npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@theermite/morphic-wasm-core

v2.0.0-alpha.0

Published

Shinkofa Morphic Adaptation — Rust→WASM critical paths (NaCl box, B-018)

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

theermitejaytheermitejay

Keywords

Readme

@theermite/morphic-wasm-core

Rust → WebAssembly critical paths for the Morphic Adaptation Engine.

Status: B-018 (live). NaCl box primitives shipped. CDC ref: F-017 (Tri-layer Rust→WASM critical).

What it provides

NaCl-compatible authenticated encryption (Curve25519 + XSalsa20 + Poly1305) via the audited crypto_box crate (RustCrypto, pure Rust). Output is byte-identical to tweetnacl.box, so ciphertexts produced by either side are interchangeable.

Exported API (TypeScript via wasm-bindgen):

| Function | Returns | Purpose | |----------|---------|---------| | wasmGenerateKeypair() | WasmKeyPair (publicKey + secretKey) | Curve25519 key pair via OsRng (Web Crypto in browser) | | wasmGenerateNonce() | Uint8Array (24 bytes) | Random XSalsa20 nonce | | wasmRandomBytes(len) | Uint8Array | CSPRNG bytes | | wasmEncryptBox(plaintext, recipientPk, senderSk, nonce) | Uint8Array | Authenticated ciphertext (plaintext + 16-byte Poly1305 tag) | | wasmDecryptBox(ciphertext, nonce, senderPk, recipientSk) | Uint8Array | Plaintext, or throws JsError on auth failure |

Build

pnpm --filter @theermite/morphic-wasm-core build           # target web
pnpm --filter @theermite/morphic-wasm-core build:bundler   # target bundler (Vite/webpack)

Output lands in pkg/ (ESM + .d.ts + raw .wasm, ~58 KB). The bundle is loaded lazily by packages/engine/src/wasm-bridge.ts so projects that don't need WASM crypto pay 0 KB.

Tests

pnpm --filter @theermite/morphic-wasm-core test            # native cargo tests

Runs 9 tests, including 4 property-based tests × 1024 cases (= 4096 encrypt/decrypt round-trips) covering:

  • Round-trip identity (decrypt(encrypt(m)) == m)
  • Bit-flip tamper detection (Poly1305 catches every alteration)
  • Wrong-nonce rejection
  • Wrong-key rejection (with a positive sanity check inside)

Plus 5 deterministic fixtures (key/nonce lengths, tag overhead, empty plaintext, truncated ciphertext).

Why Rust → WASM (vs staying on tweetnacl-js)

  • Maintenance: tweetnacl-js is unmaintained since 2020. crypto_box is part of the actively-maintained RustCrypto ecosystem.
  • Audit surface: pure-Rust, no JS legacy. Smaller dependency tree.
  • Performance: WASM crypto ~2-5× faster than JS for sustained workloads (large message batches, many keypairs).
  • Determinism: same binary across Node, Deno, browsers — no engine variance on a critical path.

Defensive assertions (PET §5)

| Function | Assertions | |----------|-----------| | wasm_encrypt_box / wasm_decrypt_box | key lengths = 32 bytes; nonce length = 24 bytes | | wasm_decrypt_box | authentication failures surface as Err (no silent corruption) | | wasm_generate_keypair | uses OsRng (browser Web Crypto via getrandom js feature) |

Length checks pulled into a single validate_box_inputs helper to keep the audit trail concentrated.

License

AGPL-3.0-or-later (matches the rest of the Morphic Engine).