BinShieldLive

Binary detail

bcrypt_lib.node

Review one native artifact in depth: evidence checklist, surfaced imports and strings, grouped findings, and package-level context for approval decisions.

Back to package

Binary evidence

bcrypt_lib.node

LOW (11)

Evidence is consistent with an expected native package implementation.

The binary performs native password hashing and seed generation using expected runtime libraries.

filesystem: Reads /dev/urandom for entropy.crypto: Uses OpenSSL EVP routines for hashing.
16 imports surfaced during decompilation41 functions were recovered2 notable strings surfaced1 findings require analyst review
Architecturex86_64

Recovered from artifact metadata

FormatELF

Executable/container format

Size190 KB

Binary payload size

Package version5.1.0

bcrypt investigation target

Recovered evidence

Imports, strings, and decompile preview
Imports

EVP_sha512, uv_queue_work, node_module_register

Interesting strings

/dev/urandom, Invalid salt version

1int bcrypt_hash(...) { /* native hashing flow */ }

Package context

Keep artifact review tied to package posture
Overall riskLOW (11)

Package-level aggregate score

Source matchHIGH

Confidence in decompiled/source alignment

Binary inventory1

190 KB total analyzed size

Behavior familiesfilesystem, crypto

Observed across all binaries

Risk decreased by 41 pointsThis version removes or tightens behavior compared with the previous release.
bcrypt_lib.nodeNetworkFilesystemReads /dev/urandom for ent...ProcessCryptoUses OpenSSL EVP routines ...ObfuscationExfiltration
2 expected0 review0 flagged4 not detected

Call graph

7 visible / 41 total functions
bcrypt_lib.nodeEVP_sha512uv_queue_worknode_module_registerEVP_sha512uv_queue_worknode_module_register
entryimportfunctionsyscallsuspicious

Findings

1 surfaced for this artifact

Entropy source access

Reads system entropy for password hashing.

No action needed.

Reviewer checklist

Before approving rollout
  1. Validate whether imports align with the package’s expected runtime purpose.
  2. Review any surfaced strings for outbound domains, command execution, or path access.
  3. Compare this artifact’s behavior to the package-level drift summary before shipping.

How this score was computed

Methodology transparency
none0-0
low1-29
medium30-59
high60-79
critical80-100
11
NONE0-0

No behaviors or findings detected.

LOW1-29

Expected behaviors only. Safe for most environments.

MEDIUM30-59

Some review-worthy behaviors. Inspect before deploying in hardened environments.

HIGH60-79

Multiple risk signals. Manual review required before production use.

CRITICAL80-100

Severe risk indicators. Block until validated by a security engineer.

Scoring factors

Findings2-45 pts per finding

Severity-weighted: info=2, low=8, medium=18, high=30, critical=45

Behaviors3-28 pts per detected

network=14, filesystem=4, process=12, crypto=3, obfuscation=24, exfiltration=28

Import countUp to 6 pts

importCount / 4, capped at 6. More imports = larger attack surface.

Function countUp to 5 pts

functionCount / 20, capped at 5. Complexity indicator.

Package-level score = 65% highest binary score + 35% average binary score. Scores are deterministic and reproducible.