New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details
Socket
Book a DemoSign in
Socket
Book a DemoSign in

staticvault

Package Overview
Dependencies
Maintainers
1
Versions
9
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

staticvault

Encrypt, host, and share files on a static website

latest
Source
npmnpm
Version
1.1.4
Version published
Weekly downloads
7
-30%
Maintainers
1
Weekly downloads
 
Created
Source

StaticVault

StaticVault lets you create an encrypted, client-decryptable file system that can be hosted on static web platforms like S3, GitHub Pages, or any CDN. Ideal for secure, private content delivery, and easily hosted on static blogs (Hugo, Jekyll, etc).

You encrypt and manage your files locally, then deploy the encrypted vault. A lightweight browser-based app (included) allows in-browser decryption and previews of text and images.

Demo vault (password: hello).

Features

  • Encrypt files locally
  • Host anywhere: S3, Netlify, GitHub Pages, etc
  • Duplicate files are only stored once
  • CLI for creating, ingesting, listing, and extracting files

Client features:

  • Mobile friendly site for browsing files
  • Preview images/text in browser
  • Share files/folders with friends
  • Set expiration for shared links (enforced client-side)

Quick Start

You don't need to install anything globally - just use npx:

npx staticvault init path/to/vault
npx staticvault ingest path/to/vault path/to/files

Then upload the contents of path/to/vault to your static site host.

Your newly created vault includes the client, index.html, and library index.min.js, which you can access on your site.

Commands

npx staticvault <command> [arguments]

chpass

Change vault password.

npx staticvault chpass <vault> [-p password] [-n newpassword]

dump

Decrypt the vault into a directory.

npx staticvault dump <vault> <destination> [-p password]

init

Initialize a new vault.

npx staticvault init <vault> [-p password] [-d difficulty]

ingest

Encrypt and add files to an existing vault. Use -i to ignore files/folders based on a pattern (*, **, and ? supported).

npx staticvault ingest <vault> <source> [-i ignore]+ [-p password]

rekey

Generates new encryption keys. By default, this will rotate the metadata keys. Use -a to rotate the file keys as well, but this will mean re-encrypting all files, which could be expensive.

Useful for revoking access to all shared links.

npx staticvault rekey <vault> [-p password] [-a]

rm

Remove a file or folder from the vault.

npx staticvault rm <vault> <path> [-p password]

test

Run internal tests.

npx staticvault test

tree

List the contents of the vault.

npx staticvault tree <vault> [-p password]

version

Output version.

npx staticvault version

Example Workflow

npx staticvault init myvault
npx staticvault ingest myvault ./blog-attachments
npx staticvault tree myvault

Then upload the contents of myvault/ to your static host.

Keywords

encryption
static hosting
static site
s3
netlify
github pages

FAQs

Package last updated on 16 Jul 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Socket Selected for OpenAI's Cybersecurity Grant Program

Company News

/

Security News

Socket Selected for OpenAI's Cybersecurity Grant Program

Socket is an initial recipient of OpenAI's Cybersecurity Grant Program, which commits $10M in API credits to defenders securing open source software.

By Sarah Gooding  -  Apr 16, 2026