{"id":10623,"library":"checksum","title":"Checksum Utility for Node.js","description":"The `checksum` package by `dshaw` is a minimalistic utility for Node.js environments, designed to compute cryptographic hashes for strings and local files. It supports algorithms such as SHA1 (which is the default) and MD5, alongside others provided by Node.js's built-in `crypto` module. The package's current and only stable version, 1.0.0, was last published approximately five years ago (as of April 2026), indicating it is no longer under active maintenance or development. This makes it suitable primarily for legacy CommonJS Node.js projects. While it offers a straightforward API for both direct string hashing and asynchronous file hashing, as well as a command-line interface, developers should be aware of its unmaintained status and the use of older, less secure default hashing algorithms like SHA1 and MD5 for modern integrity verification needs. More contemporary Node.js projects often leverage the native `crypto` module directly or use newer, actively maintained third-party libraries that offer ESM support and stronger defaults.","status":"abandoned","version":"1.0.0","language":"javascript","source_language":"en","source_url":"git://github.com/dshaw/checksum","tags":["javascript","checksum","shasum","hash","sha","sha1","md5"],"install":[{"cmd":"npm install checksum","lang":"bash","label":"npm"},{"cmd":"yarn add checksum","lang":"bash","label":"yarn"},{"cmd":"pnpm add checksum","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"This package is CommonJS-only and does not support ES module `import` syntax. Attempting to use `import` will result in a `ReferenceError` in an ESM context.","wrong":"import checksum from 'checksum'","symbol":"checksum","correct":"const checksum = require('checksum')"},{"note":"Functions like `file` are methods of the default CommonJS export object, not named exports. The package is not designed for destructuring named imports.","wrong":"import { file } from 'checksum'; file('path/to/file.txt', ...);","symbol":"checksum.file","correct":"const checksum = require('checksum');\nchecksum.file('path/to/file.txt', (err, sum) => { /* ... */ });"}],"quickstart":{"code":"const checksum = require('checksum');\nconst fs = require('fs');\n\n// Calculate checksum for a string\nconst stringToHash = 'Hello, world!';\nconst stringChecksum = checksum(stringToHash);\nconsole.log(`Checksum for '${stringToHash}': ${stringChecksum}`);\n\n// Calculate checksum for a file\nconst filePath = 'example.txt';\nfs.writeFileSync(filePath, 'This is a test file for checksum calculation.');\n\nchecksum.file(filePath, { algorithm: 'sha256' }, (err, sum) => {\n  if (err) {\n    console.error('Error calculating file checksum:', err);\n    return;\n  }\n  console.log(`Checksum (SHA256) for '${filePath}': ${sum}`);\n  fs.unlinkSync(filePath); // Clean up the test file\n});\n\n// Using the CLI tool (requires global install: npm install -g checksum)\n// To run in terminal: echo -n 'dshaw' | checksum\n// Or: checksum ./example.txt\n","lang":"javascript","description":"Demonstrates how to calculate checksums for both strings and files using the main `checksum` function and its `file` method, including cleanup."},"warnings":[{"fix":"Migrate to Node.js's built-in `crypto` module (e.g., `require('crypto').createHash('sha256')`) or a modern, actively maintained third-party library.","message":"The `checksum` package has not been updated in approximately five years and is considered abandoned. It may contain unaddressed bugs or security vulnerabilities and is not recommended for new projects, especially those with strict security requirements.","severity":"breaking","affected_versions":"1.0.0"},{"fix":"Always specify a stronger algorithm like SHA256 or SHA512 using the `algorithm` option (e.g., `checksum(data, { algorithm: 'sha256' })`). For critical applications, consider `crypto.createHash('sha256')` directly.","message":"The default hashing algorithm for both string and file checksums is SHA1. SHA1 is cryptographically weak and has known collision vulnerabilities, making it unsuitable for integrity verification in many modern applications.","severity":"gotcha","affected_versions":"1.0.0"},{"fix":"If your project is ESM, either use `createRequire` from the `module` module to import it, dynamically `import()` it (if compatible), or migrate to an ESM-compatible hashing library. Alternatively, ensure your project remains CommonJS.","message":"This package is designed for CommonJS (CJS) environments and uses `require()` syntax. It does not natively support ES Modules (ESM) `import` syntax, which is standard in modern Node.js projects with `\"type\": \"module\"` in `package.json`.","severity":"gotcha","affected_versions":"1.0.0"},{"fix":"Install `@types/checksum` if available, or create a custom `d.ts` declaration file (e.g., `declare module 'checksum';`). For better TS support, consider a library that ships with its own types.","message":"The `checksum` package does not provide TypeScript type definitions. Developers using TypeScript will lack type safety and autocompletion without manually creating declaration files or relying on community-contributed `@types/checksum` packages (if available and up-to-date).","severity":"gotcha","affected_versions":"1.0.0"}],"env_vars":null,"last_verified":"2026-04-19T00:00:00.000Z","next_check":"2026-07-18T00:00:00.000Z","problems":[{"fix":"If staying with ESM, use `import { createRequire } from 'module'; const require = createRequire(import.meta.url); const checksum = require('checksum');`. Otherwise, convert your project to CommonJS by setting `\"type\": \"commonjs\"` in `package.json` or renaming files to `.cjs`.","cause":"Attempting to use `require('checksum')` in an ES Module (`.mjs` file or project with `\"type\": \"module\"` in `package.json`) context.","error":"ReferenceError: require is not defined"},{"fix":"First, try `npm cache clean --force`. If the problem persists, delete `node_modules/` and `package-lock.json`, then run `npm install` again. If the issue is persistent and related to SHA1, consider avoiding this outdated package.","cause":"This error typically occurs during `npm install` when a package's checksum in `package-lock.json` doesn't match the downloaded package. This can happen with older packages due to `npm` changing its default integrity algorithm from SHA1 to SHA512, or due to cache corruption.","error":"npm ERR! code EINTEGRITY"}],"ecosystem":"npm"}