Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
The adler-32 npm package is used for computing Adler-32 checksums. Adler-32 is a checksum algorithm which was designed to be a fast but not cryptographically secure alternative to CRC32. The algorithm is used in the zlib compression library. The adler-32 package provides functionality to calculate Adler-32 checksums for given inputs, which can be useful for error-checking or simple data integrity verification.
Calculate Adler-32 checksum from a string
This feature allows you to calculate the Adler-32 checksum of a given string. The 'str' method takes a string as input and returns the checksum as a number.
const adler32 = require('adler-32');
const checksum = adler32.str('Hello World');
console.log(checksum);
Calculate Adler-32 checksum from a buffer
This feature allows you to calculate the Adler-32 checksum of a given buffer. The 'buf' method takes a Node.js Buffer as input and returns the checksum as a number.
const adler32 = require('adler-32');
const buffer = Buffer.from('Hello World');
const checksum = adler32.buf(buffer);
console.log(checksum);
Calculate Adler-32 checksum and return result in hex format
This feature allows you to calculate the Adler-32 checksum of a given string and return the result in hexadecimal format. The second argument to the 'str' method is a boolean indicating whether the output should be in hex format.
const adler32 = require('adler-32');
const checksum = adler32.str('Hello World', true);
console.log(checksum);
The 'crc' npm package is used to calculate Cyclic Redundancy Check (CRC) of input data. It supports various CRC algorithms, including CRC32. It is similar to adler-32 in that it provides checksums for data integrity, but it offers a wider range of algorithms and is typically used when a more robust error-detection is required.
The 'crc32' package provides a simple and fast way to calculate CRC32 checksums for strings and buffers. It is similar to adler-32 in its simplicity and focus on CRC32, but it does not offer Adler-32 checksums.
The 'hash.js' package is a collection of hash functions implemented in pure JavaScript. It includes various cryptographic hash functions like SHA-1, SHA-256, and more. While it is more comprehensive and secure than adler-32, it is also more complex and may be slower due to the cryptographic nature of the algorithms.
Signed ADLER-32 algorithm implementation in JS (for the browser and nodejs). Emphasis on correctness, performance, and IE6+ support.
With npm:
$ npm install adler-32
In the browser:
<script src="adler32.js"></script>
The browser exposes a variable ADLER32
.
When installed globally, npm installs a script adler32
that computes the
checksum for a specified file or standard input.
The script will manipulate module.exports
if available (e.g. in a CommonJS
require
context). This is not always desirable. To prevent the behavior,
define DO_NOT_EXPORT_ADLER
.
In all cases, the relevant function takes an argument representing data and an optional second argument representing the starting "seed" (for running hash).
The return value is a signed 32-bit integer.
ADLER32.buf(byte array or buffer[, seed])
assumes the argument is a sequence
of 8-bit unsigned integers (e.g. nodejs Buffer
or simple array of ints).
ADLER32.bstr(binary string[, seed])
assumes the argument is a "binary" string
where byte i
is the low byte of the UCS-2 char: str.charCodeAt(i) & 0xFF
ADLER32.str(string)
assumes the argument is a standard string and
calculates the hash of the UTF-8 encoding.
For example:
// var ADLER32 = require('adler-32'); // uncomment if in node
ADLER32.str("SheetJS") // 176947863
ADLER32.bstr("SheetJS") // 176947863
ADLER32.buf([ 83, 104, 101, 101, 116, 74, 83 ]) // 176947863
adler32 = ADLER32.buf([83, 104]) // 17825980 "Sh"
adler32 = ADLER32.str("eet", adler32) // 95486458 "Sheet"
ADLER32.bstr("JS", adler32) // 176947863 "SheetJS"
[ADLER32.str("\u2603"), ADLER32.str("\u0003")] // [ 73138686, 262148 ]
[ADLER32.bstr("\u2603"), ADLER32.bstr("\u0003")] // [ 262148, 262148 ]
[ADLER32.buf([0x2603]), ADLER32.buf([0x0003])] // [ 262148, 262148 ]
make test
will run the nodejs-based test.
To run the in-browser tests, run a local server and go to the ctest
directory.
make ctestserv
will start a python SimpleHTTPServer
server on port 8000.
To update the browser artifacts, run make ctest
.
To generate the bits file, use the adler32
function from python zlib:
>>> from zlib import adler32
>>> x="foo bar baz٪☃🍣"
>>> adler32(x)
1543572022
>>> adler32(x+x)
-2076896149
>>> adler32(x+x+x)
2023497376
The included adler32.njs
script can process files or stdin:
$ echo "this is a test" > t.txt
$ bin/adler32.njs t.txt
726861088
For comparison, the included adler32.py
script uses python zlib:
$ bin/adler32.py t.txt
726861088
make perf
will run algorithmic performance tests (which should justify certain
decisions in the code).
Bit twiddling is much faster than taking the mod on Safari and older Firefoxes.
Instead of taking the literal mod 65521, it is faster to keep it in the integers
by bit-shifting: 65536 ~ 15 mod 65521
so for nonnegative integer a
:
a = (a >>> 16) * 65536 + (a & 65535) [equality]
a ~ (a >>> 16) * 15 + (a & 65535) mod 65521
The mod is taken at the very end, since the intermediate result may exceed 65521
The magic numbers were chosen so as to not overflow a 31-bit integer:
F[n_] := Reduce[x*(x + 1)*n/2 + (x + 1)*(65521) < (2^31 - 1) && x > 0, x, Integers]
F[255] (* bstr: x \[Element] Integers && 1 <= x <= 3854 *)
F[127] (* ascii: x \[Element] Integers && 1 <= x <= 5321 *)
Subtract up to 4 elements for the unicode case.
Please consult the attached LICENSE file for details. All rights not explicitly granted by the Apache 2.0 license are reserved by the Original Author.
FAQs
Pure-JS ADLER-32
The npm package adler-32 receives a total of 2,338,263 weekly downloads. As such, adler-32 popularity was classified as popular.
We found that adler-32 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.