Prevents timing attacks using Brad Hill's Double HMAC pattern to perform secure string comparison. Double HMAC avoids the timing attacks by blinding the timing channel using random time per attempt comparison against iterative brute force attacks.
npm install tsscmp-js
To compare secret values like authentication tokens, passwords or capability urls so that timing information is not leaked to the attacker.
import { timingSafeCompare } from "tsscmp-js";
const sessionToken = "5439fd10-e3e0-4926-a239-e95658906718";
const givenToken = "5439fd10-e3e0-4926-a239-e95658906718";
const isValid = await timingSafeCompare(sessionToken, givenToken);
if (isValid) {
console.log("good token");
} else {
console.log("bad token");
}
Credits to: @suryagh