Sign Up for Free

RunKit +

Try any Node.js package right in your browser

This is a playground to test code. It runs a full Node.js environment and already has all of npm’s 400,000 packages pre-installed, including scmp with all npm packages installed. Try it out:

var scmp = require("scmp")

This service is provided by RunKit and is not affiliated with npm, Inc or the package authors.

scmp v2.0.0

safe, constant-time comparison of Buffers


travis npm downloads

Safe, constant-time comparison of Buffers.

Changes in v2.x

Since scmp 2.x, Buffers are now required to be passed as arguments. In 1.x, the arguments were assumed to be strings, and were always run through String().

Also, there is a new crypto.timingSafeEqual() since Node v6.6.0. If this function is available, then that will be used, otherwise a scmp-internal implementation will be used.


npm install scmp


To minimize vulnerability against timing attacks.


const scmp = require('scmp');
const Buffer = require('safe-buffer').Buffer;

const hash      = Buffer.from('e727d1464ae12436e899a726da5b2f11d8381b26', 'hex');
const givenHash = Buffer.from('e727e1b80e448a213b392049888111e1779a52db', 'hex');

if (scmp(hash, givenHash)) {
  console.log('good hash');
} else {
  console.log('bad hash');


RunKit is a free, in-browser JavaScript dev environment for prototyping Node.js code, with every npm package installed. Sign up to share your code.
Sign Up for Free