Back to Explore

paulmillr/noble-ciphers

GitHub
1 updates · last 90 days1 watchersOpen source

Last release: 1 month ago

Audited, minimal JavaScript/TypeScript library that implements Salsa20, ChaCha, and AES ciphers, including modes like AES-GCM and Salsa20/XChaCha20-Poly1305. It is useful for encrypting and decrypting data in JS apps, with optional helpers like a “managedNonce” API and a WebCrypto-based AES wrapper.

Project status

  • Actively maintained: the upstream repo shows a recent push on 2026-05-26, and recent version updates (2.2.0, 2.1.1, 2.0.1) indicate ongoing work rather than a freeze.
  • Update cadence appears moderately steady, with updates roughly every 2 to 4 months between 2025-09-22 (2.0.1) and 2025-12-07 (2.1.1), then 2026-04-11 (2.2.0).

AI summary generated Today

AI-generated from public sources. May be inaccurate. Report

Recent updates

  • 2.2.0

    1 month ago

    Release 2.2.0 focuses on compatibility and hardening: fixes incorrect counter wrapping in the webcrypto implementation, prevents MAC corruption on oversized outputs, and improves TypeScript byte array typing across TS 5.6 and TS 5.9+. It also refactors internals for better endianness support (big-endian friendliness), improves zeroization, and reduces bundle sizes through better tree-shaking, with extensive documentation updates.

    Security

  • 2.1.1

    6 months ago

    Release 2.1.1 adds an AES-SIV (RFC 5297) implementation and updates project tooling/provenance handling. The codebase also introduces a new CMAC implementation and associated test vectors. Despite the release notes mentioning only AES-SIV and the deprecation of the old `siv` alias, the actual diff shows a more disruptive change to the public AES exports.

    BreakingFeatures

  • 2.0.1

    8 months ago

    Release 2.0.1 primarily updates the package export map in package.json. This disables extension-less subpath imports (for example, you must import /chacha.js instead of /chacha) and adds explicit exported submodules for better TypeScript autocompletion.

    BreakingFeatures

  • 2.0.0

    9 months ago

    Release 2.0.0 makes the package ESM-only and requires Node v20.19+ and explicit `.js` extensions in imports. It also refactors utilities and hash input validation, moves WebCrypto helpers, and improves error message detail. The diff shows additional API and type-level changes beyond what is fully covered in the release notes.

    BreakingFeatures

  • 1.3.0

    4/24/2025

    Release 1.3.0 modernizes module import ergonomics by adding `.js` deep-import entrypoints, and improves hex conversion performance by using built-in `Uint8Array.toHex/fromHex` when available. It also renames the AES-GCM-SIV export from `siv` to `gcmsiv`, refactors `_assert` helpers into `utils`, and updates Node.js `randomBytes` to consistently return `Uint8Array`.

    Features

  • 1.2.1

    1/18/2025

    Release 1.2.1 focuses on TypeScript module syntax changes intended to work with future Node.js type stripping, as reflected by many `type`-only import adjustments across the codebase. The published code diff also includes test/CI workflow rework and documentation formatting changes, none of which are mentioned in the (very minimal) release notes.

  • 1.2.0

    1/3/2025

    Release 1.2.0 primarily increases documentation and TypeScript ergonomics (JSR publishing, TypeScript 5.5 isolatedDeclarations, and extensive inline comments). The diff also shows several internal refactors and type-only adjustments, plus a few export removals that could affect deep imports.

    Breaking

  • 1.1.3

    11/30/2024

    Release 1.1.3 hardens how the library validates input and output buffers, with special handling to preserve correct overlapping input/output behavior for Salsa20-Poly1305 and ChaCha20-Poly1305. The diff shows internal refactors to overlap validation and to the Poly1305 AEAD code paths, plus additional alignment and type checks.

    Features

  • 1.1.2

    11/28/2024

    Release 1.1.2 introduces a safety check to prevent encryption and decryption from writing into output buffers that overlap with the input buffer. This is intended to avoid memory corruption when developers reuse the same underlying ArrayBuffer for both input and output.

    Breaking

  • 1.1.1

    11/26/2024

    Release 1.1.1 focuses on fixing cipher behavior when developers provide unaligned `output`/`dst` buffers, and on ensuring the output is cleared (zeroized) before being written to. The code implements this via a new `getOutput` helper used across cipher implementations.

    Breaking