bcrypt
Advanced tools
Comparing version 3.0.4 to 3.0.5
@@ -0,7 +1,11 @@ | ||
# 3.0.5 (2019-03-19) | ||
* Update `nan` to 2.13.1 | ||
* NodeJS 12 compatibility | ||
* Remove `node-pre-gyp` from bundled dependencies | ||
# 3.0.4 (2019-02-07) | ||
* Fix GCC, NAN and V8 deprecation warnings | ||
* NodeJS 12 compatibility | ||
# 3.0.3 (2018-12-19) | ||
@@ -8,0 +12,0 @@ |
@@ -14,3 +14,3 @@ { | ||
"main": "./bcrypt", | ||
"version": "3.0.4", | ||
"version": "3.0.5", | ||
"author": "Nick Campbell (https://github.com/ncb000gt)", | ||
@@ -33,3 +33,3 @@ "engines": { | ||
"dependencies": { | ||
"nan": "2.12.1", | ||
"nan": "2.13.1", | ||
"node-pre-gyp": "0.12.0" | ||
@@ -40,5 +40,2 @@ }, | ||
}, | ||
"bundledDependencies": [ | ||
"node-pre-gyp" | ||
], | ||
"contributors": [ | ||
@@ -45,0 +42,0 @@ "Antonio Salazar Cardozo <savedfastcool@gmail.com> (https://github.com/Shadowfiend)", |
@@ -5,12 +5,12 @@ # node.bcrypt.js | ||
Lib to help you hash passwords. | ||
[bcrypt on wikipedia][bcryptwiki] | ||
A library to help you hash passwords. | ||
Catalyst for this module: [How To Safely Store A Password][codahale] | ||
You can read about [bcrypt in Wikipedia][bcryptwiki] as well as in the following article: | ||
[How To Safely Store A Password][codahale] | ||
## If You Are Submitting Bugs/Issues | ||
## If You Are Submitting Bugs or Issues | ||
First, make sure that the version of node you are using is a _stable_ version. You'll know this because it'll have an even major release number. We do not currently support unstable versions and while the module may happen to work on some unstable versions you'll find that we quickly close issues if you're not using a stable version. | ||
Verify that the node version you are using is a _stable_ version; it has an even major release number. Unstable versions are currently not supported and issues created while using an unstable version will be closed. | ||
If you are on a stable version of node, we can't magically know what you are doing to expose an issue, it is best if you provide a snippet of code or log files if you're having an install issue. This snippet need not include your secret sauce, but it must replicate the issue you are describing. The issues that get closed without resolution tend to be the ones that don't help us help you. Thanks. | ||
If you are on a stable version of node, please provide a sufficient code snippet or log files for installation issues. The code snippet does not require you to include confidential information. However, it must provide enough information such that the problem can be replicable. Issues which are closed without resolution often lack required information for replication. | ||
@@ -27,5 +27,6 @@ | ||
| 8 | >= 1.0.3 | | ||
| 10 | >= 3 | | ||
| 10, 11 | >= 3 | | ||
| 12 | >= 3.0.5 | | ||
`node-gyp` only works with stable/released versions of node. Since the `bcrypt` module uses `node-gyp` to build and install you'll need a stable version of node to use bcrypt. If you do not you'll likely see an error that starts with: | ||
`node-gyp` only works with stable/released versions of node. Since the `bcrypt` module uses `node-gyp` to build and install, you'll need a stable version of node to use bcrypt. If you do not you'll likely see an error that starts with: | ||
@@ -36,7 +37,7 @@ ``` | ||
## Security Issues/Concerns | ||
## Security Issues And Concerns | ||
> Per bcrypt implementation, only the first 72 characters of a string are used. Any extra characters are ignored when matching passwords. | ||
As should be the case with any security tool, this library should be scrutinized by anyone using it. If you find or suspect an issue with the code- please bring it to my attention and I'll spend some time trying to make sure that this tool is as secure as possible. | ||
As should be the case with any security tool, this library should be scrutinized by anyone using it. If you find or suspect an issue with the code, please bring it to my attention and I'll spend some time trying to make sure that this tool is as secure as possible. | ||
@@ -77,3 +78,3 @@ To make it easier for people using this tool to analyze what has been surveyed, here is a list of BCrypt related security issues/concerns as they've come up. | ||
Only the current stable and the supported LTS releases are actively tested against. Please note that there may be an interval between the release of the module and the availabilty of the compiled modules. | ||
Only the current stable and supported LTS releases are actively tested against. Please note that there may be an interval between the release of the module and the availabilty of the compiled modules. | ||
@@ -92,3 +93,3 @@ Currently, we have pre-built binaries that support the following platforms: | ||
Make sure you have the appropriate dependencies installed and configured for your platform. You can find installation instructions for the dependencies for some common platforms [in this page][depsinstall]. | ||
make sure you have the appropriate dependencies installed and configured for your platform. You can find installation instructions for the dependencies for some common platforms [in this page][depsinstall]. | ||
@@ -95,0 +96,0 @@ ## Usage |
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 3 instances in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 37 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 3 instances in 1 package
Mixed license
License(Experimental) Package contains multiple licenses.
Found 1 instance in 1 package
Non-permissive License
License(Experimental) A license not known to be considered permissive was found
Found 1 instance in 1 package
Unidentified License
License(Experimental) Something that seems like a license was found, but its contents could not be matched with a known license
Found 7 instances in 1 package
0
100
339
1
2
110980
23
963
+ Addedabbrev@1.1.1(transitive)
+ Addedansi-regex@2.1.1(transitive)
+ Addedaproba@1.2.0(transitive)
+ Addedare-we-there-yet@1.1.7(transitive)
+ Addedbalanced-match@1.0.2(transitive)
+ Addedbrace-expansion@1.1.11(transitive)
+ Addedchownr@1.1.4(transitive)
+ Addedcode-point-at@1.1.0(transitive)
+ Addedconcat-map@0.0.1(transitive)
+ Addedconsole-control-strings@1.1.0(transitive)
+ Addedcore-util-is@1.0.3(transitive)
+ Addeddebug@3.2.7(transitive)
+ Addeddeep-extend@0.6.0(transitive)
+ Addeddelegates@1.0.0(transitive)
+ Addeddetect-libc@1.0.3(transitive)
+ Addedfs-minipass@1.2.7(transitive)
+ Addedfs.realpath@1.0.0(transitive)
+ Addedgauge@2.7.4(transitive)
+ Addedglob@7.2.3(transitive)
+ Addedhas-unicode@2.0.1(transitive)
+ Addediconv-lite@0.4.24(transitive)
+ Addedignore-walk@3.0.4(transitive)
+ Addedinflight@1.0.6(transitive)
+ Addedinherits@2.0.4(transitive)
+ Addedini@1.3.8(transitive)
+ Addedis-fullwidth-code-point@1.0.0(transitive)
+ Addedisarray@1.0.0(transitive)
+ Addedminimatch@3.1.2(transitive)
+ Addedminimist@1.2.8(transitive)
+ Addedminipass@2.9.0(transitive)
+ Addedminizlib@1.3.3(transitive)
+ Addedmkdirp@0.5.6(transitive)
+ Addedms@2.1.3(transitive)
+ Addednan@2.13.1(transitive)
+ Addedneedle@2.9.1(transitive)
+ Addednode-pre-gyp@0.12.0(transitive)
+ Addednopt@4.0.3(transitive)
+ Addednpm-bundled@1.1.2(transitive)
+ Addednpm-normalize-package-bin@1.0.1(transitive)
+ Addednpm-packlist@1.4.8(transitive)
+ Addednpmlog@4.1.2(transitive)
+ Addednumber-is-nan@1.0.1(transitive)
+ Addedobject-assign@4.1.1(transitive)
+ Addedonce@1.4.0(transitive)
+ Addedos-homedir@1.0.2(transitive)
+ Addedos-tmpdir@1.0.2(transitive)
+ Addedosenv@0.1.5(transitive)
+ Addedpath-is-absolute@1.0.1(transitive)
+ Addedprocess-nextick-args@2.0.1(transitive)
+ Addedrc@1.2.8(transitive)
+ Addedreadable-stream@2.3.8(transitive)
+ Addedrimraf@2.7.1(transitive)
+ Addedsafe-buffer@5.1.25.2.1(transitive)
+ Addedsafer-buffer@2.1.2(transitive)
+ Addedsax@1.3.0(transitive)
+ Addedsemver@5.7.2(transitive)
+ Addedset-blocking@2.0.0(transitive)
+ Addedsignal-exit@3.0.7(transitive)
+ Addedstring-width@1.0.2(transitive)
+ Addedstring_decoder@1.1.1(transitive)
+ Addedstrip-ansi@3.0.1(transitive)
+ Addedstrip-json-comments@2.0.1(transitive)
+ Addedtar@4.4.19(transitive)
+ Addedutil-deprecate@1.0.2(transitive)
+ Addedwide-align@1.1.5(transitive)
+ Addedwrappy@1.0.2(transitive)
+ Addedyallist@3.1.1(transitive)
- Removednan@2.12.1(transitive)
Updatednan@2.13.1