@toruslabs/eccrypto - npm Package Compare versions

Comparing version 3.0.0 to 4.0.0

dist/eccrypto.cjs.js

@@ -66,12 +66,12 @@ /******/ (() => { // webpackBootstrap
 __webpack_require__.d(__webpack_exports__, {
-  "decrypt": () => (/* binding */ decrypt),
-  "derive": () => (/* binding */ derive),
-  "derivePadded": () => (/* binding */ derivePadded),
-  "deriveUnpadded": () => (/* binding */ deriveUnpadded),
-  "encrypt": () => (/* binding */ encrypt),
-  "generatePrivate": () => (/* binding */ generatePrivate),
-  "getPublic": () => (/* binding */ getPublic),
-  "getPublicCompressed": () => (/* binding */ getPublicCompressed),
-  "sign": () => (/* binding */ sign),
-  "verify": () => (/* binding */ verify)
+  decrypt: () => (/* binding */ decrypt),
+  derive: () => (/* binding */ derive),
+  derivePadded: () => (/* binding */ derivePadded),
+  deriveUnpadded: () => (/* binding */ deriveUnpadded),
+  encrypt: () => (/* binding */ encrypt),
+  generatePrivate: () => (/* binding */ generatePrivate),
+  getPublic: () => (/* binding */ getPublic),
+  getPublicCompressed: () => (/* binding */ getPublicCompressed),
+  sign: () => (/* binding */ sign),
+  verify: () => (/* binding */ verify)
 });
@@ -88,3 +88,5 @@
 const ec = new external_elliptic_namespaceObject.ec("secp256k1");
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
 const browserCrypto = __webpack_require__.g.crypto || __webpack_require__.g.msCrypto || {};
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
 const subtle = browserCrypto.subtle || browserCrypto.webkitSubtle;
@@ -324,3 +326,3 @@ const EC_GROUP_ORDER = Buffer.from("fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", "hex");
   const dataToMac = Buffer.concat([opts.iv, opts.ephemPublicKey, opts.ciphertext]);
-  const macGood = await hmacSha256Verify(macKey, dataToMac, opts.mac);
+  const macGood = await hmacSha256Verify(Buffer.from(macKey), dataToMac, opts.mac);
   if (!macGood && padding === false) {
@@ -327,0 +329,0 @@ return decrypt(privateKey, opts, true);

dist/eccrypto.esm.js

@@ -5,3 +5,5 @@ import nodeCrypto from 'crypto';
 const ec = new ec$1("secp256k1");
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
 const browserCrypto = global.crypto || global.msCrypto || {};
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
 const subtle = browserCrypto.subtle || browserCrypto.webkitSubtle;
@@ -26,2 +28,3 @@ const EC_GROUP_ORDER = Buffer.from("fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", "hex");
 }
+
 // Compare two buffers in constant time to prevent timing attacks.
@@ -39,2 +42,3 @@ function equalConstTime(b1, b2) {
 }
+
 /* This must check if we're in the browser or
@@ -112,2 +116,3 @@ not, since the functions are different and does
 }
+
 /**
@@ -132,2 +137,3 @@ * Generate a new valid private key. Will use the window.crypto or window.msCrypto as source
 };
+
 /**
@@ -144,2 +150,3 @@ * Get compressed version of public key.
 };
+
 // NOTE(Kagami): We don't use promise shim in Browser implementation
@@ -241,3 +248,3 @@ // because it's supported natively in new browsers (see
   const dataToMac = Buffer.concat([opts.iv, opts.ephemPublicKey, opts.ciphertext]);
-  const macGood = await hmacSha256Verify(macKey, dataToMac, opts.mac);
+  const macGood = await hmacSha256Verify(Buffer.from(macKey), dataToMac, opts.mac);
   if (!macGood && padding === false) {
@@ -244,0 +251,0 @@ return decrypt(privateKey, opts, true);

package.json

 {
   "name": "@toruslabs/eccrypto",
-  "version": "3.0.0",
+  "version": "4.0.0",
   "description": "JavaScript Elliptic curve cryptography library, includes fix to browser.js so that encrypt/decrypt works",
@@ -12,6 +12,7 @@ "main": "./dist/eccrypto.cjs.js",
     "test": "ECCRYPTO_NO_FALLBACK=1 mocha && karma start",
+    "test:ci": "ECCRYPTO_NO_FALLBACK=1 mocha && npm run k",
     "m": "mocha",
-    "k": "karma start",
-    "kc": "karma start --browsers Chromium",
-    "kf": "karma start --browsers Firefox"
+    "k": "xvfb-run -a karma start",
+    "kc": "xvfb-run -a karma start --browsers Chromium",
+    "kf": "xvfb-run -a karma start --browsers Firefox"
   },
@@ -45,10 +46,12 @@ "repository": {
   "devDependencies": {
-    "@babel/cli": "^7.21.5",
-    "@babel/core": "^7.21.5",
-    "@babel/plugin-transform-runtime": "^7.21.4",
-    "@babel/preset-env": "^7.21.5",
-    "@babel/runtime": "^7.21.5",
-    "@toruslabs/eslint-config-typescript": "^2.0.0",
-    "eslint-plugin-chai-expect": "^3.0.0",
-    "@toruslabs/torus-scripts": "^4.0.0",
+    "@babel/cli": "^7.22.10",
+    "@babel/core": "^7.22.10",
+    "@babel/plugin-transform-runtime": "^7.22.10",
+    "@babel/preset-env": "^7.22.10",
+    "@babel/runtime": "^7.22.10",
+    "@toruslabs/config": "^2.0.1",
+    "@toruslabs/eslint-config-node": "^3.0.0",
+    "@toruslabs/torus-scripts": "^5.0.1",
+    "@types/buffer-equal": "^1.0.0",
+    "@types/chai": "^4.3.5",
     "@types/elliptic": "^6.4.14",
@@ -58,3 +61,3 @@ "browserify": "^17.0.0",
     "chai": "^4.3.7",
-    "eslint": "^8.39.0",
+    "eslint": "^8.46.0",
     "karma": "^6.4.2",
@@ -68,3 +71,5 @@ "karma-browserify": "^8.1.0",
     "karma-safari-launcher": "^1.0.0",
-    "mocha": "^10.2.0"
+    "mocha": "^10.2.0",
+    "playwright": "^1.36.2",
+    "typescript": "^5.1.6"
   },
@@ -75,5 +80,5 @@ "dependencies": {
   "engines": {
-    "node": ">=16.18.1",
-    "npm": ">=8.x"
+    "node": ">=18.x",
+    "npm": ">=9.x"
   }
 }

README.md

@@ -1,2 +0,2 @@
-# eccrypto [![Build Status](https://travis-ci.org/bitchan/eccrypto.svg?branch=master)](https://travis-ci.org/bitchan/eccrypto)
+# eccrypto [![Build Status](https://github.com/torusresearch/eccrypto/workflows/master/badge.svg)](https://github.com/torusresearch/eccrypto/actions)
 
@@ -3,0 +3,0 @@ [![NPM](https://nodei.co/npm/eccrypto.png)](https://www.npmjs.com/package/eccrypto)

src/index.ts

@@ -5,3 +5,5 @@ import nodeCrypto from "crypto";
 const ec = new EC("secp256k1");
-const browserCrypto = global.crypto || global.msCrypto || {};
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+const browserCrypto = global.crypto || (global as any).msCrypto || {};
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
 const subtle = browserCrypto.subtle || (browserCrypto as any).webkitSubtle;
@@ -126,3 +128,3 @@
 }
-async function hmacSha256Verify(key, msg, sig) {
+async function hmacSha256Verify(key: Buffer, msg: Buffer, sig: Buffer): Promise<boolean> {
   const expectedSig = await hmacSha256Sign(key, msg);
@@ -272,3 +274,3 @@ return equalConstTime(expectedSig, sig);
   const dataToMac = Buffer.concat([opts.iv, opts.ephemPublicKey, opts.ciphertext]);
-  const macGood = await hmacSha256Verify(macKey, dataToMac, opts.mac);
+  const macGood = await hmacSha256Verify(Buffer.from(macKey), dataToMac, opts.mac);
   if (!macGood && padding === false) {
@@ -275,0 +277,0 @@ return decrypt(privateKey, opts, true);

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

785000

increased by1.52%

Lines of code

1469

increased by0.41%

Number of medium supply chain risk alerts

1

decreased by-50%

Worsened metrics

Dev dependency count

26

increased by18.18%

No dependency changes