An isomorphic timing-safe equality function for strings and Uint8Arrays.
This is a port of @ircmaxell's function for PHP, published here.
If you want to avoid leaking the length of your secret, you should always pass that as the first argument to the function.
npm install --save crypto-timing-safe-equalsimport timingSafeEquals from 'crypto-timing-safe-equals';
// Check if two strings are equal, in a timing-safe manner
timingSafeEquals ( 'secret', 'attempt' ); // => false
// Check if two Uint8Arrays are equal, in a timing-safe manner
timingSafeEquals ( new Uint8Array ([ 102, 111, 111 ]), new Uint8Array ([ 98, 97, 114 ]) ); // => falseMIT © Fabio Spampinato