Gathering detailed insights and metrics for react-native-fast-openpgp
Gathering detailed insights and metrics for react-native-fast-openpgp
OpenPGP for react native made with golang for fast performance
Installations
npm install react-native-fast-openpgpDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Min. Node Version
>= 18.0.0
Node Version
22.14.0
NPM Version
10.9.2
Score
51.5
Supply Chain
38.6
Quality
72.2
Maintenance
50
Vulnerability
94.1
License
Releases
33
Languages
13
TypeScript
C++
C
JavaScript
Java
Objective-C++
Ruby
Kotlin
Shell
Objective-C
CMake
Makefile
Swift
TypeScript (75.26%)
C++ (6.03%)
C (4.89%)
JavaScript (4.42%)
Java (2.67%)
Objective-C++ (1.91%)
Ruby (1.34%)
Kotlin (1.19%)
Shell (1.09%)
Objective-C (0.82%)
CMake (0.28%)
Makefile (0.06%)
Swift (0.02%)
Developer
Download Statistics
Total Downloads
125,103
Last Day
12
Last Week
1,229
Last Month
3,848
Last Year
28,316
GitHub Statistics
MIT License
51 Stars
287 Commits
19 Forks
3 Watchers
11 Branches
3 Contributors
Updated on May 17, 2025
Bundle Size
97.75 kB
Minified
16.20 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
2.9.2
Package Id
react-native-fast-openpgp@2.9.2
Unpacked Size
44.94 MB
Size
17.22 MB
File Count
442
NPM Version
10.9.2
Node Version
22.14.0
Published on
Apr 23, 2025
Total Downloads
Cumulative downloads
Total Downloads
125,103
Dependencies
2
Peer Dependencies
2
Dev Dependencies
21
@commitlint/config-conventional@evilmartians/lefthook@react-native/eslint-config@release-it/conventional-changelog@types/jest@types/react@types/react-nativecommitlintdel-clieslinteslint-config-prettiereslint-plugin-prettierjestpod-installprettierreactreact-nativereact-native-builder-bobrelease-itturbotypescript
react-native-fast-openpgp
Getting started
$ npm install react-native-fast-openpgp --save
JSI
If you want to use with NativeModules instead of JSI you need to set
1import OpenPGP from "react-native-fast-openpgp"; 2 3OpenPGP.useJSI = false;
if you need to use generate methods it is a good idea to disable it, because for now JSI will block your UI but it is faster compared to NativeModules
Usage
Encrypt methods
1import OpenPGP from "react-native-fast-openpgp"; 2 3const encrypted = await OpenPGP.encrypt(message: string, publicKey: string, signedEntity?: Entity, fileHints?: FileHints, options?: KeyOptions ): Promise<string>; 4const encrypted = await OpenPGP.encryptBytes(message: Uint8Array, publicKey: string, signedEntity?: Entity, fileHints?: FileHints, options?: KeyOptions ): Promise<Uint8Array>; 5const outputFile = await OpenPGP.encryptFile(inputFile: string, outputFile: string, publicKey: string, signedEntity?: Entity, fileHints?: FileHints, options?: KeyOptions): Promise<number>; 6 7const encryptedSymmetric = await OpenPGP.encryptSymmetric(message: string, passphrase: string, fileHints?: FileHints, options?: KeyOptions ): Promise<string>; 8const encryptedSymmetric = await OpenPGP.encryptSymmetricBytes(message: Uint8Array, passphrase: string, fileHints?: FileHints, options?: KeyOptions ): Promise<Uint8Array>; 9const outputFile = await OpenPGP.encryptSymmetricFile(inputFile: string, outputFile: string, passphrase: string, fileHints?: FileHints, options?: KeyOptions ): Promise<number> ;
Decrypt methods
1import OpenPGP from "react-native-fast-openpgp"; 2 3const decrypted = await OpenPGP.decrypt(message: string, privateKey: string, passphrase: string, options?: KeyOptions ): Promise<string>; 4const decrypted = await OpenPGP.decryptBytes(message: Uint8Array, privateKey: string, passphrase: string, options?: KeyOptions ): Promise<Uint8Array>; 5const outputFile = await OpenPGP.decryptFile(inputFile: string, outputFile: string, privateKey: string, passphrase: string, options?: KeyOptions ): Promise<number>; 6 7const decryptedSymmetric = await OpenPGP.decryptSymmetric(message: string, passphrase: string, options?: KeyOptions ): Promise<string>; 8const decryptedSymmetric = await OpenPGP.decryptSymmetricBytes(message: Uint8Array, passphrase: string, options?: KeyOptions ): Promise<Uint8Array>; 9const outputFile = await OpenPGP.decryptSymmetricFile(inputFile: string, outputFile: string, passphrase: string, options?: KeyOptions ): Promise<number> ;
Sign and Verify methods
1import OpenPGP from "react-native-fast-openpgp"; 2 3const signed = await OpenPGP.sign(message: string, privateKey: string, passphrase: string, options?: KeyOptions ): Promise<string>; 4const signed = await OpenPGP.signBytes(message: Uint8Array, privateKey: string, passphrase: string, options?: KeyOptions ): Promise<Uint8Array>; 5const signed = await OpenPGP.signBytesToString(message: Uint8Array, privateKey: string, passphrase: string, options?: KeyOptions ): Promise<string>; 6const signed = await OpenPGP.signFile(inputFile: string, privateKey: string, passphrase: string, options?: KeyOptions ): Promise<string>; 7 8const verified = await OpenPGP.verify(signature: string, message: string, publicKey: string ): Promise<boolean>; 9const verified = await OpenPGP.verifyBytes(signature: string, message: Uint8Array, publicKey: string ): Promise<boolean>; 10const verified = await OpenPGP.verifyFile(signature: string, inputFile: string,publicKey: string): Promise<boolean>;
Generate
1import OpenPGP from "react-native-fast-openpgp"; 2 3const generated = await OpenPGP.generate(options: Options): Promise<KeyPair>;
Convert methods
1import OpenPGP from "react-native-fast-openpgp"; 2 3const publicKey = await OpenPGP.convertPrivateKeyToPublicKey(privateKey: string): Promise<string>;
Metadata methods
1import OpenPGP from "react-native-fast-openpgp"; 2 3const metadata1 = await OpenPGP.getPublicKeyMetadata(publicKey: string): Promise<PublicKeyMetadata>; 4const metadata2 = await OpenPGP.getPrivateKeyMetadata(privateKey: string): Promise<PrivateKeyMetadata>;
Encrypt with multiple keys
1import OpenPGP from "react-native-fast-openpgp"; 2 3const publicKeys = `-----BEGIN PGP PUBLIC KEY BLOCK----- 4 5mQENBF0Tpe0BCADm+ja4vMKuodkQEhLm/092M/6gt4TaKwzv8QcA53/FrM3g8wab 6D4m65Neoc7DBEdvzgK9IUMpwG5N0t+0pfWLhs8AZdMxE7RbP 7=kbtq 8-----END PGP PUBLIC KEY BLOCK----- 9-----BEGIN PGP PUBLIC KEY BLOCK----- 10 11mQENBF0Tpe0BCADm+ja4vMKuodkQEhLm/092M/6gt4TaKwzv8QcA53/FrM3g8wab 12D4m65Neoc7DBEdvzgK9IUMpwG5N0t+0pfWLhs8AZdMxE7RbP 13=kbtq 14-----END PGP PUBLIC KEY BLOCK----- 15-----BEGIN PGP PUBLIC KEY BLOCK----- 16 17mQENBF0Tpe0BCADm+ja4vMKuodkQEhLm/092M/6gt4TaKwzv8QcA53/FrM3g8wab 18D4m65Neoc7DBEdvzgK9IUMpwG5N0t+0pfWLhs8AZdMxE7RbP 19=kbtq 20-----END PGP PUBLIC KEY BLOCK-----`; 21const encrypted = await OpenPGP.encrypt("sample text" publicKeys);
Types
1import OpenPGP from "react-native-fast-openpgp"; 2 3export enum Algorithm { 4 RSA = 0, 5 ECDSA = 1, 6 EDDSA = 2, 7 ECHD = 3, 8 DSA = 4, 9 ELGAMAL = 5, 10} 11 12export enum Curve { 13 CURVE25519 = 0, 14 CURVE448 = 1, 15 P256 = 2, 16 P384 = 3, 17 P521 = 4, 18 SECP256K1 = 5, 19 BRAINPOOLP256 = 6, 20 BRAINPOOLP384 = 7, 21 BRAINPOOLP512 = 8, 22} 23 24export enum Hash { 25 SHA256 = 0, 26 SHA224 = 1, 27 SHA384 = 2, 28 SHA512 = 3, 29} 30 31export enum Compression { 32 NONE = 0, 33 ZLIB = 1, 34 ZIP = 2, 35} 36 37export enum Cipher { 38 AES128 = 0, 39 AES192 = 1, 40 AES256 = 2, 41 DES = 3, 42 CAST5 = 4, 43} 44 45export interface KeyOptions { 46 /** 47 * The public key algorithm to use - will always create a signing primary 48 * key and encryption subkey. 49 * @default RSA 50 */ 51 algorithm?: Algorithm; 52 53 /** 54 * Curve configures the desired packet.Curve if the Algorithm is PubKeyAlgoECDSA, 55 * PubKeyAlgoEdDSA, or PubKeyAlgoECDH. If empty Curve25519 is used. 56 * @default CURVE25519 57 */ 58 curve?: Curve; 59 60 /** 61 * RSABits is the number of bits in new RSA keys made with NewEntity. 62 * If zero, then 2048 bit keys are created. 63 * @default 2048 64 */ 65 rsaBits?: number; 66 67 /** 68 * Cipher is the cipher to be used. 69 * If zero, AES-128 is used. 70 * @default AES128 71 */ 72 cipher?: Cipher; 73 74 /** 75 * Compression is the compression algorithm to be 76 * applied to the plaintext before encryption. If zero, no 77 * compression is done. 78 * @default none 79 */ 80 compression?: Compression; 81 82 /** 83 * Hash is the default hash function to be used. 84 * If zero, SHA-256 is used. 85 * @default SHA256 86 */ 87 hash?: Hash; 88 89 /** 90 * CompressionLevel is the compression level to use. It must be set to 91 * between -1 and 9, with -1 causing the compressor to use the 92 * default compression level, 0 causing the compressor to use 93 * no compression and 1 to 9 representing increasing (better, 94 * slower) compression levels. If Level is less than -1 or 95 * more then 9, a non-nil error will be returned during 96 * encryption. See the constants above for convenient common 97 * settings for Level. 98 * @default 0 99 */ 100 compressionLevel?: number; 101} 102 103export interface Options { 104 comment?: string; 105 email?: string; 106 name?: string; 107 passphrase?: string; 108 keyOptions?: KeyOptions; 109} 110 111export interface KeyPair { 112 publicKey: string; 113 privateKey: string; 114} 115 116export interface PublicKeyMetadata { 117 keyID: string; 118 keyIDShort: string; 119 creationTime: string; 120 fingerprint: string; 121 keyIDNumeric: string; 122 isSubKey: boolean; 123} 124export interface PrivateKeyMetadata { 125 keyID: string; 126 keyIDShort: string; 127 creationTime: string; 128 fingerprint: string; 129 keyIDNumeric: string; 130 isSubKey: boolean; 131 encrypted: boolean; 132} 133 134/** 135 * An Entity represents the components of an OpenPGP key: a primary public key 136 * (which must be a signing key), one or more identities claimed by that key, 137 * and zero or more subkeys, which may be encryption keys. 138 */ 139export interface Entity { 140 publicKey: string; 141 privateKey: string; 142 passphrase?: string; 143} 144 145export interface FileHints { 146 /** 147 * IsBinary can be set to hint that the contents are binary data. 148 */ 149 isBinary?: boolean; 150 /** 151 * FileName hints at the name of the file that should be written. It's 152 * truncated to 255 bytes if longer. It may be empty to suggest that the 153 * file should not be written to disk. It may be equal to "_CONSOLE" to 154 * suggest the data should not be written to disk. 155 */ 156 fileName?: string; 157 /** 158 * ModTime format allowed: RFC3339, contains the modification time of the file, or the zero time if not applicable. 159 */ 160 modTime?: string; 161} 162
Native Code
the native library is made in Golang for faster performance
https://github.com/jerson/openpgp-mobile
Contributing
See the contributing guide to learn how to contribute to the repository and the development workflow.
License
MIT
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
binaries present in source code
Details
- Warn: binary detected: android/src/main/jniLibs/arm64-v8a/libopenpgp_bridge.so:1
- Warn: binary detected: android/src/main/jniLibs/armeabi-v7a/libopenpgp_bridge.so:1
- Warn: binary detected: android/src/main/jniLibs/x86/libopenpgp_bridge.so:1
- Warn: binary detected: android/src/main/jniLibs/x86_64/libopenpgp_bridge.so:1
- Warn: binary detected: example/android/gradle/wrapper/gradle-wrapper.jar:1
- Warn: binary detected: ios/OpenPGPBridge.xcframework/ios-arm64_x86_64-maccatalyst/OpenPGPBridge.framework/OpenPGPBridge:1
- Warn: binary detected: ios/OpenPGPBridge.xcframework/ios-arm64_x86_64-simulator/OpenPGPBridge.framework/OpenPGPBridge:1
Reason
2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Reason
Found 0/27 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/android.yml:1
- Warn: no topLevel permission defined: .github/workflows/ios.yml:1
- Warn: no topLevel permission defined: .github/workflows/npm.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/jerson/react-native-fast-openpgp/android.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/jerson/react-native-fast-openpgp/android.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/jerson/react-native-fast-openpgp/android.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/android.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/jerson/react-native-fast-openpgp/android.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/android.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/jerson/react-native-fast-openpgp/android.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/jerson/react-native-fast-openpgp/android.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/android.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/jerson/react-native-fast-openpgp/android.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ios.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/jerson/react-native-fast-openpgp/ios.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ios.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/jerson/react-native-fast-openpgp/ios.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ios.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/jerson/react-native-fast-openpgp/ios.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/jerson/react-native-fast-openpgp/npm.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/jerson/react-native-fast-openpgp/npm.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/jerson/react-native-fast-openpgp/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/jerson/react-native-fast-openpgp/release.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/android.yml:38
- Warn: npmCommand not pinned by hash: .github/workflows/android.yml:39
- Warn: npmCommand not pinned by hash: .github/workflows/android.yml:40
- Warn: npmCommand not pinned by hash: .github/workflows/ios.yml:29
- Warn: npmCommand not pinned by hash: .github/workflows/ios.yml:30
- Warn: npmCommand not pinned by hash: .github/workflows/ios.yml:31
- Info: 0 out of 10 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 4 third-party GitHubAction dependencies pinned
- Info: 0 out of 6 npmCommand dependencies pinned
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 11 are checked with a SAST tool
Reason
35 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
- Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
- Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
- Warn: Project is vulnerable to: GHSA-c2jc-4fpr-4vhg
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
- Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7
- Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
- Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
- Warn: Project is vulnerable to: GHSA-38fc-wpqx-33j7
- Warn: Project is vulnerable to: GHSA-cchq-frgv-rjh5
- Warn: Project is vulnerable to: GHSA-g644-9gfx-q4q4
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-6fc8-4gx4-v693
Score
2.1
/10
Last Scanned on 2025-06-23
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More