Comparing version 0.28.4 to 0.28.5
@@ -6,25 +6,25 @@ // Type definitions for argon2 v0.19.2 | ||
export interface Options { | ||
hashLength?: number; | ||
timeCost?: number; | ||
memoryCost?: number; | ||
parallelism?: number; | ||
type?: 0 | 1 | 2; | ||
version?: number; | ||
salt?: Buffer; | ||
saltLength?: number; | ||
raw?: boolean; | ||
secret?: Buffer; | ||
associatedData?: Buffer; | ||
hashLength?: number; | ||
timeCost?: number; | ||
memoryCost?: number; | ||
parallelism?: number; | ||
type?: 0 | 1 | 2; | ||
version?: number; | ||
salt?: Buffer; | ||
saltLength?: number; | ||
raw?: boolean; | ||
secret?: Buffer; | ||
associatedData?: Buffer; | ||
} | ||
export interface NumericLimit { | ||
max: number; | ||
min: number; | ||
max: number; | ||
min: number; | ||
} | ||
export interface OptionLimits { | ||
hashLength: NumericLimit; | ||
memoryCost: NumericLimit; | ||
timeCost: NumericLimit; | ||
parallelism: NumericLimit; | ||
hashLength: NumericLimit; | ||
memoryCost: NumericLimit; | ||
timeCost: NumericLimit; | ||
parallelism: NumericLimit; | ||
} | ||
@@ -38,5 +38,15 @@ | ||
export const limits: OptionLimits; | ||
export function hash(plain: Buffer | string, options: Options & {raw: true}): Promise<Buffer>; | ||
export function hash(plain: Buffer | string, options?: Options & {raw?: false}): Promise<string>; | ||
export function verify(hash: string, plain: Buffer | string, options?: Options): Promise<boolean>; | ||
export function hash( | ||
plain: Buffer | string, | ||
options: Options & { raw: true } | ||
): Promise<Buffer>; | ||
export function hash( | ||
plain: Buffer | string, | ||
options?: Options & { raw?: false } | ||
): Promise<string>; | ||
export function verify( | ||
hash: string, | ||
plain: Buffer | string, | ||
options?: Options | ||
): Promise<boolean>; | ||
export function needsRehash(hash: string, options?: Options): boolean; |
124
argon2.js
@@ -1,12 +0,15 @@ | ||
'use strict' | ||
const assert = require('assert') | ||
const { randomBytes, timingSafeEqual } = require('crypto') | ||
const { promisify } = require('util') | ||
"use strict"; | ||
const assert = require("assert"); | ||
const { randomBytes, timingSafeEqual } = require("crypto"); | ||
const { promisify } = require("util"); | ||
const binary = require('@mapbox/node-pre-gyp') | ||
const path = require('path') | ||
const bindingPath = binary.find(path.resolve(path.join(__dirname, './package.json'))) | ||
const { hash: _hash, limits, types, names, version } = require(bindingPath) /* eslint-disable-line */ | ||
const { | ||
hash: _hash, | ||
limits, | ||
types, | ||
names, | ||
version, | ||
} = require("./lib/binding/napi-v3/argon2.node"); | ||
const { deserialize, serialize } = require('@phc/format') | ||
const { deserialize, serialize } = require("@phc/format"); | ||
@@ -20,51 +23,88 @@ const defaults = Object.freeze({ | ||
type: types.argon2i, | ||
version | ||
}) | ||
version, | ||
}); | ||
const bindingsHash = promisify(_hash) | ||
const generateSalt = promisify(randomBytes) | ||
const bindingsHash = promisify(_hash); | ||
const generateSalt = promisify(randomBytes); | ||
const assertLimits = options => ([key, { max, min }]) => { | ||
const value = options[key] | ||
assert(min <= value && value <= max, `Invalid ${key}, must be between ${min} and ${max}.`) | ||
} | ||
const assertLimits = | ||
(options) => | ||
([key, { max, min }]) => { | ||
const value = options[key]; | ||
assert( | ||
min <= value && value <= max, | ||
`Invalid ${key}, must be between ${min} and ${max}.` | ||
); | ||
}; | ||
const hash = async (plain, { raw, salt, ...options } = {}) => { | ||
options = { ...defaults, ...options } | ||
options = { ...defaults, ...options }; | ||
Object.entries(limits).forEach(assertLimits(options)) | ||
Object.entries(limits).forEach(assertLimits(options)); | ||
salt = salt || await generateSalt(options.saltLength) | ||
salt = salt || (await generateSalt(options.saltLength)); | ||
const hash = await bindingsHash(Buffer.from(plain), salt, options) | ||
const hash = await bindingsHash(Buffer.from(plain), salt, options); | ||
if (raw) { | ||
return hash | ||
return hash; | ||
} | ||
const { type, version, memoryCost: m, timeCost: t, parallelism: p, associatedData: data } = options | ||
return serialize({ id: names[type], version, params: { m, t, p, ...(data ? { data } : {}) }, salt, hash }) | ||
} | ||
const { | ||
type, | ||
version, | ||
memoryCost: m, | ||
timeCost: t, | ||
parallelism: p, | ||
associatedData: data, | ||
} = options; | ||
return serialize({ | ||
id: names[type], | ||
version, | ||
params: { m, t, p, ...(data ? { data } : {}) }, | ||
salt, | ||
hash, | ||
}); | ||
}; | ||
const needsRehash = (digest, options) => { | ||
const { memoryCost, timeCost, version } = { ...defaults, ...options } | ||
const { memoryCost, timeCost, version } = { ...defaults, ...options }; | ||
const { version: v, params: { m, t } } = deserialize(digest) | ||
return +v !== +version || +m !== +memoryCost || +t !== +timeCost | ||
} | ||
const { | ||
version: v, | ||
params: { m, t }, | ||
} = deserialize(digest); | ||
return +v !== +version || +m !== +memoryCost || +t !== +timeCost; | ||
}; | ||
const verify = async (digest, plain, options) => { | ||
const { id, version = 0x10, params: { m, t, p, data }, salt, hash } = deserialize(digest) | ||
const obj = deserialize(digest); | ||
// Only these have the "params" key, so if the password was encoded | ||
// using any other method, the destructuring throws an error | ||
if (!(obj.id in types)) { | ||
return false; | ||
} | ||
return timingSafeEqual(await bindingsHash(Buffer.from(plain), salt, { | ||
...options, | ||
type: types[id], | ||
version: +version, | ||
hashLength: hash.length, | ||
memoryCost: +m, | ||
timeCost: +t, | ||
parallelism: +p, | ||
...(data ? { associatedData: Buffer.from(data, 'base64') } : {}) | ||
}), hash) | ||
} | ||
const { | ||
id, | ||
version = 0x10, | ||
params: { m, t, p, data }, | ||
salt, | ||
hash, | ||
} = obj; | ||
module.exports = { defaults, limits, hash, needsRehash, verify, ...types } | ||
return timingSafeEqual( | ||
await bindingsHash(Buffer.from(plain), salt, { | ||
...options, | ||
type: types[id], | ||
version: +version, | ||
hashLength: hash.length, | ||
memoryCost: +m, | ||
timeCost: +t, | ||
parallelism: +p, | ||
...(data ? { associatedData: Buffer.from(data, "base64") } : {}), | ||
}), | ||
hash | ||
); | ||
}; | ||
module.exports = { defaults, limits, hash, needsRehash, verify, ...types }; |
{ | ||
"name": "argon2", | ||
"version": "0.28.4", | ||
"version": "0.28.5", | ||
"description": "An Argon2 library for Node", | ||
@@ -27,6 +27,5 @@ "main": "argon2.js", | ||
"install": "node-pre-gyp install --fallback-to-build", | ||
"lint": "standard --verbose", | ||
"format": "prettier --write \"**/*.{js,json,ts}\"", | ||
"test": "nyc mocha test/test.js", | ||
"test:ts": "tsc -p . && node test/test-d.js", | ||
"postinstall": "opencollective-postinstall || true" | ||
"test:ts": "tsc -p . && node test/test-d.js" | ||
}, | ||
@@ -53,12 +52,11 @@ "repository": { | ||
"@phc/format": "^1.0.0", | ||
"node-addon-api": "^4.3.0", | ||
"opencollective-postinstall": "^2.0.3" | ||
"node-addon-api": "^4.3.0" | ||
}, | ||
"devDependencies": { | ||
"@types/node": "^17.0.14", | ||
"mocha": "^9.2.0", | ||
"node-gyp": "^8.4.1", | ||
"@types/node": "^17.0.21", | ||
"mocha": "^9.2.1", | ||
"node-gyp": "^9.0.0", | ||
"nyc": "^15.1.0", | ||
"standard": "^16.0.4", | ||
"typescript": "^4.5.5" | ||
"prettier": "^2.5.1", | ||
"typescript": "^4.6.2" | ||
}, | ||
@@ -65,0 +63,0 @@ "binary": { |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Install scripts
Supply chain riskInstall scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
184390
3
137
1
0
- Removedopencollective-postinstall@^2.0.3
- Removedopencollective-postinstall@2.0.3(transitive)