Your IP : 216.73.216.86
PK���������Z�\\Mae
���
�������benchmark/benchmark.jsnu���[������������'use strict'
const Benchmark = require('benchmark')
const scmp = require('../')
// `safe-buffer` in case `Buffer.from` in newer versions of node aren't available
const Buffer = require('safe-buffer').Buffer
const HASH1 = Buffer.from('e727d1464ae12436e899a726da5b2f11d8381b26', 'hex')
const HASH2 = Buffer.from('f727d1464ae12436e899a726da5b2f11d8381b26', 'hex')
const suite = new Benchmark.Suite()
suite.add('short-circuit compares', function () {
// eslint-disable-next-line no-unused-expressions
HASH1 === HASH2
})
.add('scmp compares', function () {
scmp(HASH1, HASH2)
})
.on('cycle', function (event) {
console.log(String(event.target))
})
.on('complete', function () {
console.log('Fastest is ' + this.filter('fastest').map('name'))
})
.run()
PK���������Z�\v�<�������������benchmark/crypto-check.jsnu���[������������'use strict'
const crypto = require('crypto')
const Benchmark = require('benchmark')
const scmpCompare = require('../lib/scmpCompare')
const compareFn = crypto.timingSafeEqual || scmpCompare
// `safe-buffer` in case `Buffer.from` in newer versions of node aren't available
const Buffer = require('safe-buffer').Buffer
const HASH1 = Buffer.from('e727d1464ae12436e899a726da5b2f11d8381b26', 'hex')
const HASH2 = Buffer.from('f727d1464ae12436e899a726da5b2f11d8381b26', 'hex')
const suite = new Benchmark.Suite()
suite.add('crypto check each fn call', function () {
if (crypto.timingSafeEqual) {
return crypto.timingSafeEqual(HASH1, HASH2)
}
return scmpCompare(HASH1, HASH2)
})
.add('crypto check once', function () {
return compareFn(HASH1, HASH2)
})
.on('cycle', function (event) {
console.log(String(event.target))
})
.on('complete', function () {
console.log('Fastest is ' + this.filter('fastest').map('name'))
})
.run()
PK���������Z�\� C�e���e�������package.jsonnu���[������������{
"_from": "scmp@^2.1.0",
"_id": "scmp@2.1.0",
"_inBundle": false,
"_integrity": "sha512-o/mRQGk9Rcer/jEEw/yw4mwo3EU/NvYvp577/Btqrym9Qy5/MdWGBqipbALgd2lrdWTJ5/gqDusxfnQBxOxT2Q==",
"_location": "/scmp",
"_phantomChildren": {},
"_requested": {
"type": "range",
"registry": true,
"raw": "scmp@^2.1.0",
"name": "scmp",
"escapedName": "scmp",
"rawSpec": "^2.1.0",
"saveSpec": null,
"fetchSpec": "^2.1.0"
},
"_requiredBy": [
"/twilio"
],
"_resolved": "https://registry.npmjs.org/scmp/-/scmp-2.1.0.tgz",
"_shasum": "37b8e197c425bdeb570ab91cc356b311a11f9c9a",
"_spec": "scmp@^2.1.0",
"_where": "C:\\xampp\\htdocs\\emeraltd\\node_modules\\twilio",
"author": {
"name": "Sean Lavine"
},
"bugs": {
"url": "https://github.com/freewil/scmp/issues"
},
"bundleDependencies": false,
"dependencies": {},
"deprecated": false,
"description": "safe, constant-time comparison of Buffers",
"devDependencies": {
"benchmark": "^2.1.4",
"mocha": "^6.2.0",
"safe-buffer": "^5.1.2",
"standard": "^14.3.1"
},
"homepage": "https://github.com/freewil/scmp#readme",
"keywords": [
"safe-compare",
"compare",
"time-equivalent-comparison",
"time equivalent",
"constant-time",
"constant time"
],
"license": "BSD-3-Clause",
"main": "index.js",
"name": "scmp",
"repository": {
"type": "git",
"url": "git://github.com/freewil/scmp.git"
},
"scripts": {
"posttest": "node benchmark/benchmark.js && node benchmark/crypto-check.js",
"pretest": "standard --verbose",
"test": "mocha"
},
"version": "2.1.0"
}
PK���������Z�\ �W#������������lib/scmpCompare.jsnu���[������������'use strict'
module.exports = function scmpCompare (a, b) {
const len = a.length
let result = 0
for (let i = 0; i < len; ++i) {
result |= a[i] ^ b[i]
}
return result === 0
}
PK���������Z�\�k;}4���4�������.travis.ymlnu���[������������language: node_js
node_js:
- "6"
- "8"
- "10"
PK���������Z�\'@��������������test/test.jsnu���[������������/* eslint-env mocha */
'use strict'
const assert = require('assert')
const scmp = require('../')
// use safe-buffer in case Buffer.from in newer versions of node aren't
// available
const Buffer = require('safe-buffer').Buffer
describe('scmp', function () {
it('should return true for identical strings', function () {
assert(scmp(Buffer.from('a', 'utf8'), Buffer.from('a', 'utf8')))
assert(scmp(Buffer.from('abc', 'utf8'), Buffer.from('abc', 'utf8')))
assert(scmp(Buffer.from('e727d1464ae12436e899a726da5b2f11d8381b26', 'hex'), Buffer.from('e727d1464ae12436e899a726da5b2f11d8381b26', 'hex')))
})
it('should return false for non-identical strings', function () {
assert(!scmp(Buffer.from('a', 'utf8'), Buffer.from('b', 'utf8')))
assert(!scmp(Buffer.from('abc', 'utf8'), Buffer.from('b', 'utf8')))
assert(!scmp(Buffer.from('e727d1464ae12436e899a726da5b2f11d8381b26', 'hex'), Buffer.from('e727e1b80e448a213b392049888111e1779a52db', 'hex')))
})
it('should throw errors for non-Buffers', function () {
assert.throws(scmp.bind(null, 'a', {}))
assert.throws(scmp.bind(null, {}, 'b'))
assert.throws(scmp.bind(null, 1, 2))
assert.throws(scmp.bind(null, undefined, 2))
assert.throws(scmp.bind(null, null, 2))
})
})
PK���������Z�\����������������LICENSEnu���[������������Copyright (c) 2014, Sean Lavine
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of the scmp project nor the
names of its contributors may be used to endorse or promote products
derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
PK���������Z�\ |:%������������index.jsnu���[������������'use strict'
const crypto = require('crypto')
const scmpCompare = require('./lib/scmpCompare')
/**
* Does a constant-time Buffer comparison by not short-circuiting
* on first sign of non-equivalency.
*
* @param {Buffer} a The first Buffer to be compared against the second
* @param {Buffer} b The second Buffer to be compared against the first
* @return {Boolean}
*/
module.exports = function scmp (a, b) {
// check that both inputs are buffers
if (!Buffer.isBuffer(a) || !Buffer.isBuffer(b)) {
throw new Error('Both scmp args must be Buffers')
}
// return early here if buffer lengths are not equal since timingSafeEqual
// will throw if buffer lengths are not equal
if (a.length !== b.length) {
return false
}
// use crypto.timingSafeEqual if available (since Node.js v6.6.0),
// otherwise use our own scmp-internal function.
if (crypto.timingSafeEqual) {
return crypto.timingSafeEqual(a, b)
}
return scmpCompare(a, b)
}
PK���������Z�\B�����������
���HISTORY.mdnu���[������������# History
## v2.1.0 (2019/12/26)
* code now uses `standard` as linter
* `var` has been replaced with `const` and `let`
* code now executed in strict mode
## v2.0.0 (2016/11/05)
* Buffers are now required to be passed as arguments. In 1.x,
the arguments were assumed to be strings, and were always run through
`String()`.
* Starting with Node.js v6.6.0, use `crypto.timingSafeEqual()` (if available).
PK���������Z�\u����������� ���README.mdnu���[������������# scmp
[![travis][travis-image]][travis-url]
[![npm][npm-image]][npm-url]
[![downloads][downloads-image]][downloads-url]
[travis-image]: https://travis-ci.org/freewil/scmp.svg?branch=master
[travis-url]: https://travis-ci.org/freewil/scmp
[npm-image]: https://img.shields.io/npm/v/scmp.svg?style=flat
[npm-url]: https://npmjs.org/package/scmp
[downloads-image]: https://img.shields.io/npm/dm/scmp.svg?style=flat
[downloads-url]: https://npmjs.org/package/scmp
Safe, constant-time comparison of Buffers.
## Install
```
npm install scmp
```
## Why?
To minimize vulnerability against [timing attacks](http://codahale.com/a-lesson-in-timing-attacks/).
## Example
```js
const scmp = require('scmp');
const Buffer = require('safe-buffer').Buffer;
const hash = Buffer.from('e727d1464ae12436e899a726da5b2f11d8381b26', 'hex');
const givenHash = Buffer.from('e727e1b80e448a213b392049888111e1779a52db', 'hex');
if (scmp(hash, givenHash)) {
console.log('good hash');
} else {
console.log('bad hash');
}
```
PK�����������Z�\\Mae
���
���������������������benchmark/benchmark.jsnu���[������������PK�����������Z�\v�<�����������������������S���benchmark/crypto-check.jsnu���[������������PK�����������Z�\� C�e���e�����������������]���package.jsonnu���[������������PK�����������Z�\ �W#�����������������������
��lib/scmpCompare.jsnu���[������������PK�����������Z�\�k;}4���4���������������������.travis.ymlnu���[������������PK�����������Z�\'@������������������������l���test/test.jsnu���[������������PK�����������Z�\������������������������������LICENSEnu���[������������PK�����������Z�\ |:%��������������������������index.jsnu���[������������PK�����������Z�\B�����������
�����������������HISTORY.mdnu���[������������PK�����������Z�\u����������� �������������� ��README.mdnu���[������������PK������
�
������$����