@salesforce/core 4.0.0 → 4.1.0

package/lib/crypto/crypto.js

@@ -16,6 +16,7 @@ const kit_1 = require("@salesforce/kit");
 const logger_1 = require("../logger");
 const messages_1 = require("../messages");
 const cache_1 = require("../util/cache");
+const global_1 = require("../global");
 const keyChain_1 = require("./keyChain");
 const secureBuffer_1 = require("./secureBuffer");
 const TAG_DELIMITER = ':';
@@ -25,13 +26,7 @@ const AUTH_TAG_LENGTH = 32;
 const ENCRYPTED_CHARS = /[a-f0-9]/;
 const KEY_NAME = 'sfdx';
 const ACCOUNT = 'local';
-messages_1.Messages.importMessagesDirectory((0, path_1.join)(__dirname));
-const messages = messages_1.Messages.load('@salesforce/core', 'encryption', [
-    'keychainPasswordCreationError',
-    'invalidEncryptedFormatError',
-    'authDecryptError',
-    'macKeychainOutOfSync',
-]);
+const messages = new messages_1.Messages('@salesforce/core', 'encryption', new Map([["invalidEncryptedFormatError", "The encrypted data is not properly formatted."], ["invalidEncryptedFormatError.actions", ["If attempting to create a scratch org then re-authorize. Otherwise create a new scratch org."]], ["authDecryptError", "Failed to decipher auth data. reason: %s."], ["unsupportedOperatingSystemError", "Unsupported Operating System: %s"], ["missingCredentialProgramError", "Unable to find required security software: %s"], ["credentialProgramAccessError", "Unable to execute security software: %s"], ["passwordRetryError", "Failed to get the password after %i retries."], ["passwordRequiredError", "A password is required."], ["keyChainServiceRequiredError", "Unable to get or set a keychain value without a service name."], ["keyChainAccountRequiredError", "Unable to get or set a keychain value without an account name."], ["keyChainUserCanceledError", "User canceled authentication."], ["keychainPasswordCreationError", "Failed to create a password in the keychain."], ["genericKeychainServiceError", "The service and account specified in %s do not match the version of the toolbelt."], ["genericKeychainServiceError.actions", ["Check your toolbelt version and re-auth."]], ["genericKeychainInvalidPermsError", "Invalid file permissions for secret file"], ["genericKeychainInvalidPermsError.actions", ["Ensure the file %s has the file permission octal value of %s."]], ["passwordNotFoundError", "Could not find password.\n%s"], ["passwordNotFoundError.actions", ["Ensure a valid password is returned with the following command: [%s]"]], ["setCredentialError", "Command failed with response:\n%s"], ["setCredentialError.actions", ["Determine why this command failed to set an encryption key for user %s: [%s]."]], ["macKeychainOutOfSync", "We\u2019ve encountered an error with the Mac keychain being out of sync with your `sfdx` credentials. To fix the problem, sync your credentials by authenticating into your org again using the auth commands."]]));
 const makeSecureBuffer = (password) => {
     const newSb = new secureBuffer_1.SecureBuffer();
     newSb.consume(Buffer.from((0, ts_types_1.ensure)(password), 'utf8'));
@@ -49,23 +44,20 @@ const keychainPromises = {
      * @param account The keychain account name.
      */
     getPassword(_keychain, service, account) {
-        const sb = cache_1.Cache.get(`${service}:${account}`);
+        const cacheKey = `${global_1.Global.DIR}:${service}:${account}`;
+        const sb = cache_1.Cache.get(cacheKey);
         if (!sb) {
-            return new Promise((resolve, reject) => {
-                return _keychain.getPassword({ service, account }, (err, password) => {
-                    if (err)
-                        return reject(err);
-                    cache_1.Cache.set(`${service}:${account}`, makeSecureBuffer(password));
-                    return resolve({ username: account, password: (0, ts_types_1.ensure)(password) });
-                });
-            });
+            return new Promise((resolve, reject) => _keychain.getPassword({ service, account }, (err, password) => {
+                if (err)
+                    return reject(err);
+                cache_1.Cache.set(cacheKey, makeSecureBuffer(password));
+                return resolve({ username: account, password: (0, ts_types_1.ensure)(password) });
+            }));
         }
         else {
             const pw = sb.value((buffer) => buffer.toString('utf8'));
-            cache_1.Cache.set(`${service}:${account}`, makeSecureBuffer(pw));
-            return new Promise((resolve) => {
-                return resolve({ username: account, password: (0, ts_types_1.ensure)(pw) });
-            });
+            cache_1.Cache.set(cacheKey, makeSecureBuffer(pw));
+            return new Promise((resolve) => resolve({ username: account, password: (0, ts_types_1.ensure)(pw) }));
         }
     },
     /**
@@ -98,7 +90,7 @@ class Crypto extends kit_1.AsyncOptionalCreatable {
     constructor(options) {
         super(options);
         this.key = new secureBuffer_1.SecureBuffer();
-        this.options = options || {};
+        this.options = options ?? {};
     }
     encrypt(text) {
         if (text == null) {
@@ -137,7 +129,7 @@ class Crypto extends kit_1.AsyncOptionalCreatable {
             }
             catch (err) {
                 const error = messages.createError('authDecryptError', [err.message], [], err);
-                const useGenericUnixKeychain = kit_1.env.getBoolean('SFDX_USE_GENERIC_UNIX_KEYCHAIN') || kit_1.env.getBoolean('USE_GENERIC_UNIX_KEYCHAIN');
+                const useGenericUnixKeychain = kit_1.env.getBoolean('SF_USE_GENERIC_UNIX_KEYCHAIN') || kit_1.env.getBoolean('USE_GENERIC_UNIX_KEYCHAIN');
                 if (os.platform() === 'darwin' && !useGenericUnixKeychain) {
                     error.actions = [messages.getMessage('macKeychainOutOfSync')];
                 }
@@ -153,6 +145,7 @@ class Crypto extends kit_1.AsyncOptionalCreatable {
      * @param text The text
      * @returns true if the text is encrypted, false otherwise.
      */
+    // eslint-disable-next-line class-methods-use-this
     isEncrypted(text) {
         if (text == null) {
             return false;

package/lib/crypto/keyChain.js

@@ -11,8 +11,7 @@ const kit_1 = require("@salesforce/kit");
 const logger_1 = require("../logger");
 const messages_1 = require("../messages");
 const keyChainImpl_1 = require("./keyChainImpl");
-messages_1.Messages.importMessagesDirectory(__dirname);
-const messages = messages_1.Messages.load('@salesforce/core', 'encryption', ['unsupportedOperatingSystemError']);
+const messages = new messages_1.Messages('@salesforce/core', 'encryption', new Map([["invalidEncryptedFormatError", "The encrypted data is not properly formatted."], ["invalidEncryptedFormatError.actions", ["If attempting to create a scratch org then re-authorize. Otherwise create a new scratch org."]], ["authDecryptError", "Failed to decipher auth data. reason: %s."], ["unsupportedOperatingSystemError", "Unsupported Operating System: %s"], ["missingCredentialProgramError", "Unable to find required security software: %s"], ["credentialProgramAccessError", "Unable to execute security software: %s"], ["passwordRetryError", "Failed to get the password after %i retries."], ["passwordRequiredError", "A password is required."], ["keyChainServiceRequiredError", "Unable to get or set a keychain value without a service name."], ["keyChainAccountRequiredError", "Unable to get or set a keychain value without an account name."], ["keyChainUserCanceledError", "User canceled authentication."], ["keychainPasswordCreationError", "Failed to create a password in the keychain."], ["genericKeychainServiceError", "The service and account specified in %s do not match the version of the toolbelt."], ["genericKeychainServiceError.actions", ["Check your toolbelt version and re-auth."]], ["genericKeychainInvalidPermsError", "Invalid file permissions for secret file"], ["genericKeychainInvalidPermsError.actions", ["Ensure the file %s has the file permission octal value of %s."]], ["passwordNotFoundError", "Could not find password.\n%s"], ["passwordNotFoundError.actions", ["Ensure a valid password is returned with the following command: [%s]"]], ["setCredentialError", "Command failed with response:\n%s"], ["setCredentialError.actions", ["Determine why this command failed to set an encryption key for user %s: [%s]."]], ["macKeychainOutOfSync", "We\u2019ve encountered an error with the Mac keychain being out of sync with your `sfdx` credentials. To fix the problem, sync your credentials by authenticating into your org again using the auth commands."]]));
 /**
  * Gets the os level keychain impl.
  *
@@ -22,7 +21,7 @@ const messages = messages_1.Messages.load('@salesforce/core', 'encryption', ['un
 const retrieveKeychain = async (platform) => {
     const logger = await logger_1.Logger.child('keyChain');
     logger.debug(`platform: ${platform}`);
-    const useGenericUnixKeychainVar = kit_1.env.getBoolean('SFDX_USE_GENERIC_UNIX_KEYCHAIN');
+    const useGenericUnixKeychainVar = kit_1.env.getBoolean('SF_USE_GENERIC_UNIX_KEYCHAIN');
     const shouldUseGenericUnixKeychain = useGenericUnixKeychainVar && useGenericUnixKeychainVar;
     if (platform.startsWith('win')) {
         return keyChainImpl_1.keyChainImpl.generic_windows;

package/lib/crypto/keyChainImpl.d.ts

@@ -1,8 +1,10 @@
 /// <reference types="node" />
+/// <reference types="node" />
+/// <reference types="node" />
 import * as childProcess from 'child_process';
 import * as nodeFs from 'fs';
 import { Nullable } from '@salesforce/ts-types';
-export declare type FsIfc = Pick<typeof nodeFs, 'statSync'>;
+export type FsIfc = Pick<typeof nodeFs, 'statSync'>;
 /**
  * Basic keychain interface.
  */
@@ -75,7 +77,7 @@ declare enum SecretField {
     ACCOUNT = "account",
     KEY = "key"
 }
-declare type SecretContents = {
+type SecretContents = {
     [SecretField.ACCOUNT]: string;
     [SecretField.KEY]?: string;
     [SecretField.SERVICE]: string;
@@ -110,5 +112,5 @@ export declare const keyChainImpl: {
     linux: KeychainAccess;
     validateProgram: (programPath: string, fsIfc: FsIfc, isExeIfc: (mode: number, gid: number, uid: number) => boolean) => Promise<void>;
 };
-export declare type KeyChain = GenericUnixKeychainAccess | GenericWindowsKeychainAccess | KeychainAccess;
+export type KeyChain = GenericUnixKeychainAccess | GenericWindowsKeychainAccess | KeychainAccess;
 export {};

package/lib/crypto/keyChainImpl.js

@@ -9,36 +9,22 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.keyChainImpl = exports.GenericWindowsKeychainAccess = exports.GenericUnixKeychainAccess = exports.GenericKeychainAccess = exports.KeychainAccess = void 0;
 const childProcess = require("child_process");
 const nodeFs = require("fs");
+const fs = require("fs");
 const os = require("os");
-const path = require("path");
 const os_1 = require("os");
+const path = require("path");
 const ts_types_1 = require("@salesforce/ts-types");
+const kit_1 = require("@salesforce/kit");
 const global_1 = require("../global");
-const fs_1 = require("../util/fs");
 const messages_1 = require("../messages");
-messages_1.Messages.importMessagesDirectory(__dirname);
-const messages = messages_1.Messages.load('@salesforce/core', 'encryption', [
-    'missingCredentialProgramError',
-    'credentialProgramAccessError',
-    'keyChainServiceRequiredError',
-    'keyChainAccountRequiredError',
-    'passwordRetryError',
-    'passwordRequiredError',
-    'passwordNotFoundError',
-    'setCredentialError',
-    'keyChainUserCanceledError',
-    'genericKeychainServiceError',
-    'genericKeychainInvalidPermsError',
-]);
+const messages = new messages_1.Messages('@salesforce/core', 'encryption', new Map([["invalidEncryptedFormatError", "The encrypted data is not properly formatted."], ["invalidEncryptedFormatError.actions", ["If attempting to create a scratch org then re-authorize. Otherwise create a new scratch org."]], ["authDecryptError", "Failed to decipher auth data. reason: %s."], ["unsupportedOperatingSystemError", "Unsupported Operating System: %s"], ["missingCredentialProgramError", "Unable to find required security software: %s"], ["credentialProgramAccessError", "Unable to execute security software: %s"], ["passwordRetryError", "Failed to get the password after %i retries."], ["passwordRequiredError", "A password is required."], ["keyChainServiceRequiredError", "Unable to get or set a keychain value without a service name."], ["keyChainAccountRequiredError", "Unable to get or set a keychain value without an account name."], ["keyChainUserCanceledError", "User canceled authentication."], ["keychainPasswordCreationError", "Failed to create a password in the keychain."], ["genericKeychainServiceError", "The service and account specified in %s do not match the version of the toolbelt."], ["genericKeychainServiceError.actions", ["Check your toolbelt version and re-auth."]], ["genericKeychainInvalidPermsError", "Invalid file permissions for secret file"], ["genericKeychainInvalidPermsError.actions", ["Ensure the file %s has the file permission octal value of %s."]], ["passwordNotFoundError", "Could not find password.\n%s"], ["passwordNotFoundError.actions", ["Ensure a valid password is returned with the following command: [%s]"]], ["setCredentialError", "Command failed with response:\n%s"], ["setCredentialError.actions", ["Determine why this command failed to set an encryption key for user %s: [%s]."]], ["macKeychainOutOfSync", "We\u2019ve encountered an error with the Mac keychain being out of sync with your `sfdx` credentials. To fix the problem, sync your credentials by authenticating into your org again using the auth commands."]]));
 const GET_PASSWORD_RETRY_COUNT = 3;
 /**
  * Helper to reduce an array of cli args down to a presentable string for logging.
  *
  * @param optionsArray CLI command args.
  */
-function _optionsToString(optionsArray) {
-    return optionsArray.reduce((accum, element) => `${accum} ${element}`);
-}
+const optionsToString = (optionsArray) => optionsArray.join(' ');
 /**
  * Helper to determine if a program is executable. Returns `true` if the program is executable for the user. For
  * Windows true is always returned.
@@ -47,7 +33,7 @@ function _optionsToString(optionsArray) {
  * @param gid Unix group id.
  * @param uid Unix user id.
  */
-const _isExe = (mode, gid, uid) => {
+const isExe = (mode, gid, uid) => {
     if (process.platform === 'win32') {
         return true;
     }
@@ -58,15 +44,18 @@ const _isExe = (mode, gid, uid) => {
 /**
  * Private helper to validate that a program exists on the file system and is executable.
  *
- * **Throws** *{@link SfdxError}{ name: 'MissingCredentialProgramError' }* When the OS credential program isn't found.
+ * **Throws** *{@link SfError}{ name: 'MissingCredentialProgramError' }* When the OS credential program isn't found.
  *
- * **Throws** *{@link SfdxError}{ name: 'CredentialProgramAccessError' }* When the OS credential program isn't accessible.
+ * **Throws** *{@link SfError}{ name: 'CredentialProgramAccessError' }* When the OS credential program isn't accessible.
  *
  * @param programPath The absolute path of the program.
  * @param fsIfc The file system interface.
  * @param isExeIfc Executable validation function.
  */
-const _validateProgram = async (programPath, fsIfc, isExeIfc) => {
+// eslint-disable-next-line no-underscore-dangle
+const _validateProgram = async (programPath, fsIfc, isExeIfc
+// eslint-disable-next-line @typescript-eslint/require-await
+) => {
     let noPermission;
     try {
         const stats = fsIfc.statSync(programPath);
@@ -97,7 +86,7 @@ class KeychainAccess {
      * Validates the os level program is executable.
      */
     async validateProgram() {
-        await _validateProgram(this.osImpl.getProgram(), this.fsIfc, _isExe);
+        await _validateProgram(this.osImpl.getProgram(), this.fsIfc, isExe);
     }
     /**
      * Returns a password using the native program for credential management.
@@ -135,6 +124,7 @@ class KeychainAccess {
                 return await this.osImpl.onGetCommandClose(code, stdout, stderr, opts, fn);
             }
             catch (e) {
+                // eslint-disable-next-line @typescript-eslint/ban-ts-comment
                 // @ts-ignore
                 if (e.retry) {
                     if (retryCount >= GET_PASSWORD_RETRY_COUNT) {
@@ -171,7 +161,7 @@ class KeychainAccess {
             fn(messages.createError('passwordRequiredError'));
             return;
         }
-        await _validateProgram(this.osImpl.getProgram(), this.fsIfc, _isExe);
+        await _validateProgram(this.osImpl.getProgram(), this.fsIfc, isExe);
         const credManager = this.osImpl.setCommandFunc(opts, childProcess.spawn);
         let stdout = '';
         let stderr = '';
@@ -187,7 +177,7 @@ class KeychainAccess {
         }
         credManager.on('close', 
         // eslint-disable-next-line @typescript-eslint/no-misused-promises
-        async (code) => await this.osImpl.onSetCommandClose(code, stdout, stderr, opts, fn));
+        async (code) => this.osImpl.onSetCommandClose(code, stdout, stderr, opts, fn));
         if (credManager.stdin) {
             credManager.stdin.end();
         }
@@ -199,23 +189,25 @@ exports.KeychainAccess = KeychainAccess;
  *
  * Uses libsecret.
  */
-const _linuxImpl = {
+const linuxImpl = {
     getProgram() {
-        return process.env.SFDX_SECRET_TOOL_PATH || path.join(path.sep, 'usr', 'bin', 'secret-tool');
+        return process.env.SFDX_SECRET_TOOL_PATH ?? path.join(path.sep, 'usr', 'bin', 'secret-tool');
     },
     getProgramOptions(opts) {
         return ['lookup', 'user', opts.account, 'domain', opts.service];
     },
     getCommandFunc(opts, fn) {
-        return fn(_linuxImpl.getProgram(), _linuxImpl.getProgramOptions(opts));
+        return fn(linuxImpl.getProgram(), linuxImpl.getProgramOptions(opts));
     },
+    // eslint-disable-next-line @typescript-eslint/require-await
     async onGetCommandClose(code, stdout, stderr, opts, fn) {
         if (code === 1) {
-            const command = `${_linuxImpl.getProgram()} ${_optionsToString(_linuxImpl.getProgramOptions(opts))}`;
+            const command = `${linuxImpl.getProgram()} ${optionsToString(linuxImpl.getProgramOptions(opts))}`;
             const error = messages.createError('passwordNotFoundError', [], [command]);
             // This is a workaround for linux.
             // Calling secret-tool too fast can cause it to return an unexpected error. (below)
-            if (stderr != null && stderr.includes('invalid or unencryptable secret')) {
+            if (stderr?.includes('invalid or unencryptable secret')) {
+                // eslint-disable-next-line @typescript-eslint/ban-ts-comment
                 // @ts-ignore TODO: make an error subclass with this field
                 error.retry = true;
                 // Throwing here allows us to perform a retry in KeychainAccess
@@ -232,15 +224,16 @@ const _linuxImpl = {
         return ['store', "--label='salesforce.com'", 'user', opts.account, 'domain', opts.service];
     },
     setCommandFunc(opts, fn) {
-        const secretTool = fn(_linuxImpl.getProgram(), _linuxImpl.setProgramOptions(opts));
+        const secretTool = fn(linuxImpl.getProgram(), linuxImpl.setProgramOptions(opts));
         if (secretTool.stdin) {
             secretTool.stdin.write(`${opts.password}\n`);
         }
         return secretTool;
     },
+    // eslint-disable-next-line @typescript-eslint/require-await
     async onSetCommandClose(code, stdout, stderr, opts, fn) {
         if (code !== 0) {
-            const command = `${_linuxImpl.getProgram()} ${_optionsToString(_linuxImpl.setProgramOptions(opts))}`;
+            const command = `${linuxImpl.getProgram()} ${optionsToString(linuxImpl.setProgramOptions(opts))}`;
             fn(messages.createError('setCredentialError', [`${stdout} - ${stderr}`], [os.userInfo().username, command]));
         }
         else {
@@ -253,7 +246,7 @@ const _linuxImpl = {
  *
  * /usr/bin/security is a cli front end for OSX keychain.
  */
-const _darwinImpl = {
+const darwinImpl = {
     getProgram() {
         return path.join(path.sep, 'usr', 'bin', 'security');
     },
@@ -261,8 +254,9 @@ const _darwinImpl = {
         return ['find-generic-password', '-a', opts.account, '-s', opts.service, '-g'];
     },
     getCommandFunc(opts, fn) {
-        return fn(_darwinImpl.getProgram(), _darwinImpl.getProgramOptions(opts));
+        return fn(darwinImpl.getProgram(), darwinImpl.getProgramOptions(opts));
     },
+    // eslint-disable-next-line @typescript-eslint/require-await
     async onGetCommandClose(code, stdout, stderr, opts, fn) {
         let err;
         if (code !== 0) {
@@ -272,7 +266,7 @@ const _darwinImpl = {
                     break;
                 }
                 default: {
-                    const command = `${_darwinImpl.getProgram()} ${_optionsToString(_darwinImpl.getProgramOptions(opts))}`;
+                    const command = `${darwinImpl.getProgram()} ${optionsToString(darwinImpl.getProgramOptions(opts))}`;
                     err = messages.createError('passwordNotFoundError', [`${stdout} - ${stderr}`], [command]);
                 }
             }
@@ -283,7 +277,7 @@ const _darwinImpl = {
         // stdout. Reference: http://blog.macromates.com/2006/keychain-access-from-shell/
         if (stderr.includes('password')) {
             const match = RegExp(/"(.*)"/).exec(stderr);
-            if (!match || !match[1]) {
+            if (!match?.[1]) {
                 fn(messages.createError('passwordNotFoundError', [`${stdout} - ${stderr}`]));
             }
             else {
@@ -291,7 +285,7 @@ const _darwinImpl = {
             }
         }
         else {
-            const command = `${_darwinImpl.getProgram()} ${_optionsToString(_darwinImpl.getProgramOptions(opts))}`;
+            const command = `${darwinImpl.getProgram()} ${optionsToString(darwinImpl.getProgramOptions(opts))}`;
             fn(messages.createError('passwordNotFoundError', [`${stdout} - ${stderr}`], [command]));
         }
     },
@@ -303,11 +297,12 @@ const _darwinImpl = {
         return result;
     },
     setCommandFunc(opts, fn) {
-        return fn(_darwinImpl.getProgram(), _darwinImpl.setProgramOptions(opts));
+        return fn(darwinImpl.getProgram(), darwinImpl.setProgramOptions(opts));
     },
+    // eslint-disable-next-line @typescript-eslint/require-await
     async onSetCommandClose(code, stdout, stderr, opts, fn) {
         if (code !== 0) {
-            const command = `${_darwinImpl.getProgram()} ${_optionsToString(_darwinImpl.setProgramOptions(opts))}`;
+            const command = `${darwinImpl.getProgram()} ${optionsToString(darwinImpl.setProgramOptions(opts))}`;
             fn(messages.createError('setCredentialError', [`${stdout} - ${stderr}`], [os.userInfo().username, command]));
         }
         else {
@@ -315,31 +310,32 @@ const _darwinImpl = {
         }
     },
 };
-const secretFile = path.join((0, os_1.homedir)(), global_1.Global.SFDX_STATE_FOLDER, 'key.json');
+const getSecretFile = () => path.join(global_1.Global.DIR, 'key.json');
 var SecretField;
 (function (SecretField) {
     SecretField["SERVICE"] = "service";
     SecretField["ACCOUNT"] = "account";
     SecretField["KEY"] = "key";
 })(SecretField || (SecretField = {}));
-async function _writeFile(opts, fn) {
+async function writeFile(opts, fn) {
     try {
         const contents = {
             [SecretField.ACCOUNT]: opts.account,
             [SecretField.KEY]: opts.password,
             [SecretField.SERVICE]: opts.service,
         };
-        await fs_1.fs.mkdirp(path.dirname(secretFile));
-        await fs_1.fs.writeFile(secretFile, JSON.stringify(contents, null, 4), { mode: '600' });
+        const secretFile = getSecretFile();
+        await fs.promises.mkdir(path.dirname(secretFile), { recursive: true });
+        await fs.promises.writeFile(secretFile, JSON.stringify(contents, null, 4), { mode: '600' });
         fn(null, contents);
     }
     catch (err) {
         fn(err);
     }
 }
-async function _readFile() {
+async function readFile() {
     // The file and access is validated before this method is called
-    const fileContents = await fs_1.fs.readJsonMap(secretFile);
+    const fileContents = (0, kit_1.parseJsonMap)(await fs.promises.readFile(getSecretFile(), 'utf8'));
     return {
         account: (0, ts_types_1.ensureString)(fileContents[SecretField.ACCOUNT]),
         password: (0, ts_types_1.asString)(fileContents[SecretField.KEY]),
@@ -358,7 +354,7 @@ class GenericKeychainAccess {
             if (fileAccessError == null) {
                 // read it's contents
                 try {
-                    const { service, account, password } = await _readFile();
+                    const { service, account, password } = await readFile();
                     // validate service name and account just because
                     if (opts.service === service && opts.account === account) {
                         fn(null, password);
@@ -366,20 +362,18 @@ class GenericKeychainAccess {
                     else {
                         // if the service and account names don't match then maybe someone or something is editing
                         // that file. #donotallow
-                        fn(messages.createError('genericKeychainServiceError', [secretFile]));
+                        fn(messages.createError('genericKeychainServiceError', [getSecretFile()]));
                     }
                 }
                 catch (readJsonErr) {
                     fn(readJsonErr);
                 }
             }
+            else if (fileAccessError.code === 'ENOENT') {
+                fn(messages.createError('passwordNotFoundError'));
+            }
             else {
-                if (fileAccessError.code === 'ENOENT') {
-                    fn(messages.createError('passwordNotFoundError'));
-                }
-                else {
-                    fn(fileAccessError);
-                }
+                fn(fileAccessError);
             }
         });
     }
@@ -391,7 +385,7 @@ class GenericKeychainAccess {
                 // file not found
                 if (fileAccessError.code === 'ENOENT') {
                     // create the file
-                    await _writeFile.call(this, opts, fn);
+                    await writeFile.call(this, opts, fn);
                 }
                 else {
                     fn(fileAccessError);
@@ -399,14 +393,15 @@ class GenericKeychainAccess {
             }
             else {
                 // the existing file validated. we can write the updated key
-                await _writeFile.call(this, opts, fn);
+                await writeFile.call(this, opts, fn);
             }
         });
     }
+    // eslint-disable-next-line class-methods-use-this
     async isValidFileAccess(cb) {
         try {
             const root = (0, os_1.homedir)();
-            await fs_1.fs.access(path.join(root, global_1.Global.SFDX_STATE_FOLDER), fs_1.fs.constants.R_OK | fs_1.fs.constants.X_OK | fs_1.fs.constants.W_OK);
+            await fs.promises.access(path.join(root, global_1.Global.SFDX_STATE_FOLDER), fs.constants.R_OK | fs.constants.X_OK | fs.constants.W_OK);
             await cb(null);
         }
         catch (err) {
@@ -426,13 +421,15 @@ class GenericUnixKeychainAccess extends GenericKeychainAccess {
                 await cb(err);
             }
             else {
-                const stats = await fs_1.fs.stat(secretFile);
+                const secretFile = getSecretFile();
+                const stats = await fs.promises.stat(secretFile);
                 const octalModeStr = (stats.mode & 0o777).toString(8);
                 const EXPECTED_OCTAL_PERM_VALUE = '600';
                 if (octalModeStr === EXPECTED_OCTAL_PERM_VALUE) {
                     await cb(null);
                 }
                 else {
+                    // eslint-disable-next-line @typescript-eslint/no-floating-promises
                     cb(messages.createError('genericKeychainInvalidPermsError', [secretFile], [secretFile, EXPECTED_OCTAL_PERM_VALUE]));
                 }
             }
@@ -451,7 +448,7 @@ class GenericWindowsKeychainAccess extends GenericKeychainAccess {
             }
             else {
                 try {
-                    await fs_1.fs.access(secretFile, fs_1.fs.constants.R_OK | fs_1.fs.constants.W_OK);
+                    await fs.promises.access(getSecretFile(), fs.constants.R_OK | fs.constants.W_OK);
                     await cb(null);
                 }
                 catch (e) {
@@ -470,8 +467,8 @@ exports.keyChainImpl = {
     generic_unix: new GenericUnixKeychainAccess(),
     // eslint-disable-next-line camelcase
     generic_windows: new GenericWindowsKeychainAccess(),
-    darwin: new KeychainAccess(_darwinImpl, nodeFs),
-    linux: new KeychainAccess(_linuxImpl, nodeFs),
+    darwin: new KeychainAccess(darwinImpl, nodeFs),
+    linux: new KeychainAccess(linuxImpl, nodeFs),
     validateProgram: _validateProgram,
 };
 //# sourceMappingURL=keyChainImpl.js.map

package/lib/crypto/secureBuffer.d.ts

@@ -5,7 +5,7 @@ import { Optional } from '@salesforce/ts-types';
  *
  * @param buffer A buffer containing the decrypted secret.
  */
-export declare type DecipherCallback<T> = (buffer: Buffer) => T;
+export type DecipherCallback<T> = (buffer: Buffer) => T;
 /**
  * Used to store and retrieve a sensitive information in memory. This is not meant for at rest encryption.
  *

package/lib/deviceOauthService.d.ts

@@ -1,7 +1,7 @@
 import { AsyncCreatable } from '@salesforce/kit';
-import { OAuth2Config } from 'jsforce/lib/oauth2';
-import { Nullable, JsonMap } from '@salesforce/ts-types';
-import { AuthInfo } from './org/authInfo';
+import { OAuth2Config } from 'jsforce';
+import { JsonMap, Nullable } from '@salesforce/ts-types';
+import { AuthInfo } from './org';
 export interface DeviceCodeResponse extends JsonMap {
     device_code: string;
     interval: number;