Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt - Nov 14, 2025
keytar - Node module to manage system keychain
A native Node module to get, add, replace, and delete passwords in system's keychain. On macOS the passwords are managed by the Keychain, on Linux they are managed by the Secret Service API/libsecret, and on Windows they are managed by Credential Vault.
Installing
npm install keytar
On Linux
Currently this library uses libsecret so you may need to install it before running npm install.
Depending on your distribution, you will need to run the following command:
- Debian/Ubuntu:
sudo apt-get install libsecret-1-dev - Red Hat-based:
sudo yum install libsecret-devel - Arch Linux:
sudo pacman -S libsecret
Building
- Clone the repository
- Run
npm install - Run
npm testto run the tests
Docs
const keytar = require('keytar')
Every function in keytar is asynchronous and returns a promise. The promise will be rejected with any error that occurs or will be resolved with the function's "yields" value.
getPassword(service, account)
Get the stored password for the service and account.
service - The string service name.
account - The string account name.
Yields the string password or null if an entry for the given service and account was not found.
setPassword(service, account, password)
Save the password for the service and account to the keychain. Adds a new entry if necessary, or updates an existing entry if one exists.
service - The string service name.
account - The string account name.
password - The string password.
Yields nothing.
deletePassword(service, account)
Delete the stored password for the service and account.
service - The string service name.
account - The string account name.
Yields true if a password was deleted, or false if an entry with the given service and account was not found.
findPassword(service)
Find a password for the service in the keychain.
service - The string service name.
Yields the string password, or null if an entry for the given service and account was not found.
findCredentials(service)
Find all accounts and password for the service in the keychain.
service - The string service name.
Yields an array of { account: 'foo', password: 'bar' }.
Other packages similar to keytar
osx-keychain
The osx-keychain package is another macOS-specific package that allows you to interact with the macOS Keychain. It provides methods to add, find, and delete keychain items. It is similar to keytar but limited to macOS.
wincred
The wincred package is a Windows-specific package that allows you to store and retrieve credentials using the Windows Credential Manager. It provides similar functionality to keytar but is limited to the Windows platform.
FAQs
Bindings to native Mac/Linux/Windows password APIs
The npm package keytar receives a total of 981,524 weekly downloads. As such, keytar popularity was classified as popular.
We found that keytar demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 12 open source maintainers collaborating on the project.
Package last updated on 22 Mar 2018
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025