@wovin/crypto — Greenflagged

A secure, isomorphic TypeScript library providing cryptographic primitives (AES, ECDH, Ed25519) and mnemonic-based key derivation. Implements PBKDF2-HMAC-SHA512 for key stretching and supports multiple key derivation paths (ECDH, EdDSA, HKDF).

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

tennoxgotjoshua

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:iso-signatures	AI (dependencies): Pinned version used in a crypto utility package; no malware indicators; stable dependency pattern for this package.	ai	2026/05/27
dependencies	unvetted-dep:besonders-logger	AI (dependencies): Logging utility dependency; pinned version, no install scripts or malware indicators; stable for this package.	ai	2026/05/27
phantom-deps	phantom-dep:iso-base	AI (phantom-deps): Referenced in config files; bundled output may consume it indirectly.	ai	2026/04/28
phantom-deps	phantom-dep:@noble/hashes	AI (phantom-deps): Crypto utility likely consumed transitively or via bundled output.	ai	2026/04/28
typosquat	typosquat.levenshtein:bcrypt	AI (typosquat): Scoped @wovin org package; Levenshtein match to bcrypt is coincidental, not impersonation.	ai	2026/04/28
phantom-deps	phantom-dep:@stablelib/ed25519	AI (phantom-deps): Ed25519 dep likely consumed in bundled output for the ./ed25519 export.	ai	2026/04/28
phantom-deps	phantom-dep:besonders-logger	AI (phantom-deps): Logger referenced in config; may be conditionally imported.	ai	2026/04/28
phantom-deps	phantom-dep:@wovin/core	AI (phantom-deps): Same org scope; phantom-dep heuristic unreliable for monorepo sibling packages.	ai	2026/04/28

Versions (showing 7 of 7)

Version	Deps	Published
0.1.36	8 / 5	2026-04-26
0.1.24	8 / 5	2026-03-30
0.1.23	8 / 5	2026-03-28
0.1.22	8 / 5	2026-03-28
0.1.21	8 / 5	2026-03-28
0.1.20	8 / 5	2026-03-21
0.1.19	8 / 5	2026-03-21