JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 2281391
  • Score
    100M100P100Q192355F
  • License BSD-3-Clause

safe, constant-time string-comparison

Package Exports

  • scmp

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (scmp) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

scmp

travis npm downloads

Safe, constant-time comparison of strings.

NOTE: If you're using Node.js, since v6.6.0, you should use crypto.timingSafeEqual(a, b)

Install

npm install scmp

Why?

To minimize vulnerability against timing attacks.

Example

const scmp = require('scmp');

const hash      = 'e727d1464ae12436e899a726da5b2f11d8381b26';
const givenHash = 'e727e1b80e448a213b392049888111e1779a52db';

if (scmp(hash, givenHash)) {
  console.log('good hash');
} else {
  console.log('bad hash');
}