Gathering detailed insights and metrics for bigint-crypto-utils
Gathering detailed insights and metrics for bigint-crypto-utils
Utils for working with cryptography using native JS implementation of BigInt. It includes arbitrary precision modular arithmetics, cryptographically secure random numbers and strong probable prime generation/testing. It works with Node.js, and native JS, including React and Angular
Installations
npm install bigint-crypto-utilsDeveloper Guide
BETA
Typescript
Yes
Module System
ESM, UMD
Min. Node Version
>=14.0.0
Node Version
18.16.1
NPM Version
9.5.1
Score
99.1
Supply Chain
95
Quality
76.1
Maintenance
100
Vulnerability
100
License
Releases
Unable to fetch releases
Languages
2
JavaScript
TypeScript
JavaScript (55.69%)
TypeScript (44.31%)
Developer
juanelas
Download Statistics
Total Downloads
16,702,112
Last Day
17,774
Last Week
102,810
Last Month
482,204
Last Year
5,549,670
GitHub Statistics
MIT License
37 Stars
259 Commits
3 Forks
3 Watchers
3 Branches
4 Contributors
Updated on Jun 01, 2024
Bundle Size
8.44 kB
Minified
3.02 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
3.3.0
Package Id
bigint-crypto-utils@3.3.0
Unpacked Size
118.31 kB
Size
25.57 kB
File Count
45
NPM Version
9.5.1
Node Version
18.16.1
Published on
Jun 29, 2023
Total Downloads
Cumulative downloads
Total Downloads
16,702,112
Last Day
-9.6%
17,774
Compared to previous day
Last Week
-0.6%
102,810
Compared to previous week
Last Month
-15.7%
482,204
Compared to previous month
Last Year
-32%
5,549,670
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
29
@rollup/plugin-commonjs@rollup/plugin-inject@rollup/plugin-json@rollup/plugin-multi-entry@rollup/plugin-node-resolve@rollup/plugin-replace@rollup/plugin-terser@rollup/plugin-typescript@types/chai@types/mochabigint-mod-arithc8chaidotenvglobjson5minimatchmochanpm-run-allpiratespuppeteerrimrafrolluprollup-plugin-dtsts-standardtslibtypedoctypedoc-plugin-markdowntypescript
bigint-crypto-utils
Arbitrary precision modular arithmetic, cryptographically secure random numbers and strong probable prime generation/testing.
It relies on the native JS implementation of (BigInt). It can be used by any Web Browser or webview supporting BigInt and with Node.js (>=10.4.0). The bundles can be imported directly by the browser or in Angular projects, React apps, Node.js, etc.
Secure random numbers are generated using the native crypto implementation of the browsers (Web Cryptography API) or Node.js Crypto. Strong probable prime generation and testing use Miller-Rabin primality tests and are automatically sped up using parallel workers both in browsers and Node.js.
The operations supported on BigInts are not constant time. BigInt can be therefore unsuitable for use in cryptography. Many platforms provide native support for cryptography, such as Web Cryptography API or Node.js Crypto.
Usage
bigint-crypto-utils can be imported to your project with npm:
1npm install bigint-crypto-utils
Then either require (Node.js CJS):
1const bigintCryptoUtils = require('bigint-crypto-utils')
or import (JavaScript ES module):
1import * as bigintCryptoUtils from 'bigint-crypto-utils'
The appropriate version for browser or node is automatically exported.
bigint-crypto-utilsuses ES2020 BigInt, so take into account that:
- If you experience issues using webpack/babel to create your production bundles, you may edit the supported browsers list and leave only supported browsers and versions. The browsers list is usually located in your project's
package.jsonor the.browserslistrcfile.- In order to use
bigint-crypto-utilswith TypeScript you need to settarget, andlibandmoduleif in use, toES2020in your project'stsconfig.json.
You can also download the IIFE bundle, the ESM bundle or the UMD bundle and manually add it to your project, or, if you have already installed bigint-crypto-utils in your project, just get the bundles from node_modules/bigint-crypto-utils/dist/bundles/.
An example of usage could be (complete examples can be found in the examples directory):
1/* A BigInt with value 666 can be declared calling the bigint constructor as 2BigInt('666') or with the shorter 666n. 3Notice that you can also pass a number to the constructor, e.g. BigInt(666). 4However, it is not recommended since values over 2**53 - 1 won't be safe but 5no warning will be raised. 6*/ 7const a = BigInt('5') 8const b = BigInt('2') 9const n = 19n 10 11console.log(bigintCryptoUtils.modPow(a, b, n)) // prints 6 12 13console.log(bigintCryptoUtils.modInv(2n, 5n)) // prints 3 14 15console.log(bigintCryptoUtils.modInv(BigInt('3'), BigInt('5'))) // prints 2 16 17console.log(bigintCryptoUtils.randBetween(2n ** 256n)) // prints a cryptographically secure random number between 1 and 2**256 (both included). 18 19async function primeTesting (): void { 20 // Let us print out a probable prime of 2048 bits 21 console.log(await bigintCryptoUtils.prime(2048)) 22 23 // Testing if number is a probable prime (Miller-Rabin) 24 const number = 27n 25 const isPrime = await bigintCryptoUtils.isProbablyPrime(number) 26 if (isPrime === true) { 27 console.log(`${number} is prime`) 28 } else { 29 console.log(`${number} is composite`) 30 } 31} 32 33primeTesting() 34
API reference documentation
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
dependency not pinned by hash detected -- score normalized to 4
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/juanelas/bigint-crypto-utils/build-and-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/juanelas/bigint-crypto-utils/build-and-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/juanelas/bigint-crypto-utils/build-and-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/juanelas/bigint-crypto-utils/build-and-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/juanelas/bigint-crypto-utils/build-and-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/juanelas/bigint-crypto-utils/build-and-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/juanelas/bigint-crypto-utils/build-and-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/juanelas/bigint-crypto-utils/build-and-test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-and-test.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/juanelas/bigint-crypto-utils/build-and-test.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/build-and-test.yml:53
- Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 3 out of 4 npmCommand dependencies pinned
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/build-and-test.yml:1
- Info: no jobLevel write permissions found
Reason
Found 0/30 approved changesets -- score normalized to 0
Reason
no SAST tool detected
Details
- Warn: no pull requests merged into dev branch
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
15 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx
- Warn: Project is vulnerable to: GHSA-cchq-frgv-rjh5
- Warn: Project is vulnerable to: GHSA-g644-9gfx-q4q4
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
2.8
/10
Last Scanned on 2025-04-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More