (!Number.isSafeInteger(n) \|\| n < 0) throw new Error(`Wrong positive integer: ${n}`);
		if (!Number.isSafeInteger(n) \|\| n < 0) throw new Error(`positive integer expected, not ${n}`);
		}

		function bool(b: boolean) {
		if (typeof b !== 'boolean') throw new Error(`Expected boolean, not ${b}`);
		if (typeof b !== 'boolean') throw new Error(`boolean expected, not ${b}`);
		}

		// copied from utils
		function isBytes(a: unknown): a is Uint8Array {
		export function isBytes(a: unknown): a is Uint8Array {
		return (
		@@ -18,5 +18,5 @@ a instanceof Uint8Array \|\|
		function bytes(b: Uint8Array \| undefined, ...lengths: number[]) {
		if (!isBytes(b)) throw new Error('Expected Uint8Array');
		if (!isBytes(b)) throw new Error('Uint8Array expected');
		if (lengths.length > 0 && !lengths.includes(b.length))
		throw new Error(`Expected Uint8Array of length ${lengths}, not of length=${b.length}`);
		throw new Error(`Uint8Array expected of length ${lengths}, not of length=${b.length}`);
		}
		@@ -30,7 +30,7 @@
		};
		function hash(hash: Hash) {
		if (typeof hash !== 'function' \|\| typeof hash.create !== 'function')
		function hash(h: Hash) {
		if (typeof h !== 'function' \|\| typeof h.create !== 'function')
		throw new Error('Hash should be wrapped by utils.wrapConstructor');
		number(hash.outputLen);
		number(hash.blockLen);
		number(h.outputLen);
		number(h.blockLen);
		}
		@@ -37,0 +37,0 @@

src/argon2.ts

		@@ -50,9 +50,9 @@ import { number as assertNumber } from './_assert.js';
		// Temporary block buffer
		const BUF = new Uint32Array(256);
		const A2_BUF = new Uint32Array(256);

		function G(a: number, b: number, c: number, d: number) {
		let Al = BUF[2a], Ah = BUF[2a + 1]; // prettier-ignore
		let Bl = BUF[2b], Bh = BUF[2b + 1]; // prettier-ignore
		let Cl = BUF[2c], Ch = BUF[2c + 1]; // prettier-ignore
		let Dl = BUF[2d], Dh = BUF[2d + 1]; // prettier-ignore
		let Al = A2_BUF[2a], Ah = A2_BUF[2a + 1]; // prettier-ignore
		let Bl = A2_BUF[2b], Bh = A2_BUF[2b + 1]; // prettier-ignore
		let Cl = A2_BUF[2c], Ch = A2_BUF[2c + 1]; // prettier-ignore
		let Dl = A2_BUF[2d], Dh = A2_BUF[2d + 1]; // prettier-ignore

		@@ -75,6 +75,6 @@ ({ h: Ah, l: Al } = blamka(Ah, Al, Bh, Bl));

		(BUF[2 * a] = Al), (BUF[2 * a + 1] = Ah);
		(BUF[2 * b] = Bl), (BUF[2 * b + 1] = Bh);
		(BUF[2 * c] = Cl), (BUF[2 * c + 1] = Ch);
		(BUF[2 * d] = Dl), (BUF[2 * d + 1] = Dh);
		(A2_BUF[2 * a] = Al), (A2_BUF[2 * a + 1] = Ah);
		(A2_BUF[2 * b] = Bl), (A2_BUF[2 * b + 1] = Bh);
		(A2_BUF[2 * c] = Cl), (A2_BUF[2 * c + 1] = Ch);
		(A2_BUF[2 * d] = Dl), (A2_BUF[2 * d + 1] = Dh);
		}
		@@ -98,3 +98,3 @@
		function block(x: Uint32Array, xPos: number, yPos: number, outPos: number, needXor: boolean) {
		for (let i = 0; i < 256; i++) BUF[i] = x[xPos + i] ^ x[yPos + i];
		for (let i = 0; i < 256; i++) A2_BUF[i] = x[xPos + i] ^ x[yPos + i];

		@@ -118,4 +118,4 @@ // columns

		if (needXor) for (let i = 0; i < 256; i++) x[outPos + i] ^= BUF[i] ^ x[xPos + i] ^ x[yPos + i];
		else for (let i = 0; i < 256; i++) x[outPos + i] = BUF[i] ^ x[xPos + i] ^ x[yPos + i];
		if (needXor) for (let i = 0; i < 256; i++) x[outPos + i] ^= A2_BUF[i] ^ x[xPos + i] ^ x[yPos + i];
		else for (let i = 0; i < 256; i++) x[outPos + i] = A2_BUF[i] ^ x[xPos + i] ^ x[yPos + i];
		}
		@@ -122,0 +122,0 @@

172

src/blake2b.ts

		@@ -1,8 +0,8 @@
		import { BLAKE2, BlakeOpts, SIGMA } from './_blake2.js';
		import { BLAKE, BlakeOpts, SIGMA } from './_blake.js';
		import u64 from './_u64.js';
		import { toBytes, u32, wrapConstructorWithOpts } from './utils.js';
		import { toBytes, u32, wrapConstructorWithOpts, byteSwapIfBE } from './utils.js';

		// Same as SHA-512 but LE
		// prettier-ignore
		const IV = /* @__PURE__ */ new Uint32Array([
		const B2B_IV = /* @__PURE__ */ new Uint32Array([
		0xf3bcc908, 0x6a09e667, 0x84caa73b, 0xbb67ae85, 0xfe94f82b, 0x3c6ef372, 0x5f1d36f1, 0xa54ff53a,
		@@ -12,12 +12,12 @@ 0xade682d1, 0x510e527f, 0x2b3e6c1f, 0x9b05688c, 0xfb41bd6b, 0x1f83d9ab, 0x137e2179, 0x5be0cd19
		// Temporary buffer
		const BUF = /* @__PURE__ */ new Uint32Array(32);
		const BBUF = /* @__PURE__ */ new Uint32Array(32);

		// Mixing function G splitted in two halfs
		function G1(a: number, b: number, c: number, d: number, msg: Uint32Array, x: number) {
		function G1b(a: number, b: number, c: number, d: number, msg: Uint32Array, x: number) {
		// NOTE: V is LE here
		const Xl = msg[x], Xh = msg[x + 1]; // prettier-ignore
		let Al = BUF[2 * a], Ah = BUF[2 * a + 1]; // prettier-ignore
		let Bl = BUF[2 * b], Bh = BUF[2 * b + 1]; // prettier-ignore
		let Cl = BUF[2 * c], Ch = BUF[2 * c + 1]; // prettier-ignore
		let Dl = BUF[2 * d], Dh = BUF[2 * d + 1]; // prettier-ignore
		let Al = BBUF[2 * a], Ah = BBUF[2 * a + 1]; // prettier-ignore
		let Bl = BBUF[2 * b], Bh = BBUF[2 * b + 1]; // prettier-ignore
		let Cl = BBUF[2 * c], Ch = BBUF[2 * c + 1]; // prettier-ignore
		let Dl = BBUF[2 * d], Dh = BBUF[2 * d + 1]; // prettier-ignore
		// v[a] = (v[a] + v[b] + x) \| 0;
		@@ -35,15 +35,15 @@ let ll = u64.add3L(Al, Bl, Xl);
		({ Bh, Bl } = { Bh: u64.rotrSH(Bh, Bl, 24), Bl: u64.rotrSL(Bh, Bl, 24) });
		(BUF[2 * a] = Al), (BUF[2 * a + 1] = Ah);
		(BUF[2 * b] = Bl), (BUF[2 * b + 1] = Bh);
		(BUF[2 * c] = Cl), (BUF[2 * c + 1] = Ch);
		(BUF[2 * d] = Dl), (BUF[2 * d + 1] = Dh);
		(BBUF[2 * a] = Al), (BBUF[2 * a + 1] = Ah);
		(BBUF[2 * b] = Bl), (BBUF[2 * b + 1] = Bh);
		(BBUF[2 * c] = Cl), (BBUF[2 * c + 1] = Ch);
		(BBUF[2 * d] = Dl), (BBUF[2 * d + 1] = Dh);
		}

		function G2(a: number, b: number, c: number, d: number, msg: Uint32Array, x: number) {
		function G2b(a: number, b: number, c: number, d: number, msg: Uint32Array, x: number) {
		// NOTE: V is LE here
		const Xl = msg[x], Xh = msg[x + 1]; // prettier-ignore
		let Al = BUF[2 * a], Ah = BUF[2 * a + 1]; // prettier-ignore
		let Bl = BUF[2 * b], Bh = BUF[2 * b + 1]; // prettier-ignore
		let Cl = BUF[2 * c], Ch = BUF[2 * c + 1]; // prettier-ignore
		let Dl = BUF[2 * d], Dh = BUF[2 * d + 1]; // prettier-ignore
		let Al = BBUF[2 * a], Ah = BBUF[2 * a + 1]; // prettier-ignore
		let Bl = BBUF[2 * b], Bh = BBUF[2 * b + 1]; // prettier-ignore
		let Cl = BBUF[2 * c], Ch = BBUF[2 * c + 1]; // prettier-ignore
		let Dl = BBUF[2 * d], Dh = BBUF[2 * d + 1]; // prettier-ignore
		// v[a] = (v[a] + v[b] + x) \| 0;
		@@ -61,26 +61,26 @@ let ll = u64.add3L(Al, Bl, Xl);
		({ Bh, Bl } = { Bh: u64.rotrBH(Bh, Bl, 63), Bl: u64.rotrBL(Bh, Bl, 63) });
		(BUF[2 * a] = Al), (BUF[2 * a + 1] = Ah);
		(BUF[2 * b] = Bl), (BUF[2 * b + 1] = Bh);
		(BUF[2 * c] = Cl), (BUF[2 * c + 1] = Ch);
		(BUF[2 * d] = Dl), (BUF[2 * d + 1] = Dh);
		(BBUF[2 * a] = Al), (BBUF[2 * a + 1] = Ah);
		(BBUF[2 * b] = Bl), (BBUF[2 * b + 1] = Bh);
		(BBUF[2 * c] = Cl), (BBUF[2 * c + 1] = Ch);
		(BBUF[2 * d] = Dl), (BBUF[2 * d + 1] = Dh);
		}

		class BLAKE2b extends BLAKE2<BLAKE2b> {
		class BLAKE2b extends BLAKE<BLAKE2b> {
		// Same as SHA-512, but LE
		private v0l = IV[0] \| 0;
		private v0h = IV[1] \| 0;
		private v1l = IV[2] \| 0;
		private v1h = IV[3] \| 0;
		private v2l = IV[4] \| 0;
		private v2h = IV[5] \| 0;
		private v3l = IV[6] \| 0;
		private v3h = IV[7] \| 0;
		private v4l = IV[8] \| 0;
		private v4h = IV[9] \| 0;
		private v5l = IV[10] \| 0;
		private v5h = IV[11] \| 0;
		private v6l = IV[12] \| 0;
		private v6h = IV[13] \| 0;
		private v7l = IV[14] \| 0;
		private v7h = IV[15] \| 0;
		private v0l = B2B_IV[0] \| 0;
		private v0h = B2B_IV[1] \| 0;
		private v1l = B2B_IV[2] \| 0;
		private v1h = B2B_IV[3] \| 0;
		private v2l = B2B_IV[4] \| 0;
		private v2h = B2B_IV[5] \| 0;
		private v3l = B2B_IV[6] \| 0;
		private v3h = B2B_IV[7] \| 0;
		private v4l = B2B_IV[8] \| 0;
		private v4h = B2B_IV[9] \| 0;
		private v5l = B2B_IV[10] \| 0;
		private v5h = B2B_IV[11] \| 0;
		private v6l = B2B_IV[12] \| 0;
		private v6h = B2B_IV[13] \| 0;
		private v7l = B2B_IV[14] \| 0;
		private v7h = B2B_IV[15] \| 0;

		@@ -93,13 +93,13 @@ constructor(opts: BlakeOpts = {}) {
		const salt = u32(toBytes(opts.salt));
		this.v4l ^= salt[0];
		this.v4h ^= salt[1];
		this.v5l ^= salt[2];
		this.v5h ^= salt[3];
		this.v4l ^= byteSwapIfBE(salt[0]);
		this.v4h ^= byteSwapIfBE(salt[1]);
		this.v5l ^= byteSwapIfBE(salt[2]);
		this.v5h ^= byteSwapIfBE(salt[3]);
		}
		if (opts.personalization) {
		const pers = u32(toBytes(opts.personalization));
		this.v6l ^= pers[0];
		this.v6h ^= pers[1];
		this.v7l ^= pers[2];
		this.v7h ^= pers[3];
		this.v6l ^= byteSwapIfBE(pers[0]);
		this.v6h ^= byteSwapIfBE(pers[1]);
		this.v7l ^= byteSwapIfBE(pers[2]);
		this.v7h ^= byteSwapIfBE(pers[3]);
		}
		@@ -146,11 +146,11 @@ if (opts.key) {
		protected compress(msg: Uint32Array, offset: number, isLast: boolean) {
		this.get().forEach((v, i) => (BUF[i] = v)); // First half from state.
		BUF.set(IV, 16); // Second half from IV.
		this.get().forEach((v, i) => (BBUF[i] = v)); // First half from state.
		BBUF.set(B2B_IV, 16); // Second half from IV.
		let { h, l } = u64.fromBig(BigInt(this.length));
		BUF[24] = IV[8] ^ l; // Low word of the offset.
		BUF[25] = IV[9] ^ h; // High word.
		BBUF[24] = B2B_IV[8] ^ l; // Low word of the offset.
		BBUF[25] = B2B_IV[9] ^ h; // High word.
		// Invert all bits for last block
		if (isLast) {
		BUF[28] = ~BUF[28];
		BUF[29] = ~BUF[29];
		BBUF[28] = ~BBUF[28];
		BBUF[29] = ~BBUF[29];
		}
		@@ -160,37 +160,37 @@ let j = 0;
		for (let i = 0; i < 12; i++) {
		G1(0, 4, 8, 12, msg, offset + 2 * s[j++]);
		G2(0, 4, 8, 12, msg, offset + 2 * s[j++]);
		G1(1, 5, 9, 13, msg, offset + 2 * s[j++]);
		G2(1, 5, 9, 13, msg, offset + 2 * s[j++]);
		G1(2, 6, 10, 14, msg, offset + 2 * s[j++]);
		G2(2, 6, 10, 14, msg, offset + 2 * s[j++]);
		G1(3, 7, 11, 15, msg, offset + 2 * s[j++]);
		G2(3, 7, 11, 15, msg, offset + 2 * s[j++]);
		G1b(0, 4, 8, 12, msg, offset + 2 * s[j++]);
		G2b(0, 4, 8, 12, msg, offset + 2 * s[j++]);
		G1b(1, 5, 9, 13, msg, offset + 2 * s[j++]);
		G2b(1, 5, 9, 13, msg, offset + 2 * s[j++]);
		G1b(2, 6, 10, 14, msg, offset + 2 * s[j++]);
		G2b(2, 6, 10, 14, msg, offset + 2 * s[j++]);
		G1b(3, 7, 11, 15, msg, offset + 2 * s[j++]);
		G2b(3, 7, 11, 15, msg, offset + 2 * s[j++]);

		G1(0, 5, 10, 15, msg, offset + 2 * s[j++]);
		G2(0, 5, 10, 15, msg, offset + 2 * s[j++]);
		G1(1, 6, 11, 12, msg, offset + 2 * s[j++]);
		G2(1, 6, 11, 12, msg, offset + 2 * s[j++]);
		G1(2, 7, 8, 13, msg, offset + 2 * s[j++]);
		G2(2, 7, 8, 13, msg, offset + 2 * s[j++]);
		G1(3, 4, 9, 14, msg, offset + 2 * s[j++]);
		G2(3, 4, 9, 14, msg, offset + 2 * s[j++]);
		G1b(0, 5, 10, 15, msg, offset + 2 * s[j++]);
		G2b(0, 5, 10, 15, msg, offset + 2 * s[j++]);
		G1b(1, 6, 11, 12, msg, offset + 2 * s[j++]);
		G2b(1, 6, 11, 12, msg, offset + 2 * s[j++]);
		G1b(2, 7, 8, 13, msg, offset + 2 * s[j++]);
		G2b(2, 7, 8, 13, msg, offset + 2 * s[j++]);
		G1b(3, 4, 9, 14, msg, offset + 2 * s[j++]);
		G2b(3, 4, 9, 14, msg, offset + 2 * s[j++]);
		}
		this.v0l ^= BUF[0] ^ BUF[16];
		this.v0h ^= BUF[1] ^ BUF[17];
		this.v1l ^= BUF[2] ^ BUF[18];
		this.v1h ^= BUF[3] ^ BUF[19];
		this.v2l ^= BUF[4] ^ BUF[20];
		this.v2h ^= BUF[5] ^ BUF[21];
		this.v3l ^= BUF[6] ^ BUF[22];
		this.v3h ^= BUF[7] ^ BUF[23];
		this.v4l ^= BUF[8] ^ BUF[24];
		this.v4h ^= BUF[9] ^ BUF[25];
		this.v5l ^= BUF[10] ^ BUF[26];
		this.v5h ^= BUF[11] ^ BUF[27];
		this.v6l ^= BUF[12] ^ BUF[28];
		this.v6h ^= BUF[13] ^ BUF[29];
		this.v7l ^= BUF[14] ^ BUF[30];
		this.v7h ^= BUF[15] ^ BUF[31];
		BUF.fill(0);
		this.v0l ^= BBUF[0] ^ BBUF[16];
		this.v0h ^= BBUF[1] ^ BBUF[17];
		this.v1l ^= BBUF[2] ^ BBUF[18];
		this.v1h ^= BBUF[3] ^ BBUF[19];
		this.v2l ^= BBUF[4] ^ BBUF[20];
		this.v2h ^= BBUF[5] ^ BBUF[21];
		this.v3l ^= BBUF[6] ^ BBUF[22];
		this.v3h ^= BBUF[7] ^ BBUF[23];
		this.v4l ^= BBUF[8] ^ BBUF[24];
		this.v4h ^= BBUF[9] ^ BBUF[25];
		this.v5l ^= BBUF[10] ^ BBUF[26];
		this.v5h ^= BBUF[11] ^ BBUF[27];
		this.v6l ^= BBUF[12] ^ BBUF[28];
		this.v6h ^= BBUF[13] ^ BBUF[29];
		this.v7l ^= BBUF[14] ^ BBUF[30];
		this.v7h ^= BBUF[15] ^ BBUF[31];
		BBUF.fill(0);
		}
		@@ -197,0 +197,0 @@ destroy() {

src/blake2s.ts

		@@ -1,13 +0,14 @@
		import { BLAKE2, BlakeOpts, SIGMA } from './_blake2.js';
		import { BLAKE, BlakeOpts, SIGMA } from './_blake.js';
		import { fromBig } from './_u64.js';
		import { rotr, toBytes, wrapConstructorWithOpts, u32 } from './utils.js';
		import { rotr, toBytes, wrapConstructorWithOpts, u32, byteSwapIfBE } from './utils.js';

		// Initial state:
		// first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19)
		// same as SHA-256
		// Initial state: same as SHA256
		// first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19
		// prettier-ignore
		export const IV = /* @__PURE__ */new Uint32Array([0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19]);
		export const B2S_IV = /* @__PURE__ */ new Uint32Array([
		0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
		]);

		// Mixing function G splitted in two halfs
		function G1(a: number, b: number, c: number, d: number, x: number) {
		function G1s(a: number, b: number, c: number, d: number, x: number) {
		a = (a + b + x) \| 0;
		@@ -20,3 +21,3 @@ d = rotr(d ^ a, 16);

		function G2(a: number, b: number, c: number, d: number, x: number) {
		function G2s(a: number, b: number, c: number, d: number, x: number) {
		a = (a + b + x) \| 0;
		@@ -28,2 +29,3 @@ d = rotr(d ^ a, 8);
		}

		// prettier-ignore
		@@ -36,19 +38,19 @@ export function compress(s: Uint8Array, offset: number, msg: Uint32Array, rounds: number,
		for (let i = 0; i < rounds; i++) {
		({ a: v0, b: v4, c: v8, d: v12 } = G1(v0, v4, v8, v12, msg[offset + s[j++]]));
		({ a: v0, b: v4, c: v8, d: v12 } = G2(v0, v4, v8, v12, msg[offset + s[j++]]));
		({ a: v1, b: v5, c: v9, d: v13 } = G1(v1, v5, v9, v13, msg[offset + s[j++]]));
		({ a: v1, b: v5, c: v9, d: v13 } = G2(v1, v5, v9, v13, msg[offset + s[j++]]));
		({ a: v2, b: v6, c: v10, d: v14 } = G1(v2, v6, v10, v14, msg[offset + s[j++]]));
		({ a: v2, b: v6, c: v10, d: v14 } = G2(v2, v6, v10, v14, msg[offset + s[j++]]));
		({ a: v3, b: v7, c: v11, d: v15 } = G1(v3, v7, v11, v15, msg[offset + s[j++]]));
		({ a: v3, b: v7, c: v11, d: v15 } = G2(v3, v7, v11, v15, msg[offset + s[j++]]));
		({ a: v0, b: v4, c: v8, d: v12 } = G1s(v0, v4, v8, v12, msg[offset + s[j++]]));
		({ a: v0, b: v4, c: v8, d: v12 } = G2s(v0, v4, v8, v12, msg[offset + s[j++]]));
		({ a: v1, b: v5, c: v9, d: v13 } = G1s(v1, v5, v9, v13, msg[offset + s[j++]]));
		({ a: v1, b: v5, c: v9, d: v13 } = G2s(v1, v5, v9, v13, msg[offset + s[j++]]));
		({ a: v2, b: v6, c: v10, d: v14 } = G1s(v2, v6, v10, v14, msg[offset + s[j++]]));
		({ a: v2, b: v6, c: v10, d: v14 } = G2s(v2, v6, v10, v14, msg[offset + s[j++]]));
		({ a: v3, b: v7, c: v11, d: v15 } = G1s(v3, v7, v11, v15, msg[offset + s[j++]]));
		({ a: v3, b: v7, c: v11, d: v15 } = G2s(v3, v7, v11, v15, msg[offset + s[j++]]));

		({ a: v0, b: v5, c: v10, d: v15 } = G1(v0, v5, v10, v15, msg[offset + s[j++]]));
		({ a: v0, b: v5, c: v10, d: v15 } = G2(v0, v5, v10, v15, msg[offset + s[j++]]));
		({ a: v1, b: v6, c: v11, d: v12 } = G1(v1, v6, v11, v12, msg[offset + s[j++]]));
		({ a: v1, b: v6, c: v11, d: v12 } = G2(v1, v6, v11, v12, msg[offset + s[j++]]));
		({ a: v2, b: v7, c: v8, d: v13 } = G1(v2, v7, v8, v13, msg[offset + s[j++]]));
		({ a: v2, b: v7, c: v8, d: v13 } = G2(v2, v7, v8, v13, msg[offset + s[j++]]));
		({ a: v3, b: v4, c: v9, d: v14 } = G1(v3, v4, v9, v14, msg[offset + s[j++]]));
		({ a: v3, b: v4, c: v9, d: v14 } = G2(v3, v4, v9, v14, msg[offset + s[j++]]));
		({ a: v0, b: v5, c: v10, d: v15 } = G1s(v0, v5, v10, v15, msg[offset + s[j++]]));
		({ a: v0, b: v5, c: v10, d: v15 } = G2s(v0, v5, v10, v15, msg[offset + s[j++]]));
		({ a: v1, b: v6, c: v11, d: v12 } = G1s(v1, v6, v11, v12, msg[offset + s[j++]]));
		({ a: v1, b: v6, c: v11, d: v12 } = G2s(v1, v6, v11, v12, msg[offset + s[j++]]));
		({ a: v2, b: v7, c: v8, d: v13 } = G1s(v2, v7, v8, v13, msg[offset + s[j++]]));
		({ a: v2, b: v7, c: v8, d: v13 } = G2s(v2, v7, v8, v13, msg[offset + s[j++]]));
		({ a: v3, b: v4, c: v9, d: v14 } = G1s(v3, v4, v9, v14, msg[offset + s[j++]]));
		({ a: v3, b: v4, c: v9, d: v14 } = G2s(v3, v4, v9, v14, msg[offset + s[j++]]));
		}
		@@ -58,12 +60,12 @@ return { v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15 };

		class BLAKE2s extends BLAKE2<BLAKE2s> {
		class BLAKE2s extends BLAKE<BLAKE2s> {
		// Internal state, same as SHA-256
		private v0 = IV[0] \| 0;
		private v1 = IV[1] \| 0;
		private v2 = IV[2] \| 0;
		private v3 = IV[3] \| 0;
		private v4 = IV[4] \| 0;
		private v5 = IV[5] \| 0;
		private v6 = IV[6] \| 0;
		private v7 = IV[7] \| 0;
		private v0 = B2S_IV[0] \| 0;
		private v1 = B2S_IV[1] \| 0;
		private v2 = B2S_IV[2] \| 0;
		private v3 = B2S_IV[3] \| 0;
		private v4 = B2S_IV[4] \| 0;
		private v5 = B2S_IV[5] \| 0;
		private v6 = B2S_IV[6] \| 0;
		private v7 = B2S_IV[7] \| 0;

		@@ -76,9 +78,9 @@ constructor(opts: BlakeOpts = {}) {
		const salt = u32(toBytes(opts.salt));
		this.v4 ^= salt[0];
		this.v5 ^= salt[1];
		this.v4 ^= byteSwapIfBE(salt[0]);
		this.v5 ^= byteSwapIfBE(salt[1]);
		}
		if (opts.personalization) {
		const pers = u32(toBytes(opts.personalization));
		this.v6 ^= pers[0];
		this.v7 ^= pers[1];
		this.v6 ^= byteSwapIfBE(pers[0]);
		this.v7 ^= byteSwapIfBE(pers[1]);
		}
		@@ -116,3 +118,3 @@ if (opts.key) {
		this.v0, this.v1, this.v2, this.v3, this.v4, this.v5, this.v6, this.v7,
		IV[0], IV[1], IV[2], IV[3], l ^ IV[4], h ^ IV[5], isLast ? ~IV[6] : IV[6], IV[7]
		B2S_IV[0], B2S_IV[1], B2S_IV[2], B2S_IV[3], l ^ B2S_IV[4], h ^ B2S_IV[5], isLast ? ~B2S_IV[6] : B2S_IV[6], B2S_IV[7]
		);
		@@ -119,0 +121,0 @@ this.v0 ^= v0 ^ v8;

src/blake3.ts

		import { bytes, exists, number, output } from './_assert.js';
		import { fromBig } from './_u64.js';
		import { BLAKE2 } from './_blake2.js';
		import { compress, IV } from './blake2s.js';
		import { Input, u8, u32, toBytes, HashXOF, wrapXOFConstructorWithOpts } from './utils.js';
		import { BLAKE } from './_blake.js';
		import { compress, B2S_IV } from './blake2s.js';
		import {
		Input,
		u8,
		u32,
		toBytes,
		HashXOF,
		wrapXOFConstructorWithOpts,
		isLE,
		byteSwap32,
		} from './utils.js';

		@@ -10,3 +19,3 @@ // Blake3 is single-option Blake2 with reduced security (round count).
		// Flag bitset
		const enum Flags {
		const enum B3_Flags {
		CHUNK_START = 1 << 0,
		@@ -44,3 +53,3 @@ CHUNK_END = 1 << 1,
		// which won't really benefit small inputs.
		class BLAKE3 extends BLAKE2<BLAKE3> implements HashXOF<BLAKE3> {
		class BLAKE3 extends BLAKE<BLAKE3> implements HashXOF<BLAKE3> {
		private IV: Uint32Array;
		@@ -69,11 +78,13 @@ private flags = 0 \| 0;
		this.IV = u32(key);
		this.flags = flags \| Flags.KEYED_HASH;
		if (!isLE) byteSwap32(this.IV);
		this.flags = flags \| B3_Flags.KEYED_HASH;
		} else if (opts.context !== undefined) {
		const context_key = new BLAKE3({ dkLen: 32 }, Flags.DERIVE_KEY_CONTEXT)
		const context_key = new BLAKE3({ dkLen: 32 }, B3_Flags.DERIVE_KEY_CONTEXT)
		.update(opts.context)
		.digest();
		this.IV = u32(context_key);
		this.flags = flags \| Flags.DERIVE_KEY_MATERIAL;
		if (!isLE) byteSwap32(this.IV);
		this.flags = flags \| B3_Flags.DERIVE_KEY_MATERIAL;
		} else {
		this.IV = IV.slice();
		this.IV = B2S_IV.slice();
		this.flags = flags;
		@@ -97,3 +108,3 @@ }
		s[0], s[1], s[2], s[3], s[4], s[5], s[6], s[7],
		IV[0], IV[1], IV[2], IV[3], h, l, pos, flags
		B2S_IV[0], B2S_IV[1], B2S_IV[2], B2S_IV[3], h, l, pos, flags
		);
		@@ -112,4 +123,4 @@ s[0] = v0 ^ v8;
		let flags = this.flags;
		if (!this.chunkPos) flags \|= Flags.CHUNK_START;
		if (this.chunkPos === 15 \|\| isLast) flags \|= Flags.CHUNK_END;
		if (!this.chunkPos) flags \|= B3_Flags.CHUNK_START;
		if (this.chunkPos === 15 \|\| isLast) flags \|= B3_Flags.CHUNK_END;
		if (!isLast) this.pos = this.blockLen;
		@@ -133,3 +144,3 @@ this.b2Compress(this.chunksDone, flags, buf, bufPos);
		this.pos = this.blockLen;
		this.b2Compress(0, this.flags \| Flags.PARENT, this.buffer32, 0);
		this.b2Compress(0, this.flags \| B3_Flags.PARENT, this.buffer32, 0);
		chunk = this.state;
		@@ -171,2 +182,3 @@ this.state = this.IV.slice();
		const { h, l } = fromBig(BigInt(this.chunkOut++));
		if (!isLE) byteSwap32(buffer32);
		// prettier-ignore
		@@ -177,3 +189,3 @@ const { v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15 } =
		s[0], s[1], s[2], s[3], s[4], s[5], s[6], s[7],
		IV[0], IV[1], IV[2], IV[3], l, h, pos, flags
		B2S_IV[0], B2S_IV[1], B2S_IV[2], B2S_IV[3], l, h, pos, flags
		);
		@@ -196,2 +208,6 @@ out32[0] = v0 ^ v8;
		out32[15] = s[7] ^ v15;
		if (!isLE) {
		byteSwap32(buffer32);
		byteSwap32(out32);
		}
		this.posOut = 0;
		@@ -205,10 +221,12 @@ }
		// Process last chunk
		let flags = this.flags \| Flags.ROOT;
		let flags = this.flags \| B3_Flags.ROOT;
		if (this.stack.length) {
		flags \|= Flags.PARENT;
		flags \|= B3_Flags.PARENT;
		if (!isLE) byteSwap32(this.buffer32);
		this.compress(this.buffer32, 0, true);
		if (!isLE) byteSwap32(this.buffer32);
		this.chunksDone = 0;
		this.pos = this.blockLen;
		} else {
		flags \|= (!this.chunkPos ? Flags.CHUNK_START : 0) \| Flags.CHUNK_END;
		flags \|= (!this.chunkPos ? B3_Flags.CHUNK_START : 0) \| B3_Flags.CHUNK_END;
		}
		@@ -215,0 +233,0 @@ this.flags = flags;

src/ripemd160.ts

		@@ -1,3 +0,3 @@
		import { SHA2 } from './_sha2.js';
		import { wrapConstructor } from './utils.js';
		import { HashMD } from './_md.js';
		import { rotl, wrapConstructor } from './utils.js';

		@@ -7,3 +7,3 @@ // https://homes.esat.kuleuven.be/~bosselae/ripemd160.html
		const Rho = /* @__PURE__ */ new Uint8Array([7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8]);
		const Id = /* @__PURE__ */ Uint8Array.from({ length: 16 }, (_, i) => i);
		const Id = /* @__PURE__ */ new Uint8Array(new Array(16).fill(0).map((_, i) => i));
		const Pi = /* @__PURE__ / Id.map((i) => (9 i + 5) % 16);
		@@ -29,4 +29,2 @@ let idxL = [Id];
		]);
		// The rotate left (circular left shift) operation for uint32
		const rotl = (word: number, shift: number) => (word << shift) \| (word >>> (32 - shift));
		// It's called f() in spec.
		@@ -41,4 +39,4 @@ function f(group: number, x: number, y: number, z: number): number {
		// Temporary buffer, not used to store anything between runs
		const BUF = /* @__PURE__ */ new Uint32Array(16);
		export class RIPEMD160 extends SHA2<RIPEMD160> {
		const R_BUF = /* @__PURE__ */ new Uint32Array(16);
		export class RIPEMD160 extends HashMD<RIPEMD160> {
		private h0 = 0x67452301 \| 0;
		@@ -65,3 +63,3 @@ private h1 = 0xefcdab89 \| 0;
		protected process(view: DataView, offset: number): void {
		for (let i = 0; i < 16; i++, offset += 4) BUF[i] = view.getUint32(offset, true);
		for (let i = 0; i < 16; i++, offset += 4) R_BUF[i] = view.getUint32(offset, true);
		// prettier-ignore
		@@ -82,3 +80,3 @@ let al = this.h0 \| 0, ar = al,
		for (let i = 0; i < 16; i++) {
		const tl = (rotl(al + f(group, bl, cl, dl) + BUF[rl[i]] + hbl, sl[i]) + el) \| 0;
		const tl = (rotl(al + f(group, bl, cl, dl) + R_BUF[rl[i]] + hbl, sl[i]) + el) \| 0;
		al = el, el = dl, dl = rotl(cl, 10) \| 0, cl = bl, bl = tl; // prettier-ignore
		@@ -88,3 +86,3 @@ }
		for (let i = 0; i < 16; i++) {
		const tr = (rotl(ar + f(rGroup, br, cr, dr) + BUF[rr[i]] + hbr, sr[i]) + er) \| 0;
		const tr = (rotl(ar + f(rGroup, br, cr, dr) + R_BUF[rr[i]] + hbr, sr[i]) + er) \| 0;
		ar = er, er = dr, dr = rotl(cr, 10) \| 0, cr = br, br = tr; // prettier-ignore
		@@ -103,3 +101,3 @@ }
		protected roundClean() {
		BUF.fill(0);
		R_BUF.fill(0);
		}
		@@ -106,0 +104,0 @@ destroy() {

src/scrypt.ts

		import { number as assertNumber } from './_assert.js';
		import { sha256 } from './sha256.js';
		import { pbkdf2 } from './pbkdf2.js';
		import { asyncLoop, checkOpts, Input, u32 } from './utils.js';
		import { rotl, asyncLoop, checkOpts, Input, u32, isLE, byteSwap32 } from './utils.js';

		// RFC 7914 Scrypt KDF

		// Left rotate for uint32
		const rotl = (a: number, b: number) => (a << b) \| (a >>> (32 - b));

		// The main Scrypt loop: uses Salsa extensively.
		@@ -192,2 +189,3 @@ // Six versions of the function were tried, this is the fastest one.
		);
		if (!isLE) byteSwap32(B32);
		for (let pi = 0; pi < p; pi++) {
		@@ -210,2 +208,3 @@ const Pi = blockSize32 * pi;
		}
		if (!isLE) byteSwap32(B32);
		return scryptOutput(password, dkLen, B, V, tmp);
		@@ -223,2 +222,3 @@ }
		);
		if (!isLE) byteSwap32(B32);
		for (let pi = 0; pi < p; pi++) {
		@@ -242,3 +242,4 @@ const Pi = blockSize32 * pi;
		}
		if (!isLE) byteSwap32(B32);
		return scryptOutput(password, dkLen, B, V, tmp);
		}

src/sha1.ts

		@@ -1,16 +0,8 @@
		import { SHA2 } from './_sha2.js';
		import { wrapConstructor } from './utils.js';
		import { HashMD, Chi, Maj } from './_md.js';
		import { rotl, wrapConstructor } from './utils.js';

		// SHA1 was cryptographically broken.
		// It is still widely used in legacy apps. Don't use it for a new protocol.
		// SHA1 (RFC 3174) was cryptographically broken. It's still used. Don't use it for a new protocol.

		// RFC 3174
		const rotl = (word: number, shift: number) => (word << shift) \| ((word >>> (32 - shift)) >>> 0);
		// Choice: a ? b : c
		const Chi = (a: number, b: number, c: number) => (a & b) ^ (~a & c);
		// Majority function, true if any two inpust is true
		const Maj = (a: number, b: number, c: number) => (a & b) ^ (a & c) ^ (b & c);

		// Initial state
		const IV = /* @__PURE__ */ new Uint32Array([
		const SHA1_IV = /* @__PURE__ */ new Uint32Array([
		0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0,
		@@ -22,8 +14,8 @@ ]);
		const SHA1_W = /* @__PURE__ */ new Uint32Array(80);
		class SHA1 extends SHA2<SHA1> {
		private A = IV[0] \| 0;
		private B = IV[1] \| 0;
		private C = IV[2] \| 0;
		private D = IV[3] \| 0;
		private E = IV[4] \| 0;
		class SHA1 extends HashMD<SHA1> {
		private A = SHA1_IV[0] \| 0;
		private B = SHA1_IV[1] \| 0;
		private C = SHA1_IV[2] \| 0;
		private D = SHA1_IV[3] \| 0;
		private E = SHA1_IV[4] \| 0;

		@@ -30,0 +22,0 @@ constructor() {

src/sha256.ts

		@@ -1,2 +0,2 @@
		import { SHA2 } from './_sha2.js';
		import { HashMD, Chi, Maj } from './_md.js';
		import { rotr, wrapConstructor } from './utils.js';
		@@ -7,11 +7,6 @@

		// Choice: a ? b : c
		const Chi = (a: number, b: number, c: number) => (a & b) ^ (~a & c);
		// Majority function, true if any two inpust is true
		const Maj = (a: number, b: number, c: number) => (a & b) ^ (a & c) ^ (b & c);

		// Round constants:
		// first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311)
		// prettier-ignore
		const SHA256_K = /* @__PURE__ */new Uint32Array([
		const SHA256_K = /* @__PURE__ */ new Uint32Array([
		0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
		@@ -27,5 +22,6 @@ 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,

		// Initial state (first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19):
		// Initial state:
		// first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19
		// prettier-ignore
		const IV = /* @__PURE__ */new Uint32Array([
		const SHA256_IV = /* @__PURE__ */ new Uint32Array([
		0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
		@@ -37,13 +33,13 @@ ]);
		const SHA256_W = /* @__PURE__ */ new Uint32Array(64);
		class SHA256 extends SHA2<SHA256> {
		class SHA256 extends HashMD<SHA256> {
		// We cannot use array here since array allows indexing by variable
		// which means optimizer/compiler cannot use registers.
		A = IV[0] \| 0;
		B = IV[1] \| 0;
		C = IV[2] \| 0;
		D = IV[3] \| 0;
		E = IV[4] \| 0;
		F = IV[5] \| 0;
		G = IV[6] \| 0;
		H = IV[7] \| 0;
		A = SHA256_IV[0] \| 0;
		B = SHA256_IV[1] \| 0;
		C = SHA256_IV[2] \| 0;
		D = SHA256_IV[3] \| 0;
		E = SHA256_IV[4] \| 0;
		F = SHA256_IV[5] \| 0;
		G = SHA256_IV[6] \| 0;
		H = SHA256_IV[7] \| 0;

		@@ -50,0 +46,0 @@ constructor() {

src/sha3-addons.ts

		@@ -57,3 +57,3 @@ import { number as assertNumber } from './_assert.js';
		const gencShake = (suffix: number, blockLen: number, outputLen: number) =>
		wrapConstructorWithOpts<Keccak, cShakeOpts>((opts: cShakeOpts = {}) =>
		wrapXOFConstructorWithOpts<Keccak, cShakeOpts>((opts: cShakeOpts = {}) =>
		cshakePers(new Keccak(blockLen, suffix, chooseLen(opts, outputLen), true), opts)
		@@ -60,0 +60,0 @@ );

src/sha3.ts

		@@ -11,2 +11,4 @@ import { bytes, exists, number, output } from './_assert.js';
		HashXOF,
		isLE,
		byteSwap32,
		} from './utils.js';
		@@ -18,3 +20,5 @@
		// Various per round constants calculations
		const [SHA3_PI, SHA3_ROTL, _SHA3_IOTA]: [number[], number[], bigint[]] = [[], [], []];
		const SHA3_PI: number[] = [];
		const SHA3_ROTL: number[] = [];
		const _SHA3_IOTA: bigint[] = [];
		const _0n = /* @__PURE__ */ BigInt(0);
		@@ -115,3 +119,5 @@ const _1n = /* @__PURE__ */ BigInt(1);
		protected keccak() {
		if (!isLE) byteSwap32(this.state32);
		keccakP(this.state32, this.rounds);
		if (!isLE) byteSwap32(this.state32);
		this.posOut = 0;
		@@ -118,0 +124,0 @@ this.pos = 0;

src/sha512.ts

		@@ -1,2 +0,2 @@
		import { SHA2 } from './_sha2.js';
		import { HashMD } from './_md.js';
		import u64 from './_u64.js';
		@@ -33,3 +33,3 @@ import { wrapConstructor } from './utils.js';
		const SHA512_W_L = /* @__PURE__ */ new Uint32Array(80);
		export class SHA512 extends SHA2<SHA512> {
		export class SHA512 extends HashMD<SHA512> {
		// We cannot use array here since array allows indexing by variable which means optimizer/compiler cannot use registers.
		@@ -36,0 +36,0 @@ // Also looks cleaner and easier to verify with spec.

src/utils.ts

		@@ -10,2 +10,11 @@ /! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		import { crypto } from '@noble/hashes/crypto';
		import { bytes as abytes } from './_assert.js';
		// export { isBytes } from './_assert.js';
		// We can't reuse isBytes from _assert, because somehow this causes huge perf issues
		export function isBytes(a: unknown): a is Uint8Array {
		return (
		a instanceof Uint8Array \|\|
		(a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array')
		);
		}

		@@ -21,9 +30,2 @@ // prettier-ignore

		function isBytes(a: unknown): a is Uint8Array {
		return (
		a instanceof Uint8Array \|\|
		(a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array')
		);
		}

		// Cast array to view
		@@ -35,10 +37,23 @@ export const createView = (arr: TypedArray) =>
		export const rotr = (word: number, shift: number) => (word << (32 - shift)) \| (word >>> shift);
		// The rotate left (circular left shift) operation for uint32
		export const rotl = (word: number, shift: number) =>
		(word << shift) \| ((word >>> (32 - shift)) >>> 0);

		// big-endian hardware is rare. Just in case someone still decides to run hashes:
		// early-throw an error because we don't support BE yet.
		// Other libraries would silently corrupt the data instead of throwing an error,
		// when they don't support it.
		export const isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44;
		if (!isLE) throw new Error('Non little-endian hardware is not supported');
		// The byte swap operation for uint32
		export const byteSwap = (word: number) =>
		((word << 24) & 0xff000000) \|
		((word << 8) & 0xff0000) \|
		((word >>> 8) & 0xff00) \|
		((word >>> 24) & 0xff);
		// Conditionally byte swap if on a big-endian platform
		export const byteSwapIfBE = isLE ? (n: number) => n : (n: number) => byteSwap(n);

		// In place byte swap for Uint32Array
		export function byteSwap32(arr: Uint32Array) {
		for (let i = 0; i < arr.length; i++) {
		arr[i] = byteSwap(arr[i]);
		}
		}

		// Array where index 0xf0 (240) is mapped to string 'f0'
		@@ -52,3 +67,3 @@ const hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) =>
		export function bytesToHex(bytes: Uint8Array): string {
		if (!isBytes(bytes)) throw new Error('Uint8Array expected');
		abytes(bytes);
		// pre-caching improves the speed 6x
		@@ -130,3 +145,3 @@ let hex = '';
		if (typeof data === 'string') data = utf8ToBytes(data);
		if (!isBytes(data)) throw new Error(`expected Uint8Array, got ${typeof data}`);
		abytes(data);
		return data;
		@@ -142,3 +157,3 @@ }
		const a = arrays[i];
		if (!isBytes(a)) throw new Error('Uint8Array expected');
		abytes(a);
		sum += a.length;
		@@ -145,0 +160,0 @@ }

utils.d.ts

		/! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		export declare function isBytes(a: unknown): a is Uint8Array;
		export type TypedArray = Int8Array \| Uint8ClampedArray \| Uint8Array \| Uint16Array \| Int16Array \| Uint32Array \| Int32Array;
		@@ -7,3 +8,7 @@ export declare const u8: (arr: TypedArray) => Uint8Array;
		export declare const rotr: (word: number, shift: number) => number;
		export declare const rotl: (word: number, shift: number) => number;
		export declare const isLE: boolean;
		export declare const byteSwap: (word: number) => number;
		export declare const byteSwapIfBE: (n: number) => number;
		export declare function byteSwap32(arr: Uint32Array): void;
		/**
		@@ -92,1 +97,2 @@ * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'
		export {};
		//# sourceMappingURL=utils.d.ts.map

utils.js

		"use strict";
		/! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.randomBytes = exports.wrapXOFConstructorWithOpts = exports.wrapConstructorWithOpts = exports.wrapConstructor = exports.checkOpts = exports.Hash = exports.concatBytes = exports.toBytes = exports.utf8ToBytes = exports.asyncLoop = exports.nextTick = exports.hexToBytes = exports.bytesToHex = exports.isLE = exports.rotr = exports.createView = exports.u32 = exports.u8 = void 0;
		exports.randomBytes = exports.wrapXOFConstructorWithOpts = exports.wrapConstructorWithOpts = exports.wrapConstructor = exports.checkOpts = exports.Hash = exports.concatBytes = exports.toBytes = exports.utf8ToBytes = exports.asyncLoop = exports.nextTick = exports.hexToBytes = exports.bytesToHex = exports.byteSwap32 = exports.byteSwapIfBE = exports.byteSwap = exports.isLE = exports.rotl = exports.rotr = exports.createView = exports.u32 = exports.u8 = exports.isBytes = void 0;
		// We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+.
		@@ -12,2 +12,10 @@ // node.js versions earlier than v19 don't declare it in global scope.
		const crypto_1 = require("@noble/hashes/crypto");
		const _assert_js_1 = require("./_assert.js");
		// export { isBytes } from './_assert.js';
		// We can't reuse isBytes from _assert, because somehow this causes huge perf issues
		function isBytes(a) {
		return (a instanceof Uint8Array \|\|
		(a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array'));
		}
		exports.isBytes = isBytes;
		// Cast array to different type
		@@ -18,6 +26,2 @@ const u8 = (arr) => new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength);
		exports.u32 = u32;
		function isBytes(a) {
		return (a instanceof Uint8Array \|\|
		(a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array'));
		}
		// Cast array to view
		@@ -29,9 +33,21 @@ const createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
		exports.rotr = rotr;
		// big-endian hardware is rare. Just in case someone still decides to run hashes:
		// early-throw an error because we don't support BE yet.
		// Other libraries would silently corrupt the data instead of throwing an error,
		// when they don't support it.
		// The rotate left (circular left shift) operation for uint32
		const rotl = (word, shift) => (word << shift) \| ((word >>> (32 - shift)) >>> 0);
		exports.rotl = rotl;
		exports.isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44;
		if (!exports.isLE)
		throw new Error('Non little-endian hardware is not supported');
		// The byte swap operation for uint32
		const byteSwap = (word) => ((word << 24) & 0xff000000) \|
		((word << 8) & 0xff0000) \|
		((word >>> 8) & 0xff00) \|
		((word >>> 24) & 0xff);
		exports.byteSwap = byteSwap;
		// Conditionally byte swap if on a big-endian platform
		exports.byteSwapIfBE = exports.isLE ? (n) => n : (n) => (0, exports.byteSwap)(n);
		// In place byte swap for Uint32Array
		function byteSwap32(arr) {
		for (let i = 0; i < arr.length; i++) {
		arr[i] = (0, exports.byteSwap)(arr[i]);
		}
		}
		exports.byteSwap32 = byteSwap32;
		// Array where index 0xf0 (240) is mapped to string 'f0'
		@@ -43,4 +59,3 @@ const hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));
		function bytesToHex(bytes) {
		if (!isBytes(bytes))
		throw new Error('Uint8Array expected');
		(0, _assert_js_1.bytes)(bytes);
		// pre-caching improves the speed 6x
		@@ -124,4 +139,3 @@ let hex = '';
		data = utf8ToBytes(data);
		if (!isBytes(data))
		throw new Error(`expected Uint8Array, got ${typeof data}`);
		(0, _assert_js_1.bytes)(data);
		return data;
		@@ -137,4 +151,3 @@ }
		const a = arrays[i];
		if (!isBytes(a))
		throw new Error('Uint8Array expected');
		(0, _assert_js_1.bytes)(a);
		sum += a.length;
		@@ -141,0 +154,0 @@ }

_blake2.d.ts

_blake2.js

_blake2.js.map

_sha2.d.ts

_sha2.js

_sha2.js.map

esm/_blake2.js

esm/_blake2.js.map

esm/_sha2.js

esm/_sha2.js.map

src/_blake2.ts

src/_sha2.ts

index.d.ts→index.d.ts

_assert.js.map