Security News
crates.io Ships Security Tab and Tightens Publishing Controls
crates.io adds a Security tab backed by RustSec advisories and narrows trusted publishing paths to reduce common CI publishing risks.
By Sarah Gooding - Jan 27, 2026
Latest Socket ResearchMalicious Chrome Extension Performs Hidden Affiliate Hijacking.Details →
encryption-encoding
Advanced tools
encryption-encoding
Compact encoding for versioned encrypted values with automatic string/buffer handling.
encryption-encoding
Versioned encryption encoding using hyperschema.
Installation
npm install encryption-encoding
Usage
const sodium = require('sodium-universal')
const b4a = require('b4a')
const { encrypt, decrypt } = require('encryption-encoding')
const password = b4a.alloc(32)
// ... fill password
const encrypted = await encrypt(plaintext, async (value) => {
const buffer = b4a.allocUnsafe(
value.byteLength +
sodium.crypto_secretbox_MACBYTES +
sodium.crypto_secretbox_NONCEBYTES
)
const nonce = buffer.subarray(0, sodium.crypto_secretbox_NONCEBYTES)
const box = buffer.subarray(nonce.byteLength)
sodium.randombytes_buf(nonce)
sodium.crypto_secretbox_easy(box, value, nonce, password)
return { value: buffer, version: 1 }
})
const decrypted = await decrypt(encrypted, async ({ value, version }) => {
const nonce = value.subarray(0, sodium.crypto_secretbox_NONCEBYTES)
const box = value.subarray(nonce.byteLength)
const output = b4a.allocUnsafe(box.byteLength - sodium.crypto_secretbox_MACBYTES)
sodium.crypto_secretbox_open_easy(output, box, nonce, password)
return output
})
API
await encrypt(data, callback)
Calls callback(data) which should return { value, version }, then encodes the result using hyperschema.
await decrypt(buffer, callback)
Decodes the buffer to { version, value }, passes it to callback, and returns the result.
License
Apache-2.0
FAQs
Compact encoding for versioned encrypted values with automatic string/buffer handling.
The npm package encryption-encoding receives a total of 1,737 weekly downloads. As such, encryption-encoding popularity was classified as popular.
We found that encryption-encoding demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 15 Jan 2026
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Malicious Chrome Extension Performs Hidden Affiliate Hijacking
A Chrome extension claiming to hide Amazon ads was found secretly hijacking affiliate links, replacing creators’ tags with its own without user consent.
By Kush Pandya - Jan 27, 2026
Security News
curl Shuts Down Bug Bounty Program After Flood of AI Slop Reports
A surge of AI-generated vulnerability reports has pushed open source maintainers to rethink bug bounties and tighten security disclosure processes.
By Sarah Gooding - Jan 23, 2026