oidc-token-hash - npm Package Compare versions

Comparing version 4.0.0 to 5.0.0

lib/index.js

@@ -5,2 +5,4 @@ const { strict: assert } = require('assert');
 
+const shake256 = require('./shake256');
+
 const fromBase64 = (base64) => base64.replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
@@ -18,3 +20,3 @@ const encode = (input) => fromBase64(input.toString('base64'));
 /**
- * @name getHashAlgorithm
+ * @name getHash
  * @api private
@@ -28,3 +30,3 @@ *
  */
-function getHashAlgorithm(alg, crv) {
+function getHash(alg, crv) {
   switch (alg) {
@@ -36,3 +38,3 @@ case 'HS256':
     case 'ES256K':
-      return 'sha256';
+      return createHash('sha256');
 
@@ -43,3 +45,3 @@ case 'HS384':
     case 'ES384':
-      return 'sha384';
+      return createHash('sha384');
 
@@ -50,3 +52,3 @@ case 'HS512':
     case 'ES512':
-      return 'sha512';
+      return createHash('sha512');
 
@@ -56,5 +58,9 @@ case 'EdDSA':
         case 'Ed25519':
-          return 'sha512';
+          return createHash('sha512');
         case 'Ed448':
-          return 'shake256';
+          if (!shake256) {
+            throw new TypeError('Ed448 *_hash calculation is not supported in your Node.js runtime version');
+          }
+
+          return createHash('shake256', { outputLength: 114 });
         default:
@@ -70,3 +76,3 @@ throw new TypeError('unrecognized or invalid EdDSA curve provided');
 function generate(token, alg, crv) {
-  const digest = createHash(getHashAlgorithm(alg, crv)).update(token).digest();
+  const digest = getHash(alg, crv).update(token).digest();
   return encode(digest.slice(0, digest.length / 2));
@@ -73,0 +79,0 @@ }

package.json

 {
   "name": "oidc-token-hash",
-  "version": "4.0.0",
+  "version": "5.0.0",
   "homepage": "https://github.com/panva/oidc-token-hash",
@@ -11,2 +11,5 @@ "bugs": {
   "author": "Filip Skokan",
+  "files": [
+    "lib"
+  ],
   "main": "lib/index.js",
@@ -13,0 +16,0 @@ "scripts": {

README.md

@@ -43,6 +43,7 @@ # oidc-token-hash
 oidcTokenHash.generate(access_token, 'EdDSA', 'Ed25519'); // => 'EGEAhGYyfuwDaVTifvrWSoD5MSy_5hZPy6I7Vm-7pTQ'
-oidcTokenHash.generate(access_token, 'EdDSA', 'Ed448'); // => 'jxsy68_eG9-91VnHsZ2VnA'
+oidcTokenHash.generate(access_token, 'EdDSA', 'Ed448'); // => 'jxsy68_eG9-91VnHsZ2VnCr_WqDMv4nspiSuUPRdNZnv1y5lNV3rPVYYWNiY_TbUB1JRwlgiDTzZ'
 ```
 
 ## Changelog
+- 5.0.0 - fixed `Ed448` and `shake256` to use 114 bytes output
 - 4.0.0 - using `sha512` for `Ed25519` and `shake256` for `Ed448`, refactored API, removed handling of `none` JWS alg
@@ -49,0 +50,0 @@ - 3.0.2 - removed `base64url` dependency

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Improved metrics

Number of lines in readme file

55

increased by1.85%

Worsened metrics

Total package byte prevSize

8338

decreased by-61.91%

Number of package files

5

decreased by-44.44%

Lines of code

89

decreased by-66.16%

No dependency changes