{"id":22845440,"url":"https://github.com/idealista/tlsh-js","last_synced_at":"2025-10-12T22:20:14.186Z","repository":{"id":51826090,"uuid":"57990358","full_name":"idealista/tlsh-js","owner":"idealista","description":"JavaScript port of TLSH (Trend Micro Locality Sensitive Hash)","archived":false,"fork":false,"pushed_at":"2021-05-09T18:30:28.000Z","size":318,"stargazers_count":162,"open_issues_count":6,"forks_count":15,"subscribers_count":29,"default_branch":"master","last_synced_at":"2025-10-05T07:32:35.831Z","etag":null,"topics":["digest","hash","javascript","locality-sensitive-hashing","nodejs","tlsh"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/idealista.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-05-03T18:08:10.000Z","updated_at":"2025-01-18T21:40:04.000Z","dependencies_parsed_at":"2022-08-23T00:00:41.632Z","dependency_job_id":null,"html_url":"https://github.com/idealista/tlsh-js","commit_stats":null,"previous_names":["idealista-tech/tlsh-js"],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/idealista/tlsh-js","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/idealista%2Ftlsh-js","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/idealista%2Ftlsh-js/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/idealista%2Ftlsh-js/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/idealista%2Ftlsh-js/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/idealista","download_url":"https://codeload.github.com/idealista/tlsh-js/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/idealista%2Ftlsh-js/sbom","scorecard":{"id":481084,"data":{"date":"2025-08-11","repo":{"name":"github.com/idealista/tlsh-js","commit":"a00c7c7ff54aa8c3ad9e60031c006e710395f73c"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.5,"checks":[{"name":"Code-Review","score":3,"reason":"Found 4/12 approved changesets -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"52 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-6chw-6frg-f759","Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw","Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw","Warn: Project is vulnerable to: GHSA-wg6g-ppvx-927h","Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c","Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq","Warn: Project is vulnerable to: GHSA-vh7m-p724-62c2","Warn: Project is vulnerable to: GHSA-r9p9-mrjm-926w","Warn: Project is vulnerable to: GHSA-434g-2637-qmqr","Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m","Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw","Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p","Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747","Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-8r6j-v8pm-fqw3","Warn: Project is vulnerable to: MAL-2023-462","Warn: Project is vulnerable to: GHSA-957j-59c2-j692","Warn: Project is vulnerable to: GHSA-m5pj-vjjf-4m3h","Warn: Project is vulnerable to: GHSA-j383-35pm-c5h4","Warn: Project is vulnerable to: GHSA-rm36-94g8-835r","Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj","Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37","Warn: Project is vulnerable to: GHSA-896r-f27r-55mw","Warn: Project is vulnerable to: GHSA-6c8f-qphg-qjgp","Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw","Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9","Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6","Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59","Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp","Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7","Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6","Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj","Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9","Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw","Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc","Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh","Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T16:39:00.305Z","repository_id":51826090,"created_at":"2025-08-19T16:39:00.305Z","updated_at":"2025-08-19T16:39:00.305Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279013247,"owners_count":26085250,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-12T02:00:06.719Z","response_time":53,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["digest","hash","javascript","locality-sensitive-hashing","nodejs","tlsh"],"created_at":"2024-12-13T03:17:17.695Z","updated_at":"2025-10-12T22:20:14.155Z","avatar_url":"https://github.com/idealista.png","language":"JavaScript","funding_links":[],"categories":["前端 \u003ca name=\"frontend\"\u003e\u003c/a\u003e"],"sub_categories":[],"readme":"![Logo](logo.gif)\n\n# JavaScript port of TLSH (Trend Micro Locality Sensitive Hash)\n\n[![Build Status](https://travis-ci.org/idealista/tlsh-js.svg?branch=master)](https://travis-ci.org/idealista/tlsh-js)\n[![Total Downloads](https://img.shields.io/npm/dt/tlsh.svg)](https://www.npmjs.com/package/tlsh)\n\nTLSH is a fuzzy matching library designed by [Trend Micro](http://www.trendmicro.com) (Hosted in [GitHub](https://github.com/trendmicro/tlsh))\n\nGiven a byte stream with a minimum length of 512 characters (and a minimum amount of randomness), TLSH generates a hash value which can be used for similarity comparisons. Similar objects will have similar hash values which allows for the detection of similar objects by comparing their hash values. Note that the byte stream should have a sufficient amount of complexity. For example, a byte stream of identical bytes will not generate a hash value.\n\nThe computed hash is 70 hexadecimal characters long. The first 6 characters are used to capture the information about the file as a whole (length, ...), while the last 64 characters are used to capture information about incremental parts of the file.\n\n## Installation\n\nAlthough originally designed for use with Node.js and installable via npm using **npm install --save tlsh**, it can also be used directly in the browser (see *browserify* task defined in Gruntfile.js).\n\n## How it's used\n\nWith TLSH mainly you can calculate a hash using supported Strings and compute the difference between two resultant hashes.\n\n### How-To calculate a Hash\n\nTo compute a Hash using TLSH, you should do the following:\n\n```javascript\n// Quote extracted from 'The UNIX-HATERS Handbook'\nvar str = \"The best documentation is the UNIX source. After all, this is what the \" +\n            \"system uses for documentation when it decides what to do next! The \" +\n            \"manuals paraphrase the source code, often having been written at \" +\n            \"different times and by different people than who wrote the code. \" +\n            \"Think of them as guidelines. Sometimes they are more like wishes... \" +\n            \"Nonetheless, it is all too common to turn to the source and find \" +\n            \"options and behaviors that are not documented in the manual. Sometimes \" +\n            \"you find options described in the manual that are unimplemented \" +\n            \"and ignored by the source.\";\n\nvar hash = hash(str);   \n```\n\nThe resultant hash will be _6FF02BEF718027B0160B4391212923ED7F1A463D563B1549B86CF62973B197AD2731F8_ as is described in the TLSH unit tests.\n\n### Requirements\n\nThe input data must contain:\n\n* At least 512 characters.\n* A certain amount of randomness.\n\nto generate a hash value. In other case an **InsufficientComplexityError** will be thrown.\n\n### How-To compute difference between two hashes\n\n1. You should to create two digests using the Digest Hash Builder with hashes as inputs:\n\n```javascript\nvar digest1 = new DigestHashBuilder().withHash(\"09F05A198CC69A5A4F0F9380A9EE93F2B927CF42089EA74276DC5F0BB2D34E68114448\").build();\nvar digest2 = new DigestHashBuilder().withHash(\"301124198C869A5A4F0F9380A9AE92F2B9278F42089EA34272885F0FB2D34E6911444C\").build();\n```\n\n2. You can compute the difference using one Digest against the other one\n\n```javascript\n// Should be equals to digest1.calculateDifference(digest2, true);\ndigest2.calculateDifference(digest1, true);\n```\n\nThe computed difference should be _121_ as is described in Digest unit tests.\n\n**Note:** Computing the difference using a digest against itself should return no difference.\n\n#### How to measure the difference?\n\n* A difference of 0 means the objects are almost identical.\n* A difference of 200 or higher means the objects are **very** different.\n\n#### Ignoring the input data length\n\nThe difference should be calculated using the file length component or removing it (giving _false_ as second parameter). If an input with a repeating pattern is compared to an input with only a single instance of the pattern, then the difference will be increased if the length is included. Giving a false value to the second parameter, the input data length will be removed from consideration.\n\n## Requirements\n\nThe library has been tested with _Node.js v8.12.0_, _npm 6.4.1_ and _grunt v1.0.3_. Newer versions should work but could also present issues.\n\n## Design choices\n\nWe have adopted the original Trend Locality Sensitive Hashing design choices to build this JavaScript port.\n\n## TODO\n\n* Complete Data Tests using input data and resulting digests from Trend Micro official repository.\n\n## License\n\nRead [LICENSE](LICENSE) attached to the project\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fidealista%2Ftlsh-js","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fidealista%2Ftlsh-js","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fidealista%2Ftlsh-js/lists"}