@winner-fed/build-security
Advanced tools
安全构建工具库 - 支持文件加密、加签和过滤功能
npm install @winner-fed/build-security
import { SecurityBuilder } from '@winner-fed/build-security';
const builder = new SecurityBuilder({
encrypt: true, // 启用加密
sign: true // 启用加签
});
// 处理文件夹
builder
.build('./dist', './output/dist_security.zip')
.then((outputPath) => {
console.log('构建完成:', outputPath);
})
.catch((err) => {
console.error('构建失败:', err);
});
import { SecurityBuilder } from '@winner-fed/build-security';
async function buildSecurity() {
const builder = new SecurityBuilder({
encrypt: true,
sign: false
});
try {
const outputPath = await builder.build('./dist', './output/dist_encrypted.zip');
console.log('构建完成:', outputPath);
} catch (err) {
console.error('构建失败:', err);
}
}
buildSecurity();
| 选项 | 类型 | 默认值 | 说明 |
|---|---|---|---|
encrypt | boolean | false | 是否启用文件加密 |
sign | boolean | false | 是否启用文件加签 |
excludeFiles | string[] | [] | 需要过滤的文件列表(支持 glob 模式) |
excludePatterns | (string|RegExp)[] | [] | 需要过滤的文件模式(正则表达式) |
builder.build(entry, outputName);
entry (string|string[]): 输入路径,可以是:
./dist/*.zip、./packages/**/dist)outputName (string): 输出 ZIP 文件名(可选,不指定则自动生成)const builder = new SecurityBuilder({
encrypt: true,
excludeFiles: ['config.json', 'README.md', 'package.json']
});
const builder = new SecurityBuilder({
encrypt: true,
excludeFiles: [
'**/*.test.js', // 所有测试文件
'**/node_modules/**', // node_modules 目录
'**/*.map', // 所有 source map 文件
'dist/**/*.log' // dist 目录下的所有日志文件
]
});
const builder = new SecurityBuilder({
encrypt: true,
excludePatterns: [
/\.test\.js$/, // 匹配所有 .test.js 文件
/^config/, // 匹配以 config 开头的文件
/node_modules/, // 匹配包含 node_modules 的路径
/\.(map|log|md)$/i // 匹配 .map、.log、.md 结尾的文件
]
});
const builder = new SecurityBuilder({
encrypt: true,
sign: true,
excludeFiles: ['**/*.test.js', '**/node_modules/**'],
excludePatterns: [/\.map$/, /^\./]
});
import { SecurityBuilder } from '@winner-fed/build-security';
const builder = new SecurityBuilder({
encrypt: true,
excludeFiles: ['**/*.map', '**/*.log']
});
builder.build('./dist', './output/dist_encrypted.zip').then((path) => console.log('加密完成:', path));
import { SecurityBuilder } from '@winner-fed/build-security';
const builder = new SecurityBuilder({
sign: true
});
builder.build('./dist', './output/dist_signed.zip').then((path) => console.log('加签完成:', path));
import { SecurityBuilder } from '@winner-fed/build-security';
const builder = new SecurityBuilder({
encrypt: true,
sign: true,
excludeFiles: ['**/*.map', '**/*.test.js', '**/node_modules/**']
});
builder.build('./dist', './output/dist_encrypted_signed.zip').then((path) => console.log('加密加签完成:', path));
import { SecurityBuilder } from '@winner-fed/build-security';
const builder = new SecurityBuilder({
encrypt: true,
sign: true
});
// 直接处理 ZIP 文件,会自动解压、处理、重新打包
builder.build('./input.zip', './output/processed.zip').then((path) => console.log('处理完成:', path));
import { SecurityBuilder } from '@winner-fed/build-security';
const builder = new SecurityBuilder({
encrypt: true,
sign: true
});
// 处理多个文件夹和 ZIP 文件
// 每个输入会单独进行加密加签并打包成独立的 ZIP
// 然后这些独立的 ZIP 会被合并到一个最终的 ZIP 中
// 解压最终的 ZIP 后,会得到多个独立的已加密加签的 ZIP 文件
builder
.build(['./dist/app1', './dist/app2', './dist/app3.zip'], './output/merged.zip')
.then((path) => console.log('合并处理完成:', path));
import { SecurityBuilder } from '@winner-fed/build-security';
const builder = new SecurityBuilder({
encrypt: true,
sign: true
});
// 使用 glob 模式匹配所有 ZIP 文件
// 每个匹配的 ZIP 会单独进行加密加签,然后合并到一个最终的 ZIP 中
builder.build('./dist/*.zip', './output/all_zips.zip').then((path) => console.log('处理完成:', path));
// 匹配所有子目录下的 dist 文件夹
// 每个匹配的目录会单独进行加密加签并打包,然后合并
builder.build('./packages/**/dist', './output/all_dists.zip').then((path) => console.log('处理完成:', path));
// 混合使用 glob 模式和普通路径
builder
.build(['./dist/app1', './dist/*.zip', './packages/**/build'], './output/merged.zip')
.then((path) => console.log('合并处理完成:', path));
默认情况下,以下类型的文件会被加密:
.html.js.json.css.txt以下文件不会被加密(即使匹配类型):
gmu-hash-manifest.jsongmu-hash-manifest-v2.json如果不指定输出文件名,系统会自动生成:
{原文件名}_yyyyMMdd_encrypted.zip{原文件名}_yyyyMMdd_signed.zip{原文件名}_yyyyMMdd_encrypted_signed.zip二次加密限制:如果目录中已存在 gmu-config-manifest.json,则不能再次进行加密操作(除非同时进行加签)
文件过滤优先级:
excludeFiles 中的任何模式,将被过滤excludePatterns 中的任何正则,将被过滤临时文件:处理过程中会在系统临时目录创建临时文件,处理完成后会自动清理
路径格式:支持相对路径和绝对路径,路径中的反斜杠会自动转换为正斜杠
多输入处理方式:
import { SecurityBuilder } from '@winner-fed/build-security';
const builder = new SecurityBuilder({
encrypt: true
});
builder
.build('./dist', './output.zip')
.then((path) => {
console.log('成功:', path);
})
.catch((err) => {
if (err.message === '路径不存在!') {
console.error('指定的输入路径不存在');
} else if (err.message === '文件名冲突!') {
console.error('输出文件已存在,请更换文件名');
} else if (err.message === '不可以进行二次加密!') {
console.error('目录已加密,不能再次加密');
} else {
console.error('未知错误:', err);
}
});
import { SecurityBuilder } from '@winner-fed/build-security';
new SecurityBuilder(options);
执行安全构建操作
entry (string|string[]): 输入路径,支持:
./dist/*.zip、./packages/**/dist)outputName (string, 可选): 输出 ZIP 文件名Promise<string> - 返回生成的 ZIP 文件路径ISC
FAQs
安全构建工具库 - 支持文件加密、加签和过滤
We found that @winner-fed/build-security demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A malicious Chrome extension steals newly created MEXC API keys, exfiltrates them to Telegram, and enables full account takeover with trading and withdrawal rights.
Security News
CVE disclosures hit a record 48,185 in 2025, driven largely by vulnerabilities in third-party WordPress plugins.
Security News
Socket CEO Feross Aboukhadijeh joins Insecure Agents to discuss CVE remediation and why supply chain attacks require a different security approach.