@spliterati/shamir - npm Package Compare versions

Comparing version 0.4.0 to 0.5.0

dist/shamir.d.ts

@@ -1,2 +0,2 @@
-import { uint8 } from '@spliterati/uint8';
+import type { uint8 } from '@spliterati/uint8';
 export declare module GF2p8 {
@@ -3,0 +3,0 @@ const FIELD: number;

dist/shamir.js

@@ -9,2 +9,3 @@ "use strict";
 const utils_1 = __importDefault(require("@spliterati/utils"));
+const constant_time_js_1 = require("constant-time-js");
 var GF2p8;
@@ -83,12 +84,9 @@ (function (GF2p8) {
     const mul = (a, b) => {
-        if (a === 0 || b === 0) {
-            return 0;
-        }
         const sum = (logTable[a] + logTable[b]) % (GF2p8.FIELD - 1);
-        return expTable[sum];
+        let ret = expTable[sum];
+        ret = constant_time_js_1.select_ints(constant_time_js_1.compare_ints(0, a), ret, 0);
+        ret = constant_time_js_1.select_ints(constant_time_js_1.compare_ints(0, b), ret, 0);
+        return ret;
     };
     const div = (a, b) => {
-        if (a === 0) {
-            return 0;
-        }
         if (b === 0) {
@@ -99,3 +97,5 @@ throw new RangeError('div zero');
         const diff = ((logTable[a] - logTable[b]) + fm1) % fm1;
-        return expTable[diff];
+        let ret = expTable[diff];
+        ret = constant_time_js_1.select_ints(constant_time_js_1.compare_ints(a, 0), ret, 0);
+        return ret;
     };
@@ -102,0 +102,0 @@ class Polynomial {

package.json

 {
   "name": "@spliterati/shamir",
-  "version": "0.4.0",
+  "version": "0.5.0",
   "description": "Arbitrary-length shamir implementation",
@@ -33,5 +33,6 @@ "private": false,
   "dependencies": {
-    "@spliterati/uint8": "^1.0.4",
-    "@spliterati/utils": "^0.3.0",
-    "@types/node": "^14.14.20"
+    "@spliterati/uint8": "^1.0.5",
+    "@spliterati/utils": "^0.3.1",
+    "@types/node": "^14.14.20",
+    "constant-time-js": "https://github.com/soatok/constant-time-js.git#8e056b2"
   },
@@ -54,3 +55,3 @@ "devDependencies": {
   },
-  "gitHead": "69755a969f98668751e3d2e1b33362f9f24839e0"
+  "gitHead": "cbd41342e23c810e9bc6645859ab005106612495"
 }

New alerts

HTTP dependency

Supply chain risk

Contains a dependency which resolves to a remote HTTP URL which could be used to inject untrusted code and reduce overall package reliability.

Found 1 instance in 1 package

Manifest confusion

Supply chain risk

This package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

33104

increased by49.79%

Number of package files

9

increased by50%

Lines of code

330

increased by54.93%

Worsened metrics

Dependency count

4

increased by33.33%

Number of high supply chain risk alerts

1

increased byInfinity%

Number of medium supply chain risk alerts

1

increased byInfinity%

Dependency changes

• + Addedconstant-time-js@https://github.com/soatok/constant-time-js.git#8e056b2

• Updated@spliterati/uint8@^1.0.5

• Updated@spliterati/utils@^0.3.1