Description
secStore is simple wrapper to handle client storage mechanisms within the browser.
It is named secStore.js because not only will this plug-in assist you in transparent storage & retrieval of client data, but it will optionally provide a layer of security for said data with the use of the SJCL (Stanford Javascript Crypto Libraries).
Requirements:
SJCL libraries (optional - https://github.com/bitwiseshiftleft/sjcl)
Features:
HTML5 localStorage support
HTML5 sessionStorage support
Cookie support
AES encryption support
Quota support (4K for cookies and 5MB for HTML5 mechanisms)
secStore.js alternatives and similar libraries
Based on the "Storage" category.
Alternatively, view secStore.js alternatives based on common mentions on social networks and blogs.
-
localForage
๐พ Offline storage, improved. Wraps IndexedDB, WebSQL, or localStorage using a simple but powerful API. -
js-cookie
A simple, lightweight JavaScript API for handling browser cookies -
jquery-cookie
A simple, lightweight jQuery plugin for reading, writing and deleting cookies. -
store.js
Cross-browser storage for all use cases, used across the web. -
NeDB
The JavaScript Database, for Node.js, nw.js, electron and the browser -
WatermelonDB
๐ Reactive & asynchronous database for powerful React and React Native apps โก๏ธ -
Lovefield
Lovefield is a relational database for web apps. Written in JavaScript, works cross-browser. Provides SQL-like APIs that are fast, safe, and easy to use. -
basket.js
A script and resource loader for caching & loading files with localStorage -
cookies.js
๐ซ Tastier cookies, local, session, and db storage in a tiny package. Includes subscribe() events for changes. -
jStorage
jStorage is a simple key/value database to store data on browser side -
DB.js
db.js is a wrapper for IndexedDB to make it easier to work against -
awesome-web-storage
:sunglasses: Everything you need to know about Client-side Storage. -
Hadmean
Generate powerful admin apps in seconds with just `npx hadmean`. Stop building and maintaining admin apps that you can auto-generate. -
datavore
A small, fast, in-browser database engine written in JavaScript. -
crumbsjs
A lightweight vanilla ES6 cookies and local storage JavaScript library -
proxy-web-storage
Keep the type of storage value unchanged and change array and object directly. Supports listening to the changes and setting expires. -
JSON ODM
A JSON ODM (object document mapper) for JavaScript to use on the server or in the browser.
Appwrite - The Open Source Firebase alternative introduces iOS support
* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest.
Do you think we are missing an alternative of secStore.js or a related project?
README
crypt.io 
crypt.io implements secures browser storage with the SJCL (Stanford Javascript Crypto Libraries) crypto library.
Options:
- passphrase:
{String}
User supplied passphrase - storage:
{String}
Storage engine to use; local, session or cookies
Examples:
Here are a few examples of use to get you started.
Default use
Saving data...
var storage = cryptio
, inventory = [{
"SKU": "39-48949",
"Price": 618,
"Item": "Snowboard"
}, {
"SKU": "99-28128",
"Price": 78.99,
"Item": "Cleats"
}, {
"SKU": "83-38285",
"Price": 3.99,
"Item": "Hockey Puck"
}];
storage.set('inventory', inventory, function(err, results){
if (err) throw err;
console.log(results);
});
Retrieving data...
var storage = cryptio;
storage.get('inventory', function(err, results){
if (err) throw err;
console.log(results);
});
Storage option
Want to use a different storage engine like the HTML5 sessionStorage feature?
var options = {
storage: 'session',
};
Or some depreciated cookies? This is the least tested option
var options = {
storage: 'cookies',
};
Extra security
While providing a transparent method of encryption for objects within the client prevents the need for user interaction, in terms of security in the event of a same-origin, dom rebinding attack coupled with a man- in-the-middle scenario or a malicious browser add-on it would be more secure to prompt the user for his/her passphrase.
Here is an example of user input for the passphrase.
var pass = window.prompt("Please enter password...", "a custom password");
var options = {
passphrase: pass
};
storage.set(options, 'inventory', inventory, function(err, results){
if (err) throw err;
console.log(results);
});
storage.get(options, 'inventory', function(err, results){
if (err) throw err;
console.log(results);
});
For the paranoid
Here is a robust example of saving & retrieving data implementing a user defined password based on their input while also using key stretching techniques to further enhance the security of the key used as well as using a tempoary storage option such as sessionStorage for the current authenticated session.
Saving data (please keep in mind that a static value for the salt is not recommended)
var pass = window.prompt("Enter password to protect saved data", "");
var options = {
passphrase: sjcl.codec.base64.fromBits(sjcl.hash.sha256.hash(sjcl.misc.pbkdf2(pass, sjcl.random.randomWords(2), 100000, 512)))
};
storage.set(options, 'inventory', inventory, function(err, results){
if (err) throw err;
console.log(results);
});
storage.get(options, 'inventory', function(err, results){
if (err) throw err;
console.log(results);
});
Warning:
For the obligitory read regarding Javascript Encryption and the security implications please read 'NCC Group - Javascript Cryptography Considered Harmful'
Requirements:
Installation:
Three methods are available for setup and use; using bower, cloning & manual
Yarn
To setup using yarn
%> yarn add crypt.io
Bower (depreciated)
To setup using bower
%> bower install crypt.io
Clone w/ git
To setup using git
%> git clone --recursive https://github.com/jas-/crypt.io.git
Manual
Copy the crypt.io.min.js and the sjcl libraries to your web project and include them like so.
<script src="/path/to/sjcl.js"></script>
<script src="/path/to/crypt.io.min.js"></script>
Support:
Found a bug? Want a feature added? General feedback or kudos? Please open an issue so I can address it. Thanks!