npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

rc4-crypto

v2.0.0

Published

RC4

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

inviz-custosinviz-custos

Keywords

RC4

Readme

npm version

rc4-crypto

A tiny Node.js / TypeScript library that implements the RC4 stream cipher and provides a convenient Transform stream for piping data through RC4.

⚠️ Security note: RC4 is considered cryptographically weak and has been deprecated in many modern protocols. Use this library only for legacy compatibility, not for new security-sensitive designs.

Install

npm install rc4-crypto

Quick start

RC4 is a stream cipher: encryption and decryption are the same operation. If you encrypt with a key, you decrypt by running RC4 again with the same key.

import { RC4 } from 'rc4-crypto';

const key = 'my-secret-key';
const plaintext = 'Hello, RC4!';

// Encrypt
const enc = new RC4(key);
const ciphertext = enc.update(plaintext); // Buffer
console.log(ciphertext.toString('hex'));

// Decrypt (same key)
const dec = new RC4(key);
const decrypted = dec.update(ciphertext);
console.log(decrypted.toString('utf8')); // -> "Hello, RC4!"

API

class RC4

new RC4(key: Buffer | string)

Creates a new RC4 cipher instance and initializes it with the given key.

  • If key is a string, it is converted to a Buffer using Node’s default encoding (utf8).

update(data: Buffer | string): Buffer

Encrypts/decrypts data and returns it as a Buffer.

  • If data is a string, it is converted to a Buffer (utf8) before processing.
  • Important: this operation mutates the underlying buffer in-place.

updateFromBuffer(data: Buffer): Buffer

Same as update, but accepts only a Buffer.

  • Important: the passed buffer is modified in-place and the same buffer is returned.

skip(length: number): void

Advances the RC4 keystream by length bytes without producing output.

This can be used for “RC4-dropN” style usage (dropping the first N bytes of keystream) when working with legacy systems that expect it.

class RC4Transform extends stream.Transform

A Node.js Transform stream that applies RC4 to every incoming chunk.

new RC4Transform(key: Buffer | string, transformOptions?: TransformOptions)

Creates a transform stream.

  • The transform is configured with decodeStrings: true by default.
  • Incoming chunks must be Buffers. If a chunk is not a Buffer, an RC4TypeError is emitted.

Errors

  • RC4Error extends Error
  • RC4TypeError extends RC4Error

The library currently uses RC4TypeError to report invalid chunk types in RC4Transform.

Examples

1) Encrypt to hex, decrypt back

const { RC4 } = require('rc4-crypto');

const key = 'k';
const text = 'secret message';

const cipher = new RC4(key);
const encrypted = cipher.update(text); // Buffer
const hex = encrypted.toString('hex');

const decipher = new RC4(key);
const decrypted = decipher.update(Buffer.from(hex, 'hex'));

console.log(hex);
console.log(decrypted.toString());

2) Avoid in-place mutation (copy the buffer)

updateFromBuffer() modifies the buffer you pass in. If you need to keep the original, copy it first:

import { RC4 } from 'rc4-crypto';

const rc4 = new RC4('key');
const original = Buffer.from('data');

const working = Buffer.from(original); // copy
const out = rc4.updateFromBuffer(working);

console.log(original.toString()); // still "data"
console.log(out.toString('hex'));

3) Encrypt/decrypt files using streams

const fs = require('fs');
const { pipeline } = require('stream');
const { RC4Transform } = require('rc4-crypto');

const key = 'file-key';

// Encrypt: input.bin -> encrypted.bin
pipeline(
  fs.createReadStream('input.bin'),
  new RC4Transform(key),
  fs.createWriteStream('encrypted.bin'),
  (err) => {
    if (err) console.error('encrypt failed:', err);
    else console.log('encrypted.bin written');
  }
);

// Decrypt: encrypted.bin -> output.bin
pipeline(
  fs.createReadStream('encrypted.bin'),
  new RC4Transform(key),
  fs.createWriteStream('output.bin'),
  (err) => {
    if (err) console.error('decrypt failed:', err);
    else console.log('output.bin written');
  }
);

4) Drop the first N bytes of keystream (legacy)

Some legacy systems discard the first bytes of RC4 output.

import { RC4 } from 'rc4-crypto';

const rc4 = new RC4('key');
rc4.skip(1024); // drop first 1024 bytes

const out = rc4.update('hello');
console.log(out.toString('hex'));

Compatibility

  • Node.js: >= 6.0.0 (as declared in package.json)
  • Output module format: CommonJS (require) with TypeScript type declarations.

License

MIT