starred/hoppscotch
1
0
Fork 0
mirror of https://github.com/hoppscotch/hoppscotch.git synced 2026-04-26 01:06:00 +03:00
Code Issues 711 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #2015] [feature]: how to use sha256 in Pre-request Scripts Scripts #657

New issue
Closed
opened 2026-03-16 16:32:19 +03:00 by kerem · 16 comments
kerem commented 2026-03-16 16:32:19 +03:00
Owner
Copy link

Originally created by @zlay0701 on GitHub (Dec 16, 2021).
Original GitHub issue: https://github.com/hoppscotch/hoppscotch/issues/2015

Originally assigned to: @jamesgeorge007 on GitHub.

Is there an existing issue for this?

  • I have searched the existing issues

Summary

how to use sha256 in Pre-request Scripts Scripts?

Why should this be worked on?

Some interfaces need to dynamically generate signatures and initiate requests according to tokens
The signature algorithm uses algorithms such as sha256 and SHA1

Originally created by @zlay0701 on GitHub (Dec 16, 2021). Original GitHub issue: https://github.com/hoppscotch/hoppscotch/issues/2015 Originally assigned to: @jamesgeorge007 on GitHub. ### Is there an existing issue for this? - [X] I have searched the existing issues ### Summary how to use sha256 in Pre-request Scripts Scripts? ### Why should this be worked on? Some interfaces need to dynamically generate signatures and initiate requests according to tokens The signature algorithm uses algorithms such as sha256 and SHA1
kerem 2026-03-16 16:32:19 +03:00
kerem commented 2026-03-16 16:32:35 +03:00
Author
Owner
Copy link

@liyasthomas commented on GitHub (Dec 16, 2021):

Similar issue: #2001
Adding support to npm packages and SDKs are in our roadmap. Stay tuned for product updates.

<!-- gh-comment-id:995451572 --> @liyasthomas commented on GitHub (Dec 16, 2021): Similar issue: #2001 Adding support to ~npm packages~ and SDKs are in our roadmap. Stay tuned for product updates.
kerem commented 2026-03-16 16:32:40 +03:00
Author
Owner
Copy link

@apptut commented on GitHub (Dec 19, 2021):

npm packages +1, I want gen sign with params by md5 or sha1

<!-- gh-comment-id:997340569 --> @apptut commented on GitHub (Dec 19, 2021): npm packages +1, I want gen sign with params by md5 or sha1
kerem commented 2026-03-16 16:32:45 +03:00
Author
Owner
Copy link

@AndrewBastin commented on GitHub (Dec 19, 2021):

Hate to burst the bubble, but I am not planning on getting NPM packages as is to work with Hoppscotch scripting environment.
It's a complicated enough task as is and implementing mechanisms to manage NPM and node_modules and dependency management and Node Module Resolution capabilities (remember, the scripts are executed client side in a sandbox) all within the sandbox is a massive challenge which we cannot spend too much effort on.

But, I was hoping to get Deno style ESM URL imports working so you can directly import from URL (read more here: https://deno.land/manual/examples/import_export) and there are sources like JSPM, Skypack and Unpkg (as an option) which give all the important libraries in the ESM format.

<!-- gh-comment-id:997397048 --> @AndrewBastin commented on GitHub (Dec 19, 2021): Hate to burst the bubble, but I am not planning on getting NPM packages as is to work with Hoppscotch scripting environment. It's a complicated enough task as is and implementing mechanisms to manage NPM and node_modules and dependency management and Node Module Resolution capabilities (remember, the scripts are executed client side in a sandbox) all within the sandbox is a massive challenge which we cannot spend too much effort on. But, I was hoping to get Deno style ESM URL imports working so you can directly import from URL (read more here: [https://deno.land/manual/examples/import_export](https://deno.land/manual/examples/import_export)) and there are sources like [JSPM](https://jspm.io), [Skypack](https://skypack.dev) and [Unpkg (as an option)](https://unpkg.com) which give all the important libraries in the ESM format.
kerem commented 2026-03-16 16:32:51 +03:00
Author
Owner
Copy link

@apptut commented on GitHub (Dec 20, 2021):

I agree with what you said. My purpose is not to import npm, but to get the capabilities of encryption libraries. Many times the interface needs to be signed using md5, or sha1, base64 algorithms, and so on.

<!-- gh-comment-id:997856341 --> @apptut commented on GitHub (Dec 20, 2021): I agree with what you said. My purpose is not to import npm, but to get the capabilities of encryption libraries. Many times the interface needs to be signed using md5, or sha1, base64 algorithms, and so on.
kerem commented 2026-03-16 16:32:56 +03:00
Author
Owner
Copy link

@zlay0701 commented on GitHub (Jan 11, 2022):

can add https://github.com/brix/crypto-js ?

<!-- gh-comment-id:1009662736 --> @zlay0701 commented on GitHub (Jan 11, 2022): can add https://github.com/brix/crypto-js ?
kerem commented 2026-03-16 16:33:01 +03:00
Author
Owner
Copy link

@evanlurvey commented on GitHub (Mar 6, 2023):

I also have needed crypto-js before for auth and signatures.

<!-- gh-comment-id:1456854748 --> @evanlurvey commented on GitHub (Mar 6, 2023): I also have needed crypto-js before for auth and signatures.
kerem commented 2026-03-16 16:33:06 +03:00
Author
Owner
Copy link

@sneha-herle commented on GitHub (Aug 10, 2023):

Please find a solution for this, needed crypto-js before for auth and signatures.

<!-- gh-comment-id:1672863801 --> @sneha-herle commented on GitHub (Aug 10, 2023): Please find a solution for this, needed crypto-js before for auth and signatures.
kerem commented 2026-03-16 16:33:11 +03:00
Author
Owner
Copy link

@bappleug-tw commented on GitHub (Aug 26, 2023):

Plus one for adding crypto-js support

<!-- gh-comment-id:1694207535 --> @bappleug-tw commented on GitHub (Aug 26, 2023): Plus one for adding crypto-js support
kerem commented 2026-03-16 16:33:16 +03:00
Author
Owner
Copy link

@jhoos70 commented on GitHub (Oct 18, 2023):

Need crypto-js, too. Without it hoppscotch is useless for my usecase.

<!-- gh-comment-id:1768590015 --> @jhoos70 commented on GitHub (Oct 18, 2023): Need crypto-js, too. Without it hoppscotch is useless for my usecase.
kerem commented 2026-03-16 16:33:21 +03:00
Author
Owner
Copy link

@samuel-deal-tisseo commented on GitHub (Oct 19, 2023):

Plus one for adding crypto-js support

<!-- gh-comment-id:1771189919 --> @samuel-deal-tisseo commented on GitHub (Oct 19, 2023): Plus one for adding crypto-js support
kerem commented 2026-03-16 16:33:26 +03:00
Author
Owner
Copy link

@qichengri commented on GitHub (Jan 5, 2024):

Plus one for adding crypto-js support

<!-- gh-comment-id:1877926344 --> @qichengri commented on GitHub (Jan 5, 2024): Plus one for adding crypto-js support
kerem commented 2026-03-16 16:33:31 +03:00
Author
Owner
Copy link

@archcorsair commented on GitHub (Apr 15, 2024):

Any updates on this? This feature is the only one preventing us from moving from postman to hoppscotch

<!-- gh-comment-id:2057657737 --> @archcorsair commented on GitHub (Apr 15, 2024): Any updates on this? This feature is the only one preventing us from moving from postman to hoppscotch
kerem commented 2026-03-16 16:33:36 +03:00
Author
Owner
Copy link

@siniradam commented on GitHub (May 7, 2024):

Seems like some crypto features available in the browser API working, if you someone is in dire need of HMAC, maybe can give it a try to this function.

async function createHMAC(payload, secret) {
  if (typeof payload == "object") {
    payload = JSON.stringify(payload);
  }
  let enc = new TextEncoder("utf-8");
  let algorithm = { name: "HMAC", hash: "SHA-256" };
  let key = await crypto.subtle.importKey("raw", enc.encode(secret), algorithm, false, [
    "sign",
    "verify",
  ]);
  let signature = await crypto.subtle.sign(algorithm.name, key, enc.encode(payload));
  let digest = btoa(String.fromCharCode(...new Uint8Array(signature)));
  return digest;
}
<!-- gh-comment-id:2098885611 --> @siniradam commented on GitHub (May 7, 2024): Seems like some crypto features available in the browser API working, if you someone is in dire need of HMAC, maybe can give it a try to this function. ```js async function createHMAC(payload, secret) { if (typeof payload == "object") { payload = JSON.stringify(payload); } let enc = new TextEncoder("utf-8"); let algorithm = { name: "HMAC", hash: "SHA-256" }; let key = await crypto.subtle.importKey("raw", enc.encode(secret), algorithm, false, [ "sign", "verify", ]); let signature = await crypto.subtle.sign(algorithm.name, key, enc.encode(payload)); let digest = btoa(String.fromCharCode(...new Uint8Array(signature))); return digest; } ```
kerem commented 2026-03-16 16:33:41 +03:00
Author
Owner
Copy link

@alizufan commented on GitHub (Jun 27, 2024):

Seems like some crypto features available in the browser API working, if you someone is in dire need of HMAC, maybe can give it a try to this function.

async function createHMAC(payload, secret) {
  if (typeof payload == "object") {
    payload = JSON.stringify(payload);
  }
  let enc = new TextEncoder("utf-8");
  let algorithm = { name: "HMAC", hash: "SHA-256" };
  let key = await crypto.subtle.importKey("raw", enc.encode(secret), algorithm, false, [
    "sign",
    "verify",
  ]);
  let signature = await crypto.subtle.sign(algorithm.name, key, enc.encode(payload));
  let digest = btoa(String.fromCharCode(...new Uint8Array(signature)));
  return digest;
}

thank you !

<!-- gh-comment-id:2195452395 --> @alizufan commented on GitHub (Jun 27, 2024): > Seems like some crypto features available in the browser API working, if you someone is in dire need of HMAC, maybe can give it a try to this function. > > ```js > async function createHMAC(payload, secret) { > if (typeof payload == "object") { > payload = JSON.stringify(payload); > } > let enc = new TextEncoder("utf-8"); > let algorithm = { name: "HMAC", hash: "SHA-256" }; > let key = await crypto.subtle.importKey("raw", enc.encode(secret), algorithm, false, [ > "sign", > "verify", > ]); > let signature = await crypto.subtle.sign(algorithm.name, key, enc.encode(payload)); > let digest = btoa(String.fromCharCode(...new Uint8Array(signature))); > return digest; > } > ``` thank you !
kerem commented 2026-03-16 16:33:46 +03:00
Author
Owner
Copy link

@jamesgeorge007 commented on GitHub (Nov 6, 2025):

Hi! #5090 added the ability to import ESM packages in the scripting context as part of the Experimental scripting sandbox. You can now import crypto libraries directly:

import CryptoJS from 'https://esm.run/crypto-js@4.2.0';

We're aware of certain limitations with the native crypto module. ESM imports offer an alternative approach. Ongoing scripting improvements are tracked in #5221.

In the meantime, you can choose to proceed with either of the following:

  • Use ESM imports with the Experimental scripting sandbox.
  • Opt out of the experimental scripting sandbox from settings to use the native crypto module.
    Image
<!-- gh-comment-id:3498557120 --> @jamesgeorge007 commented on GitHub (Nov 6, 2025): Hi! #5090 added the ability to import ESM packages in the scripting context as part of the `Experimental scripting sandbox`. You can now import crypto libraries directly: ```ts import CryptoJS from 'https://esm.run/crypto-js@4.2.0'; ``` We're aware of certain limitations with the native `crypto` module. ESM imports offer an alternative approach. Ongoing scripting improvements are tracked in #5221. In the meantime, you can choose to proceed with either of the following: - Use ESM imports with the `Experimental scripting sandbox`. - Opt out of the experimental scripting sandbox from settings to use the native `crypto` module. <img width="1906" height="565" alt="Image" src="https://github.com/user-attachments/assets/bb540bb1-4ec4-46b1-99be-da832a7c6adc" />
kerem commented 2026-03-16 16:33:52 +03:00
Author
Owner
Copy link

@jamesgeorge007 commented on GitHub (Jan 28, 2026):

Closing as this is addressed in v2026.1.0 via #5791.

<!-- gh-comment-id:3811238200 --> @jamesgeorge007 commented on GitHub (Jan 28, 2026): Closing as this is addressed in [v2026.1.0](https://github.com/hoppscotch/hoppscotch/releases/tag/2026.1.0) via #5791.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
chore/security-fix-2026-4-0
next
fix/mockserver-env-set-url-priority
feat/rest-gql-merge
refactor/workspaces
fix/onboarding-mass-assignment
desktop-settings-phase-0-schema-bridge-shell
patch
test-webhook
pr/johnan319/5745
tembo/optimize-performance-db-queries
add-claude-github-actions-1772782423108
fix/code-scanning-103
fix/mock-server-example-endpoint-match-v2
fix/rate-limit-on-health-route
hotfix/api-doc-collection-deletetion
cd-test
fix/mock-server-backend-followup
chore/code-scanning-52
chore/verion-addition-check
nested-migrations
scripting-system-updates-worker-setup
scripting-system-updates
pr/shipko/4367
ci-test
feat/user-delete-condition
feat/user-workspace-stats-api
chore/collection-export-addition
fix/import-file-size-limit-flow
feat/dashboard-common
feat/sort-environment-alphabetically
feat/infra-config-encryption
refactor/team
feat/collection-duplicationn
feat/secure-cookies-toggle
pr/pavog/4195
pr/pavog/4196
test/patch-demo
feat/native-interceptor-updates
pr/AndrewBastin/4111
feat/user-last-active-on
fix/codemirror-large-text-scroll-bug
fix/precision-lost-beautify
fix/env-diff-test-schema-error
fix/email-case-sensitive
release/2024.3.3
refactor/workspace-login-conversion
feat/node-apline-version-upgrade
feat/seed
release/2024.3.2
fix/sh-email-handlebar-issue
feat/app-experiment-animation
release/2024.3.1
release/2024.3.0
pr/jamesgeorge007/3937
experiment/deploychan
feat/github-enterprise-auth
refactor/collection-search-query
hotfix/infra-config-reset-bug
fix/secret-var-bug
hotfix/full-text-search
hotfix/request-variable-version-syncing
feat/request-variable
feat/server-config-additional-properties
pr/JoelJacobStephen/3845
release/2023.12.6
fix/safari-codemirror-perf-bug
release/2023.12.5
release/2023.12.4
fix/secret-env-bugs-tooltip
release/2023.12.3
fix/shared-request-bug
fix/disable-context-menu-option
release/2023.12.2
release/2023.12.1
fix/shared-request-bugs
release/2023.12.0
fix/gql-history-schema
fix/actions-not-working-without-sidebar
pr/jamesgeorge007/3665
chore/desktop-app-corrections
fix/auth-headers-in-coll
fix/embed-url
improve/placeholder
add-realtime-logos
feat/shared-request-embeds
feat/collection-headers
revamp/header
release/2023.8.4
refactor/interceptor-error-display
feat/subpath-based-access
release/2023.8.3
feat/shared-requests
feat/desktop
fix/nodemailer-templates-issue
feature/upgrade-graphql-ws
fix/graphql-crashing
fix/set-environments-when-no-env-selected
refactor/pre-prisma-bump-setup
release/2023.8.2
pr/danitherex/3216
perf/raw-db-query
release/2023.8.1
revert-3348-perf/reduce-backend-calls
fix/incorrect-tab-count-close-all-tab
fix/duplicate-tab-bug
release/2023.8.0
hotfix/fetch-shortcode
fix/tab-right-click-rename-bug
chore/docker-fixes
pr/JoelJacobStephen/3178
feat/fe-accessible-auth-provider-env
feat-cherry-pick/conditional-auth-select
feat/conditional-auth-select
release/2023.4.8
fix/generate-sitemap-issue
test/backend-test-case
refactor/team-invitation
pr/AndrewBastin/3171
release/2023.4.7
fix/duplicate-team-invite
fix/unified-bg-color-coll-tree
fix/shortcode-screen-stuck
release/2023.4.6
revert-3117-patch-3
fix/env-selector-bg
fix/db-url
release/2023.4.4
fix/sync-popup-bug
fix/team-env-set-test
chore/wss-to-ws-on-env
fix/prettify-xml-response
feat/db-volume-addition
feat/env-selector-tabs-ui
bug/broken-env
release/2023.4.2
fix/switch-workspace-env-bug
fix/magic-link
fix/cookie-handler
HPS-OSS-1
staging
revert/auth-issue
feat/export-env
refactor/commons
reference/path-variables
orphan-pr/2243
feat/realtime-search
fix/save-override
refactor/strategies
feat/embeds
bug/withDefaults
feat/show-keys
refactor/toast
2026.3.1
2026.3.0
2026.2.1
2026.2.0
2026.1.1
2026.1.0
2025.12.1
2025.12.0
2025.11.2
2025.11.1
2025.11.0
2025.10.1
2025.10.0
2025.9.2
2025.9.1
2025.9.0
2025.8.1
2025.8.0
2025.7.1
2025.7.0
2025.6.1
2025.6.0
2025.5.4
2025.5.3
2025.5.2
2025.5.1
2025.5.0
2025.4.2
2025.4.1
2025.4.0
2025.3.2
2025.3.1
2025.3.0
2025.2.3
2025.2.2
2025.2.1
2025.2.0
2025.1.1
2025.1.0
2024.12.2
2024.12.1
2024.12.0
2024.11.0
2024.10.2
2024.10.1
2024.10.0
2024.9.3
2024.9.2
2024.9.1
2024.9.0
2024.8.3
2024.8.2
2024.8.1
2024.8.0
2024.7.2
2024.7.1
2024.7.0
2024.6.1
2024.6.0
2024.3.4
2024.3.3
2024.3.2
2024.3.1
2024.3.0
2023.12.6
2023.12.5
2023.12.4
2023.12.3
2023.12.2
2023.12.1
2023.12.0
2023.8.4
2023.8.3
2023.8.2
2023.8.1
2023.8.0
2023.4.8
2023.4.7
2023.4.6
2023.4.5
2023.4.4
2023.4.3
2023.4.2
2023.4.1
2023.4.0
v3.0.1
v3.0.0
v2.2.1
v2.2.0
v2.1.0
v2.0.0
v1.12.0
v1.10.0
v1.9.9
v1.9.7
v1.9.5
v1.9.0
v1.8.0
v1.5.0
v1.0.0
v0.1.0
Labels
Clear labels   
CodeDay

   
a11y

   
browser limited

   
bug

   
bug fix

   
cli

   
core

   
critical

   
design

   
desktop

   
discussion

   
docker

   
documentation

   
duplicate

   
enterprise

   
feature

   
feature

   
fosshack

   
future

   
good first issue

   
hacktoberfest

   
help wanted

   
i18n

   
invalid

   
major

   
minor

   
need information

   
need testing

   
not applicable to hoppscotch

   
not reproducible

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
refactor

   
resolved

   
sandbox

   
self-host

   
spam

   
stale

   
testmu

   
wip

   
wont fix
No labels
CodeDay
a11y
browser limited
bug
bug fix
cli
core
critical
design
desktop
discussion
docker
documentation
duplicate
enterprise
feature
feature
fosshack
future
good first issue
hacktoberfest
help wanted
i18n
invalid
major
minor
need information
need testing
not applicable to hoppscotch
not reproducible
pull-request
question
refactor
resolved
sandbox
self-host
spam
stale
testmu
wip
wont fix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/hoppscotch#657
No description provided.