updating-secrets 0.2.0 → 0.3.1

package/dist/adapters/aws-secrets-manager.adapter.d.ts

@@ -1,5 +1,5 @@
-import { GetSecretValueCommandOutput, type GetSecretValueCommand } from '@aws-sdk/client-secrets-manager';
-import { ProcessedSecretDefinitions } from '../secrets-definition/define-secrets.js';
+import { type GetSecretValueCommand, type GetSecretValueCommandOutput } from '@aws-sdk/client-secrets-manager';
+import { type ProcessedSecretDefinitions } from '../secrets-definition/define-secrets.js';
 import { BaseSecretsAdapter } from './base.adapter.js';
 /**
  * Minimal subset of AWS's `SecretsManagerClient` from the

package/dist/adapters/base.adapter.d.ts

@@ -1,5 +1,5 @@
-import type { JsonCompatibleValue, MaybePromise } from '@augment-vir/common';
-import { ProcessedSecretDefinitions } from '../secrets-definition/define-secrets.js';
+import { type JsonCompatibleValue, type MaybePromise } from '@augment-vir/common';
+import { type ProcessedSecretDefinitions } from '../secrets-definition/define-secrets.js';
 /**
  * Raw secret values as returned by an adapter's `loadSecrets` method.
  *

package/dist/adapters/infisical.adapter.d.ts

@@ -0,0 +1,70 @@
+import { type Values } from '@augment-vir/common';
+import { type ListSecretsOptions, type Secret } from '@infisical/sdk';
+import { type ProcessedSecretDefinitions } from '../secrets-definition/define-secrets.js';
+import { BaseSecretsAdapter, type RawSecrets } from './base.adapter.js';
+/**
+ * Intermediate type for processing secrets from Infisical. Used in {@link InfisicalAdapter} and
+ * helper functions.
+ *
+ * @category Internal
+ */
+export type MappedInfisicalSecrets = {
+    [SecretKey in string]: string | MappedInfisicalSecrets | Error;
+};
+/**
+ * The necessary subset of the `InfisicalSDK` API that {@link InfisicalAdapter} requires.
+ *
+ * @category Internal
+ */
+export type NeededInfisicalSdk = {
+    /** Get the Infisical secrets client. */
+    secrets(): {
+        /** List the Infisical secrets. */
+        listSecrets(options: ListSecretsOptions): Promise<{
+            secrets: NeededInfisicalSecret[];
+        }>;
+    };
+};
+/**
+ * The necessary subset of the Infisical `Secret` type that {@link InfisicalAdapter} requires.
+ *
+ * @category Internal
+ */
+export type NeededInfisicalSecret = Pick<Secret, 'secretKey' | 'secretPath' | 'secretValue'>;
+/**
+ * Loads secrets from Infisical. A `InfisicalSDK` instance must be provided. The `InfisicalSDK`
+ * instance must also be authorized _before_ passing it into this.
+ *
+ * @category Adapters
+ */
+export declare class InfisicalAdapter extends BaseSecretsAdapter {
+    /**
+     * Make sure that you've already authenticated this client.
+     * (`client.auth().universalAuth.login()`)
+     */
+    protected readonly infisicalClient: Readonly<NeededInfisicalSdk>;
+    /** `'dev'`, `'staging'`, `'prod'`, etc. */
+    protected readonly infisicalEnvironment: string;
+    constructor(
+    /**
+     * Make sure that you've already authenticated this client.
+     * (`client.auth().universalAuth.login()`)
+     */
+    infisicalClient: Readonly<NeededInfisicalSdk>, 
+    /** `'dev'`, `'staging'`, `'prod'`, etc. */
+    infisicalEnvironment: string);
+    /** Load secrets from the provided `InfisicalSDK`. */
+    loadSecrets(secrets: ProcessedSecretDefinitions): RawSecrets;
+}
+/**
+ * Get an Infisical secret value nested within an object.
+ *
+ * @category Internal
+ */
+export declare function getNested(parent: MappedInfisicalSecrets, keys: string[]): Values<MappedInfisicalSecrets>;
+/**
+ * Set an Infisical secret value nested within an object.
+ *
+ * @category Internal
+ */
+export declare function setNested(parent: MappedInfisicalSecrets, keys: string[], value: string): void;

package/dist/adapters/infisical.adapter.js

@@ -0,0 +1,168 @@
+import { check } from '@augment-vir/assert';
+import { ensureError, getOrSet, mapObjectValuesSync, parseWithJson5, removePrefix, removeSuffix, stringify, wrapInTry, } from '@augment-vir/common';
+import { BaseSecretsAdapter } from './base.adapter.js';
+/**
+ * Loads secrets from Infisical. A `InfisicalSDK` instance must be provided. The `InfisicalSDK`
+ * instance must also be authorized _before_ passing it into this.
+ *
+ * @category Adapters
+ */
+export class InfisicalAdapter extends BaseSecretsAdapter {
+    infisicalClient;
+    infisicalEnvironment;
+    constructor(
+    /**
+     * Make sure that you've already authenticated this client.
+     * (`client.auth().universalAuth.login()`)
+     */
+    infisicalClient, 
+    /** `'dev'`, `'staging'`, `'prod'`, etc. */
+    infisicalEnvironment) {
+        super('InfisicalAdapter');
+        this.infisicalClient = infisicalClient;
+        this.infisicalEnvironment = infisicalEnvironment;
+    }
+    /** Load secrets from the provided `InfisicalSDK`. */
+    loadSecrets(secrets) {
+        const secretsCache = {};
+        return mapObjectValuesSync(secrets, (secretName, secretDefinition) => {
+            const infisicalConfig = secretDefinition.adapterConfig.infisical;
+            if (!infisicalConfig) {
+                return new Error(`No Infisical adapter config (required for using InfisicalAdapter) defined for secret '${secretDefinition.secretName}'.`);
+            }
+            const projectSecretsPromise = getOrSet(secretsCache, infisicalConfig.projectId, () => {
+                try {
+                    return (this.infisicalClient
+                        .secrets()
+                        .listSecrets({
+                        recursive: true,
+                        environment: this.infisicalEnvironment,
+                        projectId: infisicalConfig.projectId,
+                        viewSecretValue: true,
+                    })
+                        .then(({ secrets }) => {
+                        return mapInfisicalSecrets(secrets);
+                    })
+                        /* node:coverage ignore next 3 */
+                        .catch((error) => {
+                        return ensureError(error);
+                    }));
+                }
+                catch (error) {
+                    return Promise.reject(ensureError(error));
+                }
+            });
+            return projectSecretsPromise
+                .then((projectSecrets) => {
+                /* node:coverage ignore next 3 */
+                if (projectSecrets instanceof Error) {
+                    return projectSecrets;
+                }
+                const folderValue = infisicalConfig.folderPath === '/' || !infisicalConfig.folderPath
+                    ? projectSecrets
+                    : getNested(projectSecrets, removeSuffix({
+                        value: removePrefix({
+                            value: infisicalConfig.folderPath,
+                            prefix: '/',
+                        }),
+                        suffix: '/',
+                    }).split('/'));
+                /* node:coverage ignore next 3 */
+                if (check.isError(folderValue)) {
+                    return folderValue;
+                }
+                if (infisicalConfig.keyInFolder) {
+                    if (check.isString(folderValue)) {
+                        throw new TypeError(`Cannot get keyInFolder of a non-folder.`);
+                    }
+                    else if (check.hasKey(folderValue, infisicalConfig.keyInFolder)) {
+                        const value = folderValue[infisicalConfig.keyInFolder];
+                        if (secretDefinition.shapeDefinition && check.isString(value)) {
+                            return wrapInTry(() => parseWithJson5(value), {
+                                fallbackValue: folderValue,
+                            });
+                        }
+                        else {
+                            return value;
+                        }
+                    }
+                    else {
+                        throw new Error(`Secret key not in folder '${infisicalConfig.folderPath}'`);
+                    }
+                }
+                else {
+                    return folderValue;
+                }
+            })
+                .catch((error) => {
+                return ensureError(error);
+            });
+        });
+    }
+}
+function mapInfisicalSecrets(secrets) {
+    const secretsMap = {};
+    secrets.forEach((secret) => {
+        if (!secret.secretPath || secret.secretPath === '/') {
+            secretsMap[secret.secretKey] = secret.secretValue;
+        }
+        else {
+            setNested(secretsMap, removeSuffix({
+                value: removePrefix({ value: secret.secretPath, prefix: '/' }),
+                suffix: '/',
+            })
+                .split('/')
+                .concat(secret.secretKey), secret.secretValue);
+        }
+    });
+    return secretsMap;
+}
+/**
+ * Get an Infisical secret value nested within an object.
+ *
+ * @category Internal
+ */
+export function getNested(parent, keys) {
+    const nextKey = keys[0];
+    if (nextKey == undefined) {
+        throw new Error('Invalid key or ran out of keys.');
+    }
+    const nextParent = parent[nextKey];
+    if (!nextParent) {
+        throw new Error(`Nothing at key '${nextKey}'`);
+    }
+    else if (nextParent instanceof Error) {
+        throw nextParent;
+    }
+    if (keys.length > 1) {
+        if (check.isString(nextParent)) {
+            throw new TypeError(`Keys still remain but received string value: ${stringify({ keys })}`);
+        }
+        return getNested(nextParent, keys.slice(1));
+    }
+    else {
+        return nextParent;
+    }
+}
+/**
+ * Set an Infisical secret value nested within an object.
+ *
+ * @category Internal
+ */
+export function setNested(parent, keys, value) {
+    const nextKey = keys[0];
+    if (nextKey == undefined) {
+        throw new Error('Invalid key or ran out of keys.');
+    }
+    if (keys.length === 1) {
+        parent[nextKey] = value;
+        return;
+    }
+    const nextParent = getOrSet(parent, nextKey, () => {
+        return {};
+    });
+    if (check.isString(nextParent) || check.isError(nextParent)) {
+        throw new TypeError(`Cannot set key '${nextKey}'; it's already set to a non-object.`);
+    }
+    return setNested(nextParent, keys.slice(1), value);
+}

package/dist/adapters/secrets-json-file.adapter.d.ts

@@ -1,5 +1,5 @@
 import { type MaybePromise, type PartialWithUndefined } from '@augment-vir/common';
-import type { SecretDefinitions, SecretValues } from '../secrets-definition/define-secrets.js';
+import { type SecretDefinitions, type SecretValues } from '../secrets-definition/define-secrets.js';
 import { BaseSecretsAdapter } from './base.adapter.js';
 /**
  * Options for {@link SecretsJsonFileAdapter}.

package/dist/adapters/static-secrets.adapter.d.ts

@@ -1,4 +1,4 @@
-import type { JsonCompatibleValue } from '@augment-vir/common';
+import { type JsonCompatibleValue } from '@augment-vir/common';
 import { BaseSecretsAdapter } from './base.adapter.js';
 /**
  * This adapter is constructed with a static set of secrets and that static set of secrets is always

package/dist/index.d.ts

@@ -1,10 +1,12 @@
 export * from './adapters/all-adapters.js';
 export * from './adapters/aws-secrets-manager.adapter.js';
 export * from './adapters/base.adapter.js';
+export * from './adapters/infisical.adapter.js';
 export * from './adapters/secrets-json-file.adapter.js';
 export * from './adapters/static-secrets.adapter.js';
 export * from './public-mocks/mock-aws-secrets-manager.js';
 export * from './public-mocks/mock-fs.js';
+export * from './public-mocks/mock-infisical-sdk.js';
 export * from './secret-load.error.js';
 export * from './secrets-definition/define-secrets.js';
 export * from './updating-secrets.js';

package/dist/index.js

@@ -1,10 +1,12 @@
 export * from './adapters/all-adapters.js';
 export * from './adapters/aws-secrets-manager.adapter.js';
 export * from './adapters/base.adapter.js';
+export * from './adapters/infisical.adapter.js';
 export * from './adapters/secrets-json-file.adapter.js';
 export * from './adapters/static-secrets.adapter.js';
 export * from './public-mocks/mock-aws-secrets-manager.js';
 export * from './public-mocks/mock-fs.js';
+export * from './public-mocks/mock-infisical-sdk.js';
 export * from './secret-load.error.js';
 export * from './secrets-definition/define-secrets.js';
 export * from './updating-secrets.js';

package/dist/public-mocks/mock-fs.d.ts

@@ -1,6 +1,6 @@
-import type { MaybePromise } from '@augment-vir/common';
-import type { RequireExactlyOne } from 'type-fest';
-import { SecretsJsonFileAdapterOptions } from '../adapters/secrets-json-file.adapter.js';
+import { type MaybePromise } from '@augment-vir/common';
+import { type RequireExactlyOne } from 'type-fest';
+import { type SecretsJsonFileAdapterOptions } from '../adapters/secrets-json-file.adapter.js';
 /**
  * Mock data for {@link createMockFs}. There are two possible options contained herein, but only one
  * may be used at a time.

package/dist/public-mocks/mock-infisical-sdk.d.ts

@@ -0,0 +1,70 @@
+import { type JsonCompatibleValue } from '@augment-vir/common';
+import { type InfisicalSDK, type ListSecretsOptions, type Secret } from '@infisical/sdk';
+import { type RequireExactlyOne } from 'type-fest';
+/**
+ * Mock secrets setup for {@link MockAwsSecretsManagerClient}.
+ *
+ * @category Internal
+ */
+export type MockInfisicalSecrets = {
+    projectId: string;
+    /** `'dev'`, `'staging'`, `'prod'`, etc. */
+    env: string;
+    secrets: {
+        [SecretKey in string]: {
+            folderPath?: string | undefined;
+        } & RequireExactlyOne<{
+            /**
+             * A value that will be JSON stringified for the `.SecretString` output of AWS Secrets
+             * Manager.
+             */
+            preJson: JsonCompatibleValue;
+            /** Set the raw `.SecretString` output of AWS Secrets Manager directly. */
+            rawString: string;
+        }>;
+    };
+}[];
+/**
+ * A mock implementation of `InfisicalSDK` from the
+ * [@infisical/sdk](https://www.npmjs.com/package/@infisical/sdk) package. This only mocks what is
+ * necessary for the infisical adapter to work.
+ *
+ * @category Mocks
+ */
+export declare class MockInfisicalSdk {
+    /** Mock secrets that will be used in `secrets().listSecrets()` */
+    readonly mockSecrets: Readonly<MockInfisicalSecrets>;
+    /** Keeps track of whether this SDK has been authorized or not. */
+    protected isAuthorized: boolean;
+    constructor(
+    /** Mock secrets that will be used in `secrets().listSecrets()` */
+    mockSecrets: Readonly<MockInfisicalSecrets>);
+    /** Mock of `InfisicalSDK.auth()` */
+    auth(): {
+        /** Mock of `InfisicalSDK.auth().universalAuth` */
+        universalAuth: {
+            /** Mock of `InfisicalSDK.auth().universalAuth.login()` */
+            login: (options: import("@infisical/sdk").UniversalAuthLoginRequest) => Promise<InfisicalSDK>;
+            /** Mock of `InfisicalSDK.auth().universalAuth.renew()` */
+            renew(): never;
+        };
+        /** Mock of `InfisicalSDK.auth().accessToken` */
+        accessToken: (token: string) => InfisicalSDK;
+        /** Mock of `InfisicalSDK.auth().awsIamAuth` */
+        awsIamAuth: {
+            /** Mock of `InfisicalSDK.auth().awsIamAuth.login()` */
+            login: (options?: {
+                identityId?: string;
+            } | undefined) => Promise<InfisicalSDK>;
+            /** Mock of `InfisicalSDK.auth().awsIamAuth.renew()` */
+            renew(): never;
+        };
+    };
+    /** Mock of `InfisicalSDK.secrets()` */
+    secrets(): {
+        /** Mock of `InfisicalSDK.secrets().listSecrets()` */
+        listSecrets: ({ projectId, environment }: ListSecretsOptions) => Promise<{
+            secrets: Partial<Secret>[];
+        }>;
+    };
+}

package/dist/public-mocks/mock-infisical-sdk.js

@@ -0,0 +1,84 @@
+import { getObjectTypedEntries, stringifyWithJson5, } from '@augment-vir/common';
+/**
+ * A mock implementation of `InfisicalSDK` from the
+ * [@infisical/sdk](https://www.npmjs.com/package/@infisical/sdk) package. This only mocks what is
+ * necessary for the infisical adapter to work.
+ *
+ * @category Mocks
+ */
+export class MockInfisicalSdk {
+    mockSecrets;
+    /** Keeps track of whether this SDK has been authorized or not. */
+    isAuthorized = false;
+    constructor(
+    /** Mock secrets that will be used in `secrets().listSecrets()` */
+    mockSecrets) {
+        this.mockSecrets = mockSecrets;
+    }
+    /** Mock of `InfisicalSDK.auth()` */
+    auth() {
+        return {
+            /** Mock of `InfisicalSDK.auth().universalAuth` */
+            universalAuth: {
+                /** Mock of `InfisicalSDK.auth().universalAuth.login()` */
+                login: (
+                // eslint-disable-next-line @typescript-eslint/no-unused-vars
+                ...params) => {
+                    this.isAuthorized = true;
+                    return Promise.resolve(this);
+                },
+                /** Mock of `InfisicalSDK.auth().universalAuth.renew()` */
+                renew() {
+                    throw new Error('Not mocked.');
+                },
+            },
+            /** Mock of `InfisicalSDK.auth().accessToken` */
+            accessToken: (
+            // eslint-disable-next-line @typescript-eslint/no-unused-vars
+            ...params) => {
+                this.isAuthorized = true;
+                return this;
+            },
+            /** Mock of `InfisicalSDK.auth().awsIamAuth` */
+            awsIamAuth: {
+                /** Mock of `InfisicalSDK.auth().awsIamAuth.login()` */
+                login: (
+                // eslint-disable-next-line @typescript-eslint/no-unused-vars
+                ...params) => {
+                    this.isAuthorized = true;
+                    return Promise.resolve(this);
+                },
+                /** Mock of `InfisicalSDK.auth().awsIamAuth.renew()` */
+                renew() {
+                    throw new Error('Not mocked.');
+                },
+            },
+        };
+    }
+    /** Mock of `InfisicalSDK.secrets()` */
+    secrets() {
+        return {
+            /** Mock of `InfisicalSDK.secrets().listSecrets()` */
+            listSecrets: ({ projectId, environment }) => {
+                if (!this.isAuthorized) {
+                    throw new Error('Mock Infisical SDK client not authorized.');
+                }
+                const secrets = this.mockSecrets.find((mock) => mock.projectId === projectId && mock.env === environment)?.secrets;
+                if (!secrets) {
+                    throw new Error('Invalid project.');
+                }
+                return Promise.resolve({
+                    secrets: getObjectTypedEntries(secrets).map(([secretKey, mockDefinition,]) => {
+                        return {
+                            secretPath: mockDefinition.folderPath || '/',
+                            secretKey,
+                            secretValue: mockDefinition.preJson
+                                ? stringifyWithJson5(mockDefinition.preJson)
+                                : mockDefinition.rawString || '',
+                        };
+                    }),
+                });
+            },
+        };
+    }
+}

package/dist/secrets-definition/define-secrets.d.ts

@@ -1,6 +1,6 @@
 import { type PartialWithUndefined, type Values } from '@augment-vir/common';
 import { type ShapeDefinition } from 'object-shape-tester';
-import type { RequireExactlyOne } from 'type-fest';
+import { type Exact, type RequireExactlyOne } from 'type-fest';
 /**
  * The shape definition for built-in handling of secret rotation. Use this shape in a secret
  * definition's `shape` property (when using {@link defineSecrets}).
@@ -67,6 +67,22 @@ export type SecretDefinitions = {
          */
         whereToFind: string;
         adapterConfig?: PartialWithUndefined<{
+            infisical: {
+                projectId: string;
+                folderPath?: string;
+            } & RequireExactlyOne<{
+                /**
+                 * The name of the secret key within the given folder path. Use this when this
+                 * secret definition corresponds exactly to a single secret entry in Infisical.
+                 */
+                keyInFolder: string;
+                /**
+                 * Set this to `true` to use the entire folder's contents as this secret's value.
+                 * The folder will be loaded recursively, meaning all folders within this folder
+                 * will also be loaded.
+                 */
+                useWholeFolder: true;
+            }>;
             /**
              * Configuration for loading this secret from AWS. This is required if you're using the
              * AWS SecretsManager adapter, otherwise the secret will fail to load.
@@ -114,7 +130,9 @@ export type SecretDefinitions = {
  *
  * @category Define Secrets
  */
-export declare function defineSecrets<const Secrets extends SecretDefinitions>(secrets: Secrets): Secrets;
+export declare function defineSecrets<const Secrets extends {
+    [Key in keyof Secrets]: Exact<Values<SecretDefinitions>, Secrets[Key]>;
+} & SecretDefinitions>(secrets: Secrets): Secrets;
 /**
  * Processed secret definitions. This is what will be passed to all adapter `loadSecrets` methods.
  * This type is simply a more uniform and generic version of {@link SecretDefinitions}.

package/dist/updating-secrets.d.ts

@@ -1,8 +1,7 @@
-import { Values, type PartialWithUndefined, type RequiredAndNotNull } from '@augment-vir/common';
+import { type PartialWithUndefined, type RequiredAndNotNull, type Values } from '@augment-vir/common';
 import { type AnyDuration } from 'date-vir';
-import type { BaseSecretsAdapter } from './adapters/base.adapter.js';
-import type { SecretDefinitions } from './secrets-definition/define-secrets.js';
-import { ProcessedSecretDefinitions, RotatableSecretValue, SecretValues } from './secrets-definition/define-secrets.js';
+import { type BaseSecretsAdapter } from './adapters/base.adapter.js';
+import { type ProcessedSecretDefinitions, type RotatableSecretValue, type SecretDefinitions, type SecretValues } from './secrets-definition/define-secrets.js';
 /**
  * Options for {@link UpdatingSecrets} and {@link createUpdatingSecrets}.
  *

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "updating-secrets",
-    "version": "0.2.0",
+    "version": "0.3.1",
     "description": "Automatically update secrets on an interval with support for seamless secret rotation.",
     "keywords": [
         "secrets",
@@ -44,52 +44,54 @@
         "test:update": "npm run test update"
     },
     "dependencies": {
-        "@augment-vir/assert": "^31.13.0",
-        "@augment-vir/common": "^31.13.0",
+        "@augment-vir/assert": "^31.23.3",
+        "@augment-vir/common": "^31.23.3",
         "date-vir": "^7.3.1",
-        "object-shape-tester": "^5.1.5",
-        "type-fest": "^4.40.0"
+        "object-shape-tester": "^5.1.6",
+        "type-fest": "^4.41.0"
     },
     "devDependencies": {
-        "@augment-vir/test": "^31.13.0",
-        "@aws-sdk/client-secrets-manager": "^3.787.0",
+        "@augment-vir/test": "^31.23.3",
+        "@aws-sdk/client-secrets-manager": "^3.826.0",
         "@eslint/eslintrc": "^3.3.1",
-        "@eslint/js": "^9.25.0",
-        "@stylistic/eslint-plugin": "^4.2.0",
-        "@stylistic/eslint-plugin-ts": "^4.2.0",
-        "@types/node": "^22.14.1",
-        "@typescript-eslint/eslint-plugin": "^8.30.1",
+        "@eslint/js": "^9.28.0",
+        "@infisical/sdk": "^4.0.2",
+        "@stylistic/eslint-plugin": "^4.4.1",
+        "@stylistic/eslint-plugin-ts": "^4.4.1",
+        "@types/node": "^22.15.30",
+        "@typescript-eslint/eslint-plugin": "^8.33.1",
         "c8": "^10.1.3",
-        "cspell": "^8.19.1",
-        "dependency-cruiser": "^16.10.1",
-        "esbuild": "^0.25.2",
-        "eslint": "^9.25.0",
-        "eslint-config-prettier": "^10.1.2",
-        "eslint-plugin-jsdoc": "^50.6.9",
+        "cspell": "^9.0.2",
+        "dependency-cruiser": "^16.10.2",
+        "esbuild": "^0.25.5",
+        "eslint": "^9.28.0",
+        "eslint-config-prettier": "^10.1.5",
+        "eslint-plugin-jsdoc": "^50.7.1",
         "eslint-plugin-monorepo-cop": "^1.0.2",
         "eslint-plugin-playwright": "^2.2.0",
-        "eslint-plugin-prettier": "^5.2.6",
+        "eslint-plugin-prettier": "^5.4.1",
         "eslint-plugin-require-extensions": "^0.1.3",
         "eslint-plugin-sonarjs": "^3.0.2",
-        "eslint-plugin-unicorn": "^58.0.0",
+        "eslint-plugin-unicorn": "^59.0.1",
         "istanbul-smart-text-reporter": "^1.1.5",
         "markdown-code-example-inserter": "^3.0.3",
-        "npm-check-updates": "^17.1.18",
+        "npm-check-updates": "^18.0.1",
         "prettier": "~3.3.3",
         "prettier-plugin-interpolated-html-tags": "^2.0.1",
         "prettier-plugin-jsdoc": "^1.3.2",
         "prettier-plugin-multiline-arrays": "^4.0.3",
         "prettier-plugin-organize-imports": "^4.1.0",
-        "prettier-plugin-packagejson": "^2.5.10",
+        "prettier-plugin-packagejson": "^2.5.15",
         "prettier-plugin-sort-json": "^4.1.1",
-        "prettier-plugin-toml": "^2.0.4",
-        "typedoc": "^0.28.2",
+        "prettier-plugin-toml": "^2.0.5",
+        "typedoc": "^0.28.5",
         "typescript": "^5.8.3",
-        "typescript-eslint": "^8.30.1",
-        "virmator": "^13.13.5"
+        "typescript-eslint": "^8.33.1",
+        "virmator": "^13.15.4"
     },
     "peerDependencies": {
-        "@aws-sdk/client-secrets-manager": ">=3"
+        "@aws-sdk/client-secrets-manager": ">=3",
+        "@infisical/sdk": ">=4"
     },
     "engines": {
         "node": ">=22"