argon2 - npm Package Compare versions
Comparing version 0.28.4 to 0.28.5
@@ -6,25 +6,25 @@ // Type definitions for argon2 v0.19.2 | ||
| export interface Options { | ||
| hashLength?: number; | ||
| timeCost?: number; | ||
| memoryCost?: number; | ||
| parallelism?: number; | ||
| type?: 0 | 1 | 2; | ||
| version?: number; | ||
| salt?: Buffer; | ||
| saltLength?: number; | ||
| raw?: boolean; | ||
| secret?: Buffer; | ||
| associatedData?: Buffer; | ||
| hashLength?: number; | ||
| timeCost?: number; | ||
| memoryCost?: number; | ||
| parallelism?: number; | ||
| type?: 0 | 1 | 2; | ||
| version?: number; | ||
| salt?: Buffer; | ||
| saltLength?: number; | ||
| raw?: boolean; | ||
| secret?: Buffer; | ||
| associatedData?: Buffer; | ||
| } | ||
| export interface NumericLimit { | ||
| max: number; | ||
| min: number; | ||
| max: number; | ||
| min: number; | ||
| } | ||
| export interface OptionLimits { | ||
| hashLength: NumericLimit; | ||
| memoryCost: NumericLimit; | ||
| timeCost: NumericLimit; | ||
| parallelism: NumericLimit; | ||
| hashLength: NumericLimit; | ||
| memoryCost: NumericLimit; | ||
| timeCost: NumericLimit; | ||
| parallelism: NumericLimit; | ||
| } | ||
@@ -38,5 +38,15 @@ | ||
| export const limits: OptionLimits; | ||
| export function hash(plain: Buffer | string, options: Options & {raw: true}): Promise<Buffer>; | ||
| export function hash(plain: Buffer | string, options?: Options & {raw?: false}): Promise<string>; | ||
| export function verify(hash: string, plain: Buffer | string, options?: Options): Promise<boolean>; | ||
| export function hash( | ||
| plain: Buffer | string, | ||
| options: Options & { raw: true } | ||
| ): Promise<Buffer>; | ||
| export function hash( | ||
| plain: Buffer | string, | ||
| options?: Options & { raw?: false } | ||
| ): Promise<string>; | ||
| export function verify( | ||
| hash: string, | ||
| plain: Buffer | string, | ||
| options?: Options | ||
| ): Promise<boolean>; | ||
| export function needsRehash(hash: string, options?: Options): boolean; |
124
argon2.js
@@ -1,12 +0,15 @@ | ||
| 'use strict' | ||
| const assert = require('assert') | ||
| const { randomBytes, timingSafeEqual } = require('crypto') | ||
| const { promisify } = require('util') | ||
| "use strict"; | ||
| const assert = require("assert"); | ||
| const { randomBytes, timingSafeEqual } = require("crypto"); | ||
| const { promisify } = require("util"); | ||
| const binary = require('@mapbox/node-pre-gyp') | ||
| const path = require('path') | ||
| const bindingPath = binary.find(path.resolve(path.join(__dirname, './package.json'))) | ||
| const { hash: _hash, limits, types, names, version } = require(bindingPath) /* eslint-disable-line */ | ||
| const { | ||
| hash: _hash, | ||
| limits, | ||
| types, | ||
| names, | ||
| version, | ||
| } = require("./lib/binding/napi-v3/argon2.node"); | ||
| const { deserialize, serialize } = require('@phc/format') | ||
| const { deserialize, serialize } = require("@phc/format"); | ||
@@ -20,51 +23,88 @@ const defaults = Object.freeze({ | ||
| type: types.argon2i, | ||
| version | ||
| }) | ||
| version, | ||
| }); | ||
| const bindingsHash = promisify(_hash) | ||
| const generateSalt = promisify(randomBytes) | ||
| const bindingsHash = promisify(_hash); | ||
| const generateSalt = promisify(randomBytes); | ||
| const assertLimits = options => ([key, { max, min }]) => { | ||
| const value = options[key] | ||
| assert(min <= value && value <= max, `Invalid ${key}, must be between ${min} and ${max}.`) | ||
| } | ||
| const assertLimits = | ||
| (options) => | ||
| ([key, { max, min }]) => { | ||
| const value = options[key]; | ||
| assert( | ||
| min <= value && value <= max, | ||
| `Invalid ${key}, must be between ${min} and ${max}.` | ||
| ); | ||
| }; | ||
| const hash = async (plain, { raw, salt, ...options } = {}) => { | ||
| options = { ...defaults, ...options } | ||
| options = { ...defaults, ...options }; | ||
| Object.entries(limits).forEach(assertLimits(options)) | ||
| Object.entries(limits).forEach(assertLimits(options)); | ||
| salt = salt || await generateSalt(options.saltLength) | ||
| salt = salt || (await generateSalt(options.saltLength)); | ||
| const hash = await bindingsHash(Buffer.from(plain), salt, options) | ||
| const hash = await bindingsHash(Buffer.from(plain), salt, options); | ||
| if (raw) { | ||
| return hash | ||
| return hash; | ||
| } | ||
| const { type, version, memoryCost: m, timeCost: t, parallelism: p, associatedData: data } = options | ||
| return serialize({ id: names[type], version, params: { m, t, p, ...(data ? { data } : {}) }, salt, hash }) | ||
| } | ||
| const { | ||
| type, | ||
| version, | ||
| memoryCost: m, | ||
| timeCost: t, | ||
| parallelism: p, | ||
| associatedData: data, | ||
| } = options; | ||
| return serialize({ | ||
| id: names[type], | ||
| version, | ||
| params: { m, t, p, ...(data ? { data } : {}) }, | ||
| salt, | ||
| hash, | ||
| }); | ||
| }; | ||
| const needsRehash = (digest, options) => { | ||
| const { memoryCost, timeCost, version } = { ...defaults, ...options } | ||
| const { memoryCost, timeCost, version } = { ...defaults, ...options }; | ||
| const { version: v, params: { m, t } } = deserialize(digest) | ||
| return +v !== +version || +m !== +memoryCost || +t !== +timeCost | ||
| } | ||
| const { | ||
| version: v, | ||
| params: { m, t }, | ||
| } = deserialize(digest); | ||
| return +v !== +version || +m !== +memoryCost || +t !== +timeCost; | ||
| }; | ||
| const verify = async (digest, plain, options) => { | ||
| const { id, version = 0x10, params: { m, t, p, data }, salt, hash } = deserialize(digest) | ||
| const obj = deserialize(digest); | ||
| // Only these have the "params" key, so if the password was encoded | ||
| // using any other method, the destructuring throws an error | ||
| if (!(obj.id in types)) { | ||
| return false; | ||
| } | ||
| return timingSafeEqual(await bindingsHash(Buffer.from(plain), salt, { | ||
| ...options, | ||
| type: types[id], | ||
| version: +version, | ||
| hashLength: hash.length, | ||
| memoryCost: +m, | ||
| timeCost: +t, | ||
| parallelism: +p, | ||
| ...(data ? { associatedData: Buffer.from(data, 'base64') } : {}) | ||
| }), hash) | ||
| } | ||
| const { | ||
| id, | ||
| version = 0x10, | ||
| params: { m, t, p, data }, | ||
| salt, | ||
| hash, | ||
| } = obj; | ||
| module.exports = { defaults, limits, hash, needsRehash, verify, ...types } | ||
| return timingSafeEqual( | ||
| await bindingsHash(Buffer.from(plain), salt, { | ||
| ...options, | ||
| type: types[id], | ||
| version: +version, | ||
| hashLength: hash.length, | ||
| memoryCost: +m, | ||
| timeCost: +t, | ||
| parallelism: +p, | ||
| ...(data ? { associatedData: Buffer.from(data, "base64") } : {}), | ||
| }), | ||
| hash | ||
| ); | ||
| }; | ||
| module.exports = { defaults, limits, hash, needsRehash, verify, ...types }; |
| { | ||
| "name": "argon2", | ||
| "version": "0.28.4", | ||
| "version": "0.28.5", | ||
| "description": "An Argon2 library for Node", | ||
@@ -27,6 +27,5 @@ "main": "argon2.js", | ||
| "install": "node-pre-gyp install --fallback-to-build", | ||
| "lint": "standard --verbose", | ||
| "format": "prettier --write \"**/*.{js,json,ts}\"", | ||
| "test": "nyc mocha test/test.js", | ||
| "test:ts": "tsc -p . && node test/test-d.js", | ||
| "postinstall": "opencollective-postinstall || true" | ||
| "test:ts": "tsc -p . && node test/test-d.js" | ||
| }, | ||
@@ -53,12 +52,11 @@ "repository": { | ||
| "@phc/format": "^1.0.0", | ||
| "node-addon-api": "^4.3.0", | ||
| "opencollective-postinstall": "^2.0.3" | ||
| "node-addon-api": "^4.3.0" | ||
| }, | ||
| "devDependencies": { | ||
| "@types/node": "^17.0.14", | ||
| "mocha": "^9.2.0", | ||
| "node-gyp": "^8.4.1", | ||
| "@types/node": "^17.0.21", | ||
| "mocha": "^9.2.1", | ||
| "node-gyp": "^9.0.0", | ||
| "nyc": "^15.1.0", | ||
| "standard": "^16.0.4", | ||
| "typescript": "^4.5.5" | ||
| "prettier": "^2.5.1", | ||
| "typescript": "^4.6.2" | ||
| }, | ||
@@ -65,0 +63,0 @@ "binary": { |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Install scripts
Supply chain riskInstall scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.07%
184390
- Dependency count
- decreased by-25%
3
- Lines of code
- increased by55.68%
137
- Number of high supply chain risk alerts
- decreased by-50%
1
- Number of low supply chain risk alerts
- decreased by-100%
0
Dependency changes
- Removedopencollective-postinstall@^2.0.3
- Removedopencollective-postinstall@2.0.3(transitive)