npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

shush-cli

v1.0.0-3

Published

Keep your secrets to yourself

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

wesleytoddwesleytodd

Keywords

Readme

Shush

NPM Version NPM Downloads Build Status js-standard-style

Keep secrets from people ;)

Usage

$ npm install shush-cli
$ shush

    Keep secrets protected by a password and strong encryption

    Usage:
      shush secret [<options>]
      shush pack [<options>] --output=<output file> <input files...>
      shush pack [<options>] --output=<output file> -- <input files...>
      shush pack [<options>] <input files...> > <output file>
      shush unpack [<options>] [--output=<output file>] <input file>
      shush unpack [<options>] <input file> <output file>
      shush -v | --version | version
      shush -h | --help | help

    Commands:
      secret    Set the provided secret into a .env file
      pack      Package files into a shush file
      unpack    Unpackage files from inside a shush file
      version   Display version information
      help      Display help information

    Options:
      -h, --help              Display This help text
      -v, --version           Display version
      -c, --cwd=.             Set current working directory
      -l, --logLevel="info"   Set the log level
      -s, --secret=""         Set the secret from the command line
      -o, --output=<path>     Output path for pack and unpack commands
      -i, --input=<paths...>  Input paths for pack and unpack commands

How it works

The shush command line tool packages files into an encrypted tarball for safely storing sensitive data or secrets.
The entries in the tarball are encrypted based on a 512-bit key generated from the secret using crypto.pbkdf2, a process called key stretching. This key is then used to encrypt the file contents with a aes-256-cbc cipher. The input file names are also encrypted, although with a shorter generated key.

Storing your secret

It is not recommended to provide your password on the command line because it will store your password in plain text in your history. So shush supports passing the secret as an environment variable, SHUSH_SECRET. If you do not want to manage setting it in your environment yourself you can use the shush secret command to save it into a .env file in the current working directory, which will be loaded when calling pack or unpack.

Use cases for this module

Storing ssh keys

I wrote the module specifically so I could store some ssh keys in a repository and then extract them into a docker container in which needs them. To do that I run the following:

$ shush pack ~/.ssh /path/to/repo/keys.shush

In the docker container I add keys.shush and the .env file, then run shush unpack keys.shush ~.

Keeping secret notes

I also am using shush to store some private notes in a git repo. To get started I do the following:

$ mkdir notes && cd notes && git init
$ touch .gitignore && echo "decrypted" > .gitignore
$ mkdir decrypted
$ touch decrypted/private.md && echo "My private note" > decrypted/private.md
$ shush pack decrypted > notes.shush
$ git add . && git commit -m "My first notes"

Now I have a repo with a single file called "notes.shush" which contains the encrypted contents of my notes directory, but ignores the local and un-encrypted version. If I don't want a local un-encrypted version I can just rm -rf decrypted.

Send nudes with netcat ;)

You can pipe the output from one computer, through netcat, to another computer. On the destination computer, start up netcat:

$ nc -l localhost 8888 | SHUSH_SECRET=noodz shush unpack -o pics

Then on the source computer, with the same secret, you encrypt and pipe the output to the other computer:

$ SHUSH_SECRET=noodz shush pack pics | nc localhost 8888