Security News
MCP Community Begins Work on Official MCP Metaregistry
The MCP community is launching an official registry to standardize AI tool discovery and let agents dynamically find and install MCP servers.
By Sarah Gooding - May 09, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
js-crypto-hmac
Advanced tools
js-crypto-hmac
Universal Module for HMAC (Hash-based Message Authentication Code) in JavaScript
Universal Module for HMAC (Hash-based Message Authentication Code) in JavaScript
WARNING: At this time this solution should be considered suitable for research and experimentation, further code and security review is needed before utilization in a production application.
Introduction and Overview
This library is designed to 'universally' provide HMAC (Hash-based Message Authentication Code) functions, i.e., it works both on most modern browsers and on Node.js just by importing from NPM/source code. Note that in the design principle, the library fully utilizes native APIs like WebCrypto API to accelerate its operation if available.
Installation
At your project directory, do either one of the following.
- From npm/yarn:
$ npm install --save js-crypto-hmac // npm $ yarn add js-crypto-hmac // yarn - From GitHub:
$ git clone https://github.com/junkurihara/jscu.git $ cd js-crypto-utils/packages/js-crypto-hmac & yarn build
Then you should import the package as follows.
import hmac from 'js-crypto-hmac'; // for npm
import hmac from 'path/to/js-crypto-hmac/dist/index.js'; // for github
The bundled file is also given as js-crypto-hmac/dist/jschmac.bundle.js for a use case where the module is imported as a window.jschmac object via script tags.
Usage
Compute Keyed-Hash (Message Authentication Code) of a Message
const msg = ...; // Uint8Array of arbitrary length
const key = ...; // Uint8Array of 32 bytes (since SHA-256 is used)
const hash = 'SHA-256';
hmac.compute(key, msg, hash).then( (hmac) => {
// now you get a keyed-hash of msg in Uint8Array
});
Verify Keyed-Hash
const msg = ...; // Uint8Array of arbitrary length
const key = ...; // Uint8Array of 32 bytes (since SHA-256 is used)
const mac = ...; // computed keyed hash in Uint8Array
const hash = 'SHA-256';
hmac.verify(key, msg, mac, hash).then( (result) => {
// now you get true or false as the result of verification
});
License
Licensed under the MIT license, see LICENSE file.
FAQs
Universal Module for HMAC (Hash-based Message Authentication Code) in JavaScript
The npm package js-crypto-hmac receives a total of 22,373 weekly downloads. As such, js-crypto-hmac popularity was classified as popular.
We found that js-crypto-hmac demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 27 Sep 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Malicious npm Packages Use Telegram to Exfiltrate BullX Credentials
Socket uncovers an npm Trojan stealing crypto wallets and BullX credentials via obfuscated code and Telegram exfiltration.
By Kush Pandya - May 08, 2025
Research
Security News
Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS
Malicious npm packages posing as developer tools target macOS Cursor IDE users, stealing credentials and modifying files to gain persistent backdoor access.
By Kirill Boychenko - May 07, 2025