Security News
NIST Misses 2024 Deadline to Clear NVD Backlog
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
hash-for-dep
Advanced tools
generates a hash that represents a module and its depenencies uniqueness
The hash-for-dep npm package is used to generate a hash for a given dependency in a Node.js project. This can be useful for caching, ensuring consistency, and detecting changes in dependencies.
Generate Hash for a Dependency
This feature allows you to generate a hash for a specific dependency, such as 'express'. The hash can be used to detect changes or for caching purposes.
const hashForDep = require('hash-for-dep');
const hash = hashForDep('express');
console.log(hash);
Generate Hash for a Dependency with a Specific Version
This feature allows you to generate a hash for a specific version of a dependency. This can be useful for ensuring consistency across different environments.
const hashForDep = require('hash-for-dep');
const hash = hashForDep('express', '4.17.1');
console.log(hash);
Generate Hash for a Dependency with Options
This feature allows you to generate a hash for a dependency with additional options, such as specifying the base directory of the project. This can be useful for more complex project structures.
const hashForDep = require('hash-for-dep');
const options = { basedir: '/path/to/project' };
const hash = hashForDep('express', options);
console.log(hash);
The hash-sum package generates a short, unique hash for any given input. It is simpler and more general-purpose compared to hash-for-dep, which is specifically designed for hashing dependencies.
The built-in Node.js crypto module can be used to generate hashes for various purposes. While it is more versatile and powerful, it requires more setup and is not specifically tailored for dependency hashing like hash-for-dep.
The object-hash package generates a hash for JavaScript objects. It is useful for hashing complex objects but does not specifically target dependencies like hash-for-dep.
Generate a hash representing the stats of this module files and all its descendents files.
var hashForDep = require('hash-for-dep');
hashForDep('rsvp'); // if RSVP is a dependency of the current project, you will get a checksum for it
hashForDep('rsvp', 'path/to/other/project'); // you will get a checksum for RSVP resolved relative to the provided root
HashForDep respects the node resolution algorithim.
For example given:
foo/package.json
foo/index.js
foo/node_modules/a/
foo/node_modules/a/package.json
foo/node_modules/a/index.js
foo/node_modules/a/node_modules/b
foo/node_modules/a/node_modules/b/package.json
foo/node_modules/a/node_modules/b/index.js
foo/node_modules/a/node_modules/f
foo/node_modules/a/node_modules/f/index.js
foo/node_modules/a/node_modules/f/package.json
foo/node_modules/c
foo/node_modules/c/index.js
foo/node_modules/c/package.json
foo/node_modules/d
foo/node_modules/d/index.js
foo/node_modules/d/package.js
where foo/package.json
depends on a
and c
but not d
and foo/node_modules/a/package.json
depends on b
not f
HashForDep will consider: a
c
b
as dependencies, and simply ignore d
and f
.
When HashForDep considers a dependency, it will stat each of its files and those of its dependencies.
NOTE: By default, these hashes are cached for the life of the process. As this
is the same strategy node uses for require(x)
we can safely follow suit.
That being said, some scenarios may exist where this is not wanted. So just
like require._cache
exists, we provide the following options:
require('hash-for-dep')._resetCache();
var hashForDep = require('hash-for-dep');
hashForDep(name, path, null, false /* this mysterious argument should be set to false */);
FAQs
generates a hash that represents a module and its depenencies uniqueness
The npm package hash-for-dep receives a total of 102,278 weekly downloads. As such, hash-for-dep popularity was classified as popular.
We found that hash-for-dep demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.