Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
create-hash
Advanced tools
Package description
The create-hash npm package is a utility for creating hash digests of data. It implements the Node.js crypto.createHash API in pure JavaScript, making it compatible with environments where Node's native crypto module is not available. This package supports various hashing algorithms, such as SHA-1, SHA-256, and MD5, allowing users to generate fixed-size hash outputs from input data. It is commonly used for creating unique identifiers, checksums, or for password hashing and data integrity verification.
Creating a SHA-256 hash
This code demonstrates how to create a SHA-256 hash of the string 'hello world'. It uses the 'create-hash' package to create a hash object, updates the hash with the input data, and then outputs the digest in hexadecimal format.
"use strict";\nconst createHash = require('create-hash');\nconst hash = createHash('sha256');\nhash.update('hello world');\nconsole.log(hash.digest('hex'));
Creating an MD5 hash
This example shows how to generate an MD5 hash of the string 'example data'. Similar to the previous example, it creates an MD5 hash object, updates it with the input, and outputs the resulting digest in hex format.
"use strict";\nconst createHash = require('create-hash');\nconst hash = createHash('md5');\nhash.update('example data');\nconsole.log(hash.digest('hex'));
Crypto-js is a package that provides cryptographic functionalities including various hash functions, cipher algorithms, and secure random number generators. Compared to create-hash, crypto-js offers a broader range of cryptographic functions beyond just hashing.
Hash.js is a lightweight hash library that supports several hash algorithms like SHA-1, SHA-256, and SHA-512. While similar in functionality to create-hash, hash.js focuses on being a minimalistic and standalone hash library.
Readme
FAQs
create hashes for browserify
The npm package create-hash receives a total of 6,657,914 weekly downloads. As such, create-hash popularity was classified as popular.
We found that create-hash demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.