Mike/FrenoCorp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Auto-commit 2026-04-29 16:31

Browse Source
This commit is contained in:
Michael Freno
2026-04-29 16:31:27 -04:00
parent e8687bb6b2
commit 0495ee5bd2
19691 changed files with 3272886 additions and 138 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
node_modules/scmp/.travis.yml generated vendored Normal file
View File

@@ -0,0 +1,5 @@
language: node_js
node_js:
- "6"
- "8"
- "10"

12
node_modules/scmp/HISTORY.md generated vendored Normal file
View File

@@ -0,0 +1,12 @@
# History
## v2.1.0 (2019/12/26)
* code now uses `standard` as linter
* `var` has been replaced with `const` and `let`
* code now executed in strict mode
## v2.0.0 (2016/11/05)
* Buffers are now required to be passed as arguments. In 1.x,
the arguments were assumed to be strings, and were always run through
`String()`.
* Starting with Node.js v6.6.0, use `crypto.timingSafeEqual()` (if available).

24
node_modules/scmp/LICENSE generated vendored Normal file
View File

@@ -0,0 +1,24 @@
Copyright (c) 2014, Sean Lavine
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of the scmp project nor the
names of its contributors may be used to endorse or promote products
derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

42
node_modules/scmp/README.md generated vendored Normal file
View File

@@ -0,0 +1,42 @@
# scmp
[![travis][travis-image]][travis-url]
[![npm][npm-image]][npm-url]
[![downloads][downloads-image]][downloads-url]
[travis-image]: https://travis-ci.org/freewil/scmp.svg?branch=master
[travis-url]: https://travis-ci.org/freewil/scmp
[npm-image]: https://img.shields.io/npm/v/scmp.svg?style=flat
[npm-url]: https://npmjs.org/package/scmp
[downloads-image]: https://img.shields.io/npm/dm/scmp.svg?style=flat
[downloads-url]: https://npmjs.org/package/scmp
Safe, constant-time comparison of Buffers.
## Install
```
npm install scmp
```
## Why?
To minimize vulnerability against [timing attacks](http://codahale.com/a-lesson-in-timing-attacks/).
## Example
```js
const scmp = require('scmp');
const Buffer = require('safe-buffer').Buffer;
const hash = Buffer.from('e727d1464ae12436e899a726da5b2f11d8381b26', 'hex');
const givenHash = Buffer.from('e727e1b80e448a213b392049888111e1779a52db', 'hex');
if (scmp(hash, givenHash)) {
console.log('good hash');
} else {
console.log('bad hash');
}
```

26
node_modules/scmp/benchmark/benchmark.js generated vendored Normal file
View File

@@ -0,0 +1,26 @@
'use strict'
const Benchmark = require('benchmark')
const scmp = require('../')
// `safe-buffer` in case `Buffer.from` in newer versions of node aren't available
const Buffer = require('safe-buffer').Buffer
const HASH1 = Buffer.from('e727d1464ae12436e899a726da5b2f11d8381b26', 'hex')
const HASH2 = Buffer.from('f727d1464ae12436e899a726da5b2f11d8381b26', 'hex')
const suite = new Benchmark.Suite()
suite.add('short-circuit compares', function () {
// eslint-disable-next-line no-unused-expressions
HASH1 === HASH2
})
.add('scmp compares', function () {
scmp(HASH1, HASH2)
})
.on('cycle', function (event) {
console.log(String(event.target))
})
.on('complete', function () {
console.log('Fastest is ' + this.filter('fastest').map('name'))
})
.run()

31
node_modules/scmp/benchmark/crypto-check.js generated vendored Normal file
View File

@@ -0,0 +1,31 @@
'use strict'
const crypto = require('crypto')
const Benchmark = require('benchmark')
const scmpCompare = require('../lib/scmpCompare')
const compareFn = crypto.timingSafeEqual || scmpCompare
// `safe-buffer` in case `Buffer.from` in newer versions of node aren't available
const Buffer = require('safe-buffer').Buffer
const HASH1 = Buffer.from('e727d1464ae12436e899a726da5b2f11d8381b26', 'hex')
const HASH2 = Buffer.from('f727d1464ae12436e899a726da5b2f11d8381b26', 'hex')
const suite = new Benchmark.Suite()
suite.add('crypto check each fn call', function () {
if (crypto.timingSafeEqual) {
return crypto.timingSafeEqual(HASH1, HASH2)
}
return scmpCompare(HASH1, HASH2)
})
.add('crypto check once', function () {
return compareFn(HASH1, HASH2)
})
.on('cycle', function (event) {
console.log(String(event.target))
})
.on('complete', function () {
console.log('Fastest is ' + this.filter('fastest').map('name'))
})
.run()

33
node_modules/scmp/index.js generated vendored Normal file
View File

@@ -0,0 +1,33 @@
'use strict'
const crypto = require('crypto')
const scmpCompare = require('./lib/scmpCompare')
/**
* Does a constant-time Buffer comparison by not short-circuiting
* on first sign of non-equivalency.
*
* @param {Buffer} a The first Buffer to be compared against the second
* @param {Buffer} b The second Buffer to be compared against the first
* @return {Boolean}
*/
module.exports = function scmp (a, b) {
// check that both inputs are buffers
if (!Buffer.isBuffer(a) || !Buffer.isBuffer(b)) {
throw new Error('Both scmp args must be Buffers')
}
// return early here if buffer lengths are not equal since timingSafeEqual
// will throw if buffer lengths are not equal
if (a.length !== b.length) {
return false
}
// use crypto.timingSafeEqual if available (since Node.js v6.6.0),
// otherwise use our own scmp-internal function.
if (crypto.timingSafeEqual) {
return crypto.timingSafeEqual(a, b)
}
return scmpCompare(a, b)
}

10
node_modules/scmp/lib/scmpCompare.js generated vendored Normal file
View File

@@ -0,0 +1,10 @@
'use strict'
module.exports = function scmpCompare (a, b) {
const len = a.length
let result = 0
for (let i = 0; i < len; ++i) {
result |= a[i] ^ b[i]
}
return result === 0
}

33
node_modules/scmp/package.json generated vendored Normal file
View File

@@ -0,0 +1,33 @@
{
"name": "scmp",
"version": "2.1.0",
"description": "safe, constant-time comparison of Buffers",
"main": "index.js",
"scripts": {
"pretest": "standard --verbose",
"test": "mocha",
"posttest": "node benchmark/benchmark.js && node benchmark/crypto-check.js"
},
"repository": {
"type": "git",
"url": "git://github.com/freewil/scmp.git"
},
"keywords": [
"safe-compare",
"compare",
"time-equivalent-comparison",
"time equivalent",
"constant-time",
"constant time"
],
"author": "Sean Lavine",
"license": "BSD-3-Clause",
"readmeFilename": "README.md",
"devDependencies": {
"benchmark": "^2.1.4",
"mocha": "^6.2.0",
"safe-buffer": "^5.1.2",
"standard": "^14.3.1"
},
"dependencies": {}
}

31
node_modules/scmp/test/test.js generated vendored Normal file
View File

@@ -0,0 +1,31 @@
/* eslint-env mocha */
'use strict'
const assert = require('assert')
const scmp = require('../')
// use safe-buffer in case Buffer.from in newer versions of node aren't
// available
const Buffer = require('safe-buffer').Buffer
describe('scmp', function () {
it('should return true for identical strings', function () {
assert(scmp(Buffer.from('a', 'utf8'), Buffer.from('a', 'utf8')))
assert(scmp(Buffer.from('abc', 'utf8'), Buffer.from('abc', 'utf8')))
assert(scmp(Buffer.from('e727d1464ae12436e899a726da5b2f11d8381b26', 'hex'), Buffer.from('e727d1464ae12436e899a726da5b2f11d8381b26', 'hex')))
})
it('should return false for non-identical strings', function () {
assert(!scmp(Buffer.from('a', 'utf8'), Buffer.from('b', 'utf8')))
assert(!scmp(Buffer.from('abc', 'utf8'), Buffer.from('b', 'utf8')))
assert(!scmp(Buffer.from('e727d1464ae12436e899a726da5b2f11d8381b26', 'hex'), Buffer.from('e727e1b80e448a213b392049888111e1779a52db', 'hex')))
})
it('should throw errors for non-Buffers', function () {
assert.throws(scmp.bind(null, 'a', {}))
assert.throws(scmp.bind(null, {}, 'b'))
assert.throws(scmp.bind(null, 1, 2))
assert.throws(scmp.bind(null, undefined, 2))
assert.throws(scmp.bind(null, null, 2))
})
})