bcrypt Binary Analysis | BinShield

Standard bcrypt native addon with entropy access and no suspicious network activity.

Overall riskLOW (11)

Package-level aggregate score

Source matchHIGH

Confidence in decompiled/source alignment

Binary inventory1

190 KB total analyzed size

Behavior familiesfilesystem, crypto

Observed across all binaries

Analyst takeaways

3 evidence summaries

No escalated findings

The current evidence set is dominated by expected native behavior.

1/1 binaries carry findings

Not every native artifact in a package deserves equal attention. Focus review where findings cluster.

claude-sonnet analysis with high confidence

Use the model summary as triage guidance, then validate against imports, strings, and recovered functions.

Version history

1 analyzed versions

6.0.0medium (52)Current investigation target

Confidence: high
Analysis model: claude-sonnet
Data mode: Connected to API

Version drift

5.1.6 to 5.1.7

This version removes or tightens behavior compared with the previous release.

Version 5.1.7 adds stricter extension loading checks and a slightly larger native payload.

Validate whether any newly added filesystem or process behavior is expected.
Compare binary inventory to ensure no unexpected native artifact was introduced.
Review high-signal strings and imports before approving rollout.

Finding clusters

1 findings

Entropy source access

Reads system entropy for password hashing.

No action needed.

Binary evidence

1 native artifacts

bcrypt_lib.node

x86_64 • ELF • 190 KB

LOW (11)

Evidence is consistent with an expected native package implementation.

The binary performs native password hashing and seed generation using expected runtime libraries.

16 imports surfaced during decompilation41 functions were recovered2 notable strings surfaced1 findings require analyst review

2 expected0 review0 flagged4 not detected

entryimportfunctionsyscallsuspicious

1int bcrypt_hash(...) { /* native hashing flow */ }

Imports

EVP_sha512, uv_queue_work, node_module_register

Interesting strings

/dev/urandom, Invalid salt version

Entropy source access

Reads system entropy for password hashing.

No action needed.

Open binary evidence view

Related packages

Similar signal surface

No related packages surfaced from the current dataset.

How this score was computed

Methodology transparency

none0-0

low1-29

medium30-59

high60-79

critical80-100

11

NONE0-0

No behaviors or findings detected.

LOW1-29

Expected behaviors only. Safe for most environments.

MEDIUM30-59

Some review-worthy behaviors. Inspect before deploying in hardened environments.

HIGH60-79

Multiple risk signals. Manual review required before production use.

CRITICAL80-100

Severe risk indicators. Block until validated by a security engineer.

Scoring factors

Findings2-45 pts per finding

Severity-weighted: info=2, low=8, medium=18, high=30, critical=45

Behaviors3-28 pts per detected

network=14, filesystem=4, process=12, crypto=3, obfuscation=24, exfiltration=28

Import countUp to 6 pts

importCount / 4, capped at 6. More imports = larger attack surface.

Function countUp to 5 pts

functionCount / 20, capped at 5. Complexity indicator.

Package-level score = 65% highest binary score + 35% average binary score. Scores are deterministic and reproducible.