wilcocrypt 2.2.0 → 2.2.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wilcocrypt",
-  "version": "2.2.0",
+  "version": "2.2.1",
   "description": "A encrypting tool",
   "keywords": [
     "encrypting",
@@ -10,12 +10,14 @@
   "author": "computerwilco",
   "type": "module",
   "main": "src/wilcocrypt.js",
-  "bin": "src/cli.js",
+  "bin": {
+    "wilcocrypt": "src/cli.js"
+  },
   "types": "types/wilcocrypt.d.ts",
   "scripts": {
     "test": "node src/cli.js",
-    "lint": "npx semistandard",
-    "lint:fix": "npx semistandard --fix",
+    "semistandard": "npx semistandard",
+    "lint": "npx semistandard --fix; npx prettier --write .",
     "update": "npx -y Jelmerro/nus",
     "rollup": "node src/scripts/shebang-fix.js pre && rollup -c && node src/scripts/shebang-fix.js post && node src/scripts/fix-cli-min-import.js && node src/scripts/chmod.js",
     "sea:blob": "node src/scripts/sea-blob.js",
@@ -28,15 +30,16 @@
     "clean": "rm -rf dist && rm -rf sea/*.sea && rm -rf release/*"
   },
   "dependencies": {
-    "commander": "14.0.3"
+    "commander": "15.0.0"
   },
   "devDependencies": {
-    "@rollup/plugin-commonjs": "29.0.2",
+    "@rollup/plugin-commonjs": "29.0.3",
     "@rollup/plugin-node-resolve": "16.0.3",
     "@rollup/plugin-replace": "6.0.3",
     "@rollup/plugin-terser": "1.0.0",
-    "@types/node": "25.6.0",
-    "rollup": "4.60.2",
+    "@types/node": "25.9.2",
+    "prettier": "3.8.3",
+    "rollup": "4.61.1",
     "semistandard": "17.0.0"
   }
 }

package/src/cli.js

@@ -1,62 +1,62 @@
 #!/usr/bin/env node
-import { Command } from 'commander';
-import wilcocrypt from './wilcocrypt.js';
+import { Command } from "commander";
+import wilcocrypt from "./wilcocrypt.js";
 
 /* =========================
    Helpers
 ========================= */
 
-function promptPassword (promptText = 'Password: ') {
+function promptPassword(promptText = "Password: ") {
   return new Promise((resolve) => {
     const stdin = process.stdin;
     const stdout = process.stdout;
 
     if (!stdin.isTTY) {
       throw new wilcocrypt._.WilcoCryptError(
-        'Password prompt requires a TTY',
-        'NO_TTY'
+        "Password prompt requires a TTY",
+        "NO_TTY",
       );
     }
 
     stdout.write(promptText);
 
-    let password = '';
+    let password = "";
 
     stdin.setRawMode(true);
     stdin.resume();
-    stdin.setEncoding('utf8');
+    stdin.setEncoding("utf8");
 
-    function onData (char) {
-      if (char === '\r' || char === '\n') {
-        stdout.write('\n');
+    function onData(char) {
+      if (char === "\r" || char === "\n") {
+        stdout.write("\n");
         stdin.setRawMode(false);
         stdin.pause();
-        stdin.removeListener('data', onData);
+        stdin.removeListener("data", onData);
         resolve(password);
         return;
       }
 
-      if (char === '\u0003') {
-        stdout.write('\n');
+      if (char === "\u0003") {
+        stdout.write("\n");
         stdin.setRawMode(false);
         stdin.pause();
-        stdin.removeListener('data', onData);
+        stdin.removeListener("data", onData);
         process.exit(1);
       }
 
-      if (char === '\u007f' || char === '\b') {
+      if (char === "\u007f" || char === "\b") {
         if (password.length > 0) {
           password = password.slice(0, -1);
-          stdout.write('\b \b');
+          stdout.write("\b \b");
         }
         return;
       }
 
       password += char;
-      stdout.write('*');
+      stdout.write("*");
     }
 
-    stdin.on('data', onData);
+    stdin.on("data", onData);
   });
 }
 
@@ -67,16 +67,22 @@ function promptPassword (promptText = 'Password: ') {
 const program = new Command();
 
 program
-  .name('wilcocrypt')
-  .description('File encryption tool')
-  .version(wilcocrypt._.VERSION, '--version', 'Show version')
-
-  .option('-e, --encrypt <file>', 'Encrypt file')
-  .option('-d, --decrypt <file>', 'Decrypt file')
-  .option('-o, --output <file>', 'Write output to file instead of stdout (decrypt only)')
-  .option('--stdout', 'Write decrypted output to stdout (default behavior, explicit flag)')
-
-  .helpOption('-h, --help', 'Display help');
+  .name("wilcocrypt")
+  .description("File encryption tool")
+  .version(wilcocrypt._.VERSION, "--version", "Show version")
+
+  .option("-e, --encrypt <file>", "Encrypt file")
+  .option("-d, --decrypt <file>", "Decrypt file")
+  .option(
+    "-o, --output <file>",
+    "Write output to file instead of stdout (decrypt only)",
+  )
+  .option(
+    "--stdout",
+    "Write decrypted output to stdout (default behavior, explicit flag)",
+  )
+
+  .helpOption("-h, --help", "Display help");
 
 program.parse(process.argv);
 
@@ -86,27 +92,24 @@ const options = program.opts();
    Validation
 ========================= */
 
-const actions = [
-  options.encrypt,
-  options.decrypt
-].filter(Boolean);
+const actions = [options.encrypt, options.decrypt].filter(Boolean);
 
 if (actions.length === 0) {
   program.help();
 }
 
 if (actions.length > 1) {
-  console.error('error: please specify only one action (-e or -d)');
+  console.error("error: please specify only one action (-e or -d)");
   process.exit(1);
 }
 
 if (options.output && options.stdout) {
-  console.error('error: --output and --stdout are mutually exclusive');
+  console.error("error: --output and --stdout are mutually exclusive");
   process.exit(1);
 }
 
 if (options.output && options.encrypt) {
-  console.error('error: --output is only supported for decryption');
+  console.error("error: --output is only supported for decryption");
   process.exit(1);
 }
 
@@ -117,14 +120,14 @@ if (options.output && options.encrypt) {
 (async () => {
   try {
     if (options.encrypt) {
-      const password = await promptPassword('Encryption password: ');
+      const password = await promptPassword("Encryption password: ");
       wilcocrypt.encryptFile(options.encrypt, password);
       console.log(`Encrypted: ${options.encrypt}.enc`);
       return;
     }
 
     if (options.decrypt) {
-      const password = await promptPassword('Decryption password: ');
+      const password = await promptPassword("Decryption password: ");
 
       if (options.output) {
         wilcocrypt.decryptFile(options.decrypt, password, options.output);

package/src/wilcocrypt.js

@@ -1,7 +1,22 @@
-import { randomBytes, scryptSync, createCipheriv, createDecipheriv } from 'crypto';
-import { gzipSync, gunzipSync, createGzip, createGunzip } from 'zlib';
-import { readFileSync, writeFileSync, createReadStream, createWriteStream, promises as fsPromises } from 'fs';
-import { pipeline } from 'stream/promises';
+import {
+  randomBytes,
+  scryptSync,
+  scrypt,
+  createCipheriv,
+  createDecipheriv,
+} from "crypto";
+import { gzipSync, gunzipSync, createGzip, createGunzip } from "zlib";
+import {
+  readFileSync,
+  writeFileSync,
+  createReadStream,
+  createWriteStream,
+  promises as fsPromises,
+} from "fs";
+import { pipeline } from "stream/promises";
+import { promisify } from "util";
+
+const scryptAsync = promisify(scrypt);
 
 /**
  * Main WilcoCrypt namespace.
@@ -25,9 +40,9 @@ class WilcoCryptError extends Error {
    * @param {string} message - Human-readable error message
    * @param {string} [code=WILCOCRYPT_ERROR] - Machine-readable error code
    */
-  constructor (message, code = 'WILCOCRYPT_ERROR') {
+  constructor(message, code = "WILCOCRYPT_ERROR") {
     super(message);
-    this.name = 'WilcoCryptError';
+    this.name = "WilcoCryptError";
     this.code = code;
 
     if (Error.captureStackTrace) {
@@ -47,7 +62,7 @@ wilcocrypt._.WilcoCryptError = WilcoCryptError;
  * Must match exactly during decryption.
  * @type {string}
  */
-wilcocrypt._.VERSION = '2.2.0';
+wilcocrypt._.VERSION = "2.2.0";
 
 /**
  * Minimum allowed password length.
@@ -75,15 +90,15 @@ wilcocrypt._.HEADER = Buffer.from([23, 9, 12, 3, 15, 3, 18, 25, 16, 20]);
 wilcocrypt._.assertKeyAndIv = function (key, iv) {
   if (!Buffer.isBuffer(key) || key.length !== 32) {
     throw new WilcoCryptError(
-      'Invalid encryption key (expected 32-byte Buffer)',
-      'INVALID_KEY'
+      "Invalid encryption key (expected 32-byte Buffer)",
+      "INVALID_KEY",
     );
   }
 
   if (!Buffer.isBuffer(iv) || iv.length !== 12) {
     throw new WilcoCryptError(
-      'Invalid IV (expected 12-byte Buffer)',
-      'INVALID_IV'
+      "Invalid IV (expected 12-byte Buffer)",
+      "INVALID_IV",
     );
   }
 };
@@ -95,10 +110,13 @@ wilcocrypt._.assertKeyAndIv = function (key, iv) {
  * @throws {WilcoCryptError}
  */
 wilcocrypt._.assertPassword = function (password) {
-  if (typeof password !== 'string' || password.length < wilcocrypt._.MIN_PASSWORD_LENGTH) {
+  if (
+    typeof password !== "string" ||
+    password.length < wilcocrypt._.MIN_PASSWORD_LENGTH
+  ) {
     throw new WilcoCryptError(
       `Password must be at least ${wilcocrypt._.MIN_PASSWORD_LENGTH} characters`,
-      'WEAK_PASSWORD'
+      "WEAK_PASSWORD",
     );
   }
 };
@@ -136,15 +154,12 @@ wilcocrypt._.constantTimeEqual = function (a, b) {
 wilcocrypt._.encryptData = function (plainData, key, iv) {
   wilcocrypt._.assertKeyAndIv(key, iv);
 
-  const cipher = createCipheriv('aes-256-gcm', key, iv);
-  const encrypted = Buffer.concat([
-    cipher.update(plainData),
-    cipher.final()
-  ]);
+  const cipher = createCipheriv("aes-256-gcm", key, iv);
+  const encrypted = Buffer.concat([cipher.update(plainData), cipher.final()]);
 
   return {
     ciphertext: encrypted,
-    authTag: cipher.getAuthTag()
+    authTag: cipher.getAuthTag(),
   };
 };
 
@@ -161,17 +176,14 @@ wilcocrypt._.decryptData = function (cipherBuffer, authTagBuffer, key, iv) {
   wilcocrypt._.assertKeyAndIv(key, iv);
 
   try {
-    const decipher = createDecipheriv('aes-256-gcm', key, iv);
+    const decipher = createDecipheriv("aes-256-gcm", key, iv);
     decipher.setAuthTag(authTagBuffer);
 
-    return Buffer.concat([
-      decipher.update(cipherBuffer),
-      decipher.final()
-    ]);
+    return Buffer.concat([decipher.update(cipherBuffer), decipher.final()]);
   } catch {
     throw new WilcoCryptError(
-      'Decryption failed (invalid password, corrupted data, or tampered file)',
-      'DECRYPTION_FAILED'
+      "Decryption failed (invalid password, corrupted data, or tampered file)",
+      "DECRYPTION_FAILED",
     );
   }
 };
@@ -210,7 +222,47 @@ wilcocrypt.encryptData = function (plaindata, password, gzip = true) {
     salt, // 16 bytes
     iv, // 12 bytes
     ciphertext, // variable
-    authTag // 16 bytes (at the end for streaming compatibility)
+    authTag, // 16 bytes (at the end for streaming compatibility)
+  ]);
+};
+
+/**
+ * Encrypts data asynchronously using password-based AES-256-GCM.
+ *
+ * Output format:
+ * [HEADER (10 bytes)] + [VERSION (dynamic)] + [salt (16)] + [iv (12)] + [ciphertext] + [authTag (16)]
+ *
+ * @param {Buffer} plaindata - Raw data to encrypt
+ * @param {string} password - Password used for key derivation
+ * @param {boolean} [gzip=true] - Whether to compress data before encryption
+ * @returns {Promise<Buffer>} Binary-encoded encrypted payload
+ * @throws {WilcoCryptError} If password is invalid
+ */
+wilcocrypt.encryptDataAsync = async function (
+  plaindata,
+  password,
+  gzip = true,
+) {
+  wilcocrypt._.assertPassword(password);
+
+  const gzipData = gzip ? gzipSync(plaindata) : plaindata;
+
+  const iv = randomBytes(12);
+  const salt = randomBytes(16);
+
+  const key = await scryptAsync(password, salt, 32);
+
+  const { ciphertext, authTag } = wilcocrypt._.encryptData(gzipData, key, iv);
+
+  const versionBuf = Buffer.from(wilcocrypt._.VERSION);
+
+  return Buffer.concat([
+    wilcocrypt._.HEADER,
+    versionBuf,
+    salt,
+    iv,
+    ciphertext,
+    authTag,
   ]);
 };
 
@@ -232,22 +284,31 @@ wilcocrypt.decryptData = function (encryptedBuffer, password, gzip = true) {
   const versionBuf = Buffer.from(wilcocrypt._.VERSION);
   let offset = 0;
 
-  const fileHeader = encryptedBuffer.subarray(offset, offset += wilcocrypt._.HEADER.length);
+  const fileHeader = encryptedBuffer.subarray(
+    offset,
+    (offset += wilcocrypt._.HEADER.length),
+  );
   if (!fileHeader.equals(wilcocrypt._.HEADER)) {
-    throw new WilcoCryptError('Invalid WilcoCrypt header', 'INVALID_HEADER');
+    throw new WilcoCryptError("Invalid WilcoCrypt header", "INVALID_HEADER");
   }
 
-  const fileVersion = encryptedBuffer.subarray(offset, offset += versionBuf.length);
+  const fileVersion = encryptedBuffer.subarray(
+    offset,
+    (offset += versionBuf.length),
+  );
   if (!fileVersion.equals(versionBuf)) {
-    throw new WilcoCryptError('Version mismatch', 'VERSION_MISMATCH');
+    throw new WilcoCryptError("Version mismatch", "VERSION_MISMATCH");
   }
 
-  const salt = encryptedBuffer.subarray(offset, offset += 16);
-  const iv = encryptedBuffer.subarray(offset, offset += 12);
+  const salt = encryptedBuffer.subarray(offset, (offset += 16));
+  const iv = encryptedBuffer.subarray(offset, (offset += 12));
 
   // authTag are the last 16 bytes; ciphertext is everything in between
   const authTag = encryptedBuffer.subarray(encryptedBuffer.length - 16);
-  const ciphertext = encryptedBuffer.subarray(offset, encryptedBuffer.length - 16);
+  const ciphertext = encryptedBuffer.subarray(
+    offset,
+    encryptedBuffer.length - 16,
+  );
 
   const key = scryptSync(password, salt, 32);
 
@@ -256,6 +317,63 @@ wilcocrypt.decryptData = function (encryptedBuffer, password, gzip = true) {
   return gzip ? gunzipSync(decrypted) : decrypted;
 };
 
+/**
+ * Decrypts encrypted data asynchronously using password-based AES-256-GCM.
+ *
+ * Validates internal header and version, then extracts:
+ * salt, iv, authTag and ciphertext from the binary payload.
+ *
+ * @param {Buffer} encryptedBuffer - Binary-encoded encrypted payload
+ * @param {string} password - Password used for decryption
+ * @param {boolean} [gzip=true] - Whether to decompress after decryption
+ * @returns {Promise<Buffer>} Decrypted raw data
+ * @throws {WilcoCryptError} On invalid header, version mismatch, wrong password, or corrupted data
+ */
+wilcocrypt.decryptDataAsync = async function (
+  encryptedBuffer,
+  password,
+  gzip = true,
+) {
+  wilcocrypt._.assertPassword(password);
+
+  const versionBuf = Buffer.from(wilcocrypt._.VERSION);
+  let offset = 0;
+
+  const fileHeader = encryptedBuffer.subarray(
+    offset,
+    (offset += wilcocrypt._.HEADER.length),
+  );
+
+  if (!fileHeader.equals(wilcocrypt._.HEADER)) {
+    throw new WilcoCryptError("Invalid WilcoCrypt header", "INVALID_HEADER");
+  }
+
+  const fileVersion = encryptedBuffer.subarray(
+    offset,
+    (offset += versionBuf.length),
+  );
+
+  if (!fileVersion.equals(versionBuf)) {
+    throw new WilcoCryptError("Version mismatch", "VERSION_MISMATCH");
+  }
+
+  const salt = encryptedBuffer.subarray(offset, (offset += 16));
+  const iv = encryptedBuffer.subarray(offset, (offset += 12));
+
+  const authTag = encryptedBuffer.subarray(encryptedBuffer.length - 16);
+
+  const ciphertext = encryptedBuffer.subarray(
+    offset,
+    encryptedBuffer.length - 16,
+  );
+
+  const key = await scryptAsync(password, salt, 32);
+
+  const decrypted = wilcocrypt._.decryptData(ciphertext, authTag, key, iv);
+
+  return gzip ? gunzipSync(decrypted) : decrypted;
+};
+
 /**
  * Encrypts a file and writes the result to `<filePath>.enc`.
  *
@@ -271,6 +389,27 @@ wilcocrypt.encryptFile = function (filePath, password, gzip = true) {
   writeFileSync(`${filePath}.enc`, encryptedData);
 };
 
+/**
+ * Encrypts a file asynchronously and writes the result to `<filePath>.enc`.
+ *
+ * @param {string} filePath - Path to the file to encrypt
+ * @param {string} password - Password used for encryption
+ * @param {boolean} [gzip=true] - Whether to compress before encryption
+ * @returns {Promise<void>}
+ * @throws {WilcoCryptError} If password is invalid
+ */
+wilcocrypt.encryptFileAsync = async function (filePath, password, gzip = true) {
+  const fileData = await fsPromises.readFile(filePath);
+
+  const encryptedData = await wilcocrypt.encryptDataAsync(
+    fileData,
+    password,
+    gzip,
+  );
+
+  await fsPromises.writeFile(`${filePath}.enc`, encryptedData);
+};
+
 /**
  * Decrypts an encrypted `.enc` file.
  *
@@ -285,17 +424,22 @@ wilcocrypt.encryptFile = function (filePath, password, gzip = true) {
  * @returns {Buffer|undefined} Decrypted file contents, or undefined if outputPath was given
  * @throws {WilcoCryptError} If file extension is invalid or decryption fails
  */
-wilcocrypt.decryptFile = function (filePath, password, outputPath, gzip = true) {
+wilcocrypt.decryptFile = function (
+  filePath,
+  password,
+  outputPath,
+  gzip = true,
+) {
   // Support legacy 3-argument form: decryptFile(filePath, password, gzip?)
-  if (typeof outputPath === 'boolean') {
+  if (typeof outputPath === "boolean") {
     gzip = outputPath;
     outputPath = undefined;
   }
 
-  if (!filePath.endsWith('.enc')) {
+  if (!filePath.endsWith(".enc")) {
     throw new WilcoCryptError(
-      'Invalid file extension (expected .enc)',
-      'INVALID_FILE_EXTENSION'
+      "Invalid file extension (expected .enc)",
+      "INVALID_FILE_EXTENSION",
     );
   }
 
@@ -310,6 +454,53 @@ wilcocrypt.decryptFile = function (filePath, password, outputPath, gzip = true)
   return decrypted;
 };
 
+/**
+ * Decrypts an encrypted `.enc` file asynchronously.
+ *
+ * If `outputPath` is provided, the decrypted data is written to that file
+ * and `undefined` is returned. Otherwise the decrypted Buffer is returned.
+ *
+ * @param {string} filePath - Path to the `.enc` file
+ * @param {string} password - Password used for decryption
+ * @param {string|boolean} [outputPath] - Optional output path
+ * @param {boolean} [gzip=true] - Whether to decompress after decryption
+ * @returns {Promise<Buffer|undefined>}
+ * @throws {WilcoCryptError}
+ */
+wilcocrypt.decryptFileAsync = async function (
+  filePath,
+  password,
+  outputPath,
+  gzip = true,
+) {
+  if (typeof outputPath === "boolean") {
+    gzip = outputPath;
+    outputPath = undefined;
+  }
+
+  if (!filePath.endsWith(".enc")) {
+    throw new WilcoCryptError(
+      "Invalid file extension (expected .enc)",
+      "INVALID_FILE_EXTENSION",
+    );
+  }
+
+  const encryptedData = await fsPromises.readFile(filePath);
+
+  const decrypted = await wilcocrypt.decryptDataAsync(
+    encryptedData,
+    password,
+    gzip,
+  );
+
+  if (outputPath) {
+    await fsPromises.writeFile(outputPath, decrypted);
+    return;
+  }
+
+  return decrypted;
+};
+
 /**
  * Encrypts a file using streams and writes the result to `outputPath`.
  * Memory-efficient alternative to `encryptFile` for large files.
@@ -324,7 +515,12 @@ wilcocrypt.decryptFile = function (filePath, password, outputPath, gzip = true)
  * @returns {Promise<void>}
  * @throws {WilcoCryptError} If password is invalid
  */
-wilcocrypt.encryptFileStream = async function (inputPath, outputPath, password, gzip = true) {
+wilcocrypt.encryptFileStream = async function (
+  inputPath,
+  outputPath,
+  password,
+  gzip = true,
+) {
   wilcocrypt._.assertPassword(password);
 
   const salt = randomBytes(16);
@@ -332,7 +528,7 @@ wilcocrypt.encryptFileStream = async function (inputPath, outputPath, password,
   const key = scryptSync(password, salt, 32);
   const versionBuf = Buffer.from(wilcocrypt._.VERSION);
 
-  const cipher = createCipheriv('aes-256-gcm', key, iv);
+  const cipher = createCipheriv("aes-256-gcm", key, iv);
   const writeStream = createWriteStream(outputPath);
 
   writeStream.write(wilcocrypt._.HEADER);
@@ -362,10 +558,15 @@ wilcocrypt.encryptFileStream = async function (inputPath, outputPath, password,
  * @returns {Promise<void>}
  * @throws {WilcoCryptError} On invalid header, version mismatch, or decryption/integrity failure
  */
-wilcocrypt.decryptFileStream = async function (inputPath, outputPath, password, gzip = true) {
+wilcocrypt.decryptFileStream = async function (
+  inputPath,
+  outputPath,
+  password,
+  gzip = true,
+) {
   wilcocrypt._.assertPassword(password);
 
-  const handle = await fsPromises.open(inputPath, 'r');
+  const handle = await fsPromises.open(inputPath, "r");
   const versionBuf = Buffer.from(wilcocrypt._.VERSION);
 
   const headLen = wilcocrypt._.HEADER.length;
@@ -377,19 +578,23 @@ wilcocrypt.decryptFileStream = async function (inputPath, outputPath, password,
   const iv = Buffer.alloc(12);
 
   let currentPos = 0;
-  await handle.read(headerCheck, 0, headLen, currentPos); currentPos += headLen;
-  await handle.read(versionCheck, 0, verLen, currentPos); currentPos += verLen;
-  await handle.read(salt, 0, 16, currentPos); currentPos += 16;
-  await handle.read(iv, 0, 12, currentPos); currentPos += 12;
+  await handle.read(headerCheck, 0, headLen, currentPos);
+  currentPos += headLen;
+  await handle.read(versionCheck, 0, verLen, currentPos);
+  currentPos += verLen;
+  await handle.read(salt, 0, 16, currentPos);
+  currentPos += 16;
+  await handle.read(iv, 0, 12, currentPos);
+  currentPos += 12;
 
   if (!headerCheck.equals(wilcocrypt._.HEADER)) {
     await handle.close();
-    throw new WilcoCryptError('Invalid WilcoCrypt header', 'INVALID_HEADER');
+    throw new WilcoCryptError("Invalid WilcoCrypt header", "INVALID_HEADER");
   }
 
   if (!versionCheck.equals(versionBuf)) {
     await handle.close();
-    throw new WilcoCryptError('Version mismatch', 'VERSION_MISMATCH');
+    throw new WilcoCryptError("Version mismatch", "VERSION_MISMATCH");
   }
 
   const stats = await handle.stat();
@@ -397,10 +602,12 @@ wilcocrypt.decryptFileStream = async function (inputPath, outputPath, password,
   await handle.read(authTag, 0, 16, stats.size - 16);
 
   const key = scryptSync(password, salt, 32);
-  const decipher = createDecipheriv('aes-256-gcm', key, iv);
+  const decipher = createDecipheriv("aes-256-gcm", key, iv);
   decipher.setAuthTag(authTag);
 
-  const pipelineSteps = [createReadStream(inputPath, { start: currentPos, end: stats.size - 17 })];
+  const pipelineSteps = [
+    createReadStream(inputPath, { start: currentPos, end: stats.size - 17 }),
+  ];
   pipelineSteps.push(decipher);
   if (gzip) pipelineSteps.push(createGunzip());
   pipelineSteps.push(createWriteStream(outputPath));
@@ -411,8 +618,8 @@ wilcocrypt.decryptFileStream = async function (inputPath, outputPath, password,
     await handle.close();
     await fsPromises.unlink(outputPath);
     throw new WilcoCryptError(
-      'Decryption failed (invalid password, corrupted data, or tampered file)',
-      'DECRYPTION_FAILED'
+      "Decryption failed (invalid password, corrupted data, or tampered file)",
+      "DECRYPTION_FAILED",
     );
   }