npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@glorhythm/crypt

v1.0.0-beta

Published

Glorhythm library for encryption and decryption

Downloads

7

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

hr1938082hr1938082

Keywords

crypttypescriptjavascriptnodelibrarynpmglorhythm

Readme

@glorhythm/crypt

A small, opinionated encryption/decryption helper for Node.js using AES-256-GCM.
It derives a 256-bit key from your application secret via @glorhythm/config-loader and exposes a simple static API.

Installation

npm install @glorhythm/crypt @glorhythm/config-loader

or with yarn:

yarn add @glorhythm/crypt @glorhythm/config-loader

Note: @glorhythm/config-loader must be configured so that Config("app.key") returns a strong secret string.

🧱 Folder Structure

Expected project layout:

<project>/
│── src/
|   ├── configs/
|   │   └── app.ts
|   └── index.ts
├── .env
├── package.json

How it works

  • Uses the Node.js crypto module with:
    • Algorithm: aes-256-gcm
    • IV: 12 random bytes per encryption
    • Auth tag: GCM authentication tag for integrity
  • Key derivation:
    • key = sha256(Config("app.key"))
    • Result is a 32-byte buffer used directly as the AES key
  • Output format:
    • ivHex:encryptedHex:authTagHex (all hex-encoded, colon-separated)

This makes it easy to store encrypted values in a single string (DB column, config value, etc.).

Basic Usage

import Crypt from "@glorhythm/crypt";

// Encrypt a string
const plainText = "my-secret-value";
const encrypted = Crypt.encrypt(plainText);

console.log("Encrypted:", encrypted);
// Example: 9a3f...:d823...:a1b2...

// Decrypt back
const decrypted = Crypt.decrypt(encrypted);
console.log("Decrypted:", decrypted); // "my-secret-value"

API

Crypt.encrypt(data: string): string

Encrypts a UTF-8 string and returns a single colon-separated string containing:

<ivHex>:<cipherTextHex>:<authTagHex>

Parameters:

  • data – Plain text string to encrypt.

Returns:

  • A string that contains the IV, encrypted data, and auth tag, all hex-encoded, separated by :.

Behavior:

  1. Get key via Config("app.key"), hashed with SHA-256.
  2. Generate a random 12-byte IV with randomBytes(12).
  3. Create an AES-256-GCM cipher with createCipheriv.
  4. Encrypt the data and retrieve the auth tag via cipher.getAuthTag().
  5. Serialize as iv:encrypted:authTag (hex).

Crypt.decrypt(data: string): string

Decrypts a string produced by Crypt.encrypt and returns the original UTF-8 string.

Parameters:

  • data – Encrypted string in the format ivHex:encryptedHex:authTagHex.

Returns:

  • The decrypted UTF-8 string.

Behavior:

  1. Split the input by :.
  2. Decode ivHex, encryptedHex, and authTagHex from hex into buffers.
  3. Create an AES-256-GCM decipher with the same derived key and IV.
  4. Set the auth tag via decipher.setAuthTag.
  5. Decrypt and return the plain text string.

If the ciphertext is tampered with or the key/IV/auth tag does not match, decipher.final() will throw.

Configuration & Key Management

This library expects @glorhythm/config-loader to provide the encryption key:

import Config from "@glorhythm/config-loader";

const secret = Config("app.key");

Recommendations:

  • Use a long, random string (at least 32+ characters) for app.key.
  • Store it in a secure location:
    • Environment variable (APP_KEY)
    • Secrets manager (AWS Secrets Manager, GCP Secret Manager, HashiCorp Vault, etc.)
  • Do not commit the key to version control.
  • Changing app.key will make previously encrypted data undecryptable.

Example: Encrypting Data Before Saving to DB

import Crypt from "@glorhythm/crypt";
import db from "./db"; // your DB client

interface User {
  id: number;
  email: string;
  secretTokenEncrypted: string;
}

async function saveToken(userId: number, token: string) {
  const encrypted = Crypt.encrypt(token);
  await db.user.update({
    where: { id: userId },
    data: { secretTokenEncrypted: encrypted },
  });
}

async function loadToken(userId: number): Promise<string | null> {
  const user: User | null = await db.user.findUnique({ where: { id: userId } });
  if (!user?.secretTokenEncrypted) return null;

  return Crypt.decrypt(user.secretTokenEncrypted);
}

Error Handling

Decryption can throw if:

  • The input is not in the correct iv:cipher:tag format.
  • The hex strings are invalid.
  • The key differs from the one used in encryption.
  • The ciphertext or auth tag has been modified.

Wrap decryption in try/catch if you expect potentially invalid or untrusted input:

try {
  const decrypted = Crypt.decrypt(encryptedStringFromClient);
  // use decrypted value
} catch (err) {
  console.error("Failed to decrypt:", err);
  // handle error (e.g., reject request, mark data as invalid)
}

TypeScript

The package ships with type declarations:

  • main: dist/index.js
  • types: dist/index.d.ts
  • exports configured for both CJS and ESM.

Example TS usage:

import Crypt from "@glorhythm/crypt";

const encrypted = Crypt.encrypt("hello");
const decrypted = Crypt.decrypt(encrypted);

Security Notes

  • AES-256-GCM provides both confidentiality and integrity (via auth tag).
  • The strength of your encryption depends heavily on the secrecy and randomness of app.key.
  • Do not reuse or log the encryption key or decrypted sensitive data.
  • For very high-security use cases, consider:
    • Rotating keys and storing key metadata.
    • Using a dedicated KMS (Key Management Service).
    • Adding versioning to your encrypted payloads.

License

MIT © Glorhythm