xipher is a simple wrapper around the subtle crypto API.
pnpm add xipher
Derive a key from a base password using pbkdf2.
import { pbkdf2 } from 'xipher'
// Generate a 32 bytes key from the password 'password'
const key = await pbkdf2('password', 32)
Hash data using sha256.
import { sha256 } from 'xipher'
const hash = await sha256('...')
You have read this section already pretty much everywhere.
Security is not a thing that is either there or not, it's a process.
Ultimately, there is no algorithm to determine whether an encryption is secure, there is just a bunch of very smart folks trying to break it. Sure some pattern of attack emerges, but still, there is no life-equation that determines whether a algorithm is secure or not. As you might have already guess, if there is no algorithm to determine whether an encryption standard is secure, there is no algorithm to determine whether your specific implementation is secure.
So here's the rule, the word "secure" have no meaning, secure from what? secure when? secure how? Whiteout addressing those questions, the word "secure" is just a buzzword.
Ok then, what should you do?
This library uses the Web Crypto API, which is a well-tested and secure API. Certain functionality are just wrappers around that API, others are implemented by gluing together those functionalities.