Gathering detailed insights and metrics for node-object-hash
Gathering detailed insights and metrics for node-object-hash
Node.js object hash library with properties/arrays sorting to provide constant hashes. It also provides a method that returns sorted object strings that can be used for object comparison without hashes.
Installations
npm install node-object-hashDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Min. Node Version
>=16
Node Version
22.12.0
NPM Version
10.9.0
Score
99.2
Supply Chain
100
Quality
77.9
Maintenance
100
Vulnerability
100
License
Releases
19
Languages
2
TypeScript
JavaScript
TypeScript (91.66%)
JavaScript (8.34%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
88 Stars
214 Commits
20 Forks
3 Watchers
3 Branches
11 Contributors
Updated on Jun 10, 2025
Maintainers
1
Package Meta Information
Latest Version
3.1.1
Package Id
node-object-hash@3.1.1
Unpacked Size
71.31 kB
Size
15.04 kB
File Count
19
NPM Version
10.9.0
Node Version
22.12.0
Published on
Dec 17, 2024
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
38
@jest/globals@semantic-release/changelog@semantic-release/commit-analyzer@semantic-release/exec@semantic-release/git@semantic-release/github@semantic-release/npm@semantic-release/release-notes-generator@trivago/prettier-plugin-sort-imports@tsconfig/node-lts@types/node@typescript-eslint/eslint-plugin@typescript-eslint/parserconventional-changelog-cliconventional-changelog-conventionalcommitseslinteslint-config-googleeslint-config-prettiereslint-import-resolver-typescripteslint-plugin-filenameseslint-plugin-importeslint-plugin-jesteslint-plugin-nodeeslint-plugin-prettiereslint-plugin-securityjestprettierprettier-plugin-packagejsonprettier-plugin-shprettier-plugin-sort-jsonpretty-quicksemantic-releasesemantic-release-mirror-versionts-jesttypedoctypedoc-plugin-markdowntypedoc-plugin-mdn-linkstypescript
node-object-hash
Tiny and fast node.js object hash library with properties/arrays sorting to provide constant hashes. It also provides a method that returns sorted object strings that can be used for object comparison without hashes. One of the fastest among other analogues (see benchmarks).
Hashes are built on top of node's crypto module. If you want to use it in browser it's recommented to use objectSorter only. It will provide you with unique string representation of your object. Afterwards you may use some hash library to reduce string size. Also you may use something like browserify-crypto or some kind of crypto functions polyfills.
ToC
- node-object-hash
What's new in v3.0.0
Disclaimer: No new features or changes that may break hashes from previous versions. There's no need to update unless you're starting project from scratch.
- Refactor and migration to typescript 5.
- Drop old node support.
- Removed typescript namespaces.
- Updated exported functions and object structure.
- Removed faker and old benchmarks.
- New CI and release automation.
What's new in v2.0.0
Breaking changes
- Library rewritten in typescript that could cause some side-effects, but it should not.
- With
coerce=falseSets will no longer generate the same hashes asArrays. In order to restore previous behavior setcoerce.set=true. - With
coerce=falseSymbols will generate hash based on symbol.toStringvalue. That's useful forSymbol.for('smth'). Ifcoerce.symbol=trueallSymbolss will have equal hashes. TLDR; If you use library withSets orSymbols withcoerce=falsein order to keep hashes the same as inv1.X.Xyou should use following constructor:
const hasher = require('node-object-hash')({coerce: {set: true, symbol: true}})
- Object sorter sources moved to
distdirectory. If you required it directly viarequire('node-object-hash/objectSorter')you should change it to require('node-object-hash/dist/objectSorter'). - Removed old
v0version from code. - Changed license to MIT.
New features
- New granular options. Now you can specify what types need to be sorted or coerced.
- Add new
trimoption. It can be used to remove unncecessary spaces instrings orfunctionbodies. - Library rewritten to typescript, so it may have better ts compatibility.
Installation
npm i node-object-hash -S
Features
- Supports object property sorting for constant hashes for objects with same properties, but different order.
- Supports ES6 Maps and Sets.
- Supports type coercion (see table below).
- Supports all hashes and encodings of crypto library.
- Supports large objects and arrays.
- Has granular options that allows to control what should be sorted or coerced.
- Very fast comparing to other libs (see Benchmarks section).
Type map
This map displays what types will have identical string representation (e.g. new Set([1, 2, 3]) and [1, 2, 3] will have equal string representations and hashes.
| Initial type | Mapped type |
|---|---|
| Array ([]) | array |
| ArrayObject (new Array()) | |
| Int8Array | |
| Uint8Array | |
| Uint8ClampedArray | |
| Int16Array | |
| Uint16Array | |
| Int32Array | |
| Uint32Array | |
| Float32Array | |
| Float64Array | |
| Buffer | |
| Set | |
| Map | array[array] |
| string ('') | string |
| String (new String()) | |
| boolean (true) | boolean |
| Boolean (new Boolean()) | |
| number (true) | number |
| Number (new Number()) | |
| Date | date |
| Symbol | symbol |
| undefined | undefined |
| null | null |
| function | function |
| Object ({}) | object |
| Object (new Object()) | |
| other | unknown |
Coercion map
| Initial "type" | Coerced type | Example |
|---|---|---|
| boolean | string | true -> 1 |
| number | string | '1' -> 1 |
| string | string | 'a' -> a |
| null | string (empty) | null -> |
| undefined | string (empty) | undefined -> |
Changes
See changelog For v2 changes see changelog-v2
Docs
Full API docs could be found in docs.
API overview
Constructor
1require('node-object-hash').hasher([options]);
Returns preconfigured object with API
Parameters:
options:object- object with hasher config optionsoptions.coerce:boolean|object- if true performs type coercion (default:true); e.g.hash(true) == hash('1') == hash(1),hash(false) == hash('0') == hash(0)options.sort:boolean|object- if true performs sorting on objects, arrays, etc. (default:true); in order to perform sorting onTypedArray(Buffer,Int8Array, etc.), specify it explicitly:typedArray: trueoptions.trim:boolean|object- if true performs trim of spaces and replaces space-like characters with single space (default:false);options.alg:string- sets default hash algorithm (default:'sha256'); can be overridden inhashmethod;options.enc:string- sets default hash encoding (default:'hex'); can be overridden inhashmethod;
API methods
hash(object[, options])
Returns hash string.
object:*object for calculating hash;options:objectobject with options;options.alg:string- hash algorithm (default:'sha256');options.enc:string- hash encoding (default:'hex');
sort(object)
Returns sorted string generated from object (can be used for object comparison)
object:*- object for sorting;
Hashing custom objects
In order to serialize and hash your custom objects you may provide .toHashableString() method for your object. It should return string that will be hashed. You may use objectSorter and pass notable fields to it in your .toHashableString method.
For typescript users you may add to your classes implements Hashable.
Requirements
version >=1.0.0
>=nodejs-0.10.0
version >=0.1.0 && <1.0.0
>=nodejs-6.0.0>=nodejs-4.0.0(requires to run node with--harmonyflag)
Examples
1var { hasher } = require('node-object-hash'); 2 3var hashSortCoerce = hasher({ sort: true, coerce: true }); 4// or 5// var hashSortCoerce = hasher(); 6// or 7// var hashSort = hasher({sort:true, coerce:false}); 8// or 9// var hashCoerce = hasher({sort:false, coerce:true}); 10 11var objects = { 12 a: { 13 a: [{ c: 2, a: 1, b: { a: 3, c: 2, b: 0 } }], 14 b: [1, 'a', {}, null], 15 }, 16 b: { 17 b: ['a', 1, {}, undefined], 18 a: [{ c: '2', b: { b: false, c: 2, a: '3' }, a: true }], 19 }, 20 c: ['4', true, 0, 2, 3], 21}; 22 23hashSortCoerce.hash(objects.a) === hashSortCoerce.hash(objects.b); 24// returns true 25 26hashSortCoerce.sort(object.c); 27// returns '[0,1,2,3,4]'
For more examples you can see tests or try it out online at runkit
Benchmarks
Bench data - array of 100000 complex objects
Usage
npm run benchto run custom benchmarknpm run benchmarkto run benchmark suitenpm run benchmark:hashto run hash benchmark suite
Results
| Hashing algorithm | Result hash bytes length | Performance (ops/sec) |
|---|---|---|
sha256 (default) | 64 | 1,599 +- 5.77% |
sha1 | 40 | 1,983 +- 1.50% |
sha224 | 56 | 1,701 +- 2.81% |
sha384 | 96 | 1,800 +- 0.81% |
sha512 | 128 | 1,847 +- 1.75% |
md4 | 32 | 1,971 +- 0.98% |
md5 | 32 | 1,691 +- 3.18% |
whirlpool | 128 | 1,487 +- 2.33% |
Custom benchmark (code)
| Library | Time (ms) | Memory (Mb) |
|---|---|---|
| node-object-hash-0.2.1 | 5813.575 | 34 |
| node-object-hash-1.0.X | 2805.581 | 27 |
| node-object-hash-1.1.X (node v7) | 2555.583 | 27 |
| node-object-hash-1.2.X (node v7) | 2390.752 | 28 |
| node-object-hash-2.X.X (node v12) | 1990.622 | 24 |
| object-hash-1.1.5 (node v7) | 28115.553 | 39 |
| object-hash-1.1.4 | 534528.254 | 41 |
| object-hash-1.1.3 | ERROR | Out of heap memory |
| hash-object-0.1.7 | 9219.826 | 42 |
Benchmark suite module (code)
| Library (node v12) | Perf (ops/s) |
|---|---|
| node-object-hash-2.0.0 | 2087 ±0.59% |
| object-hash-1.3.1 | 239 ±0.39% |
| hash-object-0.1.7 | 711 ±0.18% |
Links
- object-hash - Slow, useful for browsers because it not uses node's crypto library
- hash-object - no ES6 types support
License
MIT
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 5 commits out of 14 are checked with a SAST tool
Reason
Found 3/23 approved changesets -- score normalized to 1
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/SkeLLLa/node-object-hash/codeql.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/SkeLLLa/node-object-hash/codeql.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/SkeLLLa/node-object-hash/codeql.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/SkeLLLa/node-object-hash/codeql.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/SkeLLLa/node-object-hash/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/SkeLLLa/node-object-hash/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/SkeLLLa/node-object-hash/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/SkeLLLa/node-object-hash/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/SkeLLLa/node-object-hash/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/SkeLLLa/node-object-hash/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/SkeLLLa/node-object-hash/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/SkeLLLa/node-object-hash/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/SkeLLLa/node-object-hash/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/SkeLLLa/node-object-hash/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/SkeLLLa/node-object-hash/verify.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/SkeLLLa/node-object-hash/verify.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/verify.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/SkeLLLa/node-object-hash/verify.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/SkeLLLa/node-object-hash/verify.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/verify.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/SkeLLLa/node-object-hash/verify.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/verify.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/SkeLLLa/node-object-hash/verify.yml/master?enable=pin
- Info: 0 out of 13 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 7 third-party GitHubAction dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:16
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:17
- Warn: jobLevel 'packages' permission set to 'write': .github/workflows/release.yml:68
- Warn: jobLevel 'checks' permission set to 'write': .github/workflows/release.yml:69
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:64
- Warn: no topLevel permission defined: .github/workflows/codeql.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Warn: no topLevel permission defined: .github/workflows/verify.yml:1
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
11 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
- Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
- Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Score
3.3
/10
Last Scanned on 2025-06-23
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More