New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

hcef

Package Overview
Dependencies
Maintainers
1
Versions
6
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

hcef

File Encryption For Production Use. Test and well maintained.

latest
Source
npmnpm
Version
2.5.2
Version published
Maintainers
1
Created
Source

hcef

npm version GitHub issues Maintenance Known Vulnerabilities

hcef is a fast and secure Node.js native addon written in C++ that provides file encryption with custom obfuscation and HMAC integrity verification. Built using OpenSSL and N-API.

Features

  • OpenSSL-backed
  • HMAC-SHA256 integrity check
  • Obfuscation: Caesar cipher, XOR, and byte reversal
  • Uses salt and IV for each encryption
  • Secure key derivation (PBKDF2-HMAC-SHA256-ARGON2)
  • Automatic Base64 encoding for file structure
  • Native performance with clean memory handling
  • Zlib package for compression

Installation

npm install hcef

Note: Requires a C++17-compatible compiler, node-gyp, and OpenSSL development headers installed.

Usage

Encrypt a file

const hcef = require('hcef');

const result = hcef.encrypt('example.txt', 'myStrongPassword123');
console.log(result);

Decrypt a file

const hcef = require('hcef');

const result = hcef.decrypt('example.txt.enf', 'myStrongPassword123');
console.log(result);

The output will be saved to example.txt.enf (encrypted) and example.txt.enf.dnf (decrypted)

File Format Structure

The encrypted file is a Base64-encoded string containing:

MAGIC_HEADER:salt:iv:mac:ciphertext
  • MAGIC_HEADER: To verify the file is encrypted using hcrypt-native
  • salt, iv, mac, and ciphertext are all base64-encoded

Security

  • Keys are derived using 100,000 PBKDF2 iterations (HMAC-SHA256)
  • HMAC prevents tampering and verifies integrity before decryption
  • Memory is securely wiped using OPENSSL_cleanse
  • Uses Both PBKDF2 and ARGON2 To Slow Down Brute Force Attacking [Latest Release]
  • zlib compression.

While this project is production-hardened, always stay updated with the latest OpenSSL and test thoroughly in your environment.

Development & Testing

This package is actively maintained and tested with:

  • Manual encryption-decryption consistency checks
  • Corruption resilience tests (tampered file detection)
  • Compatibility checks across major platforms

License

MIT

Contributing

Pull requests and suggestions are welcome. Please open issues to report bugs or request features.

Changelog

VersionStatusDescription
2.2.6StableStable and secure, but many dependencies. Try using the latest.
2.3.7StableStable release with added security layers.
2.4.3+StableStable Release Added zlib for compression
2.5.2LatestLatest Release Adds Smart error handling, and Key Encryption Smart Handling

Author

Developed and maintained by Jeck

Keywords

encrypt
decrypt
algrothim
file
hcrypt

FAQs

Package last updated on 15 May 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Security News

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.

By Sarah Gooding  -  Apr 03, 2026