You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It's clear this module is also used in crypto-currency wallet implementations - please be careful not to accept any PRs or grant permissions to untrusted third parties.
The text was updated successfully, but these errors were encountered:
For other people checking this repo: scrypt is now part of Node core. You should prefer the builtin crypto lib and avoid this repo (it is no longer maintained).
scrypt-kdf provides a wrapper around the native Node.js OpenSSL scrypt implementation, with a similar interface to this repo.
The Node.js native implementation is just the low-level part of scrypt – for password storage & validation, it is necessary to include a salt and an HMAC hash of the scrypt-derived key, and to provide a verify function, which scrypt-kdf does (as this repo used to).
FYI the same person who injected malicious code into the
event-stream
module also tried to do the same to this module:https://web.archive.org/web/20181126192134/https://github.com/right9ctrl/node-scrypt
Original issue here:
dominictarr/event-stream#116
It's clear this module is also used in crypto-currency wallet implementations - please be careful not to accept any PRs or grant permissions to untrusted third parties.
The text was updated successfully, but these errors were encountered: