npmpackage.info

tsscmp

Timing safe string compare using double HMAC

1.0.6

MIT

JavaScript

Installations

npm install tsscmp

Score

100

Supply Chain

79.7

Quality

75.3

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

1

Total

14

Closed

2

Merged

11

Issues

Open

1

Total

6

Closed

5

Releases

Unable to fetch releases

Contributors

View all 7 contributors

Developer

suryagh

Developer Guide

BETA

Module System

CommonJS

Min. Node Version

>=0.6.x

Typescript Support

No

Node Version

10.3.0

NPM Version

6.1.0 Statistics

88 Stars

12 Commits

10 Forks

2 Watching

2 Branches

7 Contributors

Updated on 25 Nov 2024

Languages

JavaScript (100%)

Total Downloads

Cumulative downloads

Total Downloads

630,384,918

Last day

-26.7%

655,044

Compared to previous day

Last week

-6.5%

4,459,367

Compared to previous week

Last month

4.3%

19,513,875

Compared to previous month

Last year

23.9%

166,611,060

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Versions

Timing safe string compare using double HMAC

Prevents timing attacks using Brad Hill's Double HMAC pattern to perform secure string comparison. Double HMAC avoids the timing attacks by blinding the timing channel using random time per attempt comparison against iterative brute force attacks.

Install

npm install tsscmp

Why

To compare secret values like authentication tokens, passwords or capability urls so that timing information is not leaked to the attacker.

Example

1var timingSafeCompare = require('tsscmp');
2
3var sessionToken = '127e6fbfe24a750e72930c';
4var givenToken = '127e6fbfe24a750e72930c';
5
6if (timingSafeCompare(sessionToken, givenToken)) {
7  console.log('good token');
8} else {
9  console.log('bad token');
10}

License

MIT

Credits to: @jsha | @bnoordhuis | @suryagh |

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

10

License

Determines if the project has defined a license.

5

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Maintained

Determines if the project is "actively maintained".

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

SAST

Determines if the project uses static code analysis.

Score

3.7

/10

Last Scanned on 2024-11-18

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to tsscmp

@types/tsscmp

1.0.2

TypeScript definitions for tsscmp

tsscmp-js

1.0.2

Timing safe string compare using double HMA

xprezzo-basic-auth

1.1.3

xprezzo basic auth parser

datwd

0.2.0

Get all Node dependencies required by a subset of top-level dependencies