An isomorphic timing-safe equality function for strings and Uint8Arrays.
This is a port of @ircmaxell's function for PHP, published here.
If you want to avoid leaking the length of your secret, you should always pass that as the first argument to the function.
npm install crypto-timing-safe-equalsimport timingSafeEquals from 'crypto-timing-safe-equals';
// Let's check if two strings are equal, in a timing-safe manner
timingSafeEquals ( 'secret', 'secret' ); // => true
timingSafeEquals ( 'secret', 'attempt' ); // => false
// Let's check if two Uint8Arrays are equal, in a timing-safe manner
timingSafeEquals ( new Uint8Array ([ 102, 111, 111 ]), new Uint8Array ([ 102, 111, 111 ]) ); // => true
timingSafeEquals ( new Uint8Array ([ 102, 111, 111 ]), new Uint8Array ([ 98, 97, 114 ]) ); // => falseMIT © Fabio Spampinato