npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

secret-stream-http

v1.0.1

Published

An HTTP client and server built on top of [@hyperswarm/secret-stream](https://github.com/holepunchto/hyperswarm-secret-stream) for end-to-end encrypted HTTP communication over TCP.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

gmaclennangmaclennan

Keywords

Readme

secret-stream-http

An HTTP client and server built on top of @hyperswarm/secret-stream for end-to-end encrypted HTTP communication over TCP.

Features

  • End-to-end encryption - All HTTP traffic is encrypted using Hyperswarm's SecretStream protocol
  • Identity verification - Cryptographic verification of server identity via public keys
  • Drop-in replacement - Compatible with standard fetch() API and HTTP servers
  • Custom key pairs - Support for persistent client identities across requests
  • Connection pooling - Built on Undici for efficient connection management

Installation

npm install secret-stream-http

Usage

Basic Client

import { fetch } from 'secret-stream-http'

const response = await fetch('http://localhost:3000/hello')
console.log(await response.text())

The fetch() function works just like the standard Fetch API but automatically encrypts all communication using SecretStream.

Basic Server

import { createServer as createHttpServer } from 'node:http'

import { createServer } from 'secret-stream-http'

// Create your HTTP handler
const httpServer = createHttpServer((req, res) => {
	res.writeHead(200, { 'Content-Type': 'text/plain' })
	res.end('Hello, World!')
})

// Wrap it with SecretStream encryption
const server = createServer(httpServer)

server.listen(3000, () => {
	console.log('Server listening on port 3000')
	console.log('Server public key:', server.publicKey.toString('hex'))
})

Custom Client Key Pairs

By default, a global agent with a random key pair is used. You can provide custom key pairs for persistent client identities:

import { fetch, Agent } from 'secret-stream-http'

// Generate a key pair
const keyPair = Agent.keyPair()

// Create an agent with the key pair
const agent = new Agent({ keyPair })

// Use per-request
const response = await fetch('http://localhost:3000/', {
	dispatcher: agent,
})

Setting a Global Dispatcher

import { setGlobalDispatcher, Agent } from 'secret-stream-http'

const keyPair = Agent.keyPair()
const agent = new Agent({ keyPair })

setGlobalDispatcher(agent)

// All subsequent fetch calls will use this agent
await fetch('http://localhost:3000/')

Server Identity Verification

Verify that you're connecting to the expected server by pinning its public key:

import { Agent } from 'secret-stream-http'

// Get the server's public key (e.g., from server.publicKey)
const serverPublicKey = Buffer.from('...', 'hex')

const agent = new Agent({
	remotePublicKey: serverPublicKey,
})

// This will only succeed if connected to the server with matching public key
const response = await fetch('http://localhost:3000/', {
	dispatcher: agent,
})

Attempting to connect to a server with a different public key will result in an error:

Error: Remote public key does not match expected key

Custom Server Key Pairs

Generate and reuse server key pairs for persistent server identities:

import { createServer, Agent } from 'secret-stream-http'

const keyPair = Agent.keyPair()

const server = createServer(httpServer, { keyPair })

console.log('Public key:', server.publicKey.toString('hex'))

Accessing Client Public Key on Server

Access the client's public key in your server handlers:

import { createServer } from 'node:http'

const httpServer = createServer((req, res) => {
	const clientPublicKey = req.socket.remotePublicKey

	console.log('Client public key:', clientPublicKey.toString('hex'))

	res.writeHead(200, { 'Content-Type': 'text/plain' })
	res.end('Authenticated')
})

API

Client API

fetch(url, options?)

Standard Fetch API with automatic SecretStream encryption. The dispatcher option can be used to specify a custom agent.

Agent(options?)

Creates a new HTTP agent for encrypted connections.

Options:

  • keyPair?: { publicKey: Buffer, secretKey: Buffer } - Key pair for client identity (generated if not provided)
  • remotePublicKey?: Buffer - Expected server public key for identity verification
  • All other Undici Agent options

Agent.keyPair()

Static method to generate a new cryptographic key pair.

setGlobalDispatcher(agent)

Set the default agent used by all fetch() calls.

getGlobalDispatcher()

Get the current global dispatcher.

Server API

createServer(httpServer, options?)

Wraps an HTTP server with SecretStream encryption.

Parameters:

  • httpServer - Node.js HTTP server instance
  • options.keyPair? - Server key pair (generated if not provided)

Returns: TCP server with publicKey property

The returned server is a standard Node.js TCP server. Call .listen() to start accepting connections.

How It Works

  1. Client side: The Agent creates a TCP connection and wraps it with Hyperswarm's SecretStream for encryption before making HTTP requests.

  2. Server side: The TCP server accepts connections, wraps each socket with SecretStream, and forwards the decrypted stream to the HTTP server.

  3. Encryption: All HTTP traffic (including headers and body) is encrypted end-to-end using the Noise protocol via SecretStream.

  4. Authentication: Public keys are exchanged during the SecretStream handshake, allowing both parties to verify each other's identity.

License

MIT License. See LICENSE file for details.