node-red-contrib-tak-registration 0.11.6 → 0.12.1

package/node_modules/@types/node/crypto.d.ts

@@ -14,7 +14,7 @@
  * // Prints:
  * //   c0fa1bc00531bd78ef38c628449c5102aeabd49b5dc3a2a516ea6ea959d6658e
  * ```
- * @see [source](https://github.com/nodejs/node/blob/v20.2.0/lib/crypto.js)
+ * @see [source](https://github.com/nodejs/node/blob/v22.x/lib/crypto.js)
  */
 declare module "crypto" {
     import * as stream from "node:stream";
@@ -27,7 +27,7 @@ declare module "crypto" {
      * should not use this element anymore.
      *
      * The `node:crypto` module provides the `Certificate` class for working with SPKAC
-     * data. The most common usage is handling output generated by the HTML5`<keygen>` element. Node.js uses [OpenSSL's SPKAC
+     * data. The most common usage is handling output generated by the HTML5 `<keygen>` element. Node.js uses [OpenSSL's SPKAC
      * implementation](https://www.openssl.org/docs/man3.0/man1/openssl-spkac.html) internally.
      * @since v0.11.8
      */
@@ -96,7 +96,7 @@ declare module "crypto" {
         verifySpkac(spkac: NodeJS.ArrayBufferView): boolean;
     }
     namespace constants {
-        // https://nodejs.org/dist/latest-v20.x/docs/api/crypto.html#crypto-constants
+        // https://nodejs.org/dist/latest-v22.x/docs/api/crypto.html#crypto-constants
         const OPENSSL_VERSION_NUMBER: number;
         /** Applies multiple bug workarounds within OpenSSL. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html for detail. */
         const SSL_OP_ALL: number;
@@ -106,7 +106,7 @@ declare module "crypto" {
         const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: number;
         /** Attempts to use the server's preferences instead of the client's when selecting a cipher. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html. */
         const SSL_OP_CIPHER_SERVER_PREFERENCE: number;
-        /** Instructs OpenSSL to use Cisco's "speshul" version of DTLS_BAD_VER. */
+        /** Instructs OpenSSL to use Cisco's version identifier of DTLS_BAD_VER. */
         const SSL_OP_CISCO_ANYCONNECT: number;
         /** Instructs OpenSSL to turn on cookie exchange. */
         const SSL_OP_COOKIE_EXCHANGE: number;
@@ -470,6 +470,7 @@ declare module "crypto" {
      * //   7fd04df92f636fd450bc841c9418e5825c17f33ad9c87c518115a45971f7f77e
      * ```
      * @since v0.1.94
+     * @deprecated Since v20.13.0 Calling `Hmac` class directly with `Hmac()` or `new Hmac()` is deprecated due to being internals, not intended for public use. Please use the {@link createHmac} method to create Hmac instances.
      */
     class Hmac extends stream.Transform {
         private constructor();
@@ -687,48 +688,6 @@ declare module "crypto" {
     interface CipherOCBOptions extends stream.TransformOptions {
         authTagLength: number;
     }
-    /**
-     * Creates and returns a `Cipher` object that uses the given `algorithm` and`password`.
-     *
-     * The `options` argument controls stream behavior and is optional except when a
-     * cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the`authTagLength` option is required and specifies the length of the
-     * authentication tag in bytes, see `CCM mode`. In GCM mode, the `authTagLength`option is not required but can be used to set the length of the authentication
-     * tag that will be returned by `getAuthTag()` and defaults to 16 bytes.
-     * For `chacha20-poly1305`, the `authTagLength` option defaults to 16 bytes.
-     *
-     * The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On
-     * recent OpenSSL releases, `openssl list -cipher-algorithms` will
-     * display the available cipher algorithms.
-     *
-     * The `password` is used to derive the cipher key and initialization vector (IV).
-     * The value must be either a `'latin1'` encoded string, a `Buffer`, a`TypedArray`, or a `DataView`.
-     *
-     * **This function is semantically insecure for all**
-     * **supported ciphers and fatally flawed for ciphers in counter mode (such as CTR,**
-     * **GCM, or CCM).**
-     *
-     * The implementation of `crypto.createCipher()` derives keys using the OpenSSL
-     * function [`EVP_BytesToKey`](https://www.openssl.org/docs/man3.0/man3/EVP_BytesToKey.html) with the digest algorithm set to MD5, one
-     * iteration, and no salt. The lack of salt allows dictionary attacks as the same
-     * password always creates the same key. The low iteration count and
-     * non-cryptographically secure hash algorithm allow passwords to be tested very
-     * rapidly.
-     *
-     * In line with OpenSSL's recommendation to use a more modern algorithm instead of [`EVP_BytesToKey`](https://www.openssl.org/docs/man3.0/man3/EVP_BytesToKey.html) it is recommended that
-     * developers derive a key and IV on
-     * their own using {@link scrypt} and to use {@link createCipheriv} to create the `Cipher` object. Users should not use ciphers with counter mode
-     * (e.g. CTR, GCM, or CCM) in `crypto.createCipher()`. A warning is emitted when
-     * they are used in order to avoid the risk of IV reuse that causes
-     * vulnerabilities. For the case when IV is reused in GCM, see [Nonce-Disrespecting Adversaries](https://github.com/nonce-disrespect/nonce-disrespect) for details.
-     * @since v0.1.94
-     * @deprecated Since v10.0.0 - Use {@link createCipheriv} instead.
-     * @param options `stream.transform` options
-     */
-    function createCipher(algorithm: CipherCCMTypes, password: BinaryLike, options: CipherCCMOptions): CipherCCM;
-    /** @deprecated since v10.0.0 use `createCipheriv()` */
-    function createCipher(algorithm: CipherGCMTypes, password: BinaryLike, options?: CipherGCMOptions): CipherGCM;
-    /** @deprecated since v10.0.0 use `createCipheriv()` */
-    function createCipher(algorithm: string, password: BinaryLike, options?: stream.TransformOptions): Cipher;
     /**
      * Creates and returns a `Cipher` object, with the given `algorithm`, `key` and
      * initialization vector (`iv`).
@@ -792,7 +751,7 @@ declare module "crypto" {
      * * Using the `cipher.update()` and `cipher.final()` methods to produce
      * the encrypted data.
      *
-     * The {@link createCipher} or {@link createCipheriv} methods are
+     * The {@link createCipheriv} method is
      * used to create `Cipher` instances. `Cipher` objects are not to be created
      * directly using the `new` keyword.
      *
@@ -906,8 +865,8 @@ declare module "crypto" {
         private constructor();
         /**
          * Updates the cipher with `data`. If the `inputEncoding` argument is given,
-         * the `data`argument is a string using the specified encoding. If the `inputEncoding`argument is not given, `data` must be a `Buffer`, `TypedArray`, or`DataView`. If `data` is a `Buffer`,
-         * `TypedArray`, or `DataView`, then`inputEncoding` is ignored.
+         * the `data`argument is a string using the specified encoding. If the `inputEncoding`argument is not given, `data` must be a `Buffer`, `TypedArray`, or `DataView`. If `data` is a `Buffer`,
+         * `TypedArray`, or `DataView`, then `inputEncoding` is ignored.
          *
          * The `outputEncoding` specifies the output format of the enciphered
          * data. If the `outputEncoding`is specified, a string using the specified encoding is returned. If no`outputEncoding` is provided, a `Buffer` is returned.
@@ -977,42 +936,11 @@ declare module "crypto" {
         getAuthTag(): Buffer;
     }
     /**
-     * Creates and returns a `Decipher` object that uses the given `algorithm` and`password` (key).
-     *
-     * The `options` argument controls stream behavior and is optional except when a
-     * cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the`authTagLength` option is required and specifies the length of the
-     * authentication tag in bytes, see `CCM mode`.
-     * For `chacha20-poly1305`, the `authTagLength` option defaults to 16 bytes.
-     *
-     * **This function is semantically insecure for all**
-     * **supported ciphers and fatally flawed for ciphers in counter mode (such as CTR,**
-     * **GCM, or CCM).**
-     *
-     * The implementation of `crypto.createDecipher()` derives keys using the OpenSSL
-     * function [`EVP_BytesToKey`](https://www.openssl.org/docs/man3.0/man3/EVP_BytesToKey.html) with the digest algorithm set to MD5, one
-     * iteration, and no salt. The lack of salt allows dictionary attacks as the same
-     * password always creates the same key. The low iteration count and
-     * non-cryptographically secure hash algorithm allow passwords to be tested very
-     * rapidly.
-     *
-     * In line with OpenSSL's recommendation to use a more modern algorithm instead of [`EVP_BytesToKey`](https://www.openssl.org/docs/man3.0/man3/EVP_BytesToKey.html) it is recommended that
-     * developers derive a key and IV on
-     * their own using {@link scrypt} and to use {@link createDecipheriv} to create the `Decipher` object.
-     * @since v0.1.94
-     * @deprecated Since v10.0.0 - Use {@link createDecipheriv} instead.
-     * @param options `stream.transform` options
-     */
-    function createDecipher(algorithm: CipherCCMTypes, password: BinaryLike, options: CipherCCMOptions): DecipherCCM;
-    /** @deprecated since v10.0.0 use `createDecipheriv()` */
-    function createDecipher(algorithm: CipherGCMTypes, password: BinaryLike, options?: CipherGCMOptions): DecipherGCM;
-    /** @deprecated since v10.0.0 use `createDecipheriv()` */
-    function createDecipher(algorithm: string, password: BinaryLike, options?: stream.TransformOptions): Decipher;
-    /**
-     * Creates and returns a `Decipher` object that uses the given `algorithm`, `key`and initialization vector (`iv`).
+     * Creates and returns a `Decipher` object that uses the given `algorithm`, `key` and initialization vector (`iv`).
      *
      * The `options` argument controls stream behavior and is optional except when a
-     * cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the`authTagLength` option is required and specifies the length of the
-     * authentication tag in bytes, see `CCM mode`. In GCM mode, the `authTagLength`option is not required but can be used to restrict accepted authentication tags
+     * cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the `authTagLength` option is required and specifies the length of the
+     * authentication tag in bytes, see `CCM mode`. In GCM mode, the `authTagLength` option is not required but can be used to restrict accepted authentication tags
      * to those with the specified length.
      * For `chacha20-poly1305`, the `authTagLength` option defaults to 16 bytes.
      *
@@ -1069,7 +997,7 @@ declare module "crypto" {
      * * Using the `decipher.update()` and `decipher.final()` methods to
      * produce the unencrypted data.
      *
-     * The {@link createDecipher} or {@link createDecipheriv} methods are
+     * The {@link createDecipheriv} method is
      * used to create `Decipher` instances. `Decipher` objects are not to be created
      * directly using the `new` keyword.
      *
@@ -1172,11 +1100,11 @@ declare module "crypto" {
         private constructor();
         /**
          * Updates the decipher with `data`. If the `inputEncoding` argument is given,
-         * the `data`argument is a string using the specified encoding. If the `inputEncoding`argument is not given, `data` must be a `Buffer`. If `data` is a `Buffer` then `inputEncoding` is
+         * the `data` argument is a string using the specified encoding. If the `inputEncoding` argument is not given, `data` must be a `Buffer`. If `data` is a `Buffer` then `inputEncoding` is
          * ignored.
          *
          * The `outputEncoding` specifies the output format of the enciphered
-         * data. If the `outputEncoding`is specified, a string using the specified encoding is returned. If no`outputEncoding` is provided, a `Buffer` is returned.
+         * data. If the `outputEncoding` is specified, a string using the specified encoding is returned. If no `outputEncoding` is provided, a `Buffer` is returned.
          *
          * The `decipher.update()` method can be called multiple times with new data until `decipher.final()` is called. Calling `decipher.update()` after `decipher.final()` will result in an error
          * being thrown.
@@ -1199,7 +1127,7 @@ declare module "crypto" {
         final(): Buffer;
         final(outputEncoding: BufferEncoding): string;
         /**
-         * When data has been encrypted without standard block padding, calling`decipher.setAutoPadding(false)` will disable automatic padding to prevent `decipher.final()` from checking for and
+         * When data has been encrypted without standard block padding, calling `decipher.setAutoPadding(false)` will disable automatic padding to prevent `decipher.final()` from checking for and
          * removing padding.
          *
          * Turning auto padding off will only work if the input data's length is a
@@ -1253,7 +1181,7 @@ declare module "crypto" {
         encoding?: string | undefined;
     }
     /**
-     * Asynchronously generates a new random secret key of the given `length`. The`type` will determine which validations will be performed on the `length`.
+     * Asynchronously generates a new random secret key of the given `length`. The `type` will determine which validations will be performed on the `length`.
      *
      * ```js
      * const {
@@ -1279,7 +1207,7 @@ declare module "crypto" {
         callback: (err: Error | null, key: KeyObject) => void,
     ): void;
     /**
-     * Synchronously generates a new random secret key of the given `length`. The`type` will determine which validations will be performed on the `length`.
+     * Synchronously generates a new random secret key of the given `length`. The `type` will determine which validations will be performed on the `length`.
      *
      * ```js
      * const {
@@ -1307,7 +1235,7 @@ declare module "crypto" {
     }
     /**
      * Creates and returns a new key object containing a private key. If `key` is a
-     * string or `Buffer`, `format` is assumed to be `'pem'`; otherwise, `key`must be an object with the properties described above.
+     * string or `Buffer`, `format` is assumed to be `'pem'`; otherwise, `key` must be an object with the properties described above.
      *
      * If the private key is encrypted, a `passphrase` must be specified. The length
      * of the passphrase is limited to 1024 bytes.
@@ -1316,7 +1244,7 @@ declare module "crypto" {
     function createPrivateKey(key: PrivateKeyInput | string | Buffer | JsonWebKeyInput): KeyObject;
     /**
      * Creates and returns a new key object containing a public key. If `key` is a
-     * string or `Buffer`, `format` is assumed to be `'pem'`; if `key` is a `KeyObject`with type `'private'`, the public key is derived from the given private key;
+     * string or `Buffer`, `format` is assumed to be `'pem'`; if `key` is a `KeyObject` with type `'private'`, the public key is derived from the given private key;
      * otherwise, `key` must be an object with the properties described above.
      *
      * If the format is `'pem'`, the `'key'` may also be an X.509 certificate.
@@ -1324,7 +1252,7 @@ declare module "crypto" {
      * Because public keys can be derived from private keys, a private key may be
      * passed instead of a public key. In that case, this function behaves as if {@link createPrivateKey} had been called, except that the type of the
      * returned `KeyObject` will be `'public'` and that the private key cannot be
-     * extracted from the returned `KeyObject`. Similarly, if a `KeyObject` with type`'private'` is given, a new `KeyObject` with type `'public'` will be returned
+     * extracted from the returned `KeyObject`. Similarly, if a `KeyObject` with type `'private'` is given, a new `KeyObject` with type `'public'` will be returned
      * and it will be impossible to extract the private key from the returned object.
      * @since v11.6.0
      */
@@ -1363,6 +1291,7 @@ declare module "crypto" {
     interface SignKeyObjectInput extends SigningOptions {
         key: KeyObject;
     }
+    interface SignJsonWebKeyInput extends JsonWebKeyInput, SigningOptions {}
     interface VerifyPublicKeyInput extends PublicKeyInput, SigningOptions {}
     interface VerifyKeyObjectInput extends SigningOptions {
         key: KeyObject;
@@ -1449,7 +1378,7 @@ declare module "crypto" {
         /**
          * Calculates the signature on all the data passed through using either `sign.update()` or `sign.write()`.
          *
-         * If `privateKey` is not a `KeyObject`, this function behaves as if`privateKey` had been passed to {@link createPrivateKey}. If it is an
+         * If `privateKey` is not a `KeyObject`, this function behaves as if `privateKey` had been passed to {@link createPrivateKey}. If it is an
          * object, the following additional properties can be passed:
          *
          * If `outputEncoding` is provided a string is returned; otherwise a `Buffer` is returned.
@@ -1458,16 +1387,16 @@ declare module "crypto" {
          * called. Multiple calls to `sign.sign()` will result in an error being thrown.
          * @since v0.1.92
          */
-        sign(privateKey: KeyLike | SignKeyObjectInput | SignPrivateKeyInput): Buffer;
+        sign(privateKey: KeyLike | SignKeyObjectInput | SignPrivateKeyInput | SignJsonWebKeyInput): Buffer;
         sign(
-            privateKey: KeyLike | SignKeyObjectInput | SignPrivateKeyInput,
+            privateKey: KeyLike | SignKeyObjectInput | SignPrivateKeyInput | SignJsonWebKeyInput,
             outputFormat: BinaryToTextEncoding,
         ): string;
     }
     /**
      * Creates and returns a `Verify` object that uses the given algorithm.
      * Use {@link getHashes} to obtain an array of names of the available
-     * signing algorithms. Optional `options` argument controls the`stream.Writable` behavior.
+     * signing algorithms. Optional `options` argument controls the `stream.Writable` behavior.
      *
      * In some cases, a `Verify` instance can be created using the name of a signature
      * algorithm, such as `'RSA-SHA256'`, instead of a digest algorithm. This will use
@@ -1487,7 +1416,7 @@ declare module "crypto" {
      * * Using the `verify.update()` and `verify.verify()` methods to verify
      * the signature.
      *
-     * The {@link createVerify} method is used to create `Verify` instances.`Verify` objects are not to be created directly using the `new` keyword.
+     * The {@link createVerify} method is used to create `Verify` instances. `Verify` objects are not to be created directly using the `new` keyword.
      *
      * See `Sign` for examples.
      * @since v0.1.92
@@ -1498,7 +1427,7 @@ declare module "crypto" {
          * Updates the `Verify` content with the given `data`, the encoding of which
          * is given in `inputEncoding`.
          * If `inputEncoding` is not provided, and the `data` is a string, an
-         * encoding of `'utf8'` is enforced. If `data` is a `Buffer`, `TypedArray`, or`DataView`, then `inputEncoding` is ignored.
+         * encoding of `'utf8'` is enforced. If `data` is a `Buffer`, `TypedArray`, or `DataView`, then `inputEncoding` is ignored.
          *
          * This can be called many times with new data as it is streamed.
          * @since v0.1.92
@@ -1509,13 +1438,13 @@ declare module "crypto" {
         /**
          * Verifies the provided data using the given `object` and `signature`.
          *
-         * If `object` is not a `KeyObject`, this function behaves as if`object` had been passed to {@link createPublicKey}. If it is an
+         * If `object` is not a `KeyObject`, this function behaves as if `object` had been passed to {@link createPublicKey}. If it is an
          * object, the following additional properties can be passed:
          *
          * The `signature` argument is the previously calculated signature for the data, in
          * the `signatureEncoding`.
          * If a `signatureEncoding` is specified, the `signature` is expected to be a
-         * string; otherwise `signature` is expected to be a `Buffer`,`TypedArray`, or `DataView`.
+         * string; otherwise `signature` is expected to be a `Buffer`, `TypedArray`, or `DataView`.
          *
          * The `verify` object can not be used again after `verify.verify()` has been
          * called. Multiple calls to `verify.verify()` will result in an error being
@@ -1539,7 +1468,7 @@ declare module "crypto" {
      * Creates a `DiffieHellman` key exchange object using the supplied `prime` and an
      * optional specific `generator`.
      *
-     * The `generator` argument can be a number, string, or `Buffer`. If`generator` is not specified, the value `2` is used.
+     * The `generator` argument can be a number, string, or `Buffer`. If `generator` is not specified, the value `2` is used.
      *
      * If `primeEncoding` is specified, `prime` is expected to be a string; otherwise
      * a `Buffer`, `TypedArray`, or `DataView` is expected.
@@ -1625,7 +1554,7 @@ declare module "crypto" {
          * key is interpreted using the specified `inputEncoding`, and secret is
          * encoded using specified `outputEncoding`.
          * If the `inputEncoding` is not
-         * provided, `otherPublicKey` is expected to be a `Buffer`,`TypedArray`, or `DataView`.
+         * provided, `otherPublicKey` is expected to be a `Buffer`, `TypedArray`, or `DataView`.
          *
          * If `outputEncoding` is given a string is returned; otherwise, a `Buffer` is returned.
          * @since v0.5.0
@@ -1681,7 +1610,7 @@ declare module "crypto" {
         getPrivateKey(): Buffer;
         getPrivateKey(encoding: BinaryToTextEncoding): string;
         /**
-         * Sets the Diffie-Hellman public key. If the `encoding` argument is provided,`publicKey` is expected
+         * Sets the Diffie-Hellman public key. If the `encoding` argument is provided, `publicKey` is expected
          * to be a string. If no `encoding` is provided, `publicKey` is expected
          * to be a `Buffer`, `TypedArray`, or `DataView`.
          * @since v0.5.0
@@ -1784,10 +1713,10 @@ declare module "crypto" {
     /**
      * Provides an asynchronous Password-Based Key Derivation Function 2 (PBKDF2)
      * implementation. A selected HMAC digest algorithm specified by `digest` is
-     * applied to derive a key of the requested byte length (`keylen`) from the`password`, `salt` and `iterations`.
+     * applied to derive a key of the requested byte length (`keylen`) from the `password`, `salt` and `iterations`.
      *
-     * The supplied `callback` function is called with two arguments: `err` and`derivedKey`. If an error occurs while deriving the key, `err` will be set;
-     * otherwise `err` will be `null`. By default, the successfully generated`derivedKey` will be passed to the callback as a `Buffer`. An error will be
+     * The supplied `callback` function is called with two arguments: `err` and `derivedKey`. If an error occurs while deriving the key, `err` will be set;
+     * otherwise `err` will be `null`. By default, the successfully generated `derivedKey` will be passed to the callback as a `Buffer`. An error will be
      * thrown if any of the input arguments specify invalid values or types.
      *
      * The `iterations` argument must be a number set as high as possible. The
@@ -1827,7 +1756,7 @@ declare module "crypto" {
     /**
      * Provides a synchronous Password-Based Key Derivation Function 2 (PBKDF2)
      * implementation. A selected HMAC digest algorithm specified by `digest` is
-     * applied to derive a key of the requested byte length (`keylen`) from the`password`, `salt` and `iterations`.
+     * applied to derive a key of the requested byte length (`keylen`) from the `password`, `salt` and `iterations`.
      *
      * If an error occurs an `Error` will be thrown, otherwise the derived key will be
      * returned as a `Buffer`.
@@ -1866,7 +1795,7 @@ declare module "crypto" {
      *
      * If a `callback` function is provided, the bytes are generated asynchronously
      * and the `callback` function is invoked with two arguments: `err` and `buf`.
-     * If an error occurs, `err` will be an `Error` object; otherwise it is `null`. The`buf` argument is a `Buffer` containing the generated bytes.
+     * If an error occurs, `err` will be an `Error` object; otherwise it is `null`. The `buf` argument is a `Buffer` containing the generated bytes.
      *
      * ```js
      * // Asynchronous
@@ -2037,7 +1966,7 @@ declare module "crypto" {
      * });
      * ```
      *
-     * Any `ArrayBuffer`, `TypedArray`, or `DataView` instance may be passed as`buffer`.
+     * Any `ArrayBuffer`, `TypedArray`, or `DataView` instance may be passed as `buffer`.
      *
      * While this includes instances of `Float32Array` and `Float64Array`, this
      * function should not be used to generate random floating-point numbers. The
@@ -2117,7 +2046,7 @@ declare module "crypto" {
      *
      * When passing strings for `password` or `salt`, please consider `caveats when using strings as inputs to cryptographic APIs`.
      *
-     * The `callback` function is called with two arguments: `err` and `derivedKey`.`err` is an exception object when key derivation fails, otherwise `err` is`null`. `derivedKey` is passed to the
+     * The `callback` function is called with two arguments: `err` and `derivedKey`. `err` is an exception object when key derivation fails, otherwise `err` is `null`. `derivedKey` is passed to the
      * callback as a `Buffer`.
      *
      * An exception is thrown when any of the input arguments specify invalid values
@@ -2203,8 +2132,8 @@ declare module "crypto" {
      * Encrypts the content of `buffer` with `key` and returns a new `Buffer` with encrypted content. The returned data can be decrypted using
      * the corresponding private key, for example using {@link privateDecrypt}.
      *
-     * If `key` is not a `KeyObject`, this function behaves as if`key` had been passed to {@link createPublicKey}. If it is an
-     * object, the `padding` property can be passed. Otherwise, this function uses`RSA_PKCS1_OAEP_PADDING`.
+     * If `key` is not a `KeyObject`, this function behaves as if `key` had been passed to {@link createPublicKey}. If it is an
+     * object, the `padding` property can be passed. Otherwise, this function uses `RSA_PKCS1_OAEP_PADDING`.
      *
      * Because RSA public keys can be derived from private keys, a private key may
      * be passed instead of a public key.
@@ -2215,8 +2144,8 @@ declare module "crypto" {
      * Decrypts `buffer` with `key`.`buffer` was previously encrypted using
      * the corresponding private key, for example using {@link privateEncrypt}.
      *
-     * If `key` is not a `KeyObject`, this function behaves as if`key` had been passed to {@link createPublicKey}. If it is an
-     * object, the `padding` property can be passed. Otherwise, this function uses`RSA_PKCS1_PADDING`.
+     * If `key` is not a `KeyObject`, this function behaves as if `key` had been passed to {@link createPublicKey}. If it is an
+     * object, the `padding` property can be passed. Otherwise, this function uses `RSA_PKCS1_PADDING`.
      *
      * Because RSA public keys can be derived from private keys, a private key may
      * be passed instead of a public key.
@@ -2227,8 +2156,8 @@ declare module "crypto" {
      * Decrypts `buffer` with `privateKey`. `buffer` was previously encrypted using
      * the corresponding public key, for example using {@link publicEncrypt}.
      *
-     * If `privateKey` is not a `KeyObject`, this function behaves as if`privateKey` had been passed to {@link createPrivateKey}. If it is an
-     * object, the `padding` property can be passed. Otherwise, this function uses`RSA_PKCS1_OAEP_PADDING`.
+     * If `privateKey` is not a `KeyObject`, this function behaves as if `privateKey` had been passed to {@link createPrivateKey}. If it is an
+     * object, the `padding` property can be passed. Otherwise, this function uses `RSA_PKCS1_OAEP_PADDING`.
      * @since v0.11.14
      */
     function privateDecrypt(privateKey: RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
@@ -2236,8 +2165,8 @@ declare module "crypto" {
      * Encrypts `buffer` with `privateKey`. The returned data can be decrypted using
      * the corresponding public key, for example using {@link publicDecrypt}.
      *
-     * If `privateKey` is not a `KeyObject`, this function behaves as if`privateKey` had been passed to {@link createPrivateKey}. If it is an
-     * object, the `padding` property can be passed. Otherwise, this function uses`RSA_PKCS1_PADDING`.
+     * If `privateKey` is not a `KeyObject`, this function behaves as if `privateKey` had been passed to {@link createPrivateKey}. If it is an
+     * object, the `padding` property can be passed. Otherwise, this function uses `RSA_PKCS1_PADDING`.
      * @since v1.1.0
      */
     function privateEncrypt(privateKey: RsaPrivateKey | KeyLike, buffer: NodeJS.ArrayBufferView): Buffer;
@@ -2332,9 +2261,9 @@ declare module "crypto" {
          * On recent OpenSSL releases, `openssl ecparam -list_curves` will also display
          * the name and description of each available elliptic curve.
          *
-         * If `format` is not specified the point will be returned in `'uncompressed'`format.
+         * If `format` is not specified the point will be returned in `'uncompressed'` format.
          *
-         * If the `inputEncoding` is not provided, `key` is expected to be a `Buffer`,`TypedArray`, or `DataView`.
+         * If the `inputEncoding` is not provided, `key` is expected to be a `Buffer`, `TypedArray`, or `DataView`.
          *
          * Example (uncompressing a key):
          *
@@ -2375,7 +2304,7 @@ declare module "crypto" {
          * the public key in the specified `format` and `encoding`. This key should be
          * transferred to the other party.
          *
-         * The `format` argument specifies point encoding and can be `'compressed'` or`'uncompressed'`. If `format` is not specified, the point will be returned in`'uncompressed'` format.
+         * The `format` argument specifies point encoding and can be `'compressed'` or `'uncompressed'`. If `format` is not specified, the point will be returned in`'uncompressed'` format.
          *
          * If `encoding` is provided a string is returned; otherwise a `Buffer` is returned.
          * @since v0.11.14
@@ -2390,11 +2319,11 @@ declare module "crypto" {
          * key is interpreted using specified `inputEncoding`, and the returned secret
          * is encoded using the specified `outputEncoding`.
          * If the `inputEncoding` is not
-         * provided, `otherPublicKey` is expected to be a `Buffer`, `TypedArray`, or`DataView`.
+         * provided, `otherPublicKey` is expected to be a `Buffer`, `TypedArray`, or `DataView`.
          *
          * If `outputEncoding` is given a string will be returned; otherwise a `Buffer` is returned.
          *
-         * `ecdh.computeSecret` will throw an`ERR_CRYPTO_ECDH_INVALID_PUBLIC_KEY` error when `otherPublicKey`lies outside of the elliptic curve. Since `otherPublicKey` is
+         * `ecdh.computeSecret` will throw an`ERR_CRYPTO_ECDH_INVALID_PUBLIC_KEY` error when `otherPublicKey` lies outside of the elliptic curve. Since `otherPublicKey` is
          * usually supplied from a remote user over an insecure network,
          * be sure to handle this exception accordingly.
          * @since v0.11.14
@@ -2419,7 +2348,7 @@ declare module "crypto" {
         getPrivateKey(): Buffer;
         getPrivateKey(encoding: BinaryToTextEncoding): string;
         /**
-         * The `format` argument specifies point encoding and can be `'compressed'` or`'uncompressed'`. If `format` is not specified the point will be returned in`'uncompressed'` format.
+         * The `format` argument specifies point encoding and can be `'compressed'` or `'uncompressed'`. If `format` is not specified the point will be returned in`'uncompressed'` format.
          *
          * If `encoding` is specified, a string is returned; otherwise a `Buffer` is
          * returned.
@@ -2433,7 +2362,7 @@ declare module "crypto" {
         /**
          * Sets the EC Diffie-Hellman private key.
          * If `encoding` is provided, `privateKey` is expected
-         * to be a string; otherwise `privateKey` is expected to be a `Buffer`,`TypedArray`, or `DataView`.
+         * to be a string; otherwise `privateKey` is expected to be a `Buffer`, `TypedArray`, or `DataView`.
          *
          * If `privateKey` is not valid for the curve specified when the `ECDH` object was
          * created, an error is thrown. Upon setting the private key, the associated
@@ -2453,7 +2382,7 @@ declare module "crypto" {
      */
     function createECDH(curveName: string): ECDH;
     /**
-     * This function compares the underlying bytes that represent the given`ArrayBuffer`, `TypedArray`, or `DataView` instances using a constant-time
+     * This function compares the underlying bytes that represent the given `ArrayBuffer`, `TypedArray`, or `DataView` instances using a constant-time
      * algorithm.
      *
      * This function does not leak timing information that
@@ -2468,8 +2397,8 @@ declare module "crypto" {
      * entry, such as `Uint16Array`, the result will be computed using the platform
      * byte order.
      *
-     * **When both of the inputs are `Float32Array`s or`Float64Array`s, this function might return unexpected results due to IEEE 754**
-     * **encoding of floating-point numbers. In particular, neither `x === y` nor`Object.is(x, y)` implies that the byte representations of two floating-point**
+     * **When both of the inputs are `Float32Array`s or `Float64Array`s, this function might return unexpected results due to IEEE 754**
+     * **encoding of floating-point numbers. In particular, neither `x === y` nor `Object.is(x, y)` implies that the byte representations of two floating-point**
      * **numbers `x` and `y` are equal.**
      *
      * Use of `crypto.timingSafeEqual` does not guarantee that the _surrounding_ code
@@ -2846,7 +2775,7 @@ declare module "crypto" {
      * behaves as if `keyObject.export()` had been called on its result. Otherwise,
      * the respective part of the key is returned as a `KeyObject`.
      *
-     * It is recommended to encode public keys as `'spki'` and private keys as`'pkcs8'` with encryption for long-term storage:
+     * It is recommended to encode public keys as `'spki'` and private keys as `'pkcs8'` with encryption for long-term storage:
      *
      * ```js
      * const {
@@ -2870,7 +2799,7 @@ declare module "crypto" {
      * });
      * ```
      *
-     * On completion, `callback` will be called with `err` set to `undefined` and`publicKey` / `privateKey` representing the generated key pair.
+     * On completion, `callback` will be called with `err` set to `undefined` and `publicKey` / `privateKey` representing the generated key pair.
      *
      * If this method is invoked as its `util.promisify()` ed version, it returns
      * a `Promise` for an `Object` with `publicKey` and `privateKey` properties.
@@ -3335,16 +3264,16 @@ declare module "crypto" {
     function sign(
         algorithm: string | null | undefined,
         data: NodeJS.ArrayBufferView,
-        key: KeyLike | SignKeyObjectInput | SignPrivateKeyInput,
+        key: KeyLike | SignKeyObjectInput | SignPrivateKeyInput | SignJsonWebKeyInput,
     ): Buffer;
     function sign(
         algorithm: string | null | undefined,
         data: NodeJS.ArrayBufferView,
-        key: KeyLike | SignKeyObjectInput | SignPrivateKeyInput,
+        key: KeyLike | SignKeyObjectInput | SignPrivateKeyInput | SignJsonWebKeyInput,
         callback: (error: Error | null, data: Buffer) => void,
     ): void;
     /**
-     * Verifies the given signature for `data` using the given key and algorithm. If`algorithm` is `null` or `undefined`, then the algorithm is dependent upon the
+     * Verifies the given signature for `data` using the given key and algorithm. If `algorithm` is `null` or `undefined`, then the algorithm is dependent upon the
      * key type (especially Ed25519 and Ed448).
      *
      * If `key` is not a `KeyObject`, this function behaves as if `key` had been
@@ -3374,10 +3303,45 @@ declare module "crypto" {
     ): void;
     /**
      * Computes the Diffie-Hellman secret based on a `privateKey` and a `publicKey`.
-     * Both keys must have the same `asymmetricKeyType`, which must be one of `'dh'`(for Diffie-Hellman), `'ec'` (for ECDH), `'x448'`, or `'x25519'` (for ECDH-ES).
+     * Both keys must have the same `asymmetricKeyType`, which must be one of `'dh'` (for Diffie-Hellman), `'ec'` (for ECDH), `'x448'`, or `'x25519'` (for ECDH-ES).
      * @since v13.9.0, v12.17.0
      */
     function diffieHellman(options: { privateKey: KeyObject; publicKey: KeyObject }): Buffer;
+    /**
+     * A utility for creating one-shot hash digests of data. It can be faster than the object-based `crypto.createHash()` when hashing a smaller amount of data
+     * (<= 5MB) that's readily available. If the data can be big or if it is streamed, it's still recommended to use `crypto.createHash()` instead. The `algorithm`
+     * is dependent on the available algorithms supported by the version of OpenSSL on the platform. Examples are `'sha256'`, `'sha512'`, etc. On recent releases
+     * of OpenSSL, `openssl list -digest-algorithms` will display the available digest algorithms.
+     *
+     * Example:
+     *
+     * ```js
+     * const crypto = require('node:crypto');
+     * const { Buffer } = require('node:buffer');
+     *
+     * // Hashing a string and return the result as a hex-encoded string.
+     * const string = 'Node.js';
+     * // 10b3493287f831e81a438811a1ffba01f8cec4b7
+     * console.log(crypto.hash('sha1', string));
+     *
+     * // Encode a base64-encoded string into a Buffer, hash it and return
+     * // the result as a buffer.
+     * const base64 = 'Tm9kZS5qcw==';
+     * // <Buffer 10 b3 49 32 87 f8 31 e8 1a 43 88 11 a1 ff ba 01 f8 ce c4 b7>
+     * console.log(crypto.hash('sha1', Buffer.from(base64, 'base64'), 'buffer'));
+     * ```
+     * @since v21.7.0, v20.12.0
+     * @param data When `data` is a string, it will be encoded as UTF-8 before being hashed. If a different input encoding is desired for a string input, user
+     *             could encode the string into a `TypedArray` using either `TextEncoder` or `Buffer.from()` and passing the encoded `TypedArray` into this API instead.
+     * @param [outputEncoding='hex'] [Encoding](https://nodejs.org/docs/latest-v22.x/api/buffer.html#buffers-and-character-encodings) used to encode the returned digest.
+     */
+    function hash(algorithm: string, data: BinaryLike, outputEncoding?: BinaryToTextEncoding): string;
+    function hash(algorithm: string, data: BinaryLike, outputEncoding: "buffer"): Buffer;
+    function hash(
+        algorithm: string,
+        data: BinaryLike,
+        outputEncoding?: BinaryToTextEncoding | "buffer",
+    ): string | Buffer;
     type CipherMode = "cbc" | "ccm" | "cfb" | "ctr" | "ecb" | "gcm" | "ocb" | "ofb" | "stream" | "wrap" | "xts";
     interface CipherInfoOptions {
         /**
@@ -3430,9 +3394,9 @@ declare module "crypto" {
      */
     function getCipherInfo(nameOrNid: string | number, options?: CipherInfoOptions): CipherInfo | undefined;
     /**
-     * HKDF is a simple key derivation function defined in RFC 5869\. The given `ikm`,`salt` and `info` are used with the `digest` to derive a key of `keylen` bytes.
+     * HKDF is a simple key derivation function defined in RFC 5869\. The given `ikm`, `salt` and `info` are used with the `digest` to derive a key of `keylen` bytes.
      *
-     * The supplied `callback` function is called with two arguments: `err` and`derivedKey`. If an errors occurs while deriving the key, `err` will be set;
+     * The supplied `callback` function is called with two arguments: `err` and `derivedKey`. If an errors occurs while deriving the key, `err` will be set;
      * otherwise `err` will be `null`. The successfully generated `derivedKey` will
      * be passed to the callback as an [ArrayBuffer](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/ArrayBuffer). An error will be thrown if any
      * of the input arguments specify invalid values or types.
@@ -3466,7 +3430,7 @@ declare module "crypto" {
     ): void;
     /**
      * Provides a synchronous HKDF key derivation function as defined in RFC 5869\. The
-     * given `ikm`, `salt` and `info` are used with the `digest` to derive a key of`keylen` bytes.
+     * given `ikm`, `salt` and `info` are used with the `digest` to derive a key of `keylen` bytes.
      *
      * The successfully generated `derivedKey` will be returned as an [ArrayBuffer](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/ArrayBuffer).
      *
@@ -3795,7 +3759,7 @@ declare module "crypto" {
     /**
      * Generates a pseudorandom prime of `size` bits.
      *
-     * If `options.safe` is `true`, the prime will be a safe prime -- that is,`(prime - 1) / 2` will also be a prime.
+     * If `options.safe` is `true`, the prime will be a safe prime -- that is, `(prime - 1) / 2` will also be a prime.
      *
      * The `options.add` and `options.rem` parameters can be used to enforce additional
      * requirements, e.g., for Diffie-Hellman:
@@ -3811,7 +3775,7 @@ declare module "crypto" {
      * * `options.rem` is ignored if `options.add` is not given.
      *
      * Both `options.add` and `options.rem` must be encoded as big-endian sequences
-     * if given as an `ArrayBuffer`, `SharedArrayBuffer`, `TypedArray`, `Buffer`, or`DataView`.
+     * if given as an `ArrayBuffer`, `SharedArrayBuffer`, `TypedArray`, `Buffer`, or `DataView`.
      *
      * By default, the prime is encoded as a big-endian sequence of octets
      * in an [ArrayBuffer](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/ArrayBuffer). If the `bigint` option is `true`, then a
@@ -3838,7 +3802,7 @@ declare module "crypto" {
     /**
      * Generates a pseudorandom prime of `size` bits.
      *
-     * If `options.safe` is `true`, the prime will be a safe prime -- that is,`(prime - 1) / 2` will also be a prime.
+     * If `options.safe` is `true`, the prime will be a safe prime -- that is, `(prime - 1) / 2` will also be a prime.
      *
      * The `options.add` and `options.rem` parameters can be used to enforce additional
      * requirements, e.g., for Diffie-Hellman:
@@ -3854,7 +3818,7 @@ declare module "crypto" {
      * * `options.rem` is ignored if `options.add` is not given.
      *
      * Both `options.add` and `options.rem` must be encoded as big-endian sequences
-     * if given as an `ArrayBuffer`, `SharedArrayBuffer`, `TypedArray`, `Buffer`, or`DataView`.
+     * if given as an `ArrayBuffer`, `SharedArrayBuffer`, `TypedArray`, `Buffer`, or `DataView`.
      *
      * By default, the prime is encoded as a big-endian sequence of octets
      * in an [ArrayBuffer](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/ArrayBuffer). If the `bigint` option is `true`, then a
@@ -3900,7 +3864,7 @@ declare module "crypto" {
      *
      * `engine` could be either an id or a path to the engine's shared library.
      *
-     * The optional `flags` argument uses `ENGINE_METHOD_ALL` by default. The `flags`is a bit field taking one of or a mix of the following flags (defined in`crypto.constants`):
+     * The optional `flags` argument uses `ENGINE_METHOD_ALL` by default. The `flags` is a bit field taking one of or a mix of the following flags (defined in `crypto.constants`):
      *
      * * `crypto.constants.ENGINE_METHOD_RSA`
      * * `crypto.constants.ENGINE_METHOD_DSA`