Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
webcrypto-core
Advanced tools
Common layer to be used by crypto libraries based on WebCrypto API for input validation.
The webcrypto-core package is a JavaScript implementation of the Web Cryptography API specification. It provides a common interface for cryptographic operations such as hashing, signing, encryption, decryption, and key generation. This package is designed to be extensible, allowing for the addition of new cryptographic algorithms and their parameters.
Hashing
This feature allows for the hashing of data using various algorithms. The code sample demonstrates how to hash a message using the SHA-256 algorithm.
const { Sha256 } = require('webcrypto-core');
let sha256 = new Sha256();
sha256.digest({name: 'SHA-256'}, Buffer.from('message')).then(digest => {
console.log(digest);
});
Encryption/Decryption
This feature enables encryption and decryption of data. The code sample shows how to encrypt data using the AES-GCM algorithm.
const { AesGcm } = require('webcrypto-core');
let aesGcm = new AesGcm();
aesGcm.encrypt({name: 'AES-GCM', iv: Buffer.from(iv)}, key, Buffer.from(data)).then(encrypted => {
console.log(encrypted);
});
Signing/Verification
This feature is used for signing data and verifying signatures. The code sample illustrates how to sign data using the RSA-PSS algorithm.
const { RsaPss } = require('webcrypto-core');
let rsaPss = new RsaPss();
rsaPss.sign({name: 'RSA-PSS', saltLength: 32}, privateKey, Buffer.from(data)).then(signature => {
console.log(signature);
});
This package is an implementation of the Web Cryptography API based on OpenSSL. It provides similar functionalities to webcrypto-core but is specifically designed for Node.js environments and leverages OpenSSL for cryptographic operations.
A reimplementation of Node's 'crypto' module for the browser. While webcrypto-core focuses on providing a common interface for cryptographic operations, crypto-browserify aims to mimic Node.js's crypto module, making it easier for developers to write code that works both in Node.js and in the browser.
We have created a number of WebCrypto polyfills including: node-webcrypto-ossl, node-webcrypto-p11, and webcrypto-liner. webcrypto-core
was designed to be a common layer to be used by all of these libraries for input validation.
Unless you intend to create a WebCrypto polyfill this library is probably not useful to you.
Install all dependencies
npm install
NOTE:
npm install
command downloads and installs modules to local folder. You can install all dependencies globally
typescript
npm install typescript --global
rollup
npm install rollup --global
mocha
npm install mocha --global
Single line command for all modules
npm install typescript rollup mocha --global
Compile the source code using the following command:
npm run build
NOTE: Command creates
webcrypto-core.js
andwebcrypto-core.min.js
files inbuild
folder
Compile the source code with declaration using the next command:
tsc --declaration
npm test
Files | Size |
---|---|
webcrypto-core.js | 59Kb |
webcrypto-core.min.js | 25Kb |
FAQs
Common layer to be used by crypto libraries based on WebCrypto API for input validation.
We found that webcrypto-core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.