Security News
How Threat Actors are Abusing GitHub’s File Upload Feature to Host Malware
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
hash-stream-validation
Advanced tools
Readme
Hash a stream of data, then validate
$ npm install --save hash-stream-validation
var hashStreamValidation = require('hash-stream-validation');
var validateStream = hashStreamValidation();
fs.createReadStream(filePath)
.pipe(validateStream)
.on('data', function() { /*... */ })
.on('end', function() {
validateStream.test('md5', /*checksum*/);
});
If the speeds are too slow for your use, this module will try
to require fast-crc32c
. We chose not to make it an optionalDependency
because npm's scary warning output confuses users into thinking their hard drive was just erased.
$ npm install --save fast-crc32c
After a successful upload to a Google Cloud Storage bucket, the API will respond with the hash of data it has received. During our upload, we can run the data through this module, then confirm after the upload if we both arrived at the same results. If not, we know something went wrong during the transmission.
Boolean
true
Enable crc32c hashing via sse4_crc32.*
Boolean
true
Enable MD5 hashing.
String
The alogrithm to test the sum against ('crc32c' or 'md5').
String
The base64-encoded sum to validate.
FAQs
Hash a stream of data, then validate
The npm package hash-stream-validation receives a total of 550,734 weekly downloads. As such, hash-stream-validation popularity was classified as popular.
We found that hash-stream-validation demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.