npm - enc-x - Versions diffs - 1.1.1 - Mend

enc-x 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.DEV.md ADDED Viewed

@@ -0,0 +1,256 @@
+# enc-x — Developer Guide
+Everything you need to work on, extend, or contribute to `enc-x`.
+---
+## Prerequisites
+- Node.js 18+
+- npm 9+
+---
+## Getting Started
+```bash
+git clone <repo>
+cd enc-x
+npm install
+npm run build
+```
+Link the CLI globally so you can test it like a real install:
+```bash
+npm link
+enc-x --help
+```
+---
+## Scripts
+| Script                  | Description                                |
+| ----------------------- | ------------------------------------------ |
+| `npm run build`         | Compile `src/` → `dist/` via tsup          |
+| `npm run dev`           | Watch mode — rebuilds on file change       |
+| `npm run typecheck`     | Type-check without emitting output         |
+| `npm test`              | Run all Jest tests (serial, `--runInBand`) |
+| `npm run test:coverage` | Run tests and generate coverage report     |
+---
+## Project Structure
+```
+enc-x/
+├── src/
+│   ├── index.ts                  # CLI entry — commander setup, command registration
+│   ├── cli/
+│   │   ├── ui.ts                 # chalk helpers (info/success/error/warn) + progress bar
+│   │   └── commands/
+│   │       ├── encrypt.ts        # `enc-x enc` handler — validates input, drives encryptFile()
+│   │       └── decrypt.ts        # `enc-x dec` handler — validates input, drives decryptFile()
+│   ├── crypto/
+│   │   ├── constants.ts          # All algorithm params and header layout constants
+│   │   ├── keys.ts               # generateSalt(), generateIV(), deriveKey() (PBKDF2)
+│   │   ├── header.ts             # serializeHeader(), parseHeader(), AUTH_TAG_OFFSET
+│   │   ├── encrypt.ts            # encryptFile() — streaming AES-256-GCM encrypt
+│   │   └── decrypt.ts            # decryptFile() — streaming AES-256-GCM decrypt
+│   └── utils/
+│       ├── mime.ts               # Extension → MIME type lookup (no external deps)
+│       ├── progress.ts           # Passthrough Transform stream for byte progress tracking
+│       └── format.ts             # formatBytes(), formatDuration()
+├── src/__tests__/
+│   ├── crypto/
+│   │   ├── constants.test.ts
+│   │   ├── keys.test.ts
+│   │   ├── header.test.ts
+│   │   └── encrypt-decrypt.test.ts
+│   └── utils/
+│       ├── format.test.ts
+│       ├── mime.test.ts
+│       └── progress.test.ts
+├── dist/                         # Compiled output (gitignored)
+├── jest.config.ts
+├── tsconfig.json                 # Main TypeScript config
+├── tsconfig.test.json            # Extends tsconfig.json — adds jest types for ts-jest
+├── tsup.config.ts                # Build config — CJS only, shebang banner, @ alias
+├── package.json
+├── .gitignore
+├── README.md                     # User-facing docs
+└── README.DEV.md                 # This file
+```
+---
+## Architecture
+### Encrypted File Format
+Every `.enc-x` file is structured as a binary header followed by raw AES-256-GCM ciphertext:
+```
+Offset   Size     Field
+──────   ──────   ─────────────────────────────────
+0        4        Magic: "ENCX" (0x45 0x4E 0x43 0x58)
+4        1        Version: 0x01
+5        32       Salt (random, generated per file)
+37       12       IV (random, generated per file)
+49       16       GCM Auth Tag (patched after encryption)
+65       2        Metadata JSON byte length (uint16 BE)
+67       N        Metadata JSON (UTF-8)
+67+N     ...      AES-256-GCM ciphertext
+```
+The metadata JSON looks like:
+```json
+{ "name": "video.mp4", "mime": "video/mp4", "size": 104857600 }
+```
+### Auth Tag Patching
+GCM auth tags are only available _after_ the cipher stream is finalized. To avoid buffering the entire ciphertext in memory, `encryptFile()` uses a two-pass approach:
+1. Write the header with 16 zero bytes in the auth tag slot
+2. Stream plaintext → cipher → output file
+3. Call `cipher.getAuthTag()` and `fd.write()` to patch the tag back at `AUTH_TAG_OFFSET` (byte 49)
+This keeps memory usage flat regardless of file size.
+### Streaming Pipeline
+```
+encryptFile:
+  createReadStream(input)
+    → [optional progress Transform]
+    → createCipheriv (AES-256-GCM)
+    → createWriteStream(output)          ← header already written
+  → patch auth tag at offset 49
+decryptFile:
+  createReadStream(input, { start: headerSize })
+    → [optional progress Transform]
+    → createDecipheriv (AES-256-GCM)     ← auth tag set before pipeline
+    → createWriteStream(output)
+```
+`pipeline()` from `node:stream/promises` is used throughout — it handles backpressure and cleans up streams on error automatically.
+### Key Derivation
+```
+password + salt (32 bytes random)
+  → PBKDF2-SHA512, 100,000 iterations
+  → 32-byte AES key
+```
+A new salt is generated for every encryption, so the same password produces a different key each time.
+---
+## TypeScript Config
+Two tsconfig files are used:
+| File                 | Purpose                                                                                                |
+| -------------------- | ------------------------------------------------------------------------------------------------------ |
+| `tsconfig.json`      | Main config — `moduleResolution: bundler`, used by tsup and `tsc --noEmit`                             |
+| `tsconfig.test.json` | Extends main — switches to `CommonJS` + `moduleResolution: node` for ts-jest, adds `"jest"` to `types` |
+The `@/*` path alias maps to `./src/*` in both configs and in tsup's esbuild options.
+`"ignoreDeprecations": "6.0"` is set in `tsconfig.test.json` because TypeScript 6 internally sets `pathsBasePath` when `paths` is used, which triggers a deprecation warning in ts-jest's DTS builder.
+---
+## Testing
+Tests live in `src/__tests__/` and mirror the `src/` structure.
+```bash
+npm test                  # run all tests
+npm run test:coverage     # with coverage report → coverage/
+```
+### Test suites
+| Suite                     | Tests | What it covers                                                                                                                            |
+| ------------------------- | ----- | ----------------------------------------------------------------------------------------------------------------------------------------- |
+| `constants.test.ts`       | 11    | Security parameter values, magic bytes, header size math                                                                                  |
+| `keys.test.ts`            | 9     | Salt/IV uniqueness, PBKDF2 determinism, key sensitivity                                                                                   |
+| `header.test.ts`          | 14    | Serialize/parse round-trips, bad magic, bad version, corrupted JSON, unicode filenames                                                    |
+| `encrypt-decrypt.test.ts` | 20    | Full round-trips (text, binary, unicode, empty, 1 MB), wrong password, partial file cleanup, progress callbacks, cross-password rejection |
+| `format.test.ts`          | 11    | formatBytes and formatDuration edge cases                                                                                                 |
+| `mime.test.ts`            | 12    | All MIME categories, unknown extensions, case-insensitivity, full paths                                                                   |
+| `progress.test.ts`        | 5     | Passthrough integrity, cumulative byte counts, empty stream                                                                               |
+Integration tests (`encrypt-decrypt.test.ts`) use real Node.js crypto with real temp files — no mocks. Each test gets a fresh `os.tmpdir()` subdirectory via `beforeEach` / `afterEach`.
+### Timeouts
+PBKDF2 with 100,000 iterations takes ~50–200ms per call. Tests that run multiple encrypt/decrypt cycles set explicit timeouts (15s–60s) to avoid flakiness on slow CI machines.
+---
+## Build
+tsup compiles to a single CJS bundle at `dist/index.js`:
+```bash
+npm run build
+```
+Key tsup options:
+- `format: ['cjs']` — CLI binary, no ESM needed
+- `banner: { js: '#!/usr/bin/env node' }` — shebang injected by tsup (not in source)
+- `dts: false` — no type declarations for a CLI
+- `clean: true` — wipes `dist/` before each build
+- `esbuildOptions.alias` — resolves `@/` → `./src/` at bundle time
+---
+## Adding a New Command
+1. Create `src/cli/commands/<name>.ts` with a `run<Name>()` async function
+2. Register it in `src/index.ts` using `program.command(...).action(...)`
+3. Add tests in `src/__tests__/`
+---
+## Dependencies
+### Runtime
+| Package        | Version | Purpose               |
+| -------------- | ------- | --------------------- |
+| `commander`    | 14.x    | CLI argument parsing  |
+| `chalk`        | 5.x     | Terminal color output |
+| `cli-progress` | 3.x     | Progress bar          |
+No third-party crypto dependencies — all encryption uses Node.js built-in `node:crypto`.
+### Dev
+| Package               | Version | Purpose                       |
+| --------------------- | ------- | ----------------------------- |
+| `typescript`          | 6.x     | Type checking                 |
+| `tsup`                | 8.x     | Bundler (esbuild-based)       |
+| `jest`                | 30.x    | Test runner                   |
+| `ts-jest`             | 29.x    | TypeScript transform for Jest |
+| `@types/node`         | 22.x    | Node.js type definitions      |
+| `@types/jest`         | 30.x    | Jest type definitions         |
+| `@types/cli-progress` | 3.x     | cli-progress type definitions |
+---
+## Contributing
+1. Fork and create a feature branch
+2. Make changes — keep the streaming-first, no-external-crypto principles
+3. Add or update tests — all cases should be covered
+4. Run `npm run typecheck && npm test` — both must pass clean
+5. Open a PR with a clear description of what changed and why

package/README.md ADDED Viewed

@@ -0,0 +1,67 @@
+# enc-x
+Encrypt and decrypt any file with a password. Fast, secure, works on files of any size.
+The command automatically detects whether to encrypt or decrypt based on the file extension.
+## Install
+```bash
+npm install -g enc-x
+```
+## Usage
+### Encrypt
+```bash
+enc-x <file> -k <password>
+```
+```bash
+enc-x video.mp4 -k "mypassword"
+# → video.mp4.enc-x
+```
+### Decrypt
+```bash
+enc-x <file.enc-x> -k <password>
+```
+```bash
+enc-x video.mp4.enc-x -k "mypassword"
+# → video.mp4
+```
+### Custom output path
+```bash
+enc-x report.pdf -k "pass" -o /secure/report.pdf.enc-x
+enc-x report.pdf.enc-x -k "pass" -o ./report.pdf
+```
+## Options
+| Option             | Short | Description         |
+| ------------------ | ----- | ------------------- |
+| `--key <password>` | `-k`  | Password (required) |
+| `--output <path>`  | `-o`  | Custom output path  |
+| `--help`           | `-h`  | Show help           |
+| `--version`        | `-v`  | Show version        |
+## Wrong password
+If the password is wrong, the output file is deleted and you'll see:
+```
+✖ Invalid password or corrupted file
+```
+## How it works
+- Pass any file → encrypts it and adds `.enc-x` extension
+- Pass a `.enc-x` file → decrypts it and restores the original filename
+- Encryption: **AES-256-GCM**
+- Key derivation: **PBKDF2-SHA512**, 100,000 iterations, random salt per file
+- Streaming I/O — no memory issues with large files

package/dist/index.js ADDED Viewed

@@ -0,0 +1,390 @@
+#!/usr/bin/env node
+'use strict';
+var commander = require('commander');
+var chalk = require('chalk');
+var fs = require('fs');
+var path3 = require('path');
+var crypto = require('crypto');
+var promises = require('stream/promises');
+var stream = require('stream');
+var cliProgress = require('cli-progress');
+function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
+var chalk__default = /*#__PURE__*/_interopDefault(chalk);
+var path3__default = /*#__PURE__*/_interopDefault(path3);
+var cliProgress__default = /*#__PURE__*/_interopDefault(cliProgress);
+// src/crypto/constants.ts
+var ALGORITHM = "aes-256-gcm";
+var KEY_LENGTH = 32;
+var IV_LENGTH = 12;
+var SALT_LENGTH = 32;
+var AUTH_TAG_LENGTH = 16;
+var PBKDF2_ITERATIONS = 1e5;
+var PBKDF2_DIGEST = "sha512";
+var FILE_EXTENSION = ".enc-x";
+var MAGIC = Buffer.from([69, 78, 67, 88]);
+var VERSION = 1;
+function generateSalt() {
+  return crypto.randomBytes(SALT_LENGTH);
+}
+function generateIV(length) {
+  return crypto.randomBytes(length);
+}
+function deriveKey(password, salt) {
+  return new Promise((resolve, reject) => {
+    crypto.pbkdf2(
+      password,
+      salt,
+      PBKDF2_ITERATIONS,
+      KEY_LENGTH,
+      PBKDF2_DIGEST,
+      (err, key) => {
+        if (err) reject(err);
+        else resolve(key);
+      }
+    );
+  });
+}
+// src/crypto/header.ts
+function serializeHeader(salt, iv, metadata, authTag = Buffer.alloc(AUTH_TAG_LENGTH)) {
+  const metaJson = Buffer.from(JSON.stringify(metadata), "utf8");
+  const metaLen = Buffer.alloc(2);
+  metaLen.writeUInt16BE(metaJson.length, 0);
+  return Buffer.concat([
+    MAGIC,
+    Buffer.from([VERSION]),
+    salt,
+    iv,
+    authTag,
+    metaLen,
+    metaJson
+  ]);
+}
+function parseHeader(buf) {
+  let offset = 0;
+  const magic = buf.subarray(offset, offset + 4);
+  offset += 4;
+  if (!magic.equals(MAGIC)) {
+    throw new Error("Not a valid .enc-x file (bad magic number)");
+  }
+  const version = buf[offset++];
+  if (version !== VERSION) {
+    throw new Error(`Unsupported .enc-x version: ${version}`);
+  }
+  const salt = Buffer.from(buf.subarray(offset, offset + SALT_LENGTH));
+  offset += SALT_LENGTH;
+  const iv = Buffer.from(buf.subarray(offset, offset + IV_LENGTH));
+  offset += IV_LENGTH;
+  const authTag = Buffer.from(buf.subarray(offset, offset + AUTH_TAG_LENGTH));
+  offset += AUTH_TAG_LENGTH;
+  const metaLen = buf.readUInt16BE(offset);
+  offset += 2;
+  const metaJson = buf.subarray(offset, offset + metaLen);
+  offset += metaLen;
+  let metadata;
+  try {
+    metadata = JSON.parse(metaJson.toString("utf8"));
+  } catch {
+    throw new Error("Corrupted .enc-x file (invalid metadata)");
+  }
+  return { salt, iv, authTag, metadata, totalSize: offset };
+}
+var AUTH_TAG_OFFSET = 4 + 1 + SALT_LENGTH + IV_LENGTH;
+var MIME_MAP = {
+  // Video
+  mp4: "video/mp4",
+  mkv: "video/x-matroska",
+  avi: "video/x-msvideo",
+  mov: "video/quicktime",
+  webm: "video/webm",
+  // Audio
+  mp3: "audio/mpeg",
+  wav: "audio/wav",
+  flac: "audio/flac",
+  aac: "audio/aac",
+  ogg: "audio/ogg",
+  // Images
+  jpg: "image/jpeg",
+  jpeg: "image/jpeg",
+  png: "image/png",
+  gif: "image/gif",
+  webp: "image/webp",
+  svg: "image/svg+xml",
+  // Documents
+  pdf: "application/pdf",
+  doc: "application/msword",
+  docx: "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
+  xls: "application/vnd.ms-excel",
+  xlsx: "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
+  ppt: "application/vnd.ms-powerpoint",
+  pptx: "application/vnd.openxmlformats-officedocument.presentationml.presentation",
+  // Archives
+  zip: "application/zip",
+  tar: "application/x-tar",
+  gz: "application/gzip",
+  "7z": "application/x-7z-compressed",
+  rar: "application/vnd.rar",
+  // Text / code
+  txt: "text/plain",
+  json: "application/json",
+  xml: "application/xml",
+  html: "text/html",
+  css: "text/css",
+  js: "application/javascript",
+  ts: "application/typescript",
+  // Executables / binaries
+  exe: "application/x-msdownload",
+  dmg: "application/x-apple-diskimage",
+  iso: "application/x-iso9660-image"
+};
+function getMimeType(filePath) {
+  const ext = path3__default.default.extname(filePath).replace(".", "").toLowerCase();
+  return MIME_MAP[ext] ?? "application/octet-stream";
+}
+function createProgressStream(total, onProgress) {
+  let processed = 0;
+  return new stream.Transform({
+    transform(chunk, _encoding, callback) {
+      processed += chunk.length;
+      onProgress(processed, total);
+      callback(null, chunk);
+    }
+  });
+}
+// src/crypto/encrypt.ts
+async function encryptFile(opts) {
+  const { inputPath, password } = opts;
+  const stat = await fs.promises.stat(inputPath);
+  const originalSize = stat.size;
+  const originalName = path3__default.default.basename(inputPath);
+  const mime = getMimeType(inputPath);
+  const salt = generateSalt();
+  const iv = generateIV(IV_LENGTH);
+  const key = await deriveKey(password, salt);
+  const metadata = {
+    name: originalName,
+    mime,
+    size: originalSize
+  };
+  const headerBuf = serializeHeader(salt, iv, metadata);
+  const outputPath = opts.outputPath ?? inputPath + FILE_EXTENSION;
+  const writeStream = fs.createWriteStream(outputPath);
+  await new Promise((resolve, reject) => {
+    writeStream.write(headerBuf, (err) => err ? reject(err) : resolve());
+  });
+  const cipher = crypto.createCipheriv(ALGORITHM, key, iv);
+  const readStream = fs.createReadStream(inputPath);
+  const progressStream = opts.onProgress ? createProgressStream(originalSize, opts.onProgress) : null;
+  const source = progressStream ? readStream.pipe(progressStream) : readStream;
+  await promises.pipeline(source, cipher, writeStream);
+  const authTag = cipher.getAuthTag();
+  const fd = await fs.promises.open(outputPath, "r+");
+  try {
+    await fd.write(authTag, 0, AUTH_TAG_LENGTH, AUTH_TAG_OFFSET);
+  } finally {
+    await fd.close();
+  }
+  return { outputPath, originalSize };
+}
+// src/utils/format.ts
+function formatBytes(bytes) {
+  if (bytes === 0) return "0 B";
+  const units = ["B", "KB", "MB", "GB", "TB"];
+  const i = Math.floor(Math.log(bytes) / Math.log(1024));
+  const value = bytes / Math.pow(1024, i);
+  return `${value.toFixed(i === 0 ? 0 : 2)} ${units[i]}`;
+}
+function formatDuration(ms) {
+  if (ms < 1e3) return `${ms}ms`;
+  const s = ms / 1e3;
+  if (s < 60) return `${s.toFixed(1)}s`;
+  const m = Math.floor(s / 60);
+  const rem = (s % 60).toFixed(0).padStart(2, "0");
+  return `${m}m ${rem}s`;
+}
+// src/cli/ui.ts
+var ui = {
+  info: (msg) => console.log(chalk__default.default.cyan("\u2139"), msg),
+  success: (msg) => console.log(chalk__default.default.green("\u2714"), msg),
+  error: (msg) => console.error(chalk__default.default.red("\u2716"), chalk__default.default.red(msg)),
+  warn: (msg) => console.warn(chalk__default.default.yellow("\u26A0"), chalk__default.default.yellow(msg)),
+  dim: (msg) => console.log(chalk__default.default.dim(msg))
+};
+function createProgressBar(label) {
+  const bar = new cliProgress__default.default.SingleBar(
+    {
+      format: `${chalk__default.default.cyan(label)} ${chalk__default.default.cyan("{bar}")} {percentage}% | {value_fmt} / {total_fmt} | ETA: {eta}s`,
+      barCompleteChar: "\u2588",
+      barIncompleteChar: "\u2591",
+      hideCursor: true,
+      clearOnComplete: false,
+      stopOnComplete: true
+    },
+    cliProgress__default.default.Presets.shades_classic
+  );
+  return {
+    start(total) {
+      bar.start(total, 0, {
+        value_fmt: formatBytes(0),
+        total_fmt: formatBytes(total)
+      });
+    },
+    update(value, total) {
+      bar.update(value, {
+        value_fmt: formatBytes(value),
+        total_fmt: formatBytes(total)
+      });
+    },
+    stop() {
+      bar.stop();
+    }
+  };
+}
+// src/cli/commands/encrypt.ts
+async function runEncrypt(filePath, opts) {
+  const inputPath = path3__default.default.resolve(filePath);
+  if (!fs.existsSync(inputPath)) {
+    ui.error(`File not found: ${filePath}`);
+    process.exit(1);
+  }
+  if (inputPath.endsWith(FILE_EXTENSION)) {
+    ui.warn(
+      "Input file already has .enc-x extension \u2014 it may already be encrypted."
+    );
+  }
+  const outputPath = opts.output ?? inputPath + FILE_EXTENSION;
+  ui.info(`Encrypting ${chalk__default.default.bold(path3__default.default.basename(inputPath))}`);
+  ui.dim(`  Output : ${outputPath}`);
+  ui.dim(`  Cipher : AES-256-GCM  |  KDF: PBKDF2-SHA512 (100,000 iterations)`);
+  const bar = createProgressBar("Encrypting");
+  let barStarted = false;
+  const start = Date.now();
+  try {
+    const result = await encryptFile({
+      inputPath,
+      password: opts.key,
+      outputPath,
+      onProgress(processed, total) {
+        if (!barStarted) {
+          bar.start(total);
+          barStarted = true;
+        }
+        bar.update(processed, total);
+      }
+    });
+    if (barStarted) bar.stop();
+    const elapsed = Date.now() - start;
+    ui.success(
+      `Done in ${formatDuration(elapsed)} \u2014 ${chalk__default.default.bold(path3__default.default.basename(result.outputPath))} (${formatBytes(result.originalSize)})`
+    );
+  } catch (err) {
+    if (barStarted) bar.stop();
+    const msg = err instanceof Error ? err.message : String(err);
+    ui.error(`Encryption failed: ${msg}`);
+    process.exit(1);
+  }
+}
+var HEADER_READ_LIMIT = 4096;
+async function decryptFile(opts) {
+  const { inputPath, password } = opts;
+  const stat = await fs.promises.stat(inputPath);
+  const totalSize = stat.size;
+  const fd = await fs.promises.open(inputPath, "r");
+  const headerBuf = Buffer.alloc(HEADER_READ_LIMIT);
+  const { bytesRead } = await fd.read(headerBuf, 0, HEADER_READ_LIMIT, 0);
+  await fd.close();
+  const header = parseHeader(headerBuf.subarray(0, bytesRead));
+  const { salt, iv, authTag, metadata, totalSize: headerSize } = header;
+  const key = await deriveKey(password, salt);
+  const outputDir = path3__default.default.dirname(inputPath);
+  const outputPath = opts.outputPath ?? path3__default.default.join(outputDir, metadata.name);
+  const decipher = crypto.createDecipheriv(ALGORITHM, key, iv);
+  decipher.setAuthTag(authTag);
+  const ciphertextSize = totalSize - headerSize;
+  const readStream = fs.createReadStream(inputPath, { start: headerSize });
+  const progressStream = opts.onProgress ? createProgressStream(ciphertextSize, opts.onProgress) : null;
+  const writeStream = fs.createWriteStream(outputPath);
+  const source = progressStream ? readStream.pipe(progressStream) : readStream;
+  try {
+    await promises.pipeline(source, decipher, writeStream);
+  } catch (err) {
+    await fs.promises.unlink(outputPath).catch(() => {
+    });
+    const msg = err instanceof Error ? err.message : String(err);
+    if (msg.includes("Unsupported state") || msg.includes("bad decrypt") || msg.includes("auth") || msg.includes("ERR_CRYPTO")) {
+      throw new Error("Invalid password or corrupted file");
+    }
+    throw err;
+  }
+  return { outputPath, originalName: metadata.name };
+}
+// src/cli/commands/decrypt.ts
+async function runDecrypt(filePath, opts) {
+  const inputPath = path3__default.default.resolve(filePath);
+  if (!fs.existsSync(inputPath)) {
+    ui.error(`File not found: ${filePath}`);
+    process.exit(1);
+  }
+  if (!inputPath.endsWith(FILE_EXTENSION)) {
+    ui.warn(
+      `File does not have a ${FILE_EXTENSION} extension \u2014 it may not be an encrypted file.`
+    );
+  }
+  ui.info(`Decrypting ${chalk__default.default.bold(path3__default.default.basename(inputPath))}`);
+  const bar = createProgressBar("Decrypting");
+  let barStarted = false;
+  const start = Date.now();
+  try {
+    const result = await decryptFile({
+      inputPath,
+      password: opts.key,
+      outputPath: opts.output,
+      onProgress(processed, total) {
+        if (!barStarted) {
+          bar.start(total);
+          barStarted = true;
+        }
+        bar.update(processed, total);
+      }
+    });
+    if (barStarted) bar.stop();
+    const elapsed = Date.now() - start;
+    ui.success(
+      `Done in ${formatDuration(elapsed)} \u2014 restored ${chalk__default.default.bold(result.originalName)}`
+    );
+    ui.dim(`  Output : ${result.outputPath}`);
+  } catch (err) {
+    if (barStarted) bar.stop();
+    const msg = err instanceof Error ? err.message : String(err);
+    if (msg === "Invalid password or corrupted file") {
+      ui.error("Invalid password or corrupted file");
+    } else {
+      ui.error(`Decryption failed: ${msg}`);
+    }
+    process.exit(1);
+  }
+}
+// src/index.ts
+var program = new commander.Command();
+program.name("enc-x").description(
+  chalk__default.default.cyan("enc-x") + " \u2014 secure AES-256-GCM file encryption & decryption"
+).version("1.1.1", "-v, --version").argument("<file>", "file to encrypt or decrypt (auto-detected by extension)").requiredOption("-k, --key <password>", "password").option("-o, --output <path>", "custom output path").action(async (file, opts) => {
+  if (file.endsWith(FILE_EXTENSION)) {
+    await runDecrypt(file, opts);
+  } else {
+    await runEncrypt(file, opts);
+  }
+});
+program.parse(process.argv);
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/crypto/constants.ts","../src/crypto/keys.ts","../src/crypto/header.ts","../src/utils/mime.ts","../src/utils/progress.ts","../src/crypto/encrypt.ts","../src/utils/format.ts","../src/cli/ui.ts","../src/cli/commands/encrypt.ts","../src/crypto/decrypt.ts","../src/cli/commands/decrypt.ts","../src/index.ts"],"names":["randomBytes","pbkdf2","path","Transform","fsp","createWriteStream","createCipheriv","createReadStream","pipeline","chalk","cliProgress","existsSync","createDecipheriv","Command"],"mappings":";;;;;;;;;;;;;;;;;;;AACO,IAAM,SAAA,GAAY,aAAA;AAClB,IAAM,UAAA,GAAa,EAAA;AACnB,IAAM,SAAA,GAAY,EAAA;AAClB,IAAM,WAAA,GAAc,EAAA;AACpB,IAAM,eAAA,GAAkB,EAAA;AACxB,IAAM,iBAAA,GAAoB,GAAA;AAC1B,IAAM,aAAA,GAAgB,QAAA;AACtB,IAAM,cAAA,GAAiB,QAAA;AAYvB,IAAM,KAAA,GAAQ,OAAO,IAAA,CAAK,CAAC,IAAM,EAAA,EAAM,EAAA,EAAM,EAAI,CAAC,CAAA;AAClD,IAAM,OAAA,GAAU,CAAA;ACVhB,SAAS,YAAA,GAAuB;AACrC,EAAA,OAAOA,mBAAY,WAAW,CAAA;AAChC;AAKO,SAAS,WAAW,MAAA,EAAwB;AACjD,EAAA,OAAOA,mBAAY,MAAM,CAAA;AAC3B;AAKO,SAAS,SAAA,CAAU,UAAkB,IAAA,EAA+B;AACzE,EAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,OAAA,EAAS,MAAA,KAAW;AACtC,IAAAC,aAAA;AAAA,MACE,QAAA;AAAA,MACA,IAAA;AAAA,MACA,iBAAA;AAAA,MACA,UAAA;AAAA,MACA,aAAA;AAAA,MACA,CAAC,KAAK,GAAA,KAAQ;AACZ,QAAA,IAAI,GAAA,SAAY,GAAG,CAAA;AAAA,qBACN,GAAG,CAAA;AAAA,MAClB;AAAA,KACF;AAAA,EACF,CAAC,CAAA;AACH;;;ACZO,SAAS,eAAA,CACd,MACA,EAAA,EACA,QAAA,EACA,UAAkB,MAAA,CAAO,KAAA,CAAM,eAAe,CAAA,EACtC;AACR,EAAA,MAAM,WAAW,MAAA,CAAO,IAAA,CAAK,KAAK,SAAA,CAAU,QAAQ,GAAG,MAAM,CAAA;AAC7D,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,KAAA,CAAM,CAAC,CAAA;AAC9B,EAAA,OAAA,CAAQ,aAAA,CAAc,QAAA,CAAS,MAAA,EAAQ,CAAC,CAAA;AAExC,EAAA,OAAO,OAAO,MAAA,CAAO;AAAA,IACnB,KAAA;AAAA,IACA,MAAA,CAAO,IAAA,CAAK,CAAC,OAAO,CAAC,CAAA;AAAA,IACrB,IAAA;AAAA,IACA,EAAA;AAAA,IACA,OAAA;AAAA,IACA,OAAA;AAAA,IACA;AAAA,GACD,CAAA;AACH;AAMO,SAAS,YAAY,GAAA,EAAyB;AACnD,EAAA,IAAI,MAAA,GAAS,CAAA;AAGb,EAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,QAAA,CAAS,MAAA,EAAQ,SAAS,CAAC,CAAA;AAC7C,EAAA,MAAA,IAAU,CAAA;AACV,EAAA,IAAI,CAAC,KAAA,CAAM,MAAA,CAAO,KAAK,CAAA,EAAG;AACxB,IAAA,MAAM,IAAI,MAAM,4CAA4C,CAAA;AAAA,EAC9D;AAGA,EAAA,MAAM,OAAA,GAAU,IAAI,MAAA,EAAQ,CAAA;AAC5B,EAAA,IAAI,YAAY,OAAA,EAAS;AACvB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,4BAAA,EAA+B,OAAO,CAAA,CAAE,CAAA;AAAA,EAC1D;AAGA,EAAA,MAAM,IAAA,GAAO,OAAO,IAAA,CAAK,GAAA,CAAI,SAAS,MAAA,EAAQ,MAAA,GAAS,WAAW,CAAC,CAAA;AACnE,EAAA,MAAA,IAAU,WAAA;AAGV,EAAA,MAAM,EAAA,GAAK,OAAO,IAAA,CAAK,GAAA,CAAI,SAAS,MAAA,EAAQ,MAAA,GAAS,SAAS,CAAC,CAAA;AAC/D,EAAA,MAAA,IAAU,SAAA;AAGV,EAAA,MAAM,OAAA,GAAU,OAAO,IAAA,CAAK,GAAA,CAAI,SAAS,MAAA,EAAQ,MAAA,GAAS,eAAe,CAAC,CAAA;AAC1E,EAAA,MAAA,IAAU,eAAA;AAGV,EAAA,MAAM,OAAA,GAAU,GAAA,CAAI,YAAA,CAAa,MAAM,CAAA;AACvC,EAAA,MAAA,IAAU,CAAA;AAGV,EAAA,MAAM,QAAA,GAAW,GAAA,CAAI,QAAA,CAAS,MAAA,EAAQ,SAAS,OAAO,CAAA;AACtD,EAAA,MAAA,IAAU,OAAA;AAEV,EAAA,IAAI,QAAA;AACJ,EAAA,IAAI;AACF,IAAA,QAAA,GAAW,IAAA,CAAK,KAAA,CAAM,QAAA,CAAS,QAAA,CAAS,MAAM,CAAC,CAAA;AAAA,EACjD,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,MAAM,0CAA0C,CAAA;AAAA,EAC5D;AAEA,EAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAA,EAAS,QAAA,EAAU,WAAW,MAAA,EAAO;AAC1D;AAMO,IAAM,eAAA,GAAkB,CAAA,GAAI,CAAA,GAAI,WAAA,GAAc,SAAA;ACnGrD,IAAM,QAAA,GAAmC;AAAA;AAAA,EAEvC,GAAA,EAAK,WAAA;AAAA,EACL,GAAA,EAAK,kBAAA;AAAA,EACL,GAAA,EAAK,iBAAA;AAAA,EACL,GAAA,EAAK,iBAAA;AAAA,EACL,IAAA,EAAM,YAAA;AAAA;AAAA,EAEN,GAAA,EAAK,YAAA;AAAA,EACL,GAAA,EAAK,WAAA;AAAA,EACL,IAAA,EAAM,YAAA;AAAA,EACN,GAAA,EAAK,WAAA;AAAA,EACL,GAAA,EAAK,WAAA;AAAA;AAAA,EAEL,GAAA,EAAK,YAAA;AAAA,EACL,IAAA,EAAM,YAAA;AAAA,EACN,GAAA,EAAK,WAAA;AAAA,EACL,GAAA,EAAK,WAAA;AAAA,EACL,IAAA,EAAM,YAAA;AAAA,EACN,GAAA,EAAK,eAAA;AAAA;AAAA,EAEL,GAAA,EAAK,iBAAA;AAAA,EACL,GAAA,EAAK,oBAAA;AAAA,EACL,IAAA,EAAM,yEAAA;AAAA,EACN,GAAA,EAAK,0BAAA;AAAA,EACL,IAAA,EAAM,mEAAA;AAAA,EACN,GAAA,EAAK,+BAAA;AAAA,EACL,IAAA,EAAM,2EAAA;AAAA;AAAA,EAEN,GAAA,EAAK,iBAAA;AAAA,EACL,GAAA,EAAK,mBAAA;AAAA,EACL,EAAA,EAAI,kBAAA;AAAA,EACJ,IAAA,EAAM,6BAAA;AAAA,EACN,GAAA,EAAK,qBAAA;AAAA;AAAA,EAEL,GAAA,EAAK,YAAA;AAAA,EACL,IAAA,EAAM,kBAAA;AAAA,EACN,GAAA,EAAK,iBAAA;AAAA,EACL,IAAA,EAAM,WAAA;AAAA,EACN,GAAA,EAAK,UAAA;AAAA,EACL,EAAA,EAAI,wBAAA;AAAA,EACJ,EAAA,EAAI,wBAAA;AAAA;AAAA,EAEJ,GAAA,EAAK,0BAAA;AAAA,EACL,GAAA,EAAK,+BAAA;AAAA,EACL,GAAA,EAAK;AACP,CAAA;AAEO,SAAS,YAAY,QAAA,EAA0B;AACpD,EAAA,MAAM,GAAA,GAAMC,uBAAK,OAAA,CAAQ,QAAQ,EAAE,OAAA,CAAQ,GAAA,EAAK,EAAE,CAAA,CAAE,WAAA,EAAY;AAChE,EAAA,OAAO,QAAA,CAAS,GAAG,CAAA,IAAK,0BAAA;AAC1B;AChDO,SAAS,oBAAA,CACd,OACA,UAAA,EACW;AACX,EAAA,IAAI,SAAA,GAAY,CAAA;AAEhB,EAAA,OAAO,IAAIC,gBAAA,CAAU;AAAA,IACnB,SAAA,CACE,KAAA,EACA,SAAA,EACA,QAAA,EACA;AACA,MAAA,SAAA,IAAa,KAAA,CAAM,MAAA;AACnB,MAAA,UAAA,CAAW,WAAW,KAAK,CAAA;AAC3B,MAAA,QAAA,CAAS,MAAM,KAAK,CAAA;AAAA,IACtB;AAAA,GACD,CAAA;AACH;;;ACSA,eAAsB,YACpB,IAAA,EACwB;AACxB,EAAA,MAAM,EAAE,SAAA,EAAW,QAAA,EAAS,GAAI,IAAA;AAGhC,EAAA,MAAM,IAAA,GAAO,MAAMC,WAAA,CAAI,IAAA,CAAK,SAAS,CAAA;AACrC,EAAA,MAAM,eAAe,IAAA,CAAK,IAAA;AAC1B,EAAA,MAAM,YAAA,GAAeF,sBAAAA,CAAK,QAAA,CAAS,SAAS,CAAA;AAC5C,EAAA,MAAM,IAAA,GAAO,YAAY,SAAS,CAAA;AAGlC,EAAA,MAAM,OAAO,YAAA,EAAa;AAC1B,EAAA,MAAM,EAAA,GAAK,WAAW,SAAS,CAAA;AAC/B,EAAA,MAAM,GAAA,GAAM,MAAM,SAAA,CAAU,QAAA,EAAU,IAAI,CAAA;AAG1C,EAAA,MAAM,QAAA,GAAyB;AAAA,IAC7B,IAAA,EAAM,YAAA;AAAA,IACN,IAAA;AAAA,IACA,IAAA,EAAM;AAAA,GACR;AAGA,EAAA,MAAM,SAAA,GAAY,eAAA,CAAgB,IAAA,EAAM,EAAA,EAAI,QAAQ,CAAA;AAGpD,EAAA,MAAM,UAAA,GAAa,IAAA,CAAK,UAAA,IAAc,SAAA,GAAY,cAAA;AAClD,EAAA,MAAM,WAAA,GAAcG,qBAAkB,UAAU,CAAA;AAGhD,EAAA,MAAM,IAAI,OAAA,CAAc,CAAC,OAAA,EAAS,MAAA,KAAW;AAC3C,IAAA,WAAA,CAAY,KAAA,CAAM,WAAW,CAAC,GAAA,KAAS,MAAM,MAAA,CAAO,GAAG,CAAA,GAAI,OAAA,EAAU,CAAA;AAAA,EACvE,CAAC,CAAA;AAGD,EAAA,MAAM,MAAA,GAASC,qBAAA,CAAe,SAAA,EAAW,GAAA,EAAK,EAAE,CAAA;AAGhD,EAAA,MAAM,UAAA,GAAaC,oBAAiB,SAAS,CAAA;AAC7C,EAAA,MAAM,iBAAiB,IAAA,CAAK,UAAA,GACxB,qBAAqB,YAAA,EAAc,IAAA,CAAK,UAAU,CAAA,GAClD,IAAA;AAEJ,EAAA,MAAM,MAAA,GAAS,cAAA,GAAiB,UAAA,CAAW,IAAA,CAAK,cAAc,CAAA,GAAI,UAAA;AAElE,EAAA,MAAMC,iBAAA,CAAS,MAAA,EAAiC,MAAA,EAAQ,WAAW,CAAA;AAGnE,EAAA,MAAM,OAAA,GAAU,OAAO,UAAA,EAAW;AAClC,EAAA,MAAM,EAAA,GAAK,MAAMJ,WAAA,CAAI,IAAA,CAAK,YAAY,IAAI,CAAA;AAC1C,EAAA,IAAI;AACF,IAAA,MAAM,EAAA,CAAG,KAAA,CAAM,OAAA,EAAS,CAAA,EAAG,iBAAiB,eAAe,CAAA;AAAA,EAC7D,CAAA,SAAE;AACA,IAAA,MAAM,GAAG,KAAA,EAAM;AAAA,EACjB;AAEA,EAAA,OAAO,EAAE,YAAY,YAAA,EAAa;AACpC;;;ACvFO,SAAS,YAAY,KAAA,EAAuB;AACjD,EAAA,IAAI,KAAA,KAAU,GAAG,OAAO,KAAA;AACxB,EAAA,MAAM,QAAQ,CAAC,GAAA,EAAK,IAAA,EAAM,IAAA,EAAM,MAAM,IAAI,CAAA;AAC1C,EAAA,MAAM,CAAA,GAAI,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,CAAI,KAAK,CAAA,GAAI,IAAA,CAAK,GAAA,CAAI,IAAI,CAAC,CAAA;AACrD,EAAA,MAAM,KAAA,GAAQ,KAAA,GAAQ,IAAA,CAAK,GAAA,CAAI,MAAM,CAAC,CAAA;AACtC,EAAA,OAAO,CAAA,EAAG,KAAA,CAAM,OAAA,CAAQ,CAAA,KAAM,CAAA,GAAI,CAAA,GAAI,CAAC,CAAC,CAAA,CAAA,EAAI,KAAA,CAAM,CAAC,CAAC,CAAA,CAAA;AACtD;AAKO,SAAS,eAAe,EAAA,EAAoB;AACjD,EAAA,IAAI,EAAA,GAAK,GAAA,EAAM,OAAO,CAAA,EAAG,EAAE,CAAA,EAAA,CAAA;AAC3B,EAAA,MAAM,IAAI,EAAA,GAAK,GAAA;AACf,EAAA,IAAI,IAAI,EAAA,EAAI,OAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,CAAC,CAAC,CAAA,CAAA,CAAA;AAClC,EAAA,MAAM,CAAA,GAAI,IAAA,CAAK,KAAA,CAAM,CAAA,GAAI,EAAE,CAAA;AAC3B,EAAA,MAAM,GAAA,GAAA,CAAO,IAAI,EAAA,EAAI,OAAA,CAAQ,CAAC,CAAA,CAAE,QAAA,CAAS,GAAG,GAAG,CAAA;AAC/C,EAAA,OAAO,CAAA,EAAG,CAAC,CAAA,EAAA,EAAK,GAAG,CAAA,CAAA,CAAA;AACrB;;;ACjBO,IAAM,EAAA,GAAK;AAAA,EAChB,IAAA,EAAM,CAAC,GAAA,KAAgB,OAAA,CAAQ,IAAIK,sBAAA,CAAM,IAAA,CAAK,QAAG,CAAA,EAAG,GAAG,CAAA;AAAA,EACvD,OAAA,EAAS,CAAC,GAAA,KAAgB,OAAA,CAAQ,IAAIA,sBAAA,CAAM,KAAA,CAAM,QAAG,CAAA,EAAG,GAAG,CAAA;AAAA,EAC3D,KAAA,EAAO,CAAC,GAAA,KAAgB,OAAA,CAAQ,KAAA,CAAMA,sBAAA,CAAM,GAAA,CAAI,QAAG,CAAA,EAAGA,sBAAA,CAAM,GAAA,CAAI,GAAG,CAAC,CAAA;AAAA,EACpE,IAAA,EAAM,CAAC,GAAA,KAAgB,OAAA,CAAQ,IAAA,CAAKA,sBAAA,CAAM,MAAA,CAAO,QAAG,CAAA,EAAGA,sBAAA,CAAM,MAAA,CAAO,GAAG,CAAC,CAAA;AAAA,EACxE,GAAA,EAAK,CAAC,GAAA,KAAgB,OAAA,CAAQ,IAAIA,sBAAA,CAAM,GAAA,CAAI,GAAG,CAAC;AAClD,CAAA;AAEO,SAAS,kBAAkB,KAAA,EAAe;AAC/C,EAAA,MAAM,GAAA,GAAM,IAAIC,4BAAA,CAAY,SAAA;AAAA,IAC1B;AAAA,MACE,MAAA,EACE,CAAA,EAAGD,sBAAA,CAAM,IAAA,CAAK,KAAK,CAAC,CAAA,CAAA,EAAIA,sBAAA,CAAM,IAAA,CAAK,OAAO,CAAC,CAAA,wDAAA,CAAA;AAAA,MAE7C,eAAA,EAAiB,QAAA;AAAA,MACjB,iBAAA,EAAmB,QAAA;AAAA,MACnB,UAAA,EAAY,IAAA;AAAA,MACZ,eAAA,EAAiB,KAAA;AAAA,MACjB,cAAA,EAAgB;AAAA,KAClB;AAAA,IACAC,6BAAY,OAAA,CAAQ;AAAA,GACtB;AAEA,EAAA,OAAO;AAAA,IACL,MAAM,KAAA,EAAe;AACnB,MAAA,GAAA,CAAI,KAAA,CAAM,OAAO,CAAA,EAAG;AAAA,QAClB,SAAA,EAAW,YAAY,CAAC,CAAA;AAAA,QACxB,SAAA,EAAW,YAAY,KAAK;AAAA,OAC7B,CAAA;AAAA,IACH,CAAA;AAAA,IACA,MAAA,CAAO,OAAe,KAAA,EAAe;AACnC,MAAA,GAAA,CAAI,OAAO,KAAA,EAAO;AAAA,QAChB,SAAA,EAAW,YAAY,KAAK,CAAA;AAAA,QAC5B,SAAA,EAAW,YAAY,KAAK;AAAA,OAC7B,CAAA;AAAA,IACH,CAAA;AAAA,IACA,IAAA,GAAO;AACL,MAAA,GAAA,CAAI,IAAA,EAAK;AAAA,IACX;AAAA,GACF;AACF;;;AC/BA,eAAsB,UAAA,CACpB,UACA,IAAA,EACe;AACf,EAAA,MAAM,SAAA,GAAYR,sBAAAA,CAAK,OAAA,CAAQ,QAAQ,CAAA;AAEvC,EAAA,IAAI,CAACS,aAAA,CAAW,SAAS,CAAA,EAAG;AAC1B,IAAA,EAAA,CAAG,KAAA,CAAM,CAAA,gBAAA,EAAmB,QAAQ,CAAA,CAAE,CAAA;AACtC,IAAA,OAAA,CAAQ,KAAK,CAAC,CAAA;AAAA,EAChB;AAEA,EAAA,IAAI,SAAA,CAAU,QAAA,CAAS,cAAc,CAAA,EAAG;AACtC,IAAA,EAAA,CAAG,IAAA;AAAA,MACD;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,UAAA,GAAa,IAAA,CAAK,MAAA,IAAU,SAAA,GAAY,cAAA;AAE9C,EAAA,EAAA,CAAG,IAAA,CAAK,cAAcF,sBAAAA,CAAM,IAAA,CAAKP,uBAAK,QAAA,CAAS,SAAS,CAAC,CAAC,CAAA,CAAE,CAAA;AAC5D,EAAA,EAAA,CAAG,GAAA,CAAI,CAAA,WAAA,EAAc,UAAU,CAAA,CAAE,CAAA;AACjC,EAAA,EAAA,CAAG,IAAI,CAAA,kEAAA,CAAoE,CAAA;AAE3E,EAAA,MAAM,GAAA,GAAM,kBAAkB,YAAY,CAAA;AAC1C,EAAA,IAAI,UAAA,GAAa,KAAA;AACjB,EAAA,MAAM,KAAA,GAAQ,KAAK,GAAA,EAAI;AAEvB,EAAA,IAAI;AACF,IAAA,MAAM,MAAA,GAAS,MAAM,WAAA,CAAY;AAAA,MAC/B,SAAA;AAAA,MACA,UAAU,IAAA,CAAK,GAAA;AAAA,MACf,UAAA;AAAA,MACA,UAAA,CAAW,WAAW,KAAA,EAAO;AAC3B,QAAA,IAAI,CAAC,UAAA,EAAY;AACf,UAAA,GAAA,CAAI,MAAM,KAAK,CAAA;AACf,UAAA,UAAA,GAAa,IAAA;AAAA,QACf;AACA,QAAA,GAAA,CAAI,MAAA,CAAO,WAAW,KAAK,CAAA;AAAA,MAC7B;AAAA,KACD,CAAA;AAED,IAAA,IAAI,UAAA,MAAgB,IAAA,EAAK;AAEzB,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,GAAA,EAAI,GAAI,KAAA;AAC7B,IAAA,EAAA,CAAG,OAAA;AAAA,MACD,WAAW,cAAA,CAAe,OAAO,CAAC,CAAA,QAAA,EAC7BO,uBAAM,IAAA,CAAKP,sBAAAA,CAAK,QAAA,CAAS,MAAA,CAAO,UAAU,CAAC,CAAC,KAC3C,WAAA,CAAY,MAAA,CAAO,YAAY,CAAC,CAAA,CAAA;AAAA,KACxC;AAAA,EACF,SAAS,GAAA,EAAc;AACrB,IAAA,IAAI,UAAA,MAAgB,IAAA,EAAK;AACzB,IAAA,MAAM,MAAM,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,OAAO,GAAG,CAAA;AAC3D,IAAA,EAAA,CAAG,KAAA,CAAM,CAAA,mBAAA,EAAsB,GAAG,CAAA,CAAE,CAAA;AACpC,IAAA,OAAA,CAAQ,KAAK,CAAC,CAAA;AAAA,EAChB;AACF;AC5CA,IAAM,iBAAA,GAAoB,IAAA;AAE1B,eAAsB,YACpB,IAAA,EACwB;AACxB,EAAA,MAAM,EAAE,SAAA,EAAW,QAAA,EAAS,GAAI,IAAA;AAEhC,EAAA,MAAM,IAAA,GAAO,MAAME,WAAAA,CAAI,IAAA,CAAK,SAAS,CAAA;AACrC,EAAA,MAAM,YAAY,IAAA,CAAK,IAAA;AAGvB,EAAA,MAAM,EAAA,GAAK,MAAMA,WAAAA,CAAI,IAAA,CAAK,WAAW,GAAG,CAAA;AACxC,EAAA,MAAM,SAAA,GAAY,MAAA,CAAO,KAAA,CAAM,iBAAiB,CAAA;AAChD,EAAA,MAAM,EAAE,WAAU,GAAI,MAAM,GAAG,IAAA,CAAK,SAAA,EAAW,CAAA,EAAG,iBAAA,EAAmB,CAAC,CAAA;AACtE,EAAA,MAAM,GAAG,KAAA,EAAM;AAEf,EAAA,MAAM,SAAS,WAAA,CAAY,SAAA,CAAU,QAAA,CAAS,CAAA,EAAG,SAAS,CAAC,CAAA;AAC3D,EAAA,MAAM,EAAE,IAAA,EAAM,EAAA,EAAI,SAAS,QAAA,EAAU,SAAA,EAAW,YAAW,GAAI,MAAA;AAG/D,EAAA,MAAM,GAAA,GAAM,MAAM,SAAA,CAAU,QAAA,EAAU,IAAI,CAAA;AAG1C,EAAA,MAAM,SAAA,GAAYF,sBAAAA,CAAK,OAAA,CAAQ,SAAS,CAAA;AACxC,EAAA,MAAM,aAAa,IAAA,CAAK,UAAA,IAAcA,uBAAK,IAAA,CAAK,SAAA,EAAW,SAAS,IAAI,CAAA;AAGxE,EAAA,MAAM,QAAA,GAAWU,uBAAA,CAAiB,SAAA,EAAW,GAAA,EAAK,EAAE,CAAA;AACpD,EAAA,QAAA,CAAS,WAAW,OAAO,CAAA;AAG3B,EAAA,MAAM,iBAAiB,SAAA,GAAY,UAAA;AACnC,EAAA,MAAM,aAAaL,mBAAAA,CAAiB,SAAA,EAAW,EAAE,KAAA,EAAO,YAAY,CAAA;AAEpE,EAAA,MAAM,iBAAiB,IAAA,CAAK,UAAA,GACxB,qBAAqB,cAAA,EAAgB,IAAA,CAAK,UAAU,CAAA,GACpD,IAAA;AAEJ,EAAA,MAAM,WAAA,GAAcF,qBAAkB,UAAU,CAAA;AAEhD,EAAA,MAAM,MAAA,GAAS,cAAA,GAAiB,UAAA,CAAW,IAAA,CAAK,cAAc,CAAA,GAAI,UAAA;AAElE,EAAA,IAAI;AACF,IAAA,MAAMG,iBAAAA,CAAS,MAAA,EAAiC,QAAA,EAAU,WAAW,CAAA;AAAA,EACvE,SAAS,GAAA,EAAc;AAErB,IAAA,MAAMJ,WAAAA,CAAI,MAAA,CAAO,UAAU,CAAA,CAAE,MAAM,MAAM;AAAA,IAAC,CAAC,CAAA;AAE3C,IAAA,MAAM,MAAM,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,OAAO,GAAG,CAAA;AAC3D,IAAA,IACE,GAAA,CAAI,QAAA,CAAS,mBAAmB,CAAA,IAChC,IAAI,QAAA,CAAS,aAAa,CAAA,IAC1B,GAAA,CAAI,SAAS,MAAM,CAAA,IACnB,GAAA,CAAI,QAAA,CAAS,YAAY,CAAA,EACzB;AACA,MAAA,MAAM,IAAI,MAAM,oCAAoC,CAAA;AAAA,IACtD;AACA,IAAA,MAAM,GAAA;AAAA,EACR;AAEA,EAAA,OAAO,EAAE,UAAA,EAAY,YAAA,EAAc,QAAA,CAAS,IAAA,EAAK;AACnD;;;ACxEA,eAAsB,UAAA,CACpB,UACA,IAAA,EACe;AACf,EAAA,MAAM,SAAA,GAAYF,sBAAAA,CAAK,OAAA,CAAQ,QAAQ,CAAA;AAEvC,EAAA,IAAI,CAACS,aAAAA,CAAW,SAAS,CAAA,EAAG;AAC1B,IAAA,EAAA,CAAG,KAAA,CAAM,CAAA,gBAAA,EAAmB,QAAQ,CAAA,CAAE,CAAA;AACtC,IAAA,OAAA,CAAQ,KAAK,CAAC,CAAA;AAAA,EAChB;AAEA,EAAA,IAAI,CAAC,SAAA,CAAU,QAAA,CAAS,cAAc,CAAA,EAAG;AACvC,IAAA,EAAA,CAAG,IAAA;AAAA,MACD,wBAAwB,cAAc,CAAA,kDAAA;AAAA,KACxC;AAAA,EACF;AAEA,EAAA,EAAA,CAAG,IAAA,CAAK,cAAcF,sBAAAA,CAAM,IAAA,CAAKP,uBAAK,QAAA,CAAS,SAAS,CAAC,CAAC,CAAA,CAAE,CAAA;AAE5D,EAAA,MAAM,GAAA,GAAM,kBAAkB,YAAY,CAAA;AAC1C,EAAA,IAAI,UAAA,GAAa,KAAA;AACjB,EAAA,MAAM,KAAA,GAAQ,KAAK,GAAA,EAAI;AAEvB,EAAA,IAAI;AACF,IAAA,MAAM,MAAA,GAAS,MAAM,WAAA,CAAY;AAAA,MAC/B,SAAA;AAAA,MACA,UAAU,IAAA,CAAK,GAAA;AAAA,MACf,YAAY,IAAA,CAAK,MAAA;AAAA,MACjB,UAAA,CAAW,WAAW,KAAA,EAAO;AAC3B,QAAA,IAAI,CAAC,UAAA,EAAY;AACf,UAAA,GAAA,CAAI,MAAM,KAAK,CAAA;AACf,UAAA,UAAA,GAAa,IAAA;AAAA,QACf;AACA,QAAA,GAAA,CAAI,MAAA,CAAO,WAAW,KAAK,CAAA;AAAA,MAC7B;AAAA,KACD,CAAA;AAED,IAAA,IAAI,UAAA,MAAgB,IAAA,EAAK;AAEzB,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,GAAA,EAAI,GAAI,KAAA;AAC7B,IAAA,EAAA,CAAG,OAAA;AAAA,MACD,CAAA,QAAA,EAAW,eAAe,OAAO,CAAC,oBACpBO,sBAAAA,CAAM,IAAA,CAAK,MAAA,CAAO,YAAY,CAAC,CAAA;AAAA,KAC/C;AACA,IAAA,EAAA,CAAG,GAAA,CAAI,CAAA,WAAA,EAAc,MAAA,CAAO,UAAU,CAAA,CAAE,CAAA;AAAA,EAC1C,SAAS,GAAA,EAAc;AACrB,IAAA,IAAI,UAAA,MAAgB,IAAA,EAAK;AACzB,IAAA,MAAM,MAAM,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,OAAO,GAAG,CAAA;AAE3D,IAAA,IAAI,QAAQ,oCAAA,EAAsC;AAChD,MAAA,EAAA,CAAG,MAAM,oCAAoC,CAAA;AAAA,IAC/C,CAAA,MAAO;AACL,MAAA,EAAA,CAAG,KAAA,CAAM,CAAA,mBAAA,EAAsB,GAAG,CAAA,CAAE,CAAA;AAAA,IACtC;AACA,IAAA,OAAA,CAAQ,KAAK,CAAC,CAAA;AAAA,EAChB;AACF;;;AC/DA,IAAM,OAAA,GAAU,IAAII,iBAAA,EAAQ;AAE5B,OAAA,CACG,IAAA,CAAK,OAAO,CAAA,CACZ,WAAA;AAAA,EACCJ,sBAAAA,CAAM,IAAA,CAAK,OAAO,CAAA,GAAI;AACxB,CAAA,CACC,QAAQ,OAAA,EAAS,eAAe,EAChC,QAAA,CAAS,QAAA,EAAU,yDAAyD,CAAA,CAC5E,cAAA,CAAe,wBAAwB,UAAU,CAAA,CACjD,OAAO,qBAAA,EAAuB,oBAAoB,EAClD,MAAA,CAAO,OAAO,MAAc,IAAA,KAA2C;AACtE,EAAA,IAAI,IAAA,CAAK,QAAA,CAAS,cAAc,CAAA,EAAG;AACjC,IAAA,MAAM,UAAA,CAAW,MAAM,IAAI,CAAA;AAAA,EAC7B,CAAA,MAAO;AACL,IAAA,MAAM,UAAA,CAAW,MAAM,IAAI,CAAA;AAAA,EAC7B;AACF,CAAC,CAAA;AAEH,OAAA,CAAQ,KAAA,CAAM,QAAQ,IAAI,CAAA","file":"index.js","sourcesContent":["// Encryption constants\nexport const ALGORITHM = \"aes-256-gcm\" as const;\nexport const KEY_LENGTH = 32; // 256 bits\nexport const IV_LENGTH = 12; // 96 bits — recommended for GCM\nexport const SALT_LENGTH = 32; // 256 bits\nexport const AUTH_TAG_LENGTH = 16; // 128 bits — GCM auth tag\nexport const PBKDF2_ITERATIONS = 100_000;\nexport const PBKDF2_DIGEST = \"sha512\" as const;\nexport const FILE_EXTENSION = \".enc-x\";\n\n// Header layout (binary, written at start of .enc-x file):\n//\n// [4 bytes] magic number 0x454E4358 (\"ENCX\")\n// [1 byte] version 0x01\n// [32 bytes] salt\n// [12 bytes] IV\n// [16 bytes] GCM auth tag (written after encryption, patched back)\n// [2 bytes] metadata JSON length (uint16 BE)\n// [N bytes] metadata JSON (UTF-8)\n//\nexport const MAGIC = Buffer.from([0x45, 0x4e, 0x43, 0x58]); // \"ENCX\"\nexport const VERSION = 0x01;\n\nexport const HEADER_FIXED_SIZE =\n 4 + // magic\n 1 + // version\n SALT_LENGTH +\n IV_LENGTH +\n AUTH_TAG_LENGTH +\n 2; // metadata length prefix\n","import { randomBytes, pbkdf2 } from \"node:crypto\";\nimport {\n KEY_LENGTH,\n SALT_LENGTH,\n PBKDF2_ITERATIONS,\n PBKDF2_DIGEST,\n} from \"@/crypto/constants\";\n\n/**\n * Generate a cryptographically secure random salt.\n */\nexport function generateSalt(): Buffer {\n return randomBytes(SALT_LENGTH);\n}\n\n/**\n * Generate a cryptographically secure random IV.\n */\nexport function generateIV(length: number): Buffer {\n return randomBytes(length);\n}\n\n/**\n * Derive a 256-bit key from a password + salt using PBKDF2-SHA512.\n */\nexport function deriveKey(password: string, salt: Buffer): Promise<Buffer> {\n return new Promise((resolve, reject) => {\n pbkdf2(\n password,\n salt,\n PBKDF2_ITERATIONS,\n KEY_LENGTH,\n PBKDF2_DIGEST,\n (err, key) => {\n if (err) reject(err);\n else resolve(key);\n },\n );\n });\n}\n","import {\n MAGIC,\n VERSION,\n SALT_LENGTH,\n IV_LENGTH,\n AUTH_TAG_LENGTH,\n} from \"@/crypto/constants\";\n\nexport interface FileMetadata {\n name: string;\n mime: string;\n size?: number;\n}\n\nexport interface EncxHeader {\n salt: Buffer;\n iv: Buffer;\n authTag: Buffer;\n metadata: FileMetadata;\n /** Total byte length of the header (fixed + variable JSON) */\n totalSize: number;\n}\n\n/**\n * Serialize the header into a Buffer.\n * Auth tag is written as 16 zero bytes and must be patched after encryption.\n */\nexport function serializeHeader(\n salt: Buffer,\n iv: Buffer,\n metadata: FileMetadata,\n authTag: Buffer = Buffer.alloc(AUTH_TAG_LENGTH),\n): Buffer {\n const metaJson = Buffer.from(JSON.stringify(metadata), \"utf8\");\n const metaLen = Buffer.alloc(2);\n metaLen.writeUInt16BE(metaJson.length, 0);\n\n return Buffer.concat([\n MAGIC,\n Buffer.from([VERSION]),\n salt,\n iv,\n authTag,\n metaLen,\n metaJson,\n ]);\n}\n\n/**\n * Parse a header from the start of an .enc-x file buffer.\n * Throws if the magic number or version is invalid.\n */\nexport function parseHeader(buf: Buffer): EncxHeader {\n let offset = 0;\n\n // Magic\n const magic = buf.subarray(offset, offset + 4);\n offset += 4;\n if (!magic.equals(MAGIC)) {\n throw new Error(\"Not a valid .enc-x file (bad magic number)\");\n }\n\n // Version\n const version = buf[offset++];\n if (version !== VERSION) {\n throw new Error(`Unsupported .enc-x version: ${version}`);\n }\n\n // Salt\n const salt = Buffer.from(buf.subarray(offset, offset + SALT_LENGTH));\n offset += SALT_LENGTH;\n\n // IV\n const iv = Buffer.from(buf.subarray(offset, offset + IV_LENGTH));\n offset += IV_LENGTH;\n\n // Auth tag\n const authTag = Buffer.from(buf.subarray(offset, offset + AUTH_TAG_LENGTH));\n offset += AUTH_TAG_LENGTH;\n\n // Metadata length\n const metaLen = buf.readUInt16BE(offset);\n offset += 2;\n\n // Metadata JSON\n const metaJson = buf.subarray(offset, offset + metaLen);\n offset += metaLen;\n\n let metadata: FileMetadata;\n try {\n metadata = JSON.parse(metaJson.toString(\"utf8\")) as FileMetadata;\n } catch {\n throw new Error(\"Corrupted .enc-x file (invalid metadata)\");\n }\n\n return { salt, iv, authTag, metadata, totalSize: offset };\n}\n\n/**\n * Patch the auth tag into an already-written header in a file.\n * The auth tag sits at a fixed offset after magic(4) + version(1) + salt(32) + iv(12).\n */\nexport const AUTH_TAG_OFFSET = 4 + 1 + SALT_LENGTH + IV_LENGTH;\n","import path from \"node:path\";\n\n// Lightweight extension → MIME map (no external deps)\nconst MIME_MAP: Record<string, string> = {\n // Video\n mp4: \"video/mp4\",\n mkv: \"video/x-matroska\",\n avi: \"video/x-msvideo\",\n mov: \"video/quicktime\",\n webm: \"video/webm\",\n // Audio\n mp3: \"audio/mpeg\",\n wav: \"audio/wav\",\n flac: \"audio/flac\",\n aac: \"audio/aac\",\n ogg: \"audio/ogg\",\n // Images\n jpg: \"image/jpeg\",\n jpeg: \"image/jpeg\",\n png: \"image/png\",\n gif: \"image/gif\",\n webp: \"image/webp\",\n svg: \"image/svg+xml\",\n // Documents\n pdf: \"application/pdf\",\n doc: \"application/msword\",\n docx: \"application/vnd.openxmlformats-officedocument.wordprocessingml.document\",\n xls: \"application/vnd.ms-excel\",\n xlsx: \"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet\",\n ppt: \"application/vnd.ms-powerpoint\",\n pptx: \"application/vnd.openxmlformats-officedocument.presentationml.presentation\",\n // Archives\n zip: \"application/zip\",\n tar: \"application/x-tar\",\n gz: \"application/gzip\",\n \"7z\": \"application/x-7z-compressed\",\n rar: \"application/vnd.rar\",\n // Text / code\n txt: \"text/plain\",\n json: \"application/json\",\n xml: \"application/xml\",\n html: \"text/html\",\n css: \"text/css\",\n js: \"application/javascript\",\n ts: \"application/typescript\",\n // Executables / binaries\n exe: \"application/x-msdownload\",\n dmg: \"application/x-apple-diskimage\",\n iso: \"application/x-iso9660-image\",\n};\n\nexport function getMimeType(filePath: string): string {\n const ext = path.extname(filePath).replace(\".\", \"\").toLowerCase();\n return MIME_MAP[ext] ?? \"application/octet-stream\";\n}\n","import { Transform, type TransformCallback } from \"node:stream\";\n\n/**\n * A passthrough Transform stream that tracks bytes flowing through it\n * and calls onProgress(bytesProcessed, total).\n */\nexport function createProgressStream(\n total: number,\n onProgress: (bytesProcessed: number, total: number) => void,\n): Transform {\n let processed = 0;\n\n return new Transform({\n transform(\n chunk: Buffer,\n _encoding: BufferEncoding,\n callback: TransformCallback,\n ) {\n processed += chunk.length;\n onProgress(processed, total);\n callback(null, chunk);\n },\n });\n}\n","import { createCipheriv } from \"node:crypto\";\nimport { createReadStream, createWriteStream, promises as fsp } from \"node:fs\";\nimport { pipeline } from \"node:stream/promises\";\nimport { Transform } from \"node:stream\";\nimport path from \"node:path\";\nimport {\n ALGORITHM,\n IV_LENGTH,\n FILE_EXTENSION,\n AUTH_TAG_LENGTH,\n} from \"@/crypto/constants\";\nimport { generateSalt, generateIV, deriveKey } from \"@/crypto/keys\";\nimport {\n serializeHeader,\n AUTH_TAG_OFFSET,\n type FileMetadata,\n} from \"@/crypto/header\";\nimport { getMimeType } from \"@/utils/mime\";\nimport { createProgressStream } from \"@/utils/progress\";\n\nexport interface EncryptOptions {\n inputPath: string;\n password: string;\n outputPath?: string;\n onProgress?: (bytesProcessed: number, total: number) => void;\n}\n\nexport interface EncryptResult {\n outputPath: string;\n originalSize: number;\n}\n\nexport async function encryptFile(\n opts: EncryptOptions,\n): Promise<EncryptResult> {\n const { inputPath, password } = opts;\n\n // Stat the input file\n const stat = await fsp.stat(inputPath);\n const originalSize = stat.size;\n const originalName = path.basename(inputPath);\n const mime = getMimeType(inputPath);\n\n // Derive key\n const salt = generateSalt();\n const iv = generateIV(IV_LENGTH);\n const key = await deriveKey(password, salt);\n\n // Build metadata\n const metadata: FileMetadata = {\n name: originalName,\n mime,\n size: originalSize,\n };\n\n // Write placeholder header (auth tag = 16 zero bytes, patched later)\n const headerBuf = serializeHeader(salt, iv, metadata);\n\n // Output path\n const outputPath = opts.outputPath ?? inputPath + FILE_EXTENSION;\n const writeStream = createWriteStream(outputPath);\n\n // Write header first\n await new Promise<void>((resolve, reject) => {\n writeStream.write(headerBuf, (err) => (err ? reject(err) : resolve()));\n });\n\n // Create cipher\n const cipher = createCipheriv(ALGORITHM, key, iv);\n\n // Stream: input → [progress] → cipher → output\n const readStream = createReadStream(inputPath);\n const progressStream = opts.onProgress\n ? createProgressStream(originalSize, opts.onProgress)\n : null;\n\n const source = progressStream ? readStream.pipe(progressStream) : readStream;\n\n await pipeline(source as NodeJS.ReadableStream, cipher, writeStream);\n\n // Retrieve and patch auth tag back into the file header\n const authTag = cipher.getAuthTag();\n const fd = await fsp.open(outputPath, \"r+\");\n try {\n await fd.write(authTag, 0, AUTH_TAG_LENGTH, AUTH_TAG_OFFSET);\n } finally {\n await fd.close();\n }\n\n return { outputPath, originalSize };\n}\n","/**\n * Format bytes into a human-readable string.\n */\nexport function formatBytes(bytes: number): string {\n if (bytes === 0) return \"0 B\";\n const units = [\"B\", \"KB\", \"MB\", \"GB\", \"TB\"];\n const i = Math.floor(Math.log(bytes) / Math.log(1024));\n const value = bytes / Math.pow(1024, i);\n return `${value.toFixed(i === 0 ? 0 : 2)} ${units[i]}`;\n}\n\n/**\n * Format milliseconds into a human-readable duration.\n */\nexport function formatDuration(ms: number): string {\n if (ms < 1000) return `${ms}ms`;\n const s = ms / 1000;\n if (s < 60) return `${s.toFixed(1)}s`;\n const m = Math.floor(s / 60);\n const rem = (s % 60).toFixed(0).padStart(2, \"0\");\n return `${m}m ${rem}s`;\n}\n","import chalk from \"chalk\";\nimport cliProgress from \"cli-progress\";\nimport { formatBytes } from \"@/utils/format\";\n\nexport const ui = {\n info: (msg: string) => console.log(chalk.cyan(\"ℹ\"), msg),\n success: (msg: string) => console.log(chalk.green(\"✔\"), msg),\n error: (msg: string) => console.error(chalk.red(\"✖\"), chalk.red(msg)),\n warn: (msg: string) => console.warn(chalk.yellow(\"⚠\"), chalk.yellow(msg)),\n dim: (msg: string) => console.log(chalk.dim(msg)),\n};\n\nexport function createProgressBar(label: string) {\n const bar = new cliProgress.SingleBar(\n {\n format:\n `${chalk.cyan(label)} ${chalk.cyan(\"{bar}\")} {percentage}%` +\n ` | {value_fmt} / {total_fmt} | ETA: {eta}s`,\n barCompleteChar: \"█\",\n barIncompleteChar: \"░\",\n hideCursor: true,\n clearOnComplete: false,\n stopOnComplete: true,\n },\n cliProgress.Presets.shades_classic,\n );\n\n return {\n start(total: number) {\n bar.start(total, 0, {\n value_fmt: formatBytes(0),\n total_fmt: formatBytes(total),\n });\n },\n update(value: number, total: number) {\n bar.update(value, {\n value_fmt: formatBytes(value),\n total_fmt: formatBytes(total),\n });\n },\n stop() {\n bar.stop();\n },\n };\n}\n","import { existsSync } from \"node:fs\";\nimport path from \"node:path\";\nimport chalk from \"chalk\";\nimport { encryptFile } from \"@/crypto/encrypt\";\nimport { FILE_EXTENSION } from \"@/crypto/constants\";\nimport { ui, createProgressBar } from \"@/cli/ui\";\nimport { formatBytes, formatDuration } from \"@/utils/format\";\n\nexport interface EncryptCommandOptions {\n key: string;\n output?: string;\n}\n\nexport async function runEncrypt(\n filePath: string,\n opts: EncryptCommandOptions,\n): Promise<void> {\n const inputPath = path.resolve(filePath);\n\n if (!existsSync(inputPath)) {\n ui.error(`File not found: ${filePath}`);\n process.exit(1);\n }\n\n if (inputPath.endsWith(FILE_EXTENSION)) {\n ui.warn(\n \"Input file already has .enc-x extension — it may already be encrypted.\",\n );\n }\n\n const outputPath = opts.output ?? inputPath + FILE_EXTENSION;\n\n ui.info(`Encrypting ${chalk.bold(path.basename(inputPath))}`);\n ui.dim(` Output : ${outputPath}`);\n ui.dim(` Cipher : AES-256-GCM | KDF: PBKDF2-SHA512 (100,000 iterations)`);\n\n const bar = createProgressBar(\"Encrypting\");\n let barStarted = false;\n const start = Date.now();\n\n try {\n const result = await encryptFile({\n inputPath,\n password: opts.key,\n outputPath,\n onProgress(processed, total) {\n if (!barStarted) {\n bar.start(total);\n barStarted = true;\n }\n bar.update(processed, total);\n },\n });\n\n if (barStarted) bar.stop();\n\n const elapsed = Date.now() - start;\n ui.success(\n `Done in ${formatDuration(elapsed)} — ` +\n `${chalk.bold(path.basename(result.outputPath))} ` +\n `(${formatBytes(result.originalSize)})`,\n );\n } catch (err: unknown) {\n if (barStarted) bar.stop();\n const msg = err instanceof Error ? err.message : String(err);\n ui.error(`Encryption failed: ${msg}`);\n process.exit(1);\n }\n}\n","import { createDecipheriv } from \"node:crypto\";\nimport { createReadStream, createWriteStream, promises as fsp } from \"node:fs\";\nimport { pipeline } from \"node:stream/promises\";\nimport { PassThrough } from \"node:stream\";\nimport path from \"node:path\";\nimport { ALGORITHM } from \"@/crypto/constants\";\nimport { deriveKey } from \"@/crypto/keys\";\nimport { parseHeader } from \"@/crypto/header\";\nimport { createProgressStream } from \"@/utils/progress\";\n\nexport interface DecryptOptions {\n inputPath: string;\n password: string;\n outputPath?: string;\n onProgress?: (bytesProcessed: number, total: number) => void;\n}\n\nexport interface DecryptResult {\n outputPath: string;\n originalName: string;\n}\n\n// How many bytes to read upfront to parse the header\n// Max header = fixed(67) + 2(len) + 65535(max JSON) — in practice ~200 bytes\nconst HEADER_READ_LIMIT = 4096;\n\nexport async function decryptFile(\n opts: DecryptOptions,\n): Promise<DecryptResult> {\n const { inputPath, password } = opts;\n\n const stat = await fsp.stat(inputPath);\n const totalSize = stat.size;\n\n // Read enough bytes to parse the header\n const fd = await fsp.open(inputPath, \"r\");\n const headerBuf = Buffer.alloc(HEADER_READ_LIMIT);\n const { bytesRead } = await fd.read(headerBuf, 0, HEADER_READ_LIMIT, 0);\n await fd.close();\n\n const header = parseHeader(headerBuf.subarray(0, bytesRead));\n const { salt, iv, authTag, metadata, totalSize: headerSize } = header;\n\n // Derive key from password + salt stored in file\n const key = await deriveKey(password, salt);\n\n // Determine output path\n const outputDir = path.dirname(inputPath);\n const outputPath = opts.outputPath ?? path.join(outputDir, metadata.name);\n\n // Create decipher and set auth tag\n const decipher = createDecipheriv(ALGORITHM, key, iv);\n decipher.setAuthTag(authTag);\n\n // Stream ciphertext (skip header bytes) → decipher → output file\n const ciphertextSize = totalSize - headerSize;\n const readStream = createReadStream(inputPath, { start: headerSize });\n\n const progressStream = opts.onProgress\n ? createProgressStream(ciphertextSize, opts.onProgress)\n : null;\n\n const writeStream = createWriteStream(outputPath);\n\n const source = progressStream ? readStream.pipe(progressStream) : readStream;\n\n try {\n await pipeline(source as NodeJS.ReadableStream, decipher, writeStream);\n } catch (err: unknown) {\n // Clean up partial output on auth failure\n await fsp.unlink(outputPath).catch(() => {});\n\n const msg = err instanceof Error ? err.message : String(err);\n if (\n msg.includes(\"Unsupported state\") ||\n msg.includes(\"bad decrypt\") ||\n msg.includes(\"auth\") ||\n msg.includes(\"ERR_CRYPTO\")\n ) {\n throw new Error(\"Invalid password or corrupted file\");\n }\n throw err;\n }\n\n return { outputPath, originalName: metadata.name };\n}\n","import { existsSync } from \"node:fs\";\nimport path from \"node:path\";\nimport chalk from \"chalk\";\nimport { decryptFile } from \"@/crypto/decrypt\";\nimport { FILE_EXTENSION } from \"@/crypto/constants\";\nimport { ui, createProgressBar } from \"@/cli/ui\";\nimport { formatDuration } from \"@/utils/format\";\n\nexport interface DecryptCommandOptions {\n key: string;\n output?: string;\n}\n\nexport async function runDecrypt(\n filePath: string,\n opts: DecryptCommandOptions,\n): Promise<void> {\n const inputPath = path.resolve(filePath);\n\n if (!existsSync(inputPath)) {\n ui.error(`File not found: ${filePath}`);\n process.exit(1);\n }\n\n if (!inputPath.endsWith(FILE_EXTENSION)) {\n ui.warn(\n `File does not have a ${FILE_EXTENSION} extension — it may not be an encrypted file.`,\n );\n }\n\n ui.info(`Decrypting ${chalk.bold(path.basename(inputPath))}`);\n\n const bar = createProgressBar(\"Decrypting\");\n let barStarted = false;\n const start = Date.now();\n\n try {\n const result = await decryptFile({\n inputPath,\n password: opts.key,\n outputPath: opts.output,\n onProgress(processed, total) {\n if (!barStarted) {\n bar.start(total);\n barStarted = true;\n }\n bar.update(processed, total);\n },\n });\n\n if (barStarted) bar.stop();\n\n const elapsed = Date.now() - start;\n ui.success(\n `Done in ${formatDuration(elapsed)} — ` +\n `restored ${chalk.bold(result.originalName)}`,\n );\n ui.dim(` Output : ${result.outputPath}`);\n } catch (err: unknown) {\n if (barStarted) bar.stop();\n const msg = err instanceof Error ? err.message : String(err);\n\n if (msg === \"Invalid password or corrupted file\") {\n ui.error(\"Invalid password or corrupted file\");\n } else {\n ui.error(`Decryption failed: ${msg}`);\n }\n process.exit(1);\n }\n}\n","import { Command } from \"commander\";\nimport chalk from \"chalk\";\nimport { runEncrypt } from \"@/cli/commands/encrypt\";\nimport { runDecrypt } from \"@/cli/commands/decrypt\";\nimport { FILE_EXTENSION } from \"@/crypto/constants\";\n\nconst program = new Command();\n\nprogram\n .name(\"enc-x\")\n .description(\n chalk.cyan(\"enc-x\") + \" — secure AES-256-GCM file encryption & decryption\",\n )\n .version(\"1.1.1\", \"-v, --version\")\n .argument(\"<file>\", \"file to encrypt or decrypt (auto-detected by extension)\")\n .requiredOption(\"-k, --key <password>\", \"password\")\n .option(\"-o, --output <path>\", \"custom output path\")\n .action(async (file: string, opts: { key: string; output?: string }) => {\n if (file.endsWith(FILE_EXTENSION)) {\n await runDecrypt(file, opts);\n } else {\n await runEncrypt(file, opts);\n }\n });\n\nprogram.parse(process.argv);\n"]}

package/package.json ADDED Viewed

@@ -0,0 +1,32 @@
+{
+  "name": "enc-x",
+  "version": "1.1.1",
+  "description": "Secure AES-256-GCM file encryption & decryption CLI",
+  "bin": {
+    "enc-x": "dist/index.js"
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsup --watch",
+    "typecheck": "tsc --noEmit",
+    "test": "jest --runInBand",
+    "test:coverage": "jest --runInBand --coverage"
+  },
+  "dependencies": {
+    "chalk": "5.6.2",
+    "cli-progress": "3.12.0",
+    "commander": "14.0.3"
+  },
+  "devDependencies": {
+    "@types/cli-progress": "3.11.6",
+    "@types/jest": "^30.0.0",
+    "@types/node": "22.15.3",
+    "jest": "^30.3.0",
+    "ts-jest": "^29.4.9",
+    "tsup": "8.5.1",
+    "typescript": "6.0.2"
+  }
+}