@pathscale/secure-local-storage-chacha20-poly1305 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +11 -0
- package/README.md +16 -32
- package/dist/SecureLocalStorage.d.ts +0 -1
- package/dist/SecureLocalStorage.d.ts.map +1 -1
- package/dist/encryption.d.ts +4 -2
- package/dist/encryption.d.ts.map +1 -1
- package/dist/index.js +1371 -149
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +1370 -148
- package/dist/index.mjs.map +1 -1
- package/package.json +4 -6
package/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,17 @@ All notable changes to this project will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [1.0.1] - 2026-05-07
|
|
9
|
+
|
|
10
|
+
### Changed
|
|
11
|
+
- Switched encryption implementation from noble to `@stablelib/xchacha20poly1305`.
|
|
12
|
+
- Replaced 12-byte ChaCha20-Poly1305 nonces with 24-byte XChaCha20-Poly1305 nonces.
|
|
13
|
+
- Removed PBKDF2 key derivation; `hashKey` now expects a raw 32-byte key as hex, base64, or a 32-byte string.
|
|
14
|
+
- Added a temporary built-in development key until auth provides the login-bound key.
|
|
15
|
+
|
|
16
|
+
### Removed
|
|
17
|
+
- Removed `@noble/ciphers` and `@noble/hashes`.
|
|
18
|
+
|
|
8
19
|
## [1.0.0] - 2026-05-07
|
|
9
20
|
|
|
10
21
|
### Added
|
package/README.md
CHANGED
|
@@ -1,17 +1,16 @@
|
|
|
1
|
-
# Secure Local Storage
|
|
1
|
+
# Secure Local Storage XChaCha20-Poly1305
|
|
2
2
|
|
|
3
3
|
[](https://www.npmjs.com/package/@pathscale/secure-local-storage-chacha20-poly1305) [](http://npm-stat.com/charts.html?package=@pathscale/secure-local-storage-chacha20-poly1305) [](https://www.typescriptlang.org/) [](https://opensource.org/licenses/MIT)
|
|
4
4
|
|
|
5
|
-
A secure, encrypted local storage library
|
|
5
|
+
A secure, encrypted local storage library. This fork provides a drop-in replacement for localStorage with XChaCha20-Poly1305 authenticated encryption and type preservation.
|
|
6
6
|
|
|
7
7
|
## 🚀 Features
|
|
8
8
|
|
|
9
|
-
- **🔐 Automatic Encryption**: All data is encrypted using
|
|
10
|
-
- **🔍 Browser Fingerprinting**: Generates unique keys based on browser characteristics
|
|
9
|
+
- **🔐 Automatic Encryption**: All data is encrypted using XChaCha20-Poly1305
|
|
11
10
|
- **📝 Type Preservation**: Maintains original data types (string, number, boolean, object)
|
|
12
11
|
- **🎯 Framework Agnostic**: Works with React, Vue, Angular, Vite, Next.js, and vanilla JavaScript
|
|
13
12
|
- **💾 Memory Caching**: Singleton pattern with in-memory cache for performance
|
|
14
|
-
- **🛡️
|
|
13
|
+
- **🛡️ Authenticated Encryption**: Stored values include an authentication tag
|
|
15
14
|
- **⚙️ Configurable**: Extensive configuration options and environment variable support
|
|
16
15
|
- **📦 TypeScript Ready**: Full TypeScript support with comprehensive type definitions
|
|
17
16
|
- **🚀 Production Ready**: Thoroughly tested and optimized for performance
|
|
@@ -23,17 +22,14 @@ A secure, encrypted local storage library with browser fingerprinting for enhanc
|
|
|
23
22
|
Regular localStorage stores data as plain text, making it vulnerable to:
|
|
24
23
|
|
|
25
24
|
- **Data theft**: Anyone with device access can read your stored data
|
|
26
|
-
- **
|
|
25
|
+
- **Tampering**: Stored ciphertext can be modified without the app noticing
|
|
27
26
|
- **No type safety**: Everything is stored as strings, losing original data types
|
|
28
27
|
|
|
29
28
|
### The Solution
|
|
30
29
|
|
|
31
|
-
Secure Local Storage
|
|
32
|
-
-
|
|
33
|
-
|
|
34
|
-
- Environment-specific configuration
|
|
35
|
-
|
|
36
|
-
This ensures that data encrypted in one browser cannot be decrypted in another, even if the encrypted data is copied.
|
|
30
|
+
Secure Local Storage encrypts values before writing them to localStorage. For now, the package uses
|
|
31
|
+
a built-in 32-byte development key unless `hashKey` is provided as a raw 32-byte, base64, or hex key.
|
|
32
|
+
This is intended to be replaced by an auth-provided key after login.
|
|
37
33
|
|
|
38
34
|
## 📦 Installation
|
|
39
35
|
|
|
@@ -91,9 +87,8 @@ import { SecureLocalStorage } from '@pathscale/secure-local-storage-chacha20-pol
|
|
|
91
87
|
|
|
92
88
|
// Create a custom instance with configuration
|
|
93
89
|
const customStorage = SecureLocalStorage.getInstance({
|
|
94
|
-
hashKey: '
|
|
90
|
+
hashKey: '0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef',
|
|
95
91
|
prefix: 'myapp_',
|
|
96
|
-
disabledKeys: ['Canvas', 'Fonts'], // Disable specific fingerprint properties
|
|
97
92
|
debug: true
|
|
98
93
|
});
|
|
99
94
|
|
|
@@ -249,21 +244,11 @@ type FingerprintProperty =
|
|
|
249
244
|
## 🔒 Security Features
|
|
250
245
|
|
|
251
246
|
### Encryption Details
|
|
252
|
-
- **Algorithm**:
|
|
253
|
-
- **
|
|
254
|
-
- **
|
|
255
|
-
- **
|
|
256
|
-
|
|
257
|
-
### Browser Fingerprinting
|
|
258
|
-
The library generates a unique fingerprint using:
|
|
259
|
-
- User agent string
|
|
260
|
-
- Screen dimensions and color depth
|
|
261
|
-
- Installed plugins
|
|
262
|
-
- Available fonts (canvas-based detection)
|
|
263
|
-
- Storage capabilities
|
|
264
|
-
- Timezone and language settings
|
|
265
|
-
- Canvas fingerprint
|
|
266
|
-
- Current hostname
|
|
247
|
+
- **Algorithm**: XChaCha20-Poly1305 authenticated encryption
|
|
248
|
+
- **Implementation**: `@stablelib/xchacha20poly1305`
|
|
249
|
+
- **Nonce**: 24-byte random nonce per encrypted value
|
|
250
|
+
- **Key**: 32-byte raw key; accepts hex, base64, or raw 32-byte string input
|
|
251
|
+
- **Temporary fallback**: Built-in development key until auth provides a login-bound key
|
|
267
252
|
|
|
268
253
|
### Data Protection
|
|
269
254
|
- Each encrypted item includes metadata (type, timestamp, version)
|
|
@@ -395,9 +380,8 @@ If you have any questions or issues, please:
|
|
|
395
380
|
|
|
396
381
|
## 🔗 Related Projects
|
|
397
382
|
|
|
398
|
-
- [
|
|
399
|
-
- [fingerprintjs](https://github.com/fingerprintjs/fingerprintjs) - Browser fingerprinting
|
|
383
|
+
- [StableLib](https://github.com/StableLib/stablelib) - TypeScript cryptography packages
|
|
400
384
|
|
|
401
385
|
---
|
|
402
386
|
|
|
403
|
-
Forked from `@jahidulsaeid/secure-local-storage` and ported to
|
|
387
|
+
Forked from `@jahidulsaeid/secure-local-storage` and ported to XChaCha20-Poly1305.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SecureLocalStorage.d.ts","sourceRoot":"","sources":["../src/SecureLocalStorage.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"SecureLocalStorage.d.ts","sourceRoot":"","sources":["../src/SecureLocalStorage.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,mBAAmB,EAAE,YAAY,EAAiB,MAAM,SAAS,CAAC;AAE3E;;GAEG;AACH,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAmC;IAC1D,OAAO,CAAC,UAAU,CAAoB;IACtC,OAAO,CAAC,WAAW,CAAqB;IACxC,OAAO,CAAC,MAAM,CAAsB;IACpC,OAAO,CAAC,aAAa,CAAgB;IACrC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,WAAW,CAA4B;IAC/C,OAAO,CAAC,aAAa,CAAkB;IAEvC,OAAO;IA2BP;;OAEG;WACW,WAAW,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,mBAAmB,CAAC,GAAG,kBAAkB;IAOpF;;OAEG;IACI,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,GAAG,IAAI;IAqBtD;;OAEG;IACI,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,YAAY;IAoCzC;;OAEG;IACI,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAmBpC;;OAEG;IACI,KAAK,IAAI,IAAI;IA+BpB;;OAEG;IACI,IAAI,IAAI,MAAM,EAAE;IAkBvB;;OAEG;IACI,MAAM,IAAI,MAAM;IAIvB;;OAEG;IACI,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,mBAAmB,CAAC,GAAG,IAAI;IAelE,OAAO,CAAC,gBAAgB;IASxB,OAAO,CAAC,aAAa;IAIrB,OAAO,CAAC,sBAAsB;IAI9B,OAAO,CAAC,iBAAiB;IAIzB,OAAO,CAAC,qBAAqB;CAsB9B"}
|
package/dist/encryption.d.ts
CHANGED
|
@@ -7,7 +7,7 @@ export declare class EncryptionManager {
|
|
|
7
7
|
private readonly version;
|
|
8
8
|
private readonly textEncoder;
|
|
9
9
|
private readonly textDecoder;
|
|
10
|
-
constructor(secretKey
|
|
10
|
+
constructor(secretKey?: string);
|
|
11
11
|
/**
|
|
12
12
|
* Update the secret key
|
|
13
13
|
*/
|
|
@@ -24,7 +24,8 @@ export declare class EncryptionManager {
|
|
|
24
24
|
* Validate if data was encrypted with this library
|
|
25
25
|
*/
|
|
26
26
|
isValidEncryptedData(encryptedData: string): boolean;
|
|
27
|
-
private
|
|
27
|
+
private loadSecretKey;
|
|
28
|
+
private tryParseRawKey;
|
|
28
29
|
private serializeData;
|
|
29
30
|
private deserializeData;
|
|
30
31
|
private getDataType;
|
|
@@ -32,5 +33,6 @@ export declare class EncryptionManager {
|
|
|
32
33
|
private encodeBase64;
|
|
33
34
|
private decodeBase64;
|
|
34
35
|
private getGlobalBuffer;
|
|
36
|
+
private getRandomBytes;
|
|
35
37
|
}
|
|
36
38
|
//# sourceMappingURL=encryption.d.ts.map
|
package/dist/encryption.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"encryption.d.ts","sourceRoot":"","sources":["../src/encryption.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"encryption.d.ts","sourceRoot":"","sources":["../src/encryption.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAwB,MAAM,SAAS,CAAC;AA4B7D;;GAEG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,SAAS,CAAa;IAC9B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAW;IACnC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAqB;IACjD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAqB;gBAErC,SAAS,GAAE,MAAW;IAIlC;;OAEG;IACI,eAAe,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI;IAKlD;;OAEG;IACI,OAAO,CAAC,IAAI,EAAE,YAAY,GAAG,MAAM;IAwB1C;;OAEG;IACI,OAAO,CAAC,aAAa,EAAE,MAAM,GAAG,YAAY;IAyBnD;;OAEG;IACI,oBAAoB,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO;IAmB3D,OAAO,CAAC,aAAa;IAIrB,OAAO,CAAC,cAAc;IAsBtB,OAAO,CAAC,aAAa;IAYrB,OAAO,CAAC,eAAe;IAuBvB,OAAO,CAAC,WAAW;IAMnB,OAAO,CAAC,gBAAgB;IAYxB,OAAO,CAAC,YAAY;IAgBpB,OAAO,CAAC,YAAY;IAgBpB,OAAO,CAAC,eAAe;IAIvB,OAAO,CAAC,cAAc;CAUvB"}
|