Sign and unsign cookies
latest non vulnerable version
10 years ago
latest version published
10 months ago
Known vulnerabilities in the cookie-signature package. This does not include vulnerabilities belonging to this package’s dependencies.Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
'cookie-signature' is a library for signing cookies.
You can read more about timing attacks in Node.js on the Snyk blog: https://snyk.io/blog/node-js-timing-attack-ccc-ctf/
How to fix Non-Constant Time String Comparison?