npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@novaqore/ai

v0.5.0

Published

The world's first private, quantum-encrypted LLM clients. CRYSTALS-Kyber + AES-256-GCM end-to-end encryption. Zero dependencies.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

novaqorenovaqore

Keywords

aillmopenaichatgptgptgpt-4claudeanthropicgeminimistralllamaollamaqwendeepseekmoonshotkimikimi-k2phicohereperplexitygroqtogether-aihuggingfacetransformerschatbotmachine-learningdeep-learningnlpnatural-language-processinggenerative-aitext-generationai-apiquantumencryptionkyberpost-quantumcryptographyaes-256-gcmcrystals-kyberprivate-aiquantum-encryptionsecure-aiencrypted-llmnovaqore

Readme

The first private, quantum-encrypted LLMs

The problem

AI is eating the world, and the world is feeding it everything. Customer names, home addresses, credit card numbers, medical records, legal documents, internal business strategy, private conversations. All of it is being sent to large language models every day by millions of developers and businesses.

Most people assume HTTPS keeps that data safe. It does not. HTTPS encrypts the connection between your machine and the server, but that protection has limits. Corporate firewalls and network proxies routinely perform TLS inspection, decrypting and re-encrypting traffic so they can read everything passing through. Load balancers and CDNs terminate TLS at the edge, meaning your data sits in plaintext inside the provider's infrastructure. A compromised certificate or a stolen private key breaks the entire chain. The AI provider itself sees all of your data in the clear on their servers, and in most cases they log it, store it, and reserve the right to use it.

And then there is the future. Quantum computers are advancing fast. Attackers and nation-states are already recording encrypted internet traffic today with the intention of decrypting it later once quantum hardware catches up. This is called "harvest now, decrypt later," and it is not theoretical. It is happening. Every sensitive prompt you send over standard HTTPS today is a liability tomorrow.

The solution

NovaQore AI is a private LLM client created by NovaQore. We built it because HTTPS alone is not enough to protect what people are feeding into AI.

We run our own large language models on 🇺🇸 US-based infrastructure. No third-party AI providers. No data leaving the country. No shared multi-tenant GPU clusters where your prompts sit next to someone else's. Our servers, our models, our network.

Every request is encrypted end-to-end with post-quantum cryptography. Before your data ever leaves your machine, it is locked using CRYSTALS-Kyber (Kyber1024 key encapsulation) and AES-256-GCM. This is not HTTPS. This is an additional layer of encryption on top of it. Even if someone breaks the TLS connection, intercepts traffic at a proxy, or sits inside the network infrastructure, they see nothing but random bytes. The server decrypts your prompt only in memory, runs the model, encrypts the response with the same shared secret, and sends it back. Fresh cryptographic keys are generated for every single request. Nothing is reused. Nothing is cached. Nothing is logged.

The encryption is quantum-safe. CRYSTALS-Kyber is a NIST-standardized post-quantum algorithm. Even if a future quantum computer could break today's TLS, it cannot break Kyber. Your data is protected now and it stays protected decades from now.

This is not a proxy. This is not a wrapper. This is a fully private AI pipeline from your code to our GPUs, with post-quantum encryption at every step.

What a traditional LLM request looks like

POST /v1/chat/completions
x-api-key: sk-NqR7xT9vKmLpWz3bYhUd    <- your key, fully exposed
x-uid: usr_8f3a1b2c

{ "messages": [{ "role": "user", "content": "What is the meaning of life?" }] }

Everything is readable. Your key, your identity, your prompt.

What the same request looks like through NovaQore AI

POST /v1/chat/completions

{
  "uid": "usr_8f3a1b2c",
  "keyId": "OnHODAr8kb6r5iUaZk6",
  "ciphertext": "K3mVpQ8xTz1Rf5wNyB7uHcLgA0jXoE4sDi9vMaG2kY...==",
  "encrypted": "mNx8Kv2QpLrT5wYzBf1HcOjXgA4sEi7uDa9RtM3kWb...=="
}

Random bytes. No API key. No readable content. The response comes back encrypted the same way.

Who is NovaQore AI for

✅ Built for

  • Healthcare and medical companies handling patient data, HIPAA-regulated workflows, and clinical AI
  • Financial institutions processing sensitive transactions, risk models, and customer data
  • Legal firms working with privileged communications, contracts, and case strategy
  • Government agencies that require data sovereignty and classified-level privacy
  • Defense contractors building AI into systems where exposure is not an option
  • Enterprise teams with internal data that cannot leave a controlled pipeline
  • Startups with proprietary IP who need AI without leaking trade secrets to third-party providers
  • Developers building for regulated industries where compliance requires encryption at rest and in transit
  • Anyone who believes their AI conversations are nobody else's business

❌ Not built for

  • ❌ Illegal activity of any kind
  • ❌ Spying, stalking, or surveillance
  • ❌ Generating content that exploits or harms others
  • ❌ Mass data collection or scraping
  • ❌ Anything that violates local, state, or federal law

What makes NovaQore AI different

| | Traditional LLM API | NovaQore AI | |---|---|---| | Your prompts | Plaintext, readable by anyone in the middle | Quantum-encrypted, unreadable in transit | | Your API key | Exposed in headers on every request | Never sent. Replaced by quantum handshake | | Key exchange | None | Kyber1024 (post-quantum safe) | | Per-request keys | No, same key forever | Yes, fresh keys every single call | | Infrastructure | Shared, third-party, often overseas | Dedicated 🇺🇸 US-based servers | | Quantum-safe | No | Yes |

Install

npm install @novaqore/ai
// CommonJS
const NovaQoreAI = require("@novaqore/ai");

// ES Module
import NovaQoreAI from "@novaqore/ai";

Quick Start

Get your quantum keys from the developer dashboard.

1. Drop in your service file and go

Download your novaqore-ai-service-*.json and drop it in your project root:

import NovaQoreAI from "@novaqore/ai";

const nq = new NovaQoreAI();

const { result } = await nq.chat([
  { role: "user", content: "Hello" }
]);

console.log(result.choices[0].message.content);

NovaQore AI auto-detects the service file. If no service file is found, it falls back to environment variables automatically.

2. Or pass the path explicitly

const nq = new NovaQoreAI("./novaqore-ai-service-MkT3xYpLqN8vRwS1.json");

3. Or use environment variables

NOVAQORE_UID=your-user-id
NOVAQORE_QUANTUM_KEY=your-base64-quantum-key
NOVAQORE_KEY_ID=your-key-id
const nq = new NovaQoreAI({
  uid: process.env.NOVAQORE_UID,
  quantumKey: process.env.NOVAQORE_QUANTUM_KEY,
  keyId: process.env.NOVAQORE_KEY_ID,
});

If you call new NovaQoreAI() with no arguments and no service file is present, it will automatically read from these environment variables.

Examples

System prompt

const { result } = await nq.chat([
  { role: "system", content: "You are a helpful assistant that responds in haikus." },
  { role: "user", content: "Tell me about the ocean" }
]);

Tool use

const { result } = await nq.chat(
  [{ role: "user", content: "What's the weather in NYC?" }],
  {
    tools: [
      {
        type: "function",
        function: {
          name: "get_weather",
          description: "Get weather for a location",
          parameters: {
            type: "object",
            properties: {
              location: { type: "string", description: "City name" }
            },
            required: ["location"]
          }
        }
      }
    ]
  }
);

const toolCall = result.choices[0].message.tool_calls[0];
console.log(toolCall.function.name);       // "get_weather"
console.log(toolCall.function.arguments);  // '{"location":"New York City"}'

Streaming

const { stream, stop } = await nq.chat(
  [{ role: "user", content: "Tell me about the ocean" }],
  { stream: true }
);

for await (const chunk of stream) {
  const content = chunk.choices[0]?.delta?.content || "";
  process.stdout.write(content);
}
console.log();

Call stop() at any time to abort the stream (e.g. wire it to a stop button in your UI).

Options

| Option | Type | Default | Description | |--------|------|---------|-------------| | temperature | float | - | Sampling temperature (0-2) | | stream | bool | false | Stream response | | tools | array | - | Tool definitions | | tool_choice | string | - | Tool selection mode |

Encrypted Chat History

Every chat() call returns an encrypted object alongside the result — the raw encrypted blobs that were already generated during the request. No extra crypto work. Store them however you want (localStorage, IndexedDB, a database).

// Server-side (route.ts)
const { result, encrypted } = await nq.chat([
  { role: "user", content: "Hello" }
]);

// Return both to the client
return Response.json({ result, encrypted });

The client stores the encrypted blobs — unreadable without the server-side SDK:

// Client-side
localStorage.setItem("chat-123", JSON.stringify(encrypted));

When you need to load history, send the stored blobs back to the server and decrypt:

// Server-side (e.g. /api/history route)
const stored = req.body.encrypted; // from client localStorage
const { messages, response } = nq.decrypt(stored);
return Response.json({ messages, response });

Streaming works the same way — the encrypted object collects chunks as they stream:

const { stream, stop, encrypted } = await nq.chat(
  [{ role: "user", content: "Tell me about the ocean" }],
  { stream: true }
);

for await (const chunk of stream) {
  const content = chunk.choices[0]?.delta?.content || "";
  process.stdout.write(content);
}

// After stream completes, encrypted.chunks contains all encrypted blobs
return Response.json({ encrypted });

The client only holds encrypted bytes it cannot read. All decryption stays server-side.

Health check

const status = await nq.health();

Zero Dependencies

NovaQore AI vendors all of its cryptographic libraries. Kyber1024 and SHA-3 are bundled directly in lib/. There are no external npm dependencies. No supply chain risk. The only requirement is Node 18 or higher.

Roadmap

We are actively building the next generation of private AI infrastructure. Multi-model support, streaming encryption, and more.

View the Roadmap

White Papers

Technical deep dives into the cryptography, architecture, and threat models behind NovaQore AI. How we protect your data, why we chose Kyber1024, and what post-quantum safety actually means in practice.

Read the White Papers

Community

We are building this in the open. Join us.

Credits

Disclaimer

NovaQore AI is provided as-is. We do not store your conversations. We do not log your prompts or responses. We do not use your data to train models. Your messages are encrypted on your machine, decrypted only long enough to run the model, and the response is encrypted before it leaves our server. We do not have access to the content of your requests and we do not keep copies.

We built NovaQore AI to give people and businesses a genuinely private way to use AI. That said, NovaQore AI is not a tool for illegal activity. We do not tolerate unlawful use of our service. While we cannot see your data, we will cooperate with law enforcement when presented with a valid legal order as required by law.

By using NovaQore AI, you agree to use it responsibly and in compliance with all applicable laws.

License

MIT