@naman_deep_singh/security 1.6.0 → 1.7.0

package/dist/esm/core/crypto/index.js

@@ -1,5 +1,5 @@
-export { decrypt } from './decrypt';
-export { encrypt } from './encrypt';
-export { hmacSign, hmacVerify } from './hmac';
-export { randomToken, generateStrongPassword } from './random';
-export * from './cryptoManager';
+export { CryptoManager } from './CryptoManger.js';
+export { encrypt } from './encrypt.js';
+export { decrypt } from './decrypt.js';
+export { hmacSign, hmacVerify } from './hmac.js';
+export { randomToken, generateStrongPassword } from './random.js';

package/dist/esm/core/index.js

@@ -0,0 +1,6 @@
+// Re-export everything from crypto module
+export { CryptoManager, encrypt, decrypt, hmacSign, hmacVerify, randomToken, generateStrongPassword, } from './crypto/index.js';
+// Re-export everything from jwt module
+export { decodeToken, decodeTokenStrict, extractToken, generateTokens, rotateRefreshToken, parseDuration, signToken, validateTokenPayload, isTokenExpired, verifyToken, verifyTokenWithOptions, safeVerifyToken, safeVerifyTokenWithOptions, JWTManager, } from './jwt/index.js';
+// Re-export everything from password module
+export { hashPassword, hashPasswordWithPepper, hashPasswordSync, hashPasswordWithPepperSync, isPasswordStrong, verifyPassword, verifyPasswordWithPepper, verifyPasswordSync, verifyPasswordWithPepperSync, PasswordManager, ensureValidPassword, safeCompare, estimatePasswordEntropy, normalizePassword, } from './password/index.js';

package/dist/esm/core/jwt/{jwtManager.js → JWTManager.js}

@@ -1,8 +1,8 @@
-import jwt from 'jsonwebtoken';
-import { signToken } from './signToken';
-import { safeVerifyToken } from './verify';
 import { BadRequestError, UnauthorizedError, ValidationError, } from '@naman_deep_singh/errors';
 import { LRUCache } from '@naman_deep_singh/utils';
+import jwt from 'jsonwebtoken';
+import { signToken } from './signToken.js';
+import { safeVerifyToken } from './verify.js';
 export class JWTManager {
     constructor(config) {
         this.accessSecret = config.accessSecret;

package/dist/esm/core/jwt/decode.js

@@ -1,5 +1,4 @@
 import { BadRequestError } from '@naman_deep_singh/errors';
-// src/jwt/decodeToken.ts
 import { decode } from 'jsonwebtoken';
 /**
  * Flexible decode

package/dist/esm/core/jwt/generateTokens.js

@@ -1,6 +1,6 @@
 import { TokenMalformedError } from '@naman_deep_singh/errors';
-import { signToken } from './signToken';
-import { verifyToken } from './verify';
+import { signToken } from './signToken.js';
+import { verifyToken } from './verify.js';
 // Helper function to create branded tokens
 /* const createBrandedToken = <T extends string>(token: string, _brand: T): T => {
     return token as T

package/dist/esm/core/jwt/index.js

@@ -1,8 +1,8 @@
-export * from './decode';
-export * from './extractToken';
-export * from './generateTokens';
-export * from './parseDuration';
-export * from './signToken';
-export * from './types';
-export * from './validateToken';
-export * from './verify';
+export { decodeToken, decodeTokenStrict } from './decode.js';
+export { extractToken } from './extractToken.js';
+export { generateTokens, rotateRefreshToken } from './generateTokens.js';
+export { parseDuration } from './parseDuration.js';
+export { signToken } from './signToken.js';
+export { validateTokenPayload, isTokenExpired, } from './validateToken.js';
+export { verifyToken, verifyTokenWithOptions, safeVerifyToken, safeVerifyTokenWithOptions, } from './verify.js';
+export { JWTManager } from './JWTManager.js';

package/dist/esm/core/jwt/signToken.js

@@ -1,6 +1,6 @@
 import { ValidationError } from '@naman_deep_singh/errors';
 import { sign } from 'jsonwebtoken';
-import { parseDuration } from './parseDuration';
+import { parseDuration } from './parseDuration.js';
 function getExpiryTimestamp(seconds) {
     return Math.floor(Date.now() / 1000) + seconds;
 }

package/dist/esm/core/password/{passwordManager.js → PasswordManager.js}

@@ -1,7 +1,7 @@
 import crypto from 'crypto';
 import bcrypt from 'bcryptjs';
 import { BadRequestError, ValidationError } from '@naman_deep_singh/errors';
-import { ensureValidPassword, estimatePasswordEntropy } from './utils';
+import { ensureValidPassword, estimatePasswordEntropy } from './utils.js';
 export class PasswordManager {
     constructor(config = {}) {
         this.defaultConfig = {

package/dist/esm/core/password/hash.js

@@ -1,6 +1,6 @@
 import { InternalServerError } from '@naman_deep_singh/errors';
 import bcrypt from 'bcryptjs';
-import { ensureValidPassword } from './utils';
+import { ensureValidPassword } from './utils.js';
 /**
  * Hash a password asynchronously using bcrypt.
  */
@@ -11,7 +11,7 @@ export const hashPassword = async (password, saltRounds = 10) => {
         return bcrypt.hash(password, salt);
     }
     catch (error) {
-        throw new InternalServerError({ reason: 'Password hashing failed' }, error instanceof Error ? error : undefined);
+        throw new InternalServerError(undefined, { reason: 'Password hashing failed' }, error instanceof Error ? error : undefined);
     }
 };
 export function hashPasswordWithPepper(password, pepper) {
@@ -27,7 +27,7 @@ export const hashPasswordSync = (password, saltRounds = 10) => {
         return bcrypt.hashSync(password, salt);
     }
     catch (error) {
-        throw new InternalServerError({ reason: 'Password hashing failed' }, error instanceof Error ? error : undefined);
+        throw new InternalServerError(undefined, { reason: 'Password hashing failed' }, error instanceof Error ? error : undefined);
     }
 };
 export function hashPasswordWithPepperSync(password, pepper) {

package/dist/esm/core/password/index.js

@@ -1,3 +1,5 @@
-export * from './hash';
-export * from './strength';
-export * from './verify';
+export { hashPassword, hashPasswordWithPepper, hashPasswordSync, hashPasswordWithPepperSync, } from './hash.js';
+export { isPasswordStrong } from './strength.js';
+export { verifyPassword, verifyPasswordWithPepper, verifyPasswordSync, verifyPasswordWithPepperSync, } from './verify.js';
+export { PasswordManager } from './PasswordManager.js';
+export { ensureValidPassword, safeCompare, estimatePasswordEntropy, normalizePassword, } from './utils.js';

package/dist/esm/index.js

@@ -1,13 +1,4 @@
-export * from './core/password';
-export * from './core/jwt';
-export * from './core/crypto';
-// Re-export common errors for convenience
-export { BadRequestError, UnauthorizedError, ValidationError, InternalServerError, } from '@naman_deep_singh/errors';
-import * as CryptoUtils from './core/crypto';
-import * as JWTUtils from './core/jwt';
-import * as PasswordUtils from './core/password';
-export default {
-    ...PasswordUtils,
-    ...JWTUtils,
-    ...CryptoUtils,
-};
+// Core modules
+export * from './core/index.js';
+// Public interfaces
+// export * from './interfaces/index.js'

package/dist/esm/interfaces/index.js

@@ -0,0 +1 @@
+export {};

package/dist/types/core/crypto/CryptoManger.d.ts

@@ -0,0 +1,36 @@
+/**
+ * High-level cryptography manager
+ * Wraps encryption, decryption, HMAC, and random utilities
+ */
+export declare class CryptoManager {
+    private readonly secret;
+    constructor(secret: string);
+    /**
+     * Encrypt data using AES-256-GCM
+     */
+    encrypt(data: string): string;
+    /**
+     * Decrypt AES-256-GCM encrypted data
+     */
+    decrypt(encrypted: string): string;
+    /**
+     * Create HMAC SHA-256 signature
+     */
+    createHMAC(message: string): string;
+    /**
+     * Verify HMAC SHA-256 signature
+     */
+    verifyHMAC(message: string, signature: string): boolean;
+    /**
+     * Generate cryptographically secure random bytes
+     */
+    generateRandomBytes(length?: number): Buffer;
+    /**
+     * Generate secure random hex string
+     */
+    generateRandomHex(length?: number): string;
+    /**
+     * Generate secure random string (URL-safe base64)
+     */
+    generateRandomString(length?: number): string;
+}

package/dist/types/core/crypto/index.d.ts

@@ -1,5 +1,5 @@
-export { decrypt } from './decrypt';
-export { encrypt } from './encrypt';
-export { hmacSign, hmacVerify } from './hmac';
-export { randomToken, generateStrongPassword } from './random';
-export * from './cryptoManager';
+export { CryptoManager } from './CryptoManger.js';
+export { encrypt } from './encrypt.js';
+export { decrypt } from './decrypt.js';
+export { hmacSign, hmacVerify } from './hmac.js';
+export { randomToken, generateStrongPassword } from './random.js';

package/dist/types/core/index.d.ts

@@ -0,0 +1,3 @@
+export { CryptoManager, encrypt, decrypt, hmacSign, hmacVerify, randomToken, generateStrongPassword, } from './crypto/index.js';
+export { decodeToken, decodeTokenStrict, extractToken, generateTokens, rotateRefreshToken, parseDuration, signToken, validateTokenPayload, isTokenExpired, verifyToken, verifyTokenWithOptions, safeVerifyToken, safeVerifyTokenWithOptions, JWTManager, type TokenSources, type AccessToken, type RefreshToken, type TokenPair, type VerificationResult, type TokenValidationOptions, type TokenRequirements, } from './jwt/index.js';
+export { hashPassword, hashPasswordWithPepper, hashPasswordSync, hashPasswordWithPepperSync, isPasswordStrong, verifyPassword, verifyPasswordWithPepper, verifyPasswordSync, verifyPasswordWithPepperSync, PasswordManager, type PasswordStrengthOptions, ensureValidPassword, safeCompare, estimatePasswordEntropy, normalizePassword, } from './password/index.js';

package/dist/{esm/core/jwt/jwtManager.d.ts → types/core/jwt/JWTManager.d.ts}

@@ -1,5 +1,5 @@
 import { type JwtPayload, type Secret } from 'jsonwebtoken';
-import type { AccessToken, ITokenManager, JWTConfig, RefreshToken, TokenPair } from '../../interfaces/jwt.interface';
+import type { AccessToken, ITokenManager, JWTConfig, RefreshToken, TokenPair } from '../../interfaces/jwt.interface.js';
 export declare class JWTManager implements ITokenManager {
     private accessSecret;
     private refreshSecret;

package/dist/types/core/jwt/generateTokens.d.ts

@@ -1,4 +1,4 @@
 import type { Secret } from 'jsonwebtoken';
-import type { RefreshToken, TokenPair } from './types';
+import type { RefreshToken, TokenPair } from './types.js';
 export declare const generateTokens: (payload: Record<string, unknown>, accessSecret: Secret, refreshSecret: Secret, accessExpiry?: string | number, refreshExpiry?: string | number) => TokenPair;
 export declare function rotateRefreshToken(oldToken: string, secret: Secret): RefreshToken;

package/dist/types/core/jwt/index.d.ts

@@ -1,8 +1,9 @@
-export * from './decode';
-export * from './extractToken';
-export * from './generateTokens';
-export * from './parseDuration';
-export * from './signToken';
-export * from './types';
-export * from './validateToken';
-export * from './verify';
+export { decodeToken, decodeTokenStrict } from './decode.js';
+export { extractToken, type TokenSources } from './extractToken.js';
+export { generateTokens, rotateRefreshToken } from './generateTokens.js';
+export { parseDuration } from './parseDuration.js';
+export { signToken } from './signToken.js';
+export { type AccessToken, type RefreshToken, type TokenPair, type VerificationResult, type TokenValidationOptions, } from './types.js';
+export { validateTokenPayload, isTokenExpired, type TokenRequirements, } from './validateToken.js';
+export { verifyToken, verifyTokenWithOptions, safeVerifyToken, safeVerifyTokenWithOptions, } from './verify.js';
+export { JWTManager } from './JWTManager.js';

package/dist/types/core/jwt/verify.d.ts

@@ -1,5 +1,5 @@
 import { type JwtPayload, type Secret, type VerifyOptions } from 'jsonwebtoken';
-import type { VerificationResult } from './types';
+import type { VerificationResult } from './types.js';
 /**
  * Verify token (throws UnauthorizedError if invalid or expired)
  */

package/dist/types/core/password/{passwordManager.d.ts → PasswordManager.d.ts}

@@ -1,4 +1,4 @@
-import type { HashedPassword, IPasswordManager, PasswordConfig, PasswordStrength, PasswordValidationResult } from '../../interfaces/password.interface';
+import type { HashedPassword, IPasswordManager, PasswordConfig, PasswordStrength, PasswordValidationResult } from '../../interfaces/password.interface.js';
 export declare class PasswordManager implements IPasswordManager {
     private defaultConfig;
     constructor(config?: PasswordConfig);

package/dist/types/core/password/index.d.ts

@@ -1,3 +1,6 @@
-export * from './hash';
-export * from './strength';
-export * from './verify';
+export { hashPassword, hashPasswordWithPepper, hashPasswordSync, hashPasswordWithPepperSync, } from './hash.js';
+export { isPasswordStrong } from './strength.js';
+export { verifyPassword, verifyPasswordWithPepper, verifyPasswordSync, verifyPasswordWithPepperSync, } from './verify.js';
+export { PasswordManager } from './PasswordManager.js';
+export { type PasswordStrengthOptions } from './types.js';
+export { ensureValidPassword, safeCompare, estimatePasswordEntropy, normalizePassword, } from './utils.js';

package/dist/types/core/password/strength.d.ts

@@ -1,2 +1,2 @@
-import type { PasswordStrengthOptions } from './types';
+import type { PasswordStrengthOptions } from './types.js';
 export declare const isPasswordStrong: (password: string, options?: PasswordStrengthOptions) => boolean;

package/dist/types/index.d.ts

@@ -1,40 +1 @@
-export * from './core/password';
-export * from './core/jwt';
-export * from './core/crypto';
-export { BadRequestError, UnauthorizedError, ValidationError, InternalServerError, } from '@naman_deep_singh/errors';
-import * as CryptoUtils from './core/crypto';
-import * as JWTUtils from './core/jwt';
-declare const _default: {
-    decrypt: (data: string, secret: string) => string;
-    encrypt: (text: string, secret: string) => string;
-    hmacSign: (message: string, secret: string) => string;
-    hmacVerify: (message: string, secret: string, signature: string) => boolean;
-    randomToken: (length?: number) => string;
-    generateStrongPassword: (length?: number) => string;
-    CryptoManager: typeof CryptoUtils.CryptoManager;
-    createCryptoManager: (config?: CryptoUtils.CryptoManagerConfig) => CryptoUtils.CryptoManager;
-    cryptoManager: CryptoUtils.CryptoManager;
-    decodeToken(token: string): null | string | import("node_modules/@types/jsonwebtoken").JwtPayload;
-    decodeTokenStrict(token: string): import("node_modules/@types/jsonwebtoken").JwtPayload;
-    extractToken(sources: JWTUtils.TokenSources): string | null;
-    rotateRefreshToken(oldToken: string, secret: import("node_modules/@types/jsonwebtoken").Secret): JWTUtils.RefreshToken;
-    generateTokens: (payload: Record<string, unknown>, accessSecret: import("node_modules/@types/jsonwebtoken").Secret, refreshSecret: import("node_modules/@types/jsonwebtoken").Secret, accessExpiry?: string | number, refreshExpiry?: string | number) => JWTUtils.TokenPair;
-    parseDuration(input: string | number): number;
-    signToken: (payload: Record<string, unknown>, secret: import("node_modules/@types/jsonwebtoken").Secret, expiresIn?: string | number, options?: import("node_modules/@types/jsonwebtoken").SignOptions) => string;
-    validateTokenPayload(payload: Record<string, unknown>, rules?: JWTUtils.TokenRequirements): void;
-    isTokenExpired(payload: import("node_modules/@types/jsonwebtoken").JwtPayload): boolean;
-    verifyToken: (token: string, secret: import("node_modules/@types/jsonwebtoken").Secret) => string | import("node_modules/@types/jsonwebtoken").JwtPayload;
-    verifyTokenWithOptions: (token: string, secret: import("node_modules/@types/jsonwebtoken").Secret, options?: import("node_modules/@types/jsonwebtoken").VerifyOptions) => string | import("node_modules/@types/jsonwebtoken").JwtPayload;
-    safeVerifyToken: (token: string, secret: import("node_modules/@types/jsonwebtoken").Secret) => JWTUtils.VerificationResult;
-    safeVerifyTokenWithOptions: (token: string, secret: import("node_modules/@types/jsonwebtoken").Secret, options?: import("node_modules/@types/jsonwebtoken").VerifyOptions) => JWTUtils.VerificationResult;
-    hashPasswordWithPepper(password: string, pepper: string): Promise<string>;
-    hashPasswordWithPepperSync(password: string, pepper: string): string;
-    hashPassword: (password: string, saltRounds?: number) => Promise<string>;
-    hashPasswordSync: (password: string, saltRounds?: number) => string;
-    isPasswordStrong: (password: string, options?: import("./core/password/types").PasswordStrengthOptions) => boolean;
-    verifyPasswordWithPepper(password: string, pepper: string, hash: string): Promise<boolean>;
-    verifyPasswordWithPepperSync(password: string, pepper: string, hash: string): Promise<boolean>;
-    verifyPassword: (password: string, hash: string) => Promise<boolean>;
-    verifyPasswordSync: (password: string, hash: string) => boolean;
-};
-export default _default;
+export * from './core/index.js';

package/dist/types/interfaces/index.d.ts

@@ -0,0 +1,2 @@
+export type { AccessToken, RefreshToken, TokenPair, JWTConfig, TokenValidationOptions, TokenGenerationOptions, ITokenManager, } from './jwt.interface.js';
+export type { PasswordConfig, PasswordRule, PasswordStrength, PasswordValidationResult, HashedPassword, IPasswordManager, IPasswordStrengthChecker, } from './password.interface.js';

package/package.json

@@ -1,15 +1,41 @@
 {
   "name": "@naman_deep_singh/security",
-  "version": "1.6.0",
+  "version": "1.7.0",
   "description": "Security utilities for password hashing and JWT token management with TypeScript",
   "type": "module",
   "main": "./dist/cjs/index.js",
   "module": "./dist/esm/index.js",
+  "types": "./dist/types/index.d.ts",
   "exports": {
     ".": {
       "import": "./dist/esm/index.js",
       "require": "./dist/cjs/index.js",
       "types": "./dist/types/index.d.ts"
+    },
+    "./core": {
+      "import": "./dist/esm/core/index.js",
+      "require": "./dist/cjs/core/index.js",
+      "types": "./dist/types/core/index.d.ts"
+    },
+    "./core/crypto": {
+      "import": "./dist/esm/core/crypto/index.js",
+      "require": "./dist/cjs/core/crypto/index.js",
+      "types": "./dist/types/core/crypto/index.d.ts"
+    },
+    "./core/jwt": {
+      "import": "./dist/esm/core/jwt/index.js",
+      "require": "./dist/cjs/core/jwt/index.js",
+      "types": "./dist/types/core/jwt/index.d.ts"
+    },
+    "./core/password": {
+      "import": "./dist/esm/core/password/index.js",
+      "require": "./dist/cjs/core/password/index.js",
+      "types": "./dist/types/core/password/index.d.ts"
+    },
+    "./interfaces": {
+      "import": "./dist/esm/interfaces/index.js",
+      "require": "./dist/cjs/interfaces/index.js",
+      "types": "./dist/types/interfaces/index.d.ts"
     }
   },
   "sideEffects": false,
@@ -28,8 +54,8 @@
   "author": "Naman Deep Singh",
   "license": "ISC",
   "dependencies": {
-    "@naman_deep_singh/errors": "^2.1.0",
-    "@naman_deep_singh/utils": "^2.1.1",
+    "@naman_deep_singh/errors": "^2.3.0",
+    "@naman_deep_singh/utils": "^2.4.0",
     "bcryptjs": "^3.0.3",
     "jsonwebtoken": "^9.0.2"
   },
@@ -44,7 +70,7 @@
   },
   "scripts": {
     "build": "pnpm run build:types && tsc -p tsconfig.cjs.json && tsc -p tsconfig.esm.json",
-    "build:types": "tsc -p tsconfig.base.json --emitDeclarationOnly --outDir dist/types",
+    "build:types": "tsc -p tsconfig.types.json",
     "clean": "rimraf dist"
   }
 }

package/dist/cjs/core/crypto/cryptoManager.d.ts

@@ -1,111 +0,0 @@
-/**
- * Configuration options for CryptoManager
- */
-export interface CryptoManagerConfig {
-    defaultAlgorithm?: string;
-    defaultEncoding?: BufferEncoding;
-    hmacAlgorithm?: string;
-}
-/**
- * CryptoManager - Class-based wrapper for all cryptographic operations
- * Provides a consistent interface for encryption, decryption, HMAC generation, and secure random generation
- */
-export declare class CryptoManager {
-    private config;
-    constructor(config?: CryptoManagerConfig);
-    /**
-     * Update configuration
-     */
-    updateConfig(config: Partial<CryptoManagerConfig>): void;
-    /**
-     * Get current configuration
-     */
-    getConfig(): Required<CryptoManagerConfig>;
-    /**
-     * Encrypt data using the default or specified algorithm
-     */
-    encrypt(plaintext: string, key: string, _options?: {
-        algorithm?: string;
-        encoding?: BufferEncoding;
-        iv?: string;
-    }): string;
-    /**
-     * Decrypt data using the default or specified algorithm
-     */
-    decrypt(encryptedData: string, key: string, _options?: {
-        algorithm?: string;
-        encoding?: BufferEncoding;
-        iv?: string;
-    }): string;
-    /**
-     * Generate HMAC signature
-     */
-    generateHmac(data: string, secret: string, _options?: {
-        algorithm?: string;
-        encoding?: BufferEncoding;
-    }): string;
-    /**
-     * Generate cryptographically secure random bytes
-     */
-    generateSecureRandom(length: number, _encoding?: BufferEncoding): string;
-    /**
-     * Verify HMAC signature
-     */
-    verifyHmac(data: string, secret: string, signature: string, _options?: {
-        algorithm?: string;
-        encoding?: BufferEncoding;
-    }): boolean;
-    /**
-     * Create a key derivation function using PBKDF2
-     */
-    deriveKey(password: string, salt: string, iterations?: number, keyLength?: number): Promise<string>;
-    /**
-     * Hash data using SHA-256
-     */
-    sha256(data: string, encoding?: BufferEncoding): string;
-    /**
-     * Hash data using SHA-512
-     */
-    sha512(data: string, encoding?: BufferEncoding): string;
-    /**
-     * Generate a secure key pair for asymmetric encryption
-     */
-    generateKeyPair(options?: {
-        modulusLength?: number;
-        publicKeyEncoding?: {
-            type: string;
-            format: string;
-        };
-        privateKeyEncoding?: {
-            type: string;
-            format: string;
-        };
-    }): Promise<{
-        publicKey: string;
-        privateKey: string;
-    }>;
-    /**
-     * Encrypt data using RSA public key
-     */
-    rsaEncrypt(data: string, publicKey: string): Promise<string>;
-    /**
-     * Decrypt data using RSA private key
-     */
-    rsaDecrypt(encryptedData: string, privateKey: string): Promise<string>;
-    /**
-     * Create digital signature using RSA private key
-     */
-    rsaSign(data: string, privateKey: string, algorithm?: string): Promise<string>;
-    /**
-     * Verify digital signature using RSA public key
-     */
-    rsaVerify(data: string, signature: string, publicKey: string, algorithm?: string): Promise<boolean>;
-}
-/**
- * Create a CryptoManager instance with default configuration
- */
-export declare const createCryptoManager: (config?: CryptoManagerConfig) => CryptoManager;
-/**
- * Default CryptoManager instance
- */
-export declare const cryptoManager: CryptoManager;