aes-bridge 2.0.5 → 2.1.0

package/.github/workflows/publish.yml

@@ -8,6 +8,10 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
 
+    permissions:
+      id-token: write
+      contents: read
+
     environment:
       name: npm
       url: https://www.npmjs.com/package/aes-bridge
@@ -20,7 +24,6 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version: '20'
-          registry-url: 'https://registry.npmjs.org/'
 
       - name: Install dependencies
         run: npm ci
@@ -29,6 +32,4 @@ jobs:
         run: npm run build
 
       - name: Publish to npm
-        run: npm publish --access public
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: npm publish --access public --provenance

package/.github/workflows/tests.yml

@@ -1,4 +1,4 @@
-name: Run Tests
+name: Tests
 
 on:
   push:
@@ -22,5 +22,5 @@ jobs:
       run: npm ci
 
     - name: Run tests
-      run: npm test
+      run: npm run test:build
 

package/README.md

@@ -1,6 +1,7 @@
 # AesBridge JS
-![NPM Version](https://img.shields.io/npm/v/aes-bridge.svg)
-![CI Status](https://github.com/mervick/aes-bridge-js/actions/workflows/tests.yml/badge.svg)
+
+[![NPM Version](https://img.shields.io/npm/v/aes-bridge.svg)](https://www.npmjs.com/package/aes-bridge)
+[![CI Status](https://github.com/mervick/aes-bridge-js/actions/workflows/tests.yml/badge.svg)](https://github.com/mervick/aes-bridge-js/actions/workflows/tests.yml)
 
 **AesBridge** is a modern, secure, and cross-language **AES** encryption library. It offers a unified interface for encrypting and decrypting data across multiple programming languages. Supports **GCM**, **CBC**, and **legacy AES Everywhere** modes.
 
@@ -43,7 +44,7 @@ yarn add aes-bridge
 
 #### CDN Option
 ```html
-<script src="https://cdn.jsdelivr.net/npm/aes-bridge@v2.0.0/dist/aes-bridge.umd.js"></script>
+<script src="https://cdn.jsdelivr.net/npm/aes-bridge@v2.0.5/dist/aes-bridge.umd.js"></script>
 ```
 
 #### Node.js (ES Modules)
@@ -135,8 +136,9 @@ All functions in this library return a `Promise`. Specifically:
 * `decrypt`, `decryptGcm`, `decryptGcmBin`, `decryptCbc`, `decryptCbcBin`, `decryptLegacy`  
 **Returns:** `Promise<Uint8Array>` - raw binary data.
 
+---
 
-## Converting `Uint8Array` to `string`
+### Converting `Uint8Array` to `string`
 
 As noted above, decryption functions and binary encryption functions (those with `decrypt` or `Bin` in their name) return a `Promise<Uint8Array>`. If you need to convert this `Uint8Array` back into a human-readable string, you'll typically use the `TextDecoder` API, especially if the original data was a UTF-8 encoded string.
 

package/cli.js

@@ -85,15 +85,19 @@ program
                   throw new Error('Invalid decryption mode.');
           }
 
-          const decoder = new TextDecoder('utf-8', { fatal: true });
-          decryptedResult = decoder.decode(decryptedResult);
-
           if (options.b64) {
-              // If --b64, encode the decrypted result to base64.
-              console.log(decryptedResult.toString('base64'));
+            // If --b64, encode the decrypted result to base64.
+            let binaryString = '';
+            decryptedResult.forEach(byte => {
+              binaryString += String.fromCharCode(byte);
+            });
+
+            console.log(btoa(binaryString));
           } else {
-              // Otherwise, assume it's UTF-8 and print.
-              console.log(decryptedResult.toString('utf8'));
+            const decoder = new TextDecoder('utf-8', { fatal: true });
+            decryptedResult = decoder.decode(decryptedResult);
+            // Otherwise, assume it's UTF-8 and print.
+            console.log(decryptedResult.toString('utf8'));
           }
       } catch (error) {
           console.error(`Error: ${error.message}`);

package/dist/cbc.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Encrypts plaintext using AES-CBC + HMAC with derived key from password.
+ * Returns binary format: salt (16) + IV (16) + ciphertext + HMAC (32).
+ */
+export function encryptCbcBin(plaintext: string | Uint8Array, password: string | Uint8Array): Promise<Uint8Array>;
+
+/**
+ * Decrypts binary data encrypted with `encryptCbcBin`.
+ */
+export function decryptCbcBin(data: string | Uint8Array, password: string | Uint8Array): Promise<Uint8Array>;
+
+/**
+ * Encrypts data and returns result as base64 string.
+ */
+export function encryptCbc(data: string | Uint8Array, password: string | Uint8Array): Promise<string>;
+
+/**
+ * Decrypts base64-encoded AES-CBC + HMAC data.
+ */
+export function decryptCbc(data: string, password: string | Uint8Array): Promise<Uint8Array>;

package/dist/common.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Converts a string to Uint8Array using UTF-8 encoding.
+ * If input is already Uint8Array, returns it as-is.
+ */
+export function toBytes(input: string | Uint8Array): Uint8Array;
+
+/**
+ * Converts an Uint8Array to string using UTF-8 encoding.
+ */
+export function bytesToString(bytes: Uint8Array | string): string;
+
+/**
+ * Generates a random Uint8Array of given length using secure crypto.
+ */
+export function generateRandom(length: number): Uint8Array;
+
+/**
+ * Encodes bytes to base64 string.
+ */
+export function base64Encode(bytes: Uint8Array): string;
+
+/**
+ * Decodes base64 string to Uint8Array.
+ */
+export function base64Decode(b64: string): Uint8Array;

package/dist/gcm.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Encrypts plaintext using AES-GCM with key derived from password.
+ * Output format: salt(16) + nonce(12) + ciphertext + tag(16)
+ */
+export function encryptGcmBin(plaintext: string | Uint8Array, password: string | Uint8Array): Promise<Uint8Array>;
+
+/**
+ * Decrypts binary data produced by encryptGcmBin().
+ */
+export function decryptGcmBin(data: string | Uint8Array, password: string | Uint8Array): Promise<Uint8Array>;
+
+/**
+ * Encrypts data using AES-GCM and returns Base64 string.
+ */
+export function encryptGcm(data: string | Uint8Array, password: string | Uint8Array): Promise<string>;
+
+/**
+ * Decrypts Base64 encoded AES-GCM data.
+ */
+export function decryptGcm(data: string, password: string | Uint8Array): Promise<Uint8Array>;

package/dist/index.d.ts

@@ -0,0 +1,6 @@
+export { encryptCbc, encryptCbcBin, decryptCbc, decryptCbcBin } from "./cbc";
+export { encryptGcm, encryptGcmBin, decryptGcm, decryptGcmBin } from "./gcm";
+export { encryptLegacy, decryptLegacy } from "./legacy";
+
+export const encrypt: typeof import("./gcm").encryptGcm;
+export const decrypt: typeof import("./gcm").decryptGcm;

package/dist/legacy.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Encrypts plaintext using AES-256-CBC with OpenSSL-compatible format.
+ * Output: Base64 encoded "Salted__" + salt(8) + ciphertext
+ */
+export function encryptLegacy(raw: string | Uint8Array, passphrase: string | Uint8Array): Promise<string>;
+
+/**
+ * Decrypts Base64-encoded AES-256-CBC data with OpenSSL-compatible format.
+ */
+export function decryptLegacy(enc: string, passphrase: string | Uint8Array): Promise<Uint8Array>;

package/dist/md5.d.ts

@@ -0,0 +1,40 @@
+type InputType = string | number[] | Uint8Array | ArrayBuffer;
+
+interface Md5 {
+  update(message: InputType): Md5;
+  hex(): string;
+  toString(): string;
+  digest(): number[];
+  array(): number[];
+  arrayBuffer(): ArrayBuffer;
+  buffer(): ArrayBuffer;
+  base64(): string;
+}
+
+interface HmacMd5 extends Md5 {}
+
+interface Md5Static {
+  (message: InputType): string;
+  hex(message: InputType): string;
+  array(message: InputType): number[];
+  digest(message: InputType): number[];
+  arrayBuffer(message: InputType): ArrayBuffer;
+  buffer(message: InputType): ArrayBuffer;
+  base64(message: InputType): string;
+  create(): Md5;
+  update(message: InputType): Md5;
+  hmac: {
+    (key: InputType, message: InputType): string;
+    hex(key: InputType, message: InputType): string;
+    array(key: InputType, message: InputType): number[];
+    digest(key: InputType, message: InputType): number[];
+    arrayBuffer(key: InputType, message: InputType): ArrayBuffer;
+    buffer(key: InputType, message: InputType): ArrayBuffer;
+    base64(key: InputType, message: InputType): string;
+    create(key: InputType): HmacMd5;
+    update(key: InputType, message: InputType): HmacMd5;
+  };
+}
+
+declare const md5: Md5Static;
+export default md5;

package/package.json

@@ -1,17 +1,24 @@
 {
   "name": "aes-bridge",
-  "version": "2.0.5",
+  "version": "2.1.0",
   "description": "AesBridge is a modern, secure and cross-language AES encryption library",
-  "type": "module",
   "main": "dist/aes-bridge.umd.js",
   "module": "dist/aes-bridge.esm.js",
+  "types": "dist/index.d.ts",
   "exports": {
-    "import": "./dist/aes-bridge.esm.js",
-    "require": "./dist/aes-bridge.umd.js"
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/aes-bridge.esm.js",
+      "require": "./dist/aes-bridge.cjs.js",
+      "default": "./dist/aes-bridge.umd.js"
+    }
   },
   "scripts": {
-    "build": "rollup -c",
-    "test": "vitest"
+    "build": "rollup -c && npm run copy-types",
+    "copy-types": "cp src/*.d.ts dist/ 2>/dev/null || true",
+    "test": "vitest --run",
+    "test:build": "npm run build && npm test",
+    "test:formats": "npm run build && vitest formats.test.js"
   },
   "repository": {
     "type": "git",

package/rollup.config.js

@@ -1,6 +1,6 @@
 import json from '@rollup/plugin-json';
 import terser from '@rollup/plugin-terser';
-// import commonjs from '@rollup/plugin-commonjs';
+import commonjs from '@rollup/plugin-commonjs';
 import { nodeResolve } from '@rollup/plugin-node-resolve';
 
 export default [
@@ -21,11 +21,13 @@ export default [
       {
         file: 'dist/aes-bridge.cjs.js',
         format: 'cjs',
-        sourcemap: true
+        sourcemap: true,
+        exports: 'named',
+        esModule: false
       }
     ],
     plugins: [
-      // commonjs(),
+      commonjs(),
       nodeResolve(),
       json(),
       terser({
@@ -33,6 +35,7 @@ export default [
           comments: false
         }
       })
-    ]
+    ],
+    external: []
   }
 ];

package/src/cbc.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Encrypts plaintext using AES-CBC + HMAC with derived key from password.
+ * Returns binary format: salt (16) + IV (16) + ciphertext + HMAC (32).
+ */
+export function encryptCbcBin(plaintext: string | Uint8Array, password: string | Uint8Array): Promise<Uint8Array>;
+
+/**
+ * Decrypts binary data encrypted with `encryptCbcBin`.
+ */
+export function decryptCbcBin(data: string | Uint8Array, password: string | Uint8Array): Promise<Uint8Array>;
+
+/**
+ * Encrypts data and returns result as base64 string.
+ */
+export function encryptCbc(data: string | Uint8Array, password: string | Uint8Array): Promise<string>;
+
+/**
+ * Decrypts base64-encoded AES-CBC + HMAC data.
+ */
+export function decryptCbc(data: string, password: string | Uint8Array): Promise<Uint8Array>;

package/src/common.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Converts a string to Uint8Array using UTF-8 encoding.
+ * If input is already Uint8Array, returns it as-is.
+ */
+export function toBytes(input: string | Uint8Array): Uint8Array;
+
+/**
+ * Converts an Uint8Array to string using UTF-8 encoding.
+ */
+export function bytesToString(bytes: Uint8Array | string): string;
+
+/**
+ * Generates a random Uint8Array of given length using secure crypto.
+ */
+export function generateRandom(length: number): Uint8Array;
+
+/**
+ * Encodes bytes to base64 string.
+ */
+export function base64Encode(bytes: Uint8Array): string;
+
+/**
+ * Decodes base64 string to Uint8Array.
+ */
+export function base64Decode(b64: string): Uint8Array;

package/src/gcm.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Encrypts plaintext using AES-GCM with key derived from password.
+ * Output format: salt(16) + nonce(12) + ciphertext + tag(16)
+ */
+export function encryptGcmBin(plaintext: string | Uint8Array, password: string | Uint8Array): Promise<Uint8Array>;
+
+/**
+ * Decrypts binary data produced by encryptGcmBin().
+ */
+export function decryptGcmBin(data: string | Uint8Array, password: string | Uint8Array): Promise<Uint8Array>;
+
+/**
+ * Encrypts data using AES-GCM and returns Base64 string.
+ */
+export function encryptGcm(data: string | Uint8Array, password: string | Uint8Array): Promise<string>;
+
+/**
+ * Decrypts Base64 encoded AES-GCM data.
+ */
+export function decryptGcm(data: string, password: string | Uint8Array): Promise<Uint8Array>;

package/src/index.d.ts

@@ -0,0 +1,6 @@
+export { encryptCbc, encryptCbcBin, decryptCbc, decryptCbcBin } from "./cbc";
+export { encryptGcm, encryptGcmBin, decryptGcm, decryptGcmBin } from "./gcm";
+export { encryptLegacy, decryptLegacy } from "./legacy";
+
+export const encrypt: typeof import("./gcm").encryptGcm;
+export const decrypt: typeof import("./gcm").decryptGcm;

package/src/legacy.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Encrypts plaintext using AES-256-CBC with OpenSSL-compatible format.
+ * Output: Base64 encoded "Salted__" + salt(8) + ciphertext
+ */
+export function encryptLegacy(raw: string | Uint8Array, passphrase: string | Uint8Array): Promise<string>;
+
+/**
+ * Decrypts Base64-encoded AES-256-CBC data with OpenSSL-compatible format.
+ */
+export function decryptLegacy(enc: string, passphrase: string | Uint8Array): Promise<Uint8Array>;

package/src/md5.d.ts

@@ -0,0 +1,40 @@
+type InputType = string | number[] | Uint8Array | ArrayBuffer;
+
+interface Md5 {
+  update(message: InputType): Md5;
+  hex(): string;
+  toString(): string;
+  digest(): number[];
+  array(): number[];
+  arrayBuffer(): ArrayBuffer;
+  buffer(): ArrayBuffer;
+  base64(): string;
+}
+
+interface HmacMd5 extends Md5 {}
+
+interface Md5Static {
+  (message: InputType): string;
+  hex(message: InputType): string;
+  array(message: InputType): number[];
+  digest(message: InputType): number[];
+  arrayBuffer(message: InputType): ArrayBuffer;
+  buffer(message: InputType): ArrayBuffer;
+  base64(message: InputType): string;
+  create(): Md5;
+  update(message: InputType): Md5;
+  hmac: {
+    (key: InputType, message: InputType): string;
+    hex(key: InputType, message: InputType): string;
+    array(key: InputType, message: InputType): number[];
+    digest(key: InputType, message: InputType): number[];
+    arrayBuffer(key: InputType, message: InputType): ArrayBuffer;
+    buffer(key: InputType, message: InputType): ArrayBuffer;
+    base64(key: InputType, message: InputType): string;
+    create(key: InputType): HmacMd5;
+    update(key: InputType, message: InputType): HmacMd5;
+  };
+}
+
+declare const md5: Md5Static;
+export default md5;

package/test/formats.test.js

@@ -0,0 +1,133 @@
+import { describe, it, expect } from 'vitest';
+import { spawnSync } from 'child_process';
+import { readFileSync } from 'fs';
+import { rmSync, mkdirSync } from 'fs';
+import { fileURLToPath } from 'url';
+import path from 'path';
+import { writeFile, readFile } from 'fs/promises';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const distDir = path.resolve(__dirname, '../dist');
+const projectRoot = path.dirname(__dirname);
+
+describe('Build Formats Compatibility', () => {
+  const testText = 'hello world';
+  const testPass = 'MyStrongPass123';
+
+  // 1. ESM test
+  it('ESM import works', async () => {
+    const { encryptGcm, decryptGcm } = await import('../dist/aes-bridge.esm.js');
+    const ciphertext = await encryptGcm(testText, testPass);
+    const decrypted = await decryptGcm(ciphertext, testPass);
+    const plaintext = (new TextDecoder('utf-8')).decode(decrypted);
+    expect(plaintext).toBe(testText);
+  });
+
+  // 2. CJS test
+  it('CJS require works', () => {
+    const result = spawnSync('node', [
+      '-e',
+      `const aes = require('${path.resolve(distDir, 'aes-bridge.cjs.js')}');
+       console.log(JSON.stringify({
+         success: typeof aes.encryptGcm === 'function',
+         hasEncrypt: !!aes.encryptGcm
+       }))`
+    ]);
+
+    const output = JSON.parse(result.stdout.toString());
+    expect(output.success).toBe(true);
+    expect(output.hasEncrypt).toBe(true);
+  });
+
+  // 3. UMD test
+  it('UMD global works', () => {
+    const umdContent = readFileSync(path.resolve(distDir, 'aes-bridge.umd.js'), 'utf8');
+    const script = `(function() { ${umdContent} })();`;
+
+    const vm = require('vm');
+    const context = vm.createContext({ console, aes_bridge: null });
+    vm.runInContext(script, context);
+
+    expect(context.aes_bridge).toBeDefined();
+    expect(typeof context.aes_bridge.encryptGcm).toBe('function');
+  });
+
+  // 4. npm pack test
+  it('npm pack + require works', async () => {
+    const tempDir = path.join(__dirname, 'temp-pack-test');
+
+    try {
+      rmSync(tempDir, { recursive: true, force: true });
+    } catch (e) {
+    }
+
+    mkdirSync(tempDir, { recursive: true });
+
+    await writeFile(
+      path.join(tempDir, 'package.json'),
+      JSON.stringify({
+        name: 'test-consumer',
+        version: '1.0.0',
+        type: 'commonjs'
+      })
+    );
+
+    const packResult = spawnSync('npm', ['pack'], {
+      cwd: projectRoot,
+      encoding: 'utf8'
+    });
+
+    const tgzFile = packResult.stdout.trim();
+    const fullTgzPath = path.join(projectRoot, tgzFile);
+
+    const installResult = spawnSync('npm', ['install', fullTgzPath], {
+      cwd: tempDir,
+      stdio: 'inherit'
+    });
+
+    expect(installResult.status).toBe(0);
+
+    // Testing require
+    const result = spawnSync('node', [
+      '-e',
+      `const aes = require('aes-bridge');
+       (async()=>{
+         try {
+           if (!aes || !aes.encryptGcm) {
+             throw new Error('No aes.encryptGcm');
+           }
+           const ct = await aes.encryptGcm('${testText}', '${testPass}');
+           const decrypted = await aes.decryptGcm(ct, '${testPass}');
+           const pt = (new TextDecoder('utf-8')).decode(decrypted);
+           console.log(JSON.stringify({success: pt === '${testText}'}));
+         } catch(e) {
+           console.error('ERROR:', e.message);
+           console.log(JSON.stringify({success: false, error: e.message}));
+           process.exit(1);
+         }
+       })();`
+    ], {
+      cwd: tempDir,
+      timeout: 5000
+    });
+
+    if (result.status !== 0) {
+      console.error('Test result:', result.stderr.toString());
+      throw new Error(`Require test failed with status ${result.status}`);
+    }
+
+    const output = JSON.parse(result.stdout.toString().trim());
+    expect(output.success).toBe(true);
+  });
+
+  // 5. package.json exports
+  it('package.json exports are correct', () => {
+    const pkg = JSON.parse(readFileSync(path.resolve(projectRoot, 'package.json'), 'utf8'));
+    const exports = pkg.exports['.'];
+
+    expect(exports.types).toBe('./dist/index.d.ts');
+    expect(exports.import).toBe('./dist/aes-bridge.esm.js');
+    expect(exports.require).toBe('./dist/aes-bridge.cjs.js');
+    expect(exports.default).toBe('./dist/aes-bridge.umd.js');
+  });
+});

package/tsconfig.json

@@ -0,0 +1,17 @@
+{
+  "compilerOptions": {
+    "moduleResolution": "bundler",
+    "allowJs": true,
+    "esModuleInterop": true,
+    "allowSyntheticDefaultImports": true,
+    "target": "ES2020",
+    "module": "ESNext",
+    "lib": ["ES2020", "DOM"],
+    "skipLibCheck": true,
+    "noEmit": true
+  },
+  "include": [
+    "src/**/*.js",
+    "src/**/*.d.ts"
+  ]
+}

package/vitest.config.js

@@ -0,0 +1,17 @@
+import { defineConfig } from 'vitest/config';
+import path from 'path';
+
+export default defineConfig({
+  test: {
+    include: [
+      'index.test.js',
+      'formats.test.js',
+      'test/**/*.{test,spec}.js'
+    ],
+    environment: 'node',
+    coverage: {
+      provider: 'v8',
+      reporter: ['text', 'json', 'html']
+    }
+  }
+});