pg - npm Package Compare versions

Comparing version 8.11.1 to 8.11.2

lib/crypto/utils.js

@@ -7,87 +7,4 @@ 'use strict'
   module.exports = require('./utils-legacy')
-  return
+} else {
+  module.exports = require('./utils-webcrypto');
 }
-
-const nodeCrypto = require('crypto')
-
-module.exports = {
-  postgresMd5PasswordHash,
-  randomBytes,
-  deriveKey,
-  sha256,
-  hmacSha256,
-  md5,
-}
-
-/**
- * The Web Crypto API - grabbed from the Node.js library or the global
- * @type Crypto
- */
-const webCrypto = nodeCrypto.webcrypto || globalThis.crypto
-/**
- * The SubtleCrypto API for low level crypto operations.
- * @type SubtleCrypto
- */
-const subtleCrypto = webCrypto.subtle
-const textEncoder = new TextEncoder()
-
-/**
- *
- * @param {*} length
- * @returns
- */
-function randomBytes(length) {
-  return webCrypto.getRandomValues(Buffer.alloc(length))
-}
-
-async function md5(string) {
-  try {
-    return nodeCrypto.createHash('md5').update(string, 'utf-8').digest('hex')
-  } catch (e) {
-    // `createHash()` failed so we are probably not in Node.js, use the WebCrypto API instead.
-    // Note that the MD5 algorithm on WebCrypto is not available in Node.js.
-    // This is why we cannot just use WebCrypto in all environments.
-    const data = typeof string === 'string' ? textEncoder.encode(string) : string
-    const hash = await subtleCrypto.digest('MD5', data)
-    return Array.from(new Uint8Array(hash))
-      .map((b) => b.toString(16).padStart(2, '0'))
-      .join('')
-  }
-}
-
-// See AuthenticationMD5Password at https://www.postgresql.org/docs/current/static/protocol-flow.html
-async function postgresMd5PasswordHash(user, password, salt) {
-  var inner = await md5(password + user)
-  var outer = await md5(Buffer.concat([Buffer.from(inner), salt]))
-  return 'md5' + outer
-}
-
-/**
- * Create a SHA-256 digest of the given data
- * @param {Buffer} data
- */
-async function sha256(text) {
-  return await subtleCrypto.digest('SHA-256', text)
-}
-
-/**
- * Sign the message with the given key
- * @param {ArrayBuffer} keyBuffer
- * @param {string} msg
- */
-async function hmacSha256(keyBuffer, msg) {
-  const key = await subtleCrypto.importKey('raw', keyBuffer, { name: 'HMAC', hash: 'SHA-256' }, false, ['sign'])
-  return await subtleCrypto.sign('HMAC', key, textEncoder.encode(msg))
-}
-
-/**
- * Derive a key from the password and salt
- * @param {string} password
- * @param {Uint8Array} salt
- * @param {number} iterations
- */
-async function deriveKey(password, salt, iterations) {
-  const key = await subtleCrypto.importKey('raw', textEncoder.encode(password), 'PBKDF2', false, ['deriveBits'])
-  const params = { name: 'PBKDF2', hash: 'SHA-256', salt: salt, iterations: iterations }
-  return await subtleCrypto.deriveBits(params, key, 32 * 8, ['deriveBits'])
-}

package.json

 {
   "name": "pg",
-  "version": "8.11.1",
+  "version": "8.11.2",
   "description": "PostgreSQL client - pure javascript & libpq with the same API",
@@ -25,3 +25,3 @@ "keywords": [
     "packet-reader": "1.0.0",
-    "pg-connection-string": "^2.6.1",
+    "pg-connection-string": "^2.6.2",
     "pg-pool": "^3.6.1",
@@ -64,3 +64,3 @@ "pg-protocol": "^1.6.0",
   },
-  "gitHead": "eaafac36dc8f4a13f1fecc9e3420d35559fd8e2b"
+  "gitHead": "a2a355a6807bf75d92d7f0cb0f219588811a5356"
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

77177

increased by0.06%

Number of package files

20

increased by5.26%

Lines of code

2202

increased by0.05%

Dependency changes

• Updatedpg-connection-string@^2.6.2