cryptiles - npm Package Compare versions

Comparing version 3.1.2 to 3.1.3

lib/index.js

@@ -6,2 +6,3 @@ 'use strict';
 const Crypto = require('crypto');
+
 const Boom = require('boom');
@@ -33,13 +34,26 @@
 
-    const buffer = exports.randomBits(size * 8);
-    if (buffer instanceof Error) {
-        return buffer;
-    }
+    try {
+        const digits = [];
 
-    const digits = [];
-    for (let i = 0; i < buffer.length; ++i) {
-        digits.push(Math.floor(buffer[i] / 25.6));
+        let buffer = internals.random(size * 2);            // Provision twice the amount of bytes needed to increase chance of single pass
+        let pos = 0;
+
+        while (digits.length < size) {
+            if (pos >= buffer.length) {
+                buffer = internals.random(size * 2);
+                pos = 0;
+            }
+
+            if (buffer[pos] < 250) {
+                digits.push(buffer[pos] % 10);
+            }
+
+            ++pos;
+        }
+
+        return digits.join('');
     }
-
-    return digits.join('');
+    catch (err) {
+        return err;
+    }
 };
@@ -60,6 +74,6 @@
     try {
-        return Crypto.randomBytes(bytes);
+        return internals.random(bytes);
     }
     catch (err) {
-        return Boom.internal('Failed generating random bits: ' + err.message);
+        return err;
     }
@@ -73,20 +87,19 @@ };
 
-    if (typeof a !== 'string' ||
-        typeof b !== 'string') {
-
+    try {
+        return Crypto.timingSafeEqual(Buffer.from(a), Buffer.from(b));
+    }
+    catch (err) {
         return false;
     }
+};
 
-    let mismatch = (a.length === b.length ? 0 : 1);
-    if (mismatch) {
-        b = a;
-    }
 
-    for (let i = 0; i < a.length; ++i) {
-        const ac = a.charCodeAt(i);
-        const bc = b.charCodeAt(i);
-        mismatch |= (ac ^ bc);
+internals.random = function (bytes) {
+
+    try {
+        return Crypto.randomBytes(bytes);
     }
-
-    return (mismatch === 0);
+    catch (err) {
+        throw Boom.internal('Failed generating random bits: ' + err.message);
+    }
 };

package.json

 {
   "name": "cryptiles",
   "description": "General purpose crypto utilities",
-  "version": "3.1.2",
+  "version": "3.1.3",
   "repository": "git://github.com/hapijs/cryptiles",
@@ -13,3 +13,3 @@ "main": "lib/index.js",
   "engines": {
-    "node": ">=4.0.0"
+    "node": ">=6.14.4"
   },
@@ -24,6 +24,6 @@ "dependencies": {
   "scripts": {
-    "test": "lab -a code -t 100 -L",
-    "test-cov-html": "lab -a code -r html -o coverage.html"
+    "test": "lab -a code -t 100 -I SharedArrayBuffer,Atomics -m 5000",
+    "test-cov-html": "lab -a code -I SharedArrayBuffer,Atomics -m 5000 -r html -o coverage.html"
   },
   "license": "BSD-3-Clause"
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

4945

increased by2.83%

Lines of code

68

increased by17.24%

No dependency changes