@node-cli/secret 1.0.7 → 1.2.0

package/README.md

@@ -2,15 +2,64 @@
 
 ![npm](https://img.shields.io/npm/v/@node-cli/secret?label=version&logo=npm)
 
-> Secret is a command line tool that can encode or decode a file with a password.
+> Secret is a command line tool that can encode or decode a file with a password. It also exposes a library to be used in other projects.
 
-## Installation
+## Installation as a CLI
 
 ```sh
 > npm install --global @node-cli/secret
 ```
 
-## Examples
+## Installation as a library
+
+```sh
+> cd your-project
+> npm install @node-cli/secret
+```
+
+## Usage as a library
+
+### Encrypt a string with a password
+
+```js
+import { encrypt } from "@node-cli/secret";
+const encrypted = encrypt("password", "Hello World");
+```
+
+### Decrypt a string with a password
+
+```js
+import { decrypt } from "@node-cli/secret";
+const decrypted = decrypt("password", encrypted);
+```
+
+### Hash a password with a default salt
+
+```js
+import { hashPassword } from "@node-cli/secret";
+const hashed = hashPassword("password");
+// hashed === "some-default-salt:some-hex-string
+```
+
+### Hash a password with a custom salt
+
+```js
+import { createSalt, hashPassword } from "@node-cli/secret";
+const salt = createSalt(42);
+const hashed = hashPassword("password", salt);
+// hashed === "some-salt:some-hex-string
+```
+
+### Verify a password against a hash
+
+```js
+import { hashPassword, verifyPassword } from "@node-cli/secret";
+const hashed = hashPassword("password");
+const isVerified = verifyPassword("password", hashed);
+// isVerified === true
+```
+
+## Usage as a CLI
 
 NOTE: The password is not stored anywhere, it is only used to encrypt or decrypt the file and will be prompted each time.
 

package/dist/index.d.ts

@@ -2,6 +2,7 @@
  * @file Automatically generated by barrelsby.
  */
 
+export * from "./lib";
 export * from "./parse";
 export * from "./secret";
 export * from "./utilities";

package/dist/lib.d.ts

@@ -0,0 +1,55 @@
+import { Logger } from "@node-cli/logger";
+export declare const logger: Logger;
+/**
+ * Create an hexadecimal hash from a given string. The default
+ * algorithm is md5 but it can be changed to anything that
+ * crypto.createHash allows.
+ * @param  {String} string            the string to hash
+ * @param  {String} [algorithm='md5'] the algorithm to use or hashing
+ * @return {String}                   the hashed string in hexa format
+ */
+export declare const createHash: (string: string, algorithm?: string) => string;
+/**
+ * Creates a random SALT value using the crypto library.
+ * @param  {Number} [bytes=256] the number of bytes to generate
+ * @return {String}            the generated salt in hexa format
+ */
+export declare const createSalt: (bytes?: number) => string;
+/**
+ * Encrypts a string or a buffer using AES-256-CTR
+ * algorithm.
+ * @param  {String} password a unique password
+ * @param  {String} data     a string to encrypt
+ * @return {String} the encrypted data in hexa
+ *   encoding, followed by a dollar sign ($) and by a
+ *   unique random initialization vector.
+ */
+export declare const encrypt: (password: string, data: string) => string;
+/**
+ * Decrypts a string that was encrypted using the
+ * AES-256-CRT algorithm via `encrypt`. It expects
+ * the encrypted string to have the corresponding
+ * initialization vector appended at the end, after
+ * a dollar sign ($) - which was done via the
+ * corresponding `encrypt` method.
+ * @param  {String} password a unique password
+ * @param  {String} data     a string to decrypt
+ * @return {String}          the decrypted data
+ */
+export declare const decrypt: (password: string, data: string) => string;
+/**
+ * Method to hash a password using the scrypt algorithm.
+ *
+ * @param {String} password  the password to hash
+ * @param {String} salt      the salt to use
+ * @returns {String} the hashed password
+ */
+export declare const hashPassword: (password: string, salt?: string) => string;
+/**
+ * Method to verify a password against a hash using the scrypt algorithm.
+ *
+ * @param {String} password  the password to verify
+ * @param {String} hash      the hash to verify against
+ * @returns {Boolean} true if the password is correct, false otherwise
+ */
+export declare const verifyPassword: (password: string, hash: string) => boolean;

package/dist/lib.js

@@ -0,0 +1,134 @@
+import crypto from "node:crypto";
+import { Logger } from "@node-cli/logger";
+export const logger = new Logger({
+    boring: process.env.NODE_ENV === "test"
+});
+const HEX = "hex";
+const UTF8 = "utf8";
+const DEFAULT_CRYPTO_ALGO = "aes-256-ctr";
+const DEFAULT_HASH_ALGO = "md5";
+const DEFAULT_BYTES_FOR_IV = 16;
+const DEFAULT_BYTES_FOR_SALT = 256;
+const DEFAULT_SALT_SIZE_FOR_HASH = 16;
+/**
+ * Create an hexadecimal hash from a given string. The default
+ * algorithm is md5 but it can be changed to anything that
+ * crypto.createHash allows.
+ * @param  {String} string            the string to hash
+ * @param  {String} [algorithm='md5'] the algorithm to use or hashing
+ * @return {String}                   the hashed string in hexa format
+ */ export const createHash = (string, algorithm = DEFAULT_HASH_ALGO)=>{
+    return crypto.createHash(algorithm).update(string, UTF8).digest(HEX);
+};
+/**
+ * Creates a random SALT value using the crypto library.
+ * @param  {Number} [bytes=256] the number of bytes to generate
+ * @return {String}            the generated salt in hexa format
+ */ export const createSalt = (bytes)=>{
+    bytes = bytes || DEFAULT_BYTES_FOR_SALT;
+    return crypto.randomBytes(bytes).toString(HEX);
+};
+/**
+ * Encrypts a string or a buffer using AES-256-CTR
+ * algorithm.
+ * @param  {String} password a unique password
+ * @param  {String} data     a string to encrypt
+ * @return {String} the encrypted data in hexa
+ *   encoding, followed by a dollar sign ($) and by a
+ *   unique random initialization vector.
+ */ export const encrypt = (password, data)=>{
+    // Ensure that the initialization vector (IV) is random.
+    const iv = crypto.randomBytes(DEFAULT_BYTES_FOR_IV);
+    // Hash the given password (result is always the same).
+    const key = createHash(password);
+    // Create a cipher.
+    const cipher = crypto.createCipheriv(DEFAULT_CRYPTO_ALGO, key, iv);
+    // Encrypt the data using the newly created cipher.
+    const encrypted = cipher.update(data, UTF8, HEX) + cipher.final(HEX);
+    /*
+	 * Append the IV at the end of the encrypted data
+	 * to reuse it for decryption (IV is not a key,
+	 * it can be public).
+	 */ return `${encrypted}$${iv.toString(HEX)}`;
+};
+/**
+ * Decrypts a string that was encrypted using the
+ * AES-256-CRT algorithm via `encrypt`. It expects
+ * the encrypted string to have the corresponding
+ * initialization vector appended at the end, after
+ * a dollar sign ($) - which was done via the
+ * corresponding `encrypt` method.
+ * @param  {String} password a unique password
+ * @param  {String} data     a string to decrypt
+ * @return {String}          the decrypted data
+ */ export const decrypt = (password, data)=>{
+    // Extract encrypted data and initialization vector (IV).
+    const [encrypted, ivHex] = data.split("$");
+    // Create a buffer out of the raw hex IV
+    const iv = Buffer.from(ivHex, HEX);
+    // Hash the given password (result is always the same).
+    const hash = createHash(password);
+    // Create a cipher.
+    const decipher = crypto.createDecipheriv(DEFAULT_CRYPTO_ALGO, hash, iv);
+    // Return the decrypted data using the newly created cipher.
+    return decipher.update(encrypted, HEX, UTF8) + decipher.final("utf8");
+};
+/**
+ * Function using the scrypt Password-Based Key Derivation method.
+ * It generates a derived key of a given length from the given data
+ * and salt.
+ *
+ * @param {String} data  the data to derive the key from
+ * @param {String} salt  the salt to use
+ * @returns {String} the derived key in hex format
+ */ function generateScryptKey(data, salt) {
+    const encodedData = new TextEncoder().encode(data);
+    const encodedSalt = new TextEncoder().encode(salt);
+    /**
+	 * The scryptSync parameters are based on the following recommendations:
+	 * - The cost parameter should be set as high as possible without causing
+	 *     significant performance degradation. OWASP recommends a cost of 2^17,
+	 *     but this fails on some systems due to the high memory requirements.
+	 * - The blockSize parameter should be set to 8 at a minimum.
+	 * - The parallelization parameter should be set to 1.
+	 * - The size parameter should be set to 64.
+	 *
+	 * Reference:
+	 * https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html
+	 */ const derivedKey = crypto.scryptSync(encodedData, encodedSalt, 64, {
+        cost: Math.pow(2, 14),
+        blockSize: 8,
+        parallelization: 1
+    });
+    return derivedKey.toString(HEX);
+}
+/**
+ * Method to hash a password using the scrypt algorithm.
+ *
+ * @param {String} password  the password to hash
+ * @param {String} salt      the salt to use
+ * @returns {String} the hashed password
+ */ export const hashPassword = (password, salt)=>{
+    const pepper = salt || createSalt(DEFAULT_SALT_SIZE_FOR_HASH);
+    const key = generateScryptKey(password.normalize("NFKC"), pepper);
+    return `${pepper}:${key}`;
+};
+/**
+ * Method to verify a password against a hash using the scrypt algorithm.
+ *
+ * @param {String} password  the password to verify
+ * @param {String} hash      the hash to verify against
+ * @returns {Boolean} true if the password is correct, false otherwise
+ */ export const verifyPassword = (password, hash)=>{
+    const [salt, key] = hash.split(":");
+    const keyBuffer = Buffer.from(key, HEX);
+    const derivedKey = generateScryptKey(password.normalize("NFKC"), salt);
+    const derivedKeyBuffer = Buffer.from(derivedKey, HEX);
+    try {
+        return crypto.timingSafeEqual(keyBuffer, derivedKeyBuffer);
+    } catch (_error) {
+        return false;
+    }
+};
+
+//# sourceMappingURL=lib.js.map

package/dist/lib.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/lib.ts"],"sourcesContent":["import crypto from \"node:crypto\";\nimport { Logger } from \"@node-cli/logger\";\n\nexport const logger = new Logger({\n\tboring: process.env.NODE_ENV === \"test\",\n});\n\nconst HEX = \"hex\";\nconst UTF8 = \"utf8\";\n\nconst DEFAULT_CRYPTO_ALGO = \"aes-256-ctr\";\nconst DEFAULT_HASH_ALGO = \"md5\";\nconst DEFAULT_BYTES_FOR_IV = 16;\nconst DEFAULT_BYTES_FOR_SALT = 256;\nconst DEFAULT_SALT_SIZE_FOR_HASH = 16;\n\n/**\n * Create an hexadecimal hash from a given string. The default\n * algorithm is md5 but it can be changed to anything that\n * crypto.createHash allows.\n * @param  {String} string            the string to hash\n * @param  {String} [algorithm='md5'] the algorithm to use or hashing\n * @return {String}                   the hashed string in hexa format\n */\nexport const createHash = (\n\tstring: string,\n\talgorithm: string = DEFAULT_HASH_ALGO,\n): string => {\n\treturn crypto.createHash(algorithm).update(string, UTF8).digest(HEX);\n};\n\n/**\n * Creates a random SALT value using the crypto library.\n * @param  {Number} [bytes=256] the number of bytes to generate\n * @return {String}            the generated salt in hexa format\n */\nexport const createSalt = (bytes?: number): string => {\n\tbytes = bytes || DEFAULT_BYTES_FOR_SALT;\n\treturn crypto.randomBytes(bytes).toString(HEX);\n};\n\n/**\n * Encrypts a string or a buffer using AES-256-CTR\n * algorithm.\n * @param  {String} password a unique password\n * @param  {String} data     a string to encrypt\n * @return {String} the encrypted data in hexa\n *   encoding, followed by a dollar sign ($) and by a\n *   unique random initialization vector.\n */\nexport const encrypt = (password: string, data: string): string => {\n\t// Ensure that the initialization vector (IV) is random.\n\tconst iv = crypto.randomBytes(DEFAULT_BYTES_FOR_IV);\n\t// Hash the given password (result is always the same).\n\tconst key = createHash(password);\n\t// Create a cipher.\n\tconst cipher = crypto.createCipheriv(DEFAULT_CRYPTO_ALGO, key, iv);\n\t// Encrypt the data using the newly created cipher.\n\tconst encrypted = cipher.update(data, UTF8, HEX) + cipher.final(HEX);\n\t/*\n\t * Append the IV at the end of the encrypted data\n\t * to reuse it for decryption (IV is not a key,\n\t * it can be public).\n\t */\n\treturn `${encrypted}$${iv.toString(HEX)}`;\n};\n\n/**\n * Decrypts a string that was encrypted using the\n * AES-256-CRT algorithm via `encrypt`. It expects\n * the encrypted string to have the corresponding\n * initialization vector appended at the end, after\n * a dollar sign ($) - which was done via the\n * corresponding `encrypt` method.\n * @param  {String} password a unique password\n * @param  {String} data     a string to decrypt\n * @return {String}          the decrypted data\n */\nexport const decrypt = (password: string, data: string): string => {\n\t// Extract encrypted data and initialization vector (IV).\n\tconst [encrypted, ivHex] = data.split(\"$\");\n\t// Create a buffer out of the raw hex IV\n\tconst iv = Buffer.from(ivHex, HEX);\n\t// Hash the given password (result is always the same).\n\tconst hash = createHash(password);\n\t// Create a cipher.\n\tconst decipher = crypto.createDecipheriv(DEFAULT_CRYPTO_ALGO, hash, iv);\n\t// Return the decrypted data using the newly created cipher.\n\treturn decipher.update(encrypted, HEX, UTF8) + decipher.final(\"utf8\");\n};\n\n/**\n * Function using the scrypt Password-Based Key Derivation method.\n * It generates a derived key of a given length from the given data\n * and salt.\n *\n * @param {String} data  the data to derive the key from\n * @param {String} salt  the salt to use\n * @returns {String} the derived key in hex format\n */\nfunction generateScryptKey(data: string, salt: string): string {\n\tconst encodedData = new TextEncoder().encode(data);\n\tconst encodedSalt = new TextEncoder().encode(salt);\n\t/**\n\t * The scryptSync parameters are based on the following recommendations:\n\t * - The cost parameter should be set as high as possible without causing\n\t *     significant performance degradation. OWASP recommends a cost of 2^17,\n\t *     but this fails on some systems due to the high memory requirements.\n\t * - The blockSize parameter should be set to 8 at a minimum.\n\t * - The parallelization parameter should be set to 1.\n\t * - The size parameter should be set to 64.\n\t *\n\t * Reference:\n\t * https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html\n\t */\n\tconst derivedKey = crypto.scryptSync(encodedData, encodedSalt, 64, {\n\t\tcost: Math.pow(2, 14),\n\t\tblockSize: 8,\n\t\tparallelization: 1,\n\t});\n\treturn (derivedKey as Buffer).toString(HEX);\n}\n\n/**\n * Method to hash a password using the scrypt algorithm.\n *\n * @param {String} password  the password to hash\n * @param {String} salt      the salt to use\n * @returns {String} the hashed password\n */\nexport const hashPassword = (password: string, salt?: string): string => {\n\tconst pepper = salt || createSalt(DEFAULT_SALT_SIZE_FOR_HASH);\n\tconst key = generateScryptKey(password.normalize(\"NFKC\"), pepper);\n\treturn `${pepper}:${key}`;\n};\n\n/**\n * Method to verify a password against a hash using the scrypt algorithm.\n *\n * @param {String} password  the password to verify\n * @param {String} hash      the hash to verify against\n * @returns {Boolean} true if the password is correct, false otherwise\n */\nexport const verifyPassword = (password: string, hash: string): boolean => {\n\tconst [salt, key] = hash.split(\":\");\n\tconst keyBuffer = Buffer.from(key, HEX);\n\n\tconst derivedKey = generateScryptKey(password.normalize(\"NFKC\"), salt);\n\tconst derivedKeyBuffer = Buffer.from(derivedKey, HEX);\n\n\ttry {\n\t\treturn crypto.timingSafeEqual(keyBuffer, derivedKeyBuffer);\n\t} catch (_error) {\n\t\treturn false;\n\t}\n};\n"],"names":["crypto","Logger","logger","boring","process","env","NODE_ENV","HEX","UTF8","DEFAULT_CRYPTO_ALGO","DEFAULT_HASH_ALGO","DEFAULT_BYTES_FOR_IV","DEFAULT_BYTES_FOR_SALT","DEFAULT_SALT_SIZE_FOR_HASH","createHash","string","algorithm","update","digest","createSalt","bytes","randomBytes","toString","encrypt","password","data","iv","key","cipher","createCipheriv","encrypted","final","decrypt","ivHex","split","Buffer","from","hash","decipher","createDecipheriv","generateScryptKey","salt","encodedData","TextEncoder","encode","encodedSalt","derivedKey","scryptSync","cost","Math","pow","blockSize","parallelization","hashPassword","pepper","normalize","verifyPassword","keyBuffer","derivedKeyBuffer","timingSafeEqual","_error"],"rangeMappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;","mappings":"AAAA,OAAOA,YAAY,cAAc;AACjC,SAASC,MAAM,QAAQ,mBAAmB;AAE1C,OAAO,MAAMC,SAAS,IAAID,OAAO;IAChCE,QAAQC,QAAQC,GAAG,CAACC,QAAQ,KAAK;AAClC,GAAG;AAEH,MAAMC,MAAM;AACZ,MAAMC,OAAO;AAEb,MAAMC,sBAAsB;AAC5B,MAAMC,oBAAoB;AAC1B,MAAMC,uBAAuB;AAC7B,MAAMC,yBAAyB;AAC/B,MAAMC,6BAA6B;AAEnC;;;;;;;CAOC,GACD,OAAO,MAAMC,aAAa,CACzBC,QACAC,YAAoBN,iBAAiB;IAErC,OAAOV,OAAOc,UAAU,CAACE,WAAWC,MAAM,CAACF,QAAQP,MAAMU,MAAM,CAACX;AACjE,EAAE;AAEF;;;;CAIC,GACD,OAAO,MAAMY,aAAa,CAACC;IAC1BA,QAAQA,SAASR;IACjB,OAAOZ,OAAOqB,WAAW,CAACD,OAAOE,QAAQ,CAACf;AAC3C,EAAE;AAEF;;;;;;;;CAQC,GACD,OAAO,MAAMgB,UAAU,CAACC,UAAkBC;IACzC,wDAAwD;IACxD,MAAMC,KAAK1B,OAAOqB,WAAW,CAACV;IAC9B,uDAAuD;IACvD,MAAMgB,MAAMb,WAAWU;IACvB,mBAAmB;IACnB,MAAMI,SAAS5B,OAAO6B,cAAc,CAACpB,qBAAqBkB,KAAKD;IAC/D,mDAAmD;IACnD,MAAMI,YAAYF,OAAOX,MAAM,CAACQ,MAAMjB,MAAMD,OAAOqB,OAAOG,KAAK,CAACxB;IAChE;;;;EAIC,GACD,OAAO,CAAC,EAAEuB,UAAU,CAAC,EAAEJ,GAAGJ,QAAQ,CAACf,KAAK,CAAC;AAC1C,EAAE;AAEF;;;;;;;;;;CAUC,GACD,OAAO,MAAMyB,UAAU,CAACR,UAAkBC;IACzC,yDAAyD;IACzD,MAAM,CAACK,WAAWG,MAAM,GAAGR,KAAKS,KAAK,CAAC;IACtC,wCAAwC;IACxC,MAAMR,KAAKS,OAAOC,IAAI,CAACH,OAAO1B;IAC9B,uDAAuD;IACvD,MAAM8B,OAAOvB,WAAWU;IACxB,mBAAmB;IACnB,MAAMc,WAAWtC,OAAOuC,gBAAgB,CAAC9B,qBAAqB4B,MAAMX;IACpE,4DAA4D;IAC5D,OAAOY,SAASrB,MAAM,CAACa,WAAWvB,KAAKC,QAAQ8B,SAASP,KAAK,CAAC;AAC/D,EAAE;AAEF;;;;;;;;CAQC,GACD,SAASS,kBAAkBf,IAAY,EAAEgB,IAAY;IACpD,MAAMC,cAAc,IAAIC,cAAcC,MAAM,CAACnB;IAC7C,MAAMoB,cAAc,IAAIF,cAAcC,MAAM,CAACH;IAC7C;;;;;;;;;;;EAWC,GACD,MAAMK,aAAa9C,OAAO+C,UAAU,CAACL,aAAaG,aAAa,IAAI;QAClEG,MAAMC,KAAKC,GAAG,CAAC,GAAG;QAClBC,WAAW;QACXC,iBAAiB;IAClB;IACA,OAAO,AAACN,WAAsBxB,QAAQ,CAACf;AACxC;AAEA;;;;;;CAMC,GACD,OAAO,MAAM8C,eAAe,CAAC7B,UAAkBiB;IAC9C,MAAMa,SAASb,QAAQtB,WAAWN;IAClC,MAAMc,MAAMa,kBAAkBhB,SAAS+B,SAAS,CAAC,SAASD;IAC1D,OAAO,CAAC,EAAEA,OAAO,CAAC,EAAE3B,IAAI,CAAC;AAC1B,EAAE;AAEF;;;;;;CAMC,GACD,OAAO,MAAM6B,iBAAiB,CAAChC,UAAkBa;IAChD,MAAM,CAACI,MAAMd,IAAI,GAAGU,KAAKH,KAAK,CAAC;IAC/B,MAAMuB,YAAYtB,OAAOC,IAAI,CAACT,KAAKpB;IAEnC,MAAMuC,aAAaN,kBAAkBhB,SAAS+B,SAAS,CAAC,SAASd;IACjE,MAAMiB,mBAAmBvB,OAAOC,IAAI,CAACU,YAAYvC;IAEjD,IAAI;QACH,OAAOP,OAAO2D,eAAe,CAACF,WAAWC;IAC1C,EAAE,OAAOE,QAAQ;QAChB,OAAO;IACR;AACD,EAAE"}

package/dist/utilities.d.ts

@@ -1,36 +1,5 @@
 import { Logger } from "@node-cli/logger";
 export declare const logger: Logger;
-/**
- * Create an hexadecimal hash from a given string. The default
- * algorithm is md5 but it can be changed to anything that
- * crypto.createHash allows.
- * @param  {String} string            the string to hash
- * @param  {String} [algorithm='md5'] the algorithm to use or hashing
- * @return {String}                   the hashed string in hexa format
- */
-export declare const createHash: (string: string, algorithm?: string) => string;
-/**
- * Encrypts a string or a buffer using AES-256-CTR
- * algorithm.
- * @param  {String} password a unique password
- * @param  {String} data     a string to encrypt
- * @return {String} the encrypted data in hexa
- *   encoding, followed by a dollar sign ($) and by a
- *   unique random initialization vector.
- */
-export declare const encrypt: (password: string, data: string) => string;
-/**
- * Decrypts a string that was encrypted using the
- * AES-256-CRT algorithm via `encrypt`. It expects
- * the encrypted string to have the corresponding
- * initialization vector appended at the end, after
- * a dollar sign ($) - which was done via the
- * corresponding `encrypt` method.
- * @param  {String} password a unique password
- * @param  {String} data     a string to decrypt
- * @return {String}          the decrypted data
- */
-export declare const decrypt: (password: string, data: string) => string;
 /**
  * Process a file with a given password. The file can be
  * encoded or decoded depending on the `encode` flag.

package/dist/utilities.js

@@ -1,71 +1,12 @@
-import crypto from "node:crypto";
 import { Logger } from "@node-cli/logger";
 import fs from "fs-extra";
 import inquirer from "inquirer";
+import { decrypt, encrypt } from "./lib.js";
 export const logger = new Logger({
     boring: process.env.NODE_ENV === "test"
 });
-const HEX = "hex";
 const UTF8 = "utf8";
-const DEFAULT_CRYPTO_ALGO = "aes-256-ctr";
-const DEFAULT_HASH_ALGO = "md5";
-const DEFAULT_BYTES_FOR_IV = 16;
 const DEFAULT_FILE_ENCODING = UTF8;
-/**
- * Create an hexadecimal hash from a given string. The default
- * algorithm is md5 but it can be changed to anything that
- * crypto.createHash allows.
- * @param  {String} string            the string to hash
- * @param  {String} [algorithm='md5'] the algorithm to use or hashing
- * @return {String}                   the hashed string in hexa format
- */ export const createHash = (string, algorithm = DEFAULT_HASH_ALGO)=>{
-    return crypto.createHash(algorithm).update(string, UTF8).digest(HEX);
-};
-/**
- * Encrypts a string or a buffer using AES-256-CTR
- * algorithm.
- * @param  {String} password a unique password
- * @param  {String} data     a string to encrypt
- * @return {String} the encrypted data in hexa
- *   encoding, followed by a dollar sign ($) and by a
- *   unique random initialization vector.
- */ export const encrypt = (password, data)=>{
-    // Ensure that the initialization vector (IV) is random.
-    const iv = crypto.randomBytes(DEFAULT_BYTES_FOR_IV);
-    // Hash the given password (result is always the same).
-    const key = createHash(password);
-    // Create a cipher.
-    const cipher = crypto.createCipheriv(DEFAULT_CRYPTO_ALGO, key, iv);
-    // Encrypt the data using the newly created cipher.
-    const encrypted = cipher.update(data, UTF8, HEX) + cipher.final(HEX);
-    /*
-	 * Append the IV at the end of the encrypted data
-	 * to reuse it for decryption (IV is not a key,
-	 * it can be public).
-	 */ return `${encrypted}$${iv.toString(HEX)}`;
-};
-/**
- * Decrypts a string that was encrypted using the
- * AES-256-CRT algorithm via `encrypt`. It expects
- * the encrypted string to have the corresponding
- * initialization vector appended at the end, after
- * a dollar sign ($) - which was done via the
- * corresponding `encrypt` method.
- * @param  {String} password a unique password
- * @param  {String} data     a string to decrypt
- * @return {String}          the decrypted data
- */ export const decrypt = (password, data)=>{
-    // Extract encrypted data and initialization vector (IV).
-    const [encrypted, ivHex] = data.split("$");
-    // Create a buffer out of the raw hex IV
-    const iv = Buffer.from(ivHex, HEX);
-    // Hash the given password (result is always the same).
-    const hash = createHash(password);
-    // Create a cipher.
-    const decipher = crypto.createDecipheriv(DEFAULT_CRYPTO_ALGO, hash, iv);
-    // Return the decrypted data using the newly created cipher.
-    return decipher.update(encrypted, HEX, UTF8) + decipher.final("utf8");
-};
 export const processFileWithPassword = async (options)=>{
     const { encode, input, output, password } = options;
     const fileProcessor = encode ? encrypt : decrypt;

package/dist/utilities.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/utilities.ts"],"sourcesContent":["import crypto from \"node:crypto\";\nimport { Logger } from \"@node-cli/logger\";\nimport fs from \"fs-extra\";\nimport inquirer from \"inquirer\";\n\nexport const logger = new Logger({\n\tboring: process.env.NODE_ENV === \"test\",\n});\n\nconst HEX = \"hex\";\nconst UTF8 = \"utf8\";\n\nconst DEFAULT_CRYPTO_ALGO = \"aes-256-ctr\";\nconst DEFAULT_HASH_ALGO = \"md5\";\nconst DEFAULT_BYTES_FOR_IV = 16;\nconst DEFAULT_FILE_ENCODING = UTF8;\n\n/**\n * Create an hexadecimal hash from a given string. The default\n * algorithm is md5 but it can be changed to anything that\n * crypto.createHash allows.\n * @param  {String} string            the string to hash\n * @param  {String} [algorithm='md5'] the algorithm to use or hashing\n * @return {String}                   the hashed string in hexa format\n */\nexport const createHash = (\n\tstring: string,\n\talgorithm: string = DEFAULT_HASH_ALGO,\n): string => {\n\treturn crypto.createHash(algorithm).update(string, UTF8).digest(HEX);\n};\n\n/**\n * Encrypts a string or a buffer using AES-256-CTR\n * algorithm.\n * @param  {String} password a unique password\n * @param  {String} data     a string to encrypt\n * @return {String} the encrypted data in hexa\n *   encoding, followed by a dollar sign ($) and by a\n *   unique random initialization vector.\n */\nexport const encrypt = (password: string, data: string): string => {\n\t// Ensure that the initialization vector (IV) is random.\n\tconst iv = crypto.randomBytes(DEFAULT_BYTES_FOR_IV);\n\t// Hash the given password (result is always the same).\n\tconst key = createHash(password);\n\t// Create a cipher.\n\tconst cipher = crypto.createCipheriv(DEFAULT_CRYPTO_ALGO, key, iv);\n\t// Encrypt the data using the newly created cipher.\n\tconst encrypted = cipher.update(data, UTF8, HEX) + cipher.final(HEX);\n\t/*\n\t * Append the IV at the end of the encrypted data\n\t * to reuse it for decryption (IV is not a key,\n\t * it can be public).\n\t */\n\treturn `${encrypted}$${iv.toString(HEX)}`;\n};\n\n/**\n * Decrypts a string that was encrypted using the\n * AES-256-CRT algorithm via `encrypt`. It expects\n * the encrypted string to have the corresponding\n * initialization vector appended at the end, after\n * a dollar sign ($) - which was done via the\n * corresponding `encrypt` method.\n * @param  {String} password a unique password\n * @param  {String} data     a string to decrypt\n * @return {String}          the decrypted data\n */\nexport const decrypt = (password: string, data: string): string => {\n\t// Extract encrypted data and initialization vector (IV).\n\tconst [encrypted, ivHex] = data.split(\"$\");\n\t// Create a buffer out of the raw hex IV\n\tconst iv = Buffer.from(ivHex, HEX);\n\t// Hash the given password (result is always the same).\n\tconst hash = createHash(password);\n\t// Create a cipher.\n\tconst decipher = crypto.createDecipheriv(DEFAULT_CRYPTO_ALGO, hash, iv);\n\t// Return the decrypted data using the newly created cipher.\n\treturn decipher.update(encrypted, HEX, UTF8) + decipher.final(\"utf8\");\n};\n\n/**\n * Process a file with a given password. The file can be\n * encoded or decoded depending on the `encode` flag.\n * @param  {Boolean} encode   whether to encode or decode the file\n * @param  {String}  input    the input file path\n * @param  {String}  [output] the output file path\n * @param  {String}  password the password to use\n * @return {Promise}          a promise that resolves when\n *                            the file has been processed.\n */\nexport type ProcessFileOptions = {\n\tencode: boolean;\n\tinput: string;\n\toutput?: string;\n\tpassword: string;\n};\nexport const processFileWithPassword = async (\n\toptions: ProcessFileOptions,\n): Promise<void> => {\n\tconst { encode, input, output, password } = options;\n\tconst fileProcessor = encode ? encrypt : decrypt;\n\tconst data = await fs.readFile(input, DEFAULT_FILE_ENCODING);\n\n\tif (output) {\n\t\t// Save data to output file\n\t\tawait fs.outputFile(output, fileProcessor(password, data));\n\t} else {\n\t\t// Print to stdout directly\n\t\tlogger.log(fileProcessor(password, data));\n\t}\n};\n\n/* istanbul ignore next */\nexport const displayConfirmation = async (message: string) => {\n\tconst questions = {\n\t\tdefault: true,\n\t\tmessage: message || \"Do you want to continue?\",\n\t\tname: \"goodToGo\",\n\t\ttype: \"confirm\",\n\t};\n\tlogger.log();\n\tconst answers = await inquirer.prompt(questions);\n\treturn answers.goodToGo;\n};\n\n/* istanbul ignore next */\nexport const displayPromptWithPassword = async (message: string) => {\n\tconst questions = {\n\t\tmessage: message,\n\t\tname: \"password\",\n\t\ttype: \"password\",\n\t\tvalidate(value: string) {\n\t\t\tif (!value) {\n\t\t\t\treturn \"Password cannot be empty...\";\n\t\t\t}\n\t\t\treturn true;\n\t\t},\n\t};\n\tconst answers = await inquirer.prompt(questions);\n\treturn answers.password;\n};\n\n/* istanbul ignore next */\nexport const shouldContinue = (goodToGo: boolean) => {\n\tif (!goodToGo) {\n\t\tlogger.log(\"\\nBye then!\");\n\t\t// eslint-disable-next-line unicorn/no-process-exit\n\t\tprocess.exit(0);\n\t}\n\treturn true;\n};\n"],"names":["crypto","Logger","fs","inquirer","logger","boring","process","env","NODE_ENV","HEX","UTF8","DEFAULT_CRYPTO_ALGO","DEFAULT_HASH_ALGO","DEFAULT_BYTES_FOR_IV","DEFAULT_FILE_ENCODING","createHash","string","algorithm","update","digest","encrypt","password","data","iv","randomBytes","key","cipher","createCipheriv","encrypted","final","toString","decrypt","ivHex","split","Buffer","from","hash","decipher","createDecipheriv","processFileWithPassword","options","encode","input","output","fileProcessor","readFile","outputFile","log","displayConfirmation","message","questions","default","name","type","answers","prompt","goodToGo","displayPromptWithPassword","validate","value","shouldContinue","exit"],"rangeMappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;","mappings":"AAAA,OAAOA,YAAY,cAAc;AACjC,SAASC,MAAM,QAAQ,mBAAmB;AAC1C,OAAOC,QAAQ,WAAW;AAC1B,OAAOC,cAAc,WAAW;AAEhC,OAAO,MAAMC,SAAS,IAAIH,OAAO;IAChCI,QAAQC,QAAQC,GAAG,CAACC,QAAQ,KAAK;AAClC,GAAG;AAEH,MAAMC,MAAM;AACZ,MAAMC,OAAO;AAEb,MAAMC,sBAAsB;AAC5B,MAAMC,oBAAoB;AAC1B,MAAMC,uBAAuB;AAC7B,MAAMC,wBAAwBJ;AAE9B;;;;;;;CAOC,GACD,OAAO,MAAMK,aAAa,CACzBC,QACAC,YAAoBL,iBAAiB;IAErC,OAAOZ,OAAOe,UAAU,CAACE,WAAWC,MAAM,CAACF,QAAQN,MAAMS,MAAM,CAACV;AACjE,EAAE;AAEF;;;;;;;;CAQC,GACD,OAAO,MAAMW,UAAU,CAACC,UAAkBC;IACzC,wDAAwD;IACxD,MAAMC,KAAKvB,OAAOwB,WAAW,CAACX;IAC9B,uDAAuD;IACvD,MAAMY,MAAMV,WAAWM;IACvB,mBAAmB;IACnB,MAAMK,SAAS1B,OAAO2B,cAAc,CAAChB,qBAAqBc,KAAKF;IAC/D,mDAAmD;IACnD,MAAMK,YAAYF,OAAOR,MAAM,CAACI,MAAMZ,MAAMD,OAAOiB,OAAOG,KAAK,CAACpB;IAChE;;;;EAIC,GACD,OAAO,CAAC,EAAEmB,UAAU,CAAC,EAAEL,GAAGO,QAAQ,CAACrB,KAAK,CAAC;AAC1C,EAAE;AAEF;;;;;;;;;;CAUC,GACD,OAAO,MAAMsB,UAAU,CAACV,UAAkBC;IACzC,yDAAyD;IACzD,MAAM,CAACM,WAAWI,MAAM,GAAGV,KAAKW,KAAK,CAAC;IACtC,wCAAwC;IACxC,MAAMV,KAAKW,OAAOC,IAAI,CAACH,OAAOvB;IAC9B,uDAAuD;IACvD,MAAM2B,OAAOrB,WAAWM;IACxB,mBAAmB;IACnB,MAAMgB,WAAWrC,OAAOsC,gBAAgB,CAAC3B,qBAAqByB,MAAMb;IACpE,4DAA4D;IAC5D,OAAOc,SAASnB,MAAM,CAACU,WAAWnB,KAAKC,QAAQ2B,SAASR,KAAK,CAAC;AAC/D,EAAE;AAkBF,OAAO,MAAMU,0BAA0B,OACtCC;IAEA,MAAM,EAAEC,MAAM,EAAEC,KAAK,EAAEC,MAAM,EAAEtB,QAAQ,EAAE,GAAGmB;IAC5C,MAAMI,gBAAgBH,SAASrB,UAAUW;IACzC,MAAMT,OAAO,MAAMpB,GAAG2C,QAAQ,CAACH,OAAO5B;IAEtC,IAAI6B,QAAQ;QACX,2BAA2B;QAC3B,MAAMzC,GAAG4C,UAAU,CAACH,QAAQC,cAAcvB,UAAUC;IACrD,OAAO;QACN,2BAA2B;QAC3BlB,OAAO2C,GAAG,CAACH,cAAcvB,UAAUC;IACpC;AACD,EAAE;AAEF,wBAAwB,GACxB,OAAO,MAAM0B,sBAAsB,OAAOC;IACzC,MAAMC,YAAY;QACjBC,SAAS;QACTF,SAASA,WAAW;QACpBG,MAAM;QACNC,MAAM;IACP;IACAjD,OAAO2C,GAAG;IACV,MAAMO,UAAU,MAAMnD,SAASoD,MAAM,CAACL;IACtC,OAAOI,QAAQE,QAAQ;AACxB,EAAE;AAEF,wBAAwB,GACxB,OAAO,MAAMC,4BAA4B,OAAOR;IAC/C,MAAMC,YAAY;QACjBD,SAASA;QACTG,MAAM;QACNC,MAAM;QACNK,UAASC,KAAa;YACrB,IAAI,CAACA,OAAO;gBACX,OAAO;YACR;YACA,OAAO;QACR;IACD;IACA,MAAML,UAAU,MAAMnD,SAASoD,MAAM,CAACL;IACtC,OAAOI,QAAQjC,QAAQ;AACxB,EAAE;AAEF,wBAAwB,GACxB,OAAO,MAAMuC,iBAAiB,CAACJ;IAC9B,IAAI,CAACA,UAAU;QACdpD,OAAO2C,GAAG,CAAC;QACX,mDAAmD;QACnDzC,QAAQuD,IAAI,CAAC;IACd;IACA,OAAO;AACR,EAAE"}
+{"version":3,"sources":["../src/utilities.ts"],"sourcesContent":["import { Logger } from \"@node-cli/logger\";\nimport fs from \"fs-extra\";\nimport inquirer from \"inquirer\";\n\nimport { decrypt, encrypt } from \"./lib.js\";\n\nexport const logger = new Logger({\n\tboring: process.env.NODE_ENV === \"test\",\n});\n\nconst UTF8 = \"utf8\";\nconst DEFAULT_FILE_ENCODING = UTF8;\n\n/**\n * Process a file with a given password. The file can be\n * encoded or decoded depending on the `encode` flag.\n * @param  {Boolean} encode   whether to encode or decode the file\n * @param  {String}  input    the input file path\n * @param  {String}  [output] the output file path\n * @param  {String}  password the password to use\n * @return {Promise}          a promise that resolves when\n *                            the file has been processed.\n */\nexport type ProcessFileOptions = {\n\tencode: boolean;\n\tinput: string;\n\toutput?: string;\n\tpassword: string;\n};\nexport const processFileWithPassword = async (\n\toptions: ProcessFileOptions,\n): Promise<void> => {\n\tconst { encode, input, output, password } = options;\n\tconst fileProcessor = encode ? encrypt : decrypt;\n\tconst data = await fs.readFile(input, DEFAULT_FILE_ENCODING);\n\n\tif (output) {\n\t\t// Save data to output file\n\t\tawait fs.outputFile(output, fileProcessor(password, data));\n\t} else {\n\t\t// Print to stdout directly\n\t\tlogger.log(fileProcessor(password, data));\n\t}\n};\n\n/* istanbul ignore next */\nexport const displayConfirmation = async (message: string) => {\n\tconst questions = {\n\t\tdefault: true,\n\t\tmessage: message || \"Do you want to continue?\",\n\t\tname: \"goodToGo\",\n\t\ttype: \"confirm\",\n\t};\n\tlogger.log();\n\tconst answers = await inquirer.prompt(questions);\n\treturn answers.goodToGo;\n};\n\n/* istanbul ignore next */\nexport const displayPromptWithPassword = async (message: string) => {\n\tconst questions = {\n\t\tmessage: message,\n\t\tname: \"password\",\n\t\ttype: \"password\",\n\t\tvalidate(value: string) {\n\t\t\tif (!value) {\n\t\t\t\treturn \"Password cannot be empty...\";\n\t\t\t}\n\t\t\treturn true;\n\t\t},\n\t};\n\tconst answers = await inquirer.prompt(questions);\n\treturn answers.password;\n};\n\n/* istanbul ignore next */\nexport const shouldContinue = (goodToGo: boolean) => {\n\tif (!goodToGo) {\n\t\tlogger.log(\"\\nBye then!\");\n\t\t// eslint-disable-next-line unicorn/no-process-exit\n\t\tprocess.exit(0);\n\t}\n\treturn true;\n};\n"],"names":["Logger","fs","inquirer","decrypt","encrypt","logger","boring","process","env","NODE_ENV","UTF8","DEFAULT_FILE_ENCODING","processFileWithPassword","options","encode","input","output","password","fileProcessor","data","readFile","outputFile","log","displayConfirmation","message","questions","default","name","type","answers","prompt","goodToGo","displayPromptWithPassword","validate","value","shouldContinue","exit"],"rangeMappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;","mappings":"AAAA,SAASA,MAAM,QAAQ,mBAAmB;AAC1C,OAAOC,QAAQ,WAAW;AAC1B,OAAOC,cAAc,WAAW;AAEhC,SAASC,OAAO,EAAEC,OAAO,QAAQ,WAAW;AAE5C,OAAO,MAAMC,SAAS,IAAIL,OAAO;IAChCM,QAAQC,QAAQC,GAAG,CAACC,QAAQ,KAAK;AAClC,GAAG;AAEH,MAAMC,OAAO;AACb,MAAMC,wBAAwBD;AAkB9B,OAAO,MAAME,0BAA0B,OACtCC;IAEA,MAAM,EAAEC,MAAM,EAAEC,KAAK,EAAEC,MAAM,EAAEC,QAAQ,EAAE,GAAGJ;IAC5C,MAAMK,gBAAgBJ,SAASV,UAAUD;IACzC,MAAMgB,OAAO,MAAMlB,GAAGmB,QAAQ,CAACL,OAAOJ;IAEtC,IAAIK,QAAQ;QACX,2BAA2B;QAC3B,MAAMf,GAAGoB,UAAU,CAACL,QAAQE,cAAcD,UAAUE;IACrD,OAAO;QACN,2BAA2B;QAC3Bd,OAAOiB,GAAG,CAACJ,cAAcD,UAAUE;IACpC;AACD,EAAE;AAEF,wBAAwB,GACxB,OAAO,MAAMI,sBAAsB,OAAOC;IACzC,MAAMC,YAAY;QACjBC,SAAS;QACTF,SAASA,WAAW;QACpBG,MAAM;QACNC,MAAM;IACP;IACAvB,OAAOiB,GAAG;IACV,MAAMO,UAAU,MAAM3B,SAAS4B,MAAM,CAACL;IACtC,OAAOI,QAAQE,QAAQ;AACxB,EAAE;AAEF,wBAAwB,GACxB,OAAO,MAAMC,4BAA4B,OAAOR;IAC/C,MAAMC,YAAY;QACjBD,SAASA;QACTG,MAAM;QACNC,MAAM;QACNK,UAASC,KAAa;YACrB,IAAI,CAACA,OAAO;gBACX,OAAO;YACR;YACA,OAAO;QACR;IACD;IACA,MAAML,UAAU,MAAM3B,SAAS4B,MAAM,CAACL;IACtC,OAAOI,QAAQZ,QAAQ;AACxB,EAAE;AAEF,wBAAwB,GACxB,OAAO,MAAMkB,iBAAiB,CAACJ;IAC9B,IAAI,CAACA,UAAU;QACd1B,OAAOiB,GAAG,CAAC;QACX,mDAAmD;QACnDf,QAAQ6B,IAAI,CAAC;IACd;IACA,OAAO;AACR,EAAE"}

package/package.json

@@ -1,17 +1,17 @@
 {
 	"name": "@node-cli/secret",
-	"version": "1.0.7",
+	"version": "1.2.0",
 	"license": "MIT",
 	"author": "Arno Versini",
 	"description": "Secret is a CLI tool that can encode or decode a file with a password",
 	"type": "module",
 	"types": "./dist/index.d.ts",
-	"exports": "./dist/secret.js",
+	"exports": "./dist/lib.js",
 	"bin": "dist/secret.js",
 	"files": [
 		"dist"
 	],
-	"node": ">=16",
+	"node": ">=18",
 	"scripts": {
 		"build": "npm-run-all --serial clean build:types build:js build:barrel",
 		"build:barrel": "barrelsby --delete --directory dist --pattern \"**/*.d.ts\" --name \"index.d\"",
@@ -21,6 +21,7 @@
 		"lint": "biome lint src",
 		"test": "cross-env-shell NODE_OPTIONS=--experimental-vm-modules TZ=UTC jest",
 		"test:coverage": "npm run test -- --coverage",
+		"test:watch": "npm run test -- --watch",
 		"watch": "swc --strip-leading-paths --watch --out-dir dist src"
 	},
 	"dependencies": {
@@ -32,5 +33,5 @@
 	"publishConfig": {
 		"access": "public"
 	},
-	"gitHead": "e511453b89f180c52ca60e10bd1dfb3c8675cbec"
+	"gitHead": "9afc4bbb67fd628806007b1b4c9be777ed881cc3"
 }