Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
@nillion/nilql
Advanced tools
@nillion/nilql
Library for working with encrypted data within NilDB queries and replies.
nilQL
Library for working with encrypted data within nilDB queries and replies.
Description and Purpose
This library provides cryptographic operations that are compatible with nilDB nodes and clusters, allowing developers to leverage certain privacy-enhancing technologies (PETs) when storing, operating upon, and retrieving data while working with nilDB. The table below summarizes the functionalities available in nilQL.
| Cluster | Operation | Implementation Details | Supported Types |
|---|---|---|---|
| single node | store | XSalsa20 stream cipher and Poly1305 MAC | 32-bit signed integer; UTF-8 string (<4097 bytes) |
| single node | match | deterministic salted hashing via SHA-512 | 32-bit signed integer; UTF-8 string (<4097 bytes) |
| single node | sum | non-deterministic Paillier with 2048-bit primes | 32-bit signed integer |
| multiple nodes | store | XOR-based secret sharing | 32-bit signed integer; UTF-8 string (<4097 bytes) |
| multiple nodes | match | deterministic salted hashing via SHA-512 | 32-bit signed integer; UTF-8 string (<4097 bytes) |
| multiple nodes | sum | additive secret sharing (no threshold; prime modulus 2^32 + 15) | 32-bit signed integer |
| multiple nodes | sum | Shamir's secret sharing (with threshold; prime modulus 2^32 + 15) | 32-bit signed integer |
Package Installation and Usage
The package can be installed using pnpm:
pnpm install
The library can be imported in the usual way:
import { nilql } from "@nillion/nilql";
An example demonstrating use of the library is presented below:
const cluster = {"nodes": [{}, {}]};
const secretKey = await nilql.SecretKey.generate(cluster, {"sum": true});
const plaintext = BigInt(123);
const ciphertext = await nilql.encrypt(secretKey, plaintext);
const decrypted = await nilql.decrypt(secretKey, ciphertext);
console.log(plaintext, decrypted); // Should output `123n 123n`.
Testing and Conventions
All unit tests are executed and their coverage measured with vitest:
pnpm test
Style conventions are enforced using biomejs:
pnpm lint
Types are checked with:
pnpm typecheck
The distribution files are checked with:
pnpm exportscheck
Contributions
In order to contribute, open an issue or submit a pull request on the GitHub. To enforce conventions, git hooks are provided and can be setup with:
pnpm install-hooks
Versioning
The version number format for this library and the changes to the library associated with version number increments conform with Semantic Versioning 2.0.0.
FAQs
Library for working with encrypted data within NilDB queries and replies.
We found that @nillion/nilql demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 11 Apr 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025