qr-secure-send 1.0.0 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/settings.local.json +4 -1
- package/README.md +40 -2
- package/cli.js +15 -0
- package/index.html +829 -351
- package/package.json +5 -2
package/README.md
CHANGED
|
@@ -10,10 +10,20 @@ Encrypt and transfer secrets (passwords, keys, tokens) between devices via QR co
|
|
|
10
10
|
|
|
11
11
|
## Security
|
|
12
12
|
|
|
13
|
-
- **AES-256-GCM** authenticated encryption
|
|
13
|
+
- **AES-256-GCM** authenticated encryption via the [Web Crypto API](https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API) (browser built-in)
|
|
14
14
|
- **PBKDF2** key derivation with 310,000 iterations
|
|
15
15
|
- Random salt and IV per encryption — no key reuse
|
|
16
16
|
- Fully client-side — zero network requests for your data
|
|
17
|
+
- **Zero external dependencies** — QR generation is implemented inline, QR scanning uses the native [BarcodeDetector API](https://developer.mozilla.org/en-US/docs/Web/API/BarcodeDetector). The entire source is in a single HTML file that can be read and audited.
|
|
18
|
+
|
|
19
|
+
## Browser Support
|
|
20
|
+
|
|
21
|
+
| Feature | Chrome | Edge | Safari | Firefox |
|
|
22
|
+
|---------|--------|------|--------|---------|
|
|
23
|
+
| QR Generation | Yes | Yes | Yes | Yes |
|
|
24
|
+
| QR Scanning | Yes | Yes | Yes (17.2+) | No* |
|
|
25
|
+
|
|
26
|
+
\* Firefox does not support the BarcodeDetector API.
|
|
17
27
|
|
|
18
28
|
## Quick Start
|
|
19
29
|
|
|
@@ -23,7 +33,35 @@ npm start
|
|
|
23
33
|
|
|
24
34
|
Opens on [http://localhost:3000](http://localhost:3000).
|
|
25
35
|
|
|
26
|
-
|
|
36
|
+
Or just open `index.html` directly in your browser (camera scanning requires localhost or HTTPS).
|
|
37
|
+
|
|
38
|
+
### Global install
|
|
39
|
+
|
|
40
|
+
```bash
|
|
41
|
+
npm install -g qr-secure-send
|
|
42
|
+
qr-secure-send # starts on port 3000
|
|
43
|
+
qr-secure-send 8080 # custom port
|
|
44
|
+
```
|
|
45
|
+
|
|
46
|
+
### One-time use
|
|
47
|
+
|
|
48
|
+
```bash
|
|
49
|
+
npx qr-secure-send
|
|
50
|
+
```
|
|
51
|
+
|
|
52
|
+
## Dependencies
|
|
53
|
+
|
|
54
|
+
This project uses **no runtime JavaScript dependencies**. Everything — encryption, QR code generation, and QR scanning — is implemented using browser-native APIs and inline code.
|
|
55
|
+
|
|
56
|
+
The only dev/CLI dependency is [`serve`](https://www.npmjs.com/package/serve) (fetched on-demand via `npx`) to host the static file locally.
|
|
57
|
+
|
|
58
|
+
## Disclaimer
|
|
59
|
+
|
|
60
|
+
This software is provided **"as is"**, without warranty of any kind, express or implied. Use it at your own risk.
|
|
61
|
+
|
|
62
|
+
While this tool uses standard, well-regarded cryptographic primitives (AES-256-GCM, PBKDF2) via the browser's built-in Web Crypto API, **it has not been independently audited**. The authors are not responsible for any data loss, security breaches, or damages resulting from the use of this software.
|
|
63
|
+
|
|
64
|
+
Do not rely on this tool as your sole security measure for highly sensitive data. Always follow security best practices.
|
|
27
65
|
|
|
28
66
|
## License
|
|
29
67
|
|
package/cli.js
ADDED
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
|
|
3
|
+
const { execSync } = require("child_process");
|
|
4
|
+
const path = require("path");
|
|
5
|
+
|
|
6
|
+
const dir = path.resolve(__dirname);
|
|
7
|
+
const port = process.argv[2] || 3000;
|
|
8
|
+
|
|
9
|
+
console.log(`QR Secure Send running at http://localhost:${port}`);
|
|
10
|
+
|
|
11
|
+
try {
|
|
12
|
+
execSync(`npx serve -l ${port} "${dir}"`, { stdio: "inherit" });
|
|
13
|
+
} catch (_) {
|
|
14
|
+
// user pressed Ctrl+C
|
|
15
|
+
}
|