Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

argon2

Package Overview
Dependencies
Maintainers
1
Versions
78
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

argon2 - npm Package Compare versions

Comparing version 0.28.4 to 0.28.5

50

argon2.d.ts

@@ -6,25 +6,25 @@ // Type definitions for argon2 v0.19.2

export interface Options {
hashLength?: number;
timeCost?: number;
memoryCost?: number;
parallelism?: number;
type?: 0 | 1 | 2;
version?: number;
salt?: Buffer;
saltLength?: number;
raw?: boolean;
secret?: Buffer;
associatedData?: Buffer;
hashLength?: number;
timeCost?: number;
memoryCost?: number;
parallelism?: number;
type?: 0 | 1 | 2;
version?: number;
salt?: Buffer;
saltLength?: number;
raw?: boolean;
secret?: Buffer;
associatedData?: Buffer;
}
export interface NumericLimit {
max: number;
min: number;
max: number;
min: number;
}
export interface OptionLimits {
hashLength: NumericLimit;
memoryCost: NumericLimit;
timeCost: NumericLimit;
parallelism: NumericLimit;
hashLength: NumericLimit;
memoryCost: NumericLimit;
timeCost: NumericLimit;
parallelism: NumericLimit;
}

@@ -38,5 +38,15 @@

export const limits: OptionLimits;
export function hash(plain: Buffer | string, options: Options & {raw: true}): Promise<Buffer>;
export function hash(plain: Buffer | string, options?: Options & {raw?: false}): Promise<string>;
export function verify(hash: string, plain: Buffer | string, options?: Options): Promise<boolean>;
export function hash(
plain: Buffer | string,
options: Options & { raw: true }
): Promise<Buffer>;
export function hash(
plain: Buffer | string,
options?: Options & { raw?: false }
): Promise<string>;
export function verify(
hash: string,
plain: Buffer | string,
options?: Options
): Promise<boolean>;
export function needsRehash(hash: string, options?: Options): boolean;

124

argon2.js

@@ -1,12 +0,15 @@

'use strict'
const assert = require('assert')
const { randomBytes, timingSafeEqual } = require('crypto')
const { promisify } = require('util')
"use strict";
const assert = require("assert");
const { randomBytes, timingSafeEqual } = require("crypto");
const { promisify } = require("util");
const binary = require('@mapbox/node-pre-gyp')
const path = require('path')
const bindingPath = binary.find(path.resolve(path.join(__dirname, './package.json')))
const { hash: _hash, limits, types, names, version } = require(bindingPath) /* eslint-disable-line */
const {
hash: _hash,
limits,
types,
names,
version,
} = require("./lib/binding/napi-v3/argon2.node");
const { deserialize, serialize } = require('@phc/format')
const { deserialize, serialize } = require("@phc/format");

@@ -20,51 +23,88 @@ const defaults = Object.freeze({

type: types.argon2i,
version
})
version,
});
const bindingsHash = promisify(_hash)
const generateSalt = promisify(randomBytes)
const bindingsHash = promisify(_hash);
const generateSalt = promisify(randomBytes);
const assertLimits = options => ([key, { max, min }]) => {
const value = options[key]
assert(min <= value && value <= max, `Invalid ${key}, must be between ${min} and ${max}.`)
}
const assertLimits =
(options) =>
([key, { max, min }]) => {
const value = options[key];
assert(
min <= value && value <= max,
`Invalid ${key}, must be between ${min} and ${max}.`
);
};
const hash = async (plain, { raw, salt, ...options } = {}) => {
options = { ...defaults, ...options }
options = { ...defaults, ...options };
Object.entries(limits).forEach(assertLimits(options))
Object.entries(limits).forEach(assertLimits(options));
salt = salt || await generateSalt(options.saltLength)
salt = salt || (await generateSalt(options.saltLength));
const hash = await bindingsHash(Buffer.from(plain), salt, options)
const hash = await bindingsHash(Buffer.from(plain), salt, options);
if (raw) {
return hash
return hash;
}
const { type, version, memoryCost: m, timeCost: t, parallelism: p, associatedData: data } = options
return serialize({ id: names[type], version, params: { m, t, p, ...(data ? { data } : {}) }, salt, hash })
}
const {
type,
version,
memoryCost: m,
timeCost: t,
parallelism: p,
associatedData: data,
} = options;
return serialize({
id: names[type],
version,
params: { m, t, p, ...(data ? { data } : {}) },
salt,
hash,
});
};
const needsRehash = (digest, options) => {
const { memoryCost, timeCost, version } = { ...defaults, ...options }
const { memoryCost, timeCost, version } = { ...defaults, ...options };
const { version: v, params: { m, t } } = deserialize(digest)
return +v !== +version || +m !== +memoryCost || +t !== +timeCost
}
const {
version: v,
params: { m, t },
} = deserialize(digest);
return +v !== +version || +m !== +memoryCost || +t !== +timeCost;
};
const verify = async (digest, plain, options) => {
const { id, version = 0x10, params: { m, t, p, data }, salt, hash } = deserialize(digest)
const obj = deserialize(digest);
// Only these have the "params" key, so if the password was encoded
// using any other method, the destructuring throws an error
if (!(obj.id in types)) {
return false;
}
return timingSafeEqual(await bindingsHash(Buffer.from(plain), salt, {
...options,
type: types[id],
version: +version,
hashLength: hash.length,
memoryCost: +m,
timeCost: +t,
parallelism: +p,
...(data ? { associatedData: Buffer.from(data, 'base64') } : {})
}), hash)
}
const {
id,
version = 0x10,
params: { m, t, p, data },
salt,
hash,
} = obj;
module.exports = { defaults, limits, hash, needsRehash, verify, ...types }
return timingSafeEqual(
await bindingsHash(Buffer.from(plain), salt, {
...options,
type: types[id],
version: +version,
hashLength: hash.length,
memoryCost: +m,
timeCost: +t,
parallelism: +p,
...(data ? { associatedData: Buffer.from(data, "base64") } : {}),
}),
hash
);
};
module.exports = { defaults, limits, hash, needsRehash, verify, ...types };
{
"name": "argon2",
"version": "0.28.4",
"version": "0.28.5",
"description": "An Argon2 library for Node",

@@ -27,6 +27,5 @@ "main": "argon2.js",

"install": "node-pre-gyp install --fallback-to-build",
"lint": "standard --verbose",
"format": "prettier --write \"**/*.{js,json,ts}\"",
"test": "nyc mocha test/test.js",
"test:ts": "tsc -p . && node test/test-d.js",
"postinstall": "opencollective-postinstall || true"
"test:ts": "tsc -p . && node test/test-d.js"
},

@@ -53,12 +52,11 @@ "repository": {

"@phc/format": "^1.0.0",
"node-addon-api": "^4.3.0",
"opencollective-postinstall": "^2.0.3"
"node-addon-api": "^4.3.0"
},
"devDependencies": {
"@types/node": "^17.0.14",
"mocha": "^9.2.0",
"node-gyp": "^8.4.1",
"@types/node": "^17.0.21",
"mocha": "^9.2.1",
"node-gyp": "^9.0.0",
"nyc": "^15.1.0",
"standard": "^16.0.4",
"typescript": "^4.5.5"
"prettier": "^2.5.1",
"typescript": "^4.6.2"
},

@@ -65,0 +63,0 @@ "binary": {

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc