Research
Security News
Malicious PyPI Package ‘pycord-self’ Targets Discord Developers with Token Theft and Backdoor Exploit
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
poly1305-js
Advanced tools
This is a pure JavaScript implementation of Poly1305.
npm install poly1305-js
Usage is straightforward.
const Poly1305 = require('poly1305-js');
(async function() {
let message = Buffer.from("test message");
let key = Buffer.from('808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f', 'hex');
let tag = await Poly1305.onetimeauth(message, key);
if (await Poly1305.onetimeauth_verify(message, key, tag)) {
console.log('success');
}
// Streaming API
let auth = new Poly1305(key);
await auth.update(message);
await auth.update(Buffer.from('some additional data'));
tag = await auth.finish();
console.log(tag);
})();
FAQs
Javascript implementations of Poly1305
The npm package poly1305-js receives a total of 9,617 weekly downloads. As such, poly1305-js popularity was classified as popular.
We found that poly1305-js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
Security News
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.