BinShieldLive

Package detail

bcrypt@5.1.0

Treat this as an investigation surface: start with package posture, then inspect binary evidence, finding clusters, and version drift before approving rollout.

Back to browserJump to evidence

npm

bcrypt@5.1.0

LOW (11)

Standard bcrypt native addon with entropy access and no suspicious network activity.

Overall riskLOW (11)

Package-level aggregate score

Source matchHIGH

Confidence in decompiled/source alignment

Binary inventory1

190 KB total analyzed size

Behavior familiesfilesystem, crypto

Observed across all binaries

Risk score11

low severity posture

Binary count1

Native artifacts recovered

ConfidenceHIGH

Source/decompile alignment

Total size190 KB

Combined binary payload

Analyst takeaways

3 evidence summaries
No escalated findings

The current evidence set is dominated by expected native behavior.

1/1 binaries carry findings

Not every native artifact in a package deserves equal attention. Focus review where findings cluster.

claude-sonnet analysis with high confidence

Use the model summary as triage guidance, then validate against imports, strings, and recovered functions.

Version history

1 analyzed versions
051015203.2.2
3.2.2none (0)Current investigation target
  • Confidence: high
  • Analysis model: claude-sonnet
  • Data mode: Connected to API

Version drift

5.1.6 to 5.1.7

This version introduces additional behavior that deserves security review.

Version 5.1.7 adds stricter extension loading checks and a slightly larger native payload.

Risk increased by 11 pointsUse this as triage guidance, then validate against binary evidence below.
Added: Additional filesystem path validation before extension loading.Added: Guarded extension loading before execution.
  1. Validate whether any newly added filesystem or process behavior is expected.
  2. Compare binary inventory to ensure no unexpected native artifact was introduced.
  3. Review high-signal strings and imports before approving rollout.

Finding clusters

1 findings
INFO1 items

Entropy source access

Reads system entropy for password hashing.

No action needed.

Binary evidence

1 native artifacts

bcrypt_lib.node

x86_64ELF190 KB

LOW (11)

Evidence is consistent with an expected native package implementation.

The binary performs native password hashing and seed generation using expected runtime libraries.

filesystem: Reads /dev/urandom for entropy.crypto: Uses OpenSSL EVP routines for hashing.
16 imports surfaced during decompilation41 functions were recovered2 notable strings surfaced1 findings require analyst review
bcrypt_lib.nodeNetworkFilesystemReads /dev/urandom for ent...ProcessCryptoUses OpenSSL EVP routines ...ObfuscationExfiltration
2 expected0 review0 flagged4 not detected

Call graph

7 visible / 41 total functions
bcrypt_lib.nodeEVP_sha512uv_queue_worknode_module_registerEVP_sha512uv_queue_worknode_module_register
entryimportfunctionsyscallsuspicious
1int bcrypt_hash(...) { /* native hashing flow */ }
Imports

EVP_sha512, uv_queue_work, node_module_register

Interesting strings

/dev/urandom, Invalid salt version

Entropy source access

Reads system entropy for password hashing.

No action needed.
Open binary evidence view

Related packages

Similar signal surface

No related packages surfaced from the current dataset.

How this score was computed

Methodology transparency
none0-0
low1-29
medium30-59
high60-79
critical80-100
11
NONE0-0

No behaviors or findings detected.

LOW1-29

Expected behaviors only. Safe for most environments.

MEDIUM30-59

Some review-worthy behaviors. Inspect before deploying in hardened environments.

HIGH60-79

Multiple risk signals. Manual review required before production use.

CRITICAL80-100

Severe risk indicators. Block until validated by a security engineer.

Scoring factors

Findings2-45 pts per finding

Severity-weighted: info=2, low=8, medium=18, high=30, critical=45

Behaviors3-28 pts per detected

network=14, filesystem=4, process=12, crypto=3, obfuscation=24, exfiltration=28

Import countUp to 6 pts

importCount / 4, capped at 6. More imports = larger attack surface.

Function countUp to 5 pts

functionCount / 20, capped at 5. Complexity indicator.

Package-level score = 65% highest binary score + 35% average binary score. Scores are deterministic and reproducible.

canvas Binary Analysis | BinShield