{"id":11522,"library":"parse-asn1","title":"ASN.1 Parser Utility","description":"parse-asn1 is a utility library designed for parsing Abstract Syntax Notation One (ASN.1) encoded data. It is primarily used within the `crypto-browserify` ecosystem, serving as a dependency for libraries like `browserify-sign` to handle cryptographic artifacts such as X.509 certificates and private keys. The current stable version is 5.1.9, with the last update approximately 7 months ago, indicating a maintenance-focused release cadence. The library provides a JavaScript implementation for interpreting BER/DER encoded binary data into a structured JavaScript object. A key differentiator is its role in providing browser compatibility for Node.js's crypto functionalities, though ASN.1 parsing itself is inherently complex and a common source of security vulnerabilities if not handled robustly.","status":"maintenance","version":"5.1.9","language":"javascript","source_language":"en","source_url":"git://github.com/crypto-browserify/parse-asn1","tags":["javascript"],"install":[{"cmd":"npm install parse-asn1","lang":"bash","label":"npm"},{"cmd":"yarn add parse-asn1","lang":"bash","label":"yarn"},{"cmd":"pnpm add parse-asn1","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Core library for low-level ASN.1 encoding/decoding operations.","package":"asn1.js","optional":false},{"reason":"Provides AES cryptographic functions, potentially for handling encrypted ASN.1 structures like PKCS#8 encrypted private keys.","package":"browserify-aes","optional":false},{"reason":"Utility for deriving a key from a password, commonly used in password-based encryption of keys.","package":"evp_bytestokey","optional":false},{"reason":"Password-Based Key Derivation Function 2, essential for secure key derivation from passwords.","package":"pbkdf2","optional":false},{"reason":"Ensures Buffer API compatibility across different Node.js versions and environments.","package":"safe-buffer","optional":false}],"imports":[{"note":"The library primarily exports a single default function, `parseASN1`, which is typically imported directly. It is designed for CommonJS environments but can be used with ESM via default import.","wrong":"import { parseASN1 } from 'parse-asn1'; // Incorrect for default export\nconst { parseASN1 } = require('parse-asn1'); // Incorrect for default export","symbol":"parseASN1","correct":"import parseASN1 from 'parse-asn1';\n// Or for CommonJS:\nconst parseASN1 = require('parse-asn1');"}],"quickstart":{"code":"import parseASN1 from 'parse-asn1';\nimport { Buffer } from 'buffer';\n\n// Example: A simple DER-encoded ASN.1 sequence\n// This represents a SEQUENCE containing an INTEGER (value 1) and a BOOLEAN (value true)\n// 30 07         -- Sequence, length 7\n//   02 01 01    -- Integer, length 1, value 1\n//   01 01 ff    -- Boolean, length 1, value true\nconst asn1DerBuffer = Buffer.from([\n  0x30, 0x07,\n  0x02, 0x01, 0x01,\n  0x01, 0x01, 0xFF\n]);\n\ntry {\n  const parsed = parseASN1(asn1DerBuffer);\n  console.log('Successfully parsed ASN.1 data:');\n  console.log(JSON.stringify(parsed, null, 2));\n\n  // Accessing elements (example output structure might vary slightly)\n  if (parsed && Array.isArray(parsed.value)) {\n    const integerNode = parsed.value[0];\n    const booleanNode = parsed.value[1];\n    console.log(`First element (Integer): Type ${integerNode.type}, Value ${integerNode.value.toString('hex')}`);\n    console.log(`Second element (Boolean): Type ${booleanNode.type}, Value ${booleanNode.value.toString('hex')}`);\n  }\n\n} catch (error) {\n  console.error('Error parsing ASN.1 data:', error.message);\n}\n\n// Another example: a simple OID\n// 06 03 2A 86 48 (1.2.840)\nconst oidBuffer = Buffer.from([0x06, 0x03, 0x2A, 0x86, 0x48]);\ntry {\n  const parsedOid = parseASN1(oidBuffer);\n  console.log('\\nSuccessfully parsed OID:');\n  console.log(JSON.stringify(parsedOid, null, 2));\n} catch (error) {\n  console.error('Error parsing OID:', error.message);\n}","lang":"javascript","description":"This quickstart demonstrates how to use `parse-asn1` to decode a simple DER-encoded ASN.1 sequence and an Object Identifier (OID) from a Buffer and print the resulting JavaScript object structure."},"warnings":[{"fix":"Ensure your Node.js environment is v4 or newer. If you require `asn1.js` v5 features and are stuck on an older Node.js, consider upgrading Node.js or finding an alternative ASN.1 parsing solution.","message":"Version 5.1.7 downgraded its internal dependency `asn1.js` from v5 to v4 due to `asn1.js` v5 dropping support for Node.js versions older than 4. Users on very old Node.js runtimes (pre-v4) might encounter issues or require specific dependency pinning if they relied on newer `asn1.js` features through `parse-asn1`.","severity":"breaking","affected_versions":">=5.1.7"},{"fix":"Always review the full changelog and test thoroughly when upgrading across major versions. Consult the `crypto-browserify` ecosystem documentation for compatibility notes if `parse-asn1` is an indirect dependency.","message":"Major version changes (v3.0.0, v4.0.0, v5.0.0) in 'parse-asn1' often correspond to significant updates or changes in its underlying dependencies, particularly `asn1.js` or `browserify-aes`. While specific breaking API changes aren't always explicitly detailed in simple changelog entries, these major bumps indicate potential shifts in behavior or required input/output formats, especially concerning how different cryptographic key types (e.g., 'PRIVATE KEY' vs 'EC PRIVATE KEY') are handled.","severity":"breaking","affected_versions":">=3.0.0"},{"fix":"Treat all ASN.1 inputs from untrusted sources with extreme caution. Validate parsed structures against expected schemas and constraints. Avoid making assumptions about the structure if it deviates from strict DER encoding rules.","message":"ASN.1 parsing, especially in security-critical contexts like X.509 certificates, is notoriously complex and prone to implementation errors (e.g., handling indefinite lengths, tag class mismatches, malleable encodings). Incorrect parsing can lead to vulnerabilities such as signature bypasses or misinterpretation of data.","severity":"gotcha","affected_versions":"*"},{"fix":"Always convert your input data to a `Buffer` or `Uint8Array` before passing it to `parseASN1`. Example: `parseASN1(Buffer.from(hexString, 'hex'))` or `parseASN1(new Uint8Array(byteArray))`.","message":"The library expects binary input as a Node.js `Buffer` or `Uint8Array`. Passing other types, such as plain strings (unless they are a direct representation like hex strings that you explicitly convert), will result in parsing errors.","severity":"gotcha","affected_versions":"*"}],"env_vars":null,"last_verified":"2026-04-19T00:00:00.000Z","next_check":"2026-07-18T00:00:00.000Z","problems":[{"fix":"Verify the integrity and correctness of your ASN.1 input data. If the data is from an external source, ensure it adheres to the expected encoding rules (e.g., DER vs. BER). Debug by examining the raw bytes around the reported error position to understand the ASN.1 tag and length values.","cause":"The ASN.1 parser encountered a primitive encoding where a constructed type (like a SEQUENCE or SET) was expected, or vice-versa. This often indicates malformed ASN.1 data or an incorrect expectation about the input structure.","error":"Error: Expected constructed type but found primitive"},{"fix":"Always wrap calls to `parseASN1` in a `try...catch` block and check if the returned value is valid before attempting to access its properties. The `parseASN1` function may throw an error directly for invalid input.","cause":"This typically occurs when trying to access properties of the object returned by `parseASN1` without proper error checking, and the parsing failed or returned an unexpected (e.g., `null` or `undefined`) result.","error":"TypeError: Cannot read properties of undefined (reading 'value')"},{"fix":"Inspect the raw ASN.1 binary data at the reported offset. Confirm that the tag and length bytes are correctly formed according to ASN.1 BER/DER specifications. This might indicate corrupted data or an unsupported ASN.1 structure.","cause":"The parser encountered an ASN.1 tag that it does not recognize or a length field that is malformed or inconsistent with the remaining data.","error":"Error: Unsupported tag or invalid length"}],"ecosystem":"npm"}