Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
rusha-browserify
Advanced tools
A high-performance pure-javascript SHA1 implementation suitable for large binary data.
A high-performance pure-javascript SHA1 implementation suitable for large binary data.
When we started experimenting with alternative upload technologies at doctape that required creating SHA1 hashes of the data locally on the client, it quickly became obvious that there were no performant pure-js implementations of SHA1 that worked correctly on binary data.
Jeff Mott's CryptoJS and Brian Turek's jsSHA were both hash functions that worked correctly on ASCII strings of a small size, but didn't scale to large data and/or didn't work correctly with binary data.
(On a sidenode, as of now Tim Caswell's Cifre actually works with large binary data, as opposed to previously statet.)
By modifying Paul Johnston's sha1.js slightly, it worked correctly on binary data but was unfortunately very slow, especially on V8. So a few days were invested on my side to implement a Johnston-inspired SHA1 hashing function with a heavy focus on performance.
The result of this process is Rusha, a SHA1 hash function that works flawlessly on large amounts binary data, such as binary strings or ArrayBuffers returned by the HTML5 File API, and leverages the soon-to-be-landed-in-firefox asm.js with whose support its within half of native speed!
There is really no point in doing this, since Node.JS already has a wonderful crypto
module that is leveraging low-level hardware instructions to perform really nice. Your can see the comparison below in the benchmarks.
Rusha is available on npm via npm install rusha
.
If you still want to do this, anyhow, just require()
the rusha.js
file, follow the instructions on Using the Rusha Object.
Rusha is available on bower via bower install rusha
.
It is highly recommended to run CPU-intensive tasks in a Web Worker. To do so, just start a worker with var worker = new Worker('rusha.js')
and start sending it jobs. Follow the instructions on Using the Rusha Worker.
If you can't, for any reason, use Web Workers, include the rusha.js
file in a <script>
tag and follow the instructions on Using the Rusha Object.
Your instantiate a new Rusha object by doing var r = new Rusha(optionalSizeHint)
. When created, it provides the following methods:
Rusha#digest(d)
: Create a hex digest from data of the three kinds mentioned below, or throw and error if the type is unsupported.Rusha#digestFromString(s)
: Create a hex digest from a binary String
. A binary string is expected to only contain characters whose charCode < 256.Rusha#digestFromBuffer(b)
: Create a hex digest from a Buffer
or Array
. Both are expected to only contain elements < 256.Rusha#digestFromArrayBuffer(a)
: Create a hex digest from an ArrayBuffer
object.Rusha#rawDigest(d)
: Behaves just like #digest(d), except that it returns the digest as an Int32Array of size 5.You can send your instance of the web worker messages in the format {id: jobid, data: dataobject}
. The worker then sends back a message in the format {id: jobid, hash: hash}
, were jobid is the id of the job previously received and hash is the hash of the data-object you passed, be it a Blob
, Array
, Buffer
, ArrayBuffer
or String
.
npm install .
rusha.pp.js
make rusha.min.js
npm test
Tested were my Rusha implementation, the sha1.js implementation by P. A. Johnston, Tim Caswell's Cifre and the Node.JS native implementation.
If you want to check the performance for yourself in your own browser, I compiled a JSPerf Page.
A normalized estimation based on the best results for each implementation, smaller is better:
Results per Implementation and Platform:
All tests were performed on a MacBook Air 1.7 GHz Intel Core i5 and 4 GB 1333 MHz DDR3.
FAQs
A high-performance pure-javascript SHA1 implementation suitable for large binary data.
The npm package rusha-browserify receives a total of 0 weekly downloads. As such, rusha-browserify popularity was classified as not popular.
We found that rusha-browserify demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.