@clef-sh/agent 0.1.16 → 0.1.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/agent.cjs +51 -21
  2. package/dist/agent.cjs.map +2 -2
  3. package/package.json +3 -3
package/dist/agent.cjs CHANGED
@@ -67,12 +67,16 @@ var require_age_encryption = __commonJS({
67
67
  });
68
68
  module2.exports = __toCommonJS2(stdin_exports);
69
69
  function isBytes(a5) {
70
- return a5 instanceof Uint8Array || ArrayBuffer.isView(a5) && a5.constructor.name === "Uint8Array";
70
+ return a5 instanceof Uint8Array || ArrayBuffer.isView(a5) && a5.constructor.name === "Uint8Array" && "BYTES_PER_ELEMENT" in a5 && a5.BYTES_PER_ELEMENT === 1;
71
71
  }
72
72
  function anumber(n5, title = "") {
73
+ if (typeof n5 !== "number") {
74
+ const prefix2 = title && `"${title}" `;
75
+ throw new TypeError(`${prefix2}expected number, got ${typeof n5}`);
76
+ }
73
77
  if (!Number.isSafeInteger(n5) || n5 < 0) {
74
78
  const prefix2 = title && `"${title}" `;
75
- throw new Error(`${prefix2}expected integer >= 0, got ${n5}`);
79
+ throw new RangeError(`${prefix2}expected integer >= 0, got ${n5}`);
76
80
  }
77
81
  }
78
82
  function abytes(value, length, title = "") {
@@ -83,15 +87,22 @@ var require_age_encryption = __commonJS({
83
87
  const prefix2 = title && `"${title}" `;
84
88
  const ofLen = needsLen ? ` of length ${length}` : "";
85
89
  const got = bytes ? `length=${len}` : `type=${typeof value}`;
86
- throw new Error(prefix2 + "expected Uint8Array" + ofLen + ", got " + got);
90
+ const message = prefix2 + "expected Uint8Array" + ofLen + ", got " + got;
91
+ if (!bytes)
92
+ throw new TypeError(message);
93
+ throw new RangeError(message);
87
94
  }
88
95
  return value;
89
96
  }
90
97
  function ahash(h5) {
91
98
  if (typeof h5 !== "function" || typeof h5.create !== "function")
92
- throw new Error("Hash must wrapped by utils.createHasher");
99
+ throw new TypeError("Hash must wrapped by utils.createHasher");
93
100
  anumber(h5.outputLen);
94
101
  anumber(h5.blockLen);
102
+ if (h5.outputLen < 1)
103
+ throw new Error('"outputLen" must be >= 1');
104
+ if (h5.blockLen < 1)
105
+ throw new Error('"blockLen" must be >= 1');
95
106
  }
96
107
  function aexists(instance, checkFinished = true) {
97
108
  if (instance.destroyed)
@@ -103,7 +114,7 @@ var require_age_encryption = __commonJS({
103
114
  abytes(out, void 0, "digestInto() output");
104
115
  const min = instance.outputLen;
105
116
  if (out.length < min) {
106
- throw new Error('"digestInto() output" expected to be of length >=' + min);
117
+ throw new RangeError('"digestInto() output" expected to be of length >=' + min);
107
118
  }
108
119
  }
109
120
  function u32(arr) {
@@ -136,7 +147,7 @@ var require_age_encryption = __commonJS({
136
147
  var swap32IfBE = isLE ? (u5) => u5 : byteSwap32;
137
148
  function utf8ToBytes(str) {
138
149
  if (typeof str !== "string")
139
- throw new Error("string expected");
150
+ throw new TypeError("string expected");
140
151
  return new Uint8Array(new TextEncoder().encode(str));
141
152
  }
142
153
  function kdfInputToBytes(data2, errorTitle = "") {
@@ -146,7 +157,7 @@ var require_age_encryption = __commonJS({
146
157
  }
147
158
  function checkOpts(defaults, opts2) {
148
159
  if (opts2 !== void 0 && {}.toString.call(opts2) !== "[object Object]")
149
- throw new Error("options must be object or undefined");
160
+ throw new TypeError("options must be object or undefined");
150
161
  const merged = Object.assign(defaults, opts2);
151
162
  return merged;
152
163
  }
@@ -155,17 +166,23 @@ var require_age_encryption = __commonJS({
155
166
  const tmp = hashCons(void 0);
156
167
  hashC.outputLen = tmp.outputLen;
157
168
  hashC.blockLen = tmp.blockLen;
169
+ hashC.canXOF = tmp.canXOF;
158
170
  hashC.create = (opts2) => hashCons(opts2);
159
171
  Object.assign(hashC, info);
160
172
  return Object.freeze(hashC);
161
173
  }
162
174
  function randomBytes4(bytesLength = 32) {
175
+ anumber(bytesLength, "bytesLength");
163
176
  const cr = typeof globalThis === "object" ? globalThis.crypto : null;
164
177
  if (typeof cr?.getRandomValues !== "function")
165
178
  throw new Error("crypto.getRandomValues must be defined");
179
+ if (bytesLength > 65536)
180
+ throw new RangeError(`"bytesLength" expected <= 65536, got ${bytesLength}`);
166
181
  return cr.getRandomValues(new Uint8Array(bytesLength));
167
182
  }
168
183
  var oidNist = (suffix) => ({
184
+ // Current NIST hashAlgs suffixes used here fit in one DER subidentifier octet.
185
+ // Larger suffix values would need base-128 OID encoding and a different length byte.
169
186
  oid: Uint8Array.from([6, 9, 96, 134, 72, 1, 101, 3, 4, 2, suffix])
170
187
  });
171
188
  var _HMAC = class {
@@ -173,6 +190,7 @@ var require_age_encryption = __commonJS({
173
190
  iHash;
174
191
  blockLen;
175
192
  outputLen;
193
+ canXOF = false;
176
194
  finished = false;
177
195
  destroyed = false;
178
196
  constructor(hash, key) {
@@ -202,11 +220,12 @@ var require_age_encryption = __commonJS({
202
220
  }
203
221
  digestInto(out) {
204
222
  aexists(this);
205
- abytes(out, this.outputLen, "output");
223
+ aoutput(out, this);
206
224
  this.finished = true;
207
- this.iHash.digestInto(out);
208
- this.oHash.update(out);
209
- this.oHash.digestInto(out);
225
+ const buf = out.subarray(0, this.outputLen);
226
+ this.iHash.digestInto(buf);
227
+ this.oHash.update(buf);
228
+ this.oHash.digestInto(buf);
210
229
  this.destroy();
211
230
  }
212
231
  digest() {
@@ -235,8 +254,11 @@ var require_age_encryption = __commonJS({
235
254
  this.iHash.destroy();
236
255
  }
237
256
  };
238
- var hmac = (hash, key, message) => new _HMAC(hash, key).update(message).digest();
239
- hmac.create = (hash, key) => new _HMAC(hash, key);
257
+ var hmac = /* @__PURE__ */ (() => {
258
+ const hmac_ = ((hash, key, message) => new _HMAC(hash, key).update(message).digest());
259
+ hmac_.create = (hash, key) => new _HMAC(hash, key);
260
+ return hmac_;
261
+ })();
240
262
  function extract(hash, ikm, salt) {
241
263
  ahash(hash);
242
264
  if (salt === void 0)
@@ -248,7 +270,10 @@ var require_age_encryption = __commonJS({
248
270
  function expand(hash, prk, info, length = 32) {
249
271
  ahash(hash);
250
272
  anumber(length, "length");
273
+ abytes(prk, void 0, "prk");
251
274
  const olen = hash.outputLen;
275
+ if (prk.length < olen)
276
+ throw new Error('"prk" must be at least HashLen octets');
252
277
  if (length > 255 * olen)
253
278
  throw new Error("Length must be <= 255*HashLen");
254
279
  const blocks = Math.ceil(length / olen);
@@ -281,6 +306,7 @@ var require_age_encryption = __commonJS({
281
306
  var HashMD = class {
282
307
  blockLen;
283
308
  outputLen;
309
+ canXOF = false;
284
310
  padOffset;
285
311
  isLE;
286
312
  // For partial updates less than block size
@@ -508,6 +534,7 @@ var require_age_encryption = __commonJS({
508
534
  clean(SHA256_W);
509
535
  }
510
536
  destroy() {
537
+ this.destroyed = true;
511
538
  this.set(0, 0, 0, 0, 0, 0, 0, 0);
512
539
  clean(this.buffer);
513
540
  }
@@ -845,6 +872,10 @@ var require_age_encryption = __commonJS({
845
872
  anumber(asyncTick, "asyncTick");
846
873
  if (c5 < 1)
847
874
  throw new Error("iterations (c) must be >= 1");
875
+ if (dkLen < 1)
876
+ throw new Error('"dkLen" must be >= 1');
877
+ if (dkLen > (2 ** 32 - 1) * hash.outputLen)
878
+ throw new Error("derived key too long");
848
879
  const password = kdfInputToBytes(_password, "password");
849
880
  const salt = kdfInputToBytes(_salt, "salt");
850
881
  const DK = new Uint8Array(dkLen);
@@ -976,9 +1007,9 @@ var require_age_encryption = __commonJS({
976
1007
  throw new Error('"p" expected integer 1..((2^32 - 1) * 32) / (128 * r)');
977
1008
  if (dkLen < 1 || dkLen > (pow32 - 1) * 32)
978
1009
  throw new Error('"dkLen" expected integer 1..(2^32 - 1) * 32');
979
- const memUsed = blockSize * (N2 + p5);
1010
+ const memUsed = blockSize * (N2 + p5 + 1);
980
1011
  if (memUsed > maxmem)
981
- throw new Error('"maxmem" limit was hit, expected 128*r*(N+p) <= "maxmem"=' + maxmem);
1012
+ throw new Error('"maxmem" limit was hit: memUsed(128*r*(N+p+1))=' + memUsed + ", maxmem=" + maxmem);
982
1013
  const B2 = pbkdf2(sha256, password, salt, { c: 1, dkLen: blockSize * p5 });
983
1014
  const B32 = u32(B2);
984
1015
  const V = u32(new Uint8Array(blockSize * N2));
@@ -210332,7 +210363,7 @@ async function initialFetch(poller, jitMode, encryptedStore, cache5, sourceDesc)
210332
210363
  }
210333
210364
 
210334
210365
  // package.json
210335
- var version5 = "0.1.16";
210366
+ var version5 = "0.1.18";
210336
210367
 
210337
210368
  // src/main.ts
210338
210369
  var isLambda = !!process.env.AWS_LAMBDA_RUNTIME_API;
@@ -210458,17 +210489,16 @@ main().catch((err) => {
210458
210489
  });
210459
210490
  /*! Bundled license information:
210460
210491
 
210461
- @noble/hashes/utils.js:
210462
- @noble/hashes/utils.js:
210463
- @noble/hashes/utils.js:
210464
- (*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
210465
-
210466
210492
  @scure/base/index.js:
210467
210493
  (*! scure-base - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
210468
210494
 
210469
210495
  @noble/ciphers/utils.js:
210470
210496
  (*! noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com) *)
210471
210497
 
210498
+ @noble/hashes/utils.js:
210499
+ @noble/hashes/utils.js:
210500
+ (*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
210501
+
210472
210502
  @noble/curves/utils.js:
210473
210503
  @noble/curves/abstract/modular.js:
210474
210504
  @noble/curves/abstract/curve.js: