Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
browserify-aes
Advanced tools
The browserify-aes package is a JavaScript implementation of the AES (Advanced Encryption Standard) cryptographic algorithm. It is designed to be compatible with the crypto module in Node.js, making it useful for browser environments where the crypto module is not natively available. This package allows for encryption and decryption of data using AES, supporting various modes of operation and key sizes.
Encryption
This feature allows you to encrypt data using AES. The code sample demonstrates how to create a cipher instance, encrypt some text, and output the encrypted data in hex format.
const crypto = require('browserify-aes');
const cipher = crypto.createCipher('aes-256-cbc', 'password');
let encrypted = cipher.update('some clear text data', 'utf8', 'hex');
encrypted += cipher.final('hex');
console.log(encrypted);
Decryption
This feature enables you to decrypt data that was previously encrypted with AES. The code sample shows how to create a decipher instance, decrypt some encrypted data, and output the original text.
const crypto = require('browserify-aes');
const decipher = crypto.createDecipher('aes-256-cbc', 'password');
let decrypted = decipher.update(encrypted, 'hex', 'utf8');
decrypted += decipher.final('utf8');
console.log(decrypted);
Crypto-js is a package that provides cryptographic functionalities including AES encryption. It offers a broader range of cryptographic algorithms compared to browserify-aes, making it more versatile for different security requirements.
Node-forge is a JavaScript implementation of various networking and cryptography protocols. It includes support for AES encryption among many other cryptographic operations. Compared to browserify-aes, node-forge offers a more comprehensive suite of cryptographic tools, including certificate management and SSL/TLS support.
Node style aes for use in the browser. Implements:
In node.js, the crypto
implementation is used, in browsers it falls back to a pure JavaScript implementation.
Much of this library has been taken from the aes implementation in triplesec, a partial derivation of crypto-js.
EVP_BytesToKey
is a straight up port of the same function from OpenSSL as there is literally no documenation on it beyond it using 'undocumented extensions' for longer keys.
FAQs
aes, for browserify
The npm package browserify-aes receives a total of 7,052,534 weekly downloads. As such, browserify-aes popularity was classified as popular.
We found that browserify-aes demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.