Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@types/node-forge
Advanced tools
@types/node-forge provides TypeScript type definitions for the node-forge library, which is a native implementation of TLS (and various other cryptographic tools) in JavaScript. It allows developers to perform a variety of cryptographic operations such as encryption, decryption, hashing, and digital signatures.
Encryption and Decryption
This feature allows you to encrypt and decrypt data using the AES-CBC algorithm. The code sample demonstrates how to encrypt a simple 'Hello World' string and then decrypt it back to its original form.
const forge = require('node-forge');
const key = forge.random.getBytesSync(16);
const iv = forge.random.getBytesSync(16);
const cipher = forge.cipher.createCipher('AES-CBC', key);
cipher.start({iv: iv});
cipher.update(forge.util.createBuffer('Hello World'));
cipher.finish();
const encrypted = cipher.output;
const decipher = forge.cipher.createDecipher('AES-CBC', key);
decipher.start({iv: iv});
decipher.update(encrypted);
decipher.finish();
const decrypted = decipher.output.toString();
console.log(decrypted);
Hashing
This feature allows you to create cryptographic hashes using various algorithms like SHA-256. The code sample demonstrates how to hash a 'Hello World' string using SHA-256.
const forge = require('node-forge');
const md = forge.md.sha256.create();
md.update('Hello World', 'utf8');
const hash = md.digest().toHex();
console.log(hash);
Digital Signatures
This feature allows you to create and verify digital signatures. The code sample demonstrates how to sign a 'Hello World' string with a private key and then verify the signature with the corresponding public key.
const forge = require('node-forge');
const pki = forge.pki;
const keys = pki.rsa.generateKeyPair(2048);
const md = forge.md.sha256.create();
md.update('Hello World', 'utf8');
const signature = keys.privateKey.sign(md);
const verified = keys.publicKey.verify(md.digest().bytes(), signature);
console.log(verified);
TLS/SSL
This feature allows you to create and manage TLS/SSL certificates. The code sample demonstrates how to generate a self-signed certificate.
const forge = require('node-forge');
const pki = forge.pki;
const keys = pki.rsa.generateKeyPair(2048);
const cert = pki.createCertificate();
cert.publicKey = keys.publicKey;
cert.serialNumber = '01';
cert.validity.notBefore = new Date();
cert.validity.notAfter = new Date();
cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 1);
const attrs = [{name: 'commonName', value: 'example.org'}];
cert.setSubject(attrs);
cert.setIssuer(attrs);
cert.sign(keys.privateKey);
const pem = pki.certificateToPem(cert);
console.log(pem);
crypto-js is a popular library for cryptographic algorithms implemented in JavaScript. It provides a wide range of cryptographic functions including encryption, decryption, hashing, and HMAC. Compared to node-forge, crypto-js is more focused on providing a simple API for common cryptographic tasks and is often used in browser environments.
jose is a library for JavaScript Object Signing and Encryption (JOSE) standards, including JSON Web Tokens (JWT), JSON Web Encryption (JWE), and JSON Web Signatures (JWS). It is more specialized compared to node-forge, focusing on the JOSE standards and providing a high-level API for working with JWTs and related technologies.
openpgp is a JavaScript implementation of the OpenPGP standard for encryption and signing of data. It is specifically designed for working with PGP keys and messages. Compared to node-forge, openpgp is more specialized for PGP-related tasks and provides a higher-level API for working with PGP keys and encrypted messages.
npm install --save @types/node-forge
This package contains type definitions for node-forge (https://github.com/digitalbazaar/forge).
Files were exported from https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node-forge.
These definitions were written by Seth Westphal , Kay Schecker , Aakash Goenka , Rafal2228 , Beeno Tung , Joe Flateau , timhwang21 , Anders Kaseorg , Sascha Zarhuber , Rogier Schouten , Ivan Aseev , Wiktor Kwapisiewicz, Ligia Frangello , Dmitry Avezov , Jose Fuentes , Anya Reyes , and Tino .
FAQs
TypeScript definitions for node-forge
The npm package @types/node-forge receives a total of 7,317,053 weekly downloads. As such, @types/node-forge popularity was classified as popular.
We found that @types/node-forge demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.