Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
hash-stream-validation
Advanced tools
The hash-stream-validation npm package is used to validate the integrity of data streams by computing and comparing hash values. It is particularly useful for ensuring data integrity during transmission or storage.
Hash Validation
This feature allows you to validate the hash of a data stream against an expected hash value. In this example, a file stream is created and its hash is validated using the SHA-256 algorithm.
const hashStreamValidation = require('hash-stream-validation');
const fs = require('fs');
const fileStream = fs.createReadStream('path/to/file');
const expectedHash = 'expectedHashValue';
hashStreamValidation.validateStream(fileStream, expectedHash, 'sha256')
.then(() => console.log('Hash is valid'))
.catch(err => console.error('Hash validation failed', err));
Generate Hash
This feature allows you to generate a hash for a given data stream. In this example, a file stream is created and its hash is generated using the SHA-256 algorithm.
const hashStreamValidation = require('hash-stream-validation');
const fs = require('fs');
const fileStream = fs.createReadStream('path/to/file');
hashStreamValidation.generateHash(fileStream, 'sha256')
.then(hash => console.log('Generated hash:', hash))
.catch(err => console.error('Hash generation failed', err));
The built-in Node.js 'crypto' module provides cryptographic functionality that includes a set of wrappers for OpenSSL's hash, HMAC, cipher, decipher, sign, and verify functions. It is more versatile but also more complex to use compared to hash-stream-validation.
The stream-hash package is used to calculate the hash of a stream. It is similar to hash-stream-validation but focuses solely on hash generation rather than validation.
The hasha package is a versatile hashing library that supports multiple hash algorithms and can hash strings, buffers, and streams. It offers more flexibility but does not provide built-in validation like hash-stream-validation.
Hash a stream of data, then validate
$ npm install --save hash-stream-validation
var hashStreamValidation = require('hash-stream-validation');
var validateStream = hashStreamValidation();
fs.createReadStream(filePath)
.pipe(validateStream)
.on('data', function() { /*... */ })
.on('end', function() {
validateStream.test('md5', /*checksum*/);
});
If the speeds are too slow for your use, this module will try
to require fast-crc32c
. We chose not to make it an optionalDependency
because npm's scary warning output confuses users into thinking their hard drive was just erased.
$ npm install --save fast-crc32c
After a successful upload to a Google Cloud Storage bucket, the API will respond with the hash of data it has received. During our upload, we can run the data through this module, then confirm after the upload if we both arrived at the same results. If not, we know something went wrong during the transmission.
Boolean
true
Enable crc32c hashing via sse4_crc32.*
Boolean
true
Enable MD5 hashing.
String
The alogrithm to test the sum against ('crc32c' or 'md5').
String
The base64-encoded sum to validate.
FAQs
Hash a stream of data, then validate
We found that hash-stream-validation demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.