Gathering detailed insights and metrics for safe-compare
Gathering detailed insights and metrics for safe-compare
Installations
npm install safe-compareDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
4.4.5
NPM Version
2.15.5
Releases
7
Languages
1
JavaScript
JavaScript (100%)
Developer
Bruce17
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
27 Stars
70 Commits
4 Forks
3 Watchers
5 Branches
6 Contributors
Updated on Oct 07, 2024
Maintainers
1
Package Meta Information
Latest Version
1.1.4
Package Id
safe-compare@1.1.4
Size
3.78 kB
NPM Version
2.15.5
Node Version
4.4.5
Published on
Mar 01, 2019
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
safe-compare
Constant-time comparison algorithm to prevent Node.js timing attacks.
For more information about Node.js timing attacks, please visit https://snyk.io/blog/node-js-timing-attack-ccc-ctf/.
NOTICE:
If you are using Node.js v6.6.0 or higher, you can use crypto.timingSafeEqual(a, b) from the crypto module. Keep in mind that the method crypto.timingSafeEqual only accepts Buffers with the same length! This bundle will handle strings with different lengths for you.
Installation
$ npm install safe-compare --save
Usage
1var safeCompare = require('safe-compare'); 2 3safeCompare('hello world', 'hello world'); // -> true 4 5safeCompare('hello', 'not hello'); // -> false 6safeCompare('hello foo', 'hello bar'); // -> false
Note: runtime is always corresponding to the length of the first parameter.
Tests
$ npm test
What's the improvement of this package?
This Node.js module is a improvement of the two existing modules scmp and secure-compare. It uses the best parts of both implementations.
The implementation of scmp is a good base, but it has a shorter execution time if the string's length is not equal. The package secure-compare always compares the two input strings, but its implementation is not as clean as in scmp.
License
safe-compare is released under the MIT license.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
0 existing vulnerabilities detected
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 0 commits out of 18 are checked with a SAST tool
Reason
Found 3/18 approved changesets -- score normalized to 1
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/Bruce17/safe-compare/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/Bruce17/safe-compare/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/Bruce17/safe-compare/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/Bruce17/safe-compare/codeql-analysis.yml/master?enable=pin
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Score
4
/10
Last Scanned on 2025-07-14
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More