{
  "context": "This criteria evaluates how effectively the engineer uses @stablelib/sha256's secure memory cleanup capabilities to prevent sensitive data leakage when hashing passwords. The focus is on proper usage of the SHA256 class and its clean() method.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "SHA256 class instantiation",
      "description": "Uses the SHA256 class constructor to create hasher instances for computing hashes (new SHA256())",
      "max_score": 15
    },
    {
      "name": "update() method usage",
      "description": "Correctly uses the update() method to feed password data (converted to Uint8Array) into the hasher",
      "max_score": 20
    },
    {
      "name": "digest() method usage",
      "description": "Uses the digest() method to retrieve the final hash result after updating the hasher with data",
      "max_score": 15
    },
    {
      "name": "clean() method invocation",
      "description": "Explicitly calls the clean() method on SHA256 instances to securely wipe internal buffers after hashing operations",
      "max_score": 30
    },
    {
      "name": "Cleanup in all code paths",
      "description": "Ensures clean() is called in all execution paths, including error cases (e.g., using try-finally blocks or ensuring cleanup before returns)",
      "max_score": 15
    },
    {
      "name": "Hex encoding conversion",
      "description": "Converts the binary hash digest to hexadecimal string format for output (may use helper functions or standard encoding methods)",
      "max_score": 5
    }
  ]
}