npm - typesecure - Versions diffs - 0.1.0 - Mend

typesecure 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2025 Arvid Berndtsson
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,165 @@
+# typesecure
+A focused TypeScript cryptography package that provides secure encryption and hashing utilities with strong typing and runtime validation using Zod.
+## Features
+- 🔐 **Strong Typing**: Built with TypeScript for complete type safety.
+- ✅ **Runtime Validation**: Uses Zod to validate inputs and ensure security.
+- 🔍 **Advanced Encryption**: AES encryption with multiple modes (CBC, CTR, GCM, ECB).
+- 🛡️ **Authenticated Encryption**: GCM mode for authenticated encryption with additional data (AAD).
+- 🔏 **Cryptographic Hashing**: SHA-256, SHA-512, SHA-3, and more.
+- 📝 **HMAC Signatures**: Create and verify message authentication codes.
+- ⏱️ **Timing-Safe Comparison**: Prevent timing attacks with constant-time string comparison.
+- 🚦 **Security Level Assessment**: Analyze and report the security level of encryption configurations.
+- 🔑 **Password Hashing**: PBKDF2 for secure password hashing with salt and configurable iterations.
+## Installation
+```bash
+# Using npm
+npm install typesecure
+# Using yarn
+yarn add typesecure
+# Using pnpm
+pnpm add typesecure
+```
+## Usage
+### Encryption with Security Assessment
+```typescript
+import { encrypt, decrypt, generateKey, getSecurityLevel, SecurityLevel } from 'typesecure';
+// Generate a secure key
+const key = generateKey();
+// Encrypt data with GCM (authenticated encryption)
+const encrypted = encrypt('Sensitive information', key, {
+  mode: 'aes-gcm',
+  aad: 'Additional authenticated data' // Optional
+});
+// Decrypt data
+const decrypted = decrypt(encrypted, key, {
+  mode: 'aes-gcm',
+  aad: 'Additional authenticated data' // Must match encryption
+});
+// Assess security level of encryption options
+const securityLevel = getSecurityLevel({ mode: 'aes-cbc', padding: 'Pkcs7' });
+if (securityLevel === SecurityLevel.HIGH) {
+  console.log('Using high security encryption configuration');
+}
+```
+### Secure Password Storage
+```typescript
+import { hashPassword, verifyPassword } from 'typesecure';
+// Hash a password with PBKDF2
+const { hash, salt, params } = hashPassword('userPassword123', {
+  algorithm: 'pbkdf2',
+  iterations: 10000,
+  saltLength: 32,
+  keyLength: 64
+});
+// Store hash, salt, and params in your database
+// Later, verify the password
+const isValid = verifyPassword('userPassword123', hash, salt, params);
+```
+### Timing-Safe Comparison and Random Bytes Generation
+```typescript
+import { timingSafeEqual, generateRandomBytes } from 'typesecure';
+// Compare strings in constant time to prevent timing attacks
+const isEqual = timingSafeEqual(userProvidedToken, storedToken);
+// Generate cryptographically secure random bytes
+const randomBytes = generateRandomBytes(32, 'hex');
+```
+### Hashing and HMAC
+```typescript
+import { hash, verifyHash, hmac } from 'typesecure';
+// Create a hash
+const hashedValue = hash('data to hash', {
+  algorithm: 'sha256',
+  encoding: 'hex'
+});
+// Verify a hash
+const isMatch = verifyHash('data to hash', hashedValue, {
+  algorithm: 'sha256',
+  encoding: 'hex'
+});
+// Create an HMAC
+const signature = hmac('message', 'secret key', {
+  algorithm: 'sha256',
+  encoding: 'base64'
+});
+```
+## API Reference
+### Encryption
+- `encrypt(text: string, key: string, options?: Partial<EncryptionOptions>): string`
+- `decrypt(encryptedText: string, key: string, options?: Partial<EncryptionOptions>): string`
+- `generateKey(length?: number): string`
+- `getSecurityLevel(options: EncryptionOptions): SecurityLevel`
+### Secure Password Storage
+- `hashPassword(password: string, options?: Partial<PasswordHashOptions>): { hash: string; salt: string; params: PasswordHashOptions }`
+- `verifyPassword(password: string, hash: string, salt: string, options?: Partial<PasswordHashOptions>): boolean`
+- `timingSafeEqual(a: string, b: string, options?: Partial<TimingSafeOptions>): boolean`
+- `generateRandomBytes(length?: number, encoding?: 'hex' | 'base64'): string`
+### Hashing
+- `hash(input: string, options?: Partial<HashOptions>): string`
+- `verifyHash(input: string, hashedValue: string, options?: Partial<HashOptions>): boolean`
+- `hmac(input: string, key: string, options?: Partial<HashOptions>): string`
+## Security Considerations
+This package implements best practices for cryptographic operations, but remember that cryptography is complex. For production applications with high security requirements, consider:
+1. Consulting a security professional
+2. Using specialized security libraries
+3. Keeping dependencies updated
+4. Implementing proper key management
+5. Using hardware security modules (HSMs) for key storage when possible
+6. Conducting regular security audits
+7. Following the latest NIST recommendations
+## Development
+To contribute to this project:
+1. Clone the repository
+2. Install dependencies with `pnpm install`
+3. Run tests with `pnpm test`
+4. Build the package with `pnpm build`
+This project uses TypeScript for type safety, Jest for testing, and ESLint for code quality.
+## License
+MIT © [Arvid Berndtsson](https://github.com/arvid-berndtsson)
+## Contributing
+Contributions are welcome! Please feel free to submit a Pull Request.

package/dist/index.d.mts ADDED Viewed

@@ -0,0 +1,237 @@
+import { z } from 'zod';
+declare const PasswordStrengthSchema: z.ZodObject<{
+    score: z.ZodNumber;
+    feedback: z.ZodObject<{
+        warning: z.ZodOptional<z.ZodString>;
+        suggestions: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    }, "strip", z.ZodTypeAny, {
+        warning?: string | undefined;
+        suggestions?: string[] | undefined;
+    }, {
+        warning?: string | undefined;
+        suggestions?: string[] | undefined;
+    }>;
+    isStrong: z.ZodBoolean;
+}, "strip", z.ZodTypeAny, {
+    score: number;
+    feedback: {
+        warning?: string | undefined;
+        suggestions?: string[] | undefined;
+    };
+    isStrong: boolean;
+}, {
+    score: number;
+    feedback: {
+        warning?: string | undefined;
+        suggestions?: string[] | undefined;
+    };
+    isStrong: boolean;
+}>;
+type PasswordStrength = z.infer<typeof PasswordStrengthSchema>;
+declare const HashOptionsSchema: z.ZodObject<{
+    algorithm: z.ZodDefault<z.ZodEnum<["md5", "sha1", "sha256", "sha512", "sha3"]>>;
+    encoding: z.ZodDefault<z.ZodEnum<["hex", "base64"]>>;
+}, "strip", z.ZodTypeAny, {
+    algorithm: "md5" | "sha1" | "sha256" | "sha512" | "sha3";
+    encoding: "hex" | "base64";
+}, {
+    algorithm?: "md5" | "sha1" | "sha256" | "sha512" | "sha3" | undefined;
+    encoding?: "hex" | "base64" | undefined;
+}>;
+type HashOptions = z.infer<typeof HashOptionsSchema>;
+declare const PasswordHashOptionsSchema: z.ZodObject<{
+    algorithm: z.ZodDefault<z.ZodEnum<["pbkdf2", "argon2", "bcrypt"]>>;
+    iterations: z.ZodDefault<z.ZodNumber>;
+    saltLength: z.ZodDefault<z.ZodNumber>;
+    keyLength: z.ZodDefault<z.ZodNumber>;
+}, "strip", z.ZodTypeAny, {
+    algorithm: "pbkdf2" | "argon2" | "bcrypt";
+    iterations: number;
+    saltLength: number;
+    keyLength: number;
+}, {
+    algorithm?: "pbkdf2" | "argon2" | "bcrypt" | undefined;
+    iterations?: number | undefined;
+    saltLength?: number | undefined;
+    keyLength?: number | undefined;
+}>;
+type PasswordHashOptions = z.infer<typeof PasswordHashOptionsSchema>;
+declare const TimingSafeOptionsSchema: z.ZodObject<{
+    encoding: z.ZodDefault<z.ZodEnum<["utf8", "hex", "base64"]>>;
+}, "strip", z.ZodTypeAny, {
+    encoding: "hex" | "base64" | "utf8";
+}, {
+    encoding?: "hex" | "base64" | "utf8" | undefined;
+}>;
+type TimingSafeOptions = z.infer<typeof TimingSafeOptionsSchema>;
+declare const EncryptionOptionsSchema: z.ZodObject<{
+    mode: z.ZodDefault<z.ZodEnum<["aes-cbc", "aes-ctr", "aes-ecb", "aes-gcm"]>>;
+    padding: z.ZodDefault<z.ZodEnum<["Pkcs7", "NoPadding", "ZeroPadding"]>>;
+    iv: z.ZodOptional<z.ZodString>;
+    authTag: z.ZodOptional<z.ZodString>;
+    aad: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    mode: "aes-cbc" | "aes-ctr" | "aes-ecb" | "aes-gcm";
+    padding: "Pkcs7" | "NoPadding" | "ZeroPadding";
+    iv?: string | undefined;
+    authTag?: string | undefined;
+    aad?: string | undefined;
+}, {
+    mode?: "aes-cbc" | "aes-ctr" | "aes-ecb" | "aes-gcm" | undefined;
+    padding?: "Pkcs7" | "NoPadding" | "ZeroPadding" | undefined;
+    iv?: string | undefined;
+    authTag?: string | undefined;
+    aad?: string | undefined;
+}>;
+type EncryptionOptions = z.infer<typeof EncryptionOptionsSchema>;
+declare const ConfigSchema: z.ZodObject<{
+    minimumPasswordLength: z.ZodDefault<z.ZodNumber>;
+    requireNumbers: z.ZodDefault<z.ZodBoolean>;
+    requireSymbols: z.ZodDefault<z.ZodBoolean>;
+    requireUppercase: z.ZodDefault<z.ZodBoolean>;
+    requireLowercase: z.ZodDefault<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+    minimumPasswordLength: number;
+    requireNumbers: boolean;
+    requireSymbols: boolean;
+    requireUppercase: boolean;
+    requireLowercase: boolean;
+}, {
+    minimumPasswordLength?: number | undefined;
+    requireNumbers?: boolean | undefined;
+    requireSymbols?: boolean | undefined;
+    requireUppercase?: boolean | undefined;
+    requireLowercase?: boolean | undefined;
+}>;
+type Config = z.infer<typeof ConfigSchema>;
+/**
+ * Creates a hash of the input string using the specified algorithm
+ * @param input - The string to hash
+ * @param options - Hash options
+ * @returns The hashed string
+ */
+declare function hash(input: string, options?: Partial<HashOptions>): string;
+/**
+ * Verifies if an input matches a previously hashed value
+ * @param input - The plain text to verify
+ * @param hashedValue - The hashed value to compare against
+ * @param options - Hash options
+ * @returns True if the input matches the hash, false otherwise
+ */
+declare function verifyHash(input: string, hashedValue: string, options?: Partial<HashOptions>): boolean;
+/**
+ * Creates a HMAC (Hash-based Message Authentication Code) of the input
+ * @param input - The input message
+ * @param key - The secret key
+ * @param options - Hash options
+ * @returns The HMAC signature
+ */
+declare function hmac(input: string, key: string, options?: Partial<HashOptions>): string;
+/**
+ * Performs a secure password hashing using PBKDF2 (default), Argon2, or bcrypt simulation
+ * Note: This is a simplified implementation. For production, consider using a specialized library
+ * @param password - The password to hash
+ * @param options - Password hash options
+ * @returns An object containing the hash, salt, and parameters
+ */
+declare function hashPassword(password: string, options?: Partial<PasswordHashOptions>): {
+    hash: string;
+    salt: string;
+    params: PasswordHashOptions;
+};
+/**
+ * Verifies a password against a previously hashed password
+ * @param password - The password to verify
+ * @param hash - The previously generated hash
+ * @param salt - The salt used in the original hash
+ * @param options - Password hash options (must match those used in hashPassword)
+ * @returns True if the password matches, false otherwise
+ */
+declare function verifyPassword(password: string, hash: string, salt: string, options?: Partial<PasswordHashOptions>): boolean;
+/**
+ * Performs a constant-time comparison of two strings to prevent timing attacks
+ * @param a - First string to compare
+ * @param b - Second string to compare
+ * @param options - Timing safe comparison options
+ * @returns True if both strings are equal, false otherwise
+ */
+declare function timingSafeEqual(a: string, b: string, options?: Partial<TimingSafeOptions>): boolean;
+/**
+ * Generates a cryptographically secure random string
+ * @param length - The length of the random string in bytes
+ * @param encoding - The encoding to use for the output
+ * @returns A random string in the specified encoding
+ */
+declare function generateRandomBytes(length?: number, encoding?: 'hex' | 'base64'): string;
+/**
+ * A const enum for security levels, used for warnings
+ * @public
+ */
+declare enum SecurityLevel {
+    HIGH = "HIGH",
+    MEDIUM = "MEDIUM",
+    LOW = "LOW",
+    INSECURE = "INSECURE"
+}
+/**
+ * Returns the security level of the encryption options
+ * @param options - The encryption options
+ * @returns The security level
+ */
+declare function getSecurityLevel(options: EncryptionOptions): SecurityLevel;
+/**
+ * Encrypts the provided text using the specified encryption options
+ * @param text - The text to encrypt
+ * @param key - The encryption key
+ * @param options - Encryption options
+ * @returns The encrypted text
+ */
+declare function encrypt(text: string, key: string, options?: Partial<EncryptionOptions>): string;
+/**
+ * Decrypts the provided encrypted text using the specified options
+ * @param encryptedText - The text to decrypt
+ * @param key - The decryption key
+ * @param options - Encryption options
+ * @returns The decrypted text
+ */
+declare function decrypt(encryptedText: string, key: string, options?: Partial<EncryptionOptions>): string;
+/**
+ * Generates a random encryption key
+ * @param length - Length of the key in bytes
+ * @returns A random key as a hex string
+ */
+declare function generateKey(length?: number): string;
+/**
+ * Calculates the entropy of a password in bits
+ * @param password - The password to calculate entropy for
+ * @returns The entropy in bits
+ */
+declare function calculatePasswordEntropy(password: string): number;
+/**
+ * Analyzes patterns in the password that might reduce its effective entropy
+ * @param password - The password to analyze
+ * @returns The entropy reduction (0 to 1)
+ */
+declare function analyzePasswordPatterns(password: string): {
+    entropyReduction: number;
+    patterns: string[];
+};
+/**
+ * Checks the strength of a password using both rule-based criteria and entropy
+ * @param password - The password to check
+ * @param config - Password configuration options
+ * @returns A PasswordStrength object containing score and feedback
+ */
+declare function checkPasswordStrength(password: string, config?: Partial<Config>): PasswordStrength;
+/**
+ * Generates a secure random password based on configuration
+ * @param config - Password configuration options
+ * @returns A random secure password
+ */
+declare function generateSecurePassword(config?: Partial<Config>): string;
+export { type Config, ConfigSchema, type EncryptionOptions, EncryptionOptionsSchema, type HashOptions, HashOptionsSchema, type PasswordHashOptions, PasswordHashOptionsSchema, type PasswordStrength, PasswordStrengthSchema, SecurityLevel, type TimingSafeOptions, TimingSafeOptionsSchema, analyzePasswordPatterns, calculatePasswordEntropy, checkPasswordStrength, decrypt, encrypt, generateKey, generateRandomBytes, generateSecurePassword, getSecurityLevel, hash, hashPassword, hmac, timingSafeEqual, verifyHash, verifyPassword };

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,237 @@
+import { z } from 'zod';
+declare const PasswordStrengthSchema: z.ZodObject<{
+    score: z.ZodNumber;
+    feedback: z.ZodObject<{
+        warning: z.ZodOptional<z.ZodString>;
+        suggestions: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    }, "strip", z.ZodTypeAny, {
+        warning?: string | undefined;
+        suggestions?: string[] | undefined;
+    }, {
+        warning?: string | undefined;
+        suggestions?: string[] | undefined;
+    }>;
+    isStrong: z.ZodBoolean;
+}, "strip", z.ZodTypeAny, {
+    score: number;
+    feedback: {
+        warning?: string | undefined;
+        suggestions?: string[] | undefined;
+    };
+    isStrong: boolean;
+}, {
+    score: number;
+    feedback: {
+        warning?: string | undefined;
+        suggestions?: string[] | undefined;
+    };
+    isStrong: boolean;
+}>;
+type PasswordStrength = z.infer<typeof PasswordStrengthSchema>;
+declare const HashOptionsSchema: z.ZodObject<{
+    algorithm: z.ZodDefault<z.ZodEnum<["md5", "sha1", "sha256", "sha512", "sha3"]>>;
+    encoding: z.ZodDefault<z.ZodEnum<["hex", "base64"]>>;
+}, "strip", z.ZodTypeAny, {
+    algorithm: "md5" | "sha1" | "sha256" | "sha512" | "sha3";
+    encoding: "hex" | "base64";
+}, {
+    algorithm?: "md5" | "sha1" | "sha256" | "sha512" | "sha3" | undefined;
+    encoding?: "hex" | "base64" | undefined;
+}>;
+type HashOptions = z.infer<typeof HashOptionsSchema>;
+declare const PasswordHashOptionsSchema: z.ZodObject<{
+    algorithm: z.ZodDefault<z.ZodEnum<["pbkdf2", "argon2", "bcrypt"]>>;
+    iterations: z.ZodDefault<z.ZodNumber>;
+    saltLength: z.ZodDefault<z.ZodNumber>;
+    keyLength: z.ZodDefault<z.ZodNumber>;
+}, "strip", z.ZodTypeAny, {
+    algorithm: "pbkdf2" | "argon2" | "bcrypt";
+    iterations: number;
+    saltLength: number;
+    keyLength: number;
+}, {
+    algorithm?: "pbkdf2" | "argon2" | "bcrypt" | undefined;
+    iterations?: number | undefined;
+    saltLength?: number | undefined;
+    keyLength?: number | undefined;
+}>;
+type PasswordHashOptions = z.infer<typeof PasswordHashOptionsSchema>;
+declare const TimingSafeOptionsSchema: z.ZodObject<{
+    encoding: z.ZodDefault<z.ZodEnum<["utf8", "hex", "base64"]>>;
+}, "strip", z.ZodTypeAny, {
+    encoding: "hex" | "base64" | "utf8";
+}, {
+    encoding?: "hex" | "base64" | "utf8" | undefined;
+}>;
+type TimingSafeOptions = z.infer<typeof TimingSafeOptionsSchema>;
+declare const EncryptionOptionsSchema: z.ZodObject<{
+    mode: z.ZodDefault<z.ZodEnum<["aes-cbc", "aes-ctr", "aes-ecb", "aes-gcm"]>>;
+    padding: z.ZodDefault<z.ZodEnum<["Pkcs7", "NoPadding", "ZeroPadding"]>>;
+    iv: z.ZodOptional<z.ZodString>;
+    authTag: z.ZodOptional<z.ZodString>;
+    aad: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    mode: "aes-cbc" | "aes-ctr" | "aes-ecb" | "aes-gcm";
+    padding: "Pkcs7" | "NoPadding" | "ZeroPadding";
+    iv?: string | undefined;
+    authTag?: string | undefined;
+    aad?: string | undefined;
+}, {
+    mode?: "aes-cbc" | "aes-ctr" | "aes-ecb" | "aes-gcm" | undefined;
+    padding?: "Pkcs7" | "NoPadding" | "ZeroPadding" | undefined;
+    iv?: string | undefined;
+    authTag?: string | undefined;
+    aad?: string | undefined;
+}>;
+type EncryptionOptions = z.infer<typeof EncryptionOptionsSchema>;
+declare const ConfigSchema: z.ZodObject<{
+    minimumPasswordLength: z.ZodDefault<z.ZodNumber>;
+    requireNumbers: z.ZodDefault<z.ZodBoolean>;
+    requireSymbols: z.ZodDefault<z.ZodBoolean>;
+    requireUppercase: z.ZodDefault<z.ZodBoolean>;
+    requireLowercase: z.ZodDefault<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+    minimumPasswordLength: number;
+    requireNumbers: boolean;
+    requireSymbols: boolean;
+    requireUppercase: boolean;
+    requireLowercase: boolean;
+}, {
+    minimumPasswordLength?: number | undefined;
+    requireNumbers?: boolean | undefined;
+    requireSymbols?: boolean | undefined;
+    requireUppercase?: boolean | undefined;
+    requireLowercase?: boolean | undefined;
+}>;
+type Config = z.infer<typeof ConfigSchema>;
+/**
+ * Creates a hash of the input string using the specified algorithm
+ * @param input - The string to hash
+ * @param options - Hash options
+ * @returns The hashed string
+ */
+declare function hash(input: string, options?: Partial<HashOptions>): string;
+/**
+ * Verifies if an input matches a previously hashed value
+ * @param input - The plain text to verify
+ * @param hashedValue - The hashed value to compare against
+ * @param options - Hash options
+ * @returns True if the input matches the hash, false otherwise
+ */
+declare function verifyHash(input: string, hashedValue: string, options?: Partial<HashOptions>): boolean;
+/**
+ * Creates a HMAC (Hash-based Message Authentication Code) of the input
+ * @param input - The input message
+ * @param key - The secret key
+ * @param options - Hash options
+ * @returns The HMAC signature
+ */
+declare function hmac(input: string, key: string, options?: Partial<HashOptions>): string;
+/**
+ * Performs a secure password hashing using PBKDF2 (default), Argon2, or bcrypt simulation
+ * Note: This is a simplified implementation. For production, consider using a specialized library
+ * @param password - The password to hash
+ * @param options - Password hash options
+ * @returns An object containing the hash, salt, and parameters
+ */
+declare function hashPassword(password: string, options?: Partial<PasswordHashOptions>): {
+    hash: string;
+    salt: string;
+    params: PasswordHashOptions;
+};
+/**
+ * Verifies a password against a previously hashed password
+ * @param password - The password to verify
+ * @param hash - The previously generated hash
+ * @param salt - The salt used in the original hash
+ * @param options - Password hash options (must match those used in hashPassword)
+ * @returns True if the password matches, false otherwise
+ */
+declare function verifyPassword(password: string, hash: string, salt: string, options?: Partial<PasswordHashOptions>): boolean;
+/**
+ * Performs a constant-time comparison of two strings to prevent timing attacks
+ * @param a - First string to compare
+ * @param b - Second string to compare
+ * @param options - Timing safe comparison options
+ * @returns True if both strings are equal, false otherwise
+ */
+declare function timingSafeEqual(a: string, b: string, options?: Partial<TimingSafeOptions>): boolean;
+/**
+ * Generates a cryptographically secure random string
+ * @param length - The length of the random string in bytes
+ * @param encoding - The encoding to use for the output
+ * @returns A random string in the specified encoding
+ */
+declare function generateRandomBytes(length?: number, encoding?: 'hex' | 'base64'): string;
+/**
+ * A const enum for security levels, used for warnings
+ * @public
+ */
+declare enum SecurityLevel {
+    HIGH = "HIGH",
+    MEDIUM = "MEDIUM",
+    LOW = "LOW",
+    INSECURE = "INSECURE"
+}
+/**
+ * Returns the security level of the encryption options
+ * @param options - The encryption options
+ * @returns The security level
+ */
+declare function getSecurityLevel(options: EncryptionOptions): SecurityLevel;
+/**
+ * Encrypts the provided text using the specified encryption options
+ * @param text - The text to encrypt
+ * @param key - The encryption key
+ * @param options - Encryption options
+ * @returns The encrypted text
+ */
+declare function encrypt(text: string, key: string, options?: Partial<EncryptionOptions>): string;
+/**
+ * Decrypts the provided encrypted text using the specified options
+ * @param encryptedText - The text to decrypt
+ * @param key - The decryption key
+ * @param options - Encryption options
+ * @returns The decrypted text
+ */
+declare function decrypt(encryptedText: string, key: string, options?: Partial<EncryptionOptions>): string;
+/**
+ * Generates a random encryption key
+ * @param length - Length of the key in bytes
+ * @returns A random key as a hex string
+ */
+declare function generateKey(length?: number): string;
+/**
+ * Calculates the entropy of a password in bits
+ * @param password - The password to calculate entropy for
+ * @returns The entropy in bits
+ */
+declare function calculatePasswordEntropy(password: string): number;
+/**
+ * Analyzes patterns in the password that might reduce its effective entropy
+ * @param password - The password to analyze
+ * @returns The entropy reduction (0 to 1)
+ */
+declare function analyzePasswordPatterns(password: string): {
+    entropyReduction: number;
+    patterns: string[];
+};
+/**
+ * Checks the strength of a password using both rule-based criteria and entropy
+ * @param password - The password to check
+ * @param config - Password configuration options
+ * @returns A PasswordStrength object containing score and feedback
+ */
+declare function checkPasswordStrength(password: string, config?: Partial<Config>): PasswordStrength;
+/**
+ * Generates a secure random password based on configuration
+ * @param config - Password configuration options
+ * @returns A random secure password
+ */
+declare function generateSecurePassword(config?: Partial<Config>): string;
+export { type Config, ConfigSchema, type EncryptionOptions, EncryptionOptionsSchema, type HashOptions, HashOptionsSchema, type PasswordHashOptions, PasswordHashOptionsSchema, type PasswordStrength, PasswordStrengthSchema, SecurityLevel, type TimingSafeOptions, TimingSafeOptionsSchema, analyzePasswordPatterns, calculatePasswordEntropy, checkPasswordStrength, decrypt, encrypt, generateKey, generateRandomBytes, generateSecurePassword, getSecurityLevel, hash, hashPassword, hmac, timingSafeEqual, verifyHash, verifyPassword };