@naman_deep_singh/security 1.0.4 → 1.2.0

package/dist/types/core/crypto/index.d.ts

@@ -0,0 +1,4 @@
+export * from "./decrypt";
+export * from "./encrypt";
+export * from "./hmac";
+export * from "./random";

package/dist/types/core/crypto/random.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Generate cryptographically secure random string
+ */
+export declare const randomToken: (length?: number) => string;
+/**
+ * Generate a strong random password
+ */
+export declare const generateStrongPassword: (length?: number) => string;

package/dist/types/core/jwt/decode.d.ts

@@ -0,0 +1,12 @@
+import { JwtPayload } from "jsonwebtoken";
+/**
+ * Flexible decode
+ * Returns: null | string | JwtPayload
+ * Mirrors jsonwebtoken.decode()
+ */
+export declare function decodeToken(token: string): null | string | JwtPayload;
+/**
+ * Strict decode
+ * Always returns JwtPayload or throws error
+ */
+export declare function decodeTokenStrict(token: string): JwtPayload;

package/dist/types/core/jwt/extractToken.d.ts

@@ -0,0 +1,11 @@
+export interface TokenSources {
+    header?: string | undefined | null;
+    cookies?: Record<string, string> | undefined;
+    query?: Record<string, string | undefined> | undefined;
+    body?: Record<string, unknown> | undefined;
+    wsMessage?: string | Record<string, unknown> | undefined;
+}
+/**
+ * Universal token extractor
+ */
+export declare function extractToken(sources: TokenSources): string | null;

package/dist/types/core/jwt/generateTokens.d.ts

@@ -0,0 +1,4 @@
+import { Secret } from "jsonwebtoken";
+import { RefreshToken, TokenPair } from "./types";
+export declare const generateTokens: (payload: Record<string, unknown>, accessSecret: Secret, refreshSecret: Secret, accessExpiry?: string | number, refreshExpiry?: string | number) => TokenPair;
+export declare function rotateRefreshToken(oldToken: string, secret: Secret): RefreshToken;

package/dist/types/core/jwt/index.d.ts

@@ -0,0 +1,8 @@
+export * from "./decode";
+export * from "./extractToken";
+export * from "./generateTokens";
+export * from "./parseDuration";
+export * from "./signToken";
+export * from "./types";
+export * from "./validateToken";
+export * from "./verify";

package/dist/types/core/jwt/parseDuration.d.ts

@@ -0,0 +1 @@
+export declare function parseDuration(input: string | number): number;

package/dist/types/core/jwt/signToken.d.ts

@@ -0,0 +1,2 @@
+import { Secret, SignOptions } from "jsonwebtoken";
+export declare const signToken: (payload: Record<string, unknown>, secret: Secret, expiresIn?: string | number, options?: SignOptions) => string;

package/dist/types/core/jwt/types.d.ts

@@ -0,0 +1,22 @@
+import { JwtPayload } from "jsonwebtoken";
+export interface AccessTokenBrand {
+    readonly access: unique symbol;
+}
+export interface RefreshTokenBrand {
+    readonly refresh: unique symbol;
+}
+export type AccessToken = string & AccessTokenBrand;
+export type RefreshToken = string & RefreshTokenBrand;
+export interface TokenPair {
+    accessToken: AccessToken;
+    refreshToken: RefreshToken;
+}
+export interface VerificationResult<T = JwtPayload> {
+    valid: boolean;
+    payload?: T | string;
+    error?: Error;
+}
+export interface TokenValidationOptions {
+    ignoreExpiration?: boolean;
+    ignoreIssuedAt?: boolean;
+}

package/dist/types/core/jwt/validateToken.d.ts

@@ -0,0 +1,13 @@
+import { JwtPayload } from "node_modules/@types/jsonwebtoken";
+export interface TokenRequirements {
+    requiredFields?: string[];
+    forbiddenFields?: string[];
+    validateTypes?: Record<string, "string" | "number" | "boolean">;
+}
+export declare function validateTokenPayload(payload: Record<string, unknown>, rules?: TokenRequirements): {
+    valid: true;
+} | {
+    valid: false;
+    error: string;
+};
+export declare function isTokenExpired(payload: JwtPayload): boolean;

package/dist/types/core/jwt/verify.d.ts

@@ -0,0 +1,18 @@
+import jwt, { Secret, JwtPayload } from "jsonwebtoken";
+import { VerificationResult } from "./types";
+/**
+ * Verify token (throws if invalid or expired)
+ */
+export declare const verifyToken: (token: string, secret: Secret) => string | JwtPayload;
+/**
+ * Safe verify — never throws, returns structured result
+ */
+export declare const safeVerifyToken: (token: string, secret: Secret) => VerificationResult;
+/**
+ * Verify token with validation options
+ */
+export declare const verifyTokenWithOptions: (token: string, secret: Secret, options?: jwt.VerifyOptions) => string | JwtPayload;
+/**
+ * Safe verify with validation options
+ */
+export declare const safeVerifyTokenWithOptions: (token: string, secret: Secret, options?: jwt.VerifyOptions) => VerificationResult;

package/dist/types/core/password/hash.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Hash a password asynchronously using bcrypt.
+ */
+export declare const hashPassword: (password: string, saltRounds?: number) => Promise<string>;
+export declare function hashPasswordWithPepper(password: string, pepper: string): Promise<string>;
+/**
+ * Hash a password synchronously using bcrypt.
+ */
+export declare const hashPasswordSync: (password: string, saltRounds?: number) => string;
+export declare function hashPasswordWithPepperSync(password: string, pepper: string): string;

package/dist/types/core/password/index.d.ts

@@ -0,0 +1,3 @@
+export * from "./hash";
+export * from "./strength";
+export * from "./verify";

package/dist/types/core/password/strength.d.ts

@@ -0,0 +1,2 @@
+import { PasswordStrengthOptions } from "./types";
+export declare const isPasswordStrong: (password: string, options?: PasswordStrengthOptions) => boolean;

package/dist/types/core/password/types.d.ts

@@ -0,0 +1,7 @@
+export interface PasswordStrengthOptions {
+    minLength?: number;
+    requireUppercase?: boolean;
+    requireLowercase?: boolean;
+    requireNumbers?: boolean;
+    requireSymbols?: boolean;
+}

package/dist/types/core/password/utils.d.ts

@@ -0,0 +1,4 @@
+export declare function ensureValidPassword(password: string): void;
+export declare function safeCompare(a: string, b: string): boolean;
+export declare function estimatePasswordEntropy(password: string): number;
+export declare function normalizePassword(password: string): string;

package/dist/types/core/password/verify.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Compare a password with a stored hash asynchronously.
+ */
+export declare const verifyPassword: (password: string, hash: string) => Promise<boolean>;
+export declare function verifyPasswordWithPepper(password: string, pepper: string, hash: string): Promise<boolean>;
+/**
+ * Compare a password with a stored hash synchronously.
+ */
+export declare const verifyPasswordSync: (password: string, hash: string) => boolean;
+export declare function verifyPasswordWithPepperSync(password: string, pepper: string, hash: string): Promise<boolean>;

package/dist/types/index.d.ts

@@ -0,0 +1,41 @@
+export * from "./core/password";
+export * from "./core/jwt";
+export * from "./core/crypto";
+export { BadRequestError, UnauthorizedError, ValidationError, InternalServerError } from "@naman_deep_singh/errors-utils";
+import * as JWTUtils from "./core/jwt";
+declare const _default: {
+    decrypt: (data: string, secret: string) => string;
+    encrypt: (text: string, secret: string) => string;
+    hmacSign: (message: string, secret: string) => string;
+    hmacVerify: (message: string, secret: string, signature: string) => boolean;
+    randomToken: (length?: number) => string;
+    generateStrongPassword: (length?: number) => string;
+    decodeToken(token: string): null | string | import("node_modules/@types/jsonwebtoken").JwtPayload;
+    decodeTokenStrict(token: string): import("node_modules/@types/jsonwebtoken").JwtPayload;
+    extractToken(sources: JWTUtils.TokenSources): string | null;
+    rotateRefreshToken(oldToken: string, secret: import("node_modules/@types/jsonwebtoken").Secret): JWTUtils.RefreshToken;
+    generateTokens: (payload: Record<string, unknown>, accessSecret: import("node_modules/@types/jsonwebtoken").Secret, refreshSecret: import("node_modules/@types/jsonwebtoken").Secret, accessExpiry?: string | number, refreshExpiry?: string | number) => JWTUtils.TokenPair;
+    parseDuration(input: string | number): number;
+    signToken: (payload: Record<string, unknown>, secret: import("node_modules/@types/jsonwebtoken").Secret, expiresIn?: string | number, options?: import("node_modules/@types/jsonwebtoken").SignOptions) => string;
+    validateTokenPayload(payload: Record<string, unknown>, rules?: JWTUtils.TokenRequirements): {
+        valid: true;
+    } | {
+        valid: false;
+        error: string;
+    };
+    isTokenExpired(payload: import("node_modules/@types/jsonwebtoken").JwtPayload): boolean;
+    verifyToken: (token: string, secret: import("node_modules/@types/jsonwebtoken").Secret) => string | import("node_modules/@types/jsonwebtoken").JwtPayload;
+    safeVerifyToken: (token: string, secret: import("node_modules/@types/jsonwebtoken").Secret) => JWTUtils.VerificationResult;
+    verifyTokenWithOptions: (token: string, secret: import("node_modules/@types/jsonwebtoken").Secret, options?: import("node_modules/@types/jsonwebtoken").VerifyOptions) => string | import("node_modules/@types/jsonwebtoken").JwtPayload;
+    safeVerifyTokenWithOptions: (token: string, secret: import("node_modules/@types/jsonwebtoken").Secret, options?: import("node_modules/@types/jsonwebtoken").VerifyOptions) => JWTUtils.VerificationResult;
+    hashPasswordWithPepper(password: string, pepper: string): Promise<string>;
+    hashPasswordWithPepperSync(password: string, pepper: string): string;
+    hashPassword: (password: string, saltRounds?: number) => Promise<string>;
+    hashPasswordSync: (password: string, saltRounds?: number) => string;
+    isPasswordStrong: (password: string, options?: import("./core/password/types").PasswordStrengthOptions) => boolean;
+    verifyPasswordWithPepper(password: string, pepper: string, hash: string): Promise<boolean>;
+    verifyPasswordWithPepperSync(password: string, pepper: string, hash: string): Promise<boolean>;
+    verifyPassword: (password: string, hash: string) => Promise<boolean>;
+    verifyPasswordSync: (password: string, hash: string) => boolean;
+};
+export default _default;

package/package.json

@@ -1,12 +1,22 @@
 {
   "name": "@naman_deep_singh/security",
-  "version": "1.0.4",
+  "version": "1.2.0",
   "description": "Security utilities for password hashing and JWT token management with TypeScript",
-  "main": "dist/index.js",
-  "types": "dist/index.d.ts",
-  "scripts": {
-    "build": "tsc"
+  "type": "module",
+  "main": "./dist/cjs/index.js",
+  "module": "./dist/esm/index.js",
+  "exports": {
+    ".": {
+      "import": "./dist/esm/index.js",
+      "require": "./dist/cjs/index.js",
+      "types": "./dist/types/index.d.ts"
+    }
   },
+  "sideEffects": false,
+  "files": [
+    "dist",
+    "README.md"
+  ],
   "keywords": [
     "security",
     "jwt",
@@ -17,14 +27,20 @@
   ],
   "author": "Naman Deep Singh",
   "license": "ISC",
-  "packageManager": "pnpm@10.20.0",
   "dependencies": {
+    "@naman_deep_singh/errors-utils": "^1.0.0",
     "bcryptjs": "^3.0.3",
     "jsonwebtoken": "^9.0.2"
   },
   "devDependencies": {
     "@types/bcryptjs": "^2.4.6",
     "@types/jsonwebtoken": "^9.0.10",
-    "typescript": "^5.9.3"
+    "typescript": "^5.9.3",
+    "rimraf": "^5.0.5"
+  },
+  "scripts": {
+    "build": "pnpm run build:types && tsc -p tsconfig.cjs.json && tsc -p tsconfig.esm.json",
+    "build:types": "tsc -p tsconfig.base.json --emitDeclarationOnly --outDir dist/types",
+    "clean": "rimraf dist"
   }
 }

package/dist/index.d.ts

@@ -1,16 +0,0 @@
-import { Secret, JwtPayload } from "jsonwebtoken";
-export declare const hashPassword: (password: string) => Promise<string>;
-export declare const verifyPassword: (password: string, hash: string) => Promise<boolean>;
-export declare const comparePassword: (password: string, hash: string) => Promise<boolean>;
-export declare const generateToken: (payload: Record<string, unknown>, secret: Secret, expiresIn?: string) => string;
-export declare const verifyToken: (token: string, secret: Secret) => string | JwtPayload;
-export declare const signToken: (payload: Record<string, unknown>, secret: Secret, expiresIn?: string) => string;
-declare const SecurityUtils: {
-    hashPassword: (password: string) => Promise<string>;
-    verifyPassword: (password: string, hash: string) => Promise<boolean>;
-    comparePassword: (password: string, hash: string) => Promise<boolean>;
-    generateToken: (payload: Record<string, unknown>, secret: Secret, expiresIn?: string) => string;
-    verifyToken: (token: string, secret: Secret) => string | JwtPayload;
-    signToken: (payload: Record<string, unknown>, secret: Secret, expiresIn?: string) => string;
-};
-export default SecurityUtils;

package/dist/index.js

@@ -1,41 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.signToken = exports.verifyToken = exports.generateToken = exports.comparePassword = exports.verifyPassword = exports.hashPassword = void 0;
-const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
-const bcryptjs_1 = __importDefault(require("bcryptjs"));
-// 🧱 Password helpers
-const hashPassword = async (password) => {
-    const salt = await bcryptjs_1.default.genSalt(10);
-    return bcryptjs_1.default.hash(password, salt);
-};
-exports.hashPassword = hashPassword;
-const verifyPassword = async (password, hash) => {
-    return bcryptjs_1.default.compare(password, hash);
-};
-exports.verifyPassword = verifyPassword;
-// For backward compatibility
-exports.comparePassword = exports.verifyPassword;
-// 🧩 JWT helpers
-const generateToken = (payload, secret, expiresIn = "1h") => {
-    return jsonwebtoken_1.default.sign(payload, secret, { expiresIn, algorithm: "HS256" });
-};
-exports.generateToken = generateToken;
-const verifyToken = (token, secret) => {
-    return jsonwebtoken_1.default.verify(token, secret);
-};
-exports.verifyToken = verifyToken;
-// For backward compatibility
-exports.signToken = exports.generateToken;
-// Default export for namespace usage
-const SecurityUtils = {
-    hashPassword: exports.hashPassword,
-    verifyPassword: exports.verifyPassword,
-    comparePassword: exports.comparePassword,
-    generateToken: exports.generateToken,
-    verifyToken: exports.verifyToken,
-    signToken: exports.signToken
-};
-exports.default = SecurityUtils;

package/src/index.ts

@@ -1,39 +0,0 @@
-import jwt, { Secret, JwtPayload } from "jsonwebtoken";
-import bcrypt from "bcryptjs";
-
-// 🧱 Password helpers
-export const hashPassword = async (password: string): Promise<string> => {
-  const salt = await bcrypt.genSalt(10);
-  return bcrypt.hash(password, salt);
-};
-
-export const verifyPassword = async (password: string, hash: string): Promise<boolean> => {
-  return bcrypt.compare(password, hash);
-};
-
-// For backward compatibility
-export const comparePassword = verifyPassword;
-
-// 🧩 JWT helpers
-export const generateToken = (payload: Record<string, unknown>, secret: Secret, expiresIn = "1h"): string => {
-  return jwt.sign(payload, secret, { expiresIn, algorithm: "HS256" } as jwt.SignOptions);
-};
-
-export const verifyToken = (token: string, secret: Secret): string | JwtPayload => {
-  return jwt.verify(token, secret);
-};
-
-// For backward compatibility
-export const signToken = generateToken;
-
-// Default export for namespace usage
-const SecurityUtils = {
-  hashPassword,
-  verifyPassword,
-  comparePassword,
-  generateToken,
-  verifyToken,
-  signToken
-};
-
-export default SecurityUtils;

package/tsconfig.json

@@ -1,21 +0,0 @@
-{
-  "compilerOptions": {
-    "target": "ES2020",
-    "module": "CommonJS",
-    "moduleResolution": "node",
-    "rootDir": "./src",
-    "outDir": "./dist",
-    "strict": true,
-    "esModuleInterop": true,
-    "allowSyntheticDefaultImports": true,
-    "skipLibCheck": true,
-    "forceConsistentCasingInFileNames": true,
-    "declaration": true,
-    "baseUrl": ".",
-    "paths": {
-      "*": ["*", "*.ts", "*.js"]
-    }
-  },
-  "include": ["src/**/*"],
-  "exclude": ["node_modules", "dist"]
-}