Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
concealer
Advanced tools
Readme
A fast two-way encryption module to generate unique, random-appearing, non-sequential strings from integers. This is a great way to encode database primary keys before presenting them to the user.
Development on Concealer is sponsored by Sparo Labs.
And to make the output more URL-friendly, the algorithm automatically tries to avoid generating output with common English curse words by reserving some letters (cfhistuCFHISTU
) for use as separators.
Security Note: This module uses the SKIP32 algorithm, which is a 80-bit key, 32-bit block symmetric cipher based on Skipjack. This module is not intended to be cryptographically secure; it may be possible, with enough encoded results, to determine the key and salt used and break the encryption. Please do not use this module for anything that you must keep absolutely secure; this module is more useful for making URL-ready strings representing database primary keys that you would rather not directly expose to the end-user.
$ npm install --save concealer
new Concealer(secretKey, salt, [minLength], [customAlphabet])
Creates a new Concealer
object where:
secretKey
- An array of bytes to use for the secret key. The method will use up to the first ten bytes in the array and will duplicate values provided if there are less. It is highly recommended to provide all ten bytes for the most secure encryption.salt
- A string to use for the salt for the encryption process.minLength
- An optional minimum integer length for the output. Depending on the size of the primary key, the encoded string could be longer than the given minimum.customAlphabet
- An optional string to define a custom alphabet for generating the encoded string. The string must contain all unique characters, no spaces, and be at least 16 characters long.const Concealer = require('concealer');
// Do ***NOT*** use these keys and salts in a production system
const key = [ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x10 ];
const salt = 'example salt';
const minLength = 8;
const concealer = new Concealer(key, salt, minLength);
concealer.encode(key)
Encrypts and encodes an integer key into an obfuscated string where:
key
- A non-negative integer to encode.Returns the resulting encoded string.
concealer.encode(1);
// 'ZBoM3XdG'
concealer.encode(2);
// 'ZlllPKa5'
concealer.encode(3);
// 'D4GqMMzA'
concealer.decode(key)
Decrypts encoded key string back to a number where:
key
- The encoded key string.Returns the decoded number or null if the key string cannot be decoded.
concealer.decode('ZlllPKa5');
// 2
concealer.decode('manipulated key string');
// null
This project is licensed under the MIT license. See the LICENSE file for more info.
FAQs
A primary key encoding utility
The npm package concealer receives a total of 8 weekly downloads. As such, concealer popularity was classified as not popular.
We found that concealer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.