npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@hummhive/saltpack

v1.10.0

Published

saltpack

Downloads

19

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

seajamesseajamesdavidrichard23davidrichard23henrydelrohenrydelrothedavidmeisterthedavidmeisterforcizeforcize

Keywords

Readme

saltpack

Exports

This library has two exports, Encrypt and Decrypt.

Both build transform streams and streams are the only way to interact with this library. Generally this is what you want because:

  • Files and URLs can all be streamed easily in nodejs
  • Saltpack is designed to handle large data in 1MB chunks
  • Failing to stream is very slow and can quickly consume system memory
  • The cryptographic protocol is carefully designed to support streams
  • Streams are composable and once piped together, there are minimal moving parts
  • Saltpack data is very awkward to handle efficiently without streams because the packets are simply concatenated binary, NOT a serialized list structure

Encrypt

Builds an encrypt stream that writes raw binary data in a Buffer to Encrypt and read out saltpack encrypted binary packets. The first packet is the header and then all following packets are payloads, with the last packet being set with a true final flag.

Payload chunks are all 1000000 bytes maximum, as per saltpack.

All output is raw, unarmoured binary (no baseX, etc.).

IMPORTANT: An encrypt stream MUST be ended, e.g. with stream.end() otherwise the final chunk will never be flushed downstream and the data will be corrupted.

Encrypt builds a stream with three required arguments:

  • Sender keypair: The public and private keypair of the encryptor.
  • Recipient public keys: An array of all recipients of the encrypted data.
  • Visible recipients: false to anonymise recipients (only false works atm).
const encryptStream = Encrypt.Encrypt(
  senderKeyPair,
  recipientPublicKeys,
  visibleRecipients
)

All crypto keys must be 32 byte Uint8Arrays.

Decrypt

Builds a decrypt stream that attempts to decrypt packets produced by an Encrypt stream.

Expects decoded messagepack items from the Encrypt stream output.

Ideally the messagepack decoding would be handled internally to the Decrypt stream but there is a mismatch between the official messagepack stream handling (based on async iterators) and native node streams (e.g. reading a file).

Decrypt has only one argument, the recipient public and private key pair.

Any failure to verify, read or decrypt any packet immediately destroys the stream, so make sure to implement error handling.

Notably, the recipient public key simply not being in the header payload is a fatal error for the decrypt stream.

Example:

import * as FS from 'fs'
import * as MP from '@msgpack/msgpack'
import * as Encrypt from '@hummhive/saltpack'

const readStream = FS.createReadStream('ecrypted-file.txt')
const decryptStream = Encrypt.Decrypt(
  recipientKeyPair
)
const writeStream = FS.createWriteStream('decrypted-file.txt')

// Normal stream piping.
decryptStream.pipe(writeStream)

// Async iterator over messagepack items from the encrypted file.
for await (const item of MP.decodeStream(readStream)) {
  decryptStream.write(item)
}

How to release

CI automatically publishes to npm if it notices that the version has bumped on the main branch.

The easiest way to bump the version is by running npm version minor.

Push/merge to main and then CI will pick it up.