apiro-db 1.0.0

package/.gitattributes

@@ -0,0 +1,2 @@
+# Auto detect text files and perform LF normalization
+* text=auto

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Kris Powers
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,107 @@
+# Secure Store
+
+A lightweight, zero-dependency, encrypted data store for Node.js.
+
+Secure Store provides a simple key-value database similar to Quick.db, while removing all third-party dependencies and keeping your data encrypted at rest using Node’s built-in cryptography.
+
+---
+
+## Features
+
+* Zero dependencies
+* Fully asynchronous API
+* AES-256-GCM encrypted storage
+* User-supplied encryption key
+* Human-unreadable data at rest
+* Simple, familiar database methods
+
+---
+
+## Installation
+
+```bash
+npm install secure-store
+```
+
+---
+
+## Usage
+
+```js
+const { SecureStore } = require("secure-store");
+
+const db = new SecureStore({
+  file: "./data.db",
+  secret: process.env.DB_SECRET
+});
+
+await db.set("coins", 100);
+await db.add("coins", 25);
+await db.push("items", "shield");
+
+console.log(await db.get("coins")); // 125
+```
+
+---
+
+## Configuration
+
+| Option   | Type   | Required | Description                         |
+| -------- | ------ | -------- | ----------------------------------- |
+| `file`   | string | No       | Path to the encrypted data file     |
+| `secret` | string | Yes      | Encryption key provided by the user |
+
+> **Important:**
+> Losing the secret key will permanently lock access to the data.
+
+---
+
+## API Reference
+
+### `get(key)`
+
+Returns the value stored under the key.
+
+### `set(key, value)`
+
+Sets a value for the key.
+
+### `delete(key)`
+
+Deletes a key and returns `true` if it existed.
+
+### `add(key, number)`
+
+Adds a number to an existing numeric value.
+
+### `subtract(key, number)`
+
+Subtracts a number from a value.
+
+### `push(key, value)`
+
+Pushes a value onto an array.
+
+---
+
+## Security
+
+* Uses AES-256-GCM authenticated encryption
+* Key derivation via `scrypt`
+* Tamper detection built in
+* No plaintext data stored on disk
+* No external crypto dependencies
+
+---
+
+## Limitations
+
+* Single-file storage
+* Not designed for concurrent multi-process writes
+* Entire store is encrypted as a single unit
+
+---
+
+## License
+
+MIT

package/index.js

@@ -0,0 +1 @@
+module.exports = require("./lib/store");

package/lib/crypto.js

@@ -0,0 +1,48 @@
+const crypto = require("crypto");
+
+const ALGO = "aes-256-gcm";
+const IV_LENGTH = 12;
+const SALT_LENGTH = 16;
+const TAG_LENGTH = 16;
+
+function deriveKey(secret, salt) {
+  return crypto.scryptSync(secret, salt, 32);
+}
+
+function encrypt(text, secret) {
+  const iv = crypto.randomBytes(IV_LENGTH);
+  const salt = crypto.randomBytes(SALT_LENGTH);
+  const key = deriveKey(secret, salt);
+
+  const cipher = crypto.createCipheriv(ALGO, key, iv);
+  const encrypted = Buffer.concat([
+    cipher.update(text, "utf8"),
+    cipher.final()
+  ]);
+
+  const tag = cipher.getAuthTag();
+  return Buffer.concat([salt, iv, tag, encrypted]).toString("base64");
+}
+
+function decrypt(payload, secret) {
+  const buffer = Buffer.from(payload, "base64");
+
+  const salt = buffer.subarray(0, SALT_LENGTH);
+  const iv = buffer.subarray(SALT_LENGTH, SALT_LENGTH + IV_LENGTH);
+  const tag = buffer.subarray(
+    SALT_LENGTH + IV_LENGTH,
+    SALT_LENGTH + IV_LENGTH + TAG_LENGTH
+  );
+  const encrypted = buffer.subarray(SALT_LENGTH + IV_LENGTH + TAG_LENGTH);
+
+  const key = deriveKey(secret, salt);
+  const decipher = crypto.createDecipheriv(ALGO, key, iv);
+  decipher.setAuthTag(tag);
+
+  return Buffer.concat([
+    decipher.update(encrypted),
+    decipher.final()
+  ]).toString("utf8");
+}
+
+module.exports = { encrypt, decrypt };

package/lib/file.js

@@ -0,0 +1,17 @@
+const fs = require("fs/promises");
+const path = require("path");
+
+async function readFile(file) {
+  try {
+    return await fs.readFile(file, "utf8");
+  } catch {
+    return null;
+  }
+}
+
+async function writeFile(file, data) {
+  await fs.mkdir(path.dirname(file), { recursive: true });
+  await fs.writeFile(file, data);
+}
+
+module.exports = { readFile, writeFile };

package/lib/store.js

@@ -0,0 +1,79 @@
+const { readFile, writeFile } = require("./file");
+const { encrypt, decrypt } = require("./crypto");
+
+class SecureStore {
+  constructor(options = {}) {
+    if (!options.secret) {
+      throw new Error("SecureStore requires a secret key");
+    }
+
+    this.file = options.file || "./secure.db";
+    this.secret = options.secret;
+    this.data = {};
+    this.ready = this._load();
+  }
+
+  async _load() {
+    const encrypted = await readFile(this.file);
+    if (!encrypted) return;
+
+    try {
+      const decrypted = decrypt(encrypted, this.secret);
+      this.data = JSON.parse(decrypted);
+    } catch {
+      throw new Error("Failed to decrypt data store. Invalid secret?");
+    }
+  }
+
+  async _save() {
+    const json = JSON.stringify(this.data);
+    const encrypted = encrypt(json, this.secret);
+    await writeFile(this.file, encrypted);
+  }
+
+  async get(key) {
+    await this.ready;
+    return this.data[key];
+  }
+
+  async set(key, value) {
+    await this.ready;
+    this.data[key] = value;
+    await this._save();
+    return value;
+  }
+
+  async delete(key) {
+    await this.ready;
+    const existed = key in this.data;
+    delete this.data[key];
+    await this._save();
+    return existed;
+  }
+
+  async add(key, amount) {
+    await this.ready;
+    if (typeof this.data[key] !== "number") {
+      this.data[key] = 0;
+    }
+    this.data[key] += amount;
+    await this._save();
+    return this.data[key];
+  }
+
+  async subtract(key, amount) {
+    return this.add(key, -amount);
+  }
+
+  async push(key, value) {
+    await this.ready;
+    if (!Array.isArray(this.data[key])) {
+      this.data[key] = [];
+    }
+    this.data[key].push(value);
+    await this._save();
+    return this.data[key];
+  }
+}
+
+module.exports = { SecureStore };

package/package.json

@@ -0,0 +1,12 @@
+{
+  "name": "apiro-db",
+  "version": "1.0.0",
+  "description": "A lightweight, zero-dependency, encrypted data store for Node.js.",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [],
+  "author": "krispowers",
+  "license": "ISC"
+}