Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The md5 npm package is a JavaScript function for hashing messages with MD5. It is often used to create 128-bit hash values, typically expressed as a 32 character hexadecimal number. It's commonly used for checksums, message digests, and fingerprints.
Generate MD5 hash
This feature allows you to generate an MD5 hash from a given string. The code sample demonstrates how to hash the string 'message'.
"use strict"; const md5 = require('md5'); console.log(md5('message'));
Crypto-js is a package with a collection of cryptographic algorithms. It supports MD5 as well as other hash functions like SHA-1, SHA-256, and more. It offers more flexibility and options compared to the md5 package.
Blueimp-md5 is another MD5 hash generator. It provides an incremental MD5 implementation, which is useful for hashing large amounts of data or streaming. It is similar to md5 but with additional features for handling larger datasets.
Hash.js is a hash function library that supports MD5 along with various SHA family hash functions. It is a more comprehensive solution for those who need to work with multiple hash functions beyond just MD5.
a JavaScript function for hashing messages with MD5.
node-md5 is being sponsored by the following tool; please help to support us by taking a look and signing up to a free trial
You can use this package on the server side as well as the client side.
npm install md5
md5(message)
message
-- String
, Buffer
, Array
or Uint8Array
String
var md5 = require('md5');
console.log(md5('message'));
This will print the following
78e731027d8fd50ed642340b7c9a63b3
It supports buffers, too
var fs = require('fs');
var md5 = require('md5');
fs.readFile('example.txt', function(err, buf) {
console.log(md5(buf));
});
Before version 2.0.0 there were two packages called md5 on npm, one lowercase,
one uppercase (the one you're looking at). As of version 2.0.0, all new versions
of this module will go to lowercase md5 on
npm. To use the correct version, users of this module will have to change their
code from require('MD5')
to require('md5')
if they want to use versions >=
2.0.0.
If you encounter any bugs or issues, feel free to open an issue at github.
This package is based on the work of Jeff Mott, who did a pure JS implementation of the MD5 algorithm that was published by Ronald L. Rivest in 1991. I needed a npm package of the algorithm, so I used Jeff’s implementation for this package. The original implementation can be found in the CryptoJS project.
Copyright © 2011-2015, Paul Vorbach.
Copyright © 2009, Jeff Mott.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this
list of conditions and the following disclaimer in the documentation and/or
other materials provided with the distribution.
* Neither the name Crypto-JS nor the names of its contributors may be used to
endorse or promote products derived from this software without specific prior
written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
FAQs
js function for hashing messages with MD5
The npm package md5 receives a total of 6,703,372 weekly downloads. As such, md5 popularity was classified as popular.
We found that md5 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.