npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

basic-crypto

v1.0.2

Published

basic crypto wrapper, with sensible defaults

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

leonardodinoleonardodino

Keywords

cryptoabstractionbasicsimplehashencryptdecrypt

Readme

basic-crypto

npm version Build Status Coverage Status Code Climate

Basic, high-level, opnionated crypto suite. 0

This module lets you encrypt and decrypt strings in your Node.js application. It's goal is to be a simplified interface to the many, sometimes confusing, methods of the crypto module.

Features:

  • [x] dependency-free -- except node's internal crypto module 1
  • [x] simple api -- encrypt(plaintext) & decrypt(cypherText)
  • [x] message authentication -- turn on by setting {integrity: true}
  • [x] encryption and hash keys pinning, or generating them on-the-fly
  • [x] tested -- my first atempt at a "decently tested" module 2
  • [x] secure -- protected against HMAC timing attack, uses PRNG IV, etc
  • [x] convenient useage -- methods provides both sync and async signatures
  • [x] very small codebase -- easy to examine
  • [ ] proper key stretching -- safe to handle user provided criptographic keys 3
  • [ ] truly async methods -- leverage streaming crypto functions 4

Install

$ npm install --save basic-crypto

Usage

Constructor

This module provides a regular js constructor, which is initializated with options. For conveinience it can be called with or without the new keyword.

var basicCrypto = require('basic-crypto')(options)

is the same as

var BasicCrypto = require('basic-crypto')
var basicCrypto = new BasicCrypto(options)

for options, see "Modes"

Methods

There are only two methods in each instance, the function signature is the same:

syncronous: accepts only one argument. 5

var plainText = 'any string, multibyte support, etc'
var encrypted = basicCrypto.encrypt(plainText)
var decrypted = basicCrypto.decrypt(encrypted)
console.log(decrypted === plainText) //true

asyncronous: accepts only an argument and a standard node callback.

var plainText = 'any string, multibyte support, etc'
basicCrypto.encrypt(plainText, function(err, encrypted){
    basicCrypto.decrypt(encrypted, function(err, decrypted){
        console.log(decrypted === plainText) //true
    })
})

Modes

This module can operate, transparently, in two distinct ways:

Encrypt only

This is the default behaviour, but it's advisable to only use it in already signed enviroments, as encryption alone doesn't guarantees the origin and/or the integrity of the data.

A possible use case is inside a JWT, to encrypt a property.

valid options:

  • key: [string, optional] Set a fixed cryptographic key. 6

Encrypt then sign

The second method is enabled by passing {integrity: true} to the constructor. After encrypting, it will append an HMAC of the encrypted text to the end of the block. When decrypting this block, it will first check the HMAC signature, and then decrypt it. When any "weird thing" occurs in either phase, the process is halted with an error.

valid options:

  • key: [string, optional] Set a fixed cryptographic key. 6
  • integrity: [boolean, required] To enable signing this property must be true.
  • hmacKey: [string, optional] set a fixed signing key. 6
  • hmacSize: [integer, optional] truncate signature to this length.

Error handling

  • Syncronous invocations will throw an error if something goes awry.
  • Asyncronous invocations follows node style callback, (err, result).

Compatibility

  • node: v4.0.0 or later

Tests

$ npm install
$ npm test

Issue Reporting

If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. Contact-me personally instead.

Author

Leonardo Dino

License

This project is licensed under the MIT license. See the LICENSE file for more info.

Footnotes

0 As usual, everything is provided "AS-IS", no liability, but I might be using this code in production. Shhhh. 1 And some usual test module, as dev-dependency. 2 Accepting pull requests of unit tests for the helper library. 3 Accepting pull requests of a method implementing pbkdf2. 4 Unfortunelly this leads to code duplication, as the sync methods can't support it. 5 Syncronous code should be always wraped inside a try-catch block, as any erros are thrown. 6 A fixed key is useful when talking to other processes, or storing the key for later. When not provided a key will be generated randomly on the fly, but it's not possible to access this value, and it's unique in each instantiation.