bcrypt - npm Package Compare versions
Comparing version 4.0.1 to 5.0.0
@@ -0,1 +1,10 @@ | ||
| # 5.0.0 (2020-06-02) | ||
| * Fix the bcrypt "wrap-around" bug. It affects passwords with lengths >= 255. | ||
| It is uncommon but it's a bug nevertheless. Previous attempts to fix the bug | ||
| was unsuccessful. | ||
| * Experimental support for z/OS | ||
| * Fix a bug related to NUL in password input | ||
| * Update `node-pre-gyp` to 0.15.0 | ||
| # 4.0.1 (2020-02-27) | ||
@@ -2,0 +11,0 @@ |
@@ -14,3 +14,3 @@ { | ||
| "main": "./bcrypt", | ||
| "version": "4.0.1", | ||
| "version": "5.0.0", | ||
| "author": "Nick Campbell (https://github.com/ncb000gt)", | ||
@@ -33,4 +33,4 @@ "engines": { | ||
| "dependencies": { | ||
| "node-pre-gyp": "0.14.0", | ||
| "node-addon-api": "^2.0.0" | ||
| "node-pre-gyp": "0.15.0", | ||
| "node-addon-api": "^3.0.0" | ||
| }, | ||
@@ -63,4 +63,4 @@ "devDependencies": { | ||
| "package_name": "{module_name}-v{version}-napi-v{napi_build_version}-{platform}-{arch}-{libc}.tar.gz", | ||
| "host": "https://github.com/kelektiv/node.bcrypt.js/releases/download/", | ||
| "remote_path": "v{version}", | ||
| "host": "https://github.com", | ||
| "remote_path": "kelektiv/node.bcrypt.js/releases/download/v{version}", | ||
| "napi_versions": [ | ||
@@ -67,0 +67,0 @@ 3 |
@@ -22,9 +22,14 @@ var bcrypt = require('../bcrypt'); | ||
| assert.strictEqual(bcrypt.hashSync("012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234", "$2a$05$CCCCCCCCCCCCCCCCCCCCC."), "$2a$05$CCCCCCCCCCCCCCCCCCCCC.6.O1dLNbjod2uo0DVcW.jHucKbPDdHS"); | ||
| assert.strictEqual(bcrypt.hashSync("0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345", "$2a$05$CCCCCCCCCCCCCCCCCCCCC."), "$2a$05$CCCCCCCCCCCCCCCCCCCCC.6.O1dLNbjod2uo0DVcW.jHucKbPDdHS"); | ||
| assert.strictEqual(bcrypt.hashSync("01XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", "$2a$05$CCCCCCCCCCCCCCCCCCCCC."), "$2a$05$CCCCCCCCCCCCCCCCCCCCC.6.O1dLNbjod2uo0DVcW.jHucKbPDdHS"); | ||
| // tests for $2b$ which fixes wrap-around bugs | ||
| assert.strictEqual(bcrypt.hashSync("012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234", "$2b$05$CCCCCCCCCCCCCCCCCCCCC."), "$2b$05$CCCCCCCCCCCCCCCCCCCCC.XxrQqgBi/5Sxuq9soXzDtjIZ7w5pMfK"); | ||
| assert.strictEqual(bcrypt.hashSync("0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345", "$2b$05$CCCCCCCCCCCCCCCCCCCCC."), "$2b$05$CCCCCCCCCCCCCCCCCCCCC.6.O1dLNbjod2uo0DVcW.jHucKbPDdHS"); | ||
| assert.strictEqual(bcrypt.hashSync("0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345", "$2b$05$CCCCCCCCCCCCCCCCCCCCC."), "$2b$05$CCCCCCCCCCCCCCCCCCCCC.XxrQqgBi/5Sxuq9soXzDtjIZ7w5pMfK"); | ||
| assert.done(); | ||
| }, | ||
| test_embedded_nulls: function(assert) { | ||
| assert.strictEqual(bcrypt.hashSync("Passw\0rd123", "$2b$05$CCCCCCCCCCCCCCCCCCCCC."), "$2b$05$CCCCCCCCCCCCCCCCCCCCC.VHy/kzL4sCcX3Ib3wN5rNGiRt.TpfxS"); | ||
| assert.strictEqual(bcrypt.hashSync("Passw\0 you can literally write anything after the NUL character", "$2b$05$CCCCCCCCCCCCCCCCCCCCC."), "$2b$05$CCCCCCCCCCCCCCCCCCCCC.4vJLJQ6nZ/70INTjjSZWQ0iyUek92tu"); | ||
| assert.done(); | ||
| }, | ||
| test_shorten_salt_to_128_bits: function(assert) { | ||
@@ -31,0 +36,0 @@ assert.strictEqual(bcrypt.hashSync("test", "$2a$10$1234567899123456789012"), "$2a$10$123456789912345678901u.OtL1A1eGK5wmvBKUDYKvuVKI7h2XBu"); |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Deprecated
MaintenanceThe maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.
Found 1 instance in 1 package
Native code
Supply chain riskContains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by1.2%
148111
- Lines of code
- increased by0.52%
967
- Number of medium maintenance alerts
- decreased by-100%
0
- Number of medium supply chain risk alerts
- decreased by-50%
1
Dependency changes
+ Addednode-addon-api@3.2.1(transitive)
+ Addednode-pre-gyp@0.15.0(transitive)
- Removednode-addon-api@2.0.2(transitive)
- Removednode-pre-gyp@0.14.0(transitive)
Updatednode-addon-api@^3.0.0
Updatednode-pre-gyp@0.15.0