npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

ephemeral_notes

v0.1.1

Published

Self-destructing encrypted notes

Downloads

6

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

0xrazumovsky0xrazumovsky

Keywords

encryptionephemeralnotessecurityprivacy

Readme

Express.js NodeJS JavaScript TypeScript GitHub

Ephemeral Note

Local, offline, self-destructing encrypted notes.

Ephemeral Note is a small security utility designed to store sensitive text locally with strict lifetime and access limits. It intentionally avoids servers, accounts, sync, or background services. A note is just a file, and the key never leaves memory.

Philosophy

•	Local-first, offline-only
•	No servers, accounts, sync, or telemetry
•	One encrypted file + one binary
•	The encryption key exists only in process memory
•	Self-destruction is enforced cryptographically and physically, not by trust or policy flags

This tool is designed to work in spite of platforms, not because of them.

What It Does

Ephemeral Note allows you to create an encrypted note protected by:

- a passphrase
- a maximum number of opens
- a fixed lifetime (TTL)

Once the limits are reached, the note destroys itself.

Installation

npm i ephemeral_notes
note --version

Usage

Create a note

note create mynote.enc

You will be asked for:

- note text (ends with ".")
- maximum number of opens
- lifetime in hours
- passphrase (entered twice)

Open a note

note open mynote.enc

On every open:

- TTL is checked
- open counter is checked
- note state is updated
- on the last allowed open, the note destroys itself

Help

note help

Self-Destruction

When a note expires or reaches its maximum number of opens:

- the encryption key is wiped from memory
- the file is overwritten with random data (best-effort on modern filesystems)
- the file header is intentionally corrupted
- the file is deleted

The goal is to make recovery from backups or casual forensic analysis impractical.

Threat Model

Protected against:

- accessing the note after destruction
- stale or accidental backups
- casual forensic analysis of deleted files
- “I changed my mind” scenarios

Not protected against:

- live OS compromise
- screen recording or keylogging
- memory dumps during decryption
- root access or attached debuggers

If the environment is hostile at the moment of opening, the note is already compromised.

Cryptography

•	Encryption: XChaCha20-Poly1305 (AEAD)
•	Key derivation: Argon2id (memory-hard)
•	Library: libsodium

These primitives were chosen for misuse resistance and long-term auditability.

File Format

[MAGIC 8b] [VERSION 1b] [SALT 16b] [POLICY 12b] [STATE 12b] [NONCE 24b] [CIPHERTEXT ...] [AUTH TAG 16b]

All fields except MAGIC and VERSION are authenticated by AEAD.

License

MIT