modified

build/node_modules/tsse/index.js

@@ -0,0 +1,54 @@
+'use strict';
+
+const crypto = require('crypto');
+const Buffer = require('safe-buffer').Buffer;
+
+/**
+ * Buffer constant-time String comparison for buffer of the same length.
+ * @private
+ * @param  {Buffer} a The first string.
+ * @param  {Buffer} b The second string.
+ * @return {boolean} true if equals, false otherwise.
+ */
+function timingSafeEqual(a, b) {
+  let c = 0;
+  const len = a.length;
+  for (let i = 0; i < len; i++) {
+    c |= a[i] ^ b[i];
+  }
+
+  return c === 0;
+}
+
+/**
+ * Does a constant-time String comparison.
+ * NOTE: When `hiddenStr` and `inputStr` have different lengths `hiddenStr` is
+ * compared to itself, which makes the comparison non-commutative (time-wise).
+ * @public
+ * @param  {string|Buffer} hiddenStr A string that you don't want to leak.
+ * @param  {string|Buffer} inputStr Another string.
+ * @return {boolean} true if equals, false otherwise.
+ */
+
+function tsse(hiddenStr, inputStr) {
+  let equal = true;
+  if (hiddenStr.length !== inputStr.length) {
+    // If inputs are of different length we compare `hiddenStr` with itself
+    // and then return false.
+    inputStr = hiddenStr;
+    equal = false;
+  }
+
+  const hiddenBuff = Buffer.from(hiddenStr);
+  const inputBuff = Buffer.from(inputStr);
+  if (crypto.timingSafeEqual) {
+    // Node.js v6.6.0 or higher.
+    equal &= crypto.timingSafeEqual(hiddenBuff, inputBuff);
+  } else {
+    equal &= timingSafeEqual(hiddenBuff, inputBuff);
+  }
+
+  return equal === 1;
+}
+
+module.exports = tsse;

build/node_modules/tsse/license

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017-2020 Simone Primarosa
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

build/node_modules/tsse/package.json

@@ -0,0 +1,72 @@
+{
+  "name": "tsse",
+  "version": "2.1.0",
+  "description": "Constant time string/buffer equals",
+  "license": "MIT",
+  "homepage": "https://github.com/simonepri/tsse#readme",
+  "repository": "github:simonepri/tsse",
+  "bugs": {
+    "url": "https://github.com/simonepri/tsse/issues",
+    "email": "simonepri@outlook.com"
+  },
+  "author": "Simone Primarosa <simonepri@outlook.com> (https://simoneprimarosa.com)",
+  "contributors": [
+    "Simone Primarosa <simonepri@outlook.com> (https://simoneprimarosa.com)"
+  ],
+  "keywords": [
+    "tse",
+    "tsse",
+    "tsscmp",
+    "scmp",
+    "cmp",
+    "safe",
+    "timing",
+    "string",
+    "comparison",
+    "constant time",
+    "equals",
+    "equal",
+    "compare"
+  ],
+  "main": "index.js",
+  "files": [
+    "index.js"
+  ],
+  "engines": {
+    "node": ">=4"
+  },
+  "scripts": {
+    "lint": "xo",
+    "test": "nyc ava",
+    "test:windows": "ava",
+    "bench": "node bench.js",
+    "release": "npx np",
+    "update": "npx npm-check -u"
+  },
+  "dependencies": {
+    "safe-buffer": "^5.1.1"
+  },
+  "devDependencies": {
+    "ava": "~0.25.0",
+    "nyc": "^11.6.0",
+    "present": "^1.0.0",
+    "string.prototype.padstart": "^3.1.3",
+    "xo": "~0.20.3"
+  },
+  "ava": {
+    "verbose": true
+  },
+  "nyc": {
+    "reporter": [
+      "lcovonly",
+      "text"
+    ]
+  },
+  "xo": {
+    "prettier": true,
+    "space": true,
+    "rules": {
+      "prefer-destructuring": "off"
+    }
+  }
+}

build/node_modules/tsse/readme.md

@@ -0,0 +1,143 @@
+<h1 align="center">
+  <b>tsse</b>
+</h1>
+<p align="center">
+  <!-- Version - npm -->
+  <a href="https://www.npmjs.com/package/tsse">
+    <img src="https://img.shields.io/npm/v/tsse.svg" alt="Latest version on npm" />
+  </a>
+  <!-- Downloads - npm -->
+  <a href="https://npm-stat.com/charts.html?package=tsse">
+    <img src="https://img.shields.io/npm/dt/tsse.svg" alt="Downloads on npm" />
+  </a>
+  <!-- License - MIT -->
+  <a href="https://github.com/simonepri/tsse/tree/master/license">
+    <img src="https://img.shields.io/github/license/simonepri/tsse.svg" alt="Project license" />
+  </a>
+
+  <br/>
+
+  <!-- Lint -->
+  <a href="https://github.com/simonepri/tsse/actions?query=workflow:lint+branch:master">
+    <img src="https://github.com/simonepri/tsse/workflows/lint/badge.svg?branch=master" alt="Lint status" />
+  </a>
+  <!-- Test - macOS -->
+  <a href="https://github.com/simonepri/tsse/actions?query=workflow:test-macos+branch:master">
+    <img src="https://github.com/simonepri/tsse/workflows/test-macos/badge.svg?branch=master" alt="Test macOS status" />
+  </a>
+  <!-- Test - Ubuntu -->
+  <a href="https://github.com/simonepri/tsse/actions?query=workflow:test-ubuntu+branch:master">
+    <img src="https://github.com/simonepri/tsse/workflows/test-ubuntu/badge.svg?branch=master" alt="Test Ubuntu status" />
+  </a>
+  <!-- Test - Windows -->
+  <a href="https://github.com/simonepri/tsse/actions?query=workflow:test-windows+branch:master">
+    <img src="https://github.com/simonepri/tsse/workflows/test-windows/badge.svg?branch=master" alt="Test Windows status" />
+  </a>
+  <!-- Coverage - Codecov -->
+  <a href="https://codecov.io/gh/simonepri/tsse">
+    <img src="https://img.shields.io/codecov/c/github/simonepri/tsse/master.svg" alt="Codecov Coverage report" />
+  </a>
+  <!-- DM - Snyk -->
+  <a href="https://snyk.io/test/github/simonepri/tsse?targetFile=package.json">
+    <img src="https://snyk.io/test/github/simonepri/tsse/badge.svg?targetFile=package.json" alt="Known Vulnerabilities" />
+  </a>
+
+  <br/>
+
+  <!-- Code Style - XO-Prettier -->
+  <a href="https://github.com/xojs/xo">
+    <img src="https://img.shields.io/badge/code_style-XO+Prettier-5ed9c7.svg" alt="XO Code Style used" />
+  </a>
+  <!-- Test Runner - AVA -->
+  <a href="https://github.com/avajs/ava">
+    <img src="https://img.shields.io/badge/test_runner-AVA-fb3170.svg" alt="AVA Test Runner used" />
+  </a>
+  <!-- Test Coverage - Istanbul -->
+  <a href="https://github.com/istanbuljs/nyc">
+    <img src="https://img.shields.io/badge/test_coverage-NYC-fec606.svg" alt="Istanbul Test Coverage used" />
+  </a>
+  <!-- Init - ni -->
+  <a href="https://github.com/simonepri/ni">
+    <img src="https://img.shields.io/badge/initialized_with-ni-e74c3c.svg" alt="NI Scaffolding System used" />
+  </a>
+  <!-- Release - np -->
+  <a href="https://github.com/sindresorhus/np">
+    <img src="https://img.shields.io/badge/released_with-np-6c8784.svg" alt="NP Release System used" />
+  </a>
+</p>
+<p align="center">
+  ⏱ Constant time string/buffer equals.
+
+  <br/>
+
+  <sub>
+    Coded with ❤️ by <a href="#authors">Simone Primarosa</a>.
+  </sub>
+</p>
+
+## Synopsis
+tsse is a string comparison algorithm to prevent Node.js timing attacks.
+
+> This differs from `crypto.timingSafeEqual` because it: 
+>  - supports both `strings` and `Buffers`;
+>  - supports inputs of different lengths.
+
+## Install
+
+```
+$ npm install --save tsse
+```
+
+## Usage
+
+```js
+const tsse = require('tsse');
+
+const hash      = '0a4d55a8d778e5022fab701977c5d840bbc486d0';
+const givenHash = '1265a5eb08997ced279d3854629cba68a378b528';
+
+if (tsse(hash, givenHash)) {
+  console.log('good hash');
+} else {
+  console.log('bad hash');
+}
+// => bad hash
+```
+
+## API
+
+<a name="tsse"></a>
+
+### tsse(hiddenStr, inputStr) ⇒ <code>boolean</code>
+Does a constant-time String comparison.  
+NOTE: When `hiddenStr` and `inputStr` have different lengths `hiddenStr` is compared to itself, which makes the comparison non-commutative (time-wise).
+
+**Kind**: global function  
+**Returns**: <code>boolean</code> - true if equals, false otherwise.  
+**Access**: public  
+
+| Param | Type | Description |
+| --- | --- | --- |
+| hiddenStr | <code>string</code> \| <code>Buffer</code> | A string that you don't want to leak. |
+| inputStr | <code>string</code> \| <code>Buffer</code> | Another string. |
+
+## Contributing
+Contributions are REALLY welcome and if you find a security flaw in this code, PLEASE [report it][new issue].
+
+## Authors
+- **Simone Primarosa** - *Github* ([@simonepri][github:simonepri]) • *Twitter* ([@simoneprimarosa][twitter:simoneprimarosa])
+
+See also the list of [contributors][contributors] who participated in this project.
+
+## License
+This project is licensed under the MIT License - see the [license][license] file for details.
+
+
+<!-- Links -->
+[new issue]: https://github.com/simonepri/tsse/issues/new
+[contributors]: https://github.com/simonepri/tsse/contributors
+
+[license]: https://github.com/simonepri/tsse/tree/master/license
+
+[github:simonepri]: https://github.com/simonepri
+[twitter:simoneprimarosa]: http://twitter.com/intent/user?screen_name=simoneprimarosa