Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
The sha3 npm package provides implementations of the SHA-3 (Secure Hash Algorithm 3) cryptographic hash functions. It allows you to generate hash digests for data, which can be used for data integrity checks, digital signatures, and other cryptographic applications.
Generate SHA-3 Hash
This feature allows you to generate a SHA-3 hash for a given input string. In this example, a SHA-3 hash with a 256-bit output is generated for the string 'hello world'.
const { SHA3 } = require('sha3');
const hash = new SHA3(256);
hash.update('hello world');
console.log(hash.digest('hex'));
Generate SHAKE128 Hash
This feature allows you to generate a SHAKE128 hash, which is an extendable-output function (XOF) variant of SHA-3. In this example, a SHAKE128 hash is generated for the string 'hello world' with a 128-bit output.
const { SHAKE } = require('sha3');
const hash = new SHAKE(128);
hash.update('hello world');
console.log(hash.digest({ buffer: Buffer.alloc(16) }).toString('hex'));
Generate SHAKE256 Hash
This feature allows you to generate a SHAKE256 hash, another XOF variant of SHA-3. In this example, a SHAKE256 hash is generated for the string 'hello world' with a 256-bit output.
const { SHAKE } = require('sha3');
const hash = new SHAKE(256);
hash.update('hello world');
console.log(hash.digest({ buffer: Buffer.alloc(32) }).toString('hex'));
The js-sha3 package provides a fast and simple implementation of SHA-3 hash functions in JavaScript. It supports various SHA-3 hash lengths and SHAKE functions. Compared to sha3, js-sha3 is known for its performance and ease of use.
The crypto-js package is a widely-used library that provides a variety of cryptographic algorithms, including SHA-3. It offers a comprehensive set of features for cryptographic operations beyond just SHA-3, making it a versatile choice for developers.
The hash.js package is a cryptographic library that supports multiple hash algorithms, including SHA-3. It is designed to be fast and efficient, and it provides a consistent API for various hash functions. Compared to sha3, hash.js offers a broader range of hash algorithms.
This Node.js extension implements the SHA-3 (Keccak) cryptographic hashing algorithm. It is based on the reference C implementation, version 3.2. The exposed interface is almost identical to that of the crypto
standard library.
Via npm
:
$ npm install sha3
Via yarn
:
$ yarn add sha3
Keccak supports 5 hash lengths: 224-bit, 256-bit, 384-bit, 512-bit and variable length. Variable length is not supported by this Node.js extension. Unless the user specifies otherwise, this Node.js extension assumes 512-bit.
const SHA3 = require('sha3');
// Generate 512-bit digest.
let d = new SHA3.SHA3Hash();
d.update('foo');
d.digest('hex');
// => "1597842a..."
// Generate 224-bit digest.
d = new SHA3.SHA3Hash(224);
d.update('foo');
d.digest('hex');
// => "daa94da7..."
This is the hash object. hashlen
is 512 by default.
Updates the hash content with the given data, the encoding of which is given in input_encoding
and can be 'utf8'
, 'ascii'
or 'binary'
. Defaults to 'binary'
. This can be called many times with new data as it is streamed.
Calculates the digest of all of the passed data to be hashed. The encoding can be 'hex'
or 'binary'
. Defaults to 'binary'
.
Note: unlike crypto.Hash
, a SHA3Hash
object can still be used after the digest()
method been called.
Run the test suite as follows:
$ npm test
The test suite is automatically generated from Keccak's reference test suite.
It requires that you have Python 2.7 installed and available via the
python
executable.
Do not use SHA-3 for hashing passwords. Do not even use SHA-3 + salt for hashing passwords. Use a slow hash instead.
FAQs
The Keccak family of hashing algorithms.
We found that sha3 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.