gatekeeper-cdr 0.4.0 → 0.4.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/README.md +42 -0
  2. package/gatekeeper.darwin-arm64.node +0 -0
  3. package/gatekeeper.darwin-x64.node +0 -0
  4. package/gatekeeper.linux-x64-gnu.node +0 -0
  5. package/gatekeeper.win32-x64-msvc.node +0 -0
  6. package/index.d.ts +19 -0
  7. package/index.js +2 -1
  8. package/package.json +6 -1
  9. package/test.js +0 -36
package/README.md ADDED
@@ -0,0 +1,42 @@
1
+ # Gatekeeper CDR (Node.js)
2
+
3
+ This package provides native Node.js bindings to the Gatekeeper CDR core, a zero-trust Content Disarm and Reconstruction engine. It sanitizes potentially malicious files by deeply inspecting and rebuilding them from raw pixel data, effectively stripping away any steganography, macros, or hidden exploits.
4
+
5
+ ## Installation
6
+
7
+ ```bash
8
+ npm install gatekeeper-cdr
9
+ ```
10
+
11
+ *(Note: Because this is a native Rust addon, pre-built binaries are downloaded automatically during installation for Linux, macOS, and Windows. You do not need Rust installed to use this package).*
12
+
13
+ ## Usage
14
+
15
+ ```javascript
16
+ const fs = require('fs');
17
+ const gatekeeper = require('gatekeeper-cdr');
18
+
19
+ // 1. Read a suspicious file
20
+ const rawPayload = fs.readFileSync('suspicious.jpg');
21
+
22
+ // 2. Detect the true format of the file without fully parsing it
23
+ try {
24
+ const format = gatekeeper.sniffFormat(rawPayload);
25
+ console.log(`Detected Format: ${format}`); // "Jpeg", "Png", etc.
26
+ } catch (err) {
27
+ console.error("Unknown or invalid format:", err);
28
+ }
29
+
30
+ // 3. Disarm the file (returns a clean Buffer)
31
+ try {
32
+ const cleanPayload = gatekeeper.disarm(rawPayload);
33
+ fs.writeFileSync('clean.png', cleanPayload);
34
+ console.log("File successfully sanitized and saved as clean.png!");
35
+ } catch (err) {
36
+ console.error("Failed to sanitize file:", err);
37
+ }
38
+ ```
39
+
40
+ ## Security
41
+
42
+ If the file is malformed, structurally invalid, or contains an unknown format, Gatekeeper will intentionally throw an error rather than attempting to process it. This default-deny stance ensures that only provably safe files make it into your application's storage.
package/gatekeeper.darwin-arm64.node CHANGED
Binary file
package/gatekeeper.darwin-x64.node CHANGED
Binary file
package/gatekeeper.linux-x64-gnu.node CHANGED
Binary file
package/gatekeeper.win32-x64-msvc.node CHANGED
Binary file
package/index.d.ts CHANGED
@@ -18,3 +18,22 @@ export interface NodeDisarmResult {
18
18
  * @param expectedFormat (Optional) Strict format hint (e.g. "pdf", "png"). Rejects if mismatch.
19
19
  */
20
20
  export declare function disarm(rawBuffer: Uint8Array, expectedFormat?: string | undefined | null): NodeDisarmResult
21
+ /**
22
+ * Async, non-blocking Content Disarm and Reconstruction pipeline.
23
+ *
24
+ * Returns a `Promise<NodeDisarmResult>` that resolves on a background
25
+ * thread pool, leaving the Node.js event loop completely free.
26
+ *
27
+ * @example
28
+ * ```js
29
+ * const { disarmAsync } = require('gatekeeper-cdr');
30
+ * const fs = require('fs');
31
+ *
32
+ * async function sanitize(path) {
33
+ * const input = fs.readFileSync(path);
34
+ * const result = await disarmAsync(input);
35
+ * return result.buffer; // clean, safe bytes
36
+ * }
37
+ * ```
38
+ */
39
+ export declare function disarmAsync(rawBuffer: Buffer): Promise<unknown>
package/index.js CHANGED
@@ -310,6 +310,7 @@ if (!nativeBinding) {
310
310
  throw new Error(`Failed to load native binding`)
311
311
  }
312
312
 
313
- const { disarm } = nativeBinding
313
+ const { disarm, disarmAsync } = nativeBinding
314
314
 
315
315
  module.exports.disarm = disarm
316
+ module.exports.disarmAsync = disarmAsync
package/package.json CHANGED
@@ -1,8 +1,13 @@
1
1
  {
2
2
  "name": "gatekeeper-cdr",
3
- "version": "0.4.0",
3
+ "version": "0.4.6",
4
4
  "description": "Zero-trust Content Disarm and Reconstruction native Node.js addon",
5
5
  "main": "index.js",
6
+ "files": [
7
+ "index.js",
8
+ "index.d.ts",
9
+ "*.node"
10
+ ],
6
11
  "napi": {
7
12
  "name": "gatekeeper"
8
13
  },
package/test.js DELETED
@@ -1,36 +0,0 @@
1
- const gatekeeper = require('./index.js');
2
- const fs = require('fs');
3
-
4
- console.log("Testing Gatekeeper CDR Node.js Bindings...\n");
5
-
6
- // 1. Test garbage bytes (Expect Exception)
7
- const garbage = Buffer.from("UNKNOWN_MAGIC_BYTES_123");
8
- try {
9
- gatekeeper.disarm(garbage, null);
10
- console.error("❌ FAILED: Should have rejected garbage bytes.");
11
- } catch (e) {
12
- console.log("✅ Passed: Caught expected error for garbage:");
13
- console.log(" ->", e.message);
14
- }
15
-
16
- // 2. Test FormatMismatch (Expect Exception)
17
- const pngSignature = Buffer.from([0x89, 0x50, 0x4E, 0x47, 0x0D, 0x0A, 0x1A, 0x0A, 0x00, 0x00, 0x00, 0x0D, 0x49, 0x48, 0x44, 0x52]);
18
- try {
19
- gatekeeper.disarm(pngSignature, "pdf");
20
- console.error("❌ FAILED: Should have rejected due to FormatMismatch.");
21
- } catch (e) {
22
- console.log("✅ Passed: Caught expected error for FormatMismatch:");
23
- console.log(" ->", e.message);
24
- }
25
-
26
- // 3. Test Minimal PDF (FFI check)
27
- const validPdf = Buffer.from("%PDF-1.4\nTrailer << /Root << >> >>\n%%EOF");
28
- try {
29
- const result = gatekeeper.disarm(validPdf, "pdf");
30
- console.log("✅ Passed: Sanitized PDF.");
31
- console.log(` -> Output Size: ${result.finalSizeBytes} bytes`);
32
- console.log(` -> Detected: ${result.detectedFormat}`);
33
- } catch (e) {
34
- console.log("✅ Passed FFI (Handled gracefully via CdrError):");
35
- console.log(" ->", e.message);
36
- }