Security News
MCP Steering Committee Launches Official MCP Registry in Preview
The MCP Steering Committee has launched the official MCP Registry in preview, a central hub for discovering and publishing MCP servers.
By Sarah Gooding - Sep 09, 2025
@fresh-js/crypto
Advanced tools
Package was removed
Sorry, it seems this package was removed from the registry
@fresh-js/crypto
:warning: _This package is a work in progress and has not yet been vetted for production use._
Fresh Crypto
:warning: This package is a work in progress and has not yet been vetted for production use.
The @fresh-js/crypto package provides JavaScript cryptographic utilities needed to manage keys,
sign transactions and verify signatures for the Flow blockchain.
Functionality
Currently this package only supports ECDSA key generation and signing on the NIST P-256 and secp25k1 curves, using either SHA2 or SHA3 hashing.
- ECDSA signing and verification is provided by indutny/elliptic.
- SHA2 hashing is provided by the Node.js crypto module.
- SHA3 hashing is provided by phusion/node-sha3.
Install
npm i @fresh-js/crypto
Usage Examples
Sign a message
Sign a message with a P-256 private key and SHA3 hashing:
import { HashAlgorithm, InMemoryECPrivateKey, InMemoryECSigner, SignatureAlgorithm } from '@fresh-js/crypto';
const PRIVATE_KEY_HEX = 'xxxx';
const privateKey = InMemoryECPrivateKey.fromHex(PRIVATE_KEY_HEX, SignatureAlgorithm.ECDSA_P256);
const signer = new InMemoryECSigner(privateKey, HashAlgorithm.SHA3_256);
const message = Buffer.from("deadbeef", "hex");
const signature = signer.sign(message);
FAQs
:warning: _This package is a work in progress and has not yet been vetted for production use._
The npm package @fresh-js/crypto receives a total of 0 weekly downloads. As such, @fresh-js/crypto popularity was classified as not popular.
We found that @fresh-js/crypto demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 17 Aug 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Introducing Pull Request Stories to Help Security Teams Track Supply Chain Risks
Socket’s new Pull Request Stories give security teams clear visibility into dependency risks and outcomes across scanned pull requests.
By André Staltz - Sep 08, 2025
Research
/Security News
npm Author Qix Compromised via Phishing Email in Major Supply Chain Attack
npm author Qix’s account was compromised, with malicious versions of popular packages like chalk-template, color-convert, and strip-ansi published.
By Sarah Gooding, Olivia Brown, Kush Pandya, Philipp Burckhardt, Peter van der Zee, Douglas Coburn - Sep 08, 2025