npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

stegopix

v1.1.1

Published

Military-grade steganography library with AES-256 encryption and scattered LSB embedding.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mstfdmrslnmstfdmrsln

Keywords

steganographyencryptionsecurityaes-256lsbimage-processingdata-hidingnodejstypescriptpngstegopixpixelpixel-manipulation

Readme

StegoPix

💡 Why StegoPix?

Standard steganography tools rely on "Security by Obscurity." They hide data sequentially (Linear LSB), making it easy to detect via statistical analysis, and often lack encryption.

  • The Problem: Linear embedding creates visible noise patterns. If the image is intercepted, the data is easily extracted and read because it's rarely encrypted.
  • The Solution: StegoPix uses a Deterministic Chaos Engine (PRNG) to scatter encrypted data randomly across the image, making it look like white noise. It secures data with AES-256-GCM, ensuring both confidentiality and integrity.

✨ Features

  • 🛡️ Military-Grade Encryption: AES-256-GCM with Scrypt Key Derivation.
  • 🎲 Scattered LSB: Uses a PRNG seeded by your password to distribute bits randomly, preventing pattern detection.
  • 🚫 Tamper Proof: HMAC authentication tags ensure the data hasn't been modified or corrupted.
  • 📦 Any Data Type: Hide JSON, Buffers, Text, or binary files.
  • 🧂 Optional Custom Salt: Support for "Paranoid Mode" to prevent Rainbow Table attacks.
  • 💻 CLI Support: Seal and open files directly from the terminal (v1.1).
  • ⚡ Zero Bloat: Minimal dependencies (only pngjs and commander).

📦 Installation

npm install stegopix
# or
yarn add stegopix

💻 CLI Usage

You can use StegoPix directly from your terminal without writing code.

1. Hide a file (Seal):

npx stegopix seal -i vacation.png -d secrets.txt -p "my-password" -o safe.png

2. Reveal a file (Open):

npx stegopix open -i safe.png -p "my-password" -o recovered.txt

Options:

  • -i, --image: Input image path.
  • -d, --data: Data file to hide (Seal only).
  • -p, --password: Password for encryption.
  • -o, --output: Output file path.
  • -s, --salt: (Optional) Custom salt for paranoid mode.

🚀 Quick Start (Programmatic)

import { StegoPix } from 'stegopix';
import fs from 'node:fs';

const PASSWORD = 'super-secret-password';

// 1. Seal (Encrypt & Hide)
const originalImage = fs.readFileSync('vacation.png');
const secretData = Buffer.from(JSON.stringify({ wallet_seed: 'x9f...' }));

const safeImage = StegoPix.seal(originalImage, secretData, PASSWORD);
fs.writeFileSync('vacation_secure.png', safeImage);

console.log("✅ Data sealed successfully!");

// 2. Open (Extract & Decrypt)
try {
    const diskImage = fs.readFileSync('vacation_secure.png');
    const revealed = StegoPix.open(diskImage, PASSWORD);
    
    console.log("🔓 Decrypted Data:", revealed.toString());
} catch (error) {
    console.error("❌ Integrity Check Failed:", error.message);
}

🧠 Architecture

1. The Chaos Engine (PRNG)

Unlike traditional tools that fill pixels 1, 2, 3... StegoPix derives a numerical seed from your password. It uses this seed to generate a deterministic sequence of pseudo-random coordinates.

Effect: The data is "sprinkled" across the image, indistinguishable from random sensor noise.

2. Encryption Layer (AES-GCM)

Before touching the image, data is encrypted.

  • Algorithm: AES-256-GCM
  • KDF: Scrypt (Memory-hard to resist brute-force)
  • Integrity: GCM Auth Tag verifies that not a single bit has been flipped.

🛡️ Advanced Usage: Paranoid Mode

By default, StegoPix uses a static internal salt to ensure determinism. However, to protect against pre-computed Rainbow Table attacks, you can provide a unique Context (Salt).

Note: You must provide the exact same salt to decrypt the data.

const image = fs.readFileSync('input.png');
const data = Buffer.from('Launch Codes');
const pass = 'correct-horse-battery-staple';
const context = 'Project_Apollo_2025'; // Acts as a unique Salt

// Seal with custom salt
const secure = StegoPix.seal(image, data, pass, context);

// Open with custom salt
const result = StegoPix.open(secure, pass, context);

📚 API Reference

StegoPix.seal(imageBuffer, dataBuffer, password, salt?)

Encrypts and hides the data within the image.

  • imageBuffer: Buffer of the source PNG.
  • dataBuffer: Buffer of the data to hide.
  • password: string used for encryption and PRNG seeding.
  • salt (Optional): string for additional entropy.
  • Returns: Buffer (The new PNG file).

StegoPix.open(imageBuffer, password, salt?)

Extracts and decrypts the data. Throws an error if authentication fails.

  • imageBuffer: Buffer of the steganographic PNG.
  • password: string.
  • salt (Optional): Must match the encryption salt.
  • Returns: Buffer (The original data).

⚠️ Limitations & Notes

  • Format: Currently supports PNG images only (due to lossless compression requirement). JPEG is not supported as compression artifacts destroy LSB data.
  • Capacity: The maximum data capacity depends on the image resolution (~Width * Height / 8 bytes).
  • Tampering: If the image is resized, cropped, or re-saved by software that optimizes PNGs, the data will be lost (This is a security feature; integrity check will fail).

🤝 Contributing

Contributions are welcome!

  1. Fork the project
  2. Create your feature branch
  3. Commit your changes
  4. Push to the branch
  5. Open a Pull Request

📄 License

Distributed under the MIT License.