sodium-javascript - npm Package Compare versions

Comparing version 0.6.1 to 0.6.2

crypto_hash_sha256.js

 /* eslint-disable camelcase */
-const sha256 = require('sha256-wasm')
+const sha256 = require('sha256-universal')
 const assert = require('nanoassert')
@@ -4,0 +4,0 @@

crypto_hash.js

 /* eslint-disable camelcase */
-const sha512 = require('sha512-wasm')
+const sha512 = require('sha512-universal')
 const assert = require('nanoassert')
@@ -4,0 +4,0 @@

crypto_verify.js

 /* eslint-disable camelcase */
-const assert = require('nanoassert')
-
 module.exports = {
   crypto_verify_16,
-  crypto_verify_32,
-  sodium_memcmp,
-  sodium_is_zero
+  crypto_verify_32
 }
@@ -17,2 +13,7 @@
 
+// Make non enumerable as this is an internal function
+Object.defineProperty(module.exports, 'vn', {
+  value: vn
+})
+
 function crypto_verify_16 (x, xi, y, yi) {
@@ -25,13 +26,1 @@ return vn(x, xi, y, yi, 16)
 }
-
-function sodium_memcmp (a, b) {
-  assert(a.byteLength === b.byteLength, 'buffers must be the same size')
-
-  return vn(a, 0, b, 0, a.byteLength) === 0
-}
-
-function sodium_is_zero (arr) {
-  var d = 0
-  for (let i = 0; i < arr.length; i++) d |= arr[i]
-  return d === 0
-}

index.js

@@ -11,3 +11,6 @@ 'use strict'
 
+forward(require('./randombytes'))
 forward(require('./memory'))
+forward(require('./helpers'))
+forward(require('./crypto_verify'))
 forward(require('./crypto_box'))
@@ -27,4 +30,2 @@ forward(require('./crypto_generichash'))
 forward(require('./crypto_stream_chacha20'))
-forward(require('./crypto_verify'))
-forward(require('./randombytes'))
 
@@ -31,0 +32,0 @@ function forward (submodule) {

memory.js

 /* eslint-disable camelcase */
+var MessageChannel = global.MessageChannel
+if (MessageChannel == null) ({ MessageChannel } = require('worker' + '_threads'))
 
@@ -7,2 +9,8 @@ function sodium_malloc (n) {
 
+const sink = new MessageChannel()
+function sodium_free (n) {
+  sodium_memzero(n)
+  sink.port1.postMessage(n.buffer, [n.buffer])
+}
+
 function sodium_memzero (arr) {
@@ -14,3 +22,4 @@ arr.fill(0)
   sodium_malloc,
+  sodium_free,
   sodium_memzero
 }

package.json

 {
   "name": "sodium-javascript",
-  "version": "0.6.1",
+  "version": "0.6.2",
   "description": "WIP - a pure javascript version of sodium-native",
@@ -10,4 +10,4 @@ "main": "index.js",
     "nanoassert": "^2.0.0",
-    "sha256-wasm": "^1.3.0",
-    "sha512-wasm": "^1.2.0",
+    "sha256-universal": "^1.0.1",
+    "sha512-universal": "^1.0.1",
     "siphash24": "^1.0.1",
@@ -17,3 +17,2 @@ "xsalsa20": "^1.0.0"
   "devDependencies": {
-    "browser-run": "^7.0.2",
     "browserify": "^16.5.1",
@@ -36,6 +35,5 @@ "sodium-test": "^0.9.0",
   "scripts": {
-    "browser": "browserify test.js | browser-run",
-    "browser-manual": "browserify test.js | tape-run",
     "pretest": "standard",
-    "test": "node test.js"
+    "test": "node test.js",
+    "test-browser": "browserify test.js | tape-run"
   },
@@ -42,0 +40,0 @@ "repository": {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

64235

increased by1.43%

Dev dependency count

4

decreased by-20%

Number of package files

27

increased by3.85%

Lines of code

1838

increased by1.49%

Number of medium supply chain risk alerts

0

decreased by-100%

Worsened metrics

Number of low supply chain risk alerts

3

increased by50%

Dependency changes

• + Addedsha256-universal@^1.0.1

• + Addedsha512-universal@^1.0.1

• + Addedsha256-universal@1.2.1(transitive)

• + Addedsha256-wasm@2.2.2(transitive)

• + Addedsha512-universal@1.2.1(transitive)

• + Addedsha512-wasm@2.3.4(transitive)

• - Removedsha256-wasm@^1.3.0

• - Removedsha512-wasm@^1.2.0

• - Removedsha256-wasm@1.3.0(transitive)

• - Removedsha512-wasm@1.2.0(transitive)