Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
hash-for-dep
Advanced tools
Readme
Generate a hash representing the stats of this module files and all its descendents files.
var hashForDep = require('hash-for-dep');
hashForDep('rsvp'); // if RSVP is a dependency of the current project, you will get a checksum for it
hashForDep('rsvp', 'path/to/other/project'); // you will get a checksum for RSVP resolved relative to the provided root
HashForDep respects the node resolution algorithim.
For example given:
foo/package.json
foo/index.js
foo/node_modules/a/
foo/node_modules/a/package.json
foo/node_modules/a/index.js
foo/node_modules/a/node_modules/b
foo/node_modules/a/node_modules/b/package.json
foo/node_modules/a/node_modules/b/index.js
foo/node_modules/a/node_modules/f
foo/node_modules/a/node_modules/f/index.js
foo/node_modules/a/node_modules/f/package.json
foo/node_modules/c
foo/node_modules/c/index.js
foo/node_modules/c/package.json
foo/node_modules/d
foo/node_modules/d/index.js
foo/node_modules/d/package.js
where foo/package.json
depends on a
and c
but not d
and foo/node_modules/a/package.json
depends on b
not f
HashForDep will consider: a
c
b
as dependencies, and simply ignore d
and f
.
When HashForDep considers a dependency, it will stat each of its files and those of its dependencies.
NOTE: By default, these hashes are cached for the life of the process. As this
is the same strategy node uses for require(x)
we can safely follow suit.
That being said, some scenarios may exist where this is not wanted. So just
like require._cache
exists, we provide the following options:
require('hash-for-dep')._resetCache();
var hashForDep = require('hash-for-dep');
hashForDep(name, path, null, false /* this mysterious argument should be set to false */);
FAQs
generates a hash that represents a module and its depenencies uniqueness
The npm package hash-for-dep receives a total of 152,628 weekly downloads. As such, hash-for-dep popularity was classified as popular.
We found that hash-for-dep demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.