Title: Runtime-deprecate calling digest() on HMAC more than once · Issue #62838 · nodejs/node · GitHub
Open Graph Title: Runtime-deprecate calling digest() on HMAC more than once · Issue #62838 · nodejs/node
X Title: Runtime-deprecate calling digest() on HMAC more than once · Issue #62838 · nodejs/node
Description: (Upd: detected by the scanner behind @deepview-autofix) Hash behavior is reasonable: > hash = require('crypto').createHash('sha256').update('data') > hash.digest() Open Graph Description: (Upd: detected by the scanner behind @deepview-autofix) Hash behavior is reasonable: > hash = require('crypto').createHash('sha256').update('data') > hash.digest() X Description: (Upd: detected by the scanner behind @deepview-autofix) Hash behavior is reasonable: > hash = require('crypto').createHash('sha256').update('data') > hash.digest() <...
Opengraph URL: https://github.com/nodejs/node/issues/62838
X: @github
Domain: github.com
Links:
Viewport: width=device-width
Hey, it has json ld scripts:
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Runtime-deprecate calling digest() on HMAC more than once","articleBody":"(Upd: detected by the scanner behind @deepview-autofix)\n\nHash behavior is reasonable:\n```js\n\u003e hash = require('crypto').createHash('sha256').update('data')\n\u003e hash.digest()\n\u003cBuffer 3a 6e b0 79 0f 39 ac 87 c9 4f 38 56 b2 dd 2c 5d 11 0e 68 11 60 22 61 a9 a9 23 d3 bb 23 ad c8 b7\u003e\n\u003e hash.digest()\nUncaught Error [ERR_CRYPTO_HASH_FINALIZED]: Digest already called\n at Hash.digest (node:internal/crypto/hash:155:11) {\n code: 'ERR_CRYPTO_HASH_FINALIZED'\n}\n```\n\nBut HMAC, on the other hand, returns empty buffers on further `.digest()` calls, likely for compat reasons:\n```js\n\u003e hmac = require('crypto').createHmac('sha256', 'key').update('data')\n\u003e hmac.digest()\n\u003cBuffer 50 31 fe 3d 98 9c 6d 15 37 a0 13 fa 6e 73 9d a2 34 63 fd ae c3 b7 01 37 d8 28 e3 6a ce 22 1b d0\u003e\n\u003e hmac.digest()\n\u003cBuffer \u003e\n```\n\nThis is a footgun with potential security risks, and should be first runtime-deprecated, then removed if no breakage is detected.\n\n---\n\n\u003cimg width=\"1170\" height=\"155\" alt=\"Image\" src=\"https://github.com/user-attachments/assets/5b0e40bc-95ed-49b8-b696-299176bcc01d\" /\u003e","author":{"url":"https://github.com/ChALkeR","@type":"Person","name":"ChALkeR"},"datePublished":"2026-04-20T05:05:11.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":11},"url":"https://github.com/62838/node/issues/62838"}
route-pattern /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) route-controller voltron_issues_fragments route-action issue_layout fetch-nonce v2:95cafb9e-6a2d-77d5-818d-afe5f36aa22f current-catalog-service-hash 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 request-id D43A:228A12:254D531:34E08C7:6A4CE97C html-safe-nonce 42fece81213fa1a5f3fd765595eb3705e7c8e97b6cfd827b3d14afabcbd84a96 visitor-payload eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJENDNBOjIyOEExMjoyNTRENTMxOjM0RTA4Qzc6NkE0Q0U5N0MiLCJ2aXNpdG9yX2lkIjoiMjIwNDk2NDU0MTQzMDU1NzA1MiIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9 visitor-hmac cb0d3a88fb31ea7db78dfaa634298532adef7e02fba0d76465bc0377552081d4 hovercard-subject-tag issue:4293209577 github-keyboard-shortcuts repository,issues,copilot google-site-verification Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I octolytics-url https://collector.github.com/github/collect analytics-location / fb:app_id 1401488693436528 apple-itunes-app app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/nodejs/node/62838/issue_layout twitter:image https://opengraph.githubassets.com/6336e0445ce34a4f76074fbe490f8e6d2f89894b26aef13ae5fe1ec11aa1d74f/nodejs/node/issues/62838 twitter:card summary_large_image og:image https://opengraph.githubassets.com/6336e0445ce34a4f76074fbe490f8e6d2f89894b26aef13ae5fe1ec11aa1d74f/nodejs/node/issues/62838 og:image:alt (Upd: detected by the scanner behind @deepview-autofix) Hash behavior is reasonable: > hash = require('crypto').createHash('sha256').update('data') > hash.digest() og:image:width 1200 og:image:height 600 og:site_name GitHub og:type object og:author:username ChALkeR hostname github.com expected-hostname github.com None 299b43bca6e02ad35197ffeba30d2466846d5fb02ab96fbced5b5e6cec589fb8 turbo-cache-control no-preview go-import github.com/nodejs/node git https://github.com/nodejs/node.git octolytics-dimension-user_id 9950313 octolytics-dimension-user_login nodejs octolytics-dimension-repository_id 27193779 octolytics-dimension-repository_nwo nodejs/node octolytics-dimension-repository_public true octolytics-dimension-repository_is_fork false octolytics-dimension-repository_network_root_id 27193779 octolytics-dimension-repository_network_root_nwo nodejs/node turbo-body-classes logged-out env-production page-responsive disable-turbo false browser-stats-url https://api.github.com/_private/browser/stats browser-errors-url https://api.github.com/_private/browser/errors release c5a57f04eeb310f57c73fd6d751d957e2ca27ed2 ui-target full theme-color #1e2327 color-scheme light dark
URLs of crawlers that visited me.