vestauth 0.1.14 → 0.1.18

package/CHANGELOG.md

@@ -0,0 +1,11 @@
+# Changelog
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+[Unreleased](https://github.com/dotenvx/dotenvx-ops/compare/v0.1.0...main)
+
+## [0.1.3](https://github.com/dotenvx/dotenvx-ops/compare/v0.1.0...v0.1.1) (2026-01-17)
+
+### Changed
+
+* TBD

package/LICENSE

@@ -0,0 +1,28 @@
+BSD 3-Clause License
+
+Copyright (c) 2026, Scott Motte
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vestauth",
-  "version": "0.1.14",
+  "version": "0.1.18",
   "description": "auth for agents",
   "keywords": [
     "vestauth"
@@ -16,6 +16,16 @@
   ],
   "license": "BSD-3-Clause",
   "main": "src/lib/main.js",
+  "exports": {
+    ".": {
+      "require": "./src/lib/main.js",
+      "default": "./src/lib/main.js"
+    },
+    "./package.json": "./package.json"
+  },
+  "bin": {
+    "vestauth": "./src/cli/vestauth.js"
+  },
   "author": "@motdotla",
   "type": "commonjs",
   "scripts": {
@@ -23,8 +33,7 @@
     "standard:fix": "standard --fix",
     "test": "tap run --allow-empty-coverage --disable-coverage --timeout=60000",
     "test-coverage": "tap run --show-full-coverage --timeout=60000",
-    "testshell": "bash shellspec",
-    "prerelease": "npm test && npm run testshell",
+    "prerelease": "npm test",
     "release": "standard-version"
   },
   "dependencies": {
@@ -34,7 +43,13 @@
     "eciesjs": "^0.4.16"
   },
   "devDependencies": {
+    "@yao-pkg/pkg": "^5.14.2",
+    "capture-console": "^1.0.2",
+    "esbuild": "^0.25.8",
+    "proxyquire": "^2.1.3",
+    "sinon": "^14.0.1",
     "standard": "^17.1.0",
-    "standard-version": "^9.5.0"
+    "standard-version": "^9.5.0",
+    "tap": "^21.0.1"
   }
 }

package/src/cli/actions/challenge.js

@@ -8,7 +8,16 @@ function challenge () {
 
   const chal = main.challenge()
 
-  console.log(chal)
+  const output = {
+    callenge: chal
+  }
+
+  let space = 0
+  if (options.prettyPrint) {
+    space = 2
+  }
+
+  console.log(JSON.stringify(output, null, space))
 }
 
 module.exports = challenge

package/src/cli/actions/hash.js

@@ -3,13 +3,24 @@ const { logger } = require('./../../shared/logger')
 const main = require('./../../lib/main')
 
 function hash (message) {
+  logger.debug(`message: ${message}`)
+
   const options = this.opts()
   logger.debug(`options: ${JSON.stringify(options)}`)
 
   const hashMessage = main.hash(message)
   const hashBase64Url = Buffer.from(hashMessage).toString('base64url')
 
-  console.log(hashBase64Url)
+  const output = {
+    hash: hashBase64Url
+  }
+
+  let space = 0
+  if (options.prettyPrint) {
+    space = 2
+  }
+
+  console.log(JSON.stringify(output, null, space))
 }
 
 module.exports = hash

package/src/cli/actions/sign.js

@@ -11,7 +11,16 @@ async function sign (challenge, privateKeyHex) {
 
   const signature = await main.sign(challenge, privateKeyHex)
 
-  console.log(signature)
+  const output = {
+    signature
+  }
+
+  let space = 0
+  if (options.prettyPrint) {
+    space = 2
+  }
+
+  console.log(JSON.stringify(output, null, space))
 }
 
 module.exports = sign

package/src/cli/actions/verify.js

@@ -10,9 +10,19 @@ async function verify (challenge, signatureBase64, publicKeyHex) {
   const options = this.opts()
   logger.debug(`options: ${JSON.stringify(options)}`)
 
-  const isValid = main.verify(challenge, signatureBase64, publicKeyHex)
+  const success = main.verify(challenge, signatureBase64, publicKeyHex)
 
-  console.log(isValid)
+  const output = {
+    success,
+    public_key: publicKeyHex
+  }
+
+  let space = 0
+  if (options.prettyPrint) {
+    space = 2
+  }
+
+  console.log(JSON.stringify(output, null, space))
 }
 
 module.exports = verify

package/src/cli/vestauth.js

@@ -12,7 +12,7 @@ const getCommanderVersion = require('./../lib/helpers/getCommanderVersion')
 // surface hoisting problems
 const commanderVersion = getCommanderVersion()
 if (commanderVersion && parseInt(commanderVersion.split('.')[0], 10) >= 12) {
-  const message = `dotenvx depends on commander@11.x.x but you are attempting to hoist commander@${commanderVersion}`
+  const message = `vestauth depends on commander@11.x.x but you are attempting to hoist commander@${commanderVersion}`
   const error = new Errors({ message }).dangerousDependencyHoist()
   logger.error(error.message)
   if (error.help) logger.error(error.help)
@@ -42,6 +42,7 @@ program
 const challengeAction = require('./actions/challenge')
 program.command('challenge')
   .description('generate challenge')
+  .option('-pp, --pretty-print', 'pretty print output')
   .action(challengeAction)
 
 // vestauth hash [message]
@@ -49,6 +50,7 @@ const hashAction = require('./actions/hash')
 program.command('hash')
   .description('hash message')
   .argument('<message>', 'message string')
+  .option('-pp, --pretty-print', 'pretty print output')
   .action(hashAction)
 
 // vestauth keypair
@@ -65,6 +67,7 @@ program.command('sign')
   .description('sign challenge')
   .argument('<challenge>', 'challenge (base64url)')
   .argument('<privateKey>', 'private key (hex)')
+  .option('-pp, --pretty-print', 'pretty print output')
   .action(signAction)
 
 // vestauth verify
@@ -74,6 +77,7 @@ program.command('verify')
   .argument('<challenge>', 'challenge (base64url)')
   .argument('<signature>', 'signature (base64url)')
   .argument('<publicKey>', 'public key (hex)')
+  .option('-pp, --pretty-print', 'pretty print output')
   .action(verifyAction)
 
 // vestauth help

package/src/lib/helpers/errors.js

@@ -5,7 +5,7 @@ class Errors {
 
   dangerousDependencyHoist () {
     const code = 'DANGEROUS_DEPENDENCY_HOIST'
-    const message = `[${code}] your environment has hoisted an incompatible version of a dotenvx dependency: ${this.message}`
+    const message = `[${code}] your environment has hoisted an incompatible version of a vestauth dependency: ${this.message}`
     const help = `[${code}] https://github.com/vestauth/vestauth`
 
     const e = new Error(message)

package/src/lib/helpers/truncate.js

@@ -0,0 +1,10 @@
+function truncate (str, showChar = 7) {
+  if (str && str.length > 0) {
+    const visiblePart = str.slice(0, showChar)
+    return visiblePart + '…'
+  } else {
+    return ''
+  }
+}
+
+module.exports = truncate