npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@stless/utils

v1.1.2

Published

Shared post-quantum cryptographic and encoding utilities designed for relevant frameworks and modern usage.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

stlessstless

Keywords

cryptographypost-quantumfips-202fips-203fips-204fips-205securityzero-fillconstant-timemnemonicwalletbip39argon2idtiming-safeframeworkencodingbech32base58qr-codeutil

Readme

@stless/utils

npm version Node.js License Verify Status Socket Badge Donate

High-performance, auditable, memory-safe cryptographic and encoding utilities with first-class post-quantum support.

Built for modern security-critical applications: wallets, key management, secure messaging, and frameworks that need battle-tested primitives without bloat.

Full API context optimized for AI assistants and contributors is available in llms-full.txt.

✨ Features

📦 Installation

npm install @stless/utils
# or
yarn add @stless/utils

Requires Node.js ≥ 24

🚀 Quick Start

// ESM
import Utils from '@stless/utils';
// or CJS
const { Utils } = require('@stless/utils');

// Secure random bytes (with optional temporal hardening)
const key = await Utils.hardenRNG(32, true);

// Argon2id KDF
const hash = await Utils.argon2('argon2id', {
  msg: 'my password',
  salt: await Utils.hardenRNG(16)
});

// Post-Quantum Key Encapsulation
const { publicKey, secretKey } = Utils.mlkem('ml-kem-768', {
  seed: await Utils.hardenRNG(64)
});

// Post-Quantum Key Signature
const { publicKey, secretKey } = Utils.mldsa('ml-dsa-65', {
  seed: await Utils.hardenRNG(32)
});

📘 API Documentation

Core Utilities

// Buffer handling & memory safety
const buf = Utils.buff('hello', { encoding: 'utf-8' });
Utils.zeroBuf(buf);                    // secure wipe
Utils.compare(a, b, { harden: true }); // constant-time

// Randomness
const entropy = await Utils.hardenRNG(32, isHardenRNG, conf);

// Try/catch sugar
const result = await Utils.wrapTry(async () => { ... });

Encoding & Formats

// Base codecs
const b58 = Utils.codec('base58').encode(data);
const decoded = Utils.codec('base58').decode(b58);

Utils.codec('bech32').encode(...);
Utils.codec('base64url').encode(...);

// Wallet Import Format
const wif = Utils.wif.encode(privateKey, { compressed: true });
const { privateKey: pk } = Utils.wif.decode(wif);

QR Codes

// GIF (native, no canvas)
const gif = Utils.qr.toImage('https://example.com', { scale: 6 });

// SVG
const svg = Utils.qr.toSVG(data);

// Terminal
console.log(Utils.qr.toTerminal(data));

Cryptography

const key = await Utils.hardenRNG(32);
const msg = Utils.buff('top secret');

// 1. Unified Noble Access (extra: true)
// Works for AES-GCM, XChaCha20, XSalsa20, etc.
const iv = await Utils.hardenRNG(24); // 24 bytes for X-variants
const cipher = Utils.getCipher('xchacha20-poly1305', {
    key, iv, extra: true, e: true, buffer: true
});

const encrypted = Buffer.concat([cipher.update(msg), cipher.final()]);

// 2. Node.js Native Access (extra: false)
const iv2 = await Utils.hardenRNG(16);
const cipher2 = Utils.getCipher('aes-256-ctr', {
    key, iv: iv2, e: true
});

const encrypted2 = Buffer.concat([cipher2.update(msg), cipher2.final()]);

Hashes & MACs

const hash = Utils.getHash('sha3-512', { extra: true })
  .update(data)
  .digest();

const hmac = Utils.getHmac('sha256', { key });

XOF & KMAC

const xof = Utils.getXof('shake256', { extra: true, o: { dkLen: 64 } });
const kmac = Utils.getKmac('kmac256', { key });

Post-Quantum Cryptography

// ML-KEM (Key Encapsulation)
const kem = Utils.mlkem('ml-kem-1024', { seed });

// ML-DSA (Signatures)
const dsa = Utils.mldsa('ml-dsa-87', { seed });

// SLH-DSA
const sphincs = Utils.slhdsa('slh-dsa-sha2-256f', { seed });

// Falcon
const falcon = Utils.falcon('falcon1024', {
    seed
    clear: true,  // Clear the input seed
});

All PQC functions are deterministic when given the same seed. See @noble/post-quantum for full documentations and usage.

Mnemonics

BIP39 (Standard)

const mnemonic = Utils.bip39.generate(256, { lang: 'english' });
const seed = Utils.bip39.toSeed(mnemonic, { password: 'optional' });
const valid = Utils.bip39.validate(mnemonic);

iKey (High-Density 65,536-word list)

// Generate 256-bit iKey (17 words including checksum)
const ikey = await Utils.ikey.generate(256, { isHardenRNG: true });

// Validate
const isValid = Utils.ikey.validate(ikey);

// Conversion
const bytes = Utils.ikey.toBytes(phrase);
const words = Utils.ikey.toWords(buffer);

🔒 Security Notes

  • All Noble ciphers are wrapped to support the standard .update(data) and .final() pattern, regardless of whether the underlying algorithm is a one-shot function or a stateful class.
  • All sensitive buffers are zeroed after use when clear: true is passed.
  • compare() uses timingSafeEqual (or hardened double-hash mode).
  • hardenRNG integrates ths-csprng wrapper for temporal hardening.
  • Checksums are generated and verified on every build verify.sh.
  • Prefer extra: true for Noble implementations in cross-platform code.

Always use the library's memory management helpers when handling secrets.

🔍 Algorithm Discovery

Instead of maintaining static lists, you can query the engine directly for all supported primitives.

// Get everything: PQC, Noble (extra), and Native (crypto)
const registry = Utils.names;

console.log(registry.pqc);    // All Noble Post-Quantum algorithms
console.log(registry.extra);  // All Noble (Extra) algorithms
console.log(registry.crypto); // All secure-filtered native algorithms

📃 Supported Algorithm Names

Encoding

Utils.codec(name)

| Category | Supported Names | |-----------------------------|-----------------| | Standard Bases | base16, base32, base58, base64 | | Flavors | base58xmr, base58xrp, base64url, base32hex, base32crockford, base58check | | Bitcoin / Lightning | bech32, bech32m |

KDF

Utils.argon2(name = 'argon2id')

| Variant | Name | |-------------|------| | Default | argon2id | | Alternatives| argon2i, argon2d |

Post-Quantum Functions

| Function | Supported Names | |-----------------------|-----------------| | Utils.mlkem() | ml-kem-512, ml_kem512, ml-kem-768, ml_kem768, ml-kem-1024, ml_kem1024 | | Utils.mldsa() | ml-dsa-44, ml_dsa44, ml-dsa-65, ml_dsa65, ml-dsa-87, ml_dsa87 | | Utils.slhdsa() | slh-dsa-sha2-128f, slh-dsa-sha2-128s, slh-dsa-sha2-192f, slh-dsa-sha2-192s,slh-dsa-sha2-256f, slh-dsa-sha2-256s,slh-dsa-shake-128f, slh-dsa-shake-128s, slh-dsa-shake-192f, slh-dsa-shake-192s,slh-dsa-shake-256f, slh-dsa-shake-256s | | Utils.falcon() | falcon512, falcon1024 |

Noble Direct Access

Utils.noble(name)

| Category | Names | |-----------------------------|-------| | Ciphers | aes, chacha, salsa | | Hashes / HMAC / XOFs | noble_hmac, sha2, sha3, sha3_addons, blake3_mod, blake2, legacy | | PQC: ML-KEM | ml_kem512, ml_kem_512, ml_kem768, ml_kem_768, ml_kem1024, ml_kem_1024 | | PQC: ML-DSA | ml_dsa44, ml_dsa_44, ml_dsa65, ml_dsa_65, ml_dsa87, ml_dsa_87 | | PQC: Signature / Other | slh_dsa, falcon512, falcon1024 |

Node.js Built-in Crypto (extra: false)

| Function | Supported Algorithms | |-------------------------|----------------------| | Utils.getCipher() | aes-256-gcm, aes-256-ctr, aes-256-cfb, aes-256-cfb1, aes-256-cfb8, aes-256-ocb, aes-256-ofb, aes-256-xts, chacha20-poly1305, chacha20 | | Utils.getHmac() | sha224, sha256, sha384, sha512, sha512-224, sha512-256, ripemd, ripemd160, rmd160, sha1, md5, md5-sha1 | | Utils.getHash() | sha224, sha256, sha384, sha512, sha512-224, sha512-256, sha3-224, sha3-256, sha3-384, sha3-512, blake2b512, blake2s256, ripemd, ripemd160, rmd160, sha1, md5, md5-sha1 | | Utils.getXof() | shake128, shake256 |

Noble Implementations (extra: true)

Ciphers

| Category | Supported Names | |----------------|-----------------| | AES | aes-256-gcm, aes-256-ctr, aes-256-cfb, aes-256-siv | | ChaCha20 | chacha20-poly1305, xchacha20-poly1305, chacha20, xchacha20 | | Salsa20 | xsalsa20-poly1305, salsa20, xsalsa20 |

HMAC, Hash & XOF

| Function | Supported Names | |-------------------------|-----------------| | Utils.getHmac() | sha224, sha256, sha384, sha512, sha512-224, sha512-256, ripemd160, sha1, md5 | | Utils.getHash() | sha224, sha256, sha384, sha512, sha512-224, sha512-256,sha3-224, sha3-256, sha3-384, sha3-512,keccak-224, keccak-256, keccak-384, keccak-512,blake2s256, blake2b512, blake3, ripemd160, sha1, md5 | | Utils.getXof() | shake128, shake256, cshake128, cshake256, turboshake128, turboshake256, k12, kt128, kt256 |

Keyed XOF

| Function | Supported Names | |------------------------|-----------------| | Utils.getKmac() | kmac128, kmac256 |

[!TIP]

Consistency & Compatibility: Use extra: true to prioritize Noble implementations for maximum cross-platform consistency and browser support.

Flexible Naming: The library supports both kebab-case (ml-kem-512) and snake_case (ml_kem_512) for all algorithms (Noble, PQC, Cipher, Hash, HMAC, and XOF). As long as the name is lowercase and valid, the primitive will be resolved correctly.

🛠 ️Development & Verification

npm run check        # test + verify checksums
npm run build        # minify + generate docs + checksums
npm test

The project uses:

  • terser for minification
  • SHA-256 checksums for all built files
  • Strict mode + comprehensive test suite

⭐ Contributor(s)

📄 License

Licensed under the Apache License, Version 2.0; a robust, permissive license that includes an explicit grant of patent rights and provides protection against contributor liability.

Copyright © 2026 Aries Harbinger. See the LICENSE file for full details.

🔗 Links

Made with security, auditability, and developer experience in mind.