{"id":16759543,"url":"https://github.com/cyrildever/crumbl-js","last_synced_at":"2025-08-26T16:27:03.217Z","repository":{"id":42685992,"uuid":"226352696","full_name":"cyrildever/crumbl-js","owner":"cyrildever","description":"Secure data storage with trusted third-parties to use in Javascript environment","archived":false,"fork":false,"pushed_at":"2025-02-15T17:19:37.000Z","size":1817,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-08-18T12:03:04.485Z","etag":null,"topics":["cryptography","data-masking","javascript-library","signing-trusted","storage-api","typescript-library"],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cyrildever.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-12-06T15:00:47.000Z","updated_at":"2025-02-15T17:19:41.000Z","dependencies_parsed_at":"2024-09-12T17:28:49.375Z","dependency_job_id":"ccacb4e5-fa0a-4380-a398-8a0e1b3aaf69","html_url":"https://github.com/cyrildever/crumbl-js","commit_stats":{"total_commits":128,"total_committers":4,"mean_commits":32.0,"dds":0.2109375,"last_synced_commit":"0d1ac1f7ae1eb4db8d5c154f0a544696b8ed7b7e"},"previous_names":["edgewhere/crumbl-js"],"tags_count":60,"template":false,"template_full_name":null,"purl":"pkg:github/cyrildever/crumbl-js","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyrildever%2Fcrumbl-js","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyrildever%2Fcrumbl-js/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyrildever%2Fcrumbl-js/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyrildever%2Fcrumbl-js/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cyrildever","download_url":"https://codeload.github.com/cyrildever/crumbl-js/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyrildever%2Fcrumbl-js/sbom","scorecard":{"id":314648,"data":{"date":"2025-08-11","repo":{"name":"github.com/cyrildever/crumbl-js","commit":"50bc1b69e045bd8047b637dff2ae744023ebfd32"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.5,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":6,"reason":"4 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-xffm-g5w8-qvg7","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6","Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T23:56:16.910Z","repository_id":42685992,"created_at":"2025-08-17T23:56:16.910Z","updated_at":"2025-08-17T23:56:16.910Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":272236886,"owners_count":24897498,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-26T02:00:07.904Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","data-masking","javascript-library","signing-trusted","storage-api","typescript-library"],"created_at":"2024-10-13T04:08:24.021Z","updated_at":"2025-08-26T16:27:03.145Z","avatar_url":"https://github.com/cyrildever.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# crumbl-js\n\n![GitHub tag (latest by date)](https://img.shields.io/github/v/tag/cyrildever/crumbl-js)\n![npm](https://img.shields.io/npm/dw/crumbl-js)\n![GitHub last commit](https://img.shields.io/github/last-commit/cyrildever/crumbl-js)\n![GitHub issues](https://img.shields.io/github/issues/cyrildever/crumbl-js)\n![NPM](https://img.shields.io/npm/l/crumbl-js)\n\ncrumbl-js is a JavaScript client developed in TypeScript for generating secure data storage with trusted signing third-parties using the Crumbl\u0026trade; technology patented by Cyril Dever for [Edgewhere](https://www.edgewhere.fr).\n\nIf you're interesting in using the library, please [contact Edgewhere](mailto:contact@edgewhere.fr).\n\n\n### Formal description\n\nFor details on the mathematical and protocol foundations, you might want to check out our [white paper](https://github.com/cyrildever/crumbl-js/blob/master/crumbl_whitepaper.pdf).\n\n\n### Process\n\nThe whole process could be divided into two major steps:\n* create the _crumbl_ from a source data;\n* extract the data out of a _crumbl_.\n\nThe first step involves at least two stakeholders, but preferably four for optimal security and sustainability:\n* at least one \"owner\" of the data, ie. the stakeholder that needs to securely store it;\n* three signing trusted third-parties who shall remain unaware of the data.\n\n1. Creation\n\n    To create the _crumbl_, one would need the data and the public keys of all the stakeholders, as well as the encryption algorithm used by them.\n    Currently, two encryption algorithms are allowed by the system: ECIES and RSA.\n\n    Once created, the _crumbl_ could be stored by anyone: any stakeholder or any outsourced data storage system. \n    The technology guarantees that the _crumbl_ can't be deciphered without the presence of the signing stakeholders, the number of needed stakeholders depending on how many originally signed it, but a data owner must at least be present. In fact, only a data owner will be able to fully recover the original data from the _crumbl_.\n\n2. Extraction\n\n    To extract the data from a _crumbl_ is a multi-step process:\n    * First, the data owner should ask the signing trusted third-parties to decipher the parts (the \"crumbs\") they signed;\n    * Each signing trusted third-party should use their own keypair (private and public keys) along with the _crumbl_, and then return the result (the \"partial uncrumbs\") to the data owner;\n    * After, collecting all the partial uncrumbs, the data owner should inject them in the system along with the _crumbl_ and his own keypair to get the fully-deciphered data.\n\n\nAll these steps could be done building an integrated app utilizing the [TypeScript library](#typescript-library) server-side, or the [JavaScript library](#javascript-library) in the browser.\n\n\n### Usage\n\n#### JavaScript library\n\n```console\nnpm i crumbl-js\n```\n\nThe code below should display a new crumbl from the passed credential strings of the stakeholders:\n```javascript\nimport { BrowserWorker, CREATION, ECIES_ALGORITHM, hash } from 'crumbl-js'\n\nfunction main(owner_pubkey, trustee1_pubkey, trustee2_pubkey) {\n  const source = document.getElementById('source').innerHTML;\n  hash(source).then(hashedSource =\u003e {\n    // Feed with the signers' credentials\n    const owner = {\n        encryptionAlgorithm: ECIES_ALGORITHM,\n        publicKey: Buffer.from(owner_pubkey, 'hex') // ECIES hexadecimal string representation of the decompressed public key\n    };\n    const trustee1 = {\n        encryptionAlgorithm: ECIES_ALGORITHM,\n        publicKey: Buffer.from(trustee1_pubkey, 'hex')\n    };\n    const trustee2 = {\n        encryptionAlgorithm: ECIES_ALGORITHM,\n        publicKey: Buffer.from(trustee2_pubkey, 'hex')\n    };\n\n    const workerCreator = new BrowserWorker({\n        mode: CREATION,\n        data: [source],\n        verificationHash: hashedSource,\n        htmlElement: document.getElementById('crumbled')\n    });\n    workerCreator.create([owner], [trustee1, trustee2]).then(crumbled =\u003e {\n        // At this point, the crumbled value would have been assigned to the passed HTML element.\n        // But you may want to do something else with it here.\n        console.log(crumbled);\n    }):\n  });\n}\n```\n\nFollowing the above situation, using the crumbled data and two \"partial uncrumbs\" gathered from the trusted signing third-parties, the code below shows how to recover the original source data as a data owner:\n```javascript\nconst workerExtractor = new BrowserWorker({\n    mode: EXTRACTION,\n    data: [crumbled, partialUncrumb1, partialUncrumb2],\n    verificationHash: '580fb8a91f05833200dea7d33536aaec9d7ceb256a9858ee68e330e126ba409d',\n});\nworkerExtractor.extract(owner, true).then(result =\u003e {\n  console.assert(result === source, 'Something wrong happened: are you sure you used the right items?');\n});\n```\n\nIf the extracting stakeholder is not the data owner, the result would be a \"partial uncrumb\" to give to the data owner for processing the complete operation.\nFor maximum security and sustainability, we recommend the involvement of at least three trusted signing third-parties in the process in addition to the data owner. Please [contact us](mailto:contact@edgewhere.fr) for a complete implementation.\n\n##### Dependencies\n\nThis library relies on the following dependencies:\n* [`ecies-geth`](https://www.npmjs.com/package/ecies-geth) and [`feistel-cipher`](https://www.npmjs.com/package/feistel-cipher) provided by Cyril Dever for Edgewhere;\n* [`buffer-xor`](https://www.npmjs.com/package/buffer-xor);\n* [`seedrandom.js`](https://www.npmjs.com/package/seedrandom).\n\nBesides, to run the tests, you would need to install [`live-server`](https://www.npmjs.com/package/live-server):\n```console\nnpm i -g live-server\n```\n\n\n#### Go Library\n\nYou might want to check out the Go implementation for the Crumbl\u0026trade;: [`crumbl-exe`](https://github.com/cyrildever/crumbl-exe), an executable and a Go client for generating secure data storage with trusted signing third-parties using the Crumbl\u0026trade; technology patented by Cyril Dever for Edgewhere.\n\n\n#### Scala Library\n\nYou might also want to check out the Scala implementation for the Crumbl\u0026trade;: [`crumbl-jar`](https://github.com/cyrildever/crumbl-jar), a Scala client for the JVM and an executable JAR as well.\n\n\n### License\n\nThe use of the Crumbl\u0026trade; library is subject to fees for commercial purposes and to the respect of the [BSD-2-Clause-Patent License](LICENSE).\nAll technologies are protected by patents owned by Edgewhere SAS. \\\nPlease [contact Edgewhere](mailto:contact@edgewhere.fr) to get further information.\n\n\n\u003chr /\u003e\n\u0026copy; 2019-2025 Cyril Dever. All rights reserved.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyrildever%2Fcrumbl-js","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcyrildever%2Fcrumbl-js","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyrildever%2Fcrumbl-js/lists"}