sshpk - npm Package Compare versions

Comparing version 1.14.1 to 1.14.2

lib/algs.js

 // Copyright 2015 Joyent, Inc.
 
+var Buffer = require('safer-buffer').Buffer;
+
 var algInfo = {
@@ -55,23 +57,23 @@ 'dsa': {
 		pkcs8oid: '1.2.840.10045.3.1.7',
-		p: new Buffer(('00' +
+		p: Buffer.from(('00' +
 		    'ffffffff 00000001 00000000 00000000' +
 		    '00000000 ffffffff ffffffff ffffffff').
 		    replace(/ /g, ''), 'hex'),
-		a: new Buffer(('00' +
+		a: Buffer.from(('00' +
 		    'FFFFFFFF 00000001 00000000 00000000' +
 		    '00000000 FFFFFFFF FFFFFFFF FFFFFFFC').
 		    replace(/ /g, ''), 'hex'),
-		b: new Buffer((
+		b: Buffer.from((
 		    '5ac635d8 aa3a93e7 b3ebbd55 769886bc' +
 		    '651d06b0 cc53b0f6 3bce3c3e 27d2604b').
 		    replace(/ /g, ''), 'hex'),
-		s: new Buffer(('00' +
+		s: Buffer.from(('00' +
 		    'c49d3608 86e70493 6a6678e1 139d26b7' +
 		    '819f7e90').
 		    replace(/ /g, ''), 'hex'),
-		n: new Buffer(('00' +
+		n: Buffer.from(('00' +
 		    'ffffffff 00000000 ffffffff ffffffff' +
 		    'bce6faad a7179e84 f3b9cac2 fc632551').
 		    replace(/ /g, ''), 'hex'),
-		G: new Buffer(('04' +
+		G: Buffer.from(('04' +
 		    '6b17d1f2 e12c4247 f8bce6e5 63a440f2' +
@@ -86,3 +88,3 @@ '77037d81 2deb33a0 f4a13945 d898c296' +
 		pkcs8oid: '1.3.132.0.34',
-		p: new Buffer(('00' +
+		p: Buffer.from(('00' +
 		    'ffffffff ffffffff ffffffff ffffffff' +
@@ -92,3 +94,3 @@ 'ffffffff ffffffff ffffffff fffffffe' +
 		    replace(/ /g, ''), 'hex'),
-		a: new Buffer(('00' +
+		a: Buffer.from(('00' +
 		    'FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF' +
@@ -98,3 +100,3 @@ 'FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE' +
 		    replace(/ /g, ''), 'hex'),
-		b: new Buffer((
+		b: Buffer.from((
 		    'b3312fa7 e23ee7e4 988e056b e3f82d19' +
@@ -104,7 +106,7 @@ '181d9c6e fe814112 0314088f 5013875a' +
 		    replace(/ /g, ''), 'hex'),
-		s: new Buffer(('00' +
+		s: Buffer.from(('00' +
 		    'a335926a a319a27a 1d00896a 6773a482' +
 		    '7acdac73').
 		    replace(/ /g, ''), 'hex'),
-		n: new Buffer(('00' +
+		n: Buffer.from(('00' +
 		    'ffffffff ffffffff ffffffff ffffffff' +
@@ -114,3 +116,3 @@ 'ffffffff ffffffff c7634d81 f4372ddf' +
 		    replace(/ /g, ''), 'hex'),
-		G: new Buffer(('04' +
+		G: Buffer.from(('04' +
 		    'aa87ca22 be8b0537 8eb1c71e f320ad74' +
@@ -127,3 +129,3 @@ '6e1d3b62 8ba79b98 59f741e0 82542a38' +
 		pkcs8oid: '1.3.132.0.35',
-		p: new Buffer((
+		p: Buffer.from((
 		    '01ffffff ffffffff ffffffff ffffffff' +
@@ -134,3 +136,3 @@ 'ffffffff ffffffff ffffffff ffffffff' +
 		    'ffff').replace(/ /g, ''), 'hex'),
-		a: new Buffer(('01FF' +
+		a: Buffer.from(('01FF' +
 		    'FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF' +
@@ -141,3 +143,3 @@ 'FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF' +
 		    replace(/ /g, ''), 'hex'),
-		b: new Buffer(('51' +
+		b: Buffer.from(('51' +
 		    '953eb961 8e1c9a1f 929a21a0 b68540ee' +
@@ -148,6 +150,6 @@ 'a2da725b 99b315f3 b8b48991 8ef109e1' +
 		    replace(/ /g, ''), 'hex'),
-		s: new Buffer(('00' +
+		s: Buffer.from(('00' +
 		    'd09e8800 291cb853 96cc6717 393284aa' +
 		    'a0da64ba').replace(/ /g, ''), 'hex'),
-		n: new Buffer(('01ff' +
+		n: Buffer.from(('01ff' +
 		    'ffffffff ffffffff ffffffff ffffffff' +
@@ -158,3 +160,3 @@ 'ffffffff ffffffff ffffffff fffffffa' +
 		    replace(/ /g, ''), 'hex'),
-		G: new Buffer(('04' +
+		G: Buffer.from(('04' +
 		    '00c6 858e06b7 0404e9cd 9e3ecb66 2395b442' +
@@ -161,0 +163,0 @@ '9c648139 053fb521 f828af60 6b4d3dba' +

lib/certificate.js

@@ -6,2 +6,3 @@ // Copyright 2016 Joyent, Inc.
 var assert = require('assert-plus');
+var Buffer = require('safer-buffer').Buffer;
 var algs = require('./algs');
@@ -189,3 +190,3 @@ var crypto = require('crypto');
 	if (serial === undefined)
-		serial = new Buffer('0000000000000001', 'hex');
+		serial = Buffer.from('0000000000000001', 'hex');
 
@@ -288,3 +289,3 @@ var purposes = options.purposes;
 	if (serial === undefined)
-		serial = new Buffer('0000000000000001', 'hex');
+		serial = Buffer.from('0000000000000001', 'hex');
 
@@ -291,0 +292,0 @@ var purposes = options.purposes;

lib/dhe.js

@@ -11,2 +11,3 @@ // Copyright 2017 Joyent, Inc.
 var crypto = require('crypto');
+var Buffer = require('safer-buffer').Buffer;
 var algs = require('./algs');
@@ -193,3 +194,3 @@ var utils = require('./utils');
 
-		return (new Buffer(secret));
+		return (Buffer.from(secret));
 	}
@@ -223,3 +224,3 @@
 			parts.push({name: 'curve',
-			    data: new Buffer(this._curve)});
+			    data: Buffer.from(this._curve)});
 			parts.push({name: 'Q', data: this._dh.getPublicKey()});
@@ -242,4 +243,4 @@ parts.push({name: 'd', data: this._dh.getPrivateKey()});
 
-			priv = new Buffer(priv.toByteArray());
-			pub = new Buffer(this._ecParams.getCurve().
+			priv = Buffer.from(priv.toByteArray());
+			pub = Buffer.from(this._ecParams.getCurve().
 			    encodePointHex(pub), 'hex');
@@ -250,3 +251,3 @@
 			parts.push({name: 'curve',
-			    data: new Buffer(this._curve)});
+			    data: Buffer.from(this._curve)});
 			parts.push({name: 'Q', data: pub});
@@ -266,4 +267,4 @@ parts.push({name: 'd', data: priv});
 		var pair = nacl.box.keyPair();
-		priv = new Buffer(pair.secretKey);
-		pub = new Buffer(pair.publicKey);
+		priv = Buffer.from(pair.secretKey);
+		pub = Buffer.from(pair.publicKey);
 		priv = Buffer.concat([priv, pub]);
@@ -325,3 +326,3 @@ assert.strictEqual(priv.length, 64);
 	var S = pubKey._pub.multiply(this._priv);
-	return (new Buffer(S.getX().toBigInteger().toByteArray()));
+	return (Buffer.from(S.getX().toBigInteger().toByteArray()));
 };
@@ -334,4 +335,4 @@
 	var pair = nacl.sign.keyPair();
-	var priv = new Buffer(pair.secretKey);
-	var pub = new Buffer(pair.publicKey);
+	var priv = Buffer.from(pair.secretKey);
+	var pub = Buffer.from(pair.publicKey);
 	assert.strictEqual(priv.length, 64);
@@ -373,3 +374,3 @@ assert.strictEqual(pub.length, 32);
 		parts.push({name: 'curve',
-		    data: new Buffer(curve)});
+		    data: Buffer.from(curve)});
 		parts.push({name: 'Q', data: dh.getPublicKey()});
@@ -407,7 +408,7 @@ parts.push({name: 'd', data: dh.getPrivateKey()});
 
-		priv = new Buffer(priv.toByteArray());
-		pub = new Buffer(ecParams.getCurve().
+		priv = Buffer.from(priv.toByteArray());
+		pub = Buffer.from(ecParams.getCurve().
 		    encodePointHex(pub), 'hex');
 
-		parts.push({name: 'curve', data: new Buffer(curve)});
+		parts.push({name: 'curve', data: Buffer.from(curve)});
 		parts.push({name: 'Q', data: pub});
@@ -414,0 +415,0 @@ parts.push({name: 'd', data: priv});

lib/ed-compat.js

@@ -12,2 +12,3 @@ // Copyright 2015 Joyent, Inc.
 var assert = require('assert-plus');
+var Buffer = require('safer-buffer').Buffer;
 var Signature = require('./signature');
@@ -37,3 +38,3 @@
 	if (typeof (chunk) === 'string')
-		chunk = new Buffer(chunk, 'binary');
+		chunk = Buffer.from(chunk, 'binary');
 	this.chunks.push(chunk);
@@ -50,3 +51,3 @@ };
 	} else if (typeof (signature) === 'string') {
-		sig = new Buffer(signature, 'base64');
+		sig = Buffer.from(signature, 'base64');
 
@@ -87,3 +88,3 @@ } else if (Signature.isSignature(signature, [1, 0])) {
 	if (typeof (chunk) === 'string')
-		chunk = new Buffer(chunk, 'binary');
+		chunk = Buffer.from(chunk, 'binary');
 	this.chunks.push(chunk);
@@ -97,3 +98,3 @@ };
 		this.key.part.k.data, this.key.part.A.data])));
-	var sigBuf = new Buffer(sig);
+	var sigBuf = Buffer.from(sig);
 	var sigObj = Signature.parse(sigBuf, 'ed25519', 'raw');
@@ -100,0 +101,0 @@ sigObj.hashAlgorithm = 'sha512';

lib/fingerprint.js

@@ -6,2 +6,3 @@ // Copyright 2015 Joyent, Inc.
 var assert = require('assert-plus');
+var Buffer = require('safer-buffer').Buffer;
 var algs = require('./algs');
@@ -94,3 +95,3 @@ var crypto = require('crypto');
 		try {
-			hash = new Buffer(parts[1], 'base64');
+			hash = Buffer.from(parts[1], 'base64');
 		} catch (e) {
@@ -109,3 +110,3 @@ throw (new FingerprintFormatError(fp));
 		try {
-			hash = new Buffer(parts, 'hex');
+			hash = Buffer.from(parts, 'hex');
 		} catch (e) {
@@ -112,0 +113,0 @@ throw (new FingerprintFormatError(fp));

lib/formats/auto.js

@@ -9,2 +9,3 @@ // Copyright 2015 Joyent, Inc.
 var assert = require('assert-plus');
+var Buffer = require('safer-buffer').Buffer;
 var utils = require('../utils');
@@ -31,3 +32,3 @@ var Key = require('../key');
 			return (dnssec.read(buf, options));
-		buf = new Buffer(buf, 'binary');
+		buf = Buffer.from(buf, 'binary');
 	} else {
@@ -34,0 +35,0 @@ assert.buffer(buf);

lib/formats/dnssec.js

@@ -9,2 +9,3 @@ // Copyright 2017 Joyent, Inc.
 var assert = require('assert-plus');
+var Buffer = require('safer-buffer').Buffer;
 var Key = require('../key');
@@ -70,3 +71,3 @@ var PrivateKey = require('../private-key');
 	var base64key = elems.slice(6, elems.length).join();
-	var keyBuffer = new Buffer(base64key, 'base64');
+	var keyBuffer = Buffer.from(base64key, 'base64');
 	if (supportedAlgosById[algorithm].match(/^RSA-/)) {
@@ -106,3 +107,3 @@ // join the rest of the body into a single base64-blob
 			parts: [
-				{name: 'curve', data: new Buffer(curve) },
+				{name: 'curve', data: Buffer.from(curve) },
 				{name: 'Q', data: utils.ecNormalize(keyBuffer) }
@@ -118,3 +119,3 @@ ]
 function elementToBuf(e) {
-	return (new Buffer(e.split(' ')[1], 'base64'));
+	return (Buffer.from(e.split(' ')[1], 'base64'));
 }
@@ -168,3 +169,3 @@
 	    supportedAlgosById[alg] === 'ECDSA-P256-SHA256') {
-		var d = new Buffer(elements[0].split(' ')[1], 'base64');
+		var d = Buffer.from(elements[0].split(' ')[1], 'base64');
 		var curve = 'nistp384';
@@ -184,3 +185,3 @@ var size = 384;
 			parts: [
-				{name: 'curve', data: new Buffer(curve) },
+				{name: 'curve', data: Buffer.from(curve) },
 				{name: 'd', data: d },
@@ -246,3 +247,3 @@ {name: 'Q', data: Q }
 	out += 'Activate: ' + dnssecTimestamp(timestamp) + '\n';
-	return (new Buffer(out, 'ascii'));
+	return (Buffer.from(out, 'ascii'));
 }
@@ -270,3 +271,3 @@
 
-	return (new Buffer(out, 'ascii'));
+	return (Buffer.from(out, 'ascii'));
 }
@@ -273,0 +274,0 @@

lib/formats/openssh-cert.js

@@ -18,2 +18,3 @@ // Copyright 2017 Joyent, Inc.
 var crypto = require('crypto');
+var Buffer = require('safer-buffer').Buffer;
 var algs = require('../algs');
@@ -54,3 +55,3 @@ var Key = require('../key');
 
-	data = new Buffer(data, 'base64');
+	data = Buffer.from(data, 'base64');
 	return (fromBuffer(data, algo));
@@ -169,3 +170,3 @@ }
 	var lower = Math.floor(i % 4294967296);
-	var buf = new Buffer(8);
+	var buf = Buffer.alloc(8);
 	buf.writeUInt32BE(upper, 0);
@@ -284,11 +285,11 @@ buf.writeUInt32BE(lower, 4);
 	if (sig.critical === undefined)
-		sig.critical = new Buffer(0);
+		sig.critical = Buffer.alloc(0);
 	buf.writeBuffer(sig.critical);
 
 	if (sig.exts === undefined)
-		sig.exts = new Buffer(0);
+		sig.exts = Buffer.alloc(0);
 	buf.writeBuffer(sig.exts);
 
 	/* reserved */
-	buf.writeBuffer(new Buffer(0));
+	buf.writeBuffer(Buffer.alloc(0));
 
@@ -295,0 +296,0 @@ sub = rfc4253.write(cert.issuerKey);

lib/formats/pem.js

@@ -11,2 +11,3 @@ // Copyright 2015 Joyent, Inc.
 var crypto = require('crypto');
+var Buffer = require('safer-buffer').Buffer;
 var algs = require('../algs');
@@ -71,3 +72,3 @@ var utils = require('../utils');
 			if (typeof (options.passphrase) === 'string') {
-				options.passphrase = new Buffer(
+				options.passphrase = Buffer.from(
 				    options.passphrase, 'utf-8');
@@ -82,3 +83,3 @@ }
 				cipher = parts[0].toLowerCase();
-				iv = new Buffer(parts[1], 'hex');
+				iv = Buffer.from(parts[1], 'hex');
 				key = utils.opensslKeyDeriv(cipher, iv,
@@ -92,3 +93,3 @@ options.passphrase, 1).key;
 	lines = lines.slice(0, -1).join('');
-	buf = new Buffer(lines, 'base64');
+	buf = Buffer.from(lines, 'base64');
 
@@ -181,3 +182,3 @@ if (cipher && key && iv) {
 	    18 + 16 + header.length*2 + 10;
-	var buf = new Buffer(len);
+	var buf = Buffer.alloc(len);
 	var o = 0;
@@ -184,0 +185,0 @@ o += buf.write('-----BEGIN ' + header + '-----\n', o);

lib/formats/pkcs1.js

@@ -12,2 +12,3 @@ // Copyright 2015 Joyent, Inc.
 var asn1 = require('asn1');
+var Buffer = require('safer-buffer').Buffer;
 var algs = require('../algs');
@@ -213,3 +214,3 @@ var utils = require('../utils');
 		parts: [
-			{ name: 'curve', data: new Buffer(curve) },
+			{ name: 'curve', data: Buffer.from(curve) },
 			{ name: 'Q', data: Q }
@@ -240,3 +241,3 @@ ]
 		parts: [
-			{ name: 'curve', data: new Buffer(curve) },
+			{ name: 'curve', data: Buffer.from(curve) },
 			{ name: 'Q', data: Q },
@@ -291,4 +292,3 @@ { name: 'd', data: d }
 function writePkcs1RSAPrivate(der, key) {
-	var ver = new Buffer(1);
-	ver[0] = 0;
+	var ver = Buffer.from([0]);
 	der.writeBuffer(ver, asn1.Ber.Integer);
@@ -309,4 +309,3 @@
 function writePkcs1DSAPrivate(der, key) {
-	var ver = new Buffer(1);
-	ver[0] = 0;
+	var ver = Buffer.from([0]);
 	der.writeBuffer(ver, asn1.Ber.Integer);
@@ -344,4 +343,3 @@
 function writePkcs1ECDSAPrivate(der, key) {
-	var ver = new Buffer(1);
-	ver[0] = 1;
+	var ver = Buffer.from([1]);
 	der.writeBuffer(ver, asn1.Ber.Integer);
@@ -365,4 +363,3 @@
 function writePkcs1EdDSAPrivate(der, key) {
-	var ver = new Buffer(1);
-	ver[0] = 1;
+	var ver = Buffer.from([1]);
 	der.writeBuffer(ver, asn1.Ber.Integer);
@@ -369,0 +366,0 @@

lib/formats/pkcs8.js

@@ -15,2 +15,3 @@ // Copyright 2015 Joyent, Inc.
 var asn1 = require('asn1');
+var Buffer = require('safer-buffer').Buffer;
 var algs = require('../algs');
@@ -311,3 +312,3 @@ var utils = require('../utils');
 		parts: [
-			{ name: 'curve', data: new Buffer(curveName) },
+			{ name: 'curve', data: Buffer.from(curveName) },
 			{ name: 'Q', data: Q },
@@ -331,3 +332,3 @@ { name: 'd', data: d }
 		parts: [
-			{ name: 'curve', data: new Buffer(curveName) },
+			{ name: 'curve', data: Buffer.from(curveName) },
 			{ name: 'Q', data: Q }
@@ -421,4 +422,3 @@ ]
 	if (PrivateKey.isPrivateKey(key)) {
-		var sillyInt = new Buffer(1);
-		sillyInt[0] = 0x0;
+		var sillyInt = Buffer.from([0]);
 		der.writeBuffer(sillyInt, asn1.Ber.Integer);
@@ -471,4 +471,3 @@ }
 
-	var version = new Buffer(1);
-	version[0] = 0;
+	var version = Buffer.from([0]);
 	der.writeBuffer(version, asn1.Ber.Integer);
@@ -544,4 +543,3 @@
 
-		var version = new Buffer(1);
-		version.writeUInt8(1, 0);
+		var version = Buffer.from([1]);
 		der.writeBuffer(version, asn1.Ber.Integer);
@@ -569,4 +567,3 @@
 		if (!h) {
-			h = new Buffer(1);
-			h[0] = 1;
+			h = Buffer.from([1]);
 		}
@@ -595,4 +592,3 @@ der.writeBuffer(h, asn1.Ber.Integer);
 
-	var version = new Buffer(1);
-	version[0] = 1;
+	var version = Buffer.from([1]);
 	der.writeBuffer(version, asn1.Ber.Integer);
@@ -599,0 +595,0 @@

lib/formats/rfc4253.js

@@ -17,2 +17,3 @@ // Copyright 2015 Joyent, Inc.
 var assert = require('assert-plus');
+var Buffer = require('safer-buffer').Buffer;
 var algs = require('../algs');
@@ -58,3 +59,3 @@ var utils = require('../utils');
 	if (typeof (buf) === 'string')
-		buf = new Buffer(buf);
+		buf = Buffer.from(buf);
 	assert.buffer(buf, 'buf');
@@ -61,0 +62,0 @@

lib/formats/ssh-private.js

@@ -11,2 +11,3 @@ // Copyright 2015 Joyent, Inc.
 var asn1 = require('asn1');
+var Buffer = require('safer-buffer').Buffer;
 var algs = require('../algs');
@@ -74,3 +75,3 @@ var utils = require('../utils');
 		if (typeof (options.passphrase) === 'string') {
-			options.passphrase = new Buffer(options.passphrase,
+			options.passphrase = Buffer.from(options.passphrase,
 			    'utf-8');
@@ -93,3 +94,3 @@ }
 		}
-		out = new Buffer(out);
+		out = Buffer.from(out);
 		var ckey = out.slice(0, cinf.keySize);
@@ -148,3 +149,3 @@ var iv = out.slice(cinf.keySize, cinf.keySize + cinf.blockSize);
 	var kdf = 'none';
-	var kdfopts = new Buffer(0);
+	var kdfopts = Buffer.alloc(0);
 	var cinf = { blockSize: 8 };
@@ -155,3 +156,3 @@ var passphrase;
 		if (typeof (passphrase) === 'string')
-			passphrase = new Buffer(passphrase, 'utf-8');
+			passphrase = Buffer.from(passphrase, 'utf-8');
 		if (passphrase !== undefined) {
@@ -207,3 +208,3 @@ assert.buffer(passphrase, 'options.passphrase');
 		}
-		out = new Buffer(out);
+		out = Buffer.from(out);
 		var ckey = out.slice(0, cinf.keySize);
@@ -253,3 +254,3 @@ var iv = out.slice(cinf.keySize, cinf.keySize + cinf.blockSize);
 	    18 + 16 + header.length*2 + 10;
-	buf = new Buffer(len);
+	buf = Buffer.alloc(len);
 	var o = 0;
@@ -256,0 +257,0 @@ o += buf.write('-----BEGIN ' + header + '-----\n', o);

lib/formats/ssh.js

@@ -9,2 +9,3 @@ // Copyright 2015 Joyent, Inc.
 var assert = require('assert-plus');
+var Buffer = require('safer-buffer').Buffer;
 var rfc4253 = require('./rfc4253');
@@ -35,3 +36,3 @@ var utils = require('../utils');
 	var type = rfc4253.algToKeyType(m[1]);
-	var kbuf = new Buffer(m[2], 'base64');
+	var kbuf = Buffer.from(m[2], 'base64');
 
@@ -55,3 +56,3 @@ /*
 			assert.ok(m, 'key must match regex');
-			kbuf = new Buffer(m[2], 'base64');
+			kbuf = Buffer.from(m[2], 'base64');
 			key = rfc4253.readInternal(ret, 'public', kbuf);
@@ -116,3 +117,3 @@ }
 
-	return (new Buffer(parts.join(' ')));
+	return (Buffer.from(parts.join(' ')));
 }

lib/formats/x509-pem.js

@@ -14,2 +14,3 @@ // Copyright 2016 Joyent, Inc.
 var asn1 = require('asn1');
+var Buffer = require('safer-buffer').Buffer;
 var algs = require('../algs');
@@ -52,3 +53,3 @@ var utils = require('../utils');
 	lines = lines.slice(0, -1).join('');
-	buf = new Buffer(lines, 'base64');
+	buf = Buffer.from(lines, 'base64');
 
@@ -65,3 +66,3 @@ return (x509.read(buf, options));
 	    18 + 16 + header.length*2 + 10;
-	var buf = new Buffer(len);
+	var buf = Buffer.alloc(len);
 	var o = 0;
@@ -68,0 +69,0 @@ o += buf.write('-----BEGIN ' + header + '-----\n', o);

lib/formats/x509.js

@@ -13,2 +13,3 @@ // Copyright 2017 Joyent, Inc.
 var asn1 = require('asn1');
+var Buffer = require('safer-buffer').Buffer;
 var algs = require('../algs');
@@ -93,3 +94,3 @@ var utils = require('../utils');
 	if (typeof (buf) === 'string') {
-		buf = new Buffer(buf, 'binary');
+		buf = Buffer.from(buf, 'binary');
 	}
@@ -505,3 +506,3 @@ assert.buffer(buf, 'buf');
 	var sigData = sig.signature.toBuffer('asn1');
-	var data = new Buffer(sigData.length + 1);
+	var data = Buffer.alloc(sigData.length + 1);
 	data[0] = 0;
@@ -716,4 +717,3 @@ sigData.copy(data, 1);
 	var unused = blen * 8 - bitLen;
-	var bits = new Buffer(1 + blen);
-	bits.fill(0);
+	var bits = Buffer.alloc(1 + blen); // zero-filled
 	bits[0] = unused;
@@ -720,0 +720,0 @@ for (var i = 0; i < bitLen; ++i) {

lib/identity.js

@@ -14,2 +14,3 @@ // Copyright 2017 Joyent, Inc.
 var asn1 = require('asn1');
+var Buffer = require('safer-buffer').Buffer;
 
@@ -147,3 +148,3 @@ /*JSSTYLED*/
 		    c.value.match(NOT_IA5)) {
-			var v = new Buffer(c.value, 'utf8');
+			var v = Buffer.from(c.value, 'utf8');
 			der.writeBuffer(v, asn1.Ber.Utf8String);
@@ -150,0 +151,0 @@

lib/private-key.js

@@ -6,2 +6,3 @@ // Copyright 2017 Joyent, Inc.
 var assert = require('assert-plus');
+var Buffer = require('safer-buffer').Buffer;
 var algs = require('./algs');
@@ -101,3 +102,3 @@ var crypto = require('crypto');
 		pair = nacl.box.keyPair.fromSecretKey(new Uint8Array(priv));
-		pub = new Buffer(pair.publicKey);
+		pub = Buffer.from(pair.publicKey);
 
@@ -120,3 +121,3 @@ return (new PrivateKey({
 		pair = nacl.sign.keyPair.fromSeed(new Uint8Array(priv));
-		pub = new Buffer(pair.publicKey);
+		pub = Buffer.from(pair.publicKey);
 
@@ -172,3 +173,3 @@ return (new PrivateKey({
 		if (typeof (sig) === 'string')
-			sig = new Buffer(sig, 'binary');
+			sig = Buffer.from(sig, 'binary');
 		sig = Signature.parse(sig, type, 'asn1');
@@ -175,0 +176,0 @@ sig.hashAlgorithm = hashAlgo;

lib/signature.js

@@ -6,2 +6,3 @@ // Copyright 2015 Joyent, Inc.
 var assert = require('assert-plus');
+var Buffer = require('safer-buffer').Buffer;
 var algs = require('./algs');
@@ -145,3 +146,3 @@ var crypto = require('crypto');
 	if (typeof (data) === 'string')
-		data = new Buffer(data, 'base64');
+		data = Buffer.from(data, 'base64');
 	assert.buffer(data, 'data');
@@ -148,0 +149,0 @@ assert.string(format, 'format');

lib/ssh-buffer.js

@@ -6,2 +6,3 @@ // Copyright 2015 Joyent, Inc.
 var assert = require('assert-plus');
+var Buffer = require('safer-buffer').Buffer;
 
@@ -14,3 +15,3 @@ function SSHBuffer(opts) {
 	this._size = opts.buffer ? opts.buffer.length : 1024;
-	this._buffer = opts.buffer || (new Buffer(this._size));
+	this._buffer = opts.buffer || Buffer.alloc(this._size);
 	this._offset = 0;
@@ -37,3 +38,3 @@ }
 	this._size *= 2;
-	var buf = new Buffer(this._size);
+	var buf = Buffer.alloc(this._size);
 	this._buffer.copy(buf, 0);
@@ -102,3 +103,3 @@ this._buffer = buf;
 SSHBuffer.prototype.writeString = function (str) {
-	this.writeBuffer(new Buffer(str, 'utf8'));
+	this.writeBuffer(Buffer.from(str, 'utf8'));
 };
@@ -105,0 +106,0 @@

lib/utils.js

@@ -24,2 +24,3 @@ // Copyright 2015 Joyent, Inc.
 var assert = require('assert-plus');
+var Buffer = require('safer-buffer').Buffer;
 var PrivateKey = require('./private-key');
@@ -105,3 +106,3 @@ var Key = require('./key');
 	var D, D_prev, bufs;
-	var material = new Buffer(0);
+	var material = Buffer.alloc(0);
 	while (material.length < clen.key + clen.iv) {
@@ -190,3 +191,3 @@ bufs = [];
 	}
-	var b = new Buffer(buf.length + 1);
+	var b = Buffer.alloc(buf.length + 1);
 	b[0] = 0x0;
@@ -209,3 +210,3 @@ buf.copy(b, 1);
 		tag = asn1.Ber.BitString;
-	var b = new Buffer(buf.length + 1);
+	var b = Buffer.alloc(buf.length + 1);
 	b[0] = 0x00;
@@ -221,3 +222,3 @@ buf.copy(b, 1);
 	if ((buf[0] & 0x80) === 0x80) {
-		var b = new Buffer(buf.length + 1);
+		var b = Buffer.alloc(buf.length + 1);
 		b[0] = 0x00;
@@ -245,3 +246,3 @@ buf.copy(b, 1);
 	while (buf.length < len) {
-		var b = new Buffer(buf.length + 1);
+		var b = Buffer.alloc(buf.length + 1);
 		b[0] = 0x00;
@@ -255,3 +256,3 @@ buf.copy(b, 1);
 function bigintToMpBuf(bigint) {
-	var buf = new Buffer(bigint.toByteArray());
+	var buf = Buffer.from(bigint.toByteArray());
 	buf = mpNormalize(buf);
@@ -286,3 +287,3 @@ return (buf);
 	var kp = nacl.sign.keyPair.fromSeed(new Uint8Array(k));
-	return (new Buffer(kp.publicKey));
+	return (Buffer.from(kp.publicKey));
 }
@@ -297,3 +298,3 @@
 	var kp = nacl.box.keyPair.fromSeed(new Uint8Array(k));
-	return (new Buffer(kp.publicKey));
+	return (Buffer.from(kp.publicKey));
 }
@@ -348,6 +349,6 @@
 	var pub = G.multiply(d);
-	pub = new Buffer(curve.encodePointHex(pub), 'hex');
+	pub = Buffer.from(curve.encodePointHex(pub), 'hex');
 
 	var parts = [];
-	parts.push({name: 'curve', data: new Buffer(curveName)});
+	parts.push({name: 'curve', data: Buffer.from(curveName)});
 	parts.push({name: 'Q', data: pub});
@@ -354,0 +355,0 @@

package.json

 {
   "name": "sshpk",
-  "version": "1.14.1",
+  "version": "1.14.2",
   "description": "A library for finding and using SSH public keys",
@@ -45,3 +45,4 @@ "main": "lib/index.js",
     "dashdash": "^1.12.0",
-    "getpass": "^0.1.1"
+    "getpass": "^0.1.1",
+    "safer-buffer": "^2.0.2"
   },
@@ -48,0 +49,0 @@ "optionalDependencies": {

No alert changes

Improved metrics

Total package byte prevSize

209067

increased by0.49%

Lines of code

5429

increased by0.2%

Worsened metrics

Dependency count

9

increased by12.5%

Dependency changes

• + Addedsafer-buffer@^2.0.2