v2.0.0 - TypeScript rewrite, native `node:crypto` fast paths, security audit fixes

Full TypeScript rewrite of v1 with the same public API. The node bundle now routes RSA primitives through node:crypto whenever possible; the browser bundle defaults to native BigInt.

See CHANGELOG.md for the full list and MIGRATION.md for upgrade guidance.

Highlights

Performance

• Keygen via crypto.generateKeyPairSync — 2048-bit drops from ~2.3 s to ~50 ms (~45× faster).
• PKCS#1 v1.5 / PSS sign+verify via crypto.sign/crypto.verify — PSS-SHA256 sign on 2048-bit drops from ~17 ms to sub-millisecond.
• Browser bundle uses native BigInt — ~4–5× faster than jsbn on PSS sign/verify. Falls back to jsbn on pre-2020 runtimes.

Security fixes (no API change)

• Constant-time OAEP decode (closes Manger padding-oracle), PKCS#1 v1.5 decode (Bleichenbacher/ROBOT), and PSS verify.
• Private-key operations are blinded (Kocher / Brumley-Boneh defence).
• Miller-Rabin uses CSPRNG witnesses with FIPS 186-4 round counts (was Math.random() over a fixed 168-element table).
• Imported private keys are CRT-consistency-checked — closes a Boneh-DeMillo-Lipton fault-injection vector.
• Hardened PKCS#8 / OpenSSH parsers; public-exponent and RSA-primitive bounds checks per RFC 8017.
• generate(B) refuses B < 512 and warns below 2048; Fermat-distance defence on |p − q|.

Breaking changes

• Min Node.js is now 20.
• ESM-first with dual ESM/CJS via package.json#exports.
• Browser default return type is Uint8Array (was a Buffer polyfill); Node still returns Buffer.
• Browser bundle has zero Node-builtin imports — no Buffer/crypto shims, CI-enforced.
• Default signing scheme switched from pkcs1 to pss (RFC 8017 / NIST best practice). Pass signingScheme: 'pkcs1' to keep v1 behaviour. Bare sha256 shorthand now resolves to pss-sha256.
• MD4 is Node-only and provider-gated (OpenSSL 3 no longer loads the legacy provider by default).
• Native PKCS#1 v1.5 privateDecrypt falls back to JS engine on modern Node (security-deprecated upstream); plaintext is byte-identical.
• Custom MGF for PSS throws on the node bundle — node:crypto only supports MGF1 with hash equal to signing hash.
• setOptions({environment}) is a deprecated no-op (still forces JS engine when set to 'browser').
• asn1 npm dependency removed — replaced by an in-tree ~150-line DER reader/writer; byte-identical output.

Added

• TypeScript types for every public surface.
• @noble/hashes runtime dependency (~6 KB gzipped, audited).
• CI-enforced bundle size budget: browser <100 KB raw / <30 KB gzipped; node <120 KB raw / <35 KB gzipped.

Internal

• Modern tooling: tsup, vitest, biome, strict TypeScript.
• 1006 test cases across 27 files; the v1 mocha suite (61 it() blocks) is ported verbatim and runs in both node and browser-emulated vitest projects.

v2.0.0-rc.0

v2.0.0-rc.0 — TypeScript rewrite (first pre-release)

First pre-release of the v2 line. Full rewrite of the v1 library in
TypeScript with the same public API, native node:crypto fast paths on
Node, and a native-BigInt path for modern browsers.

See CHANGELOG.md and MIGRATION.md for the full behaviour-change summary.

1.1.1 OpenSSH key format

readme fix & version bump

1.0.5: fix .npmignore

es5 compatible

1.0.3

Using semver now 🎉

• Breaking change: Drop support nodejs < 8.11.1
• Possible breaking change: new Buffer() call as deprecated was replaced by Buffer.from & Buffer.alloc.
• Possible breaking change: Drop support for hash scheme sha (was removed in node ~10). sha1, sha256 and others still works.
• Possible breaking change: Little change in environment detect algorithm.
• importKey() now returns this
• no padding scheme will padded data with zeros on all environments

0.3.0

• Added import/export from/to raw key components.
• Removed lodash from dependencies.

0.2.30

Fixed a issue when the key was generated by 1 bit smaller than specified.

0.2.24

Webpack compatible

Native encrypt methods

0.2.22

update readme

Some fixes

0.2.13

fix "for in"