A lightweight, promise-based TypeScript wrapper for executing OpenSSL CLI commands directly from Node.js, with rich buffer enhancements and a fluent, proxy-powered API.
This library abstracts the openssl command-line tool into a clean, asynchronous interface, enabling seamless
integration of common cryptographic operations such as key generation, certificate signing, hashing, and PEM parsing.
Install the package using npm:
npm install @sourceregistry/node-opensslNote: Ensure
opensslis installed and available in your system's PATH.If you don't have OpenSSL installed, you have two options:
- Compile and install from source (https://github.com/openssl/openssl/blob/master/INSTALL.md)
- Install from a precompile binary (https://github.com/openssl/openssl/wiki/Binaries)
The primary interface is the openssl tagged template function, which allows you to run any OpenSSL command using
natural syntax.
import {openssl} from '@sourceregistry/node-openssl';
async function main() {
// Generate a 2048-bit RSA private key
const key = await openssl`genpkey -algorithm RSA -outform PEM -pkeyopt rsa_keygen_bits:2048`.one();
console.log('Private Key:\n', key.data);
console.log('SHA-256:', key.sha256);
// Generate a self-signed certificate
const cert = await openssl`req -x509 -new -key ${key} -subj "/CN=localhost" -days 365 -outform PEM`.one();
console.log('Certificate:\n', cert.data);
console.log('Is Certificate Chain?', cert.isChain);
}
main().catch(console.error);All command outputs are enhanced Buffer objects with metadata and utilities:
const output = await openssl`x509 -in cert.pem -noout -text`;
console.log(output.type); // e.g., "CERTIFICATE"
console.log(output.mimeType); // e.g., "application/x-pkcs7-crl"
console.log(output.sha1); // Base64URL-encoded SHA-1
console.log(output.md5); // Base64URL-encoded MD5
console.log(output.data); // PEM body (without headers)
// Convert to Node.js crypto KeyObject
const publicKey = output.toObject(); // createPublicKey(output)console.log('OpenSSL Version:', openssl.version);
// { major: 3, minor: 0, patch: 2, release_date: '...'}You can pass Buffer objects directly — they’re automatically written to temp files:
const csrBuffer = Buffer.from('...');
const signedCert = await openssl`x509 -req -CA ca.crt -CAkey ca.key -in <(echo "${csrBuffer}") -outform PEM`;Files produced by OpenSSL (e.g., .crt, .pem) are automatically read and included in the output array.
Execute any OpenSSL command. Returns a Promise<OpenSSLBuffer[]>.
const outputs = await openssl`dgst -sha256 file.txt`;Convenience method to get the first output buffer:
const cert = await openssl`req -newkey ...`.one();Enhanced Buffer with:
.sha1,.sha256,.md5: Hashes (base64url-encoded).data: PEM body (header/footer stripped).type: PEM type (CERTIFICATE,PRIVATE KEY, etc.).isChain:trueif multiple certs in PEM.certificates: Array of full certificate blocks (if chain).mimeType: Inferred MIME type.toObject(): Convert tocrypto.KeyObject
OpenSSL.exec(args): Low-level execution with array argsOpenSSL.init(): Initialize and detect OpenSSL version (is run automatically when importing the library)OpenSSL.AnalysePEM(buffer): Parse PEM metadataOpenSSL.TransformBuffer(buffer): Enhance a Buffer
- Node.js (v22+ older might work)
- OpenSSL (installed and in PATH)
npm run build: Compile TypeScript todist/npm run test: Run unit tests (if any)npm run lint: Lint code with ESLint
Contributions are welcome! Please feel free to submit issues, feature requests, or pull requests.
We aim to support all standard OpenSSL workflows with a clean, type-safe interface.
This project is licensed under the Apache-2.0 License. See the LICENSE file for details.