npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@zkim-platform/post-quantum

v1.0.0

Published

Production-ready, developer-friendly wrapper for NIST-standardized post-quantum cryptography (ML-KEM-768, ML-DSA-65) with error handling, validation, serialization, and crypto-agility framework

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

zkimdevzkimdev

Keywords

post-quantumcryptographyml-kemml-dsafips-203fips-204nistquantum-safequantum-resistantkey-exchangedigital-signaturescrypto-agilitytypescriptproduction-readyzkim

Readme

Protect your applications against future quantum computer attacks with production-ready post-quantum cryptography. Built on NIST-standardized algorithms (FIPS 203/204) with comprehensive error handling, key management, and crypto-agility.

Who is this for?

  • Developers building secure communication or encryption systems
  • Applications requiring long-term confidentiality (store-now-decrypt-later resistance)
  • Projects that need post-quantum key exchange and signatures
  • Teams looking for production-ready cryptographic infrastructure

🚀 Quick Start

Installation

npm install @zkim-platform/post-quantum

Basic Usage (5 minutes)

import { getZKIMPostQuantumService } from '@zkim-platform/post-quantum';

// 1. Get service instance (singleton)
const service = await getZKIMPostQuantumService();

// 2. Initialize (one-time setup)
await service.initialize();

// 3. Generate keys
const kemKeyPair = service.generateKEMKeyPair();
const dsaKeyPair = service.generateDSAKeyPair();

// 4. Use operations
const { cipherText, sharedSecret } = service.encapsulate(recipientPublicKey);
const signature = service.sign(message, dsaKeyPair.secretKey);
const isValid = service.verify(message, signature.signature, dsaKeyPair.publicKey);

Key Exchange (10-15 minutes)

import { getZKIMPostQuantumService } from '@zkim-platform/post-quantum';

// Alice's side
const aliceService = await getZKIMPostQuantumService();
await aliceService.initialize();
const aliceKeys = aliceService.generateKEMKeyPair();

// Bob's side
const bobService = await getZKIMPostQuantumService();
await bobService.initialize();
const bobKeys = bobService.generateKEMKeyPair();

// Alice encapsulates to Bob
const { cipherText, sharedSecret: aliceSecret } = aliceService.encapsulate(bobKeys.publicKey);

// Bob decapsulates
const bobSecret = bobService.decapsulate(cipherText, bobKeys.secretKey);
// Both now have the same shared secret for encryption

Message Signing (10 minutes)

import { getZKIMPostQuantumService } from '@zkim-platform/post-quantum';

const service = await getZKIMPostQuantumService();
await service.initialize();

// Generate signing keys
const signingKeys = service.generateDSAKeyPair();

// Sign message
const message = new TextEncoder().encode('Hello, World!');
const signature = service.sign(message, signingKeys.secretKey);

// Verify signature
const isValid = service.verify(message, signature.signature, signingKeys.publicKey);

📚 Documentation

📖 Full Documentation → Wiki

✨ Features

🔐 Post-Quantum Cryptography

  • ML-KEM-768 (FIPS 203) - Key Encapsulation Mechanism for secure key exchange
  • ML-DSA-65 (FIPS 204) - Digital Signature Algorithm for message authentication

🛠️ Production-Ready Features

  • Service Architecture - Singleton pattern with initialization/cleanup lifecycle
  • Error Handling - Comprehensive validation with clear error messages
  • Key Management - Serialization, fingerprinting, caching
  • Crypto-Agility - Algorithm suite abstraction for future-proofing
  • Type Safety - Full TypeScript support with complete type definitions

📦 Developer Experience

  • Simple API - 3-4 methods for most use cases
  • Well-Documented - Complete documentation with examples
  • Battle-Tested - Used in production ZKIM platform
  • Zero Dependencies on ZKIM - Fully standalone package

⚠️ FIPS Validation Disclaimer

CRITICAL: This package uses NIST-standardized algorithms (FIPS 203/204), but the implementation itself is NOT FIPS 140-3 validated by an accredited laboratory.

What this means:

  • ✅ Uses NIST-standardized algorithms (ML-KEM-768, ML-DSA-65)
  • ✅ Follows FIPS 203/204 specifications
  • ✅ Implements algorithms according to NIST standards
  • Implementation not validated by accredited lab
  • Not certified for government use requiring FIPS validation

For FIPS-validated implementations:

  • Use FIPS-validated cryptographic modules from accredited vendors
  • Obtain FIPS 140-3 validation from accredited laboratory
  • Follow government compliance requirements

See Security Documentation for details.

📋 Requirements

  • Node.js: >= 18.0.0
  • TypeScript: >= 5.0.0 (recommended)
  • Browser: Modern browsers with ES2020+ support

🏗️ Key Serialization

import { serializeMLKEMKeyPair, deserializeMLKEMKeyPair } from '@zkim-platform/post-quantum';

// Serialize for storage/transport
const serialized = serializeMLKEMKeyPair(keyPair); // JSON-safe

// Deserialize later
const restored = deserializeMLKEMKeyPair(serialized);

📖 Examples

See the Examples Wiki for:

  • Basic key generation
  • Key exchange between parties
  • Message signing and verification
  • Crypto-agility framework usage
  • Integration patterns

🤝 Contributing

Contributions are welcome! Please see our Contributing Guide for details.

📄 License

MIT License - see LICENSE for details.

🔗 Links

  • npm: https://www.npmjs.com/package/@zkim-platform/post-quantum
  • GitHub: https://github.com/zkdotim/zkim-post-quantum
  • Documentation: https://github.com/zkdotim/zkim-post-quantum/wiki
  • Issues: https://github.com/zkdotim/zkim-post-quantum/issues

Provenance

This package is published with npm Provenance (build attestation) to ensure authenticity and integrity.

What is Provenance? Provenance provides verifiable information about how and where this package was built:

  • Built and signed on: GitHub Actions
  • Source Commit: Links to exact GitHub commit
  • Build File: Links to GitHub Actions workflow
  • Public Ledger: Transparency log entry (immutable record)

Why it matters:

  • Verifies package authenticity
  • Shows exact source code used
  • Provides build environment details
  • Creates immutable audit trail
  • Enhances supply chain security

Verify locally:

npm audit signatures

For more information, see npm Provenance Documentation.

Key Technologies

Built on top of:

Made with ❤️ by the ZKIM Team