Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
crypto-browserify
Advanced tools
The crypto-browserify package is a port of Node.js' crypto module to the browser. It allows for various cryptographic operations such as hashing, HMAC, encryption, decryption, and signing in a way that is compatible with the Node.js API.
Hashing
This feature allows you to create a hash of some data using various algorithms like SHA256. The example code demonstrates how to hash the string 'some data' and get a hexadecimal digest.
const crypto = require('crypto-browserify');
const hash = crypto.createHash('sha256').update('some data').digest('hex');
HMAC
HMAC stands for Hash-based Message Authentication Code. This feature allows you to create an HMAC to verify the integrity and authenticity of a message with a secret key. The example code shows how to create an HMAC for the string 'some data' using the SHA256 algorithm and a secret key.
const crypto = require('crypto-browserify');
const hmac = crypto.createHmac('sha256', 'a secret').update('some data').digest('hex');
Encryption/Decryption
This feature allows you to encrypt and decrypt data. The example code demonstrates how to encrypt the string 'some data' with the AES-256-CBC algorithm and a password, and then how to decrypt it back to its original form.
const crypto = require('crypto-browserify');
const cipher = crypto.createCipher('aes-256-cbc', 'a password');
let encrypted = cipher.update('some data', 'utf8', 'hex');
encrypted += cipher.final('hex');
const decipher = crypto.createDecipher('aes-256-cbc', 'a password');
let decrypted = decipher.update(encrypted, 'hex', 'utf8');
decrypted += decipher.final('utf8');
Signing/Verifying
This feature allows you to sign data to prove its origin and integrity, and to verify signatures. The example code shows how to sign the string 'some data' with a private key and then verify the signature with the corresponding public key.
const crypto = require('crypto-browserify');
const sign = crypto.createSign('SHA256');
sign.update('some data');
const signature = sign.sign('a private key', 'hex');
const verify = crypto.createVerify('SHA256');
verify.update('some data');
const isValid = verify.verify('a public key', signature, 'hex');
Forge is a native JavaScript implementation of various cryptographic algorithms. It is similar to crypto-browserify but offers a wider range of features, including support for additional encryption algorithms, SSL/TLS implementation, and ASN.1 parsing.
This package is a wrapper around the libsodium library, which is a modern, easy-to-use software library for encryption, decryption, signatures, password hashing, and more. It is known for its focus on security and performance.
TweetNaCl is a port of NaCl, a high-security cryptographic library. It focuses on simplicity and small size, and it provides a straightforward API for encryption, decryption, and signing.
A port of node's crypto
module to the browser.
The goal of this module is to reimplement node's crypto module, in pure javascript so that it can run in the browser.
Here is the subset that is currently implemented:
these features from node's crypto
are still unimplemented.
If you are interested in writing a feature, please implement as a new module, which will be incorporated into crypto-browserify as a dependency.
All deps must be compatible with node's crypto (generate example inputs and outputs with node, and save base64 strings inside JSON, so that tests can run in the browser) see sha.js
Crypto is extra serious so please do not hesitate to review the code, and post comments if you do.
MIT
FAQs
implementation of crypto for the browser
The npm package crypto-browserify receives a total of 5,169,879 weekly downloads. As such, crypto-browserify popularity was classified as popular.
We found that crypto-browserify demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.