Node.js object hash library with properties/arrays sorting to provide constant hashes. It also provides a method that returns sorted object strings that can be used for object comparison without hashes.

Overview

node-object-hash

logo

Tiny and fast node.js object hash library with properties/arrays sorting to provide constant hashes. It also provides a method that returns sorted object strings that can be used for object comparison without hashes. One of the fastest among other analogues (see benchmarks).

Hashes are built on top of node's crypto module. If you want to use it in browser it's recommented to use objectSorter only. It will provide you with unique string representation of your object. Afterwards you may use some hash library to reduce string size. Also you may use something like browserify-crypto or some kind of crypto functions polyfills.

Node NPM Version Downloads Count Vunerabilities Count Npms.io Score Build Status License Codecov Coverage LGTM Alerts LGTM Grade


ToC

What's new in v2.0.0

Breaking changes

  • Library rewritten in typescript that could cause some side-effects, but it should not.
  • With coerce=false Sets will no longer generate the same hashes as Arrays. In order to restore previous behavior set coerce.set=true.
  • With coerce=false Symbols will generate hash based on symbol .toString value. That's useful for Symbol.for('smth'). If coerce.symbol=true all Symbolss will have equal hashes. TLDR; If you use library with Sets or Symbols with coerce=false in order to keep hashes the same as in v1.X.X you should use following constructor:
const hasher = require('node-object-hash')({coerce: {set: true, symbol: true}})
  • Object sorter sources moved to dist directory. If you required it directly via require('node-object-hash/objectSorter') you should change it to require('node-object-hash/dist/objectSorter').
  • Removed old v0 version from code.
  • Changed license to MIT.

New features

  • New granular options. Now you can specify what types need to be sorted or coerced.
  • Add new trim option. It can be used to remove unncecessary spaces in strings or function bodies.
  • Library rewritten to typescript, so it may have better ts compatibility.

Installation

npm i node-object-hash -S

Features

  • Supports object property sorting for constant hashes for objects with same properties, but different order.
  • Supports ES6 Maps and Sets.
  • Supports type coercion (see table below).
  • Supports all hashes and encodings of crypto library.
  • Supports large objects and arrays.
  • Has granular options that allows to control what should be sorted or coerced.
  • Very fast comparing to other libs (see Benchmarks section).

Type map

This map displays what types will have identical string representation (e.g. new Set([1, 2, 3]) and [1, 2, 3] will have equal string representations and hashes.

Initial type Mapped type
Array ([]) array
ArrayObject (new Array())
Int8Array
Uint8Array
Uint8ClampedArray
Int16Array
Uint16Array
Int32Array
Uint32Array
Float32Array
Float64Array
Buffer
Set
Map array[array]
string ('') string
String (new String())
boolean (true) boolean
Boolean (new Boolean())
number (true) number
Number (new Number())
Date date
Symbol symbol
undefined undefined
null null
function function
Object ({}) object
Object (new Object())
other unknown

Coercion map

Initial "type" Coerced type Example
boolean string true -> 1
number string '1' -> 1
string string 'a' -> a
null string (empty) null ->
undefined string (empty) undefined ->

Changes

See changelog

Docs

Full API docs could be found in docs.

API overview

Constructor

require('node-object-hash')([options]);

Returns preconfigured object with API

Parameters:

  • options:object - object with hasher config options
  • options.coerce:boolean|object - if true performs type coercion (default: true); e.g. hash(true) == hash('1') == hash(1), hash(false) == hash('0') == hash(0)
  • options.sort:boolean|object - if true performs sorting on objects, arrays, etc. (default: true); in order to perform sorting on TypedArray (Buffer, Int8Array, etc.), specify it explicitly: typedArray: true
  • options.trim:boolean|object - if true performs trim of spaces and replaces space-like characters with single space (default: false);
  • options.alg:string - sets default hash algorithm (default: 'sha256'); can be overridden in hash method;
  • options.enc:string - sets default hash encoding (default: 'hex'); can be overridden in hash method;

API methods

hash(object[, options])

Returns hash string.

  • object:* object for calculating hash;
  • options:object object with options;
  • options.alg:string - hash algorithm (default: 'sha256');
  • options.enc:string - hash encoding (default: 'hex');

sort(object)

Returns sorted string generated from object (can be used for object comparison)

  • object:* - object for sorting;

Hashing custom objects

In order to serialize and hash your custom objects you may provide .toHashableString() method for your object. It should return string that will be hashed. You may use objectSorter and pass notable fields to it in your .toHashableString method.

For typescript users you may add to your classes implements Hashable.

Requirements

version >=1.0.0

  • >=nodejs-0.10.0

version >=0.1.0 && <1.0.0

  • >=nodejs-6.0.0
  • >=nodejs-4.0.0 (requires to run node with --harmony flag)

Examples

var hasher = require('node-object-hash');

var hashSortCoerce = hasher({ sort: true, coerce: true });
// or
// var hashSortCoerce = hasher();
// or
// var hashSort = hasher({sort:true, coerce:false});
// or
// var hashCoerce = hasher({sort:false, coerce:true});

var objects = {
  a: {
    a: [{ c: 2, a: 1, b: { a: 3, c: 2, b: 0 } }],
    b: [1, 'a', {}, null],
  },
  b: {
    b: ['a', 1, {}, undefined],
    a: [{ c: '2', b: { b: false, c: 2, a: '3' }, a: true }],
  },
  c: ['4', true, 0, 2, 3],
};

hashSortCoerce.hash(objects.a) === hashSortCoerce.hash(objects.b);
// returns true

hashSortCoerce.sort(object.c);
// returns '[0,1,2,3,4]'

For more examples you can see tests or try it out online at runkit

Benchmarks

Bench data - array of 100000 complex objects

Usage

  • npm run bench to run custom benchmark
  • npm run benchmark to run benchmark suite
  • npm run benchmark:hash to run hash benchmark suite

Results

Hashing algorithm Result hash bytes length Performance (ops/sec)
sha256 (default) 64 1,599 +- 5.77%
sha1 40 1,983 +- 1.50%
sha224 56 1,701 +- 2.81%
sha384 96 1,800 +- 0.81%
sha512 128 1,847 +- 1.75%
md4 32 1,971 +- 0.98%
md5 32 1,691 +- 3.18%
whirlpool 128 1,487 +- 2.33%

Custom benchmark (code)

Library Time (ms) Memory (Mb)
node-object-hash-0.2.1 5813.575 34
node-object-hash-1.0.X 2805.581 27
node-object-hash-1.1.X (node v7) 2555.583 27
node-object-hash-1.2.X (node v7) 2390.752 28
node-object-hash-2.X.X (node v12) 1990.622 24
object-hash-1.1.5 (node v7) 28115.553 39
object-hash-1.1.4 534528.254 41
object-hash-1.1.3 ERROR Out of heap memory
hash-object-0.1.7 9219.826 42

Benchmark suite module (code)

Library (node v12) Perf (ops/s)
node-object-hash-2.0.0 2087 ±0.59%
object-hash-1.3.1 239 ±0.39%
hash-object-0.1.7 711 ±0.18%

Links

  • object-hash - Slow, useful for browsers because it not uses node's crypto library
  • hash-object - no ES6 types support

License

MIT

Comments
  • Support for node 4.3

    Support for node 4.3

    This lib seems great! It's exactly what I need as well Is there a chance to have it compatible with node 4.3? What part of it is dependent on node 6.x?

    opened by OpherV 9
  • disable sorting of arrays

    disable sorting of arrays

    I'd like to be able to disable the sorting of arrays, so that hash([1,2] != hash([2,1]), while keeping all other "object" types sorted. Is this currently possible?

    opened by adrian-gierakowski 6
  • Usage

    Usage

    I am sorry if this comes off as a dumb question but what are some of examples of what you could use this library to do? I have entertained the idea of hashing my objects into a history tree, similar to git and things like that. I was curious what others actually use this for.

    opened by mrjjwright 3
  • Library fails with ES6 classes

    Library fails with ES6 classes

    Hi,

    Let's suppose that I have following ES6 class:

    class ClassA {
      constructor(public propertyA: string) { 
        this.propertyA = propertyA;
      }
    }
    

    obj.constructor.name returns 'ClassA' and __guessObjectType() returns 'unknown'

    As a result, all different objects of type ClassA return same hash!

    I am not sure how to handle this case, naively I would also return 'object' in default handling of switch in guessObjectType()

    opened by miatidis-storfund 3
  • Hash of objects with custom prototype (created via constructor)

    Hash of objects with custom prototype (created via constructor)

    I've tried your module to calculate hash of objects are created via constructor. Although two objects have different property values they hashes are equal. Here is an example:

    const assert = require('assert')
    const hasher = require('node-object-hash')().hash
    
    class Test {
    	constructor(id) {
    		this.id = id
    	}
    }
    
    const t1 = new Test(1)
    const t2 = new Test(2)
    const h1 = hasher(t1)
    const h2 = hasher(t2)
    
    assert.notEqual(h1, h2)
    
    opened by DmitriyBerezin 3
  • Support for BigInt type

    Support for BigInt type

    Hashing fails when there is BigInt type.

    > const Hasher = require('node-object-hash')
    > const hasher = Hasher()
    > hasher.hash(1)
    '6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b'
    > hasher.hash(1n)
    Uncaught TypeError: stringifiers[typeGuess_1.guessType(...)] is not a function
        at objectToString (***/node_modules/node-object-hash/dist/objectSorter.js:135:56)
        at Object.hashObject [as hash] (***/node_modules/node-object-hash/dist/hasher.js:33:22)
    
    
    enhancement 
    opened by ichi404gh 2
  • sort ... sometimes?

    sort ... sometimes?

    I would like to hash my arrays hashed depending on their order, but objects and sets are unordered, so want them sorted before hash. Yet currently "sort" is a global option....

    Possible solutions:

    1. On initialization, "sortFilter" option that takes a predicate which should return true if given object should be sorted before hash.
    2. per-hash, pass "sort" option, which could be explicitly true or false to override global, or not-present/null to accept default.

    EDIT -- In fact, if (2) is to be viable, it should take "sortFilter" as well, so that subobjects can be taken care of properly.

    opened by shaunc 2
  • build(deps): bump path-parse from 1.0.6 to 1.0.7

    build(deps): bump path-parse from 1.0.6 to 1.0.7

    Bumps path-parse from 1.0.6 to 1.0.7.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • build(deps): bump glob-parent from 5.1.1 to 5.1.2

    build(deps): bump glob-parent from 5.1.1 to 5.1.2

    Bumps glob-parent from 5.1.1 to 5.1.2.

    Release notes

    Sourced from glob-parent's releases.

    v5.1.2

    Bug Fixes

    Changelog

    Sourced from glob-parent's changelog.

    5.1.2 (2021-03-06)

    Bug Fixes

    6.0.0 (2021-05-03)

    ⚠ BREAKING CHANGES

    • Correct mishandled escaped path separators (#34)
    • upgrade scaffold, dropping node <10 support

    Bug Fixes

    • Correct mishandled escaped path separators (#34) (32f6d52), closes #32

    Miscellaneous Chores

    • upgrade scaffold, dropping node <10 support (e83d0c5)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • build(deps): bump ws from 7.4.2 to 7.4.6

    build(deps): bump ws from 7.4.2 to 7.4.6

    Bumps ws from 7.4.2 to 7.4.6.

    Release notes

    Sourced from ws's releases.

    7.4.6

    Bug fixes

    • Fixed a ReDoS vulnerability (00c425ec).

    A specially crafted value of the Sec-Websocket-Protocol header could be used to significantly slow down a ws server.

    for (const length of [1000, 2000, 4000, 8000, 16000, 32000]) {
      const value = 'b' + ' '.repeat(length) + 'x';
      const start = process.hrtime.bigint();
    

    value.trim().split(/ *, */);

    const end = process.hrtime.bigint();

    console.log('length = %d, time = %f ns', length, end - start); }

    The vulnerability was responsibly disclosed along with a fix in private by Robert McLaughlin from University of California, Santa Barbara.

    In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the --max-http-header-size=size and/or the maxHeaderSize options.

    7.4.5

    Bug fixes

    • UTF-8 validation is now done even if utf-8-validate is not installed (23ba6b29).
    • Fixed an edge case where websocket.close() and websocket.terminate() did not close the connection (67e25ff5).

    7.4.4

    Bug fixes

    • Fixed a bug that could cause the process to crash when using the permessage-deflate extension (92774377).

    7.4.3

    Bug fixes

    • The deflate/inflate stream is now reset instead of reinitialized when context takeover is disabled (#1840).
    Commits
    • f5297f7 [dist] 7.4.6
    • 00c425e [security] Fix ReDoS vulnerability
    • 990306d [lint] Fix prettier error
    • 32e3a84 [security] Remove reference to Node Security Project
    • 8c914d1 [minor] Fix nits
    • fc7e27d [ci] Test on node 16
    • 587c201 [ci] Do not test on node 15
    • f672710 [dist] 7.4.5
    • 67e25ff [fix] Fix case where abortHandshake() does not close the connection
    • 23ba6b2 [fix] Make UTF-8 validation work even if utf-8-validate is not installed
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • build(deps): bump hosted-git-info from 2.8.8 to 2.8.9

    build(deps): bump hosted-git-info from 2.8.8 to 2.8.9

    Bumps hosted-git-info from 2.8.8 to 2.8.9.

    Changelog

    Sourced from hosted-git-info's changelog.

    2.8.9 (2021-04-07)

    Bug Fixes

    Commits
    Maintainer changes

    This version was pushed to npm by nlf, a new releaser for hosted-git-info since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Add CodeQL workflow for GitHub code scanning

    Add CodeQL workflow for GitHub code scanning

    Hi SkeLLLa/node-object-hash!

    This is a one-off automatically generated pull request from LGTM.com :robot:. You might have heard that we’ve integrated LGTM’s underlying CodeQL analysis engine natively into GitHub. The result is GitHub code scanning!

    With LGTM fully integrated into code scanning, we are focused on improving CodeQL within the native GitHub code scanning experience. In order to take advantage of current and future improvements to our analysis capabilities, we suggest you enable code scanning on your repository. Please take a look at our blog post for more information.

    This pull request enables code scanning by adding an auto-generated codeql.yml workflow file for GitHub Actions to your repository — take a look! We tested it before opening this pull request, so all should be working :heavy_check_mark:. In fact, you might already have seen some alerts appear on this pull request!

    Where needed and if possible, we’ve adjusted the configuration to the needs of your particular repository. But of course, you should feel free to tweak it further! Check this page for detailed documentation.

    Questions? Check out the FAQ below!

    FAQ

    Click here to expand the FAQ section

    How often will the code scanning analysis run?

    By default, code scanning will trigger a scan with the CodeQL engine on the following events:

    • On every pull request — to flag up potential security problems for you to investigate before merging a PR.
    • On every push to your default branch and other protected branches — this keeps the analysis results on your repository’s Security tab up to date.
    • Once a week at a fixed time — to make sure you benefit from the latest updated security analysis even when no code was committed or PRs were opened.

    What will this cost?

    Nothing! The CodeQL engine will run inside GitHub Actions, making use of your unlimited free compute minutes for public repositories.

    What types of problems does CodeQL find?

    The CodeQL engine that powers GitHub code scanning is the exact same engine that powers LGTM.com. The exact set of rules has been tweaked slightly, but you should see almost exactly the same types of alerts as you were used to on LGTM.com: we’ve enabled the security-and-quality query suite for you.

    How do I upgrade my CodeQL engine?

    No need! New versions of the CodeQL analysis are constantly deployed on GitHub.com; your repository will automatically benefit from the most recently released version.

    The analysis doesn’t seem to be working

    If you get an error in GitHub Actions that indicates that CodeQL wasn’t able to analyze your code, please follow the instructions here to debug the analysis.

    How do I disable LGTM.com?

    If you have LGTM’s automatic pull request analysis enabled, then you can follow these steps to disable the LGTM pull request analysis. You don’t actually need to remove your repository from LGTM.com; it will automatically be removed in the next few months as part of the deprecation of LGTM.com (more info here).

    Which source code hosting platforms does code scanning support?

    GitHub code scanning is deeply integrated within GitHub itself. If you’d like to scan source code that is hosted elsewhere, we suggest that you create a mirror of that code on GitHub.

    How do I know this PR is legitimate?

    This PR is filed by the official LGTM.com GitHub App, in line with the deprecation timeline that was announced on the official GitHub Blog. The proposed GitHub Action workflow uses the official open source GitHub CodeQL Action. If you have any other questions or concerns, please join the discussion here in the official GitHub community!

    I have another question / how do I get in touch?

    Please join the discussion here to ask further questions and send us suggestions!

    opened by lgtm-com[bot] 0
  • build(deps): bump trim-off-newlines from 1.0.1 to 1.0.3

    build(deps): bump trim-off-newlines from 1.0.1 to 1.0.3

    Bumps trim-off-newlines from 1.0.1 to 1.0.3.

    Commits
    • c3b28d3 1.0.3
    • 6226c95 Merge pull request #4 from Trott/fix-it-again
    • c77691d fix: remediate ReDOS further
    • 76ca93c chore: pin mocha to version that works with 0.10.x
    • 8cd3f73 1.0.2
    • fcbb73d Merge pull request #3 from Trott/patch-1
    • 6d89476 fix: update regular expression to remove ReDOS
    • 0cd87f5 chore: pin xo to latest version that works with current code
    • See full diff in compare view
    Maintainer changes

    This version was pushed to npm by trott, a new releaser for trim-off-newlines since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • build(deps): bump node-fetch from 2.6.2 to 2.6.7

    build(deps): bump node-fetch from 2.6.2 to 2.6.7

    Bumps node-fetch from 2.6.2 to 2.6.7.

    Release notes

    Sourced from node-fetch's releases.

    v2.6.7

    Security patch release

    Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

    What's Changed

    Full Changelog: https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7

    v2.6.6

    What's Changed

    Full Changelog: https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6

    Commits
    • 1ef4b56 backport of #1449 (#1453)
    • 8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (#1310)
    • f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (...
    • b5417ae fix: import whatwg-url in a way compatible with ESM Node (#1303)
    • 18193c5 fix v2.6.3 that did not sending query params (#1301)
    • ace7536 fix: properly encode url with unicode characters (#1291)
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • build(deps): bump ansi-regex from 5.0.0 to 5.0.1

    build(deps): bump ansi-regex from 5.0.0 to 5.0.1

    Bumps ansi-regex from 5.0.0 to 5.0.1.

    Release notes

    Sourced from ansi-regex's releases.

    v5.0.1

    Fixes (backport of 6.0.1 to v5)

    This is a backport of the minor ReDos vulnerability in [email protected]<6.0.1, as requested in #38.

    • Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

    CVE-2021-3807

    https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

    Thank you @​yetingli for the patch and reproduction case!

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • build(deps): bump minimist from 1.2.5 to 1.2.6

    build(deps): bump minimist from 1.2.5 to 1.2.6

    Bumps minimist from 1.2.5 to 1.2.6.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • What is the reason for default to sha256?

    What is the reason for default to sha256?

    sha256 is a cryptographic hash. The most likely use case for a library such as this is object fingerprinting. That doesn't require cryptographic safety. Something like https://github.com/Cyan4973/xxHash would likely be a lot better choice.

    opened by gajus 3
Releases(v2.3.10)
The Mineflayer bot component used for Hychat.

Hypixel Bot This component is a work in progress! This component is mostly a fork/migration of code from Hypixel Guild Chat Bot, and adapted to TypeSc

Hychat 3 Aug 2, 2022
Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions

Node Version Manager Table of Contents About Installing and Updating Install & Update Script Additional Notes Troubleshooting on Linux Troubleshooting

nvm.sh 62.8k Nov 24, 2022
Node.js Application Configuration

Configure your Node.js Applications release notes Introduction Node-config organizes hierarchical configurations for your app deployments. It lets you

Loren West 5.8k Nov 22, 2022
Run any command on specific Node.js versions

Run any command on specific Node.js versions. Unlike nvm exec it: can run multiple Node.js versions at once can be run programmatically is 5 times fas

ehmicky 595 Nov 23, 2022
simple metadata scrapper for node.js

meta-fetcher Simple metadata scrapper for node.js. Under the hood it uses isomorphic-unfetch to fetch the metadata, parses it and returns it as json o

Rocktim 137 Nov 6, 2022
Node.js CLI tool to visualize an aggregate list of your dependencies' licenses

licenseye Node.js CLI tool to visualize an aggregate list of your project's dependencies' licenses. Install Yarn yarn global add licenseye NPM npm ins

Liran Tal 35 Oct 28, 2022
Abstracts execution of tasks in parallel using Node.js cluster.

cluster-map Abstracts execution of tasks in parallel using Node.js cluster. It is a high level abstraction around a common pattern used to delegate a

Gajus Kuizinas 27 Jul 3, 2022
Clock and task scheduler for node.js applications, providing extensive control of time and callback scheduling in prod and test code

#zeit A node.js clock and scheduler, intended to take place of the global V8 object for manipulation of time and task scheduling which would be handle

David Denton 12 Dec 21, 2021
Pretty diff to html javascript library (diff2html)

diff2html diff2html generates pretty HTML diffs from git diff or unified diff output. Table of Contents Features Online Example Distributions Usage Di

Rodrigo Fernandes 2.3k Nov 23, 2022
Knwl.js is a Javascript library that parses through text for dates, times, phone numbers, emails, places, and more.

Knwl.js Knwl.js is a Javascript library that parses through text for dates, times, phone numbers, emails, places, and more. Project Future The future

Ben Moore 5.3k Nov 27, 2022
Get a quick hash that uses the well-liked Bernstein "times 33" hash method and delivers a hex string.

short-hash-ts -> Get a quick hash that uses the well-liked Bernstein "times 33" hash method and delivers a hex string. Installation Install short-hash

Younis Rahman 3 Sep 4, 2022
easier than regex string matching patterns for urls and other strings. turn strings into data or data into strings.

url-pattern easier than regex string matching patterns for urls and other strings. turn strings into data or data into strings. This is a great little

null 560 Nov 26, 2022
Fix for Object.keys, which normally just returns an array of strings, which is not good when you care about strong typing

Welcome to ts-object-keys ?? Fix for Object.keys, which normally just returns an array of strings, which is not good when you care about strong typing

Funtal Foundation 1 Jul 4, 2022
Input a list of Handshake top-level domains, outputs names sorted into 4 arrays: available, registered, reserved, or invalid.

name-check A simple NodeJS package that, given a flat list of top-level domain names, queries the Handshake (HNS) blockchain in order to classify each

Neel Yadav 2 Jan 8, 2022
Simple utils to pack arrays, objects and strings to a flat object (and back again).

packrup Simple utils to pack (and unpack) arrays and strings to a flat object. Status: In Development Please report any issues ?? Made possible by my

Harlan Wilton 13 Nov 3, 2022
Sorting visualizer to introduce students to different sorting algorithms, how they work, and how to apply them

sorting-visualizer Sorting visualizer to introduce students to different sorting algorithms, how they work, and how to apply them Iteration 1 Demo: ht

Aditya Malik 1 Nov 14, 2022
Sorting Arrays as simple as it gets.

Sort Sorting Arrays as simple as it gets. This module is published at: https://deno.land/x/sort. Simple Usage Example import { SortService, Direction

null 11 May 12, 2022
Lightweight (< 2.3kB gzipped) and performant natural sorting of arrays and collections by differentiating between unicode characters, numbers, dates, etc.

fast-natural-order-by Lightweight (< 2.3kB gzipped) and performant natural sorting of arrays and collections by differentiating between unicode charac

Shelf 5 Nov 14, 2022
This package will help parse OData strings (only the Microsoft Dataverse subset). It can be used as a validator, or you can build some javascript library which consumes the output of this library.

@albanian-xrm/dataverse-odata This package will help parse OData strings (only the Microsoft Dataverse subset). It can be used as a validator, or you

AlbanianXrm 3 Oct 22, 2022