{"id":11281,"library":"md5.js","title":"MD5 Hashing Utility","description":"The `md5.js` package provides an MD5 hashing algorithm implementation written purely in JavaScript, designed to be compatible with Node.js's `crypto` module style. As of its current stable version 1.3.5, it offers a straightforward API for computing MD5 hashes from strings or streams. While it facilitates MD5 computation, it's crucial for developers to acknowledge that the MD5 algorithm is cryptographically compromised, particularly regarding its collision resistance, as highlighted by NIST SP 800-131A. This vulnerability makes it unsuitable for security-sensitive applications such as digital signatures, password hashing, or any scenario where collision resistance is paramount. The package is part of the broader `crypto-browserify` project, which aims to provide Node.js-compatible cryptographic primitives for browser environments, often through polyfills. It maintains a stable, rather than rapid, release cadence, reflecting its mature and foundational utility, despite the inherent cryptographic weaknesses of MD5 itself. Its key differentiator is its pure JavaScript nature, making it universally deployable without native dependencies.","status":"maintenance","version":"1.3.5","language":"javascript","source_language":"en","source_url":"https://github.com/crypto-browserify/md5.js","tags":["javascript","crypto","md5"],"install":[{"cmd":"npm install md5.js","lang":"bash","label":"npm"},{"cmd":"yarn add md5.js","lang":"bash","label":"yarn"},{"cmd":"pnpm add md5.js","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"This package is primarily CommonJS. While modern bundlers or Node.js's CJS-ESM interop might allow `import` syntax, the canonical and most reliable way to consume this library in Node.js is via `require`.","wrong":"import MD5 from 'md5.js'","symbol":"MD5","correct":"const MD5 = require('md5.js')"},{"note":"The MD5 class must be instantiated with `new` before calling `update()` to feed data and `digest()` to retrieve the hash. It is not a direct function call.","wrong":"MD5('your data', 'hex')","symbol":"MD5 hash computation","correct":"new MD5().update('your data').digest('hex')"},{"note":"The MD5 instance is a Writable stream that processes input and can be read from (like a Readable stream) to get the final hash after `end()` is called. It does not implement the full Duplex stream interface for piping to other transforms in the same way `node:crypto`'s HASH objects do.","wrong":"md5Stream.pipe(anotherStream)","symbol":"MD5 stream usage","correct":"const md5Stream = new MD5(); md5Stream.end('data'); const hash = md5Stream.read().toString('hex');"}],"quickstart":{"code":"const MD5 = require('md5.js');\n\n// Compute MD5 hash of a string\nconst inputString = 'hello world';\nconst hash1 = new MD5().update(inputString).digest('hex');\nconsole.log(`MD5 of '${inputString}': ${hash1}`);\n// Expected: 5d41402abc4b2a76b9719d911017c592\n\n// Compute MD5 hash using stream-like interface\nconst md5Stream = new MD5();\nmd5Stream.write('some ');\nmd5Stream.write('more ');\nmd5Stream.end('data'); // Signal end of input\nconst hash2 = md5Stream.read().toString('hex');\nconsole.log(`MD5 of 'some more data': ${hash2}`);\n// Expected: e6b4d32e5b7c4d519b7d0187a55c26b8\n","lang":"javascript","description":"Demonstrates both synchronous string hashing and asynchronous, stream-like processing to compute MD5 hashes, outputting them in hexadecimal format."},"warnings":[{"fix":"For security-critical hashing, migrate to modern cryptographic hash functions like SHA-256, SHA-3, or Argon2 (for password hashing). This package should only be used for legacy compatibility, data integrity checks where collisions are not a security concern, or non-security-critical applications.","message":"The MD5 algorithm is cryptographically broken for collision resistance. It should NOT be used for security-sensitive applications such as digital signatures, password hashing, message authentication codes (MACs), or any scenario where two different inputs must yield different hashes.","severity":"breaking","affected_versions":">=1.0.0"},{"fix":"If high performance in Node.js is critical and pure JavaScript portability isn't strictly required, consider using `node:crypto`'s native MD5 hashing instead. This package is primarily beneficial for browser environments via bundlers or specific environments where native crypto is unavailable.","message":"This package provides a pure JavaScript implementation of MD5. In Node.js environments, the built-in `node:crypto` module offers a native, typically faster implementation (e.g., `require('node:crypto').createHash('md5')`). Performance characteristics might differ.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"For stream-based hashing, use `write()` and `end()` to feed data, then `read()` to obtain the final hash `Buffer`. If integrating with complex stream pipelines, consider adapting to `node:crypto`'s `createHash('md5')` which offers a more robust stream interface.","message":"The `md5.js` API does not fully mimic a standard Node.js `Duplex` stream for `pipe()` operations. While it has `write()` and `read()` methods, piping directly from an `MD5` instance to another writable stream after `end()` might not behave as expected for continuous data flow.","severity":"gotcha","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-19T00:00:00.000Z","next_check":"2026-07-18T00:00:00.000Z","problems":[{"fix":"Ensure you are using `const MD5 = require('md5.js')` and then instantiating it with `new MD5()` to create an MD5 object.","cause":"Attempting to call MD5 as a regular function (e.g., `MD5().update(...)`) or incorrect import in a CommonJS context that doesn't return a class.","error":"TypeError: MD5 is not a constructor"},{"fix":"Add `const MD5 = require('md5.js');` at the top of your JavaScript file or within the appropriate scope before attempting to use the `MD5` symbol.","cause":"The `md5.js` module has not been correctly required or imported into the current scope.","error":"ReferenceError: MD5 is not defined"}],"ecosystem":"npm"}