Various Hash Functions (SHA1, SHA256, HMAC)

Common errors

• TypeError: hash.sha256 is not a function

  cause Attempting to call a hash function directly on a module imported as a namespace in CommonJS when the module's structure expects it to be accessed as a property, or if the main import doesn't expose all algorithms directly in ESM.
  fix Ensure the import is correct: `const hash = require('hash.js'); hash.sha256()...` for CJS, or `import * as hash from 'hash.js'; hash.sha256()...` for ESM. For individual algorithms, use direct path imports: `const sha256 = require('hash.js/lib/hash/sha/256'); sha256()...` or `import { sha256 } from 'hash.js/lib/hash/sha/256'; sha256()...`

• Error: Cannot find module 'hash.js/lib/hash/sha/512'

  cause Incorrect file path for selective algorithm import, or module resolution issues in an unusual environment/bundler setup.
  fix Double-check the exact path to the algorithm module. Ensure your bundler or Node.js environment is configured to correctly resolve modules from `node_modules` and sub-paths, especially in mixed CJS/ESM projects.

Warnings

• breaking This package is effectively abandoned with no new releases or active maintenance since 2017. Its cryptographic implementations may not receive updates for newly discovered vulnerabilities or performance improvements. For security-critical applications, consider actively maintained alternatives or Node.js's native `crypto` module.
  Fix: Migrate to Node.js built-in `crypto` module (e.g., `require('crypto').createHash('sha256')`) or a well-maintained third-party cryptographic library.
• gotcha The package primarily uses CommonJS (CJS) module syntax. While modern Node.js environments can import CJS packages into ES Modules (ESM) projects, direct named imports from the root package might behave unexpectedly. Selective imports via full paths (e.g., `hash.js/lib/hash/sha/256`) are more reliable for specific algorithms.
  Fix: When using in an ESM project, prefer `import * as hash from 'hash.js'` for the main entry point, and `import { specificHash } from 'hash.js/lib/hash/specific/path'` for individual algorithms. Ensure your build setup correctly handles CJS interoperability.
• gotcha Older hash algorithms like SHA-1, while available, are considered cryptographically weak for many modern security applications due to demonstrated vulnerabilities and collision attacks. Using them for new authentication, digital signatures, or integrity checks is strongly discouraged.
  Fix: Always prefer stronger algorithms like SHA-256 or SHA-512 for new implementations. Consult current cryptographic best practices for algorithm selection.

Install

• npm install hash.js npm
• yarn add hash.js yarn
• pnpm add hash.js pnpm

Imports

• hash
  wrong:

  import hash from 'hash.js'; // Default import is not the primary export

  correct:

  import * as hash from 'hash.js'; // For ESM
  const hash = require('hash.js'); // For CommonJS

  The top-level package exports an object containing constructors for various hash algorithms. In ESM, import as a namespace or use named exports if available. CommonJS uses `require()` for the module object.
• sha256
  wrong:

  import { sha256 } from 'hash.js'; // Not directly exported from root in older versions

  correct:

  import { sha256 } from 'hash.js/lib/hash/sha/256'; // For ESM
  const sha256 = require('hash.js/lib/hash/sha/256'); // For CommonJS

  Individual hash algorithms are often imported directly from their specific paths for selective use and potential tree-shaking benefits. While TypeScript types might infer a root export, direct pathing is safer for older CJS structures.
• Hmac
  wrong:

  import Hmac from 'hash.js/lib/hmac'; // Not a default export

  correct:

  import { Hmac } from 'hash.js'; // For ESM with type definitions
  const Hmac = require('hash.js/lib/hmac'); // For CommonJS

  HMAC functionality is available either via direct named import if types support it, or by requiring its specific CommonJS module path.

Quickstart

Demonstrates how to import and use various hash functions (SHA256, SHA512, HMAC) from `hash.js`, including both main and selective module imports, in a TypeScript environment.

import * as hash from 'hash.js';
import { sha512 } from 'hash.js/lib/hash/sha/512';

// Example 1: Using the main hash.js export for SHA256
const dataToHash1 = 'Hello, Checklist Day!';
const sha256Hash = hash.sha256().update(dataToHash1).digest('hex');
console.log(`SHA256 Hash of '${dataToHash1}': ${sha256Hash}`);

// Example 2: Using selective import for SHA512
const dataToHash2 = 'Another piece of text to hash securely.';
const sha512Hash = sha512().update(dataToHash2).digest('hex');
console.log(`SHA512 Hash of '${dataToHash2}': ${sha512Hash}`);

// Example 3: Using HMAC with SHA256
const secretKey = 'my-super-secret-key';
const message = 'The quick brown fox jumps over the lazy dog';
const hmacSha256 = hash.hmac(hash.sha256, secretKey).update(message).digest('hex');
console.log(`HMAC-SHA256 of '${message}' with key '${secretKey}': ${hmacSha256}`);

// For demonstration purposes with environment variable (e.g., for API keys)
const apiKey = process.env.API_KEY ?? 'default-fallback-api-key';
const sensitiveData = `User info: ${apiKey}`;
const hashOfSensitiveData = hash.sha1().update(sensitiveData).digest('hex');
console.log(`SHA1 Hash of sensitive data (using API_KEY): ${hashOfSensitiveData.substring(0, 20)}...`);