I'll start by saying I'm not a crypto expert by any means.
However, it was pointed out on HN that the encrypt function doesn't use an IV when initializing the cipher object, and the node documention explicitly says
"In line with OpenSSL's recommendation to use pbkdf2 instead of EVP_BytesToKey it is recommended that developers derive a key and IV on their own using crypto.pbkdf2() and to use crypto.createCipheriv() to create the Cipher object."
Since the official docs appears to recommend against crypto.createCipher() I figured it was worth bringing up.
I'll start by saying I'm not a crypto expert by any means.
However, it was pointed out on HN that the encrypt function doesn't use an IV when initializing the cipher object, and the node documention explicitly says
Since the official docs appears to recommend against
crypto.createCipher()I figured it was worth bringing up.