Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
The uid-safe npm package is used to generate cryptographically secure, URL-safe unique identifiers. It is commonly used in web development for creating unique session IDs, tokens, and other random identifiers that need to be safe to use in URLs without additional encoding.
Generating URL-safe unique identifiers
This feature allows the generation of URL-safe unique identifiers of a specified length. The code sample demonstrates how to generate an 18-byte unique identifier using the uid-safe package.
const uidSafe = require('uid-safe');
uidSafe(18).then(function(uid) {
console.log(uid);
});
The uuid package is used to create RFC-compliant UUIDs. It offers various versions of UUIDs (v1, v3, v4, v5) and can be used for similar purposes as uid-safe. However, uid-safe focuses on generating URL-safe strings, which is not the primary goal of uuid.
NanoID is a tiny, secure, URL-friendly, unique string ID generator. It is similar to uid-safe in that it generates URL-safe identifiers, but it offers a different API and customizable alphabet, which allows for a wider range of possible IDs.
Shortid is a package that generates short, non-sequential, URL-friendly unique ids. It is similar to uid-safe but is no longer recommended for use in new projects according to its own documentation, due to the limited number of unique IDs it can generate and the lack of maintenance.
URL and cookie safe UIDs
Create cryptographically secure UIDs safe for both cookie and URL usage.
This is in contrast to modules such as rand-token
and uid2 whose UIDs are actually skewed
due to the use of %
and unnecessarily truncate the UID.
Use this if you could still use UIDs with -
and _
in them.
$ npm install uid-safe
var uid = require('uid-safe')
Asynchronously create a UID with a specific byte length. Because base64
encoding is used underneath, this is not the string length. For example,
to create a UID of length 24, you want a byte length of 18.
uid(18, function (err, string) {
if (err) throw err
// do something with the string
})
Asynchronously create a UID with a specific byte length and return a
Promise
.
Note: To use promises in Node.js prior to 0.12, promises must be
"polyfilled" using global.Promise = require('bluebird')
.
uid(18).then(function (string) {
// do something with the string
})
A synchronous version of above.
var string = uid.sync(18)
FAQs
URL and cookie safe UIDs
We found that uid-safe demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.