npm - wilcocrypt - Versions diffs - 2.2.0 → 2.2.1 - Mend

wilcocrypt 2.2.0 → 2.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/.github/ISSUE_TEMPLATE/bug.md +58 -64
package/CHANGELOG.md +38 -0
package/DOCS.md +286 -94
package/README.md +15 -14
package/SECURITY.md +12 -12
package/package.json +11 -8
package/src/cli.js +40 -37
package/src/wilcocrypt.js +260 -53
package/types/wilcocrypt.d.ts +189 -18

package/DOCS.md CHANGED Viewed

@@ -13,6 +13,10 @@ Complete reference for the WilcoCrypt API, CLI, and binary format.
   - [decryptData](#decryptdata)
   - [encryptFile](#encryptfile)
   - [decryptFile](#decryptfile)
+  - [encryptDataAsync](#encryptdataasync)
+  - [decryptDataAsync](#decryptdataasync)
+  - [encryptFileAsync](#encryptfileasync)
+  - [decryptFileAsync](#decryptfileasync)
   - [encryptFileStream](#encryptfilestream)
   - [decryptFileStream](#decryptfilestream)
   - [Internal Namespace (`_`)](#internal-namespace-_)
@@ -37,24 +41,47 @@ Requires Node.js 18 or later (uses `stream/promises` and `fs/promises`).
 ## Quick Start
 ```js
-import wilcocrypt from 'wilcocrypt';
+import wilcocrypt from "wilcocrypt";
 // Encrypt a Buffer
-const data = Buffer.from('Hello, world!');
-const encrypted = wilcocrypt.encryptData(data, 'my-password');
+const data = Buffer.from("Hello, world!");
+const encrypted = wilcocrypt.encryptData(data, "my-password");
 // Decrypt it back
-const decrypted = wilcocrypt.decryptData(encrypted, 'my-password');
+const decrypted = wilcocrypt.decryptData(encrypted, "my-password");
 console.log(decrypted.toString()); // Hello, world!
 // Encrypt a file (writes file.txt.enc)
-wilcocrypt.encryptFile('file.txt', 'my-password');
+wilcocrypt.encryptFile("file.txt", "my-password");
 // Decrypt a file (returns Buffer)
-const contents = wilcocrypt.decryptFile('file.txt.enc', 'my-password');
+const contents = wilcocrypt.decryptFile("file.txt.enc", "my-password");
 // Decrypt a file directly to disk
-wilcocrypt.decryptFile('file.txt.enc', 'my-password', 'output.txt');
+wilcocrypt.decryptFile("file.txt.enc", "my-password", "output.txt");
+// Async API
+const encryptedAsync = await wilcocrypt.encryptDataAsync(
+  Buffer.from("Hello!"),
+  "my-password",
+);
+const decryptedAsync = await wilcocrypt.decryptDataAsync(
+  encryptedAsync,
+  "my-password",
+);
+// Async file API
+await wilcocrypt.encryptFileAsync(
+  "file.txt",
+  "my-password",
+);
+await wilcocrypt.decryptFileAsync(
+  "file.txt.enc",
+  "my-password",
+  "output.txt",
+);
 ```
 ---
@@ -65,18 +92,18 @@ wilcocrypt.decryptFile('file.txt.enc', 'my-password', 'output.txt');
 Encrypts a Buffer using password-based AES-256-GCM. The password is never stored; a random salt is generated for every encryption call.
-| Parameter  | Type      | Default | Description                          |
-|------------|-----------|---------|--------------------------------------|
-| `plaindata`| `Buffer`  | —       | Raw data to encrypt                  |
-| `password` | `string`  | —       | Password for key derivation (min. 6 chars) |
-| `gzip`     | `boolean` | `true`  | Compress data before encryption      |
+| Parameter   | Type      | Default | Description                                |
+| ----------- | --------- | ------- | ------------------------------------------ |
+| `plaindata` | `Buffer`  | —       | Raw data to encrypt                        |
+| `password`  | `string`  | —       | Password for key derivation (min. 6 chars) |
+| `gzip`      | `boolean` | `true`  | Compress data before encryption            |
 **Returns:** `Buffer` — the encrypted payload in the [binary format](#binary-payload-format).
 **Throws:** `WilcoCryptError` with code `WEAK_PASSWORD` if the password is too short.
 ```js
-const encrypted = wilcocrypt.encryptData(Buffer.from('secret'), 'passw0rd');
+const encrypted = wilcocrypt.encryptData(Buffer.from("secret"), "passw0rd");
 ```
 ---
@@ -85,25 +112,25 @@ const encrypted = wilcocrypt.encryptData(Buffer.from('secret'), 'passw0rd');
 Decrypts a payload produced by `encryptData`. Validates the header and version before attempting decryption.
-| Parameter         | Type      | Default | Description                         |
-|-------------------|-----------|---------|-------------------------------------|
-| `encryptedBuffer` | `Buffer`  | —       | Payload from `encryptData`          |
-| `password`        | `string`  | —       | Password used during encryption     |
-| `gzip`            | `boolean` | `true`  | Decompress after decryption         |
+| Parameter         | Type      | Default | Description                     |
+| ----------------- | --------- | ------- | ------------------------------- |
+| `encryptedBuffer` | `Buffer`  | —       | Payload from `encryptData`      |
+| `password`        | `string`  | —       | Password used during encryption |
+| `gzip`            | `boolean` | `true`  | Decompress after decryption     |
 **Returns:** `Buffer` — the original plaintext data.
 **Throws:**
-| Code                | Reason                                    |
-|---------------------|-------------------------------------------|
-| `WEAK_PASSWORD`     | Password shorter than 6 characters       |
-| `INVALID_HEADER`    | Not a valid WilcoCrypt payload           |
+| Code                | Reason                                         |
+| ------------------- | ---------------------------------------------- |
+| `WEAK_PASSWORD`     | Password shorter than 6 characters             |
+| `INVALID_HEADER`    | Not a valid WilcoCrypt payload                 |
 | `VERSION_MISMATCH`  | Payload was encrypted with a different version |
-| `DECRYPTION_FAILED` | Wrong password, tampered or corrupt data |
+| `DECRYPTION_FAILED` | Wrong password, tampered or corrupt data       |
 ```js
-const plain = wilcocrypt.decryptData(encrypted, 'passw0rd');
+const plain = wilcocrypt.decryptData(encrypted, "passw0rd");
 ```
 ---
@@ -112,16 +139,16 @@ const plain = wilcocrypt.decryptData(encrypted, 'passw0rd');
 Reads a file, encrypts it, and writes the result to `<filePath>.enc`. Uses `encryptData` internally, so the entire file is loaded into memory. For large files, use [`encryptFileStream`](#encryptfilestream) instead.
-| Parameter  | Type      | Default | Description                     |
-|------------|-----------|---------|---------------------------------|
-| `filePath` | `string`  | —       | Path to the source file         |
-| `password` | `string`  | —       | Password for key derivation     |
-| `gzip`     | `boolean` | `true`  | Compress before encryption      |
+| Parameter  | Type      | Default | Description                 |
+| ---------- | --------- | ------- | --------------------------- |
+| `filePath` | `string`  | —       | Path to the source file     |
+| `password` | `string`  | —       | Password for key derivation |
+| `gzip`     | `boolean` | `true`  | Compress before encryption  |
 **Returns:** `void`
 ```js
-wilcocrypt.encryptFile('document.pdf', 'passw0rd');
+wilcocrypt.encryptFile("document.pdf", "passw0rd");
 // Creates document.pdf.enc
 ```
@@ -131,12 +158,12 @@ wilcocrypt.encryptFile('document.pdf', 'passw0rd');
 Decrypts a `.enc` file. If `outputPath` is provided, the result is written to disk and `undefined` is returned. Otherwise the decrypted `Buffer` is returned.
-| Parameter    | Type      | Default     | Description                                           |
-|--------------|-----------|-------------|-------------------------------------------------------|
-| `filePath`   | `string`  | —           | Path to the `.enc` file                               |
-| `password`   | `string`  | —           | Password used during encryption                       |
-| `outputPath` | `string`  | `undefined` | Optional path to write decrypted output to            |
-| `gzip`       | `boolean` | `true`      | Decompress after decryption                           |
+| Parameter    | Type      | Default     | Description                                |
+| ------------ | --------- | ----------- | ------------------------------------------ |
+| `filePath`   | `string`  | —           | Path to the `.enc` file                    |
+| `password`   | `string`  | —           | Password used during encryption            |
+| `outputPath` | `string`  | `undefined` | Optional path to write decrypted output to |
+| `gzip`       | `boolean` | `true`      | Decompress after decryption                |
 > The legacy 3-argument form `decryptFile(filePath, password, gzip)` is still fully supported, but will be deprecated in the next release.
@@ -146,10 +173,124 @@ Decrypts a `.enc` file. If `outputPath` is provided, the result is written to di
 ```js
 // Return as Buffer
-const buf = wilcocrypt.decryptFile('document.pdf.enc', 'passw0rd');
+const buf = wilcocrypt.decryptFile("document.pdf.enc", "passw0rd");
 // Write directly to disk
-wilcocrypt.decryptFile('document.pdf.enc', 'passw0rd', 'document.pdf');
+wilcocrypt.decryptFile("document.pdf.enc", "passw0rd", "document.pdf");
+```
+---
+### `encryptDataAsync(plaindata, password, gzip?)`
+Asynchronous version of `encryptData`.
+Encrypts a Buffer using password-based AES-256-GCM. The password is never stored; a random salt is generated for every encryption call.
+| Parameter   | Type      | Default | Description                                |
+| ----------- | --------- | ------- | ------------------------------------------ |
+| `plaindata` | `Buffer`  | —       | Raw data to encrypt                        |
+| `password`  | `string`  | —       | Password for key derivation (min. 6 chars) |
+| `gzip`      | `boolean` | `true`  | Compress data before encryption            |
+**Returns:** `Promise<Buffer>` — the encrypted payload in the binary format.
+**Throws:** `WilcoCryptError` with code `WEAK_PASSWORD` if the password is too short.
+```js
+const encrypted = await wilcocrypt.encryptDataAsync(
+  Buffer.from("secret"),
+  "passw0rd",
+);
+```
+---
+### `decryptDataAsync(encryptedBuffer, password, gzip?)`
+Asynchronous version of `decryptData`.
+Decrypts a payload produced by `encryptDataAsync` or `encryptData`. Validates the header and version before attempting decryption.
+| Parameter         | Type      | Default | Description                     |
+| ----------------- | --------- | ------- | ------------------------------- |
+| `encryptedBuffer` | `Buffer`  | —       | Payload from `encryptData`      |
+| `password`        | `string`  | —       | Password used during encryption |
+| `gzip`            | `boolean` | `true`  | Decompress after decryption     |
+**Returns:** `Promise<Buffer>` — the original plaintext data.
+**Throws:**
+| Code                | Reason                                         |
+| ------------------- | ---------------------------------------------- |
+| `WEAK_PASSWORD`     | Password shorter than 6 characters             |
+| `INVALID_HEADER`    | Not a valid WilcoCrypt payload                 |
+| `VERSION_MISMATCH`  | Payload was encrypted with a different version |
+| `DECRYPTION_FAILED` | Wrong password, tampered or corrupt data       |
+```js
+const plain = await wilcocrypt.decryptDataAsync(
+  encrypted,
+  "passw0rd",
+);
+```
+---
+### `encryptFileAsync(filePath, password, gzip?)`
+Asynchronous version of `encryptFile`.
+Reads a file, encrypts it, and writes the result to `<filePath>.enc`.
+| Parameter  | Type      | Default | Description                 |
+| ---------- | --------- | ------- | --------------------------- |
+| `filePath` | `string`  | —       | Path to the source file     |
+| `password` | `string`  | —       | Password for key derivation |
+| `gzip`     | `boolean` | `true`  | Compress before encryption  |
+**Returns:** `Promise<void>`
+```js
+await wilcocrypt.encryptFileAsync(
+  "document.pdf",
+  "passw0rd",
+);
+```
+---
+### `decryptFileAsync(filePath, password, outputPath?, gzip?)`
+Asynchronous version of `decryptFile`.
+If `outputPath` is provided, the result is written to disk and `undefined` is returned. Otherwise the decrypted `Buffer` is returned.
+| Parameter    | Type      | Default     | Description                                |
+| ------------ | --------- | ----------- | ------------------------------------------ |
+| `filePath`   | `string`  | —           | Path to the `.enc` file                    |
+| `password`   | `string`  | —           | Password used during encryption            |
+| `outputPath` | `string`  | `undefined` | Optional path to write decrypted output to |
+| `gzip`       | `boolean` | `true`      | Decompress after decryption                |
+**Returns:** `Promise<Buffer>` when no `outputPath` is given, `Promise<undefined>` otherwise.
+**Throws:** Same error codes as `decryptFile`.
+```js
+// Return as Buffer
+const buf = await wilcocrypt.decryptFileAsync(
+  "document.pdf.enc",
+  "passw0rd",
+);
+// Write directly to disk
+await wilcocrypt.decryptFileAsync(
+  "document.pdf.enc",
+  "passw0rd",
+  "document.pdf",
+);
 ```
 ---
@@ -158,17 +299,21 @@ wilcocrypt.decryptFile('document.pdf.enc', 'passw0rd', 'document.pdf');
 Streaming equivalent of `encryptFile`. Reads from `inputPath` and writes to `outputPath` chunk by chunk — suitable for large files where loading everything into memory is impractical.
-| Parameter    | Type      | Default | Description                          |
-|--------------|-----------|---------|--------------------------------------|
-| `inputPath`  | `string`  | —       | Path to the source file              |
-| `outputPath` | `string`  | —       | Path for the encrypted output        |
-| `password`   | `string`  | —       | Password for key derivation          |
-| `gzip`       | `boolean` | `true`  | Compress before encryption           |
+| Parameter    | Type      | Default | Description                   |
+| ------------ | --------- | ------- | ----------------------------- |
+| `inputPath`  | `string`  | —       | Path to the source file       |
+| `outputPath` | `string`  | —       | Path for the encrypted output |
+| `password`   | `string`  | —       | Password for key derivation   |
+| `gzip`       | `boolean` | `true`  | Compress before encryption    |
 **Returns:** `Promise<void>`
 ```js
-await wilcocrypt.encryptFileStream('bigfile.zip', 'bigfile.zip.enc', 'passw0rd');
+await wilcocrypt.encryptFileStream(
+  "bigfile.zip",
+  "bigfile.zip.enc",
+  "passw0rd",
+);
 ```
 ---
@@ -177,19 +322,23 @@ await wilcocrypt.encryptFileStream('bigfile.zip', 'bigfile.zip.enc', 'passw0rd')
 Streaming equivalent of `decryptFile`. Header and version are validated before the stream starts. If decryption fails at any point, the partially written output file is deleted automatically.
-| Parameter    | Type      | Default | Description                           |
-|--------------|-----------|---------|---------------------------------------|
-| `inputPath`  | `string`  | —       | Path to the `.enc` file               |
-| `outputPath` | `string`  | —       | Path to write decrypted output to     |
-| `password`   | `string`  | —       | Password used during encryption       |
-| `gzip`       | `boolean` | `true`  | Decompress after decryption           |
+| Parameter    | Type      | Default | Description                       |
+| ------------ | --------- | ------- | --------------------------------- |
+| `inputPath`  | `string`  | —       | Path to the `.enc` file           |
+| `outputPath` | `string`  | —       | Path to write decrypted output to |
+| `password`   | `string`  | —       | Password used during encryption   |
+| `gzip`       | `boolean` | `true`  | Decompress after decryption       |
 **Returns:** `Promise<void>`
 **Throws:** Same error codes as `decryptData`, plus automatic cleanup of `outputPath` on failure.
 ```js
-await wilcocrypt.decryptFileStream('bigfile.zip.enc', 'bigfile.zip', 'passw0rd');
+await wilcocrypt.decryptFileStream(
+  "bigfile.zip.enc",
+  "bigfile.zip",
+  "passw0rd",
+);
 ```
 ---
@@ -198,17 +347,17 @@ await wilcocrypt.decryptFileStream('bigfile.zip.enc', 'bigfile.zip', 'passw0rd')
 The `wilcocrypt._` namespace exposes internal helpers. These are not intended for normal use but are part of the public surface for advanced use cases and testing.
-| Member                  | Type       | Description                                              |
-|-------------------------|------------|----------------------------------------------------------|
-| `_.VERSION`             | `string`   | Current version string, embedded in every payload       |
-| `_.MIN_PASSWORD_LENGTH` | `number`   | Minimum accepted password length (6)                    |
-| `_.HEADER`              | `Buffer`   | 10-byte magic bytes identifying a WilcoCrypt payload    |
-| `_.WilcoCryptError`     | `class`    | The error class (also importable from TypeScript types)  |
-| `_.assertKeyAndIv(key, iv)` | `function` | Throws if key or IV are not valid Buffers of the right length |
-| `_.assertPassword(password)` | `function` | Throws `WEAK_PASSWORD` if password is too short   |
-| `_.constantTimeEqual(a, b)` | `function` | Constant-time Buffer comparison, returns `boolean`  |
-| `_.encryptData(plainData, key, iv)` | `function` | Raw AES-256-GCM encryption, returns `{ ciphertext, authTag }` |
-| `_.decryptData(cipherBuffer, authTagBuffer, key, iv)` | `function` | Raw AES-256-GCM decryption, returns `Buffer` |
+| Member                                                | Type       | Description                                                   |
+| ----------------------------------------------------- | ---------- | ------------------------------------------------------------- |
+| `_.VERSION`                                           | `string`   | Current version string, embedded in every payload             |
+| `_.MIN_PASSWORD_LENGTH`                               | `number`   | Minimum accepted password length (6)                          |
+| `_.HEADER`                                            | `Buffer`   | 10-byte magic bytes identifying a WilcoCrypt payload          |
+| `_.WilcoCryptError`                                   | `class`    | The error class (also importable from TypeScript types)       |
+| `_.assertKeyAndIv(key, iv)`                           | `function` | Throws if key or IV are not valid Buffers of the right length |
+| `_.assertPassword(password)`                          | `function` | Throws `WEAK_PASSWORD` if password is too short               |
+| `_.constantTimeEqual(a, b)`                           | `function` | Constant-time Buffer comparison, returns `boolean`            |
+| `_.encryptData(plainData, key, iv)`                   | `function` | Raw AES-256-GCM encryption, returns `{ ciphertext, authTag }` |
+| `_.decryptData(cipherBuffer, authTagBuffer, key, iv)` | `function` | Raw AES-256-GCM decryption, returns `Buffer`                  |
 ---
@@ -223,14 +372,14 @@ wilcocrypt --help
 ### Options
-| Flag                     | Description                                         |
-|--------------------------|-----------------------------------------------------|
-| `-e, --encrypt <file>`   | Encrypt the given file, writes `<file>.enc`         |
-| `-d, --decrypt <file>`   | Decrypt the given `.enc` file                       |
-| `-o, --output <file>`    | Write decrypted output to `<file>` instead of stdout |
-| `--stdout`               | Explicitly write decrypted output to stdout (default) |
-| `--version`              | Show WilcoCrypt version                             |
-| `-h, --help`             | Show help                                           |
+| Flag                   | Description                                           |
+| ---------------------- | ----------------------------------------------------- |
+| `-e, --encrypt <file>` | Encrypt the given file, writes `<file>.enc`           |
+| `-d, --decrypt <file>` | Decrypt the given `.enc` file                         |
+| `-o, --output <file>`  | Write decrypted output to `<file>` instead of stdout  |
+| `--stdout`             | Explicitly write decrypted output to stdout (default) |
+| `--version`            | Show WilcoCrypt version                               |
+| `-h, --help`           | Show help                                             |
 Only one of `-e` or `-d` may be used at a time. The `--output` and `--stdout` flags are mutually exclusive. `--output` is only valid with `-d`.
@@ -256,7 +405,7 @@ Passwords are entered interactively with character masking (`*`). The CLI requir
 ## Binary Payload Format
-Every payload produced by WilcoCrypt v2.2.0 has the following binary layout:
+Every payload produced in WilcoCrypt v2.2.x has the following binary layout:
 ```
 [ HEADER    ]  10 bytes   — magic bytes: 23 9 12 3 15 3 18 25 16 20
@@ -278,14 +427,14 @@ The auth tag is placed at the end to allow the streaming API to append it after
 All errors thrown by WilcoCrypt are instances of `WilcoCryptError`, which extends `Error` with a `code` property.
 ```js
-import wilcocrypt from 'wilcocrypt';
+import wilcocrypt from "wilcocrypt";
 const { WilcoCryptError } = wilcocrypt._;
 try {
-  wilcocrypt.decryptData(payload, 'wrong-password');
+  wilcocrypt.decryptData(payload, "wrong-password");
 } catch (err) {
   if (err instanceof WilcoCryptError) {
-    console.error(err.code);    // e.g. DECRYPTION_FAILED
+    console.error(err.code); // e.g. DECRYPTION_FAILED
     console.error(err.message); // human-readable
   }
 }
@@ -293,16 +442,16 @@ try {
 ### Error Codes
-| Code                    | Thrown by                        | Cause                                              |
-|-------------------------|----------------------------------|----------------------------------------------------|
-| `WEAK_PASSWORD`         | All public methods               | Password shorter than 6 characters                |
-| `INVALID_HEADER`        | `decryptData`, `decryptFile`, stream variants | Payload does not start with the WilcoCrypt magic bytes |
-| `VERSION_MISMATCH`      | `decryptData`, `decryptFile`, stream variants | Payload version does not match current version    |
-| `DECRYPTION_FAILED`     | `decryptData`, `decryptFile`, stream variants | Wrong password, tampered data, or corruption      |
-| `INVALID_FILE_EXTENSION`| `decryptFile`                    | File path does not end with `.enc`                |
-| `INVALID_KEY`           | `_.assertKeyAndIv`               | Key is not a 32-byte Buffer                       |
-| `INVALID_IV`            | `_.assertKeyAndIv`               | IV is not a 12-byte Buffer                        |
-| `NO_TTY`                | CLI password prompt              | stdin is not a TTY                                |
+| Code                     | Thrown by                                     | Cause                                                  |
+| ------------------------ | --------------------------------------------- | ------------------------------------------------------ |
+| `WEAK_PASSWORD`          | All public methods                            | Password shorter than 6 characters                     |
+| `INVALID_HEADER`         | `decryptData`, `decryptFile`, stream variants | Payload does not start with the WilcoCrypt magic bytes |
+| `VERSION_MISMATCH`       | `decryptData`, `decryptFile`, stream variants | Payload version does not match current version         |
+| `DECRYPTION_FAILED`      | `decryptData`, `decryptFile`, stream variants | Wrong password, tampered data, or corruption           |
+| `INVALID_FILE_EXTENSION` | `decryptFile`                                 | File path does not end with `.enc`                     |
+| `INVALID_KEY`            | `_.assertKeyAndIv`                            | Key is not a 32-byte Buffer                            |
+| `INVALID_IV`             | `_.assertKeyAndIv`                            | IV is not a 12-byte Buffer                             |
+| `NO_TTY`                 | CLI password prompt                           | stdin is not a TTY                                     |
 ---
@@ -311,17 +460,60 @@ try {
 WilcoCrypt ships with `wilcocrypt.d.ts`. No `@types` package needed.
 ```ts
-import wilcocrypt, { WilcoCryptError } from 'wilcocrypt';
-const encrypted: Buffer = wilcocrypt.encryptData(Buffer.from('hi'), 'passw0rd');
+import wilcocrypt, {
+  WilcoCryptError,
+} from "wilcocrypt";
+const encrypted: Buffer =
+  wilcocrypt.encryptData(
+    Buffer.from("hi"),
+    "passw0rd",
+  );
+const encryptedAsync: Buffer =
+  await wilcocrypt.encryptDataAsync(
+    Buffer.from("hi"),
+    "passw0rd",
+  );
 // decryptFile overloads
-const buf: Buffer = wilcocrypt.decryptFile('file.enc', 'passw0rd');
-wilcocrypt.decryptFile('file.enc', 'passw0rd', 'output.txt'); // returns undefined
-// Streams
-await wilcocrypt.encryptFileStream('in.txt', 'in.txt.enc', 'passw0rd');
-await wilcocrypt.decryptFileStream('in.txt.enc', 'out.txt', 'passw0rd');
+const buf: Buffer =
+  wilcocrypt.decryptFile(
+    "file.enc",
+    "passw0rd",
+  );
+wilcocrypt.decryptFile(
+  "file.enc",
+  "passw0rd",
+  "output.txt",
+);
+// async overloads
+const asyncBuf: Buffer =
+  await wilcocrypt.decryptFileAsync(
+    "file.enc",
+    "passw0rd",
+  );
+await wilcocrypt.decryptFileAsync(
+  "file.enc",
+  "passw0rd",
+  "output.txt",
+);
+// streams
+await wilcocrypt.encryptFileStream(
+  "in.txt",
+  "in.txt.enc",
+  "passw0rd",
+);
+await wilcocrypt.decryptFileStream(
+  "in.txt.enc",
+  "out.txt",
+  "passw0rd",
+);
 ```
 ---

package/README.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # WilcoCrypt
-[![js-semistandard-style](https://img.shields.io/badge/code%20style-semistandard-brightgreen.svg)](https://github.com/standard/semistandard)
+[![code style: prettier](https://img.shields.io/badge/code_style-prettier-ff69b4.svg?style=flat-square)](https://github.com/prettier/prettier)
 > **The `master` branch may be unstable during active development.**
 > For production use, always install from [npm](https://www.npmjs.com/package/wilcocrypt) or use a tagged [GitHub Release](https://github.com/computer-wilco/wilcocrypt/releases).
@@ -14,10 +14,11 @@ A simple, modern Node.js encryption library and CLI tool. AES-256-GCM, password-
 - AES-256-GCM authenticated encryption
 - scrypt key derivation with a random salt per encryption
 - Optional gzip compression before encryption
+- Synchronous and asynchronous APIs
 - Streaming API for large files (`encryptFileStream` / `decryptFileStream`)
 - CLI with interactive password prompt
-- TypeScript types included
-- semistandard code style
+- Comprehensive TypeScript definitions with full JSDoc support
+- Prettier code formatting
 ---
@@ -34,24 +35,24 @@ Requires Node.js 18 or later.
 ## Quick Start
 ```js
-import wilcocrypt from 'wilcocrypt';
+import wilcocrypt from "wilcocrypt";
 // Encrypt / decrypt a Buffer
-const encrypted = wilcocrypt.encryptData(Buffer.from('Hello!'), 'my-password');
-const decrypted = wilcocrypt.decryptData(encrypted, 'my-password');
+const encrypted = wilcocrypt.encryptData(Buffer.from("Hello!"), "my-password");
+const decrypted = wilcocrypt.decryptData(encrypted, "my-password");
 // Encrypt a file → writes file.txt.enc
-wilcocrypt.encryptFile('file.txt', 'my-password');
+wilcocrypt.encryptFile("file.txt", "my-password");
 // Decrypt to Buffer
-const buf = wilcocrypt.decryptFile('file.txt.enc', 'my-password');
+const buf = wilcocrypt.decryptFile("file.txt.enc", "my-password");
 // Decrypt directly to disk
-wilcocrypt.decryptFile('file.txt.enc', 'my-password', 'output.txt');
+wilcocrypt.decryptFile("file.txt.enc", "my-password", "output.txt");
 // Stream API (memory-efficient for large files)
-await wilcocrypt.encryptFileStream('big.zip', 'big.zip.enc', 'my-password');
-await wilcocrypt.decryptFileStream('big.zip.enc', 'big.zip', 'my-password');
+await wilcocrypt.encryptFileStream("big.zip", "big.zip.enc", "my-password");
+await wilcocrypt.decryptFileStream("big.zip.enc", "big.zip", "my-password");
 ```
 ---
@@ -91,14 +92,14 @@ The auth tag is appended at the end for streaming compatibility. See [DOCS.md](.
 All errors are instances of `WilcoCryptError` with a machine-readable `code` property.
 ```js
-import wilcocrypt from 'wilcocrypt';
+import wilcocrypt from "wilcocrypt";
 const { WilcoCryptError } = wilcocrypt._;
 try {
-  wilcocrypt.decryptData(payload, 'wrong');
+  wilcocrypt.decryptData(payload, "wrong");
 } catch (err) {
   if (err instanceof WilcoCryptError) {
-    console.error(err.code);    // e.g. DECRYPTION_FAILED
+    console.error(err.code); // e.g. DECRYPTION_FAILED
     console.error(err.message);
   }
 }

package/SECURITY.md CHANGED Viewed

@@ -6,11 +6,12 @@ The following versions of WilcoCrypt are currently supported with security updat
 | Version | Supported          |
 | ------- | ------------------ |
-| 2.1.x   | :white_check_mark: |
+| 2.2.x   | :white_check_mark: |
+| 2.1.x   | :x:                |
 | 2.0.x   | :x:                |
 | 1.x     | :x:                |
-Only the latest minor version in the 2.x range receives security updates. All the versions below that are not supported.
+Only the latest minor version in the 2.x range receives updates. All the versions below that are not supported.
 ---
@@ -24,16 +25,15 @@ If you discover a security vulnerability in WilcoCrypt, please report it respons
 Please include:
-* A clear description of the issue
-* Steps to reproduce (if possible)
-* Impact assessment (what can go wrong)
+- A clear description of the issue
+- Steps to reproduce (if possible)
+- Impact assessment (what can go wrong)
 ### What to expect
-* You will receive a response within **48 hours**
-* I will investigate and confirm the issue
-* If accepted, a fix will be developed as soon as possible
-* A patched version will be released and documented
+- I will investigate and confirm the issue
+- If accepted, a fix will be developed as soon as possible
+- A patched version will be released and documented
 ### Responsible disclosure
@@ -43,6 +43,6 @@ Please do **not** publicly disclose the vulnerability until a fix has been relea
 ## Notes
-* WilcoCrypt is designed with strong cryptographic defaults, but misuse (e.g. weak passwords) can still lead to insecure outcomes
-* Always use strong, unique passwords
-* Security is a shared responsibility between the library and its users
+- WilcoCrypt is designed with strong cryptographic defaults, but misuse (e.g. weak passwords) can still lead to insecure outcomes
+- Always use strong, unique passwords
+- Security is a shared responsibility between the library and its users