js-md4: MD4 Hash Function

0.3.2 · abandoned · verified Sun Apr 19

js-md4 is a JavaScript library providing a pure JavaScript implementation of the MD4 cryptographic hash function. Currently at version 0.3.2, its last known release was over eight years ago, indicating it is an abandoned project with no ongoing maintenance or updates. The library supports UTF-8 encoding for input strings and can process various data types, including JavaScript strings, raw byte `Array`s, `Uint8Array`s, and `ArrayBuffer`s. It offers both a direct hashing function for immediate results and an incremental hashing API via a `create()` method, allowing for data to be fed in chunks. Output formats include hexadecimal strings, byte arrays, and ArrayBuffers. Key differentiators at the time of its release were its pure JavaScript nature, broad browser compatibility (via script tag and AMD), and Node.js support (via CommonJS). Given the long period of inactivity and the known cryptographic weaknesses of MD4 itself, this library is primarily suitable for compatibility with legacy systems or non-security-critical hashing tasks.

Common errors

```
md4 is not defined
```
cause Attempting to use `md4` in a browser without including the script, or in a Node.js ESM context without proper CommonJS import.

fix In browsers, ensure `<script src="path/to/md4.min.js"></script>` is included. In Node.js, use `const md4 = require('js-md4');`.
```
TypeError: md4.buffer is not a function
```
cause Calling the deprecated `buffer()` method on an `md4` hash instance.

fix Replace `hash.buffer()` with `hash.arrayBuffer()`.
```
ReferenceError: require is not defined
```
cause Attempting to use `require('js-md4')` in a browser environment or in an ES Module context in Node.js without a transpiler/bundler.

fix For browsers, use the global `md4` object after loading the script via a `<script>` tag. For ESM in Node.js, this library is not directly compatible; consider a bundler or an alternative library.

Warnings

breaking The MD4 hash algorithm is cryptographically broken and should never be used for security-sensitive applications like password hashing, digital signatures, or integrity checks where collision resistance is required. It is vulnerable to collision attacks.
Fix: Migrate to a cryptographically secure hash function such as SHA-256 or SHA-3 (e.g., using Node.js's `crypto` module or a modern library like `noble-hashes`).
deprecated The `buffer()` method is deprecated due to potential confusion with Node.js's `Buffer` object. Although it might still function, its use is discouraged.
Fix: Use `arrayBuffer()` instead of `buffer()` to retrieve the hash as an ArrayBuffer.
gotcha This library is abandoned and has not been updated in over eight years (last release 0.3.2). It does not receive security patches, bug fixes, or feature enhancements, posing a potential supply chain security risk.
Fix: For new projects, avoid this library entirely. For existing projects, evaluate the risk of using unmaintained code and consider replacing it with a current alternative, especially if MD4 is used for non-cryptographic purposes that require ongoing reliability.
gotcha The library primarily targets CommonJS for Node.js and global/AMD for browsers. It does not provide native ES Module (ESM) exports, which may require bundling or specific loader configurations in modern JavaScript environments.
Fix: For ESM projects, use a bundler (e.g., Webpack, Rollup, Parcel) that can handle CommonJS modules, or continue to use `require()` in Node.js where appropriate.

Install

npm install js-md4 npm
yarn add js-md4 yarn
pnpm add js-md4 pnpm

Imports

md4
wrong:
```
import md4 from 'js-md4';
```
correct:
```
var md4 = require('js-md4');
```
For Node.js, use CommonJS `require`. This library does not provide an ESM export.
md4
```
<script src="path/to/md4.min.js"></script>
// md4 is now global
```
In a browser environment, the `md4` function is exposed globally after including the script.
md4.create
```
var hash = md4.create();
```
Used for incremental hashing, allowing data to be updated in multiple steps before finalizing the hash.

Quickstart

Demonstrates both direct and incremental MD4 hashing with various input and output types, including UTF-8 strings.

const md4 = require('js-md4');

// Basic one-shot hashing
const hash1 = md4('Message to hash');
console.log(`Direct hash: ${hash1}`);

// Hashing with specific output format (hexadecimal is default for direct string input)
const hash2Hex = md4.hex('Another message');
console.log(`Hex output: ${hash2Hex}`);

const hash3Array = md4.array('Bytes output');
console.log(`Array output: ${hash3Array}`);

// Incremental hashing
const hasher = md4.create();
hasher.update('Part one of ');
hasher.update('the message');
const finalHash = hasher.hex();
console.log(`Incremental hash: ${finalHash}`);

// Hashing a UTF-8 string
const utf8Hash = md4('你好世界');
console.log(`UTF-8 hash: ${utf8Hash}`);

view raw JSON →