Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
asset-hash
Advanced tools
Readme
Asset Hash is a quick wrapper around hashing libraries for efficient and fast hashing of asset files like images, web fonts, etc. By default it uses the cross-platform performance-optimized XXHash-WASM and a Base52 encoding ([a-zA-Z]
) which works well for file names and urls and has a larger dictionary than when using traditional hex.
Note: Using the modern XXHash-WASM requires NodeJS >= v16. The module still supports older NodeJS v14 through the usage of the (optional) farmhash module.
Table of Contents
npm install asset-hash
yarn add asset-hash
For speed comparisons of different algorithms we created a small repository containing the source code and some results. Check it out. TLDR: Modern non-cryptographic hashing could be way faster than traditional solutions like MD5 or SHA1. Best algorithms right now for our use cases seems to be XXHash (WASM) and Farmhash. This is why we integrated both while making the WASM powered XXHash the default for improved developer experience.
There are two main methods: getHash(filePath, options)
and getHashedName(filePath, options)
and a more traditional class Hasher(options)
. Both methods return a Promise with there actual hash or hash file name as a result. The class offers the pretty traditional methods update(data)
and digest(options)
to send data or to retrieve the hash.
Options:
algorithm
: Any valid hashing algorithm e.g. xxhash64
(default), xxhash32
, farmhash32
, farmhash64
, sha1
, md5
, ...encoding
: Any valid encoding for built-in digests hex
, base64
, base62
, ...maxLength
: Maximum length of returned digest. Keep in mind that this increases collision probability.Please note:
farmhash32
and farmhash64
do not support streaming. When using the file hashing APIs it's collecting all data first before producing the hash. This might result in higher memory usage!getHash()
import { getHash } from "asset-hash"
...
const hash = await getHash("./src/fixtures/font.woff")
console.log("Hash:", hash) => "Hash: fXQovA"
getHashedName()
The hashed file name replaces the name part of the file with the hash while keeping the file extension.
import { getHashedName } from "asset-hash"
...
const hashedName = await getHashedName("./src/fixtures/font.woff")
console.log("Hashed Filename:", hashedName) => "Hashed Filename: fXQovA.woff"
Hasher
import { Hasher } from "asset-hash"
const hasher = new Hasher()
hasher.update(data)
console.log("Hashed Data:", hasher.digest()) => "Hashed Data: XDOPW"
You can use the powerful hashing of AssetHash inside Webpack as well. This leads to a) better performance and b) shorter hashes. Wo correctly support the WASM-based hashes your Webpack configuration should be created using an async function.
Here is an example configuration:
import { Hasher, initHashClasses } from "asset-hash"
module.exports = async () => {
await initHashClasses()
return {
...
output: {
hashFunction: Hasher,
hashDigest: "base52",
hashDigestLength: 8
}
...
}
}
Apache License; Version 2.0, January 2004
Copyright 2017-2022
Sebastian Software GmbH
FAQs
Very fast asset hashing function for using e.g. during front-end deployments.
The npm package asset-hash receives a total of 646 weekly downloads. As such, asset-hash popularity was classified as not popular.
We found that asset-hash demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.