npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@vitia.ai/secure-api-client-expo

v1.0.10

Published

A secure, modern API client for Expo / React Native apps. Implements:

Downloads

1,033

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

masanchezvegamasanchezvega

Keywords

expovitiasdk

Readme

🔒 Secure API Client SDK A highly secure, end-to-end encrypted API client built for React Native and Expo.

This SDK implements a robust cryptographic handshake using X25519 for shared secret generation, ECDSA (P-256) for signature verification, and AES-GCM for payload encryption. To achieve browser-level cryptographic performance without polluting the global scope, it relies on fast C++ native bindings via Nitro Modules.

📦 Installation First, install the SDK itself:

Bash npm install @vitia.ai/secure-api-client-expo

or

yarn add @vitia.ai/secure-api-client-expo ⚠️ Crucial: Peer Dependencies Because this SDK performs heavy cryptographic operations natively, it relies on several peer dependencies. You must install these in your host application.

For Expo Projects Run the following command to ensure the correct versions are installed for your specific Expo SDK version:

Bash npx expo install expo-crypto react-native-quick-crypto react-native-nitro-modules react-native-quick-base64 @craftzdog/react-native-buffer 🚨 Expo Go is not supported: Because react-native-quick-crypto utilizes custom C++ code (Nitro Modules), this SDK will not work in the standard Expo Go app. You must compile a custom development build:

Bash npx expo run:ios

or

npx expo run:android For Bare React Native Projects Install the dependencies using your package manager:

Bash npm install expo-crypto react-native-quick-crypto react-native-nitro-modules react-native-quick-base64 @craftzdog/react-native-buffer Then, install the iOS native pods:

Bash npx pod-install 🚀 Quick Start

  1. Initialization Import the client and initialize it with your server's configuration and your long-term identity keys.
TypeScript
import { SecureApiClient } from 'your-sdk-package-name';

const apiClient = new SecureApiClient({
    baseUrl: 'https://api.yourdomain.com/v1',
    clientId: 'your-client-id',
    serverPublicKeyPem: `-----BEGIN PUBLIC KEY-----
...your server public key...
-----END PUBLIC KEY-----`,
    clientIdentityPrivateKeyPem: `-----BEGIN PRIVATE KEY-----
...your client private key...
-----END PRIVATE KEY-----`
});
  1. The Handshake & API Calls Before you can send encrypted data, you must establish a secure session. The SDK handles the X25519 key exchange, server signature verification, and AES-GCM encryption under the hood.
TypeScript
async function fetchSecureData() {
    try {
        // 1. Establish the secure session (auto-handles token refreshes)
        await apiClient.ensureSession();

        // 2. Make an encrypted GET request
        const healthData = await apiClient.get('/health-records');
        console.log("Decrypted Data:", healthData);

        // 3. Make an encrypted POST request
        const response = await apiClient.post('/update-profile', {
            bloodType: "O+",
            height: 180
        });
        
    } catch (error) {
        console.error("Secure API Error:", error);
    }
}

🧠 How the Cryptography Works (For Contributors) To avoid forcing global polyfills onto the host application, this SDK is designed to be self-contained:

Secure Randomness: expo-crypto generates secure random bytes for X25519 keypairs and AES initialization vectors (IVs).

Heavy Cryptography: react-native-quick-crypto (powered by BoringSSL) handles the ECDSA signing/verifying, HKDF key derivation, and AES-GCM encryption natively in C++ for maximum performance.

Signature Formatting: The SDK automatically translates between standard Web (Raw P1363) and Native (ASN.1 DER) signature formats to ensure seamless communication with browser-standard backend servers.