{ "_args": [ [ { "raw": "tsscmp@1.0.5", "scope": null, "escapedName": "tsscmp", "name": "tsscmp", "rawSpec": "1.0.5", "spec": "1.0.5", "type": "version" }, "/Volumes/2009-SSD/GT2/GT2-iOS/node_modules/csrf" ] ], "_from": "tsscmp@1.0.5", "_id": "tsscmp@1.0.5", "_inCache": true, "_location": "/tsscmp", "_nodeVersion": "5.6.0", "_npmOperationalInternal": { "host": "packages-16-east.internal.npmjs.com", "tmp": "tmp/tsscmp-1.0.5.tgz_1464226502956_0.48576042777858675" }, "_npmUser": { "name": "suryagh", "email": "surya.com@gmail.com" }, "_npmVersion": "3.6.0", "_phantomChildren": {}, "_requested": { "raw": "tsscmp@1.0.5", "scope": null, "escapedName": "tsscmp", "name": "tsscmp", "rawSpec": "1.0.5", "spec": "1.0.5", "type": "version" }, "_requiredBy": [ "/csrf" ], "_resolved": "https://registry.npmjs.org/tsscmp/-/tsscmp-1.0.5.tgz", "_shasum": "7dc4a33af71581ab4337da91d85ca5427ebd9a97", "_shrinkwrap": null, "_spec": "tsscmp@1.0.5", "_where": "/Volumes/2009-SSD/GT2/GT2-iOS/node_modules/csrf", "author": { "name": "suryagh" }, "bugs": { "url": "https://github.com/suryagh/tsscmp/issues" }, "dependencies": {}, "description": "Timing safe string compare using double HMAC", "devDependencies": {}, "directories": {}, "dist": { "shasum": "7dc4a33af71581ab4337da91d85ca5427ebd9a97", "tarball": "https://registry.npmjs.org/tsscmp/-/tsscmp-1.0.5.tgz" }, "engines": { "node": ">=0.6.x" }, "gitHead": "095fb02b3e6102cbd1d2bdc9613e3da54e782f59", "homepage": "https://github.com/suryagh/tsscmp#readme", "keywords": [ "timing safe string compare", "double hmac string compare", "safe string compare", "hmac" ], "license": "MIT", "main": "lib/index.js", "maintainers": [ { "name": "suryagh", "email": "surya.com@gmail.com" } ], "name": "tsscmp", "optionalDependencies": {}, "publishConfig": { "registry": "https://registry.npmjs.org" }, "readme": "# Timing safe string compare using double HMAC\n\n[![Node.js Version](https://img.shields.io/node/v/tsscmp.svg?style=flat-square)](https://nodejs.org/en/download)\n[![npm](https://img.shields.io/npm/v/tsscmp.svg?style=flat-square)](https://npmjs.org/package/tsscmp)\n[![NPM Downloads](https://img.shields.io/npm/dm/tsscmp.svg?style=flat-square)](https://npmjs.org/package/tsscmp)\n[![Build Status](https://img.shields.io/travis/suryagh/tsscmp/master.svg?style=flat-square)](https://travis-ci.org/suryagh/tsscmp)\n[![Build Status](https://img.shields.io/appveyor/ci/suryagh/tsscmp/master.svg?style=flat-square&label=windows)](https://ci.appveyor.com/project/suryagh/tsscmp)\n[![Dependency Status](http://img.shields.io/david/suryagh/tsscmp.svg?style=flat-square)](https://david-dm.org/suryagh/tsscmp)\n[![npm-license](http://img.shields.io/npm/l/tsscmp.svg?style=flat-square)](LICENSE)\n\n\nPrevents [timing attacks](http://codahale.com/a-lesson-in-timing-attacks/) using Brad Hill's\n[Double HMAC pattern](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/february/double-hmac-verification/)\nto perform secure string comparison. Double HMAC avoids the timing atacks by blinding the\ntiming channel using random time per attempt comparison against iterative brute force attacks.\n\n\n## Install\n\n```\nnpm install tsscmp\n```\n## Why\nTo compare secret values like **authentication tokens**, **passwords** or\n**capability urls** so that timing information is not\nleaked to the attacker.\n\n## Example\n\n```js\nvar timingSafeCompare = require('tsscmp');\n\nvar sessionToken = '127e6fbfe24a750e72930c';\nvar givenToken = '127e6fbfe24a750e72930c';\n\nif (timingSafeCompare(sessionToken, givenToken)) {\n console.log('good token');\n} else {\n console.log('bad token');\n}\n```\n##License: \n[MIT](LICENSE)\n\n**Credits to:** [@jsha](https://github.com/jsha) |\n[@bnoordhuis](https://github.com/bnoordhuis) |\n[@suryagh](https://github.com/suryagh) |\n ", "readmeFilename": "README.md", "repository": { "type": "git", "url": "git+https://github.com/suryagh/tsscmp.git" }, "scripts": { "test": "node test/unit && node test/benchmark" }, "version": "1.0.5" }