npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

evo-e2ee

v1.0.2

Published

Production-grade End-to-End Encryption SDK for React and Node.js

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

dakshadubeydakshadubey

Keywords

e2eeencryptionsecuritywhatsappsdktypescript

Readme

EvoE2EE SDK (End-to-End Encryption)

EvoE2EE Banner

Production-grade End-to-End Encryption (E2EE) SDK for React, Node.js, and Vanilla JS. Built on top of ECDH (P-256), AES-256-GCM, and HKDF.

[!IMPORTANT] This SDK implements a "Signal-Style" double-ratchet inspired flow, ensuring that even if your server is compromised, the messages remain undecipherable.

System Architecture

Architecture Flow

The Encryption Lifecycle

sequenceDiagram
    participant S as Sender
    participant K as KeyServer (Your DB)
    participant R as Receiver

    Note over S,R: 1. Setup Phase
    R->>K: Publish Identity & Encryption Public Keys
    
    Note over S,R: 2. Encryption Phase
    S->>K: Fetch Receiver's Public Key
    S->>S: Generate Ephemeral ECC Key
    S->>S: ECDH (Ephemeral Priv + Receiver Pub) 
    S->>S: HKDF(SharedSecret) -> AES Session Key
    S->>S: AES-GCM Encrypt(Message)
    S->>S: ECDSA Sign(Ciphertext + EphemeralPub)

    Note over S,R: 3. Transmission
    S->>K: Send {ciphertext, ephemeralPub, signature, iv}

    Note over S,R: 4. Decryption Phase
    K->>R: Deliver Payload
    R->>R: ECDSA Verify(Signature)
    R->>R: ECDH (Receiver Priv + Ephemeral Pub)
    R->>R: HKDF(SharedSecret) -> AES Session Key
    R->>R: AES-GCM Decrypt(Ciphertext)

Quick Start Guide

1. Installation

npm install evo-e2ee

2. Initialization

Initialize the SDK once at the start of your application. It automatically chooses the best crypto provider (Node WebCrypto or Browser SubtleCrypto).

import { evoE2EE } from "evo-e2ee";

await evoE2EE.init({
  appId: "my-secure-app",
  platform: "react" // or 'node' | 'browser'
});

3. Key Management

The SDK manages two types of keys for every user:

  1. Identity Key: Long-term key used for signing (Authenticity).
  2. Encryption Key: Used for ECDH shared secret derivation.
const { identityKey, encryptionKey } = evoE2EE.getPublicKeys();
// Store these on your server so others can find you!

Developer Manual

Sending a Secure Message

To send a message, you need the recipient's Encryption Public Key.

const encryptedPayload = await evoE2EE.encrypt(
  "Secret Message", 
  "RECIPIENT_ENCRYPTION_PUBLIC_KEY_BASE64"
);

// encryptedPayload contains:
// { cipherText, ephemeralPublicKey, signature, iv, version }

Receiving a Secure Message

When you receive a payload, you can decrypt it. If you know the sender, pass their Identity Public Key to verify their identity.

try {
  const plainText = await evoE2EE.decrypt(
    encryptedPayload,
    "SENDER_IDENTITY_PUBLIC_KEY_BASE64"
  );
  console.log("Decrypted:", plainText);
} catch (err) {
  console.error("Decryption failed or Signature invalid!");
}

🛠 Production Safeguards

| Feature | Protection | Description | | :--- | :--- | :--- | | P-256 ECC | Identity | Future-proof elliptic curve cryptography. | | AES-256-GCM | Privacy | Military-grade encryption with built-in integrity tagging. | | Ephemeral Keys | Key Binding | A new ephemeral key is generated for every single message. | | Signature Binding | No-Tampering | The signature covers both the text and the keys, preventing man-in-the-middle key swaps. | | HKDF | Key Isolation | Shared secrets are never used directly; they are derived through HKDF. |

License

Non-Commercial License . Created by Daksha Dubey.