@se-oss/timing-safe-compare provides constant-time string and buffer comparison for Node.js and browsers to prevent timing attacks.
npm install @se-oss/timing-safe-compareInstall using your favorite package manager
pnpm
pnpm install @se-oss/timing-safe-compareyarn
yarn add @se-oss/timing-safe-compareCompare two strings in constant time. This is useful for comparing passwords, tokens, or any other sensitive data where the length is already known or handled.
import { safeCompare } from '@se-oss/timing-safe-compare';
if (safeCompare(inputPassword, storedPassword)) {
// Passwords match
}Compare two Uint8Array (or Buffer in Node.js) instances in constant time. Note that both buffers must have the same length.
import { timingSafeEqual } from '@se-oss/timing-safe-compare';
const a = new Uint8Array([1, 2, 3]);
const b = new Uint8Array([1, 2, 3]);
if (timingSafeEqual(a, b)) {
// Buffers are equal
}For all configuration options, please see the API docs.
Want to contribute? Awesome! To show your support is to star the project, or to raise issues on GitHub.
Thanks again for your support, it is much appreciated! π
MIT Β© Shahrad Elahi and contributors.