Universal encryption library with zero native dependencies for Node.js, browsers, React, React Native, and Expo.
- Simple encryption/decryption – One-line async API
- Object encryption – Encrypt any JavaScript object as JSON
- Password hashing – Secure async hashing for authentication
- Key generation – Derive reusable keys from passwords
- Random bytes – Cryptographically secure random generation
- Universal – Async: works on Node.js, Web, React, React Native, Expo
- Zero dependencies – Only 7KB TweetNaCl (pure JavaScript)
- Public domain – Unlicense (most permissive license)
- Battle-tested – Built on TweetNaCl (used by Signal, WireGuard)
- Production-ready – Full validation & error handling, ES6+ ready
npm install @tkdonda/easy-crypto
All methods are async! Use
await(or.then()).
const crypto = require('@tkdonda/easy-crypto');
(async () => {
// Encrypt
const encrypted = await crypto.encrypt('Secret message', 'password123');
console.log(encrypted);
// Decrypt
const decrypted = await crypto.decrypt(encrypted, 'password123');
console.log(decrypted); // 'Secret message'
})();
Encrypts text with a password.
// Returns Base64 string
const encrypted = await crypto.encrypt('Hello World', 'myPassword');
// With options: return Uint8Array
const encryptedRaw = await crypto.encrypt('Hello', 'pw', { output: 'raw' }); // → Uint8Array
Parameters:
text(string): Text to encryptpassword(string): Encryption password (min 8 characters)options(object, optional):{ output: 'base64' | 'raw' }(default:'base64')
Returns: Promise<string> (Base64) or Promise<Uint8Array> (raw)
Decrypts encrypted text.
const decrypted = await crypto.decrypt(encrypted, 'myPassword');
// Decrypt raw Uint8Array
const decryptedFromRaw = await crypto.decrypt(rawData, 'pw', { input: 'raw' });
Parameters:
encryptedText(string | Uint8Array): Encrypted datapassword(string): Decryption passwordoptions(object, optional):{ input: 'base64' | 'raw' }(default:'base64')
Returns: Promise<string> (decrypted original text)
Throws: Error if password is wrong or data is corrupted
Encrypts any JavaScript object (serializes to JSON).
const user = { id: 123, name: 'Alice', email: 'alice@example.com' };
const encrypted = await crypto.encryptObject(user, 'password');
Parameters: See encrypt().
Returns: Promise<string> (Base64) or Promise<Uint8Array>
Decrypts and parses a JavaScript object.
const decrypted = await crypto.decryptObject(encrypted, 'password');
console.log(decrypted); // { id: 123, name: 'Alice', ... }
Parameters: See decrypt().
Returns: Promise<object> (parsed JavaScript object)
Hashes a password for secure storage.
const hashedPassword = await crypto.hash('userPassword123');
// Save hashedPassword in database
Parameters: password (string): Password to hash (min 8 characters)
Returns: Promise<string> (Base64 hash with embedded salt)
Verifies a password against its hash.
// During login
const isValid = await crypto.verifyHash('userPassword123', storedHash);
if (isValid) {
// Login successful
}
Parameters:
password(string): Password to verifystoredHash(string): Hash fromhash()
Returns: Promise<boolean>
Derives a reusable 32-byte key from a password.
const { key, salt } = await crypto.generateKey('masterPassword');
// Use key for multiple encryptions without re-hashing
// Re-generate same key later
const { key: sameKey } = await crypto.generateKey('masterPassword', salt);
Parameters:
password(string): Password to derive key fromsalt(Uint8Array, optional): Salt (generates random if not provided)
Returns: Promise<{ key: Uint8Array, salt: Uint8Array }>
Generates cryptographically secure random bytes.
const nonce = crypto.randomBytes(24);
const token = crypto.randomBytes(32);
const salt = crypto.randomBytes(16);
Parameters: length (number): Number of bytes to generate (1-65536)
Returns: Uint8Array (random bytes)
Returns version information.
console.log(crypto.getVersion());
// "easy-crypto v1.0.0 (tweetnacl v1.0.3)"
Check all settings:
console.log(crypto.config.pbkdf2Iterations);
console.log(crypto.config.saltLength);
console.log(crypto.config.nonceLength);
console.log(crypto.config.keyLength);
console.log(crypto.config.minPasswordLength);
console.log(crypto.config.maxPasswordLength);
console.log(crypto.config.version);
console.log(crypto.config.depTweetnaclVersion);
| Platform | Status | Minimum Version |
|---|---|---|
| Node.js | ✅ | 18.0.0 |
| Web Browser | ✅ | ES6+ |
| React | ✅ | 16.0.0 |
| React Native | ✅ | 0.70.0 |
| React Native Expo | ✅ | 45.0.0 |
| Electron | ✅ | 12.0.0 |
// Registration - hash password before storing
const hashedPassword = await crypto.hash('userSecurePassword');
// Save hashedPassword to database
// Login - verify password
const isValid = await crypto.verifyHash('userSecurePassword', hashedPassword);
if (isValid) {
// Login successful
}
/ Encrypt sensitive API keys before database storage
const apiKeys = {
stripe: 'sk_live_abc123',
aws: 'AKIAIOSFODNN7EXAMPLE',
github: 'ghp_1234567890'
};
const encrypted = await crypto.encryptObject(apiKeys, 'master-encryption-key');
// Store encrypted in database
// Later, decrypt when needed
const decrypted = await crypto.decryptObject(encrypted, 'master-encryption-key');
console.log(decrypted.stripe); // 'sk_live_abc123'
// Sender
const encrypted = await crypto.encrypt('Confidential information', 'shared-secret');
// Send encrypted over network
// Receiver
const decrypted = await crypto.decrypt(encrypted, 'shared-secret');
console.log(decrypted); // 'Confidential information'
- Algorithm: XSalsa20-Poly1305 (authenticated encryption)
- Key derivation: PBKDF2 with 100,000 iterations (SHA-256)
- Salt: 16 bytes random per encryption/hash
- Nonce: 24 bytes random per encryption
- Key size: 256 bits (32 bytes)
- Timing-safe: Password verification immune to timing attacks
Unlicense (Public Domain)
This is free and unencumbered software released into the public domain. See UNLICENSE file.
Built on TweetNaCl.js — audited, fast, and trusted cryptography.
See examples/node/basic.js for comprehensive demonstrations of all features.