Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
iron-webcrypto
Advanced tools
a cryptographic utility for sealing-unsealing a JSON object using symmetric key encryption with message integrity verification
This module is a replacement for @hapi/iron
,
written using the
Web Crypto API
that makes it compatible with browser and edge environments.
Check out vvo/iron-session to see this module in use!
To use this module, run:
npm add iron-webcrypto
npm remove @hapi/iron
and update imports.
Then modify function calls to pass a Web Crypto implementation as the first param. For example:
Iron.seal(obj, password, Iron.defaults);
becomes:
Iron.seal(_crypto, obj, password, Iron.defaults);
where _crypto
is your Web Crypto implementation. Generally this will available
in your context (for example, globalThis.crypto
in browsers/edge runtimes,
globalThis.crypto.webcrypto
in newer Node.js versions). However, you may also
need to polyfill this (for older Node.js versions). We recommend using
@peculiar/webcrypto
for
that.
FAQs
a cryptographic utility for sealing-unsealing a JSON object using symmetric key encryption with message integrity verification
The npm package iron-webcrypto receives a total of 794,631 weekly downloads. As such, iron-webcrypto popularity was classified as popular.
We found that iron-webcrypto demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.