Gathering detailed insights and metrics for bigint-crypto-utils
Gathering detailed insights and metrics for bigint-crypto-utils
Utils for working with cryptography using native JS implementation of BigInt. It includes arbitrary precision modular arithmetics, cryptographically secure random numbers and strong probable prime generation/testing. It works with Node.js, and native JS, including React and Angular
Installations
npm install bigint-crypto-utilsReleases
Unable to fetch releases
Developer
juanelas
Developer Guide
BETA
Module System
ESM, UMD
Min. Node Version
>=14.0.0
Typescript Support
Yes
Node Version
18.16.1
NPM Version
9.5.1
Statistics
37 Stars
259 Commits
3 Forks
4 Watching
3 Branches
4 Contributors
Updated on 01 Jun 2024
Bundle Size
8.44 kB
Minified
3.02 kB
Minified + Gzipped
Languages
JavaScript (55.69%)
TypeScript (44.31%)
Total Downloads
Cumulative downloads
Total Downloads
14,485,999
Last day
47.8%
21,339
Compared to previous day
Last week
39.2%
109,734
Compared to previous week
Last month
4.7%
440,483
Compared to previous month
Last year
-21.1%
5,966,369
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
29
@rollup/plugin-commonjs@rollup/plugin-inject@rollup/plugin-json@rollup/plugin-multi-entry@rollup/plugin-node-resolve@rollup/plugin-replace@rollup/plugin-terser@rollup/plugin-typescript@types/chai@types/mochabigint-mod-arithc8chaidotenvglobjson5minimatchmochanpm-run-allpiratespuppeteerrimrafrolluprollup-plugin-dtsts-standardtslibtypedoctypedoc-plugin-markdowntypescript
Versions
bigint-crypto-utils
Arbitrary precision modular arithmetic, cryptographically secure random numbers and strong probable prime generation/testing.
It relies on the native JS implementation of (BigInt). It can be used by any Web Browser or webview supporting BigInt and with Node.js (>=10.4.0). The bundles can be imported directly by the browser or in Angular projects, React apps, Node.js, etc.
Secure random numbers are generated using the native crypto implementation of the browsers (Web Cryptography API) or Node.js Crypto. Strong probable prime generation and testing use Miller-Rabin primality tests and are automatically sped up using parallel workers both in browsers and Node.js.
The operations supported on BigInts are not constant time. BigInt can be therefore unsuitable for use in cryptography. Many platforms provide native support for cryptography, such as Web Cryptography API or Node.js Crypto.
Usage
bigint-crypto-utils can be imported to your project with npm:
1npm install bigint-crypto-utils
Then either require (Node.js CJS):
1const bigintCryptoUtils = require('bigint-crypto-utils')
or import (JavaScript ES module):
1import * as bigintCryptoUtils from 'bigint-crypto-utils'
The appropriate version for browser or node is automatically exported.
bigint-crypto-utilsuses ES2020 BigInt, so take into account that:
- If you experience issues using webpack/babel to create your production bundles, you may edit the supported browsers list and leave only supported browsers and versions. The browsers list is usually located in your project's
package.jsonor the.browserslistrcfile.- In order to use
bigint-crypto-utilswith TypeScript you need to settarget, andlibandmoduleif in use, toES2020in your project'stsconfig.json.
You can also download the IIFE bundle, the ESM bundle or the UMD bundle and manually add it to your project, or, if you have already installed bigint-crypto-utils in your project, just get the bundles from node_modules/bigint-crypto-utils/dist/bundles/.
An example of usage could be (complete examples can be found in the examples directory):
1/* A BigInt with value 666 can be declared calling the bigint constructor as 2BigInt('666') or with the shorter 666n. 3Notice that you can also pass a number to the constructor, e.g. BigInt(666). 4However, it is not recommended since values over 2**53 - 1 won't be safe but 5no warning will be raised. 6*/ 7const a = BigInt('5') 8const b = BigInt('2') 9const n = 19n 10 11console.log(bigintCryptoUtils.modPow(a, b, n)) // prints 6 12 13console.log(bigintCryptoUtils.modInv(2n, 5n)) // prints 3 14 15console.log(bigintCryptoUtils.modInv(BigInt('3'), BigInt('5'))) // prints 2 16 17console.log(bigintCryptoUtils.randBetween(2n ** 256n)) // prints a cryptographically secure random number between 1 and 2**256 (both included). 18 19async function primeTesting (): void { 20 // Let us print out a probable prime of 2048 bits 21 console.log(await bigintCryptoUtils.prime(2048)) 22 23 // Testing if number is a probable prime (Miller-Rabin) 24 const number = 27n 25 const isPrime = await bigintCryptoUtils.isProbablyPrime(number) 26 if (isPrime === true) { 27 console.log(`${number} is prime`) 28 } else { 29 console.log(`${number} is composite`) 30 } 31} 32 33primeTesting() 34
API reference documentation
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
dependency not pinned by hash detected -- score normalized to 4
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/juanelas/bigint-crypto-utils/build-and-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/juanelas/bigint-crypto-utils/build-and-test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/juanelas/bigint-crypto-utils/build-and-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/juanelas/bigint-crypto-utils/build-and-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/juanelas/bigint-crypto-utils/build-and-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/juanelas/bigint-crypto-utils/build-and-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/juanelas/bigint-crypto-utils/build-and-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/juanelas/bigint-crypto-utils/build-and-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/juanelas/bigint-crypto-utils/build-and-test.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/build-and-test.yml:53
- Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 3 out of 4 npmCommand dependencies pinned
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
Found 0/30 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/build-and-test.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
no SAST tool detected
Details
- Warn: no pull requests merged into dev branch
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
12 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-cchq-frgv-rjh5
- Warn: Project is vulnerable to: GHSA-g644-9gfx-q4q4
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
2.8
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More