Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
asset-hash
Advanced tools
Very fast asset hashing function for using e.g. during front-end deployments.
Asset Hash is a quick wrapper around hashing libraries for efficient and fast hashing of asset files like images, web fonts, etc. By default it uses the performance-optimized Metrohash and a Base52 encoding ([a-zA-Z]
) which works well for file names and urls and has a larger dictionary than when using hex.
$ npm install asset-hash
$ yarn add asset-hash
For speed comparisons of different algorithms we created a small repository containing the source code and some results. Check it out. TLDR: Modern non-cryptographic hashing could be way faster than cryptographic solutions like MD5 or SHA1. Best algorithm right now for our use cases seems to be MetroHash128. This is why we made it the default.
There are two main methods: getHash(filePath, options)
and getHashedName(filePath, options)
and a more traditional class Hasher(options)
. Both methods return a Promise with there actual hash or hash file name as a result. The class offers the pretty traditional methods update(data)
and digest(options)
to send data or to retrieve the hash.
Options:
hash
: Any valid hashing algorithm e.g. metrohash128
(default), metrohash64
, xxhash64
, xxhash32
, sha1
, md5
, ...encoding
: Any valid encoding for built-in digests hex
, base64
, base62
, ...maxLength
: Maximum length of returned digest. Keep in mind that this increases collison probability.getHash()
import { getHash } from "asset-hash"
getHash("./src/fixtures/font.woff").then((hash) => {
console.log("Hash:", hash) => "Hash: fXQovA"
})
getHashedName()
The hashed file name replaces the name part of the file with the hash while keeping the file extension.
import { getHashedName } from "asset-hash"
getHashedName("./src/fixtures/font.woff").then((hashedName) => {
console.log("Hashed Filename:", hashedName) => "Hashed Filename: fXQovA.woff"
})
Hasher()
The class is e.g. useful in e.g. output.hashFunction
in Webpack
import { Hasher } from "asset-hash"
const hasher = new Hasher()
hasher.update(data)
console.log("Hashed Data:", hasher.digest()) => "Hashed Data: XDOPW"
Apache License; Version 2.0, January 2004
Copyright 2017-2018
Sebastian Software GmbH
FAQs
Very fast asset hashing function for using e.g. during front-end deployments.
The npm package asset-hash receives a total of 2,551 weekly downloads. As such, asset-hash popularity was classified as popular.
We found that asset-hash demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
Security News
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.