newman icon indicating copy to clipboard operation
newman copied to clipboard
verified publisher icon postmanlabs

FIPS Compliance Issue with Newman

Open nir-moshe opened this issue 9 months ago • 0 comments

Hi,

Newman does not work in a FIPS-compliant environment due to its dependency on the serialised-error addon (https://github.com/postmanlabs/serialised-error), which uses MD5 hashing for checksums.

To resolve this issue, please consider either replacing the serialised-error addon or modifying it (since it is also maintained by Postman Labs) to use SHA-256 hashing instead.

Specifically, you can update the following line in index.js: this.checksum = hash.MD5(this); to: this.checksum = crypto.createHash('sha256').update(JSON.stringify(this)).digest('hex');

Additionally, the object-hash dependency should be removed, as simply initializing it is not supported in a FIPS-compliant environment.

Thanks!

nir-moshe avatar Apr 02 '25 08:04 nir-moshe