sha1 hex hash output does not match node crypto output

[ungoldman]

Hi, apologies if this is addressed somewhere and I've missed it, but I've searched to no avail so thought I'd bring it up here.

I've noticed that the default hash output does not match node's crypto output.

Example code:

const crypto = require('crypto')
const hash = require('object-hash')

const h1 = crypto.createHash('sha1').update('a').digest('hex')

console.log(h1)
// 86f7e437faa5a7fce15d1ddcb9eaeaea377667b8

const h2 = hash('a')

console.log(h2)
// 5534a68034d8b780cb8676def94b51f538c7a502

Unless I'm missing something (which is very possible!) I assume the output of the two functions should be the same, but they are not. This is a problem for the codebase I'm working on right now, as we need the sha1 hex hashes to match in web and node environments. Any possible hints on where I may be going about this wrong?

(Extra note: this problem originates from object-hash throwing an error with latest browserify & tinyify, due to some quirks with browserify standalone builds. see goto-bus-stop/browser-pack-flat#39)

[addaleax]

@ungoldman object-hash treats its input as JS values, not as strings, and it can’t hash strings as-is (without introducing the risk of a collision). object-hash should provide the same output when run in browsers and Node.js, though (unless the object contains some browser- or Node.js-specific values).

[ungoldman]

Thank you I think I understand now!

Did some digging and I see what's happening. 'string:' + string.length + ':' is getting prepended to the value with the _string method (https://github.com/puleos/object-hash/blob/master/index.js#L304-L307).

So

const val = 'a'
const output = crypto.createHash('sha1').update('string:' + val.length + ':' + val).digest('hex')
// 5534a68034d8b780cb8676def94b51f538c7a502

produces output matching a string fed to object-hash with default options.