@f0rest8/metamorphic-crypto 0.3.5 → 0.3.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +22 -0
- package/metamorphic_crypto.d.ts +2 -2
- package/metamorphic_crypto_bg.wasm +0 -0
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -151,6 +151,28 @@ Decryption always auto-detects the level from the ciphertext version tag.
|
|
|
151
151
|
- OS CSPRNG via `getrandom` (no userspace PRNG)
|
|
152
152
|
- Hybrid construction: both ML-KEM AND X25519 must be broken to compromise a sealed key
|
|
153
153
|
|
|
154
|
+
## Network access
|
|
155
|
+
|
|
156
|
+
Security scanners (e.g. Socket) may flag this package for "network access."
|
|
157
|
+
This is the standard `wasm-bindgen` loader, which calls `fetch()` for a **single**
|
|
158
|
+
purpose: to load the package's own `.wasm` binary when you call the default
|
|
159
|
+
`init()` export. There are no other network calls — no telemetry, no remote
|
|
160
|
+
code, no install scripts.
|
|
161
|
+
|
|
162
|
+
The fetched URL is whatever **you** pass to `init()`. With no argument it
|
|
163
|
+
defaults to the `.wasm` file shipped alongside the JS (`new URL('metamorphic_crypto_bg.wasm', import.meta.url)`),
|
|
164
|
+
i.e. a same-origin asset you control.
|
|
165
|
+
|
|
166
|
+
If you want zero network capability, use the synchronous initializer with bytes
|
|
167
|
+
you load yourself — it never calls `fetch`:
|
|
168
|
+
|
|
169
|
+
```js
|
|
170
|
+
import { initSync } from "@f0rest8/metamorphic-crypto";
|
|
171
|
+
|
|
172
|
+
// e.g. bytes from your bundler, a same-origin path, or an embedded buffer
|
|
173
|
+
initSync({ module: wasmBytes });
|
|
174
|
+
```
|
|
175
|
+
|
|
154
176
|
## Integrity verification
|
|
155
177
|
|
|
156
178
|
Every release includes SHA-512 checksums and [cosign](https://docs.sigstore.dev/cosign/overview/) signatures for supply chain verification:
|
package/metamorphic_crypto.d.ts
CHANGED
|
@@ -144,10 +144,10 @@ export interface InitOutput {
|
|
|
144
144
|
readonly generateRecoveryKey: (a: number) => void;
|
|
145
145
|
readonly recoveryKeyToSecret: (a: number, b: number, c: number) => void;
|
|
146
146
|
readonly parseSaltFromKeyHash: (a: number, b: number, c: number) => void;
|
|
147
|
-
readonly decryptPrivateKeyWithRecovery: (a: number, b: number, c: number, d: number, e: number) => void;
|
|
148
|
-
readonly decryptSecretboxToString: (a: number, b: number, c: number, d: number, e: number) => void;
|
|
149
147
|
readonly encryptSecretboxString: (a: number, b: number, c: number, d: number, e: number) => void;
|
|
150
148
|
readonly encryptPrivateKeyForRecovery: (a: number, b: number, c: number, d: number, e: number) => void;
|
|
149
|
+
readonly decryptSecretboxToString: (a: number, b: number, c: number, d: number, e: number) => void;
|
|
150
|
+
readonly decryptPrivateKeyWithRecovery: (a: number, b: number, c: number, d: number, e: number) => void;
|
|
151
151
|
readonly __wbindgen_export: (a: number, b: number) => number;
|
|
152
152
|
readonly __wbindgen_export2: (a: number, b: number, c: number, d: number) => number;
|
|
153
153
|
readonly __wbindgen_export3: (a: number) => void;
|
|
Binary file
|
package/package.json
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
"name": "@f0rest8/metamorphic-crypto",
|
|
3
3
|
"type": "module",
|
|
4
4
|
"description": "Zero-knowledge end-to-end encryption with post-quantum hybrid KEM (ML-KEM-768/1024 + X25519)",
|
|
5
|
-
"version": "0.3.
|
|
5
|
+
"version": "0.3.6",
|
|
6
6
|
"license": "MIT OR Apache-2.0",
|
|
7
7
|
"repository": {
|
|
8
8
|
"type": "git",
|