Research
/Security News
Shai Hulud Strikes Again (v2)
Another wave of Shai-Hulud campaign has hit npm with more than 500 packages and 700+ versions affected.
By Socket Research Team -  Nov 24, 2025
🚀 DAY 5 OF LAUNCH WEEK:Introducing Webhook Events for Alert Changes.Learn more →
Hashing made simple. Get the hash of a buffer/string/stream/file.
Convenience wrapper around the core crypto Hash class with simpler API and better defaults.
Install
npm install hasha
Usage
import {hash} from 'hasha';
await hash('unicorn');
//=> 'e233b19aabc7d5e53826fb734d1222f1f0444c3a3fc67ff4af370a66e7cadd2cb24009f1bc86f0bed12ca5fcb226145ad10fc5f650f6ef0959f8aadc5a594b27'
API
See the Node.js crypto docs for more about hashing.
hash(input, options?)
The operation is executed using worker_threads. A thread is lazily spawned on the first operation and lives until the end of the program execution. It's unrefed, so it won't keep the process alive.
Returns a hash asynchronously.
hashSync(input, options?)
Returns a hash.
input
Type: Uint8Array | string | Array<Uint8Array | string> | NodeJS.ReadableStream (NodeJS.ReadableStream is not available in hashSync)
The value to hash.
While strings are supported you should prefer buffers as they're faster to hash. Although if you already have a string you should not convert it to a buffer.
Pass an array instead of concatenating strings and/or buffers. The output is the same, but arrays do not incur the overhead of concatenation.
options
Type: object
encoding
Type: string
Default: 'hex'
Values: 'hex' | 'base64' | 'buffer' | 'latin1'
The encoding of the returned hash.
algorithm
Type: string
Default: 'sha512'
Values: 'md5' | 'sha1' | 'sha256' | 'sha512' (Platform dependent)
The md5 algorithm is good for file revving, but you should never use md5 or sha1 for anything sensitive. They're insecure.
signal
Type: AbortSignal
An AbortSignal to abort the hashing operation.
hashFile(filePath, options?)
The operation is executed using worker_threads. A thread is lazily spawned on the first operation and lives until the end of the program execution. It's unrefed, so it won't keep the process alive.
Returns a Promise for the calculated file hash.
import {hashFile} from 'hasha';
// Get the MD5 hash of an image
await hashFile('unicorn.png', {algorithm: 'md5'});
//=> '1abcb33beeb811dca15f0ac3e47b88d9'
hashFileSync(filePath, options?)
Returns the calculated file hash.
import {hashFileSync} from 'hasha';
// Get the MD5 hash of an image
hashFileSync('unicorn.png', {algorithm: 'md5'});
//=> '1abcb33beeb811dca15f0ac3e47b88d9'
hashingStream(options?)
Returns a hash transform stream.
import {hashingStream} from 'hasha';
// Hash the process input and output the hash sum
process.stdin.pipe(hashingStream()).pipe(process.stdout);
Tip
For hashing multiple files, limit concurrency to os.availableParallelism():
import {availableParallelism} from 'node:os';
import {hashFile} from 'hasha';
import pLimit from 'p-limit';
const limit = pLimit(availableParallelism());
await Promise.all(files.map(file => limit(() => hashFile(file))));
Related
- hasha-cli - CLI for this module
- crypto-hash - Tiny hashing module that uses the native crypto API in Node.js and the browser
- hash-object - Get the hash of an object
- md5-hex - Create a MD5 hash with hex encoding
Other packages similar to hasha
crypto
The 'crypto' module is a built-in Node.js module that provides cryptographic functionality. It includes a diverse set of cryptographic functions, including hash, HMAC, cipher, decipher, sign, and verify. Compared to hasha, 'crypto' is more comprehensive but also more complex to use for simple hashing tasks.
md5
The 'md5' npm package is a simple module to calculate MD5 hashes. It is more limited than hasha as it only supports the MD5 algorithm, whereas hasha supports multiple algorithms.
bcrypt
The 'bcrypt' npm package is designed for hashing passwords. It automatically handles salt generation and is resistant to rainbow table attacks. While hasha can be used for password hashing, 'bcrypt' is specifically optimized for this purpose and includes additional security features.
sha.js
The 'sha.js' npm package is a module for hashing with SHA algorithms. It supports SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512. While hasha also supports these algorithms, 'sha.js' is focused solely on the SHA family of hashes.
FAQs
Hashing made simple. Get the hash of a buffer/string/stream/file.
The npm package hasha receives a total of 8,415,698 weekly downloads. As such, hasha popularity was classified as popular.
We found that hasha demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 12 Sep 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Introducing Webhook Events for Alert Changes
Add real-time Socket webhook events to your workflows to automatically receive software supply chain alert changes in real time.
By Phil Gates-Idem -  Nov 21, 2025
Security News
ENISA Becomes a CVE Root, Expanding Its Role in Europe’s Vulnerability Ecosystem
ENISA has become a CVE Program Root, giving the EU a central authority for coordinating vulnerability reporting, disclosure, and cross-border response.
By Sarah Gooding -  Nov 21, 2025