My roadmap and package ideas for the Systemix monorepo—crypto and non-crypto.
I want security features that use only Node.js built-ins and Web Crypto API. No third-party crypto deps. Easier to audit, fewer supply-chain risks.
| Module | Use case |
|---|---|
crypto |
Hashing, encryption, keys |
buffer |
Encoding / decoding |
timers |
OTP time windows |
util |
Promisification, helpers |
fs |
Key persistence (optional) |
- Passwords, passphrases, tokens ✅ (done)
- Hashing (scrypt, pbkdf2)
- Encryption (AES-256-GCM, ChaCha20-Poly1305)
- OTP (HOTP, TOTP)
- Key pairs (EC, RSA, Ed25519)
- Timing-safe comparison
- Encoding (base64, hex, base64url)
| Feature | Why not |
|---|---|
| Argon2 | Needs native bindings |
| bcrypt | External C library |
| Full WebAuthn flow | Browser + platform APIs |
| QR code generation | Needs image rendering |
Packages I want to add beyond password, passphrase, token, eslint, typescript:
Password hashing (PBKDF2, scrypt) via Web Crypto. Completes the auth flow: generate → hash → store → verify. Zero deps.
Typed env loading and validation. Parse, validate, type env vars at startup. Common need, low complexity.
Input validation for API boundaries, config, user input. Schema validation, optional timing-safe checks.
AES-GCM encrypt/decrypt via Web Crypto. For encrypting sensitive data at rest (DB fields, config).
Rate limiting (in-memory or pluggable store). Express/Next middleware, API protection.
ID generation (UUID v4, ULID, nanoid-style). Non-secret identifiers for APIs, DBs.
Packages outside crypto—scalable systems, DX, async utilities:
| Package | Purpose | Why |
|---|---|---|
| @systemix/retry | Retry with exponential backoff, jitter | Widely useful, small scope |
| @systemix/logger | Structured logging (levels, JSON) | Minimal deps, consistent DX |
| @systemix/result | Result/Either-style error handling | No exceptions, typed errors |
| Package | Purpose | Why |
|---|---|---|
| @systemix/schema | Lightweight runtime schema validation | API boundaries, config |
| @systemix/fetch | Fetch wrapper (retry, timeout, typed) | Robust HTTP client |
| @systemix/url | URL helpers, query parsing, building | Common need, zero deps |
| Package | Purpose | Why |
|---|---|---|
| @systemix/cache | In-memory LRU cache | Simple caching, no Redis |
| @systemix/queue | Simple async queue (producer/consumer) | Background jobs, buffering |
| @systemix/semaphore | Concurrency limiting | Limit parallel requests |
| Package | Purpose | Why |
|---|---|---|
| @systemix/async | sleep, timeout, debounce, throttle, pLimit | Core async helpers |