npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@freedomofpress/crypto-browser

v0.1.7

Published

Browser-compatible cryptography utilities.

Readme

crypto-browser

CI

Browser-compatible cryptography utilities for Sigstore and TUF verification.

Used by tuf-browser and sigstore-browser.

[!CAUTION] This library has not received an independent security audit. Maintenance is performed by volunteers, and the project is not officially supported or endorsed by the Freedom of the Press Foundation.

Features

ASN.1 Parsing & Encoding

  • ASN1Obj: Parse and encode DER-encoded ASN.1 structures
  • ASN1Tag: Handle ASN.1 tags and type checking
  • Length encoding/decoding: DER length format support
  • Type parsers: Extract integers, OIDs, dates, bit strings, booleans from ASN.1

Encoding Utilities

  • Base64: Encode/decode with standard and URL-safe variants
  • Hex: Encode/decode hexadecimal strings
  • PEM: Convert between PEM and DER formats
  • UTF-8: String to Uint8Array conversion
  • Constant-time comparison: Timing-attack resistant byte comparison

Cryptographic Operations

  • Key import: Support for ECDSA (P-256/P-384/P-521), Ed25519, and RSA keys
  • Signature verification: Verify signatures using Web Crypto API
    • ECDSA with SHA-256/384/512
    • Ed25519
    • RSA-PSS and RSASSA-PKCS1-v1_5
  • Digest verification: ECDSA signature verification over pre-computed digests (using @noble/curves)
  • PKCS#1 to SPKI conversion: Convert RSA keys for Web Crypto compatibility

Additional Utilities

  • ByteStream: Efficient byte buffer with auto-growing allocation
  • Canonical JSON: TUF-compliant canonical JSON encoding

Installation

npm install @freedomofpress/crypto-browser

Usage

Import a public key and verify a signature

import { importKey, verifySignature } from '@freedomofpress/crypto-browser';

const publicKey = await importKey('ECDSA', 'P-256', pemKey);
const isValid = await verifySignature(publicKey, message, signature, 'sha256');

Parse ASN.1 structures

import { ASN1Obj } from '@freedomofpress/crypto-browser';

const asn1 = ASN1Obj.parseBuffer(derBytes);
const oid = asn1.subs[0].toOID();
const integer = asn1.subs[1].toInteger();

Encode/decode utilities

import {
  base64ToUint8Array,
  uint8ArrayToHex,
  toDER,
  fromDER,
} from '@freedomofpress/crypto-browser';

const bytes = base64ToUint8Array('SGVsbG8=');
const hex = uint8ArrayToHex(bytes);
const der = toDER(pemString);
const pem = fromDER(derBytes, 'PUBLIC KEY');

Dependencies

  • @noble/curves: Used for low-level ECDSA verification over pre-computed digests

Structure

src/
  asn1/           # ASN.1 parsing and encoding
  encoding.ts     # Base64, hex, UTF-8 encoding
  pem.ts          # PEM format conversion
  stream.ts       # ByteStream utility
  crypto.ts       # Cryptographic operations
  canonicalize.ts # Canonical JSON

Development

# Install dependencies
npm install

# Build the project
npm run build

License

Apache-2.0 - see LICENSE file for details.

Acknowledgments

This package provides browser-compatible versions of cryptographic utilities from the Sigstore and TUF ecosystems. All code is licensed under Apache-2.0.

Primary Sources:

  • sigstore-js - ASN.1 parsing, PEM encoding, and stream utilities
  • tuf-js - Canonical JSON implementation

All files maintain their original copyright headers.