crypto-js
raw JSON → 4.2.0 verified Sat Apr 25 auth: no javascript deprecated
JavaScript library of crypto standards providing various cryptographic algorithms including AES, DES, SHA-256, MD5, HMAC, and PBKDF2. Version 4.2.0 is the latest stable release, but the library is discontinued and no longer maintained. It supports both Node.js and browser environments with modular imports. The library uses the native Crypto module for random number generation but relies on its own implementations for other operations. Development has stopped; users are encouraged to migrate to the native Web Crypto API in modern browsers or Node.js crypto module. Release cadence has been low, with the last release in 2021.
Common errors
error TypeError: Cannot read properties of undefined (reading 'enc') ↓
cause Attempting to access CryptoJS.enc without importing the full library or specific encoder.
fix
Import full library: import CryptoJS from 'crypto-js'; then use CryptoJS.enc.Utf8.
error Uncaught TypeError: CryptoJS.enc.Hex is undefined ↓
cause Using an encoder without importing its module.
fix
Explicitly import the encoder: import encHex from 'crypto-js/enc-hex';
error Error: CryptoJS requires WebAssembly support (or similar) ↓
cause Rare edge case on very old browsers lacking WebAssembly; not a typical error.
fix
Update browser or use a polyfill.
error Module not found: Error: Can't resolve 'crypto-js/aes' ↓
cause Missing import or incorrect path when using standalone scripts without bundler.
fix
Ensure the module is installed: npm install crypto-js. For browser, include via script tag: <script src='path/to/crypto-js/crypto-js.js'></script>
Warnings
deprecated CryptoJS is discontinued and no longer maintained. ↓
fix Migrate to native Web Crypto API in browsers or Node.js crypto module.
gotcha AES encryption with a string key uses an internal KDF and may produce different ciphertexts on different platforms due to nonce generation. Use a consistent salt or pass an IV explicitly to ensure reproducibility. ↓
fix Provide a proper IV: CryptoJS.AES.encrypt(msg, key, { iv: CryptoJS.lib.WordArray.random(16) }).toString()
breaking In v4, automatic conversion of WordArray to hex string was removed; toString() with an encoder is now required. ↓
fix Use hash.toString(CryptoJS.enc.Hex) or other explicit encoder.
gotcha Using Math.random() for key generation is insecure; CryptoJS uses native crypto for random numbers in Node.js, but in older browsers your custom keys may be weak. ↓
fix Always use CryptoJS.lib.WordArray.random() for secure keys.
deprecated The Bower package manager is deprecated; CryptoJS is still available via npm. ↓
fix Install via npm instead: npm install crypto-js
Install
npm install crypto-js yarn add crypto-js pnpm add crypto-js Imports
- AES wrong
const AES = require('crypto-js/aes');correctimport AES from 'crypto-js/aes'; - CryptoJS wrong
const CryptoJS = require('crypto-js').default;correctimport CryptoJS from 'crypto-js'; - SHA256 wrong
import { SHA256 } from 'crypto-js';correctimport SHA256 from 'crypto-js/sha256'; - enc.Base64 wrong
const Base64 = require('crypto-js/enc-base64').Base64;correctimport Base64 from 'crypto-js/enc-base64'; - hmacSHA512 wrong
import { hmacSHA512 } from 'crypto-js';correctimport hmacSHA512 from 'crypto-js/hmac-sha512'; - lib.WordArray wrong
import WordArray from 'crypto-js/lib-wordarray';correctimport CryptoJS from 'crypto-js'; const wordArray = CryptoJS.lib.WordArray;
Quickstart
import CryptoJS from 'crypto-js';
import SHA256 from 'crypto-js/sha256';
import AES from 'crypto-js/aes';
import encHex from 'crypto-js/enc-hex';
// Hash a message
const hash = SHA256('Message');
console.log(hash.toString(encHex)); // hex digest
// Encrypt and decrypt
const secretKey = 'secret-key-42';
const original = 'Hello, World!';
const ciphertext = CryptoJS.AES.encrypt(original, secretKey).toString();
console.log('Encrypted:', ciphertext);
const bytes = CryptoJS.AES.decrypt(ciphertext, secretKey);
const decrypted = bytes.toString(CryptoJS.enc.Utf8);
console.log('Decrypted:', decrypted);