npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

quantum-resistant-rustykey

v0.6.3

Published

WebAssembly post-quantum-resistant tools for web

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

uqs.orguqs.org

Keywords

NISTpost-quantumWebAssemblycryptography

Readme

Quantum-resistant RustyKey®

Fast, secure WebAssembly implementations of useful post-quantum-resistant tools both for backend (node) and frontend web.

Implementation status

  • This package is in pre-production, functionally complete and stable for integration testing.

  • We recommend waiting for the v1.0.0 release - which will follow our security audit - before deploying any variant for production, healthcare or government workloads.

  • includes NIST approved as well as riskier NIST 'on-ramp' variants eg SQISign

  • signature algorithms (coming soon):

    • FN-DSA (Falcon-512, Falcon-1024)
    • ML-DSA (Dilithium variants)
    • SQISign

  • module-lattice-based key-encapsulation mechanism

    • ML-KEM-512, ML-KEM-768, and ML-KEM-1024 using the same stack: mlkem-native built with Emscripten.

Security assurance and verification

This project relies on upstream mlkem-native for arithmetic/security properties. The three parameter sets (512/768/1024) use the same implementation family and differ only by compile-time parameter selection.

Upstream evidence

What this means for 512/768/1024

  • Constant-time claims and proofs are provided upstream by mlkem-native (see links above).
  • This package builds the same source for all three variants by changing only MLK_CONFIG_PARAMETER_SET in wasm/Makefile.
  • Variant sizes/parameters are defined upstream in mlkem/mlkem_native.h.

How users can independently verify

From the repository root:

# 1) Confirm the three variant builds only change parameter set.
rg "MLK_CONFIG_PARAMETER_SET=512|MLK_CONFIG_PARAMETER_SET=768|MLK_CONFIG_PARAMETER_SET=1024" wasm/Makefile

# 2) Confirm Montgomery and Barrett reduction functions exist in upstream source.
rg "mlk_fqmul|Montgomery multiplication|mlk_barrett_reduce|Barrett reduction" vendor/mlkem-native/mlkem/src/poly.c
rg "mlk_montgomery_reduce" vendor/mlkem-native/mlkem/src/poly.h

# 3) Confirm upstream constant-time/security documentation is present.
rg "constant-time|secret-dependent|HOL-Light|CBMC" vendor/mlkem-native/README.md vendor/mlkem-native/SOUNDNESS.md

# 4) (Optional) Rebuild the vendored wasm/modules from source.
pnpm build:vendor

Notes:

  • The upstream project documents scope/assumptions in SOUNDNESS.md; review this when making compliance assertions.

Credits

  • NIST
  • signature algorithms:
    • FN-DSA (Falcon-512, Falcon-1024)
    • ML-DSA (Dilithium variants)
    • SQISign
  • module-lattice-based key-encapsulation mechanism
    • ML-KEM
    • approach adapted from Dmitry Chestnykh's mlkem-wasm: https://github.com/dchest/mlkem-wasm

Installation

Install via pnpm, npm or yarn:

pnpm install quantum-resistant-rustykey
# or
npm install quantum-resistant-rustykey
# or
yarn add quantum-resistant-rustykey

Usage

Node.js example

import { loadMlKem1024, loadMlKem768, loadMlKem512 } from "quantum-resistant-rustykey";

async function main() {
  try {
    // Load the desired ML-KEM variant
    const mlkem = await loadMlKem1024(); // Options: loadMlKem1024, loadMlKem768, loadMlKem512

    // Generate key pair
    const keypair = mlkem.keypair();
    const publicKey = mlkem.buffer_to_string(keypair.get('public_key'));
    const privateKey = mlkem.buffer_to_string(keypair.get('private_key'));
    console.log("Public Key:", publicKey);
    console.log("Private Key:", privateKey);

    // Encrypt a message
    const message = "Rusty keys, the rustier the better!";
    const encrypt = mlkem.encrypt(keypair.get('public_key'))
    const sharedSecret = encrypt.get('secret')
    const encryptedMessage = await mlkem.encryptMessage(message, sharedSecret)
    console.log("Encrypted message: ", encryptedMessage)

    // Decrypt the message
    const decryptedSharedSecret = mlkem.decrypt(encrypt.get('cyphertext'), keypair.get('private_key'))
    const decryptedMessage = await mlkem.decryptMessage(encryptedMessage, decryptedSharedSecret)
    console.log("Decrypted message: ", decryptedMessage)
  } catch (error) {
    console.error("Error:", error);
  }
}

main();

Frontend example (Vite / browser)

import { loadMlKem768 } from "quantum-resistant-rustykey";

const output = document.querySelector("#output");

async function run() {
  const kem = await loadMlKem768();
  const kp = kem.keypair();

  const enc = kem.encrypt(kp.get("public_key"));
  const sharedSecretA = await enc.get("secret");
  const sharedSecretB = await kem.decrypt(enc.get("cyphertext"), kp.get("private_key"));

  const encrypted = await kem.encryptMessage("hello from browser", sharedSecretA);
  const decrypted = await kem.decryptMessage(encrypted, sharedSecretB);

  output.textContent = decrypted;
}

run().catch((err) => {
  console.error(err);
  output.textContent = "failed";
});

Security note for web apps:

  • never store private keys in localStorage/sessionStorage
  • prefer HTTPS + short-lived keys
  • use secure key storage strategy (e.g. IndexedDB + app-level protections)

Building from Source

Prerequisites

  • Node.js >= 25.9.0
  • pnpm (or npm)
  • Emscripten or Docker — only needed if you run pnpm build:vendor to regenerate src/vendor/mlkem*.js

Build Instructions

  1. Clone the repository:
git clone https://github.com/antonymott/quantum-resistant-rustykey.git
cd quantum-resistant-rustykey
  1. Install dependencies:
pnpm i
  1. (Optional) Clone mlkem-native if you will regenerate vendored bundles:
git clone --depth 1 https://github.com/pq-code-package/mlkem-native.git vendor/mlkem-native
  1. (Optional) Rebuild src/vendor/mlkem*.js after changing wasm/ or mlkem-src/ (requires emcc or Docker):
pnpm build:vendor
  1. Compile TypeScript to dist/:
pnpm build

Testing

  • Run pnpm test for ML-KEM-512 / 768 / 1024 round-trips.

Browser example (local)

A Vite app under examples/browser-demo links this package from the workspace. From the repo root:

pnpm build
pnpm example:browser

See examples/browser-demo/README.md for details.

Project Structure

ML-KEM logic comes from mlkem-native (C), compiled with Emscripten under wasm/, wrapped by TypeScript in mlkem-src/, then bundled into src/vendor/mlkem*.js.

Publishing

The package is published from the npm package root (dist/). To publish a new version:

  1. make a new branch locally from main
  2. edit and test your changes
  3. pnpm changeset
  4. pnpm lint && pnpm test && pnpm build
  5. merge to main; CI publishes when the version changed

Security Considerations

This implementation includes patches to withstand side-channel attacks. For more information about the security improvements, see: RaspberryPi recovers secret keys from NIST winner implementation...within minutes

Contributing

  • Please make pull requests tested to work on Bun and previous Node.js versions
  • Follow the existing code style and testing practices
  • Include tests for new features
  • Update documentation as needed

License

ISC

Funding

This project was generously supported by:

  • University of Quantum Science
  • RustyKey®
  • Customers' Yachts® Advisors
  • BuzzyBee®