npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

miscreant

v0.3.2

Published

Misuse resistant symmetric encryption library providing AES-SIV (RFC 5297), AES-PMAC-SIV, and STREAM constructions

Downloads

77,140

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

tarcieritarcieri

Keywords

cryptographyencryptionstreamingsecurity

Readme

miscreant.js Latest Version Build Status Known Vulnerabilities MIT licensed Gitter Chat

The best crypto you've never heard of, brought to you by [Phil Rogaway]

JavaScript-compatible TypeScript implementation of Miscreant: Advanced symmetric encryption library which provides the AES-SIV (RFC 5297), AES-PMAC-SIV, and STREAM constructions. These algorithms are easy-to-use (or rather, hard-to-misuse) and support encryption of individual messages or message streams.

AES-SIV provides nonce-reuse misuse-resistance (NRMR): accidentally reusing a nonce with this construction is not a security catastrophe, unlike it is with more popular AES encryption modes like AES-GCM. With AES-SIV, the worst outcome of reusing a nonce is an attacker can see you've sent the same plaintext twice, as opposed to almost all other AES modes where it can facilitate chosen ciphertext attacks and/or full plaintext recovery.

For more information, see the toplevel README.md.

Help and Discussion

Have questions? Want to suggest a feature or change?

Security Notice

Though this library is written by cryptographic professionals, it has not undergone a thorough security audit, and cryptographic professionals are still humans that make mistakes. Use this library at your own risk.

This library contains two implementations of the cryptographic primitives which underlie its implementation: ones based on the Web Cryptography API, (a.k.a. Web Crypto) and a set of pure JavaScript polyfills.

By default only the Web Crypto versions will be used, and an exception raised if Web Crypto is not available. Users of this library may opt into using the polyfills in environments where Web Crypto is unavailable, but see the security notes below and understand the potential risks before doing so.

Web Crypto Security Notes

The Web Crypto API should provide access to high-quality implementations of the underlying cryptographic primitive functions used by this library in most modern browsers, implemented in optimized native code.

On Node.js, you will need a native WebCrypto provider such as node-webcrypto-ossl to utilize native code implementations of the underlying ciphers instead of the polyfills. However, please see the security warning on this package before using it.

Polyfill Security Warning

The AES polyfill implementation (off by default, see above) uses table lookups and is therefore not constant time. This means there's potential that co-tenant or even remote attackers may be able to measure minute timing variations and use them to recover AES keys.

If at all possible, use the Web Crypto implementation instead of the polyfills.

Installation

Via npm:

npm install miscreant

Via Yarn:

yarn install miscreant

Import Miscreant into your project with:

import * as miscreant from "miscreant";

Documentation

Please see the Miscreant Wiki for API documentation.

Code of Conduct

We abide by the Contributor Covenant and ask that you do as well.

For more information, please see CODE_OF_CONDUCT.md.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/miscreant/miscreant

Copyright

Copyright (c) 2017-2018 The Miscreant Developers.

AES polyfill implementation derived from the Go standard library: Copyright (c) 2012 The Go Authors. All rights reserved.

See LICENSE.txt for further details.