SkillRepo
Sign InSign Up
Catalog
affaan-m/nodejs-keccak256

affaan-m

nodejs-keccak256

Prevent Ethereum hashing bugs in JavaScript and TypeScript. Node's sha3-256 is NIST SHA3, not Ethereum Keccak-256, and silently breaks selectors, signatures, storage slots, and address derivation.

global
New~687
v1.1Saved May 11, 2026

Node.js Keccak-256

Ethereum uses Keccak-256, not the NIST-standardized SHA3 variant exposed by Node's crypto.createHash('sha3-256').

When to Use

  • Computing Ethereum function selectors or event topics
  • Building EIP-712, signature, Merkle, or storage-slot helpers in JS/TS
  • Reviewing any code that hashes Ethereum data with Node crypto directly

How It Works

The two algorithms produce different outputs for the same input, and Node will not warn you.

import crypto from 'crypto';
import { keccak256, toUtf8Bytes } from 'ethers';

const data = 'hello';
const nistSha3 = crypto.createHash('sha3-256').update(data).digest('hex');
const keccak = keccak256(toUtf8Bytes(data)).slice(2);

console.log(nistSha3 === keccak); // false

Examples

ethers v6

import { keccak256, toUtf8Bytes, solidityPackedKeccak256, id } from 'ethers';

const hash = keccak256(new Uint8Array([0x01, 0x02]));
const hash2 = keccak256(toUtf8Bytes('hello'));
const topic = id('Transfer(address,address,uint256)');
const packed = solidityPackedKeccak256(
  ['address', 'uint256'],
  ['0x742d35Cc6634C0532925a3b8D4C9B569890FaC1c', 100n],
);

viem

import { keccak256, toBytes } from 'viem';

const hash = keccak256(toBytes('hello'));

web3.js

const hash = web3.utils.keccak256('hello');
const packed = web3.utils.soliditySha3(
  { type: 'address', value: '0x742d35Cc6634C0532925a3b8D4C9B569890FaC1c' },
  { type: 'uint256', value: '100' },
);

Common patterns

import { id, keccak256, AbiCoder } from 'ethers';

const selector = id('transfer(address,uint256)').slice(0, 10);
const typeHash = keccak256(toUtf8Bytes('Transfer(address from,address to,uint256 value)'));

function getMappingSlot(key: string, mappingSlot: number): string {
  return keccak256(
    AbiCoder.defaultAbiCoder().encode(['address', 'uint256'], [key, mappingSlot]),
  );
}

Address from public key

import { keccak256 } from 'ethers';

function pubkeyToAddress(pubkeyBytes: Uint8Array): string {
  const hash = keccak256(pubkeyBytes.slice(1));
  return '0x' + hash.slice(-40);
}

Audit your codebase

grep -rn "createHash.*sha3" --include="*.ts" --include="*.js" --exclude-dir=node_modules .
grep -rn "keccak256" --include="*.ts" --include="*.js" . | grep -v node_modules

Rule

For Ethereum contexts, never use crypto.createHash('sha3-256'). Use Keccak-aware helpers from ethers, viem, web3, or another explicit Keccak implementation.

Files1
1 files · 1.0 KB

Select a file to preview

Overall Score

88/100

Grade

A

Excellent

Safety

98

Quality

86

Clarity

87

Completeness

83

Summary

This skill teaches developers how to correctly use Keccak-256 hashing in Node.js and TypeScript for Ethereum applications, preventing the critical bug of accidentally using Node's NIST SHA3-256 instead. It provides clear examples for ethers v6, viem, and web3.js libraries, plus audit patterns to identify and fix existing misuses in codebases.

Detected Capabilities

code review and pattern matchinggrep-based codebase auditingeducational reference with code examples

Trigger Keywords

Phrases that MCP clients use to match this skill to user intent.

keccak256 hash ethereumethereum signature hashingeip-712 implementationethereum selector computationstorage slot key derivationaudit ethereum hashesfix sha3 bug

Use Cases

  • Fix Ethereum function selector computation in JavaScript/TypeScript
  • Implement EIP-712 signature hashing correctly
  • Build Merkle tree hashing helpers for Ethereum contracts
  • Compute storage slot keys using Keccak-256
  • Derive Ethereum addresses from public keys
  • Audit existing codebases for NIST SHA3 misuse in Ethereum contexts

Quality Notes

  • Clear problem statement explains the critical distinction between Keccak-256 and NIST SHA3-256 with a concrete example
  • Comprehensive multi-library coverage (ethers v6, viem, web3.js) showing equivalent patterns
  • Practical use cases (selectors, EIP-712, storage slots, address derivation) demonstrate real Ethereum workflows
  • Provides ready-to-run audit commands for identifying vulnerable patterns in existing codebases
  • Well-structured with logical sections: When to Use, How It Works, Examples, Rule
  • Code examples are accurate and immediately actionable
  • Concise 'Rule' summary reinforces the core guidance
  • MIT license included for reusability
  • No file writes, network requests, or destructive operations — purely educational and informational
Model: claude-haiku-4-5-20251001Analyzed: May 11, 2026

Reviews

Add this skill to your library to leave a review.

No reviews yet

Be the first to share your experience.

Version History

v1.1

Content updated

2026-04-20

Latest
v1.0

No changelog

2026-04-12

Add affaan-m/nodejs-keccak256 to your library

Get Started Free

Command Palette

Search for a command to run...