hw-fingerprint
Advanced tools
Hardware-based fingerprint for Node and Electron
This library provides a getFingerprint() function that produces a 512-bit signature based on the host machine's hardware information, suitable for use in Electron or Node client apps that require authentication against a server. This signature is immutable as long as the underlying system is not changed, even across resets.
It uses information provided by Node's OS module and systeminformation library and has no other dependencies.
The information used for fingerprinting is:
The library exports a constant FINGERPRINTING_INFO. This is an object that contains the raw information available for fingerprinting.
getFingerprint() returns a Node Buffer containing the 512-bit fingerprint. The returned buffer is internally cached, so the actual implementation gets called just once.
import { getFingerprint } from 'hw-fingerprint'
const fingerprint = getFingerprint() /* Buffer */
To get the raw fingerprinting parameters, import { FINGERPRINTING_INFO } from 'hw-fingerprint'.
It is possible to filter on which parameters are actually used for fingerprint calculation:
const fingerprint = getFingerprint({
only: [ /* ... */ ], // If specified, **only** these parameters will be taken in account
except: [ /* ... */ ] // If specified, these parameters will **not** be taken in account
})
The available parameters' names are the same as Object.keys(FINGERPRINTING_INFO):
[ 'EOL', 'endianness', 'manufacturer', 'model', 'serial', 'uuid', 'vendor', 'biosVersion', 'releaseDate', 'boardManufacturer', 'boardModel', 'boardSerial', 'cpuManufacturer', 'brand', 'speedMax', 'cores', 'physicalCores', 'socket', 'memTotal', 'platform', 'arch', 'hdds' ]
Each combination of parameters will generate a different fingerprint. As long as the same set of parameters is always used, the fingerprint will always be the same. Nonetheless, fingerprints are always cached internally.
Back at v2.x, getFingerprint() was asynchronous, because the fingerprinting information depended on asynchronous functions.
v3.x addresses this by raising the Node.js to a version that supports top-level await. This makes the FINGERPRINTING_INFO readily available in top-level and allows for synchronous fingerprinting.
Despite this, the getFingerprint() function signature is backwards compatible and the getFingerprintingInfo() function is still available.
The major breaking change in this release is dropping CJS in favour of ESM. Top-level await is only available in ES modules and I feel like it is necessary to push this boundary further already.
Also, fingerprinting parameter endianess (v2.x) was corrected to spell endianness.
v3.0.1
FAQs
Hardware-based fingerprint for Node and Electron
The npm package hw-fingerprint receives a total of 38 weekly downloads. As such, hw-fingerprint popularity was classified as not popular.
We found that hw-fingerprint demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.