Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Generate random strings by pattern, including checksums and validation.
Some notes about this code:
Use npm:
npm install zen-id
The goal for this code is to be as flexible as possible. There are a number of different ways it can be used. Hopefully the "usage" section will be expanded in the future, but read the (short) code to learn more in the meantime.
var format = 'AAAaaacchhhcc';
var zen_id = require('zen-id').create(format);
var my_id = zen_id.generate(); // => 'HYKzbk7473e99'
var is_valid = zen_id.validate(my_id); // => true
The constructor and most of the fuctions accept a format string composed of characters from the following table:
Character | Range | Description |
---|---|---|
n | 0-9 | numeric |
h | 0-9a-f | hex |
a | a-z | lowercase a-z |
A | A-Z | uppercase A-Z |
x | 0-9a-z | numeric or lowercase a-z |
X | 0-9A-Za-z | numeric or a-z any case |
z | A-Za-z | a-z any case |
c | - | checksum character |
Any non-format character is repeated verbatim in the output.
The validate(id)
method can be used to check if a value
matches the format pattern. Can be useful comparing any pattern,
but possibly most useful with checksums. See following section.
Checksums are character values applied to certain output positions based on the random (pattern) input up to that point. Checksums are also valuable to detect input errors.
Checksums are not infallible, nor is this packages's caluation method so fixed that you could assume previously generated IDs would validate against the same format in the future. At least in the early stages, the calculation method is subject to change.
Checksums are best used to detect a situation where an apparently invalid code was entered based on the format, not as an ultimate test of whether the code was ever issued, or not.
zen-id is based on the npm package gen-id by @domudall which mostly worked great for me, but I wanted to make a few tweaks (mostly to add validation). When I delved into the code it didn't work for me stylistically so I decided to publish my own rendition of this functionality, rather than add in code I wrote and try to get a pull request accepted with possibly clashing coding styles. The name was chosen as a take on gen-id but also because it was what I consider one of my "zen" coding projects (something I do to either wind-up or wind-down mentally).
Free software under MIT License.
FAQs
generate random strings by pattern, including checksums and validation
We found that zen-id demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.