npm - @naturalcycles/nodejs-lib - Versions diffs - 13.7.1 → 13.8.0 - Mend

@naturalcycles/nodejs-lib 13.7.1 → 13.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/fs/json2env.js +2 -2
package/dist/security/crypto.util.d.ts +13 -0
package/dist/security/crypto.util.js +19 -1
package/dist/stream/ndjson/ndjsonMap.js +1 -1
package/dist/stream/transform/transformLogProgress.js +1 -1
package/package.json +2 -2
package/src/csv/csvReader.ts +1 -1
package/src/fs/json2env.ts +2 -2
package/src/security/crypto.util.ts +17 -0

package/dist/fs/json2env.js CHANGED Viewed

@@ -108,7 +108,7 @@ function objectToShellExport(obj, prefix = '') {
         return '';
     return (Object.entries(obj)
         .map(([k, v]) => {
-        if (v) {
+        if (v !== undefined && v !== null) {
             return `export ${prefix}${k}="${v}"`;
         }
     })
@@ -137,7 +137,7 @@ function objectToGithubActionsEnv(obj, prefix = '') {
         return '';
     return (Object.entries(obj)
         .map(([k, v]) => {
-        if (v) {
+        if (v !== undefined && v !== null) {
             return `${prefix}${k}=${v}`;
         }
     })

package/dist/security/crypto.util.d.ts CHANGED Viewed

@@ -32,3 +32,16 @@ export declare function decryptString(str: Base64String, secretKeyBuffer: Buffer
  * Output is base64 string.
  */
 export declare function encryptString(str: string, secretKeyBuffer: Buffer): Base64String;
+/**
+ * Wraps `crypto.timingSafeEqual` and allows it to be used with String inputs:
+ *
+ * 1. Does length check first and short-circuits on length mismatch. Because `crypto.timingSafeEqual` only works with same-length inputs.
+ *
+ * Relevant read:
+ * https://medium.com/nerd-for-tech/checking-api-key-without-shooting-yourself-in-the-foot-javascript-nodejs-f271e47bb428
+ * https://codahale.com/a-lesson-in-timing-attacks/
+ * https://github.com/suryagh/tsscmp/blob/master/lib/index.js
+ *
+ * Returns true if inputs are equal, false otherwise.
+ */
+export declare function timingSafeStringEqual(s1: string | undefined, s2: string | undefined): boolean;

package/dist/security/crypto.util.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.encryptString = exports.decryptString = exports.encryptObject = exports.decryptObject = exports.decryptRandomIVBuffer = exports.encryptRandomIVBuffer = void 0;
+exports.timingSafeStringEqual = exports.encryptString = exports.decryptString = exports.encryptObject = exports.decryptObject = exports.decryptRandomIVBuffer = exports.encryptRandomIVBuffer = void 0;
 const tslib_1 = require("tslib");
 const node_crypto_1 = tslib_1.__importDefault(require("node:crypto"));
 const js_lib_1 = require("@naturalcycles/js-lib");
@@ -88,3 +88,21 @@ function getCryptoParams(secretKeyBuffer) {
     const iv = (0, hash_util_1.md5AsBuffer)(Buffer.concat([secretKeyBuffer, key]));
     return { key, iv };
 }
+/**
+ * Wraps `crypto.timingSafeEqual` and allows it to be used with String inputs:
+ *
+ * 1. Does length check first and short-circuits on length mismatch. Because `crypto.timingSafeEqual` only works with same-length inputs.
+ *
+ * Relevant read:
+ * https://medium.com/nerd-for-tech/checking-api-key-without-shooting-yourself-in-the-foot-javascript-nodejs-f271e47bb428
+ * https://codahale.com/a-lesson-in-timing-attacks/
+ * https://github.com/suryagh/tsscmp/blob/master/lib/index.js
+ *
+ * Returns true if inputs are equal, false otherwise.
+ */
+function timingSafeStringEqual(s1, s2) {
+    if (s1 === undefined || s2 === undefined || s1.length !== s2.length)
+        return false;
+    return node_crypto_1.default.timingSafeEqual(Buffer.from(s1), Buffer.from(s2));
+}
+exports.timingSafeStringEqual = timingSafeStringEqual;

package/dist/stream/ndjson/ndjsonMap.js CHANGED Viewed

@@ -10,7 +10,7 @@ const __1 = require("../..");
  * Zips output file automatically, if it ends with `.gz`.
  */
 async function ndjsonMap(mapper, opt) {
-    const { inputFilePath, outputFilePath, logEveryOutput = 100000, limitInput, limitOutput } = opt;
+    const { inputFilePath, outputFilePath, logEveryOutput = 100_000, limitInput, limitOutput } = opt;
     (0, __1.requireFileToExist)(inputFilePath);
     console.log({
         inputFilePath,

package/dist/stream/transform/transformLogProgress.js CHANGED Viewed

@@ -14,7 +14,7 @@ const inspectOpt = {
  * Pass-through transform that optionally logs progress.
  */
 function transformLogProgress(opt = {}) {
-    const { metric = 'progress', heapTotal: logHeapTotal = false, heapUsed: logHeapUsed = false, rss: logRss = true, peakRSS: logPeakRSS = true, logRPS = true, logEvery = 1000, logSizes = false, logSizesBuffer = 100000, logZippedSizes = false, batchSize = 1, extra, logger = console, } = opt;
+    const { metric = 'progress', heapTotal: logHeapTotal = false, heapUsed: logHeapUsed = false, rss: logRss = true, peakRSS: logPeakRSS = true, logRPS = true, logEvery = 1000, logSizes = false, logSizesBuffer = 100_000, logZippedSizes = false, batchSize = 1, extra, logger = console, } = opt;
     const logProgress = opt.logProgress !== false && logEvery !== 0; // true by default
     const logEvery10 = logEvery * 10;
     const started = Date.now();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@naturalcycles/nodejs-lib",
-  "version": "13.7.1",
+  "version": "13.8.0",
   "scripts": {
     "prepare": "husky install",
     "docs-serve": "vuepress dev docs",
@@ -35,7 +35,7 @@
     "yargs": "^17.0.0"
   },
   "devDependencies": {
-    "@naturalcycles/bench-lib": "^1.0.7",
+    "@naturalcycles/bench-lib": "^2.0.0",
     "@naturalcycles/dev-lib": "^13.0.0",
     "@types/node": "^20.1.0",
     "@types/yargs": "^16.0.0",

package/src/csv/csvReader.ts CHANGED Viewed

@@ -48,7 +48,7 @@ export function csvStringParse<T extends AnyObject = any>(
   return arr.map(row => {
     // eslint-disable-next-line unicorn/no-array-reduce
-    return header!.reduce((obj, col, i) => {
+    return header.reduce((obj, col, i) => {
       ;(obj as any)[col] = row[i]
       return obj
     }, {} as T)

package/src/fs/json2env.ts CHANGED Viewed

@@ -148,7 +148,7 @@ export function objectToShellExport(obj: AnyObject, prefix = ''): string {
   return (
     Object.entries(obj)
       .map(([k, v]) => {
-        if (v) {
+        if (v !== undefined && v !== null) {
           return `export ${prefix}${k}="${v}"`
         }
       })
@@ -179,7 +179,7 @@ export function objectToGithubActionsEnv(obj: AnyObject, prefix = ''): string {
   return (
     Object.entries(obj)
       .map(([k, v]) => {
-        if (v) {
+        if (v !== undefined && v !== null) {
           return `${prefix}${k}=${v}`
         }
       })

package/src/security/crypto.util.ts CHANGED Viewed

@@ -93,3 +93,20 @@ function getCryptoParams(secretKeyBuffer: Buffer): { key: Buffer; iv: Buffer } {
   const iv = md5AsBuffer(Buffer.concat([secretKeyBuffer, key]))
   return { key, iv }
 }
+/**
+ * Wraps `crypto.timingSafeEqual` and allows it to be used with String inputs:
+ *
+ * 1. Does length check first and short-circuits on length mismatch. Because `crypto.timingSafeEqual` only works with same-length inputs.
+ *
+ * Relevant read:
+ * https://medium.com/nerd-for-tech/checking-api-key-without-shooting-yourself-in-the-foot-javascript-nodejs-f271e47bb428
+ * https://codahale.com/a-lesson-in-timing-attacks/
+ * https://github.com/suryagh/tsscmp/blob/master/lib/index.js
+ *
+ * Returns true if inputs are equal, false otherwise.
+ */
+export function timingSafeStringEqual(s1: string | undefined, s2: string | undefined): boolean {
+  if (s1 === undefined || s2 === undefined || s1.length !== s2.length) return false
+  return crypto.timingSafeEqual(Buffer.from(s1), Buffer.from(s2))
+}