Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@stablelib/sha512
Advanced tools
@stablelib/sha512 is a JavaScript library that provides a secure and efficient implementation of the SHA-512 cryptographic hash function. It is part of the StableLib collection of cryptographic libraries, which are designed to be secure, fast, and easy to use.
Hashing a string
This feature allows you to hash a string using the SHA-512 algorithm. The code sample demonstrates how to import the SHA512 class, create a new instance, update it with a message, and then generate the hash digest in hexadecimal format.
const { SHA512 } = require('@stablelib/sha512');
const message = 'Hello, world!';
const hash = new SHA512().update(message).digest();
console.log(Buffer.from(hash).toString('hex'));
Hashing a file
This feature allows you to hash the contents of a file using the SHA-512 algorithm. The code sample demonstrates how to create a read stream for a file, update the hash with each chunk of data, and then generate the hash digest in hexadecimal format once the stream ends.
const { SHA512 } = require('@stablelib/sha512');
const fs = require('fs');
const hash = new SHA512();
const stream = fs.createReadStream('path/to/file');
stream.on('data', (chunk) => hash.update(chunk));
stream.on('end', () => {
const digest = hash.digest();
console.log(Buffer.from(digest).toString('hex'));
});
The 'crypto' module is a built-in Node.js module that provides cryptographic functionality, including the SHA-512 hash function. It is widely used and well-maintained, making it a reliable choice for cryptographic operations. Compared to @stablelib/sha512, the 'crypto' module is more versatile as it supports a wider range of cryptographic algorithms.
The 'js-sha512' package is a JavaScript implementation of the SHA-512 hash function. It is lightweight and easy to use, making it a good alternative to @stablelib/sha512 for projects that require only SHA-512 hashing. However, it may not be as optimized for performance as @stablelib/sha512.
The 'hash.js' package is a collection of cryptographic hash functions, including SHA-512. It is part of the 'elliptic' library and is known for its performance and security. Compared to @stablelib/sha512, 'hash.js' offers a broader range of hash functions and is often used in conjunction with elliptic curve cryptography.
FAQs
SHA-512 cryptographic hash function
The npm package @stablelib/sha512 receives a total of 378,483 weekly downloads. As such, @stablelib/sha512 popularity was classified as popular.
We found that @stablelib/sha512 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.