Comparing version 2.1.8 to 3.0.0
@@ -1,1 +0,1 @@ | ||
!function(e){if("object"==typeof exports&&"undefined"!=typeof module)module.exports=e();else if("function"==typeof define&&define.amd)define([],e);else{("undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:this).cuid=e()}}(function(){return function o(f,u,s){function a(n,e){if(!u[n]){if(!f[n]){var t="function"==typeof require&&require;if(!e&&t)return t(n,!0);if(l)return l(n,!0);var r=new Error("Cannot find module '"+n+"'");throw r.code="MODULE_NOT_FOUND",r}var i=u[n]={exports:{}};f[n][0].call(i.exports,function(e){return a(f[n][1][e]||e)},i,i.exports,o,f,u,s)}return u[n].exports}for(var l="function"==typeof require&&require,e=0;e<s.length;e++)a(s[e]);return a}({1:[function(e,n,t){var i=e("./lib/fingerprint.js"),r=e("./lib/pad.js"),o=e("./lib/getRandomValue.js"),f=0,u=4,s=36,a=Math.pow(s,u);function l(){return r((o()*a<<0).toString(s),u)}function d(){return f=f<a?f:0,++f-1}function p(){return"c"+(new Date).getTime().toString(s)+r(d().toString(s),u)+i()+(l()+l())}p.slug=function(){var e=(new Date).getTime().toString(36),n=d().toString(36).slice(-4),t=i().slice(0,1)+i().slice(-1),r=l().slice(-2);return e.slice(-2)+n+t+r},p.isCuid=function(e){return"string"==typeof e&&!!e.startsWith("c")},p.isSlug=function(e){if("string"!=typeof e)return!1;var n=e.length;return 7<=n&&n<=10},p.fingerprint=i,n.exports=p},{"./lib/fingerprint.js":2,"./lib/getRandomValue.js":3,"./lib/pad.js":4}],2:[function(e,n,t){var r=e("./pad.js"),i="object"==typeof window?window:self,o=Object.keys(i).length,f=r(((navigator.mimeTypes?navigator.mimeTypes.length:0)+navigator.userAgent.length).toString(36)+o.toString(36),4);n.exports=function(){return f}},{"./pad.js":4}],3:[function(e,n,t){var r,i="undefined"!=typeof window&&(window.crypto||window.msCrypto)||"undefined"!=typeof self&&self.crypto;if(i){var o=Math.pow(2,32)-1;r=function(){return Math.abs(i.getRandomValues(new Uint32Array(1))[0]/o)}}else r=Math.random;n.exports=r},{}],4:[function(e,n,t){n.exports=function(e,n){var t="000000000"+e;return t.substr(t.length-n)}},{}]},{},[1])(1)}); | ||
!function(n){"object"==typeof exports&&"undefined"!=typeof module?module.exports=n():"function"==typeof define&&define.amd?define([],n):("undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:this).cuid=n()}(function(){return function i(r,o,u){function f(e,n){if(!o[e]){if(!r[e]){var t="function"==typeof require&&require;if(!n&&t)return t(e,!0);if(s)return s(e,!0);throw(n=new Error("Cannot find module '"+e+"'")).code="MODULE_NOT_FOUND",n}t=o[e]={exports:{}},r[e][0].call(t.exports,function(n){return f(r[e][1][n]||n)},t,t.exports,i,r,o,u)}return o[e].exports}for(var s="function"==typeof require&&require,n=0;n<u.length;n++)f(u[n]);return f}({1:[function(n,e,t){var r=n("./lib/fingerprint.js"),i=n("./lib/pad.js"),o=n("./lib/getRandomValue.js"),u=0,f=4,s=36,d=Math.pow(s,f);function a(){return i((o()*d<<0).toString(s),f)}function p(){return u=u<d?u:0,++u-1}function c(){return"c"+(new Date).getTime().toString(s)+i(p().toString(s),f)+r()+(a()+a())}c.slug=function(){var n=(new Date).getTime().toString(36),e=p().toString(36).slice(-4),t=r().slice(0,1)+r().slice(-1),i=a().slice(-2);return n.slice(-2)+e+t+i},c.isCuid=function(n){return"string"==typeof n&&!!n.startsWith("c")},c.isSlug=function(n){return"string"==typeof n&&7<=(n=n.length)&&n<=10},c.fingerprint=r,e.exports=c},{"./lib/fingerprint.js":2,"./lib/getRandomValue.js":3,"./lib/pad.js":4}],2:[function(n,e,t){var n=n("./pad.js"),i="object"==typeof window?window:self,i=Object.keys(i).length,r=n(((navigator.mimeTypes?navigator.mimeTypes.length:0)+navigator.userAgent.length).toString(36)+i.toString(36),4);e.exports=function(){return r}},{"./pad.js":4}],3:[function(n,e,t){var i,r,o="undefined"!=typeof window&&(window.crypto||window.msCrypto)||"undefined"!=typeof self&&self.crypto;r=o?(i=Math.pow(2,32)-1,function(){return Math.abs(o.getRandomValues(new Uint32Array(1))[0]/i)}):Math.random,e.exports=r},{}],4:[function(n,e,t){e.exports=function(n,e){n="000000000"+n;return n.substr(n.length-e)}},{}]},{},[1])(1)}); |
{ | ||
"name": "cuid", | ||
"description": "Collision-resistant ids optimized for horizontal scaling and performance. For node and browsers.", | ||
"version": "2.1.8", | ||
"version": "3.0.0", | ||
"author": { | ||
@@ -13,3 +13,2 @@ "name": "Eric Elliott", | ||
}, | ||
"dependencies": {}, | ||
"devDependencies": { | ||
@@ -19,13 +18,13 @@ "babel-polyfill": "6.26.0", | ||
"babel-register": "6.26.0", | ||
"browserify": "16.5.0", | ||
"eslint": "5.16.0", | ||
"browserify": "17.0.0", | ||
"eslint": "8.32.0", | ||
"eslint-plugin-testcafe": "0.2.1", | ||
"http-server": "^0.12.0", | ||
"mkdirp": "0.5.1", | ||
"riteway": "6.1.1", | ||
"tape": "4.11.0", | ||
"testcafe": "1.1.4", | ||
"uglify-js": "3.7.2", | ||
"updtr": "3.1.0", | ||
"watchify": "3.11.1" | ||
"http-server": "14.1.1", | ||
"mkdirp": "2.1.3", | ||
"riteway": "7.0.0", | ||
"tape": "5.6.3", | ||
"testcafe": "2.2.0", | ||
"uglify-js": "3.17.4", | ||
"updtr": "4.0.0", | ||
"watchify": "4.0.0" | ||
}, | ||
@@ -32,0 +31,0 @@ "files": [ |
@@ -6,4 +6,14 @@ # cuid | ||
Currently available for Node, browsers, Ruby, .Net, Go, PHP and Elixir (see ports below -- more ports are welcome). | ||
## Status: Deprecated due to security. Use [Cuid2](https://github.com/paralleldrive/cuid2), instead. | ||
> Note: All monotonically increasing (auto-increment, k-sortable), and timestamp-based ids share the security issues with Cuid. V4 UUIDs and GUIDs are also insecure because it's possible to predict future values of many random algorithms, and many of them are biased, leading to increased probability of collision. Likewise, UUID V6-V8 are also insecure because they leak information which could be used to exploit systems or violate user privacy. Here are some example exploits: | ||
> | ||
> * [Unauthorized password reset via guessable ID](https://infosecwriteups.com/bugbounty-how-i-was-able-to-compromise-any-user-account-via-reset-password-functionality-a11bb5f863b3) | ||
> * [Unauthorized access to private GitLab issues via guessable ids](https://infosecwriteups.com/how-this-easy-vulnerability-resulted-in-a-20-000-bug-bounty-from-gitlab-d9dc9312c10a) | ||
> * [Unauthorized password reset via guid](https://www.intruder.io/research/in-guid-we-trust) | ||
## Original Documentation Follows | ||
Currently available for Node, browsers, Java, Ruby, .Net, Go, and many other languages (see ports below — more ports are welcome). | ||
`cuid()` returns a short random string with some collision-busting measures. Safe to use as HTML element ID's, and unique server-side record lookups. | ||
@@ -144,3 +154,4 @@ | ||
* [cuid for Ruby](https://github.com/iyshannon/cuid) - [Ian Shannon](https://github.com/iyshannon) | ||
* [cuid for .Net](https://github.com/moonpyk/ncuid ) - [Clément Bourgeois](https://github.com/moonpyk) | ||
* [cuid for .NET Framework](https://github.com/moonpyk/ncuid ) - [Clément Bourgeois](https://github.com/moonpyk) | ||
* [cuid for .NET](https://github.com/xaevik/cuid.net) - [Alan Brault](https://github.com/xaevik) | ||
* [cuid for Go](http://github.com/lucsky/cuid) - [Luc Heinrich](https://github.com/lucsky) | ||
@@ -152,3 +163,3 @@ * [cuid for PHP](https://github.com/endyjasmi/cuid) - [Endy Jasmi](https://github.com/endyjasmi) | ||
* [cuid for Clojure](https://github.com/hden/cuid) - [Hao-kang Den](https://github.com/hden) | ||
* [cuid for Java](https://github.com/graphcool/cuid-java) - [Nilan Marktanner](https://github.com/marktani) | ||
* [cuid for Java](https://github.com/thibaultmeyer/cuid-java) - [Thibault Meyer](https://github.com/thibaultmeyer) | ||
* [cuid for Lua](https://github.com/marcoonroad/cuid) - [Marco Aurélio](https://github.com/marcoonroad) | ||
@@ -162,5 +173,6 @@ * [cuid for Perl](https://github.com/zakame/Data-Cuid) - [Zak B. Elep](https://github.com/zakame) | ||
* [cuid for Racket](https://github.com/theodesp/cuid) - [Theo Despoudis](https://github.com/theodesp) | ||
* [cuid for Deno](https://github.com/grantcarthew/deno-cuid) - [Grant Carthew](https://github.com/grantcarthew) | ||
* [cuid for Crystal](https://github.com/rodrigopinto/cuid) - [Rodrigo Pinto](https://github.com/rodrigopinto) | ||
* [cuid for C](https://github.com/HugoDaniel/cuid-c) - [Hugo Daniel](https://github.com/HugoDaniel) | ||
# Short URLs | ||
@@ -207,4 +219,2 @@ | ||
Created by Eric Elliott, Author, ["Programming JavaScript Applications (O'Reilly)"](https://ericelliottjs.com/product/programming-javascript-applications-ebook/) | ||
Thanks to [Tout](http://tout.com/) for support and production testing. | ||
Created by [Eric Elliott](https://ericelliottjs.com). |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
28431
216