cdn
leviathan-crypto is published to npm and mirrored on unpkg. All WasmSource types work directly from the CDN with no install or bundler required.
Important
Version pinning. The CDN examples below use unversioned URLs, which unpkg resolves to the latest published release. This is convenient for development and quick experimentation. For production, pin to a specific version (e.g. @2.1.0) so a future release can't change behaviour without warning. The SRI example below pins explicitly because the integrity hash is bytes-specific, never combine SRI with @latest or an unversioned URL.
Import the embedded blobs alongside the main library. WASM is baked into the JS as gzip+base64, so there are no extra network requests beyond the module files themselves.
<script type="module">
import { init, Seal, SerpentCipher } from 'https://unpkg.com/leviathan-crypto/dist/index.js'
import { serpentWasm } from 'https://unpkg.com/leviathan-crypto/dist/serpent/embedded.js'
import { sha2Wasm } from 'https://unpkg.com/leviathan-crypto/dist/sha2/embedded.js'
await init({ serpent: serpentWasm, sha2: sha2Wasm })
const key = SerpentCipher.keygen()
const blob = Seal.encrypt(SerpentCipher, key, new TextEncoder().encode('hello from the browser'))
const decrypted = Seal.decrypt(SerpentCipher, key, blob)
console.log(new TextDecoder().decode(decrypted))
</script>Subpath imports also work with full URLs:
<script type="module">
import { serpentInit, SerpentCipher } from 'https://unpkg.com/leviathan-crypto/dist/serpent/index.js'
import { serpentWasm } from 'https://unpkg.com/leviathan-crypto/dist/serpent/embedded.js'
await serpentInit(serpentWasm)
// ...
</script>Pass a URL pointing at the .wasm file on the CDN. The browser uses
WebAssembly.compileStreaming to compile the binary while it downloads.
<script type="module">
import { init, SHA256 } from 'https://unpkg.com/leviathan-crypto/dist/index.js'
await init({
sha2: new URL('https://unpkg.com/leviathan-crypto/dist/sha2.wasm')
})
const sha = new SHA256()
const digest = sha.hash(new TextEncoder().encode('hello'))
console.log(digest)
sha.dispose()
</script>The server must respond with Content-Type: application/wasm.
WASM filenames by module:
| Module | File |
|---|---|
serpent |
serpent.wasm |
chacha20 |
chacha20.wasm |
aes |
aes.wasm |
sha2 |
sha2.wasm |
sha3 |
sha3.wasm |
mlkem |
mlkem.wasm |
blake3 |
blake3.wasm |
mldsa |
mldsa.wasm |
slhdsa |
slhdsa.wasm |
curve25519 |
curve25519.wasm |
p256 |
p256.wasm |
Note
keccak is an alias for sha3 and resolves to sha3.wasm. ed25519 and x25519 are aliases for curve25519 and both resolve to curve25519.wasm. ecdsa is the subpath alias for the p256 module and resolves to p256.wasm.
Fetch the WASM binary yourself and pass the ArrayBuffer directly. Useful when
you want to cache the binary, load from a custom endpoint, or verify integrity
before instantiation.
<script type="module">
import { init, Seal, XChaCha20Cipher } from 'https://unpkg.com/leviathan-crypto@2.1.0/dist/index.js'
import { sha2Wasm } from 'https://unpkg.com/leviathan-crypto@2.1.0/dist/sha2/embedded.js'
const res = await fetch('https://unpkg.com/leviathan-crypto@2.1.0/dist/chacha20.wasm', {
// SRI requires version + hash to be paired, both update together.
integrity: 'sha384-...'
})
const binary = new Uint8Array(await res.arrayBuffer())
await init({ chacha20: binary, sha2: sha2Wasm })
const key = XChaCha20Cipher.keygen()
const blob = Seal.encrypt(XChaCha20Cipher, key, new TextEncoder().encode('manual mode'))
const plaintext = Seal.decrypt(XChaCha20Cipher, key, blob)
console.log(new TextDecoder().decode(plaintext))
</script>Tip
The integrity option is standard SRI (Subresource Integrity).
The browser verifies the hash before resolving the response, and throws a network error if it doesn't match.
Browsers don't read package.json exports, so bare specifiers like
import { init } from 'leviathan-crypto' don't work without an import map.
If you want the same import style as the npm docs, add one before your module scripts:
<script type="importmap">
{
"imports": {
"leviathan-crypto": "https://unpkg.com/leviathan-crypto/dist/index.js",
"leviathan-crypto/serpent": "https://unpkg.com/leviathan-crypto/dist/serpent/index.js",
"leviathan-crypto/serpent/embedded": "https://unpkg.com/leviathan-crypto/dist/serpent/embedded.js",
"leviathan-crypto/chacha20": "https://unpkg.com/leviathan-crypto/dist/chacha20/index.js",
"leviathan-crypto/chacha20/embedded": "https://unpkg.com/leviathan-crypto/dist/chacha20/embedded.js",
"leviathan-crypto/aes": "https://unpkg.com/leviathan-crypto/dist/aes/index.js",
"leviathan-crypto/aes/embedded": "https://unpkg.com/leviathan-crypto/dist/aes/embedded.js",
"leviathan-crypto/sha2": "https://unpkg.com/leviathan-crypto/dist/sha2/index.js",
"leviathan-crypto/sha2/embedded": "https://unpkg.com/leviathan-crypto/dist/sha2/embedded.js",
"leviathan-crypto/sha3": "https://unpkg.com/leviathan-crypto/dist/sha3/index.js",
"leviathan-crypto/sha3/embedded": "https://unpkg.com/leviathan-crypto/dist/sha3/embedded.js",
"leviathan-crypto/keccak": "https://unpkg.com/leviathan-crypto/dist/keccak/index.js",
"leviathan-crypto/keccak/embedded": "https://unpkg.com/leviathan-crypto/dist/keccak/embedded.js",
"leviathan-crypto/mlkem": "https://unpkg.com/leviathan-crypto/dist/mlkem/index.js",
"leviathan-crypto/mlkem/embedded": "https://unpkg.com/leviathan-crypto/dist/mlkem/embedded.js",
"leviathan-crypto/blake3": "https://unpkg.com/leviathan-crypto/dist/blake3/index.js",
"leviathan-crypto/blake3/embedded": "https://unpkg.com/leviathan-crypto/dist/blake3/embedded.js",
"leviathan-crypto/mldsa": "https://unpkg.com/leviathan-crypto/dist/mldsa/index.js",
"leviathan-crypto/mldsa/embedded": "https://unpkg.com/leviathan-crypto/dist/mldsa/embedded.js",
"leviathan-crypto/slhdsa": "https://unpkg.com/leviathan-crypto/dist/slhdsa/index.js",
"leviathan-crypto/slhdsa/embedded": "https://unpkg.com/leviathan-crypto/dist/slhdsa/embedded.js",
"leviathan-crypto/ed25519": "https://unpkg.com/leviathan-crypto/dist/ed25519/index.js",
"leviathan-crypto/ed25519/embedded": "https://unpkg.com/leviathan-crypto/dist/ed25519/embedded.js",
"leviathan-crypto/x25519": "https://unpkg.com/leviathan-crypto/dist/x25519/index.js",
"leviathan-crypto/x25519/embedded": "https://unpkg.com/leviathan-crypto/dist/x25519/embedded.js",
"leviathan-crypto/ecdsa": "https://unpkg.com/leviathan-crypto/dist/ecdsa/index.js",
"leviathan-crypto/ecdsa/embedded": "https://unpkg.com/leviathan-crypto/dist/ecdsa/embedded.js",
"leviathan-crypto/sign": "https://unpkg.com/leviathan-crypto/dist/sign/index.js",
"leviathan-crypto/stream": "https://unpkg.com/leviathan-crypto/dist/stream/index.js",
"leviathan-crypto/ratchet": "https://unpkg.com/leviathan-crypto/dist/ratchet/index.js",
"leviathan-crypto/merkle": "https://unpkg.com/leviathan-crypto/dist/merkle/index.js"
}
}
</script>
<script type="module">
import { init, Seal, SerpentCipher } from 'leviathan-crypto'
import { serpentWasm } from 'leviathan-crypto/serpent/embedded'
import { sha2Wasm } from 'leviathan-crypto/sha2/embedded'
// identical to the npm usage docs from here
</script>Important
The import map must appear before any <script type="module"> that uses bare
specifiers. Import maps are supported in all modern browsers
(Chrome 89+, Firefox 108+, Safari 16.4+).
| Document | Description |
|---|---|
| index | Project Documentation index |
| architecture | Repository structure, build and CI, WASM modules, public API, test suite, and security posture |
| lexicon | Glossary of cryptographic terms |
| examples | Code examples for every primitive |
- Sign Tools
-
SignatureSuite
- format-byte catalog, hybrid composite encodings, custom suite contract
- Serpent-256 TypeScript | WASM
-
Serpent,SerpentCtr,SerpentCbc,SerpentGenerator
-
- ChaCha20 TypeScript | WASM
-
ChaCha20,Poly1305,ChaCha20Poly1305,XChaCha20Poly1305,ChaCha20Generator
-
- AES TypeScript | WASM
-
AES,AESCbc,AESCtr,AESGCM,AESGCMSIV,AESGenerator
-
- ML-DSA TypeScript | WASM
- pure (FIPS 204):
MlDsa44,MlDsa65,MlDsa87 - pure-mode suites:
MlDsa44Suite,MlDsa65Suite,MlDsa87Suite - prehash suites:
MlDsa44PreHashSuite,MlDsa65PreHashSuite,MlDsa87PreHashSuite
- pure (FIPS 204):
- SLH-DSA TypeScript | WASM
- pure (FIPS 205):
SlhDsa128f,SlhDsa192f,SlhDsa256f - pure-mode suites:
SlhDsa128fSuite,SlhDsa192fSuite,SlhDsa256fSuite - prehash suites:
SlhDsa128fPreHashSuite,SlhDsa192fPreHashSuite,SlhDsa256fPreHashSuite
- pure (FIPS 205):
- Ed25519 TypeScript | WASM
-
Ed25519(pure + Ed25519ph),Ed25519Suite,Ed25519PreHashSuite
-
- ECDSA-P256 TypeScript | WASM
-
EcdsaP256(hedged + RFC 6979),EcdsaP256Suite - DER codec:
ecdsaSignatureToDer,ecdsaSignatureFromDer,encodeEcPrivateKey,decodeEcPrivateKey,pointDecompress
-
- Hybrid composites PQ-only | Classical+PQ
- PQ-only:
MlDsa44SlhDsa128fSuite,MlDsa65SlhDsa192fSuite,MlDsa87SlhDsa256fSuite - Classical+PQ:
MlDsa44Ed25519Suite,MlDsa65Ed25519Suite,MlDsa44EcdsaP256Suite,MlDsa65EcdsaP256Suite
- PQ-only:
- X25519 TypeScript | WASM
-
X25519,KeyAgreementError(RFC 7748)
-
- ML-KEM TypeScript | WASM
-
MlKem512,MlKem768,MlKem1024
-
-
Ratchet (SPQR)
-
KDFChain,ratchetInit,kemRatchetEncap,kemRatchetDecap,RatchetKeypair,SkippedKeyStore
-
- Hashing overview
- SHA-2 TypeScript | WASM
-
SHA256,SHA384,SHA512,SHA224,SHA512_224,SHA512_256 -
HMAC_SHA256,HMAC_SHA384,HMAC_SHA512,HKDF_SHA256,HKDF_SHA512
-
- SHA-3 TypeScript | WASM
-
SHA3_224,SHA3_256,SHA3_384,SHA3_512,SHAKE128,SHAKE256
-
- BLAKE3 TypeScript | WASM
-
BLAKE3,BLAKE3Stream,BLAKE3KeyedHash,BLAKE3KeyedHashStream -
BLAKE3DeriveKey,BLAKE3DeriveKeyStream,BLAKE3OutputReader,BLAKE3Hash
-
-
KMAC
-
CSHAKE128,CSHAKE256,KMAC128,KMAC256,KMACXOF128,KMACXOF256
-
-
Merkle
-
MerkleVerifier,MerkleLog -
SignedLog,Sha256Tree,Blake3Tree,MemoryStorage
-
-
Fortuna CSPRNG
-
Fortuna,SerpentGenerator,ChaCha20Generator,AESGenerator,SHA256Hash,SHA3_256Hash,BLAKE3Hash
-
- Utils TypeScript | WASM
-
constantTimeEqual,randomBytes,wipe, encoding helpers
-
-
TypeScript interfaces
-
Hash,KeyedHash,Blockcipher,Streamcipher,AEAD,Generator,HashFn
-