Removes buffer-equal-constant-time dependency

billytrend · rvagg · commit ce36ecb0899a · 2019-09-19T21:48:31.000+10:00
diff --git a/github-webhook-handler.js b/github-webhook-handler.js
@@ -2,7 +2,6 @@ const EventEmitter = require('events').EventEmitter
     , inherits     = require('util').inherits
     , crypto       = require('crypto')
     , bl           = require('bl')
-    , bufferEq     = require('buffer-equal-constant-time')
 
 function create (options) {
   if (typeof options != 'object')
@@ -37,7 +36,7 @@ function create (options) {
   }
 
   function verify (signature, data) {
-    return bufferEq(Buffer.from(signature), Buffer.from(sign(data)))
+    return crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(sign(data)))
   }
 
   function handler (req, res, callback) {
diff --git a/package.json b/package.json
@@ -18,8 +18,7 @@
   },
   "license": "MIT",
   "dependencies": {
-    "bl": "~1.1.2",
-    "buffer-equal-constant-time": "~1.0.1"
+    "bl": "~1.1.2"
   },
   "devDependencies": {
     "@types/node": "*",

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,6 @@ const EventEmitter = require('events').EventEmitter`
`2`	`2`	`, inherits = require('util').inherits`
`3`	`3`	`, crypto = require('crypto')`
`4`	`4`	`, bl = require('bl')`
`5`		`- , bufferEq = require('buffer-equal-constant-time')`
`6`	`5`
`7`	`6`	`function create (options) {`
`8`	`7`	`if (typeof options != 'object')`
`@@ -37,7 +36,7 @@ function create (options) {`
`37`	`36`	`}`
`38`	`37`
`39`	`38`	`function verify (signature, data) {`
`40`		`- return bufferEq(Buffer.from(signature), Buffer.from(sign(data)))`
	`39`	`+ return crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(sign(data)))`
`41`	`40`	`}`
`42`	`41`
`43`	`42`	`function handler (req, res, callback) {`