Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
node-object-hash
Advanced tools
Node.js object hash library with properties/arrays sorting to provide constant hashes
The node-object-hash package is a utility for creating consistent hash values from JavaScript objects. It is useful for tasks such as caching, object comparison, and ensuring data integrity.
Hashing Objects
This feature allows you to create a hash from a JavaScript object. The hash can be used to uniquely identify the object.
const objectHash = require('node-object-hash');
const hasher = objectHash();
const obj = { name: 'John', age: 30 };
const hash = hasher.hash(obj);
console.log(hash);
Custom Hashing Options
This feature allows you to customize the hashing process by specifying options such as coercion and the hashing algorithm.
const objectHash = require('node-object-hash');
const hasher = objectHash({ coerce: true, alg: 'sha256' });
const obj = { name: 'John', age: 30 };
const hash = hasher.hash(obj);
console.log(hash);
Hashing Arrays
This feature allows you to create a hash from an array, ensuring that the array's contents are uniquely identified.
const objectHash = require('node-object-hash');
const hasher = objectHash();
const arr = [1, 2, 3, 4];
const hash = hasher.hash(arr);
console.log(hash);
The object-hash package is another utility for creating hash values from JavaScript objects. It offers similar functionality to node-object-hash but with a different API and additional features such as support for circular references.
The hash-it package provides a simple and fast way to hash JavaScript objects. It is designed to be lightweight and easy to use, making it a good alternative to node-object-hash for basic hashing needs.
The built-in crypto module in Node.js can also be used to create hash values from objects. While it requires more manual setup compared to node-object-hash, it offers greater flexibility and is part of the standard library.
Tiny and fast node.js object hash library with properties/arrays sorting to provide constant hashes. It also provides a method that returns sorted object strings that can be used for object comparison without hashes. One of the fastest among other analogues (see benchmarks).
Hashes are built on top of node's crypto module. If you want to use it in browser it's recommented to use objectSorter
only. It will provide you with unique string representation of your object. Afterwards you may use some hash library to reduce string size. Also you may use something like browserify-crypto or some kind of crypto functions polyfills.
Disclaimer: No new features or changes that may break hashes from previous versions. There's no need to update unless you're starting project from scratch.
coerce=false
Set
s will no longer generate the same hashes as Array
s. In order to restore previous behavior set coerce.set=true
.coerce=false
Symbol
s will generate hash based on symbol .toString
value. That's useful for Symbol.for('smth')
. If coerce.symbol=true
all Symbols
s will have equal hashes.
TLDR; If you use library with Set
s or Symbol
s with coerce=false
in order to keep hashes the same as in v1.X.X
you should use following constructor:const hasher = require('node-object-hash')({coerce: {set: true, symbol: true}})
dist
directory. If you required it directly via require('node-object-hash/objectSorter')
you should change it to require('node-object-hash/dist/objectSorter').v0
version from code.trim
option. It can be used to remove unncecessary spaces in string
s or function
bodies.npm i node-object-hash -S
This map displays what types will have identical string representation (e.g. new Set([1, 2, 3]) and [1, 2, 3] will have equal string representations and hashes.
Initial type | Mapped type |
---|---|
Array ([]) | array |
ArrayObject (new Array()) | |
Int8Array | |
Uint8Array | |
Uint8ClampedArray | |
Int16Array | |
Uint16Array | |
Int32Array | |
Uint32Array | |
Float32Array | |
Float64Array | |
Buffer | |
Set | |
Map | array[array] |
string ('') | string |
String (new String()) | |
boolean (true) | boolean |
Boolean (new Boolean()) | |
number (true) | number |
Number (new Number()) | |
Date | date |
Symbol | symbol |
undefined | undefined |
null | null |
function | function |
Object ({}) | object |
Object (new Object()) | |
other | unknown |
Initial "type" | Coerced type | Example |
---|---|---|
boolean | string | true -> 1 |
number | string | '1' -> 1 |
string | string | 'a' -> a |
null | string (empty) | null -> |
undefined | string (empty) | undefined -> |
See changelog For v2 changes see changelog-v2
Full API docs could be found in docs.
require('node-object-hash').hasher([options]);
Returns preconfigured object with API
Parameters:
options
:object
- object with hasher config optionsoptions.coerce
:boolean|object
- if true performs type coercion (default: true
);
e.g. hash(true) == hash('1') == hash(1)
, hash(false) == hash('0') == hash(0)
options.sort
:boolean|object
- if true performs sorting on objects, arrays, etc. (default: true
); in order to
perform sorting on TypedArray
(Buffer
, Int8Array
, etc.), specify it explicitly: typedArray: true
options.trim
:boolean|object
- if true performs trim of spaces and replaces space-like characters with single space (default: false
);options.alg
:string
- sets default hash algorithm (default: 'sha256'
); can be overridden in hash
method;options.enc
:string
- sets default hash encoding (default: 'hex'
); can be overridden in hash
method;hash(object[, options])
Returns hash string.
object
:*
object for calculating hash;options
:object
object with options;options.alg
:string
- hash algorithm (default: 'sha256'
);options.enc
:string
- hash encoding (default: 'hex'
);sort(object)
Returns sorted string generated from object (can be used for object comparison)
object
:*
- object for sorting;In order to serialize and hash your custom objects you may provide .toHashableString()
method for your object. It should return string
that will be hashed. You may use objectSorter
and pass notable fields to it in your .toHashableString
method.
For typescript users you may add to your classes implements Hashable
.
>=nodejs-0.10.0
>=nodejs-6.0.0
>=nodejs-4.0.0
(requires to run node with --harmony
flag)var { hasher } = require('node-object-hash');
var hashSortCoerce = hasher({ sort: true, coerce: true });
// or
// var hashSortCoerce = hasher();
// or
// var hashSort = hasher({sort:true, coerce:false});
// or
// var hashCoerce = hasher({sort:false, coerce:true});
var objects = {
a: {
a: [{ c: 2, a: 1, b: { a: 3, c: 2, b: 0 } }],
b: [1, 'a', {}, null],
},
b: {
b: ['a', 1, {}, undefined],
a: [{ c: '2', b: { b: false, c: 2, a: '3' }, a: true }],
},
c: ['4', true, 0, 2, 3],
};
hashSortCoerce.hash(objects.a) === hashSortCoerce.hash(objects.b);
// returns true
hashSortCoerce.sort(object.c);
// returns '[0,1,2,3,4]'
For more examples you can see tests or try it out online at runkit
Bench data - array of 100000 complex objects
npm run bench
to run custom benchmarknpm run benchmark
to run benchmark suitenpm run benchmark:hash
to run hash benchmark suiteHashing algorithm | Result hash bytes length | Performance (ops/sec) |
---|---|---|
sha256 (default) | 64 | 1,599 +- 5.77% |
sha1 | 40 | 1,983 +- 1.50% |
sha224 | 56 | 1,701 +- 2.81% |
sha384 | 96 | 1,800 +- 0.81% |
sha512 | 128 | 1,847 +- 1.75% |
md4 | 32 | 1,971 +- 0.98% |
md5 | 32 | 1,691 +- 3.18% |
whirlpool | 128 | 1,487 +- 2.33% |
Library | Time (ms) | Memory (Mb) |
---|---|---|
node-object-hash-0.2.1 | 5813.575 | 34 |
node-object-hash-1.0.X | 2805.581 | 27 |
node-object-hash-1.1.X (node v7) | 2555.583 | 27 |
node-object-hash-1.2.X (node v7) | 2390.752 | 28 |
node-object-hash-2.X.X (node v12) | 1990.622 | 24 |
object-hash-1.1.5 (node v7) | 28115.553 | 39 |
object-hash-1.1.4 | 534528.254 | 41 |
object-hash-1.1.3 | ERROR | Out of heap memory |
hash-object-0.1.7 | 9219.826 | 42 |
Library (node v12) | Perf (ops/s) |
---|---|
node-object-hash-2.0.0 | 2087 ±0.59% |
object-hash-1.3.1 | 239 ±0.39% |
hash-object-0.1.7 | 711 ±0.18% |
MIT
FAQs
Node.js object hash library with properties/arrays sorting to provide constant hashes
We found that node-object-hash demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.