npm

Need private packages and team management tools?Check out npm Orgs. »

scuffle

0.0.8 • Public • Published

scuffle

Prevent node.js timing attacks using a combination of Knuth Fisher-Yates shuffling and random sleep, where sleep time is defined in microseconds.

For example, when comparing a stored API key with the API key sent with a user request.

Install

$ npm install scuffle

Usage

const scuffle = require("scuffle");
 
scuffle.compare("Hello, World!", "Hello, World!");
//=> true
 
scuffle.compare([0, 1, 2, 3], [1, 2, 3, 4]);
//=> false
 
scuffle.compare("Short string", "A much longer string");
//=> false
 
// Can use an object to define the min and max number of random microseconds to add to a comparison
// default {minAddedTime: 0, maxAddedTime: 1e6}
scuffle.compare("Hello, World!", "Hello, World!", {minAddedTime: 200, maxAddedTime: 500});
//=> true
 
scuffle.compare(10, "I am a string");
//=> Uncaught TypeError: Can only compare strings and arrays. Found: number and string
//    at scuffle.compare (<anonymous>:104:11)

install

npm i scuffle

Downloadsweekly downloads

10

version

0.0.8

license

MIT

homepage

github.com

repository

Gitgithub

last publish

collaborators

  • avatar
Report a vulnerability