Latest Threat Research:SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains.Details
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

hono

Package Overview
Dependencies
Maintainers
1
Versions
412
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

hono - npm Package Compare versions

Comparing version
4.11.9
 to
4.11.10
+29
-2
dist/cjs/utils/buffer.js

@@ -45,3 +45,30 @@ "use strict";

};
const constantTimeEqualString = (a, b) => {
const aLen = a.length;
const bLen = b.length;
const maxLen = Math.max(aLen, bLen);
let out = aLen ^ bLen;
for (let i = 0; i < maxLen; i++) {
const aChar = i < aLen ? a.charCodeAt(i) : 0;
const bChar = i < bLen ? b.charCodeAt(i) : 0;
out |= aChar ^ bChar;
}
return out === 0;
};
const timingSafeEqualString = async (a, b, hashFunction) => {
if (!hashFunction) {
hashFunction = import_crypto.sha256;
}
const [sa, sb] = await Promise.all([hashFunction(a), hashFunction(b)]);
if (sa == null || sb == null || typeof sa !== "string" || typeof sb !== "string") {
return false;
}
const hashEqual = constantTimeEqualString(sa, sb);
const originalEqual = constantTimeEqualString(a, b);
return hashEqual && originalEqual;
};
const timingSafeEqual = async (a, b, hashFunction) => {
if (typeof a === "string" && typeof b === "string") {
return timingSafeEqualString(a, b, hashFunction);
}
if (!hashFunction) {

@@ -51,6 +78,6 @@ hashFunction = import_crypto.sha256;

const [sa, sb] = await Promise.all([hashFunction(a), hashFunction(b)]);
if (!sa || !sb) {
if (!sa || !sb || typeof sa !== "string" || typeof sb !== "string") {
return false;
}
return sa === sb && a === b;
return timingSafeEqualString(sa, sb);
};

@@ -57,0 +84,0 @@ const bufferToString = (buffer) => {

+1
-1
dist/types/middleware/jwt/jwt.d.ts

@@ -20,3 +20,3 @@ /**

* @param {object} options - The options for the JWT middleware.
* @param {SignatureKey} [options.secret] - A value of your secret key.
* @param {SignatureKey} options.secret - A value of your secret key.
* @param {string} [options.cookie] - If this value is set, then the value is retrieved from the cookie header using that value as a key, which is then validated as a token.

@@ -23,0 +23,0 @@ * @param {SignatureAlgorithm} options.alg - An algorithm type that is used for verifying (required). Available types are `HS256` | `HS384` | `HS512` | `RS256` | `RS384` | `RS512` | `PS256` | `PS384` | `PS512` | `ES256` | `ES384` | `ES512` | `EdDSA`.

+10
-1
dist/types/utils/buffer.d.ts

@@ -6,4 +6,13 @@ /**

export declare const equal: (a: ArrayBuffer, b: ArrayBuffer) => boolean;
export declare const timingSafeEqual: (a: string | object | boolean, b: string | object | boolean, hashFunction?: Function) => Promise<boolean>;
type StringHashFunction = (input: string) => string | null | Promise<string | null>;
type TimingSafeEqual = {
(a: string, b: string, hashFunction?: StringHashFunction): Promise<boolean>;
/**
* @deprecated object and boolean signatures that take boolean as first and second arguments, and functions with signatures that take non-string arguments have been deprecated
*/
(a: string | object | boolean, b: string | object | boolean, hashFunction?: Function): Promise<boolean>;
};
export declare const timingSafeEqual: TimingSafeEqual;
export declare const bufferToString: (buffer: ArrayBuffer) => string;
export declare const bufferToFormData: (arrayBuffer: ArrayBuffer, contentType: string) => Promise<FormData>;
export {};
+29
-2
dist/utils/buffer.js

@@ -20,3 +20,30 @@ // src/utils/buffer.ts

};
var constantTimeEqualString = (a, b) => {
const aLen = a.length;
const bLen = b.length;
const maxLen = Math.max(aLen, bLen);
let out = aLen ^ bLen;
for (let i = 0; i < maxLen; i++) {
const aChar = i < aLen ? a.charCodeAt(i) : 0;
const bChar = i < bLen ? b.charCodeAt(i) : 0;
out |= aChar ^ bChar;
}
return out === 0;
};
var timingSafeEqualString = async (a, b, hashFunction) => {
if (!hashFunction) {
hashFunction = sha256;
}
const [sa, sb] = await Promise.all([hashFunction(a), hashFunction(b)]);
if (sa == null || sb == null || typeof sa !== "string" || typeof sb !== "string") {
return false;
}
const hashEqual = constantTimeEqualString(sa, sb);
const originalEqual = constantTimeEqualString(a, b);
return hashEqual && originalEqual;
};
var timingSafeEqual = async (a, b, hashFunction) => {
if (typeof a === "string" && typeof b === "string") {
return timingSafeEqualString(a, b, hashFunction);
}
if (!hashFunction) {

@@ -26,6 +53,6 @@ hashFunction = sha256;

const [sa, sb] = await Promise.all([hashFunction(a), hashFunction(b)]);
if (!sa || !sb) {
if (!sa || !sb || typeof sa !== "string" || typeof sb !== "string") {
return false;
}
return sa === sb && a === b;
return timingSafeEqualString(sa, sb);
};

@@ -32,0 +59,0 @@ var bufferToString = (buffer) => {

+2
-2
package.json
{
"name": "hono",
"version": "4.11.9",
"version": "4.11.10",
"description": "Web framework built on Web Standards",

@@ -664,3 +664,3 @@ "main": "dist/cjs/index.js",

"@types/node": "^24.3.0",
"@typescript/native-preview": "7.0.0-dev.20251220.1",
"@typescript/native-preview": "7.0.0-dev.20260210.1",
"@vitest/coverage-v8": "^3.2.4",

@@ -667,0 +667,0 @@ "arg": "^5.0.2",