npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@bcts/crypto

v1.0.0-alpha.16

Published

Blockchain Commons Cryptographic Utilities for TypeScript

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

leonardocustodioleonardocustodio

Keywords

cryptocryptographyblockchain-commonssha256chacha20x25519ecdsaschnorred25519security

Readme

Blockchain Commons Crypto Interfaces for TypeScript

Disclaimer: This package is under active development and APIs may change.

Introduction

@bcts/crypto exposes a uniform API for the cryptographic primitives used in higher-level Blockchain Commons projects such as Gordian Envelope.

Features

  • Hash Functions: SHA-256, SHA-512, HMAC, PBKDF2, HKDF, CRC32
  • Symmetric Encryption: ChaCha20-Poly1305 AEAD
  • Public Key Cryptography:
    • X25519 (key agreement)
    • ECDSA (secp256k1 signing/verification)
    • Schnorr signatures (BIP-340)
    • Ed25519 (signing/verification)
  • Key Derivation: Scrypt, Argon2id
  • Memory Security: Best-effort memory zeroing utilities

Security Considerations

Memory Zeroing (memzero)

⚠️ IMPORTANT SECURITY LIMITATION

The memzero() function provides best-effort memory clearing in JavaScript/TypeScript, but cannot guarantee that sensitive data is fully erased from memory.

Why this limitation exists:

  • JavaScript/TypeScript lacks volatile memory writes (unlike the Rust reference implementation which uses std::ptr::write_volatile())
  • JavaScript engines and JIT compilers may optimize away zeroing operations
  • The garbage collector may have made copies of sensitive data
  • Swapped pages or memory dumps may contain copies

What memzero() does:

  • ✅ Overwrites memory with zeros to reduce exposure time
  • ✅ Makes a verification check to prevent some optimizations
  • ❌ Cannot guarantee complete erasure from physical memory

Best practices for sensitive operations:

  1. Use Web Crypto API when possible: For truly sensitive cryptographic operations, use crypto.subtle with non-extractable keys
  2. Minimize exposure time: Call memzero() immediately after sensitive operations
  3. Understand the limitations: This is defense-in-depth, not a security guarantee
  4. Consider your threat model: Evaluate if JavaScript is appropriate for your security requirements

Example:

import { memzero } from '@bcts/crypto';

const sensitiveKey = new Uint8Array(32);
// ... use the key ...

// Clear from memory (best effort)
memzero(sensitiveKey);

For more details, see the implementation comments.

Rust Reference Implementation

This TypeScript implementation is based on bc-crypto-rust v0.14.0 (commit).