checkr - npm Package Compare versions
Comparing version 0.0.9 to 0.1.0
@@ -1,39 +0,1 @@ | ||
| var checksum = require('checksum'); | ||
| var modes = { | ||
| 1: 'md4', | ||
| 2: 'md5', | ||
| 4: 'sha', | ||
| 8: 'sha1', | ||
| 16: 'sha224', | ||
| 32: 'sha256', | ||
| 64: 'sha384', | ||
| 128: 'sha512' | ||
| }; | ||
| module.exports = function(analyte, mode) { | ||
| mode = mode || 10; | ||
| var s = {}; | ||
| var e = []; | ||
| for (var i = 1; i < 256; i *= 2) { | ||
| var a = i; | ||
| if (mode & i) { | ||
| s[modes[i]] = checksum(analyte, {algorithm: modes[i]}); | ||
| (function(a) { | ||
| e.push(function(cso) { | ||
| return s[modes[a]] == cso[modes[a]]; | ||
| }); | ||
| })(i); | ||
| } | ||
| } | ||
| s._ = function(cso) { | ||
| for (var i = 0; i < e.length; i++) { | ||
| if (!e[i](cso)) { | ||
| return false; | ||
| } | ||
| } | ||
| return true; | ||
| } | ||
| return s; | ||
| } | ||
| var cs=require("checksum"),modes={1:"md4",2:"md5",4:"sha",8:"sha1",16:"sha224",32:"sha256",64:"sha384",128:"sha512"};module.exports=function(f,d){d=d||10;for(var c={},e=[],a=1;256>a;a*=2)d&a&&(c[modes[a]]=cs(f,{algorithm:modes[a]}),function(a){e.push(function(b){return c[modes[a]]==b[modes[a]]})}(a));c._=function(a){for(var b=0;b<e.length;b++)if(!e[b](a))return!1;return!0};return c}; |
| { | ||
| "name": "checkr", | ||
| "version": "v0.0.9", | ||
| "version": "v0.1.0", | ||
@@ -6,0 +6,0 @@ "description": "A lightweight and secure checksum validator for passwords and other sensitive data.", |
| #Checkr | ||
| A secure way of storing passwords and other sensitive identification information on a database is to store the checksums of the data, instead of storing the data itself. If a database is hacked or otherwise inappropriately accessed, only the checksums can be obtained, making it very hard to discover the actual password used to login. When a login is requested, the checksums of the login password and the password stored in the database can be compared. Checkr provides a simple interface for verifying passwords, whose checksum objects or individual checksums can be easily stored on and read from a database. | ||
| A secure way of storing passwords and other sensitive identification information on a database is to store the checksums of the data, instead of storing the data itself. If a database is hacked or otherwise inappropriately accessed, only the checksums can be obtained, making it very hard to discover the actual password used to login. When a login is requested, the checksums of the login password and the password stored in the database can be compared. Checkr provides a simple interface for verifying passwords, whose checksum objects or individual checksums can be easily stored on and read from a database. Checkr has been fully optimized at the ease of the V8 engine. | ||
@@ -35,2 +35,4 @@ ##Include Checkr | ||
| Hastypes can be passed in as a second argument to the checkr module. | ||
| ##Checkr verify hash objects | ||
@@ -49,36 +51,38 @@ | ||
| ##Clarification | ||
| During benchmarking, checkr was shown to slow down greatly if the module itself was used as a function. Therefore the function checkr#_ was implemented in production. | ||
| ##Speedtest | ||
| True Cases | ||
| 1 Million Comprehensive Checks - Cached: 325.990 ms | ||
| 1 Million Standard Checks - Cached: 89.565 ms | ||
| 1 Million Basic Checks - Cached: 49.664 ms | ||
| 1 Million Comprehensive Checks - Cached: 0 s, 317.673 ms | ||
| 1 Million Standard Checks - Cached: 0 s, 92.298 ms | ||
| 1 Million Basic Checks - Cached: 0 s, 50.342 ms | ||
| 1 Thousand Comprehensive Checks - Cached: 0.340 ms | ||
| 1 Thousand Standard Checks - Cached: 0.097 ms | ||
| 1 Thousand Basic Checks - Cached: 0.057 ms | ||
| 1 Thousand Comprehensive Checks - Cached: 0 s, 0.349 ms | ||
| 1 Thousand Standard Checks - Cached: 0 s, 0.094 ms | ||
| 1 Thousand Basic Checks - Cached: 0 s, 0.057 ms | ||
| 1 Thousand Comprehensive Checks - Evaluated: 209.295 ms | ||
| 1 Thousand Standard Checks - Evaluated: 67.475 ms | ||
| 1 Thousand Basic Checks - Evaluated: 16.026 ms | ||
| 1 Thousand Comprehensive Checks - Evaluated: 0 s, 210.256 ms | ||
| 1 Thousand Standard Checks - Evaluated: 0 s, 67.302 ms | ||
| 1 Thousand Basic Checks - Evaluated: 0 s, 14.944 ms | ||
| False Cases | ||
| 1 Million Comprehensive Checks - Cached: 52.042 ms | ||
| 1 Million Standard Checks - Cached: 51.740 ms | ||
| 1 Million Basic Checks - Cached: 51.869 ms | ||
| 1 Million Comprehensive Checks - Cached: 0 s, 52.307 ms | ||
| 1 Million Standard Checks - Cached: 0 s, 51.685 ms | ||
| 1 Million Basic Checks - Cached: 0 s, 53.365 ms | ||
| 1 Thousand Comprehensive Checks - Cached: 0.057 ms | ||
| 1 Thousand Standard Checks - Cached: 0.056 ms | ||
| 1 Thousand Basic Checks - Cached: 0.185 ms | ||
| 1 Thousand Comprehensive Checks - Cached: 0 s, 0.057 ms | ||
| 1 Thousand Standard Checks - Cached: 0 s, 0.056 ms | ||
| 1 Thousand Basic Checks - Cached: 0 s, 0.165 ms | ||
| 1 Thousand Comprehensive Checks - Evaluated: 194.986 ms | ||
| 1 Thousand Standard Checks - Evaluated: 40.793 ms | ||
| 1 Thousand Basic Checks - Evaluated: 40.871 ms | ||
| 1 Thousand Comprehensive Checks - Evaluated: 0 s, 195.079 ms | ||
| 1 Thousand Standard Checks - Evaluated: 0 s, 40.091 ms | ||
| 1 Thousand Basic Checks - Evaluated: 0 s, 41.099 ms | ||
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Manifest confusion
Supply chain riskThis package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.
Found 1 instance in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 2 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Minified code
QualityThis package contains minified code. This may be harmless in some cases where minified code is included in packaged libraries, however packages on npm should not minify code.
Found 1 instance in 1 package
Mixed license
License(Experimental) Package contains multiple licenses.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Manifest confusion
Supply chain riskThis package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by2911.58%
110224
- Number of package files
- increased by1466.67%
47
- Lines of code
- increased by4244.44%
1564
- Number of lines in readme file
- increased by4.82%
87
Worsened metrics
- Number of low license alerts
- increased byInfinity%
1
- Number of low quality alerts
- increased by50%
3
- Number of low supply chain risk alerts
- increased byInfinity%
13
- Number of medium supply chain risk alerts
- increased by100%
4