@vollcrypt/db-guard 0.1.2 → 0.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/prisma.d.ts CHANGED
@@ -1,13 +1,6 @@
1
- import { KmsProvider } from './kms';
1
+ import { DbGuardKeysOptions } from './kms';
2
2
  import { RateLimiterOptions } from './security';
3
- export interface PrismaDbGuardOptions {
4
- key?: Buffer | Record<string, Buffer>;
5
- kms?: {
6
- provider: KmsProvider;
7
- wrappedKey: Buffer | Record<string, Buffer>;
8
- wrappedKek?: Buffer | Record<string, Buffer>;
9
- activeKeyVersion?: string;
10
- };
3
+ export interface PrismaDbGuardOptions extends DbGuardKeysOptions {
11
4
  models: Record<string, string[]>;
12
5
  blindIndexes?: {
13
6
  rootSalt: Buffer;
@@ -31,24 +24,11 @@ export interface PrismaDbGuardOptions {
31
24
  } | undefined>;
32
25
  };
33
26
  }
34
- /**
35
- * Resolves the plaintext keys asynchronously from local config or KMS provider.
36
- */
37
- export declare function resolveKeys(options: PrismaDbGuardOptions): Promise<Record<string, Buffer>>;
38
- export declare function encryptValue(val: any, key: Buffer, version: string): string;
39
- export declare function decryptValue(stored: any, keys: Record<string, Buffer>): any;
40
- /**
41
- * Traverses query `where` arguments to rewrite exact match queries on encrypted fields
42
- * to target shadow `_bidx` columns using dynamic HKDF-SHA256 blind indexing.
43
- */
44
- export declare function rewriteQueryWhere(where: any, fields: string[], rootSalt: Buffer, modelName: string): void;
45
- /**
46
- * Appends calculated blind indexes to the write payload (create/update).
47
- */
48
- export declare function addBlindIndexes(data: any, fields: string[], rootSalt: Buffer, modelName: string): void;
49
27
  /**
50
28
  * Prisma DbGuard Extension Factory
51
29
  *
52
30
  * Bootstraps client-level field encryption, query translation, and automatic decryption.
53
31
  */
54
32
  export declare const prismaDbGuard: (options: PrismaDbGuardOptions, resolvedKeys?: Record<string, Buffer>) => (client: any) => import("@prisma/client").PrismaClientExtends<import("@prisma/client/runtime/library").InternalArgs<{}, {}, {}, {}> & import("@prisma/client/runtime/library").DefaultArgs>;
33
+ export { encryptValue, decryptValue, rewriteQueryWhere, addBlindIndexes } from './security';
34
+ export { resolveKeys } from './kms';
package/dist/prisma.js CHANGED
@@ -1,164 +1,8 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.prismaDbGuard = void 0;
4
- exports.resolveKeys = resolveKeys;
5
- exports.encryptValue = encryptValue;
6
- exports.decryptValue = decryptValue;
7
- exports.rewriteQueryWhere = rewriteQueryWhere;
8
- exports.addBlindIndexes = addBlindIndexes;
9
- const client_1 = require("@prisma/client");
10
- const blind_index_1 = require("./blind-index");
3
+ exports.resolveKeys = exports.addBlindIndexes = exports.rewriteQueryWhere = exports.decryptValue = exports.encryptValue = exports.prismaDbGuard = void 0;
11
4
  const kms_1 = require("./kms");
12
5
  const security_1 = require("./security");
13
- /**
14
- * Resolves the plaintext keys asynchronously from local config or KMS provider.
15
- */
16
- async function resolveKeys(options) {
17
- let rawKeys = {};
18
- if (options.key) {
19
- if (Buffer.isBuffer(options.key)) {
20
- rawKeys = { '1': options.key };
21
- }
22
- else {
23
- rawKeys = { ...options.key };
24
- }
25
- }
26
- else if (options.kms) {
27
- const { provider, wrappedKey, wrappedKek } = options.kms;
28
- if (Buffer.isBuffer(wrappedKey)) {
29
- if (wrappedKek && Buffer.isBuffer(wrappedKek)) {
30
- const unwrappedKek = await provider.decrypt(wrappedKek);
31
- const dek = (0, kms_1.unwrapDekLocal)(wrappedKey, unwrappedKek);
32
- unwrappedKek.fill(0); // RAM Security: zeroize KEK immediately
33
- rawKeys = { '1': dek };
34
- }
35
- else {
36
- const key = await provider.decrypt(wrappedKey);
37
- rawKeys = { '1': key };
38
- }
39
- }
40
- else {
41
- for (const [ver, wrapped] of Object.entries(wrappedKey)) {
42
- if (wrappedKek) {
43
- const wKek = Buffer.isBuffer(wrappedKek) ? wrappedKek : wrappedKek[ver];
44
- if (wKek) {
45
- const unwrappedKek = await provider.decrypt(wKek);
46
- const dek = (0, kms_1.unwrapDekLocal)(wrapped, unwrappedKek);
47
- unwrappedKek.fill(0); // RAM Security: zeroize KEK immediately
48
- rawKeys[ver] = dek;
49
- }
50
- else {
51
- rawKeys[ver] = await provider.decrypt(wrapped);
52
- }
53
- }
54
- else {
55
- rawKeys[ver] = await provider.decrypt(wrapped);
56
- }
57
- }
58
- }
59
- }
60
- else {
61
- throw new Error("Either 'key' or 'kms' configuration must be provided.");
62
- }
63
- return rawKeys;
64
- }
65
- function encryptValue(val, key, version) {
66
- if (val === null || val === undefined)
67
- return val;
68
- const plaintext = typeof val === 'string' ? val : JSON.stringify(val);
69
- const plaintextBuf = Buffer.from(plaintext, 'utf8');
70
- const encrypted = security_1.CRYPTO_ALGORITHMS['1'].encrypt(plaintextBuf, key);
71
- // RAM Security: Zeroize the plaintext buffer immediately
72
- plaintextBuf.fill(0);
73
- return `VOLLVALT:v${version}:${encrypted.toString('base64')}`;
74
- }
75
- function decryptValue(stored, keys) {
76
- if (typeof stored !== 'string') {
77
- return stored;
78
- }
79
- const parsed = (0, security_1.parseCiphertext)(stored);
80
- if (!parsed) {
81
- return stored;
82
- }
83
- const { algoId, version, base64Data } = parsed;
84
- const key = keys[version];
85
- if (!key) {
86
- throw new Error(`Decryption key version "${version}" not found in registered keys`);
87
- }
88
- try {
89
- const encryptedBuf = Buffer.from(base64Data, 'base64');
90
- const decryptor = security_1.CRYPTO_ALGORITHMS[algoId];
91
- if (!decryptor) {
92
- throw new Error(`Unsupported decryption algorithm ID "${algoId}"`);
93
- }
94
- const decrypted = decryptor.decrypt(encryptedBuf, key);
95
- const plaintext = decrypted.toString('utf8');
96
- // RAM Security: Zeroize the decrypted buffer
97
- decrypted.fill(0);
98
- try {
99
- return JSON.parse(plaintext);
100
- }
101
- catch {
102
- return plaintext;
103
- }
104
- }
105
- catch (err) {
106
- throw new Error(`Failed to decrypt field value: ${err.message}`);
107
- }
108
- }
109
- /**
110
- * Traverses query `where` arguments to rewrite exact match queries on encrypted fields
111
- * to target shadow `_bidx` columns using dynamic HKDF-SHA256 blind indexing.
112
- */
113
- function rewriteQueryWhere(where, fields, rootSalt, modelName) {
114
- if (!where || typeof where !== 'object')
115
- return;
116
- for (const field of fields) {
117
- if (where[field] !== undefined) {
118
- const val = where[field];
119
- const bidxField = `${field}_bidx`;
120
- if (typeof val === 'string' || typeof val === 'number' || typeof val === 'boolean') {
121
- where[bidxField] = (0, blind_index_1.computeBlindIndex)(val, rootSalt, `${modelName}.${field}`);
122
- delete where[field];
123
- }
124
- else if (val && typeof val === 'object') {
125
- if (val.equals !== undefined) {
126
- where[bidxField] = {
127
- equals: (0, blind_index_1.computeBlindIndex)(val.equals, rootSalt, `${modelName}.${field}`),
128
- };
129
- delete where[field];
130
- }
131
- }
132
- }
133
- }
134
- // Recurse into compound logical operators
135
- const operators = ['AND', 'OR', 'NOT'];
136
- for (const op of operators) {
137
- if (Array.isArray(where[op])) {
138
- where[op].forEach((item) => rewriteQueryWhere(item, fields, rootSalt, modelName));
139
- }
140
- else if (where[op] && typeof where[op] === 'object') {
141
- rewriteQueryWhere(where[op], fields, rootSalt, modelName);
142
- }
143
- }
144
- }
145
- /**
146
- * Appends calculated blind indexes to the write payload (create/update).
147
- */
148
- function addBlindIndexes(data, fields, rootSalt, modelName) {
149
- if (!data || typeof data !== 'object')
150
- return;
151
- if (Array.isArray(data)) {
152
- data.forEach((item) => addBlindIndexes(item, fields, rootSalt, modelName));
153
- return;
154
- }
155
- for (const field of fields) {
156
- if (data[field] !== undefined && data[field] !== null) {
157
- const bidxField = `${field}_bidx`;
158
- data[bidxField] = (0, blind_index_1.computeBlindIndex)(data[field], rootSalt, `${modelName}.${field}`);
159
- }
160
- }
161
- }
162
6
  /**
163
7
  * Prisma DbGuard Extension Factory
164
8
  *
@@ -169,10 +13,13 @@ const prismaDbGuard = (options, resolvedKeys) => {
169
13
  if (!keys) {
170
14
  if (options.key) {
171
15
  if (Buffer.isBuffer(options.key)) {
172
- keys = { '1': options.key };
16
+ keys = { '1': Buffer.from(options.key) };
173
17
  }
174
18
  else {
175
- keys = { ...options.key };
19
+ keys = {};
20
+ for (const [v, k] of Object.entries(options.key)) {
21
+ keys[v] = Buffer.from(k);
22
+ }
176
23
  }
177
24
  }
178
25
  else if (options.kms || options.multiTenant) {
@@ -183,6 +30,11 @@ const prismaDbGuard = (options, resolvedKeys) => {
183
30
  }
184
31
  }
185
32
  if (keys) {
33
+ const clonedKeys = {};
34
+ for (const [v, k] of Object.entries(keys)) {
35
+ clonedKeys[v] = Buffer.from(k);
36
+ }
37
+ keys = clonedKeys;
186
38
  (0, security_1.registerKeysForZeroization)(keys);
187
39
  }
188
40
  const activeVersion = options.kms?.activeKeyVersion || '1';
@@ -194,41 +46,49 @@ const prismaDbGuard = (options, resolvedKeys) => {
194
46
  return { keys: { '1': bgKey }, activeKey: bgKey, activeVersion: '1' };
195
47
  }
196
48
  }
197
- if (!tenantId || !options.multiTenant) {
49
+ if (options.multiTenant && !tenantId) {
50
+ throw new Error("Vollcrypt Security: tenantId must be provided in multi-tenant mode.");
51
+ }
52
+ if (!options.multiTenant) {
198
53
  if (!keys || !activeKey) {
199
54
  throw new Error("Vollcrypt Security: Global keys are not resolved.");
200
55
  }
201
56
  return { keys, activeKey, activeVersion };
202
57
  }
58
+ const tId = tenantId;
203
59
  // Check Secure TTL Cache
204
- const cachedActiveKey = (0, security_1.getCachedKey)(tenantId, activeVersion);
60
+ const cachedActiveKey = (0, security_1.getCachedKey)(tId, activeVersion);
205
61
  if (cachedActiveKey) {
206
62
  return { keys: { [activeVersion]: cachedActiveKey }, activeKey: cachedActiveKey, activeVersion };
207
63
  }
208
64
  // Cache miss: resolve configuration
209
65
  let tenantConfig;
210
66
  if (options.multiTenant.tenants) {
211
- tenantConfig = options.multiTenant.tenants[tenantId];
67
+ tenantConfig = options.multiTenant.tenants[tId];
212
68
  }
213
69
  else if (options.multiTenant.getTenantConfig) {
214
- tenantConfig = await options.multiTenant.getTenantConfig(tenantId);
70
+ tenantConfig = await options.multiTenant.getTenantConfig(tId);
215
71
  }
216
72
  if (!tenantConfig) {
217
- throw new Error(`Vollcrypt Security: Configuration not found for tenantId "${tenantId}".`);
73
+ throw new Error(`Vollcrypt Security: Configuration not found for tenantId "${tId}".`);
218
74
  }
219
- const resolvedTenantKeys = await resolveKeys({
75
+ const resolvedTenantKeysRaw = await (0, kms_1.resolveKeys)({
220
76
  ...options,
221
77
  key: tenantConfig.key,
222
78
  kms: tenantConfig.kms
223
79
  });
224
- (0, security_1.registerKeysForZeroization)(resolvedTenantKeys);
80
+ const resolvedTenantKeys = {};
81
+ for (const [v, k] of Object.entries(resolvedTenantKeysRaw)) {
82
+ resolvedTenantKeys[v] = Buffer.from(k);
83
+ }
84
+ (0, security_1.registerKeysForZeroization)(resolvedTenantKeys, tId);
225
85
  const tActiveVersion = tenantConfig.kms?.activeKeyVersion || '1';
226
86
  const tActiveKey = resolvedTenantKeys[tActiveVersion];
227
87
  if (!tActiveKey) {
228
- throw new Error(`Vollcrypt Security: Active key version "${tActiveVersion}" not found for tenantId "${tenantId}".`);
88
+ throw new Error(`Vollcrypt Security: Active key version "${tActiveVersion}" not found for tenantId "${tId}".`);
229
89
  }
230
90
  for (const [ver, keyBuf] of Object.entries(resolvedTenantKeys)) {
231
- (0, security_1.setCachedKey)(tenantId, ver, keyBuf);
91
+ (0, security_1.setCachedKey)(tId, ver, keyBuf);
232
92
  }
233
93
  return { keys: resolvedTenantKeys, activeKey: tActiveKey, activeVersion: tActiveVersion };
234
94
  };
@@ -239,7 +99,7 @@ const prismaDbGuard = (options, resolvedKeys) => {
239
99
  const cloned = { ...data };
240
100
  for (const field of fieldsToEncrypt) {
241
101
  if (cloned[field] !== undefined) {
242
- cloned[field] = encryptValue(cloned[field], encKey, encVer);
102
+ cloned[field] = (0, security_1.encryptValue)(cloned[field], encKey, encVer);
243
103
  }
244
104
  }
245
105
  return cloned;
@@ -263,7 +123,7 @@ const prismaDbGuard = (options, resolvedKeys) => {
263
123
  const cloned = { ...result };
264
124
  for (const field of fieldsToEncrypt) {
265
125
  if (cloned[field] !== undefined) {
266
- cloned[field] = (0, security_1.decryptWithSecurity)(cloned[field], (val) => decryptValue(val, decKeys), modelName, field, cloned.id || cloned._id, options);
126
+ cloned[field] = (0, security_1.decryptWithSecurity)(cloned[field], (val) => (0, security_1.decryptValue)(val, decKeys), modelName, field, cloned.id || cloned._id, options);
267
127
  }
268
128
  }
269
129
  return cloned;
@@ -285,13 +145,13 @@ const prismaDbGuard = (options, resolvedKeys) => {
285
145
  const bidxFields = options.blindIndexes?.models[modelName];
286
146
  if (bidxFields && options.blindIndexes?.rootSalt) {
287
147
  if (args.data) {
288
- addBlindIndexes(args.data, bidxFields, options.blindIndexes.rootSalt, modelName);
148
+ (0, security_1.addBlindIndexes)(args.data, bidxFields, options.blindIndexes.rootSalt, modelName);
289
149
  }
290
150
  if (args.create) {
291
- addBlindIndexes(args.create, bidxFields, options.blindIndexes.rootSalt, modelName);
151
+ (0, security_1.addBlindIndexes)(args.create, bidxFields, options.blindIndexes.rootSalt, modelName);
292
152
  }
293
153
  if (args.update) {
294
- addBlindIndexes(args.update, bidxFields, options.blindIndexes.rootSalt, modelName);
154
+ (0, security_1.addBlindIndexes)(args.update, bidxFields, options.blindIndexes.rootSalt, modelName);
295
155
  }
296
156
  }
297
157
  };
@@ -301,10 +161,11 @@ const prismaDbGuard = (options, resolvedKeys) => {
301
161
  // Rewrite queries targeting encrypted columns to use the blind index column
302
162
  const bidxFields = options.blindIndexes?.models[modelName];
303
163
  if (bidxFields && options.blindIndexes?.rootSalt && args.where) {
304
- rewriteQueryWhere(args.where, bidxFields, options.blindIndexes.rootSalt, modelName);
164
+ (0, security_1.rewriteQueryWhere)(args.where, bidxFields, options.blindIndexes.rootSalt, modelName);
305
165
  }
306
166
  };
307
- return client_1.Prisma.defineExtension((client) => {
167
+ const { Prisma } = require('@prisma/client');
168
+ return Prisma.defineExtension((client) => {
308
169
  return client.$extends({
309
170
  name: 'vollcrypt-db-guard',
310
171
  query: {
@@ -325,7 +186,7 @@ const prismaDbGuard = (options, resolvedKeys) => {
325
186
  const encrypted = encryptPayload(model, item, resolved.activeKey, resolved.activeVersion);
326
187
  const bidxFields = options.blindIndexes?.models[model];
327
188
  if (bidxFields && options.blindIndexes?.rootSalt) {
328
- addBlindIndexes(encrypted, bidxFields, options.blindIndexes.rootSalt, model);
189
+ (0, security_1.addBlindIndexes)(encrypted, bidxFields, options.blindIndexes.rootSalt, model);
329
190
  }
330
191
  return encrypted;
331
192
  });
@@ -388,3 +249,10 @@ const prismaDbGuard = (options, resolvedKeys) => {
388
249
  });
389
250
  };
390
251
  exports.prismaDbGuard = prismaDbGuard;
252
+ var security_2 = require("./security");
253
+ Object.defineProperty(exports, "encryptValue", { enumerable: true, get: function () { return security_2.encryptValue; } });
254
+ Object.defineProperty(exports, "decryptValue", { enumerable: true, get: function () { return security_2.decryptValue; } });
255
+ Object.defineProperty(exports, "rewriteQueryWhere", { enumerable: true, get: function () { return security_2.rewriteQueryWhere; } });
256
+ Object.defineProperty(exports, "addBlindIndexes", { enumerable: true, get: function () { return security_2.addBlindIndexes; } });
257
+ var kms_2 = require("./kms");
258
+ Object.defineProperty(exports, "resolveKeys", { enumerable: true, get: function () { return kms_2.resolveKeys; } });
@@ -4,13 +4,13 @@
4
4
  {
5
5
  "name": "dist/blind-index.d.ts",
6
6
  "digest": {
7
- "sha256": "7e613b58cf47bc14d647cfbfa2a9cc0f9e805dbab7562daa00ac679c30830ba7"
7
+ "sha256": "54df5b23b93c61111ba6124b9557fb4fe3f5e4af8ef18d1aeb5477826679363f"
8
8
  }
9
9
  },
10
10
  {
11
11
  "name": "dist/blind-index.js",
12
12
  "digest": {
13
- "sha256": "fb28a7038cc818346aeb212ece2e5d4f1db4b72fd3ed9dda78a1a7f5744d7455"
13
+ "sha256": "d417966c32408676efa5399b6e960b68d6015d66837b9b2bad9fa0bb9396b4be"
14
14
  }
15
15
  },
16
16
  {
@@ -22,7 +22,7 @@
22
22
  {
23
23
  "name": "dist/cli.js",
24
24
  "digest": {
25
- "sha256": "bf91d9b9d820796590d8b030e409031623d177e45cc487da8bcb66af13078ec0"
25
+ "sha256": "33c313c9195a9e00099652c3e8fac9eac169ac3b94088222fbe97e7a2e51442a"
26
26
  }
27
27
  },
28
28
  {
@@ -46,7 +46,7 @@
46
46
  {
47
47
  "name": "dist/drivers.js",
48
48
  "digest": {
49
- "sha256": "44623a5cf632c22a41b8196b809a3c00d50276bde28c2fbde13d6f4bef3177ce"
49
+ "sha256": "fac1fd60cc16c2dafa9daf234177fd2f17d41cf1015d4fcd1821adb2cdbdb970"
50
50
  }
51
51
  },
52
52
  {
@@ -58,79 +58,79 @@
58
58
  {
59
59
  "name": "dist/drizzle.js",
60
60
  "digest": {
61
- "sha256": "aad49d4c9dd41f2e44175465da6ae7f4a7ae35337ce12f7b3a87113ec0f25424"
61
+ "sha256": "3686b5a03b627e3262257f6a6d2d3addcb7f2cf3377ece458c434aad3b15d2ba"
62
62
  }
63
63
  },
64
64
  {
65
65
  "name": "dist/index.d.ts",
66
66
  "digest": {
67
- "sha256": "a4864c4ea0bb9e9cc9bc1f58cdbc31863e5543a572e6049ee900b53b9fecb003"
67
+ "sha256": "ed2935e0d96814bcf3192294462ae707acfe6934ce2aed9f859683aed88a3ea8"
68
68
  }
69
69
  },
70
70
  {
71
71
  "name": "dist/index.js",
72
72
  "digest": {
73
- "sha256": "496292f1edd16bd779f6e8712291c4b90e5b3f404d71b54f5c369c6736c26814"
73
+ "sha256": "37b74d238138bb80b65341520257b9390be3cc5b9b1f5adf579894eb4995c2ab"
74
74
  }
75
75
  },
76
76
  {
77
77
  "name": "dist/kms.d.ts",
78
78
  "digest": {
79
- "sha256": "822f37608176917f438febaaea06a3b65508c45474bd7e137c4df815c50b4854"
79
+ "sha256": "757dba651cf48b6ab68e11b5c92e8ccc81c1ca6eb9129f60a2a3b224fc4f712e"
80
80
  }
81
81
  },
82
82
  {
83
83
  "name": "dist/kms.js",
84
84
  "digest": {
85
- "sha256": "4b1a32b35545e2e7944ebba3f84272b7421ffedd1cc3c7eb569e1a6b2fcc4a02"
85
+ "sha256": "1619f068398e57c2044457d18d24ee1c626b54e12153246093d4c51add64368c"
86
86
  }
87
87
  },
88
88
  {
89
89
  "name": "dist/mongoose.d.ts",
90
90
  "digest": {
91
- "sha256": "a3bf00d62fecf9266325a9dd18c4ec272de9559355dbf3f9f43836a4688fe86b"
91
+ "sha256": "18f77aa838f2cd861cd31dd5a03fdfd86d34563a090340177dba1420b5ea9b53"
92
92
  }
93
93
  },
94
94
  {
95
95
  "name": "dist/mongoose.js",
96
96
  "digest": {
97
- "sha256": "42b2177825713fa1c618b80af6cf7a5d9f4055399c8e95b67018a0410add2a3f"
97
+ "sha256": "0b7c921d254a3c12d6d0924f3778ac39d7e95383086f1f8a893ff361a29c380b"
98
98
  }
99
99
  },
100
100
  {
101
101
  "name": "dist/prisma.d.ts",
102
102
  "digest": {
103
- "sha256": "f6b85a786a9bb964f0620df4bcad0787e5c972e853df35551cf8fc902bb79691"
103
+ "sha256": "d55f39802671b594be9c0a0512c06cb1828569dea9024c78e890c53085cf0232"
104
104
  }
105
105
  },
106
106
  {
107
107
  "name": "dist/prisma.js",
108
108
  "digest": {
109
- "sha256": "e2b7a8fa24c120f59ab48ebb508a18c01e3e24245e04c197b08ad0e327a2d9a8"
109
+ "sha256": "de57df0c3fc6657a996c804d6deee6ff83f889f457c82f55ea35064df6372eab"
110
110
  }
111
111
  },
112
112
  {
113
113
  "name": "dist/security.d.ts",
114
114
  "digest": {
115
- "sha256": "554d9ba00f800470666ab66127079df889b8d717a9cf7b28ab252f0adad64304"
115
+ "sha256": "dbe2dce83e417dc20d476e5bd476e31c3cf43e58fd363011a77dbc56ab82386f"
116
116
  }
117
117
  },
118
118
  {
119
119
  "name": "dist/security.js",
120
120
  "digest": {
121
- "sha256": "5e907c9f5ec9fb93ef07f6360d7f8572aa5a1ea1c0a32d0b10496477d0b8fd33"
121
+ "sha256": "390eb8dbf9f2eab968445dadc43e1dfa6a13217851aa2b5138a5215059c487ed"
122
122
  }
123
123
  },
124
124
  {
125
125
  "name": "dist/typeorm.d.ts",
126
126
  "digest": {
127
- "sha256": "6cc82bbbe82e260abcc789495fe85f984138c5c8368901881edaece1ffa46d8c"
127
+ "sha256": "47200df068a368cdd80b5818ae8dafc749686f8a09a0be8bd9847b175dd89fe6"
128
128
  }
129
129
  },
130
130
  {
131
131
  "name": "dist/typeorm.js",
132
132
  "digest": {
133
- "sha256": "154827069a5496e043a9f69b3249bd5dddd62690783dfa8675d06d0f574ac76b"
133
+ "sha256": "80e1908e97ffc89c426e89c71efbbd7dbea98191ec7da8ecc9d37cc439a262d8"
134
134
  }
135
135
  }
136
136
  ],
@@ -141,7 +141,7 @@
141
141
  "externalParameters": {
142
142
  "packageJson": {
143
143
  "name": "@vollcrypt/db-guard",
144
- "version": "0.1.2",
144
+ "version": "0.9.1",
145
145
  "scripts": {
146
146
  "build": "tsc && node scripts/generate-sbom.js",
147
147
  "test": "node --import tsx --test tests/*.test.ts"
@@ -170,6 +170,22 @@
170
170
  "uri": "pkg:npm/typeorm@0.3.0",
171
171
  "digest": {}
172
172
  },
173
+ {
174
+ "uri": "pkg:npm/@aws-sdk/client-kms@3.0.0",
175
+ "digest": {}
176
+ },
177
+ {
178
+ "uri": "pkg:npm/@google-cloud/kms@3.0.0",
179
+ "digest": {}
180
+ },
181
+ {
182
+ "uri": "pkg:npm/node-vault@0.9.0",
183
+ "digest": {}
184
+ },
185
+ {
186
+ "uri": "pkg:npm/pkcs11js@1.0.0",
187
+ "digest": {}
188
+ },
173
189
  {
174
190
  "uri": "pkg:rust/aes-gcm",
175
191
  "digest": {}
@@ -225,9 +241,9 @@
225
241
  "id": "https://vollcrypt.dev/builders/local-hermetic-env"
226
242
  },
227
243
  "metadata": {
228
- "invocationId": "19095e456ee2a685d43df5cc56999080",
229
- "startedOn": "2026-06-11T16:17:36.609Z",
230
- "finishedOn": "2026-06-11T16:17:36.610Z"
244
+ "invocationId": "e52b6b317496bccb3dd2fbc3c609d1f0",
245
+ "startedOn": "2026-07-09T19:07:03.950Z",
246
+ "finishedOn": "2026-07-09T19:07:03.951Z"
231
247
  }
232
248
  }
233
249
  }
@@ -1 +1,2 @@
1
- ?NENc0�HӰ�@�S�t��J�ɽ<(:3�8O �7X�q-du�Y�^~՚�8�z� Dž�
1
+ T&�~���� *F��
2
+ p��ƕ�A9�>t���V7��b���ޡA����z�oח�%!��)�