{"id":18255,"library":"crypto-js","title":"crypto-js","description":"JavaScript library of crypto standards providing various cryptographic algorithms including AES, DES, SHA-256, MD5, HMAC, and PBKDF2. Version 4.2.0 is the latest stable release, but the library is discontinued and no longer maintained. It supports both Node.js and browser environments with modular imports. The library uses the native Crypto module for random number generation but relies on its own implementations for other operations. Development has stopped; users are encouraged to migrate to the native Web Crypto API in modern browsers or Node.js crypto module. Release cadence has been low, with the last release in 2021.","status":"deprecated","version":"4.2.0","language":"javascript","source_language":"en","source_url":"ssh://git@github.com/brix/crypto-js","tags":["javascript","security","crypto","Hash","MD5","SHA1","SHA-1","SHA256","SHA-256"],"install":[{"cmd":"npm install crypto-js","lang":"bash","label":"npm"},{"cmd":"yarn add crypto-js","lang":"bash","label":"yarn"},{"cmd":"pnpm add crypto-js","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"ESM import works with bundlers like webpack; in Node.js, use require() for CommonJS.","wrong":"const AES = require('crypto-js/aes');","symbol":"AES","correct":"import AES from 'crypto-js/aes';"},{"note":"Default import for the full library; no need for .default.","wrong":"const CryptoJS = require('crypto-js').default;","symbol":"CryptoJS","correct":"import CryptoJS from 'crypto-js';"},{"note":"Named export not available; must import default from specific module.","wrong":"import { SHA256 } from 'crypto-js';","symbol":"SHA256","correct":"import SHA256 from 'crypto-js/sha256';"},{"note":"Import default; the module exports a single encoder object.","wrong":"const Base64 = require('crypto-js/enc-base64').Base64;","symbol":"enc.Base64","correct":"import Base64 from 'crypto-js/enc-base64';"},{"note":"Import default from the specific HMAC module.","wrong":"import { hmacSHA512 } from 'crypto-js';","symbol":"hmacSHA512","correct":"import hmacSHA512 from 'crypto-js/hmac-sha512';"},{"note":"WordArray is accessed via the core object; it is not a separate module.","wrong":"import WordArray from 'crypto-js/lib-wordarray';","symbol":"lib.WordArray","correct":"import CryptoJS from 'crypto-js'; const wordArray = CryptoJS.lib.WordArray;"}],"quickstart":{"code":"import CryptoJS from 'crypto-js';\nimport SHA256 from 'crypto-js/sha256';\nimport AES from 'crypto-js/aes';\nimport encHex from 'crypto-js/enc-hex';\n\n// Hash a message\nconst hash = SHA256('Message');\nconsole.log(hash.toString(encHex)); // hex digest\n\n// Encrypt and decrypt\nconst secretKey = 'secret-key-42';\nconst original = 'Hello, World!';\nconst ciphertext = CryptoJS.AES.encrypt(original, secretKey).toString();\nconsole.log('Encrypted:', ciphertext);\n\nconst bytes = CryptoJS.AES.decrypt(ciphertext, secretKey);\nconst decrypted = bytes.toString(CryptoJS.enc.Utf8);\nconsole.log('Decrypted:', decrypted);","lang":"javascript","description":"Demonstrates SHA-256 hashing, AES encryption and decryption with a string key, and hex encoding."},"warnings":[{"fix":"Migrate to native Web Crypto API in browsers or Node.js crypto module.","message":"CryptoJS is discontinued and no longer maintained.","severity":"deprecated","affected_versions":">=4.0.0"},{"fix":"Provide a proper IV: CryptoJS.AES.encrypt(msg, key, { iv: CryptoJS.lib.WordArray.random(16) }).toString()","message":"AES encryption with a string key uses an internal KDF and may produce different ciphertexts on different platforms due to nonce generation. Use a consistent salt or pass an IV explicitly to ensure reproducibility.","severity":"gotcha","affected_versions":">=3.0.0"},{"fix":"Use hash.toString(CryptoJS.enc.Hex) or other explicit encoder.","message":"In v4, automatic conversion of WordArray to hex string was removed; toString() with an encoder is now required.","severity":"breaking","affected_versions":">=4.0.0"},{"fix":"Always use CryptoJS.lib.WordArray.random() for secure keys.","message":"Using Math.random() for key generation is insecure; CryptoJS uses native crypto for random numbers in Node.js, but in older browsers your custom keys may be weak.","severity":"gotcha","affected_versions":">=4.0.0"},{"fix":"Install via npm instead: npm install crypto-js","message":"The Bower package manager is deprecated; CryptoJS is still available via npm.","severity":"deprecated","affected_versions":"<=4.2.0"}],"env_vars":null,"last_verified":"2026-04-25T00:00:00.000Z","next_check":"2026-07-24T00:00:00.000Z","problems":[{"fix":"Import full library: import CryptoJS from 'crypto-js'; then use CryptoJS.enc.Utf8.","cause":"Attempting to access CryptoJS.enc without importing the full library or specific encoder.","error":"TypeError: Cannot read properties of undefined (reading 'enc')"},{"fix":"Explicitly import the encoder: import encHex from 'crypto-js/enc-hex';","cause":"Using an encoder without importing its module.","error":"Uncaught TypeError: CryptoJS.enc.Hex is undefined"},{"fix":"Update browser or use a polyfill.","cause":"Rare edge case on very old browsers lacking WebAssembly; not a typical error.","error":"Error: CryptoJS requires WebAssembly support (or similar)"},{"fix":"Ensure the module is installed: npm install crypto-js. For browser, include via script tag: <script src='path/to/crypto-js/crypto-js.js'></script>","cause":"Missing import or incorrect path when using standalone scripts without bundler.","error":"Module not found: Error: Can't resolve 'crypto-js/aes'"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}