@naman_deep_singh/security 1.6.0 → 1.7.0

package/README.md

@@ -1,7 +1,7 @@
 ```bash
 @naman_deep_singh/security
 
-Version: 1.6.0
+Version: 1.7.0
 
 A complete, lightweight security toolkit for Node.js & TypeScript providing:
 

package/dist/cjs/core/crypto/CryptoManger.js

@@ -0,0 +1,107 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CryptoManager = void 0;
+const crypto_1 = __importDefault(require("crypto"));
+const errors_1 = require("@naman_deep_singh/errors");
+const decrypt_js_1 = require("./decrypt.js");
+const encrypt_js_1 = require("./encrypt.js");
+const hmac_js_1 = require("./hmac.js");
+/**
+ * High-level cryptography manager
+ * Wraps encryption, decryption, HMAC, and random utilities
+ */
+class CryptoManager {
+    constructor(secret) {
+        if (!secret || typeof secret !== 'string' || secret.length < 16) {
+            throw new errors_1.BadRequestError({
+                reason: 'CryptoManager secret must be a non-empty string (min 16 chars)',
+            });
+        }
+        this.secret = secret;
+    }
+    /**
+     * Encrypt data using AES-256-GCM
+     */
+    encrypt(data) {
+        if (!data || typeof data !== 'string') {
+            throw new errors_1.BadRequestError({
+                reason: 'Data to encrypt must be a non-empty string',
+            });
+        }
+        return (0, encrypt_js_1.encrypt)(data, this.secret);
+    }
+    /**
+     * Decrypt AES-256-GCM encrypted data
+     */
+    decrypt(encrypted) {
+        if (!encrypted || typeof encrypted !== 'string') {
+            throw new errors_1.BadRequestError({
+                reason: 'Encrypted value must be a non-empty string',
+            });
+        }
+        return (0, decrypt_js_1.decrypt)(encrypted, this.secret);
+    }
+    /**
+     * Create HMAC SHA-256 signature
+     */
+    createHMAC(message) {
+        if (!message || typeof message !== 'string') {
+            throw new errors_1.BadRequestError({
+                reason: 'Message must be a non-empty string',
+            });
+        }
+        return (0, hmac_js_1.hmacSign)(message, this.secret);
+    }
+    /**
+     * Verify HMAC SHA-256 signature
+     */
+    verifyHMAC(message, signature) {
+        if (!message ||
+            typeof message !== 'string' ||
+            !signature ||
+            typeof signature !== 'string') {
+            return false;
+        }
+        return (0, hmac_js_1.hmacVerify)(message, this.secret, signature);
+    }
+    /**
+     * Generate cryptographically secure random bytes
+     */
+    generateRandomBytes(length = 32) {
+        if (!Number.isInteger(length) || length <= 0) {
+            throw new errors_1.BadRequestError({
+                reason: 'Random byte length must be a positive integer',
+            });
+        }
+        return crypto_1.default.randomBytes(length);
+    }
+    /**
+     * Generate secure random hex string
+     */
+    generateRandomHex(length = 32) {
+        if (!Number.isInteger(length) || length <= 0) {
+            throw new errors_1.BadRequestError({
+                reason: 'Random hex length must be a positive integer',
+            });
+        }
+        return crypto_1.default.randomBytes(length).toString('hex');
+    }
+    /**
+     * Generate secure random string (URL-safe base64)
+     */
+    generateRandomString(length = 32) {
+        if (!Number.isInteger(length) || length <= 0) {
+            throw new errors_1.BadRequestError({
+                reason: 'Random string length must be a positive integer',
+            });
+        }
+        return crypto_1.default
+            .randomBytes(Math.ceil((length * 3) / 4))
+            .toString('base64url')
+            .slice(0, length);
+    }
+}
+exports.CryptoManager = CryptoManager;

package/dist/cjs/core/crypto/index.js

@@ -1,28 +1,15 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.generateStrongPassword = exports.randomToken = exports.hmacVerify = exports.hmacSign = exports.encrypt = exports.decrypt = void 0;
-var decrypt_1 = require("./decrypt");
-Object.defineProperty(exports, "decrypt", { enumerable: true, get: function () { return decrypt_1.decrypt; } });
-var encrypt_1 = require("./encrypt");
-Object.defineProperty(exports, "encrypt", { enumerable: true, get: function () { return encrypt_1.encrypt; } });
-var hmac_1 = require("./hmac");
-Object.defineProperty(exports, "hmacSign", { enumerable: true, get: function () { return hmac_1.hmacSign; } });
-Object.defineProperty(exports, "hmacVerify", { enumerable: true, get: function () { return hmac_1.hmacVerify; } });
-var random_1 = require("./random");
-Object.defineProperty(exports, "randomToken", { enumerable: true, get: function () { return random_1.randomToken; } });
-Object.defineProperty(exports, "generateStrongPassword", { enumerable: true, get: function () { return random_1.generateStrongPassword; } });
-__exportStar(require("./cryptoManager"), exports);
+exports.generateStrongPassword = exports.randomToken = exports.hmacVerify = exports.hmacSign = exports.decrypt = exports.encrypt = exports.CryptoManager = void 0;
+var CryptoManger_js_1 = require("./CryptoManger.js");
+Object.defineProperty(exports, "CryptoManager", { enumerable: true, get: function () { return CryptoManger_js_1.CryptoManager; } });
+var encrypt_js_1 = require("./encrypt.js");
+Object.defineProperty(exports, "encrypt", { enumerable: true, get: function () { return encrypt_js_1.encrypt; } });
+var decrypt_js_1 = require("./decrypt.js");
+Object.defineProperty(exports, "decrypt", { enumerable: true, get: function () { return decrypt_js_1.decrypt; } });
+var hmac_js_1 = require("./hmac.js");
+Object.defineProperty(exports, "hmacSign", { enumerable: true, get: function () { return hmac_js_1.hmacSign; } });
+Object.defineProperty(exports, "hmacVerify", { enumerable: true, get: function () { return hmac_js_1.hmacVerify; } });
+var random_js_1 = require("./random.js");
+Object.defineProperty(exports, "randomToken", { enumerable: true, get: function () { return random_js_1.randomToken; } });
+Object.defineProperty(exports, "generateStrongPassword", { enumerable: true, get: function () { return random_js_1.generateStrongPassword; } });

package/dist/cjs/core/index.js

@@ -0,0 +1,44 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.normalizePassword = exports.estimatePasswordEntropy = exports.safeCompare = exports.ensureValidPassword = exports.PasswordManager = exports.verifyPasswordWithPepperSync = exports.verifyPasswordSync = exports.verifyPasswordWithPepper = exports.verifyPassword = exports.isPasswordStrong = exports.hashPasswordWithPepperSync = exports.hashPasswordSync = exports.hashPasswordWithPepper = exports.hashPassword = exports.JWTManager = exports.safeVerifyTokenWithOptions = exports.safeVerifyToken = exports.verifyTokenWithOptions = exports.verifyToken = exports.isTokenExpired = exports.validateTokenPayload = exports.signToken = exports.parseDuration = exports.rotateRefreshToken = exports.generateTokens = exports.extractToken = exports.decodeTokenStrict = exports.decodeToken = exports.generateStrongPassword = exports.randomToken = exports.hmacVerify = exports.hmacSign = exports.decrypt = exports.encrypt = exports.CryptoManager = void 0;
+// Re-export everything from crypto module
+var index_js_1 = require("./crypto/index.js");
+Object.defineProperty(exports, "CryptoManager", { enumerable: true, get: function () { return index_js_1.CryptoManager; } });
+Object.defineProperty(exports, "encrypt", { enumerable: true, get: function () { return index_js_1.encrypt; } });
+Object.defineProperty(exports, "decrypt", { enumerable: true, get: function () { return index_js_1.decrypt; } });
+Object.defineProperty(exports, "hmacSign", { enumerable: true, get: function () { return index_js_1.hmacSign; } });
+Object.defineProperty(exports, "hmacVerify", { enumerable: true, get: function () { return index_js_1.hmacVerify; } });
+Object.defineProperty(exports, "randomToken", { enumerable: true, get: function () { return index_js_1.randomToken; } });
+Object.defineProperty(exports, "generateStrongPassword", { enumerable: true, get: function () { return index_js_1.generateStrongPassword; } });
+// Re-export everything from jwt module
+var index_js_2 = require("./jwt/index.js");
+Object.defineProperty(exports, "decodeToken", { enumerable: true, get: function () { return index_js_2.decodeToken; } });
+Object.defineProperty(exports, "decodeTokenStrict", { enumerable: true, get: function () { return index_js_2.decodeTokenStrict; } });
+Object.defineProperty(exports, "extractToken", { enumerable: true, get: function () { return index_js_2.extractToken; } });
+Object.defineProperty(exports, "generateTokens", { enumerable: true, get: function () { return index_js_2.generateTokens; } });
+Object.defineProperty(exports, "rotateRefreshToken", { enumerable: true, get: function () { return index_js_2.rotateRefreshToken; } });
+Object.defineProperty(exports, "parseDuration", { enumerable: true, get: function () { return index_js_2.parseDuration; } });
+Object.defineProperty(exports, "signToken", { enumerable: true, get: function () { return index_js_2.signToken; } });
+Object.defineProperty(exports, "validateTokenPayload", { enumerable: true, get: function () { return index_js_2.validateTokenPayload; } });
+Object.defineProperty(exports, "isTokenExpired", { enumerable: true, get: function () { return index_js_2.isTokenExpired; } });
+Object.defineProperty(exports, "verifyToken", { enumerable: true, get: function () { return index_js_2.verifyToken; } });
+Object.defineProperty(exports, "verifyTokenWithOptions", { enumerable: true, get: function () { return index_js_2.verifyTokenWithOptions; } });
+Object.defineProperty(exports, "safeVerifyToken", { enumerable: true, get: function () { return index_js_2.safeVerifyToken; } });
+Object.defineProperty(exports, "safeVerifyTokenWithOptions", { enumerable: true, get: function () { return index_js_2.safeVerifyTokenWithOptions; } });
+Object.defineProperty(exports, "JWTManager", { enumerable: true, get: function () { return index_js_2.JWTManager; } });
+// Re-export everything from password module
+var index_js_3 = require("./password/index.js");
+Object.defineProperty(exports, "hashPassword", { enumerable: true, get: function () { return index_js_3.hashPassword; } });
+Object.defineProperty(exports, "hashPasswordWithPepper", { enumerable: true, get: function () { return index_js_3.hashPasswordWithPepper; } });
+Object.defineProperty(exports, "hashPasswordSync", { enumerable: true, get: function () { return index_js_3.hashPasswordSync; } });
+Object.defineProperty(exports, "hashPasswordWithPepperSync", { enumerable: true, get: function () { return index_js_3.hashPasswordWithPepperSync; } });
+Object.defineProperty(exports, "isPasswordStrong", { enumerable: true, get: function () { return index_js_3.isPasswordStrong; } });
+Object.defineProperty(exports, "verifyPassword", { enumerable: true, get: function () { return index_js_3.verifyPassword; } });
+Object.defineProperty(exports, "verifyPasswordWithPepper", { enumerable: true, get: function () { return index_js_3.verifyPasswordWithPepper; } });
+Object.defineProperty(exports, "verifyPasswordSync", { enumerable: true, get: function () { return index_js_3.verifyPasswordSync; } });
+Object.defineProperty(exports, "verifyPasswordWithPepperSync", { enumerable: true, get: function () { return index_js_3.verifyPasswordWithPepperSync; } });
+Object.defineProperty(exports, "PasswordManager", { enumerable: true, get: function () { return index_js_3.PasswordManager; } });
+Object.defineProperty(exports, "ensureValidPassword", { enumerable: true, get: function () { return index_js_3.ensureValidPassword; } });
+Object.defineProperty(exports, "safeCompare", { enumerable: true, get: function () { return index_js_3.safeCompare; } });
+Object.defineProperty(exports, "estimatePasswordEntropy", { enumerable: true, get: function () { return index_js_3.estimatePasswordEntropy; } });
+Object.defineProperty(exports, "normalizePassword", { enumerable: true, get: function () { return index_js_3.normalizePassword; } });

package/dist/cjs/core/jwt/{jwtManager.js → JWTManager.js}

@@ -4,11 +4,11 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.JWTManager = void 0;
-const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
-const signToken_1 = require("./signToken");
-const verify_1 = require("./verify");
 const errors_1 = require("@naman_deep_singh/errors");
 const utils_1 = require("@naman_deep_singh/utils");
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+const signToken_js_1 = require("./signToken.js");
+const verify_js_1 = require("./verify.js");
 class JWTManager {
     constructor(config) {
         this.accessSecret = config.accessSecret;
@@ -38,7 +38,7 @@ class JWTManager {
     async generateAccessToken(payload) {
         try {
             this.validatePayload(payload);
-            const token = (0, signToken_1.signToken)(payload, this.accessSecret, this.accessExpiry, {
+            const token = (0, signToken_js_1.signToken)(payload, this.accessSecret, this.accessExpiry, {
                 algorithm: 'HS256',
             });
             return token;
@@ -53,7 +53,7 @@ class JWTManager {
     async generateRefreshToken(payload) {
         try {
             this.validatePayload(payload);
-            const token = (0, signToken_1.signToken)(payload, this.refreshSecret, this.refreshExpiry, {
+            const token = (0, signToken_js_1.signToken)(payload, this.refreshSecret, this.refreshExpiry, {
                 algorithm: 'HS256',
             });
             return token;
@@ -91,7 +91,7 @@ class JWTManager {
     validateToken(token, secret) {
         if (!token || typeof token !== 'string')
             return false;
-        return (0, verify_1.safeVerifyToken)(token, secret).valid;
+        return (0, verify_js_1.safeVerifyToken)(token, secret).valid;
     }
     /** Rotate refresh token */
     async rotateRefreshToken(oldToken) {
@@ -104,7 +104,7 @@ class JWTManager {
         const payload = { ...decoded };
         delete payload.iat;
         delete payload.exp;
-        const newToken = (0, signToken_1.signToken)(payload, this.refreshSecret, this.refreshExpiry);
+        const newToken = (0, signToken_js_1.signToken)(payload, this.refreshSecret, this.refreshExpiry);
         return newToken;
     }
     /** Check if token is expired */
@@ -169,7 +169,7 @@ class JWTManager {
                 return cached.payload;
             }
         }
-        const { valid, payload, error } = (0, verify_1.safeVerifyToken)(token, secret);
+        const { valid, payload, error } = (0, verify_js_1.safeVerifyToken)(token, secret);
         if (!valid || !payload || typeof payload === 'string') {
             this.cache?.set(cacheKey, {
                 valid: false,

package/dist/cjs/core/jwt/decode.js

@@ -3,7 +3,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.decodeToken = decodeToken;
 exports.decodeTokenStrict = decodeTokenStrict;
 const errors_1 = require("@naman_deep_singh/errors");
-// src/jwt/decodeToken.ts
 const jsonwebtoken_1 = require("jsonwebtoken");
 /**
  * Flexible decode

package/dist/cjs/core/jwt/generateTokens.js

@@ -3,17 +3,17 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.generateTokens = void 0;
 exports.rotateRefreshToken = rotateRefreshToken;
 const errors_1 = require("@naman_deep_singh/errors");
-const signToken_1 = require("./signToken");
-const verify_1 = require("./verify");
+const signToken_js_1 = require("./signToken.js");
+const verify_js_1 = require("./verify.js");
 // Helper function to create branded tokens
 /* const createBrandedToken = <T extends string>(token: string, _brand: T): T => {
     return token as T
 } */
 const generateTokens = (payload, accessSecret, refreshSecret, accessExpiry = '15m', refreshExpiry = '7d') => {
-    const accessToken = (0, signToken_1.signToken)(payload, accessSecret, accessExpiry, {
+    const accessToken = (0, signToken_js_1.signToken)(payload, accessSecret, accessExpiry, {
         algorithm: 'HS256',
     });
-    const refreshToken = (0, signToken_1.signToken)(payload, refreshSecret, refreshExpiry, {
+    const refreshToken = (0, signToken_js_1.signToken)(payload, refreshSecret, refreshExpiry, {
         algorithm: 'HS256',
     });
     return {
@@ -23,7 +23,7 @@ const generateTokens = (payload, accessSecret, refreshSecret, accessExpiry = '15
 };
 exports.generateTokens = generateTokens;
 function rotateRefreshToken(oldToken, secret) {
-    const decoded = (0, verify_1.verifyToken)(oldToken, secret);
+    const decoded = (0, verify_js_1.verifyToken)(oldToken, secret);
     if (typeof decoded === 'string') {
         throw new errors_1.TokenMalformedError({
             reason: 'Invalid token payload — expected JWT payload object',
@@ -32,6 +32,6 @@ function rotateRefreshToken(oldToken, secret) {
     const payload = { ...decoded };
     delete payload.iat;
     delete payload.exp;
-    const newToken = (0, signToken_1.signToken)(payload, secret, '7d');
+    const newToken = (0, signToken_js_1.signToken)(payload, secret, '7d');
     return newToken;
 }

package/dist/cjs/core/jwt/index.js

@@ -1,24 +1,25 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
 Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./decode"), exports);
-__exportStar(require("./extractToken"), exports);
-__exportStar(require("./generateTokens"), exports);
-__exportStar(require("./parseDuration"), exports);
-__exportStar(require("./signToken"), exports);
-__exportStar(require("./types"), exports);
-__exportStar(require("./validateToken"), exports);
-__exportStar(require("./verify"), exports);
+exports.JWTManager = exports.safeVerifyTokenWithOptions = exports.safeVerifyToken = exports.verifyTokenWithOptions = exports.verifyToken = exports.isTokenExpired = exports.validateTokenPayload = exports.signToken = exports.parseDuration = exports.rotateRefreshToken = exports.generateTokens = exports.extractToken = exports.decodeTokenStrict = exports.decodeToken = void 0;
+var decode_js_1 = require("./decode.js");
+Object.defineProperty(exports, "decodeToken", { enumerable: true, get: function () { return decode_js_1.decodeToken; } });
+Object.defineProperty(exports, "decodeTokenStrict", { enumerable: true, get: function () { return decode_js_1.decodeTokenStrict; } });
+var extractToken_js_1 = require("./extractToken.js");
+Object.defineProperty(exports, "extractToken", { enumerable: true, get: function () { return extractToken_js_1.extractToken; } });
+var generateTokens_js_1 = require("./generateTokens.js");
+Object.defineProperty(exports, "generateTokens", { enumerable: true, get: function () { return generateTokens_js_1.generateTokens; } });
+Object.defineProperty(exports, "rotateRefreshToken", { enumerable: true, get: function () { return generateTokens_js_1.rotateRefreshToken; } });
+var parseDuration_js_1 = require("./parseDuration.js");
+Object.defineProperty(exports, "parseDuration", { enumerable: true, get: function () { return parseDuration_js_1.parseDuration; } });
+var signToken_js_1 = require("./signToken.js");
+Object.defineProperty(exports, "signToken", { enumerable: true, get: function () { return signToken_js_1.signToken; } });
+var validateToken_js_1 = require("./validateToken.js");
+Object.defineProperty(exports, "validateTokenPayload", { enumerable: true, get: function () { return validateToken_js_1.validateTokenPayload; } });
+Object.defineProperty(exports, "isTokenExpired", { enumerable: true, get: function () { return validateToken_js_1.isTokenExpired; } });
+var verify_js_1 = require("./verify.js");
+Object.defineProperty(exports, "verifyToken", { enumerable: true, get: function () { return verify_js_1.verifyToken; } });
+Object.defineProperty(exports, "verifyTokenWithOptions", { enumerable: true, get: function () { return verify_js_1.verifyTokenWithOptions; } });
+Object.defineProperty(exports, "safeVerifyToken", { enumerable: true, get: function () { return verify_js_1.safeVerifyToken; } });
+Object.defineProperty(exports, "safeVerifyTokenWithOptions", { enumerable: true, get: function () { return verify_js_1.safeVerifyTokenWithOptions; } });
+var JWTManager_js_1 = require("./JWTManager.js");
+Object.defineProperty(exports, "JWTManager", { enumerable: true, get: function () { return JWTManager_js_1.JWTManager; } });

package/dist/cjs/core/jwt/signToken.js

@@ -3,12 +3,12 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.signToken = void 0;
 const errors_1 = require("@naman_deep_singh/errors");
 const jsonwebtoken_1 = require("jsonwebtoken");
-const parseDuration_1 = require("./parseDuration");
+const parseDuration_js_1 = require("./parseDuration.js");
 function getExpiryTimestamp(seconds) {
     return Math.floor(Date.now() / 1000) + seconds;
 }
 const signToken = (payload, secret, expiresIn = '1h', options = {}) => {
-    const seconds = (0, parseDuration_1.parseDuration)(expiresIn);
+    const seconds = (0, parseDuration_js_1.parseDuration)(expiresIn);
     if (!seconds || seconds < 10) {
         throw new errors_1.ValidationError({ reason: 'Token expiry too small' });
     }

package/dist/cjs/core/password/{passwordManager.js → PasswordManager.js}

@@ -7,7 +7,7 @@ exports.PasswordManager = void 0;
 const crypto_1 = __importDefault(require("crypto"));
 const bcryptjs_1 = __importDefault(require("bcryptjs"));
 const errors_1 = require("@naman_deep_singh/errors");
-const utils_1 = require("./utils");
+const utils_js_1 = require("./utils.js");
 class PasswordManager {
     constructor(config = {}) {
         this.defaultConfig = {
@@ -26,7 +26,7 @@ class PasswordManager {
      */
     async hash(password, salt) {
         try {
-            (0, utils_1.ensureValidPassword)(password);
+            (0, utils_js_1.ensureValidPassword)(password);
             this.validate(password);
             const saltRounds = this.defaultConfig.saltRounds;
             let finalSalt = salt;
@@ -127,7 +127,7 @@ class PasswordManager {
      * Check password strength
      */
     checkStrength(password) {
-        const entropy = (0, utils_1.estimatePasswordEntropy)(password);
+        const entropy = (0, utils_js_1.estimatePasswordEntropy)(password);
         let score = 0;
         const feedback = [];
         const suggestions = [];

package/dist/cjs/core/password/hash.js

@@ -8,18 +8,18 @@ exports.hashPasswordWithPepper = hashPasswordWithPepper;
 exports.hashPasswordWithPepperSync = hashPasswordWithPepperSync;
 const errors_1 = require("@naman_deep_singh/errors");
 const bcryptjs_1 = __importDefault(require("bcryptjs"));
-const utils_1 = require("./utils");
+const utils_js_1 = require("./utils.js");
 /**
  * Hash a password asynchronously using bcrypt.
  */
 const hashPassword = async (password, saltRounds = 10) => {
     try {
-        (0, utils_1.ensureValidPassword)(password);
+        (0, utils_js_1.ensureValidPassword)(password);
         const salt = await bcryptjs_1.default.genSalt(saltRounds);
         return bcryptjs_1.default.hash(password, salt);
     }
     catch (error) {
-        throw new errors_1.InternalServerError({ reason: 'Password hashing failed' }, error instanceof Error ? error : undefined);
+        throw new errors_1.InternalServerError(undefined, { reason: 'Password hashing failed' }, error instanceof Error ? error : undefined);
     }
 };
 exports.hashPassword = hashPassword;
@@ -31,12 +31,12 @@ function hashPasswordWithPepper(password, pepper) {
  */
 const hashPasswordSync = (password, saltRounds = 10) => {
     try {
-        (0, utils_1.ensureValidPassword)(password);
+        (0, utils_js_1.ensureValidPassword)(password);
         const salt = bcryptjs_1.default.genSaltSync(saltRounds);
         return bcryptjs_1.default.hashSync(password, salt);
     }
     catch (error) {
-        throw new errors_1.InternalServerError({ reason: 'Password hashing failed' }, error instanceof Error ? error : undefined);
+        throw new errors_1.InternalServerError(undefined, { reason: 'Password hashing failed' }, error instanceof Error ? error : undefined);
     }
 };
 exports.hashPasswordSync = hashPasswordSync;

package/dist/cjs/core/password/index.js

@@ -1,19 +1,22 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
 Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./hash"), exports);
-__exportStar(require("./strength"), exports);
-__exportStar(require("./verify"), exports);
+exports.normalizePassword = exports.estimatePasswordEntropy = exports.safeCompare = exports.ensureValidPassword = exports.PasswordManager = exports.verifyPasswordWithPepperSync = exports.verifyPasswordSync = exports.verifyPasswordWithPepper = exports.verifyPassword = exports.isPasswordStrong = exports.hashPasswordWithPepperSync = exports.hashPasswordSync = exports.hashPasswordWithPepper = exports.hashPassword = void 0;
+var hash_js_1 = require("./hash.js");
+Object.defineProperty(exports, "hashPassword", { enumerable: true, get: function () { return hash_js_1.hashPassword; } });
+Object.defineProperty(exports, "hashPasswordWithPepper", { enumerable: true, get: function () { return hash_js_1.hashPasswordWithPepper; } });
+Object.defineProperty(exports, "hashPasswordSync", { enumerable: true, get: function () { return hash_js_1.hashPasswordSync; } });
+Object.defineProperty(exports, "hashPasswordWithPepperSync", { enumerable: true, get: function () { return hash_js_1.hashPasswordWithPepperSync; } });
+var strength_js_1 = require("./strength.js");
+Object.defineProperty(exports, "isPasswordStrong", { enumerable: true, get: function () { return strength_js_1.isPasswordStrong; } });
+var verify_js_1 = require("./verify.js");
+Object.defineProperty(exports, "verifyPassword", { enumerable: true, get: function () { return verify_js_1.verifyPassword; } });
+Object.defineProperty(exports, "verifyPasswordWithPepper", { enumerable: true, get: function () { return verify_js_1.verifyPasswordWithPepper; } });
+Object.defineProperty(exports, "verifyPasswordSync", { enumerable: true, get: function () { return verify_js_1.verifyPasswordSync; } });
+Object.defineProperty(exports, "verifyPasswordWithPepperSync", { enumerable: true, get: function () { return verify_js_1.verifyPasswordWithPepperSync; } });
+var PasswordManager_js_1 = require("./PasswordManager.js");
+Object.defineProperty(exports, "PasswordManager", { enumerable: true, get: function () { return PasswordManager_js_1.PasswordManager; } });
+var utils_js_1 = require("./utils.js");
+Object.defineProperty(exports, "ensureValidPassword", { enumerable: true, get: function () { return utils_js_1.ensureValidPassword; } });
+Object.defineProperty(exports, "safeCompare", { enumerable: true, get: function () { return utils_js_1.safeCompare; } });
+Object.defineProperty(exports, "estimatePasswordEntropy", { enumerable: true, get: function () { return utils_js_1.estimatePasswordEntropy; } });
+Object.defineProperty(exports, "normalizePassword", { enumerable: true, get: function () { return utils_js_1.normalizePassword; } });

package/dist/cjs/index.js

@@ -10,47 +10,11 @@ var __createBinding = (this && this.__createBinding) || (Object.create ? (functi
     if (k2 === undefined) k2 = k;
     o[k2] = m[k];
 }));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
 var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.InternalServerError = exports.ValidationError = exports.UnauthorizedError = exports.BadRequestError = void 0;
-__exportStar(require("./core/password"), exports);
-__exportStar(require("./core/jwt"), exports);
-__exportStar(require("./core/crypto"), exports);
-// Re-export common errors for convenience
-var errors_1 = require("@naman_deep_singh/errors");
-Object.defineProperty(exports, "BadRequestError", { enumerable: true, get: function () { return errors_1.BadRequestError; } });
-Object.defineProperty(exports, "UnauthorizedError", { enumerable: true, get: function () { return errors_1.UnauthorizedError; } });
-Object.defineProperty(exports, "ValidationError", { enumerable: true, get: function () { return errors_1.ValidationError; } });
-Object.defineProperty(exports, "InternalServerError", { enumerable: true, get: function () { return errors_1.InternalServerError; } });
-const CryptoUtils = __importStar(require("./core/crypto"));
-const JWTUtils = __importStar(require("./core/jwt"));
-const PasswordUtils = __importStar(require("./core/password"));
-exports.default = {
-    ...PasswordUtils,
-    ...JWTUtils,
-    ...CryptoUtils,
-};
+// Core modules
+__exportStar(require("./core/index.js"), exports);
+// Public interfaces
+// export * from './interfaces/index.js'

package/dist/cjs/interfaces/index.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/esm/core/crypto/CryptoManger.js

@@ -0,0 +1,100 @@
+import crypto from 'crypto';
+import { BadRequestError } from '@naman_deep_singh/errors';
+import { decrypt } from './decrypt.js';
+import { encrypt } from './encrypt.js';
+import { hmacSign, hmacVerify } from './hmac.js';
+/**
+ * High-level cryptography manager
+ * Wraps encryption, decryption, HMAC, and random utilities
+ */
+export class CryptoManager {
+    constructor(secret) {
+        if (!secret || typeof secret !== 'string' || secret.length < 16) {
+            throw new BadRequestError({
+                reason: 'CryptoManager secret must be a non-empty string (min 16 chars)',
+            });
+        }
+        this.secret = secret;
+    }
+    /**
+     * Encrypt data using AES-256-GCM
+     */
+    encrypt(data) {
+        if (!data || typeof data !== 'string') {
+            throw new BadRequestError({
+                reason: 'Data to encrypt must be a non-empty string',
+            });
+        }
+        return encrypt(data, this.secret);
+    }
+    /**
+     * Decrypt AES-256-GCM encrypted data
+     */
+    decrypt(encrypted) {
+        if (!encrypted || typeof encrypted !== 'string') {
+            throw new BadRequestError({
+                reason: 'Encrypted value must be a non-empty string',
+            });
+        }
+        return decrypt(encrypted, this.secret);
+    }
+    /**
+     * Create HMAC SHA-256 signature
+     */
+    createHMAC(message) {
+        if (!message || typeof message !== 'string') {
+            throw new BadRequestError({
+                reason: 'Message must be a non-empty string',
+            });
+        }
+        return hmacSign(message, this.secret);
+    }
+    /**
+     * Verify HMAC SHA-256 signature
+     */
+    verifyHMAC(message, signature) {
+        if (!message ||
+            typeof message !== 'string' ||
+            !signature ||
+            typeof signature !== 'string') {
+            return false;
+        }
+        return hmacVerify(message, this.secret, signature);
+    }
+    /**
+     * Generate cryptographically secure random bytes
+     */
+    generateRandomBytes(length = 32) {
+        if (!Number.isInteger(length) || length <= 0) {
+            throw new BadRequestError({
+                reason: 'Random byte length must be a positive integer',
+            });
+        }
+        return crypto.randomBytes(length);
+    }
+    /**
+     * Generate secure random hex string
+     */
+    generateRandomHex(length = 32) {
+        if (!Number.isInteger(length) || length <= 0) {
+            throw new BadRequestError({
+                reason: 'Random hex length must be a positive integer',
+            });
+        }
+        return crypto.randomBytes(length).toString('hex');
+    }
+    /**
+     * Generate secure random string (URL-safe base64)
+     */
+    generateRandomString(length = 32) {
+        if (!Number.isInteger(length) || length <= 0) {
+            throw new BadRequestError({
+                reason: 'Random string length must be a positive integer',
+            });
+        }
+        return crypto
+            .randomBytes(Math.ceil((length * 3) / 4))
+            .toString('base64url')
+            .slice(0, length);
+    }
+}