Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The adler-32 npm package is used for computing Adler-32 checksums. Adler-32 is a checksum algorithm which was designed to be a fast but not cryptographically secure alternative to CRC32. The algorithm is used in the zlib compression library. The adler-32 package provides functionality to calculate Adler-32 checksums for given inputs, which can be useful for error-checking or simple data integrity verification.
Calculate Adler-32 checksum from a string
This feature allows you to calculate the Adler-32 checksum of a given string. The 'str' method takes a string as input and returns the checksum as a number.
const adler32 = require('adler-32');
const checksum = adler32.str('Hello World');
console.log(checksum);
Calculate Adler-32 checksum from a buffer
This feature allows you to calculate the Adler-32 checksum of a given buffer. The 'buf' method takes a Node.js Buffer as input and returns the checksum as a number.
const adler32 = require('adler-32');
const buffer = Buffer.from('Hello World');
const checksum = adler32.buf(buffer);
console.log(checksum);
Calculate Adler-32 checksum and return result in hex format
This feature allows you to calculate the Adler-32 checksum of a given string and return the result in hexadecimal format. The second argument to the 'str' method is a boolean indicating whether the output should be in hex format.
const adler32 = require('adler-32');
const checksum = adler32.str('Hello World', true);
console.log(checksum);
The 'crc' npm package is used to calculate Cyclic Redundancy Check (CRC) of input data. It supports various CRC algorithms, including CRC32. It is similar to adler-32 in that it provides checksums for data integrity, but it offers a wider range of algorithms and is typically used when a more robust error-detection is required.
The 'crc32' package provides a simple and fast way to calculate CRC32 checksums for strings and buffers. It is similar to adler-32 in its simplicity and focus on CRC32, but it does not offer Adler-32 checksums.
The 'hash.js' package is a collection of hash functions implemented in pure JavaScript. It includes various cryptographic hash functions like SHA-1, SHA-256, and more. While it is more comprehensive and secure than adler-32, it is also more complex and may be slower due to the cryptographic nature of the algorithms.
Signed ADLER-32 algorithm implementation in JS (for the browser and nodejs). Emphasis on correctness, performance, and IE6+ support.
With npm:
$ npm install adler-32
In the browser:
<script src="adler32.js"></script>
The browser exposes a variable ADLER32
.
When installed globally, npm installs a script adler32
that computes the
checksum for a specified file or standard input.
The script will manipulate module.exports
if available . This is not always
desirable. To prevent the behavior, define DO_NOT_EXPORT_ADLER
.
In all cases, the relevant function takes an argument representing data and an optional second argument representing the starting "seed" (for running hash).
The return value is a signed 32-bit integer.
ADLER32.buf(byte array or buffer[, seed])
assumes the argument is a sequence
of 8-bit unsigned integers (nodejs Buffer
, Uint8Array
or array of bytes).
ADLER32.bstr(binary string[, seed])
assumes the argument is a binary string
where byte i
is the low byte of the UCS-2 char: str.charCodeAt(i) & 0xFF
ADLER32.str(string)
assumes the argument is a standard JS string and
calculates the hash of the UTF-8 encoding.
For example:
// var ADLER32 = require('adler-32'); // uncomment if in node
ADLER32.str("SheetJS") // 176947863
ADLER32.bstr("SheetJS") // 176947863
ADLER32.buf([ 83, 104, 101, 101, 116, 74, 83 ]) // 176947863
adler32 = ADLER32.buf([83, 104]) // 17825980 "Sh"
adler32 = ADLER32.str("eet", adler32) // 95486458 "Sheet"
ADLER32.bstr("JS", adler32) // 176947863 "SheetJS"
[ADLER32.str("\u2603"), ADLER32.str("\u0003")] // [ 73138686, 262148 ]
[ADLER32.bstr("\u2603"), ADLER32.bstr("\u0003")] // [ 262148, 262148 ]
[ADLER32.buf([0x2603]), ADLER32.buf([0x0003])] // [ 262148, 262148 ]
make test
will run the nodejs-based test.
To run the in-browser tests, run a local server and go to the ctest
directory.
make ctestserv
will start a python SimpleHTTPServer
server on port 8000.
To update the browser artifacts, run make ctest
.
To generate the bits file, use the adler32
function from python zlib
:
>>> from zlib import adler32
>>> x="foo bar baz٪☃🍣"
>>> adler32(x)
1543572022
>>> adler32(x+x)
-2076896149
>>> adler32(x+x+x)
2023497376
The adler32-cli
package includes
scripts for processing files or text on standard input:
$ echo "this is a test" > t.txt
$ adler32-cli t.txt
726861088
For comparison, the adler32.py
script in the subdirectory uses python zlib
:
$ packages/adler32-cli/bin/adler32.py t.txt
726861088
make perf
will run algorithmic performance tests (which should justify certain
decisions in the code).
Bit twiddling is much faster than taking the mod in Safari and Firefox browsers.
Instead of taking the literal mod 65521, it is faster to keep it in the integers
by bit-shifting: 65536 ~ 15 mod 65521
so for nonnegative integer a
:
a = (a >>> 16) * 65536 + (a & 65535) [equality]
a ~ (a >>> 16) * 15 + (a & 65535) mod 65521
The mod is taken at the very end, since the intermediate result may exceed 65521
The magic numbers were chosen so as to not overflow a 31-bit integer:
F[n_] := Reduce[x*(x + 1)*n/2 + (x + 1)*(65521) < (2^31 - 1) && x > 0, x, Integers]
F[255] (* bstr: x \[Element] Integers && 1 <= x <= 3854 *)
F[127] (* ascii: x \[Element] Integers && 1 <= x <= 5321 *)
Subtract up to 4 elements for the Unicode case.
Please consult the attached LICENSE file for details. All rights not explicitly granted by the Apache 2.0 license are reserved by the Original Author.
FAQs
Pure-JS ADLER-32
We found that adler-32 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.