npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@kayaabadiv/seedsec

v1.0.3

Published

Secure API encryption module for Vue/React and Express

Downloads

372

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

kayaabadevkayaabadev

Keywords

encryptionsecurityaxiosexpressmiddlewareaes

Readme

SeedSec (@kayaabadiv/seedsec)

SeedSec is a security module designed to facilitate automatic encryption and decryption of API requests between a frontend (VueJS, React) and a backend (Express). It ensures that sensitive data travels encrypted over the network while remaining transparent to the developer.

Features

  • End-to-End Encryption: Encrypts request bodies (POST, PUT, PATCH) and server responses.
  • Transparent Integration:
    • Frontend: A wrapper compatible with the axios API.
    • Backend: A simple Express middleware.
  • Enhanced Security:
    • Uses AES (via crypto-js).
    • Build-time key injection mechanism to avoid storing the key in plain text in the frontend source code.

Installation

npm install @kayaabadiv/seedsec

Frontend Usage (VueJS / React)

1. Key Configuration

For security reasons, the encryption key should not be hardcoded in your frontend source files. SeedSec uses a script to inject the key in an obfuscated manner during the build process.

Add the following configuration to your package.json (Frontend):

{
  "seedsec": {
    "key": "YOUR_VERY_LONG_AND_COMPLEX_SECRET_KEY"
  }
}

Then, update your build scripts to execute the key injection:

"scripts": {
  "dev": "node node_modules/@kayaabadiv/seedsec/scripts/inject-key.js && vite",
  "build": "node node_modules/@kayaabadiv/seedsec/scripts/inject-key.js && vite build"
}

2. Sending Requests

Import seedsec and use it exactly like axios.

import seedsec from '@kayaabadiv/seedsec';

// Example POST request
// The data { username, password } will be encrypted before sending
// The server response will be automatically decrypted
const login = async () => {
  try {
    const response = await seedsec.post('http://api.your-domain.com/login', {
      username: 'admin',
      password: 'superpassword'
    });
    
    console.log('Received data (decrypted):', response.data);
  } catch (error) {
    console.error('Error:', error);
  }
};

Backend Usage (Express)

1. Middleware Configuration

On the server side, import the module and apply the middleware globally or on specific routes.

const express = require('express');
const seedsec = require('@kayaabadiv/seedsec');

const app = express();
const SECRET_KEY = "YOUR_VERY_LONG_AND_COMPLEX_SECRET_KEY"; // Must be identical to the frontend one

app.use(express.json());

// Activate SeedSec middleware
// It automatically decrypts req.body
// And overrides res.json() to encrypt the response
app.use(seedsec.middleware(SECRET_KEY));

app.post('/login', (req, res) => {
  // req.body is already decrypted here
  console.log('Login attempt for:', req.body.username);

  // The response will be automatically encrypted before being sent to the client
  res.json({ 
    success: true, 
    token: 'jwt_token_example', 
    user: { id: 1, role: 'admin' } 
  });
});

app.listen(4000, () => console.log('Server started on port 4000'));

Technical Details

  • Algorithm: AES (Advanced Encryption Standard).
  • Format: Data is sent in the form { payload: "encrypted_string..." }.
  • Key Injection: The scripts/inject-key.js script reads the key from package.json, encodes it in Base64, and reverses it for basic obfuscation, then generates a temporary file in node_modules that the module loads at runtime.

Warning

Although this module obfuscates the key and encrypts exchanges, keep in mind that any key present on the client side (browser) can potentially be recovered by a determined attacker with physical or remote access to the user's machine. This module primarily protects against network interception (MITM) and makes traffic analysis more difficult.