obscr 0.2.1 → 1.0.0

package/bin/index.js

@@ -6,11 +6,12 @@ const { prompt } = require("inquirer");
 const ora = require("ora");
 const boxen = require("boxen");
 
-const { encrypt, decrypt } = require("./utils/crypto");
+// Shared core logic (reused by CLI and desktop UI)
+const { encrypt, decrypt } = require("../lib/crypto");
 const {
   encodeMessageToImage,
   extractMessageFromImage,
-} = require("./utils/steg");
+} = require("../lib/steg");
 
 // NOTE: This is just to increase obfuscation for steganography, NOT used for AES encryption
 // Kept for backward compatibility with images encoded using older versions
@@ -20,35 +21,67 @@ const SECRET_KEY = "S3cReTK3Y";
 let VERBOSE = false;
 let QUIET = false;
 
+// Color palette - using custom green #B4FA72 for consistent branding
+const colors = {
+  primary: chalk.hex("#B4FA72"), // Custom lime green
+  secondary: chalk.hex("#B4FA72"), // Same green for consistency
+  accent: chalk.hex("#B4FA72"), // Same green
+  muted: chalk.gray, // Gray for secondary text
+  error: chalk.red,
+  warning: chalk.yellow,
+  dim: chalk.hex("#B4FA72").dim, // Dimmed custom green for subtle text
+};
+
+/**
+ * ASCII Art Logo (matching the UI)
+ */
+const asciiLogo = `
+   ██████╗ ██████╗ ███████╗ ██████╗██████╗
+  ██╔═══██╗██╔══██╗██╔════╝██╔════╝██╔══██╗
+  ██║   ██║██████╔╝███████╗██║     ██████╔╝
+  ██║   ██║██╔══██╗╚════██║██║     ██╔══██╗
+  ╚██████╔╝██████╔╝███████║╚██████╗██║  ██║
+   ╚═════╝ ╚═════╝ ╚══════╝ ╚═════╝╚═╝  ╚═╝
+`;
+
+/**
+ * Terminal-style controls (for visual effect)
+ */
+const terminalControls = chalk.red("●") + " " + chalk.yellow("●") + " " + chalk.green("●");
+
 /**
  * Logging utilities
  */
 const log = {
-  info: (msg) => !QUIET && console.log(chalk.blue("ℹ"), msg),
-  success: (msg) => !QUIET && console.log(chalk.green("✔"), msg),
-  error: (msg) => console.error(chalk.red("✖"), msg),
-  warn: (msg) => !QUIET && console.log(chalk.yellow("⚠"), msg),
-  verbose: (msg) => VERBOSE && console.log(chalk.gray("→"), msg),
+  info: (msg) => !QUIET && console.log(colors.accent("ℹ"), msg),
+  success: (msg) => !QUIET && console.log(colors.primary("✔"), msg),
+  error: (msg) => console.error(colors.error("✖"), msg),
+  warn: (msg) => !QUIET && console.log(colors.warning("⚠"), msg),
+  verbose: (msg) => VERBOSE && console.log(colors.dim("→"), msg),
   box: (msg, options = {}) => !QUIET && console.log(boxen(msg, {
     padding: 1,
     margin: 1,
     borderStyle: "round",
-    borderColor: "cyan",
+    borderColor: "#B4FA72", // Custom lime green
     ...options
   })),
 };
 
 /**
- * Display welcome banner
+ * Display welcome banner with ASCII art
  */
 function showBanner() {
   if (QUIET) return;
 
-  const banner = chalk.keyword("violet").bold("obscr") +
-                 chalk.gray(" - Encrypt and hide your secure data\n") +
-                 chalk.dim("v0.2.1");
+  const header = terminalControls;
+  const logo = colors.primary(asciiLogo);
+  const subtitle = colors.primary("$") + " " + chalk.white("Steganography & Encryption Tool");
+  const info = colors.muted("AES-256-GCM Encryption | LSB Steganography | Secure Data Hiding");
+  const version = colors.dim("v1.0.0");
 
-  log.box(banner, { borderColor: "magenta" });
+  const banner = `${header}\n${logo}\n${subtitle}\n${info}\n\n${version}`;
+
+  log.box(banner, { borderColor: "green", padding: 0, margin: { top: 1, bottom: 1, left: 1, right: 1 } });
 }
 
 /**
@@ -56,22 +89,22 @@ function showBanner() {
  */
 function showExamples() {
   const examples = `
-${chalk.bold("Examples:")}
+${colors.primary.bold("Examples:")}
 
-${chalk.cyan("Encrypt with compression:")}
-  $ obscr encrypt -f photo.png -o secret.png --compress
+${colors.primary(">")} ${colors.secondary("Encrypt with compression:")}
+  ${colors.dim("$")} obscr encrypt -f photo.png -o secret.png --compress
 
-${chalk.cyan("Decrypt to file:")}
-  $ obscr decrypt -f secret.png -o message.txt
+${colors.primary(">")} ${colors.secondary("Decrypt to file:")}
+  ${colors.dim("$")} obscr decrypt -f secret.png -o message.txt
 
-${chalk.cyan("Interactive mode:")}
-  $ obscr interactive
+${colors.primary(">")} ${colors.secondary("Interactive mode:")}
+  ${colors.dim("$")} obscr interactive
 
-${chalk.cyan("Verbose output:")}
-  $ obscr encrypt -f image.png --verbose
+${colors.primary(">")} ${colors.secondary("Verbose output:")}
+  ${colors.dim("$")} obscr encrypt -f image.png --verbose
 
-${chalk.cyan("Quiet mode (minimal output):")}
-  $ obscr decrypt -f image.png --quiet
+${colors.primary(">")} ${colors.secondary("Quiet mode (minimal output):")}
+  ${colors.dim("$")} obscr decrypt -f image.png --quiet
 `;
 
   console.log(examples);
@@ -88,10 +121,10 @@ async function interactiveMode() {
     name: "action",
     message: "What would you like to do?",
     choices: [
-      { name: "🔒 Encrypt and hide a message in an image", value: "encrypt" },
-      { name: "🔓 Decrypt and extract a message from an image", value: "decrypt" },
-      { name: "ℹ️  Show usage examples", value: "examples" },
-      { name: "❌ Exit", value: "exit" },
+      { name: colors.primary("[+]") + " Encrypt and hide a message in an image", value: "encrypt" },
+      { name: colors.secondary("[-]") + " Decrypt and extract a message from an image", value: "decrypt" },
+      { name: colors.accent("[?]") + " Show usage examples", value: "examples" },
+      { name: colors.dim("[x]") + " Exit", value: "exit" },
     ],
   });
 
@@ -260,13 +293,13 @@ async function encryptCommand(filename, output, compress, message, password) {
     // Show summary
     if (!QUIET) {
       const summary = `
-${chalk.green.bold("✔ Encryption Successful")}
+${colors.primary.bold("✔ Encryption Successful")}
 
-${chalk.bold("Output:")} ${output}
-${chalk.bold("Capacity Used:")} ${result.capacity.utilization}
-${chalk.bold("  Total:")} ${result.capacity.totalBits} bits
-${chalk.bold("  Used:")} ${result.capacity.usedBits} bits
-${compress ? chalk.bold("Compression:") + " Enabled" : ""}
+${colors.primary(">")} ${colors.muted("Output:")} ${chalk.white(output)}
+${colors.primary(">")} ${colors.muted("Capacity Used:")} ${colors.secondary(result.capacity.utilization)}
+    ${colors.dim("Total:")} ${result.capacity.totalBits} bits
+    ${colors.dim("Used:")} ${result.capacity.usedBits} bits
+${compress ? colors.primary(">") + " " + colors.muted("Compression:") + " " + colors.secondary("Enabled") : ""}
 `;
       log.box(summary.trim(), { borderColor: "green" });
     }
@@ -326,9 +359,10 @@ async function decryptCommand(filename, output, password) {
     } else {
       if (!QUIET) {
         const messageBox = `
-${chalk.green.bold("✔ Decryption Successful")}
+${colors.primary.bold("✔ Decryption Successful")}
+
+${colors.primary(">")} ${colors.muted("Message:")}
 
-${chalk.bold("Message:")}
 ${chalk.white(decrypted)}
 `;
         log.box(messageBox.trim(), { borderColor: "green" });
@@ -348,7 +382,10 @@ ${chalk.white(decrypted)}
 }
 
 // Parse arguments
-const usage = chalk.keyword("violet")("\nUsage: obscr <command> [options]");
+const usage = colors.primary("\nUsage: obscr <command> [options]");
+
+// Track if a command was executed
+let commandExecuted = false;
 
 const argv = yargs
   .usage(usage)
@@ -390,6 +427,7 @@ const argv = yargs
       },
     },
     async (argv) => {
+      commandExecuted = true;
       VERBOSE = argv.verbose;
       QUIET = argv.quiet;
 
@@ -443,6 +481,7 @@ const argv = yargs
       },
     },
     async (argv) => {
+      commandExecuted = true;
       VERBOSE = argv.verbose;
       QUIET = argv.quiet;
 
@@ -465,6 +504,7 @@ const argv = yargs
     "Start interactive mode with guided workflow",
     {},
     async (argv) => {
+      commandExecuted = true;
       VERBOSE = argv.verbose;
       QUIET = argv.quiet;
       await interactiveMode();
@@ -475,15 +515,27 @@ const argv = yargs
     "Show usage examples",
     {},
     () => {
+      commandExecuted = true;
       showBanner();
       showExamples();
     }
   )
-  .epilog(`Run ${chalk.cyan("obscr examples")} to see usage examples`)
+  .epilog(`Run ${colors.primary("obscr examples")} to see usage examples`)
   .help()
   .alias("help", "h")
-  .version("0.2.1")
+  .version("1.0.0")
   .alias("version", "V")
-  .demandCommand(1, "You must specify a command")
-  .strict()
-  .argv;
+  .strict();
+
+// Parse the arguments
+const parsedArgv = argv.parse();
+
+// If no command was executed and not showing help/version, enter interactive mode
+if (!commandExecuted && !parsedArgv.help && !parsedArgv.version) {
+  VERBOSE = parsedArgv.verbose;
+  QUIET = parsedArgv.quiet;
+  interactiveMode().catch((err) => {
+    log.error(err.message);
+    process.exit(1);
+  });
+}

package/{bin/utils → lib}/crypto.js

@@ -70,32 +70,56 @@ const encrypt = async (message, password, compress = false) => {
  * @throws {Error} If decryption fails
  */
 const decrypt = async (encrypted, password) => {
-  const dataSplit = encrypted.split(":");
-
-  // Check if compression flag is present (backward compatible)
-  const isCompressed = dataSplit.length === 5 && dataSplit[4] === "1";
+  // Validate input
+  if (!encrypted || typeof encrypted !== "string") {
+    throw new Error(
+      "Invalid encrypted data. The image may not contain a hidden message, or the extraction failed."
+    );
+  }
 
-  const salt = base64Decoding(dataSplit[0]);
-  const nonce = base64Decoding(dataSplit[1]);
-  const ciphertext = dataSplit[2];
-  const gcmTag = base64Decoding(dataSplit[3]);
+  const dataSplit = encrypted.split(":");
 
-  const key = await pbkdf2Async(
-    password,
-    salt,
-    cryptoConfig.iterations,
-    cryptoConfig.keyLength,
-    cryptoConfig.digest
-  );
+  // Validate format - should have 4 or 5 parts (salt:nonce:ciphertext:tag[:compressed])
+  if (dataSplit.length < 4 || dataSplit.length > 5) {
+    throw new Error(
+      "Invalid encrypted message format. This may indicate:\n" +
+        "  • Wrong password used for decryption\n" +
+        "  • Image does not contain an encrypted message\n" +
+        "  • Corrupted or modified image file"
+    );
+  }
 
-  const decipher = crypto.createDecipheriv(
-    cryptoConfig.cipherAlgorithm,
-    key,
-    nonce
-  );
-  decipher.setAuthTag(gcmTag);
+  // Validate that all required parts exist and are not empty
+  if (!dataSplit[0] || !dataSplit[1] || !dataSplit[2] || !dataSplit[3]) {
+    throw new Error(
+      "Incomplete encrypted data. Wrong password or corrupted message."
+    );
+  }
 
   try {
+    // Check if compression flag is present (backward compatible)
+    const isCompressed = dataSplit.length === 5 && dataSplit[4] === "1";
+
+    const salt = base64Decoding(dataSplit[0]);
+    const nonce = base64Decoding(dataSplit[1]);
+    const ciphertext = dataSplit[2];
+    const gcmTag = base64Decoding(dataSplit[3]);
+
+    const key = await pbkdf2Async(
+      password,
+      salt,
+      cryptoConfig.iterations,
+      cryptoConfig.keyLength,
+      cryptoConfig.digest
+    );
+
+    const decipher = crypto.createDecipheriv(
+      cryptoConfig.cipherAlgorithm,
+      key,
+      nonce
+    );
+    decipher.setAuthTag(gcmTag);
+
     const decryptedChunks = [];
     decryptedChunks.push(decipher.update(Buffer.from(ciphertext, "base64")));
     decryptedChunks.push(decipher.final());
@@ -108,7 +132,27 @@ const decrypt = async (encrypted, password) => {
 
     return decrypted.toString("utf8");
   } catch (err) {
-    throw new Error(`Decryption failed: ${err.message}`);
+    // Check for common error patterns
+    if (err.message && err.message.includes("Unsupported state or unable to authenticate data")) {
+      throw new Error(
+        "Authentication failed: Incorrect password or tampered message.\n" +
+          "Make sure you're using the same password that was used for encryption."
+      );
+    }
+
+    if (err.message && err.message.includes("Invalid base64")) {
+      throw new Error(
+        "Invalid data encoding. This indicates:\n" +
+          "  • Wrong password (most likely)\n" +
+          "  • Corrupted or modified image"
+      );
+    }
+
+    // Generic decryption error
+    throw new Error(
+      `Decryption failed: ${err.message}\n` +
+        "This is most likely due to an incorrect password."
+    );
   }
 };
 
@@ -127,3 +171,4 @@ const base64Encoding = (input) => input.toString("base64");
 const base64Decoding = (input) => Buffer.from(input, "base64");
 
 module.exports = { encrypt, decrypt };
+

package/{bin/utils → lib}/mersenne-twister.js

@@ -45,7 +45,7 @@
         permission.
 
    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+   \"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
    LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
    A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
    CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
@@ -185,3 +185,4 @@ MersenneTwister.prototype.genrand_int32 = function () {
 /* These real versions are due to Isaku Wada, 2002/01/09 added */
 
 module.exports = { MersenneTwister };
+

package/{bin/utils → lib}/steg.js

@@ -7,31 +7,33 @@ const { PNG } = require("pngjs");
  * @param {number[]} dataBits - Array of data bits to write
  * @param {string} encryptionKey - Key for scrambling the data
  * @param {number} totalCapacity - Total capacity of the image in bits
- * @returns {number[]} Scrambled bit array with obfuscation
+ * @param {boolean} obfuscate - Whether to fill unused bits with random data (default: true)
+ * @returns {Object} Object with sparse bit mapping and metadata
  * @throws {Error} If data is too large for the image
  */
-const prepare_write_data = (dataBits, encryptionKey, totalCapacity) => {
+const prepare_write_data = (dataBits, encryptionKey, totalCapacity, obfuscate = true) => {
   const dataBitsLength = dataBits.length;
   if (dataBitsLength > totalCapacity) {
     throw new Error(
       `Message too large! Message requires ${dataBitsLength} bits, but image can only hold ${totalCapacity} bits. ` +
-      `Try using a larger image or enabling compression with --compress flag.`
+        `Try using a larger image or enabling compression with --compress flag.`
     );
   }
 
-  // Initialize with random bits for obfuscation
-  const result = new Array(totalCapacity);
-  for (let i = 0; i < totalCapacity; i++) {
-    result[i] = Math.floor(Math.random() * 2);
-  }
-
-  // Scramble actual data into random positions
+  // Always scramble message bits across entire image using password-derived positions
   const scrambledOrder = get_hashed_order(encryptionKey, totalCapacity);
+  const sparseData = {};
+
   for (let i = 0; i < dataBitsLength; i++) {
-    result[scrambledOrder[i]] = dataBits[i];
+    const position = scrambledOrder[i];
+    sparseData[position] = dataBits[i];
   }
 
-  return result;
+  return {
+    sparse: sparseData,
+    obfuscate: obfuscate,
+    totalCapacity: totalCapacity,
+  };
 };
 
 /**
@@ -61,9 +63,9 @@ const get_bits_lsb = (imageData) => {
   const result = [];
   // Process RGB channels (skip alpha at i+3)
   for (let i = 0; i < imageData.data.length; i += 4) {
-    result.push(imageData.data[i] % 2 === 1 ? 1 : 0);       // Red LSB
-    result.push(imageData.data[i + 1] % 2 === 1 ? 1 : 0);   // Green LSB
-    result.push(imageData.data[i + 2] % 2 === 1 ? 1 : 0);   // Blue LSB
+    result.push(imageData.data[i] % 2 === 1 ? 1 : 0); // Red LSB
+    result.push(imageData.data[i + 1] % 2 === 1 ? 1 : 0); // Green LSB
+    result.push(imageData.data[i + 2] % 2 === 1 ? 1 : 0); // Blue LSB
   }
   return result;
 };
@@ -71,10 +73,10 @@ const get_bits_lsb = (imageData) => {
 /**
  * Writes bits to the least significant bits of image RGB channels
  * @param {Object} imageData - PNG image data object
- * @param {number[]} bitsToWrite - Array of bits to write
+ * @param {Object} writeData - Object with sparse bit mapping and metadata
  * @returns {Object} Modified image data
  */
-const write_lsb = (imageData, bitsToWrite) => {
+const write_lsb = (imageData, writeData) => {
   /**
    * Clears the LSB of a byte value
    * @param {number} value - Byte value
@@ -93,21 +95,29 @@ const write_lsb = (imageData, bitsToWrite) => {
     return value % 2 === 1 ? value : value + 1;
   };
 
-  let bitIndex = 0;
-  for (let i = 0; i < imageData.data.length; i += 4) {
-    // Write to RGB channels
-    imageData.data[i] = bitsToWrite[bitIndex]
-      ? setLSB(imageData.data[i])
-      : clearLSB(imageData.data[i]);
-    imageData.data[i + 1] = bitsToWrite[bitIndex + 1]
-      ? setLSB(imageData.data[i + 1])
-      : clearLSB(imageData.data[i + 1]);
-    imageData.data[i + 2] = bitsToWrite[bitIndex + 2]
-      ? setLSB(imageData.data[i + 2])
-      : clearLSB(imageData.data[i + 2]);
-    imageData.data[i + 3] = 255; // Keep alpha channel at full opacity
-    bitIndex += 3;
+  const { sparse, obfuscate, totalCapacity } = writeData;
+
+  // Process each bit position in the image
+  for (let bitPos = 0; bitPos < totalCapacity; bitPos++) {
+    const pixelIdx = Math.floor(bitPos / 3);
+    const channelIdx = bitPos % 3;
+    const dataIdx = pixelIdx * 4 + channelIdx; // RGBA offset
+
+    if (sparse.hasOwnProperty(bitPos)) {
+      // Write actual message bit at this position
+      imageData.data[dataIdx] = sparse[bitPos]
+        ? setLSB(imageData.data[dataIdx])
+        : clearLSB(imageData.data[dataIdx]);
+    } else if (obfuscate) {
+      // Fill unused position with random bit for obfuscation
+      const randomBit = Math.floor(Math.random() * 2);
+      imageData.data[dataIdx] = randomBit
+        ? setLSB(imageData.data[dataIdx])
+        : clearLSB(imageData.data[dataIdx]);
+    }
+    // If obfuscate is false and no data at this position, leave pixel unchanged
   }
+
   return imageData;
 };
 
@@ -156,7 +166,8 @@ const extractMessageFromImage = async (imagePath, encryptionKey) => {
     if (message == null) {
       return {
         success: false,
-        error: "Decryption failed. Possible causes: wrong password, corrupted file, or no hidden message.",
+        error:
+          "Decryption failed. Possible causes: wrong password, corrupted file, or no hidden message.",
       };
     }
 
@@ -175,13 +186,15 @@ const extractMessageFromImage = async (imagePath, encryptionKey) => {
  * @param {string} message - Encrypted message to hide
  * @param {string} encryptionKey - Key for scrambling the data
  * @param {string} outputPath - Path for the output image (default: "encoded.png")
+ * @param {boolean} obfuscate - Whether to fill unused bits with random data (default: true)
  * @returns {Promise<{success: boolean, outputPath?: string, capacity?: Object, error?: string}>} Result object
  */
 const encodeMessageToImage = async (
   imagePath,
   message,
   encryptionKey,
-  outputPath = "encoded.png"
+  outputPath = "encoded.png",
+  obfuscate = true
 ) => {
   try {
     validateImageFile(imagePath);
@@ -203,7 +216,8 @@ const encodeMessageToImage = async (
     const encryptedBitStream = prepare_write_data(
       bitStream,
       encryptionKey,
-      totalCapacity
+      totalCapacity,
+      obfuscate
     );
 
     const encryptedImageData = write_lsb(imageData, encryptedBitStream);
@@ -229,3 +243,4 @@ module.exports = {
   encodeMessageToImage,
   calculateImageCapacity,
 };
+

package/{bin/utils → lib}/utils.js

@@ -25,9 +25,19 @@ const get_hashed_order = (password, arrayLength) => {
 };
 
 /**
- * Decodes a UTF-8 byte array to a string
- * @param {number[]} bytes - Array of byte values
- * @returns {string} Decoded UTF-8 string
+ * Decodes a UTF-8 byte array to a string with bounds checking
+ * Handles truncated multi-byte sequences gracefully by stopping at truncation
+ * rather than reading undefined values. This is especially important when
+ * decrypting with the wrong password, which produces random byte sequences.
+ *
+ * @param {number[]} bytes - Array of byte values (0-255)
+ * @returns {string} Decoded UTF-8 string (stops at first truncated sequence)
+ * @example
+ * // Valid UTF-8
+ * utf8Decode([72, 101, 108, 108, 111]); // "Hello"
+ *
+ * // Truncated multi-byte sequence (wrong password scenario)
+ * utf8Decode([72, 101, 195]); // "He" (stops at truncated byte)
  */
 const utf8Decode = (bytes) => {
   const chars = [];
@@ -37,8 +47,6 @@ const utf8Decode = (bytes) => {
 
   while (offset < length) {
     currentByte = bytes[offset];
-    secondByte = bytes[offset + 1];
-    thirdByte = bytes[offset + 2];
 
     if (128 > currentByte) {
       // Single-byte character (ASCII)
@@ -46,10 +54,21 @@ const utf8Decode = (bytes) => {
       offset += 1;
     } else if (191 < currentByte && currentByte < 224) {
       // Two-byte character
+      if (offset + 1 >= length) {
+        // Truncated multi-byte sequence
+        break;
+      }
+      secondByte = bytes[offset + 1];
       chars.push(String.fromCharCode(((currentByte & 31) << 6) | (secondByte & 63)));
       offset += 2;
     } else {
       // Three-byte character
+      if (offset + 2 >= length) {
+        // Truncated multi-byte sequence
+        break;
+      }
+      secondByte = bytes[offset + 1];
+      thirdByte = bytes[offset + 2];
       chars.push(
         String.fromCharCode(
           ((currentByte & 15) << 12) | ((secondByte & 63) << 6) | (thirdByte & 63)
@@ -171,3 +190,4 @@ const str_to_bits = (str, numCopies) => {
 };
 
 module.exports = { get_hashed_order, str_to_bits, bits_to_str };
+

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "obscr",
-  "version": "0.2.1",
-  "description": "Encrypt and hide your secure data",
+  "version": "1.0.0",
+  "description": "Encrypt and hide your secure data in images using AES-256-GCM encryption and LSB steganography",
   "main": "bin/index.js",
   "bin": {
     "obscr": "./bin/index.js"
@@ -10,11 +10,19 @@
     "test": "jest --coverage",
     "test:watch": "jest --watch",
     "test:unit": "jest test/unit",
-    "test:integration": "jest test/integration"
+    "test:integration": "jest test/integration",
+    "dev": "concurrently -k \"vite\" \"npm:electron-dev\"",
+    "electron-dev": "electron electron/main.js",
+    "build:react": "vite build",
+    "build": "npm run build:react && electron-builder"
   },
   "publishConfig": {
     "registry": "https://registry.npmjs.org"
   },
+  "files": [
+    "bin/",
+    "lib/"
+  ],
   "author": "Johannes Dragulanescu",
   "license": "MIT",
   "repository": "github:jdragulanescu/obscr",
@@ -28,7 +36,6 @@
   "dependencies": {
     "boxen": "^5.1.2",
     "chalk": "^4.1.2",
-    "cli-progress": "^3.12.0",
     "crypto-js": "^4.1.1",
     "inquirer": "^8.0.0",
     "ora": "^5.4.1",
@@ -36,7 +43,37 @@
     "yargs": "^17.5.1"
   },
   "devDependencies": {
-    "jest": "^29.7.0"
+    "@tailwindcss/postcss": "^4.1.18",
+    "@vitejs/plugin-react": "^4.0.0",
+    "autoprefixer": "^10.4.23",
+    "class-variance-authority": "^0.7.1",
+    "cli-progress": "^3.12.0",
+    "clsx": "^2.1.1",
+    "concurrently": "^9.0.0",
+    "electron": "^40.0.0",
+    "electron-builder": "^26.4.0",
+    "jest": "^29.7.0",
+    "lucide-react": "^0.562.0",
+    "postcss": "^8.5.6",
+    "react": "^18.3.1",
+    "react-dom": "^18.3.1",
+    "tailwind-merge": "^3.4.0",
+    "tailwindcss": "^4.1.18",
+    "vite": "^6.0.0",
+    "zxcvbn": "^4.4.2"
+  },
+  "build": {
+    "appId": "com.obscr.app",
+    "files": [
+      "dist/**",
+      "electron/**",
+      "lib/**",
+      "bin/**",
+      "package.json"
+    ],
+    "extraMetadata": {
+      "main": "electron/main.js"
+    }
   },
   "jest": {
     "testEnvironment": "node",

package/CHANGELOG.md

@@ -1,92 +0,0 @@
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-## [0.2.1] - 2026-01-20
-
-### Added
-- `.npmignore` file to exclude tests and development files from npm package
-- 23 new CLI integration tests for command-line interface validation
-- 3 additional steg unit tests for edge case validation
-
-### Changed
-- Interactive mode now runs by default when no command is provided
-- Improved spacing throughout CLI output for better readability
-- Package size reduced (only production files included in npm package)
-
-### Fixed
-- Fixed boxen borderColor compatibility issue (changed from "violet" to "magenta")
-
-### Testing
-- Total test count: 103 tests (up from 80)
-- Overall coverage: 90.45%
-- All tests passing
-
-## [0.2.0] - 2026-01-20
-
-### Added
-- **Compression Support**: Optional gzip compression using `--compress` flag to reduce message size by 50-90%
-- **Custom Output Filename**: `-o/--output` flag for encrypt command to specify output filename (default: "encoded.png")
-- **Image Capacity Validation**: Automatic validation that message fits in image with helpful error messages
-- **Capacity Information**: Shows capacity utilization after successful encryption
-- **Comprehensive Test Suite**: 80 tests with 90%+ code coverage
-  - Unit tests for crypto (100% coverage), utils (100% coverage), and steg (97% coverage)
-  - Integration tests for full workflows
-  - Automated test fixtures and isolated test outputs
-- **JSDoc Documentation**: All exported functions now have detailed JSDoc comments
-- **Enhanced README**: Comprehensive documentation with examples, security notes, and technical details
-
-### UX Enhancements
-- **Interactive Mode**: New `obscr interactive` command with guided menu-driven workflow
-- **Progress Indicators**: Real-time spinners showing encryption/decryption progress with ora
-- **Visual Feedback**: Color-coded messages with icons (✔, ✖, ℹ, ⚠) and beautiful boxed outputs
-- **Verbose Mode**: `-v/--verbose` flag for detailed technical information and debugging
-- **Quiet Mode**: `-q/--quiet` flag for minimal output, perfect for scripting and automation
-- **Confirmation Prompts**: Asks before overwriting existing files
-- **Examples Command**: New `obscr examples` command showing usage examples
-- **Better Help Text**: Improved help messages with clearer descriptions
-- **Welcome Banner**: Stylish welcome banner with version information (can be suppressed with --quiet)
-- **Password Masking**: Visual asterisks when entering passwords
-- **Smart Validation**: Real-time input validation with helpful error messages
-
-### Changed
-- **Async/Await Pattern**: Replaced synchronous crypto operations with async Promise-based approach for better performance
-- **Modern JavaScript**: Converted `var` to `const`/`let`, using template literals throughout
-- **Better Variable Names**: Improved naming for clarity (e.g., `c` → `currentByte`, `tmp` → `powerOfTwo`)
-- **Error Handling**: Consistent error handling with structured return types `{success, data, error}`
-- **Return Types**: Changed from tuple returns `[boolean, data]` to objects for better clarity
-- **Array Optimizations**: Pre-allocated arrays instead of dynamic growth
-
-### Fixed
-- **Debug Output Removed**: Removed debug `console.log` statement in encrypt command
-- **Error Object Handling**: Now throws proper Error objects instead of strings
-- **Fixed Output Filename**: Encrypt command now supports custom output instead of hardcoded "encoded.png"
-
-### Security
-- **Backward Compatibility Maintained**:
-  - SECRET_KEY preserved for compatibility with older encrypted images
-  - Can decrypt images created with previous versions
-  - Automatically detects compressed vs uncompressed messages
-- All encryption parameters unchanged (AES-256-GCM, PBKDF2 with 65,535 iterations)
-
-### Technical Notes
-- Compression format adds optional 5th field: `salt:nonce:ciphertext:tag[:1]`
-- Async operations provide foundation for future streaming implementations
-- Test outputs isolated in `test/output/` directory and properly gitignored
-
-## [0.1.2] - 2022-09-11
-
-### Changed
-- Updated dependencies
-- Cleaned up codebase
-
-## [0.1.1] - 2022-07-08
-
-### Added
-- Initial release with AES-256-GCM encryption
-- LSB steganography for PNG images
-- Password-based key derivation with PBKDF2
-- CLI interface with encrypt/decrypt commands