conf - npm Package Compare versions

Comparing version 4.1.0 to 5.0.0

index.d.ts

		@@ -172,3 +172,3 @@ /// <reference types="node"/>
		*/
		declare class Conf<T = unknown> implements Iterable<[string, T]> {
		declare class Conf<T> implements Iterable<[string, T]> {
		store: {[key: string]: T};
		@@ -175,0 +175,0 @@ readonly path: string;

index.js

		@@ -232,4 +232,12 @@ /* eslint-disable node/no-deprecated-api */
		try {
		const decipher = crypto.createDecipher(encryptionAlgorithm, this.encryptionKey);
		data = Buffer.concat([decipher.update(data), decipher.final()]);
		// Check if an initialization vector has been used to encrypt the data
		if (data.slice(16, 17).toString() === ':') {
		const initializationVector = data.slice(0, 16);
		const password = crypto.pbkdf2Sync(this.encryptionKey, initializationVector.toString(), 10000, 32, 'sha512');
		const decipher = crypto.createDecipheriv(encryptionAlgorithm, password, initializationVector);
		data = Buffer.concat([decipher.update(data.slice(17)), decipher.final()]);
		} else {
		const decipher = crypto.createDecipher(encryptionAlgorithm, this.encryptionKey);
		data = Buffer.concat([decipher.update(data), decipher.final()]);
		}
		} catch (_) {}
		@@ -264,4 +272,6 @@ }
		if (this.encryptionKey) {
		const cipher = crypto.createCipher(encryptionAlgorithm, this.encryptionKey);
		data = Buffer.concat([cipher.update(Buffer.from(data)), cipher.final()]);
		const initializationVector = crypto.randomBytes(16);
		const password = crypto.pbkdf2Sync(this.encryptionKey, initializationVector.toString(), 10000, 32, 'sha512');
		const cipher = crypto.createCipheriv(encryptionAlgorithm, password, initializationVector);
		data = Buffer.concat([initializationVector, Buffer.from(':'), cipher.update(Buffer.from(data)), cipher.final()]);
		}
		@@ -268,0 +278,0 @@

package.json

		{
		"name": "conf",
		"version": "4.1.0",
		"version": "5.0.0",
		"description": "Simple config handling for your app or module",
		@@ -52,3 +52,3 @@ "license": "MIT",
		"@types/node": "^12.0.4",
		"ava": "^1.4.1",
		"ava": "^2.0.0",
		"clear-module": "^3.2.0",
		@@ -55,0 +55,0 @@ "del": "^4.1.0",

readme.md

		@@ -132,5 +132,5 @@ # conf [![Build Status](https://travis-ci.org/sindresorhus/conf.svg?branch=master)](https://travis-ci.org/sindresorhus/conf)

		Note that this is not intended for security purposes, since the encryption key would be easily found inside a plain-text Node.js app.
		This can be used to secure sensitive data if the encryption key is stored in a secure manner (not plain-text) in the Node.js app. For example, by using [`node-keytar`](https://github.com/atom/node-keytar) to store the encryption key securely, or asking the encryption key from the user (a password) and then storing it in a variable.

		Its main use is for obscurity. If a user looks through the config directory and finds the config file, since it's just a JSON file, they may be tempted to modify it. By providing an encryption key, the file will be obfuscated, which should hopefully deter any users from doing so.
		In addition to security, this could be used for obscurity. If a user looks through the config directory and finds the config file, since it's just a JSON file, they may be tempted to modify it. By providing an encryption key, the file will be obfuscated, which should hopefully deter any users from doing so.

		@@ -137,0 +137,0 @@ It also has the added bonus of ensuring the config file's integrity. If the file is changed in any way, the decryption will not work, in which case the store will just reset back to its default state.

New alerts