meche-dom 0.1.10 → 0.1.11

package/README.md

@@ -10,7 +10,7 @@ At its core, meche-dom handles the complexity of secure file processing so that
 
 ## Security
 
-Security is central to how meche-dom operates. Files are processed using industry-standard authenticated encryption, ensuring that both the confidentiality and integrity of your data are preserved at every step. Access is governed by a two-factor credential model, requiring both a license key and a salt key to be present before any processing can occur. Neither credential is embedded in the package or derived from publicly available information.
+Security is central to how meche-dom operates. Files are processed using industry-standard authenticated encryption, ensuring that both the confidentiality and integrity of your data are preserved at every step. Access is governed by a two-factor credential model, requiring valid credentials to be present before any processing can occur. Neither credential is embedded in the package or derived from publicly available information.
 
 - All cryptographic operations run entirely on-device
 - Credentials are read from environment variables and never stored by the package
@@ -20,7 +20,7 @@ Security is central to how meche-dom operates. Files are processed using industr
 ## Requirements
 
 - Node.js 18 or higher
-- A valid `LICENSE_KEY` and `SALT_KEY`, provided separately upon licensing
+- Valid credentials, provided separately upon licensing
 
 ## Installation
 
@@ -30,13 +30,7 @@ npm install meche-dom
 
 ## Configuration
 
-Add your credentials to a `.env` file in your project root:
-
-```env
-LICENSE_KEY=your-license-key
-SALT_KEY=your-salt-key
-```
-
+Credentials are provided separately upon licensing.
 Ensure this file is listed in your `.gitignore` and is never committed to version control.
 
 ## Usage
@@ -51,7 +45,7 @@ Processed output will be written to an `output/` directory relative to your work
 
 ## Notes
 
-- Both `LICENSE_KEY` and `SALT_KEY` are required — the process will exit with a descriptive error if either is missing
+- Credentials are required — the process will exit with an error if either is missing or incorrect
 - Credentials should be treated as secrets and rotated if there is any risk of exposure
 
 ## License

package/dist/decrypt.js

@@ -1,4 +1,4 @@
 #!/usr/bin/env node
-"use strict";var O=(e,r)=>()=>(r||e((r={exports:{}}).exports,r),r.exports);var V=O((ue,F)=>{F.exports={name:"dotenv",version:"17.3.1",description:"Loads environment variables from .env file",main:"lib/main.js",types:"lib/main.d.ts",exports:{".":{types:"./lib/main.d.ts",require:"./lib/main.js",default:"./lib/main.js"},"./config":"./config.js","./config.js":"./config.js","./lib/env-options":"./lib/env-options.js","./lib/env-options.js":"./lib/env-options.js","./lib/cli-options":"./lib/cli-options.js","./lib/cli-options.js":"./lib/cli-options.js","./package.json":"./package.json"},scripts:{"dts-check":"tsc --project tests/types/tsconfig.json",lint:"standard",pretest:"npm run lint && npm run dts-check",test:"tap run tests/**/*.js --allow-empty-coverage --disable-coverage --timeout=60000","test:coverage":"tap run tests/**/*.js --show-full-coverage --timeout=60000 --coverage-report=text --coverage-report=lcov",prerelease:"npm test",release:"standard-version"},repository:{type:"git",url:"git://github.com/motdotla/dotenv.git"},homepage:"https://github.com/motdotla/dotenv#readme",funding:"https://dotenvx.com",keywords:["dotenv","env",".env","environment","variables","config","settings"],readmeFilename:"README.md",license:"BSD-2-Clause",devDependencies:{"@types/node":"^18.11.3",decache:"^4.6.2",sinon:"^14.0.1",standard:"^17.0.0","standard-version":"^9.5.0",tap:"^19.2.0",typescript:"^4.8.4"},engines:{node:">=12"},browser:{fs:!1}}});var Y=O((de,p)=>{var D=require("fs"),y=require("path"),P=require("os"),U=require("crypto"),G=V(),T=G.version,x=["\u{1F510} encrypt with Dotenvx: https://dotenvx.com","\u{1F510} prevent committing .env to code: https://dotenvx.com/precommit","\u{1F510} prevent building .env in docker: https://dotenvx.com/prebuild","\u{1F916} agentic secret storage: https://dotenvx.com/as2","\u26A1\uFE0F secrets for agents: https://dotenvx.com/as2","\u{1F6E1}\uFE0F auth for agents: https://vestauth.com","\u{1F6E0}\uFE0F  run anywhere with `dotenvx run -- yourcommand`","\u2699\uFE0F  specify custom .env file path with { path: '/custom/path/.env' }","\u2699\uFE0F  enable debug logging with { debug: true }","\u2699\uFE0F  override existing env vars with { override: true }","\u2699\uFE0F  suppress all logs with { quiet: true }","\u2699\uFE0F  write to custom object with { processEnv: myObject }","\u2699\uFE0F  load multiple .env files with { path: ['.env.local', '.env'] }"];function q(){return x[Math.floor(Math.random()*x.length)]}function v(e){return typeof e=="string"?!["false","0","no","off",""].includes(e.toLowerCase()):!!e}function B(){return process.stdout.isTTY}function M(e){return B()?`\x1B[2m${e}\x1B[0m`:e}var Q=/(?:^|^)\s*(?:export\s+)?([\w.-]+)(?:\s*=\s*?|:\s+?)(\s*'(?:\\'|[^'])*'|\s*"(?:\\"|[^"])*"|\s*`(?:\\`|[^`])*`|[^#\r\n]+)?\s*(?:#.*)?(?:$|$)/mg;function W(e){let r={},n=e.toString();n=n.replace(/\r\n?/mg,`
-`);let o;for(;(o=Q.exec(n))!=null;){let s=o[1],c=o[2]||"";c=c.trim();let t=c[0];c=c.replace(/^(['"`])([\s\S]*)\1$/mg,"$2"),t==='"'&&(c=c.replace(/\\n/g,`
-`),c=c.replace(/\\r/g,"\r")),r[s]=c}return r}function H(e){e=e||{};let r=$(e);e.path=r;let n=a.configDotenv(e);if(!n.parsed){let t=new Error(`MISSING_DATA: Cannot parse ${r} for an unknown reason`);throw t.code="MISSING_DATA",t}let o=L(e).split(","),s=o.length,c;for(let t=0;t<s;t++)try{let i=o[t].trim(),u=z(n,i);c=a.decrypt(u.ciphertext,u.key);break}catch(i){if(t+1>=s)throw i}return a.parse(c)}function J(e){console.error(`[dotenv@${T}][WARN] ${e}`)}function g(e){console.log(`[dotenv@${T}][DEBUG] ${e}`)}function A(e){console.log(`[dotenv@${T}] ${e}`)}function L(e){return e&&e.DOTENV_KEY&&e.DOTENV_KEY.length>0?e.DOTENV_KEY:process.env.DOTENV_KEY&&process.env.DOTENV_KEY.length>0?process.env.DOTENV_KEY:""}function z(e,r){let n;try{n=new URL(r)}catch(i){if(i.code==="ERR_INVALID_URL"){let u=new Error("INVALID_DOTENV_KEY: Wrong format. Must be in valid uri format like dotenv://:key_1234@dotenvx.com/vault/.env.vault?environment=development");throw u.code="INVALID_DOTENV_KEY",u}throw i}let o=n.password;if(!o){let i=new Error("INVALID_DOTENV_KEY: Missing key part");throw i.code="INVALID_DOTENV_KEY",i}let s=n.searchParams.get("environment");if(!s){let i=new Error("INVALID_DOTENV_KEY: Missing environment part");throw i.code="INVALID_DOTENV_KEY",i}let c=`DOTENV_VAULT_${s.toUpperCase()}`,t=e.parsed[c];if(!t){let i=new Error(`NOT_FOUND_DOTENV_ENVIRONMENT: Cannot locate environment ${c} in your .env.vault file.`);throw i.code="NOT_FOUND_DOTENV_ENVIRONMENT",i}return{ciphertext:t,key:o}}function $(e){let r=null;if(e&&e.path&&e.path.length>0)if(Array.isArray(e.path))for(let n of e.path)D.existsSync(n)&&(r=n.endsWith(".vault")?n:`${n}.vault`);else r=e.path.endsWith(".vault")?e.path:`${e.path}.vault`;else r=y.resolve(process.cwd(),".env.vault");return D.existsSync(r)?r:null}function S(e){return e[0]==="~"?y.join(P.homedir(),e.slice(1)):e}function X(e){let r=v(process.env.DOTENV_CONFIG_DEBUG||e&&e.debug),n=v(process.env.DOTENV_CONFIG_QUIET||e&&e.quiet);(r||!n)&&A("Loading env from encrypted .env.vault");let o=a._parseVault(e),s=process.env;return e&&e.processEnv!=null&&(s=e.processEnv),a.populate(s,o,e),{parsed:o}}function Z(e){let r=y.resolve(process.cwd(),".env"),n="utf8",o=process.env;e&&e.processEnv!=null&&(o=e.processEnv);let s=v(o.DOTENV_CONFIG_DEBUG||e&&e.debug),c=v(o.DOTENV_CONFIG_QUIET||e&&e.quiet);e&&e.encoding?n=e.encoding:s&&g("No encoding is specified. UTF-8 is used by default");let t=[r];if(e&&e.path)if(!Array.isArray(e.path))t=[S(e.path)];else{t=[];for(let l of e.path)t.push(S(l))}let i,u={};for(let l of t)try{let d=a.parse(D.readFileSync(l,{encoding:n}));a.populate(u,d,e)}catch(d){s&&g(`Failed to load ${l} ${d.message}`),i=d}let m=a.populate(o,u,e);if(s=v(o.DOTENV_CONFIG_DEBUG||s),c=v(o.DOTENV_CONFIG_QUIET||c),s||!c){let l=Object.keys(m).length,d=[];for(let I of t)try{let E=y.relative(process.cwd(),I);d.push(E)}catch(E){s&&g(`Failed to load ${I} ${E.message}`),i=E}A(`injecting env (${l}) from ${d.join(",")} ${M(`-- tip: ${q()}`)}`)}return i?{parsed:u,error:i}:{parsed:u}}function ee(e){if(L(e).length===0)return a.configDotenv(e);let r=$(e);return r?a._configVault(e):(J(`You set DOTENV_KEY but you are missing a .env.vault file at ${r}. Did you forget to build it?`),a.configDotenv(e))}function te(e,r){let n=Buffer.from(r.slice(-64),"hex"),o=Buffer.from(e,"base64"),s=o.subarray(0,12),c=o.subarray(-16);o=o.subarray(12,-16);try{let t=U.createDecipheriv("aes-256-gcm",n,s);return t.setAuthTag(c),`${t.update(o)}${t.final()}`}catch(t){let i=t instanceof RangeError,u=t.message==="Invalid key length",m=t.message==="Unsupported state or unable to authenticate data";if(i||u){let l=new Error("INVALID_DOTENV_KEY: It must be 64 characters long (or more)");throw l.code="INVALID_DOTENV_KEY",l}else if(m){let l=new Error("DECRYPTION_FAILED: Please check your DOTENV_KEY");throw l.code="DECRYPTION_FAILED",l}else throw t}}function re(e,r,n={}){let o=!!(n&&n.debug),s=!!(n&&n.override),c={};if(typeof r!="object"){let t=new Error("OBJECT_REQUIRED: Please check the processEnv argument being passed to populate");throw t.code="OBJECT_REQUIRED",t}for(let t of Object.keys(r))Object.prototype.hasOwnProperty.call(e,t)?(s===!0&&(e[t]=r[t],c[t]=r[t]),o&&g(s===!0?`"${t}" is already defined and WAS overwritten`:`"${t}" is already defined and was NOT overwritten`)):(e[t]=r[t],c[t]=r[t]);return c}var a={configDotenv:Z,_configVault:X,_parseVault:H,config:ee,decrypt:te,parse:W,populate:re};p.exports.configDotenv=a.configDotenv;p.exports._configVault=a._configVault;p.exports._parseVault=a._parseVault;p.exports.config=a.config;p.exports.decrypt=a.decrypt;p.exports.parse=a.parse;p.exports.populate=a.populate;p.exports=a});Y().config();var j=require("crypto"),h=require("fs"),f=require("path"),ne=1,oe=2**14,se=8,ce=1,ie=32,_=12,k=16,K=process.env.LICENSE_KEY;K||(console.error(""),console.error("  meche-dom: LICENSE_KEY is not set."),console.error(`  Looked for .env in: ${process.cwd()}`),console.error("  Run this command from the directory that contains your .env file,"),console.error("  or set the variable directly in the environment:"),console.error(""),console.error("    LICENSE_KEY=your-key SALT_KEY=your-salt npx meche-dom"),console.error(""),process.exit(1));var R=process.env.SALT_KEY;R||(console.error(""),console.error("  meche-dom: SALT_KEY is not set."),console.error(`  Looked for .env in: ${process.cwd()}`),console.error("  Run this command from the directory that contains your .env file,"),console.error("  or set the variable directly in the environment:"),console.error(""),console.error("    LICENSE_KEY=your-key SALT_KEY=your-salt npx meche-dom"),console.error(""),process.exit(1));var b=f.join(__dirname,"..","encrypted");h.existsSync(b)||(console.error("Error: encrypted/ directory not found."),process.exit(1));function ae(e,r){let n=h.readFileSync(e),o=n.readUInt8(0);o!==ne&&(console.error(`  meche-dom: unsupported file version ${o} in ${f.basename(e)}.`),console.error("  This file may have been encrypted with a newer version of meche-dom."),process.exit(1));let s=n.readUInt32BE(1),c=n.slice(5,5+s),t=n.slice(5+s,5+s+_),i=n.slice(5+s+_,5+s+_+k),u=n.slice(5+s+_+k),m=j.scryptSync(K+R,c,ie,{N:oe,r:se,p:ce}),l;try{let d=j.createDecipheriv("aes-256-gcm",m,t);d.setAuthTag(i),l=Buffer.concat([d.update(u),d.final()])}catch{console.error(""),console.error("  meche-dom: Decryption failed \u2014 LICENSE_KEY or SALT_KEY is incorrect,"),console.error("  or the file has been tampered with."),console.error(""),process.exit(1)}h.writeFileSync(r,l)}function C(e,r=e){let n=[];for(let o of h.readdirSync(e,{withFileTypes:!0})){let s=f.join(e,o.name);o.isDirectory()?n.push(...C(s,r)):o.name.endsWith(".enc")&&n.push(f.relative(r,s))}return n}var w=C(b);w.length===0&&(console.warn("meche-dom: no encrypted files found in encrypted/"),process.exit(0));var N=f.join(process.cwd(),"output");h.existsSync(N)&&h.rmSync(N,{recursive:!0});h.mkdirSync(N);for(let e of w){let r=f.join(b,e),n=f.join(N,e.replace(/\.enc$/,""));h.mkdirSync(f.dirname(n),{recursive:!0}),ae(r,n)}console.log(`meche-dom: decrypted ${w.length} file(s) to ./output/`);
+"use strict";var I=(e,n)=>()=>(n||e((n={exports:{}}).exports,n),n.exports);var V=I((ue,P)=>{P.exports={name:"dotenv",version:"17.3.1",description:"Loads environment variables from .env file",main:"lib/main.js",types:"lib/main.d.ts",exports:{".":{types:"./lib/main.d.ts",require:"./lib/main.js",default:"./lib/main.js"},"./config":"./config.js","./config.js":"./config.js","./lib/env-options":"./lib/env-options.js","./lib/env-options.js":"./lib/env-options.js","./lib/cli-options":"./lib/cli-options.js","./lib/cli-options.js":"./lib/cli-options.js","./package.json":"./package.json"},scripts:{"dts-check":"tsc --project tests/types/tsconfig.json",lint:"standard",pretest:"npm run lint && npm run dts-check",test:"tap run tests/**/*.js --allow-empty-coverage --disable-coverage --timeout=60000","test:coverage":"tap run tests/**/*.js --show-full-coverage --timeout=60000 --coverage-report=text --coverage-report=lcov",prerelease:"npm test",release:"standard-version"},repository:{type:"git",url:"git://github.com/motdotla/dotenv.git"},homepage:"https://github.com/motdotla/dotenv#readme",funding:"https://dotenvx.com",keywords:["dotenv","env",".env","environment","variables","config","settings"],readmeFilename:"README.md",license:"BSD-2-Clause",devDependencies:{"@types/node":"^18.11.3",decache:"^4.6.2",sinon:"^14.0.1",standard:"^17.0.0","standard-version":"^9.5.0",tap:"^19.2.0",typescript:"^4.8.4"},engines:{node:">=12"},browser:{fs:!1}}});var S=I((de,p)=>{var N=require("fs"),y=require("path"),U=require("os"),C=require("crypto"),G=V(),T=G.version,x=["\u{1F510} encrypt with Dotenvx: https://dotenvx.com","\u{1F510} prevent committing .env to code: https://dotenvx.com/precommit","\u{1F510} prevent building .env in docker: https://dotenvx.com/prebuild","\u{1F916} agentic secret storage: https://dotenvx.com/as2","\u26A1\uFE0F secrets for agents: https://dotenvx.com/as2","\u{1F6E1}\uFE0F auth for agents: https://vestauth.com","\u{1F6E0}\uFE0F  run anywhere with `dotenvx run -- yourcommand`","\u2699\uFE0F  specify custom .env file path with { path: '/custom/path/.env' }","\u2699\uFE0F  enable debug logging with { debug: true }","\u2699\uFE0F  override existing env vars with { override: true }","\u2699\uFE0F  suppress all logs with { quiet: true }","\u2699\uFE0F  write to custom object with { processEnv: myObject }","\u2699\uFE0F  load multiple .env files with { path: ['.env.local', '.env'] }"];function q(){return x[Math.floor(Math.random()*x.length)]}function v(e){return typeof e=="string"?!["false","0","no","off",""].includes(e.toLowerCase()):!!e}function B(){return process.stdout.isTTY}function M(e){return B()?`\x1B[2m${e}\x1B[0m`:e}var Q=/(?:^|^)\s*(?:export\s+)?([\w.-]+)(?:\s*=\s*?|:\s+?)(\s*'(?:\\'|[^'])*'|\s*"(?:\\"|[^"])*"|\s*`(?:\\`|[^`])*`|[^#\r\n]+)?\s*(?:#.*)?(?:$|$)/mg;function W(e){let n={},r=e.toString();r=r.replace(/\r\n?/mg,`
+`);let o;for(;(o=Q.exec(r))!=null;){let s=o[1],c=o[2]||"";c=c.trim();let t=c[0];c=c.replace(/^(['"`])([\s\S]*)\1$/mg,"$2"),t==='"'&&(c=c.replace(/\\n/g,`
+`),c=c.replace(/\\r/g,"\r")),n[s]=c}return n}function H(e){e=e||{};let n=k(e);e.path=n;let r=a.configDotenv(e);if(!r.parsed){let t=new Error(`MISSING_DATA: Cannot parse ${n} for an unknown reason`);throw t.code="MISSING_DATA",t}let o=A(e).split(","),s=o.length,c;for(let t=0;t<s;t++)try{let i=o[t].trim(),u=z(r,i);c=a.decrypt(u.ciphertext,u.key);break}catch(i){if(t+1>=s)throw i}return a.parse(c)}function J(e){console.error(`[dotenv@${T}][WARN] ${e}`)}function m(e){console.log(`[dotenv@${T}][DEBUG] ${e}`)}function $(e){console.log(`[dotenv@${T}] ${e}`)}function A(e){return e&&e.DOTENV_KEY&&e.DOTENV_KEY.length>0?e.DOTENV_KEY:process.env.DOTENV_KEY&&process.env.DOTENV_KEY.length>0?process.env.DOTENV_KEY:""}function z(e,n){let r;try{r=new URL(n)}catch(i){if(i.code==="ERR_INVALID_URL"){let u=new Error("INVALID_DOTENV_KEY: Wrong format. Must be in valid uri format like dotenv://:key_1234@dotenvx.com/vault/.env.vault?environment=development");throw u.code="INVALID_DOTENV_KEY",u}throw i}let o=r.password;if(!o){let i=new Error("INVALID_DOTENV_KEY: Missing key part");throw i.code="INVALID_DOTENV_KEY",i}let s=r.searchParams.get("environment");if(!s){let i=new Error("INVALID_DOTENV_KEY: Missing environment part");throw i.code="INVALID_DOTENV_KEY",i}let c=`DOTENV_VAULT_${s.toUpperCase()}`,t=e.parsed[c];if(!t){let i=new Error(`NOT_FOUND_DOTENV_ENVIRONMENT: Cannot locate environment ${c} in your .env.vault file.`);throw i.code="NOT_FOUND_DOTENV_ENVIRONMENT",i}return{ciphertext:t,key:o}}function k(e){let n=null;if(e&&e.path&&e.path.length>0)if(Array.isArray(e.path))for(let r of e.path)N.existsSync(r)&&(n=r.endsWith(".vault")?r:`${r}.vault`);else n=e.path.endsWith(".vault")?e.path:`${e.path}.vault`;else n=y.resolve(process.cwd(),".env.vault");return N.existsSync(n)?n:null}function j(e){return e[0]==="~"?y.join(U.homedir(),e.slice(1)):e}function X(e){let n=v(process.env.DOTENV_CONFIG_DEBUG||e&&e.debug),r=v(process.env.DOTENV_CONFIG_QUIET||e&&e.quiet);(n||!r)&&$("Loading env from encrypted .env.vault");let o=a._parseVault(e),s=process.env;return e&&e.processEnv!=null&&(s=e.processEnv),a.populate(s,o,e),{parsed:o}}function Z(e){let n=y.resolve(process.cwd(),".env"),r="utf8",o=process.env;e&&e.processEnv!=null&&(o=e.processEnv);let s=v(o.DOTENV_CONFIG_DEBUG||e&&e.debug),c=v(o.DOTENV_CONFIG_QUIET||e&&e.quiet);e&&e.encoding?r=e.encoding:s&&m("No encoding is specified. UTF-8 is used by default");let t=[n];if(e&&e.path)if(!Array.isArray(e.path))t=[j(e.path)];else{t=[];for(let l of e.path)t.push(j(l))}let i,u={};for(let l of t)try{let d=a.parse(N.readFileSync(l,{encoding:r}));a.populate(u,d,e)}catch(d){s&&m(`Failed to load ${l} ${d.message}`),i=d}let g=a.populate(o,u,e);if(s=v(o.DOTENV_CONFIG_DEBUG||s),c=v(o.DOTENV_CONFIG_QUIET||c),s||!c){let l=Object.keys(g).length,d=[];for(let O of t)try{let E=y.relative(process.cwd(),O);d.push(E)}catch(E){s&&m(`Failed to load ${O} ${E.message}`),i=E}$(`injecting env (${l}) from ${d.join(",")} ${M(`-- tip: ${q()}`)}`)}return i?{parsed:u,error:i}:{parsed:u}}function ee(e){if(A(e).length===0)return a.configDotenv(e);let n=k(e);return n?a._configVault(e):(J(`You set DOTENV_KEY but you are missing a .env.vault file at ${n}. Did you forget to build it?`),a.configDotenv(e))}function te(e,n){let r=Buffer.from(n.slice(-64),"hex"),o=Buffer.from(e,"base64"),s=o.subarray(0,12),c=o.subarray(-16);o=o.subarray(12,-16);try{let t=C.createDecipheriv("aes-256-gcm",r,s);return t.setAuthTag(c),`${t.update(o)}${t.final()}`}catch(t){let i=t instanceof RangeError,u=t.message==="Invalid key length",g=t.message==="Unsupported state or unable to authenticate data";if(i||u){let l=new Error("INVALID_DOTENV_KEY: It must be 64 characters long (or more)");throw l.code="INVALID_DOTENV_KEY",l}else if(g){let l=new Error("DECRYPTION_FAILED: Please check your DOTENV_KEY");throw l.code="DECRYPTION_FAILED",l}else throw t}}function ne(e,n,r={}){let o=!!(r&&r.debug),s=!!(r&&r.override),c={};if(typeof n!="object"){let t=new Error("OBJECT_REQUIRED: Please check the processEnv argument being passed to populate");throw t.code="OBJECT_REQUIRED",t}for(let t of Object.keys(n))Object.prototype.hasOwnProperty.call(e,t)?(s===!0&&(e[t]=n[t],c[t]=n[t]),o&&m(s===!0?`"${t}" is already defined and WAS overwritten`:`"${t}" is already defined and was NOT overwritten`)):(e[t]=n[t],c[t]=n[t]);return c}var a={configDotenv:Z,_configVault:X,_parseVault:H,config:ee,decrypt:te,parse:W,populate:ne};p.exports.configDotenv=a.configDotenv;p.exports._configVault=a._configVault;p.exports._parseVault=a._parseVault;p.exports.config=a.config;p.exports.decrypt=a.decrypt;p.exports.parse=a.parse;p.exports.populate=a.populate;p.exports=a});S().config();var Y=require("crypto"),h=require("fs"),f=require("path"),re=1,oe=2**14,se=8,ce=1,ie=32,_=12,L=16,K=process.env.LICENSE_KEY;K||(console.error("  meche-dom: credentials not configured."),process.exit(1));var R=process.env.SALT_KEY;R||(console.error("  meche-dom: credentials not configured."),process.exit(1));var b=f.join(__dirname,"..","encrypted");h.existsSync(b)||(console.error("  meche-dom: error decrypting."),process.exit(1));function ae(e,n){let r=h.readFileSync(e),o=r.readUInt8(0);o!==re&&(console.error(`  meche-dom: unsupported file version ${o} in ${f.basename(e)}.`),console.error("  This file may have been encrypted with a newer version of meche-dom."),process.exit(1));let s=r.readUInt32BE(1),c=r.slice(5,5+s),t=r.slice(5+s,5+s+_),i=r.slice(5+s+_,5+s+_+L),u=r.slice(5+s+_+L),g=Y.scryptSync(K+R,c,ie,{N:oe,r:se,p:ce}),l;try{let d=Y.createDecipheriv("aes-256-gcm",g,t);d.setAuthTag(i),l=Buffer.concat([d.update(u),d.final()])}catch{console.error("  meche-dom: error decrypting."),process.exit(1)}h.writeFileSync(n,l)}function F(e,n=e){let r=[];for(let o of h.readdirSync(e,{withFileTypes:!0})){let s=f.join(e,o.name);o.isDirectory()?r.push(...F(s,n)):o.name.endsWith(".enc")&&r.push(f.relative(n,s))}return r}var w=F(b);w.length===0&&(console.warn("meche-dom: no encrypted files found in encrypted/"),process.exit(0));var D=f.join(process.cwd(),"output");h.existsSync(D)&&h.rmSync(D,{recursive:!0});h.mkdirSync(D);for(let e of w){let n=f.join(b,e),r=f.join(D,e.replace(/\.enc$/,""));h.mkdirSync(f.dirname(r),{recursive:!0}),ae(n,r)}console.log(`meche-dom: decrypted ${w.length} file(s) to ./output/`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "meche-dom",
-  "version": "0.1.10",
+  "version": "0.1.11",
   "description": "meche-dom",
   "author": "meche <meche@email.com>",
   "license": "ISC",