npm - seabox - Versions diffs - 0.1.2 → 0.2.0 - Mend

seabox 0.1.2 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

package/.mocharc.json +6 -6
package/LICENSE.MD +21 -21
package/README.md +310 -310
package/bin/seabox-rebuild.mjs +88 -88
package/bin/seabox.mjs +150 -147
package/lib/blob.mjs +104 -104
package/lib/bootstrap.cjs +756 -756
package/lib/build-cache.mjs +199 -199
package/lib/build.mjs +77 -77
package/lib/config.mjs +243 -243
package/lib/crypto-assets.mjs +125 -125
package/lib/diagnostics.mjs +203 -203
package/lib/entry-bundler.mjs +64 -64
package/lib/fetch-node.mjs +172 -172
package/lib/index.mjs +26 -26
package/lib/inject.mjs +106 -106
package/lib/manifest.mjs +100 -100
package/lib/multi-target-builder.mjs +697 -697
package/lib/native-scanner.mjs +203 -203
package/lib/obfuscate.mjs +51 -51
package/lib/require-shim.mjs +113 -113
package/lib/rolldown-bundler.mjs +411 -411
package/lib/unsign.cjs +197 -169
package/package.json +61 -61

package/lib/unsign.cjs CHANGED Viewed

@@ -1,169 +1,197 @@
-/**
- * unsign.js
- * Remove code signatures from executables before injection.
- * This prevents signature corruption during postject injection.
- */
-const { execFile } = require('child_process');
-const { promisify } = require('util');
-const execFileAsync = promisify(execFile);
-// Simple verbose logging flag (set by inject.mjs)
-let verboseMode = false;
-function setVerbose(enabled) {
-  verboseMode = enabled;
-}
-function logVerbose(message, indent = 2) {
-  if (verboseMode) {
-    console.log('  '.repeat(indent) + message);
-  }
-}
-/**
- * Check if a signing tool is available on the system.
- * @param {string} platform - Target platform (win32, linux, darwin)
- * @returns {Promise<{available: boolean, tool: string|null}>}
- */
-async function checkSignToolAvailability(platform) {
-  const tools = {
-    win32: 'signtool.exe',
-    darwin: 'codesign',
-  };
-  const tool = tools[platform];
-  if (!tool) {
-    return { available: false, tool: null };
-  }
-  try {
-    // Try to execute the tool with a version/help flag to check availability
-    if (platform === 'win32') {
-      await execFileAsync('where', ['signtool.exe']);
-    } else if (platform === 'darwin') {
-      await execFileAsync('which', ['codesign']);
-    }
-    return { available: true, tool };
-  } catch (error) {
-    return { available: false, tool };
-  }
-}
-/**
- * Remove signature from a Windows executable using signtool.
- * @param {string} exePath - Path to the executable
- * @returns {Promise<{success: boolean, message: string}>}
- */
-async function removeWindowsSignature(exePath) {
-  try {
-    const { stdout, stderr } = await execFileAsync('signtool.exe', ['remove', '/s', exePath]);
-    const output = (stdout + stderr).toLowerCase();
-    // Check if successfully removed
-    if (output.includes('successfully')) {
-      return { success: true, message: 'Signature removed successfully' };
-    }
-    // Check if there was no signature
-    if (output.includes('no signature') || output.includes('not signed')) {
-      return { success: true, message: 'Binary was not signed (no signature to remove)' };
-    }
-    return { success: true, message: stdout || 'Signature removal completed' };
-  } catch (error) {
-    const errorMsg = error.message || error.stderr || '';
-    // Not an error if there was no signature to begin with
-    if (errorMsg.includes('No signature') || errorMsg.includes('not signed')) {
-      return { success: true, message: 'Binary was not signed (no signature to remove)' };
-    }
-    return { success: false, message: `Failed to remove signature: ${errorMsg}` };
-  }
-}
-/**
- * Remove signature from a macOS executable using codesign.
- * @param {string} exePath - Path to the executable
- * @returns {Promise<{success: boolean, message: string}>}
- */
-async function removeMacSignature(exePath) {
-  try {
-    // On macOS, use --remove-signature flag
-    const { stdout, stderr } = await execFileAsync('codesign', ['--remove-signature', exePath]);
-    return { success: true, message: 'Signature removed successfully' };
-  } catch (error) {
-    const errorMsg = error.message || error.stderr || '';
-    // Not an error if there was no signature
-    if (errorMsg.includes('not signed') || errorMsg.includes('no signature')) {
-      return { success: true, message: 'Binary was not signed (no signature to remove)' };
-    }
-    return { success: false, message: `Failed to remove signature: ${errorMsg}` };
-  }
-}
-/**
- * Remove code signature from an executable before injection.
- * This is critical to prevent signature corruption during postject injection.
- * @param {string} exePath - Path to the executable
- * @param {string} platform - Target platform (win32, linux, darwin)
- * @returns {Promise<void>}
- */
-async function removeSignature(exePath, platform) {
-  // Linux binaries are typically not signed, so skip signature removal
-  if (platform === 'linux') {
-    logVerbose('Skipping signature removal (Linux binaries are typically unsigned)');
-    return;
-  }
-  const { available, tool } = await checkSignToolAvailability(platform);
-  if (!available) {
-    logVerbose(`[!] Warning: Signature removal tool not found for ${platform}`);
-    logVerbose(`Tool needed: ${tool || 'unknown'}`, 2);
-    logVerbose(`The binary may have an existing signature that will be corrupted during injection.`, 2);
-    if (platform === 'win32') {
-      logVerbose(`Install Windows SDK to get signtool.exe`, 2);
-      logVerbose(`Download from: https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/`, 2);
-    } else if (platform === 'darwin') {
-      logVerbose(`Install Xcode Command Line Tools to get codesign`, 2);
-      logVerbose(`Run: xcode-select --install`, 2);
-    }
-    return;
-  }
-  logVerbose(`Found ${tool}, attempting to remove signature...`);
-  let result;
-  if (platform === 'win32') {
-    result = await removeWindowsSignature(exePath);
-  } else if (platform === 'darwin') {
-    result = await removeMacSignature(exePath);
-  } else {
-    logVerbose(`[!] Warning: Unsupported platform for signature removal: ${platform}`);
-    return;
-  }
-  if (result.success) {
-    logVerbose(`[✓] ${result.message}`);
-  } else {
-    logVerbose(`[!] Warning: ${result.message}`);
-    logVerbose(`Continuing anyway, but the executable may have signature issues.`, 2);
-  }
-}
-module.exports = {
-  removeSignature,
-  checkSignToolAvailability,
-  removeWindowsSignature,
-  removeMacSignature,
-  setVerbose,
-};
+/**
+ * unsign.js
+ * Remove code signatures from executables before injection.
+ * This prevents signature corruption during postject injection.
+ */
+const { execFile } = require('child_process');
+const { promisify } = require('util');
+const execFileAsync = promisify(execFile);
+// Simple verbose logging flag (set by inject.mjs)
+let verboseMode = false;
+function setVerbose(enabled) {
+  verboseMode = enabled;
+}
+function logVerbose(message, indent = 2) {
+  if (verboseMode) {
+    console.log('  '.repeat(indent) + message);
+  }
+}
+function delay(ms) {
+  return new Promise(resolve => setTimeout(resolve, ms));
+}
+/**
+ * Check if a signing tool is available on the system.
+ * @param {string} platform - Target platform (win32, linux, darwin)
+ * @returns {Promise<{available: boolean, tool: string|null}>}
+ */
+async function checkSignToolAvailability(platform) {
+  const tools = {
+    win32: 'signtool.exe',
+    darwin: 'codesign',
+  };
+  const tool = tools[platform];
+  if (!tool) {
+    return { available: false, tool: null };
+  }
+  try {
+    // Try to execute the tool with a version/help flag to check availability
+    if (platform === 'win32') {
+      await execFileAsync('where', ['signtool.exe']);
+    } else if (platform === 'darwin') {
+      await execFileAsync('which', ['codesign']);
+    }
+    return { available: true, tool };
+  } catch (error) {
+    return { available: false, tool };
+  }
+}
+/**
+ * Remove signature from a Windows executable using signtool.
+ * @param {string} exePath - Path to the executable
+ * @returns {Promise<{success: boolean, message: string}>}
+ */
+async function removeWindowsSignature(exePath) {
+  let lastError = null;
+  for (let attempt = 1; attempt <= 3; attempt++) {
+    try {
+      const { stdout, stderr } = await execFileAsync('signtool.exe', ['remove', '/s', exePath]);
+      const output = (stdout + stderr).toLowerCase();
+      // Check if successfully removed
+      if (output.includes('successfully')) {
+        return { success: true, message: 'Signature removed successfully' };
+      }
+      // Check if there was no signature
+      if (output.includes('no signature') || output.includes('not signed')) {
+        return { success: true, message: 'Binary was not signed (no signature to remove)' };
+      }
+      return { success: true, message: stdout || 'Signature removal completed' };
+    } catch (error) {
+      const errorMsg = error.message || error.stderr || '';
+      // Not an error if there was no signature to begin with
+      if (errorMsg.includes('No signature') || errorMsg.includes('not signed')) {
+        return { success: true, message: 'Binary was not signed (no signature to remove)' };
+      }
+      lastError = errorMsg;
+      // If not the last attempt, wait before retrying
+      if (attempt < 3) {
+        await delay(500);
+        continue;
+      }
+    }
+  }
+  return { success: false, message: `Failed to remove signature: ${lastError}` };
+}
+/**
+ * Remove signature from a macOS executable using codesign.
+ * @param {string} exePath - Path to the executable
+ * @returns {Promise<{success: boolean, message: string}>}
+ */
+async function removeMacSignature(exePath) {
+  let lastError = null;
+  for (let attempt = 1; attempt <= 3; attempt++) {
+    try {
+      // On macOS, use --remove-signature flag
+      const { stdout, stderr } = await execFileAsync('codesign', ['--remove-signature', exePath]);
+      return { success: true, message: 'Signature removed successfully' };
+    } catch (error) {
+      const errorMsg = error.message || error.stderr || '';
+      // Not an error if there was no signature
+      if (errorMsg.includes('not signed') || errorMsg.includes('no signature')) {
+        return { success: true, message: 'Binary was not signed (no signature to remove)' };
+      }
+      lastError = errorMsg;
+      // If not the last attempt, wait before retrying
+      if (attempt < 3) {
+        await delay(500);
+        continue;
+      }
+    }
+  }
+  return { success: false, message: `Failed to remove signature: ${lastError}` };
+}
+/**
+ * Remove code signature from an executable before injection.
+ * This is critical to prevent signature corruption during postject injection.
+ * @param {string} exePath - Path to the executable
+ * @param {string} platform - Target platform (win32, linux, darwin)
+ * @returns {Promise<void>}
+ */
+async function removeSignature(exePath, platform) {
+  // Linux binaries are typically not signed, so skip signature removal
+  if (platform === 'linux') {
+    logVerbose('Skipping signature removal (Linux binaries are typically unsigned)');
+    return;
+  }
+  const { available, tool } = await checkSignToolAvailability(platform);
+  if (!available) {
+    logVerbose(`[!] Warning: Signature removal tool not found for ${platform}`);
+    logVerbose(`Tool needed: ${tool || 'unknown'}`, 2);
+    logVerbose(`The binary may have an existing signature that will be corrupted during injection.`, 2);
+    if (platform === 'win32') {
+      logVerbose(`Install Windows SDK to get signtool.exe`, 2);
+      logVerbose(`Download from: https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/`, 2);
+    } else if (platform === 'darwin') {
+      logVerbose(`Install Xcode Command Line Tools to get codesign`, 2);
+      logVerbose(`Run: xcode-select --install`, 2);
+    }
+    return;
+  }
+  logVerbose(`Found ${tool}, attempting to remove signature...`);
+  let result;
+  if (platform === 'win32') {
+    result = await removeWindowsSignature(exePath);
+  } else if (platform === 'darwin') {
+    result = await removeMacSignature(exePath);
+  } else {
+    logVerbose(`[!] Warning: Unsupported platform for signature removal: ${platform}`);
+    return;
+  }
+  if (result.success) {
+    logVerbose(`[✓] ${result.message}`);
+  } else {
+    logVerbose(`[!] Warning: ${result.message}`);
+    logVerbose(`Continuing anyway, but the executable may have signature issues.`, 2);
+  }
+}
+module.exports = {
+  removeSignature,
+  checkSignToolAvailability,
+  removeWindowsSignature,
+  removeMacSignature,
+  setVerbose,
+};

package/package.json CHANGED Viewed

@@ -1,61 +1,61 @@
-{
-  "name": "seabox",
-  "version": "0.1.2",
-  "description": "Node.js Single Executable Application (SEA) builder tool with native and library extraction",
-  "main": "lib/index.mjs",
-  "type": "module",
-  "bin": {
-    "seabox": "bin/seabox.mjs"
-  },
-  "scripts": {
-    "clean": "rimraf dist",
-    "prepublishOnly": "",
-    "test": "mocha"
-  },
-  "keywords": [
-    "sea",
-    "build",
-    "builder",
-    "single-executable",
-    "SEA",
-    "native",
-    "module",
-    "pkg",
-    "dll",
-    "packaging",
-    "node",
-    "postject"
-  ],
-  "author": "Meirion Hughes",
-  "license": "MIT",
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/MeirionHughes/seabox"
-  },
-  "homepage": "https://github.com/MeirionHughes/seabox",
-  "dependencies": {
-    "adm-zip": "^0.5.16",
-    "glob": "^10.0.0",
-    "postject": "^1.0.0-alpha.6",
-    "rolldown": "^1.0.0-beta.50",
-    "tar": "^6.2.1"
-  },
-  "peerDependencies": {
-    "rcedit": "^4.0.1"
-  },
-  "peerDependenciesMeta": {
-    "rcedit": {
-      "optional": true
-    }
-  },
-  "devDependencies": {
-    "chai": "^6.2.1",
-    "javascript-obfuscator": "^4.1.1",
-    "mocha": "^11.7.5",
-    "node-api-headers": "^1.2.0",
-    "rimraf": "^6.0.1"
-  },
-  "engines": {
-    "node": ">=18.0.0"
-  }
-}
+{
+  "name": "seabox",
+  "version": "0.2.0",
+  "description": "Node.js Single Executable Application (SEA) builder tool with native and library extraction",
+  "main": "lib/index.mjs",
+  "type": "module",
+  "bin": {
+    "seabox": "bin/seabox.mjs"
+  },
+  "scripts": {
+    "clean": "rimraf dist",
+    "prepublishOnly": "",
+    "test": "mocha"
+  },
+  "keywords": [
+    "sea",
+    "build",
+    "builder",
+    "single-executable",
+    "SEA",
+    "native",
+    "module",
+    "pkg",
+    "dll",
+    "packaging",
+    "node",
+    "postject"
+  ],
+  "author": "Meirion Hughes",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/MeirionHughes/seabox"
+  },
+  "homepage": "https://github.com/MeirionHughes/seabox",
+  "dependencies": {
+    "adm-zip": "^0.5.16",
+    "glob": "^10.0.0",
+    "postject": "^1.0.0-alpha.6",
+    "rolldown": "^1.0.0-beta.50",
+    "tar": "^6.2.1"
+  },
+  "peerDependencies": {
+    "rcedit": "^4.0.1"
+  },
+  "peerDependenciesMeta": {
+    "rcedit": {
+      "optional": true
+    }
+  },
+  "devDependencies": {
+    "chai": "^6.2.1",
+    "javascript-obfuscator": "^4.1.1",
+    "mocha": "^11.7.5",
+    "node-api-headers": "^1.2.0",
+    "rimraf": "^6.0.1"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  }
+}