JavaScript MD5 Library (Plus the Perks, Uses, and Examples)

Javascript Md5 Library

MD5 libraries are often required by JavaScript developers, on either the client or server side, to verify file data. By far, the most popular library is the blueimp-md5 library.

This library implements the MD5 hashing function, which is first used for computing a checksum of file data (or any other data string) and later for validating the file data integrity by comparing the known checksum with a re-computed one.

Below we will explain what MD5 is, but if you are like me and couldn’t care less about the details, you can jump to our client-side and server-side implementation sections.

What is MD5?

MD5 is a standardized 1-way function that allows any data input to be mapped to a fixed-size output string, no matter how large or small the input string is.

Graphic showing inputs, hash functions, and hash sums

A small change in the input drastically changes the output.

All MD5 implementations produce a 128-bit hash value from a data string, which is typically expressed as a 32-digit hexadecimal number.

For example, foo bar baz becomes ab07acbb1e496801937adfa772424bf7.

The same data input will always map to the same output. Identical outputs from different inputs are rare but can happen.

On Linux systems, md5sum is the command line tool for MD5 hashing. Other operating systems have similar commands.

Let’s have a look at how to do MD5 hashing in the browser (client-side) and in the NodeJS (server-side) environment.

Client-Side Installation and Usage

First, download the md5.min.js library and include it in your HTML:

Next, in your JS application code, you can calculate the hex-encoded MD5 hash of a string by simply calling the md5 method with the string value as an argument:

var hash = md5("value"); // "2063c1608d6e0baf80249c42e2be5804"

We will see more examples on using the library API below.

Server-Side Installation and Usage with NodeJS

To use the MD5 library on the server side with NodeJS, first install the blueimp-md5 package:

npm install blueimp-md5

For a simple example showing how the MD5 package can be used to MD5 hash a query URL string, create a file called server.js with the following code:

require("http").createServer(function (req, res) {

    var md5   = require("blueimp-md5"),
        url   = require("url"),
        query = url.parse(req.url).query;

    res.writeHead(200, {"Content-Type": "text/plain"});

    // compute and print the MD5 hash of the url query:

}).listen(8080, "localhost");

console.log("Server running at http://localhost:8080/ open this URL in your browser to see its MD5 hash");

Now we can run this NodeJS application:

node server.js

If you now browse to http://localhost:8080/ you should see the MD5 output of that URL: 37a6259cc0c1dae299a7866489dff0bd.

Browsing to http://localhost:8080/?foo&bar&baz would produce another MD5 hash.

API Examples

The library has only one function, md5(), which can take up to three arguments:

  1. Required: The input string to be MD5 hashed must be present.
  2. Optional: The HMAC key value is used for message authentication using cryptographic hash functions such as MD5 in combination with a secret shared key.
  3. Optional: A boolean value, if set to “true,” encodes the output as a raw string. Otherwise, the output is a hex-encoded string. The hex-encoding is more portable, but the raw string can be simpler to use in some cases.

Let’s go through some code examples of this API:

Calculate the hex-encoded MD5 hash of a given string value:

var hash = md5("value"); // "2063c1608d6e0baf80249c42e2be5804"

Calculate the hex-encoded HMAC-MD5 hash of a given string value and key:

var hash = md5("value", "key"); // '01433efd5f16327ea4b31144572c67f6'

Calculate the raw MD5 hash of a given string value:

var hash = md5("value", null, true); // ' cxc1`x8dnx0bxafx80$x9cBxe2xbeXx04'

Calculate the raw HMAC-MD5 hash of a given string value and key:

var hash = md5("value", "key", true); // 'x01C>xfd_x162~xa4xb3x11DW,gxf6'

MD5 Security Warning and Alternatives

Although the security of the MD5 hashing function is now considered weak because it isn’t collision-resistant enough, the MD5 hash function is still very popular for historic reasons and the availability of implementations in all sorts of environments.

If you want to have a more secure hash function, use the SHA 2 or SHA 3 message digest instead of MD5. Crypto-js is a good JavaScript implementation of these hash functions. There are many other implementations on GitHub too.

Advertiser Disclosure is a free online resource that offers valuable content and comparison services to users. To keep this resource 100% free, we receive compensation from many of the offers listed on the site. Along with key review factors, this compensation may impact how and where products appear across the site (including, for example, the order in which they appear). does not include the entire universe of available offers. Editorial opinions expressed on the site are strictly our own and are not provided, endorsed, or approved by advertisers.

Our Editorial Review Policy

Our site is committed to publishing independent, accurate content guided by strict editorial guidelines. Before articles and reviews are published on our site, they undergo a thorough review process performed by a team of independent editors and subject-matter experts to ensure the content’s accuracy, timeliness, and impartiality. Our editorial team is separate and independent of our site’s advertisers, and the opinions they express on our site are their own. To read more about our team members and their editorial backgrounds, please visit our site’s About page.