secure-env-ts
Advanced tools
secure-env-ts - npm Package Compare versions
Comparing version 1.2.4 to 1.2.5
@@ -35,2 +35,8 @@ #! /usr/bin/env node | ||
| const log_1 = __importStar(require("./utils/log")); | ||
| const fs_1 = __importDefault(require("fs")); | ||
| const child_process_1 = require("child_process"); | ||
| const diff = __importStar(require("diff")); | ||
| const colors_1 = __importDefault(require("colors")); | ||
| const inquirer_1 = __importDefault(require("inquirer")); | ||
| const command_exists_1 = require("command-exists"); | ||
| const argv = (0, minimist_1.default)(process.argv.slice(2)); | ||
@@ -42,5 +48,80 @@ const outputFile = argv.out || argv.o; | ||
| // should decrypt or encrypt ? | ||
| if (argv.decrypt || argv.d) | ||
| if (argv.decrypt || argv.d) { | ||
| (0, log_1.default)((0, cryptography_1.decrypt)({ secret, inputFile, outputFile, decryptionAlgo: encryptionAlgo }), log_1.logTypes.INFO); | ||
| else | ||
| } | ||
| else if (argv.edit || argv.e) { | ||
| const decrypted = (0, cryptography_1.decrypt)({ secret, inputFile, outputFile, decryptionAlgo: encryptionAlgo }); | ||
| if (!decrypted) { | ||
| process.exit(1); | ||
| } | ||
| const file = '.env.temp'; | ||
| const path = `./${file}`; | ||
| fs_1.default.writeFileSync(path, decrypted); | ||
| console.log(colors_1.default.bold.white('Opening your text editor...')); | ||
| const code = (0, command_exists_1.sync)('code') ? 'code' : null; | ||
| const nano = (0, command_exists_1.sync)('nano') ? 'nano' : null; | ||
| const vim = (0, command_exists_1.sync)('vim') ? 'vim' : null; | ||
| const usersEditor = process.env.EDITOR || nano || code || vim || 'vi'; | ||
| const childProcess = (0, child_process_1.spawn)(usersEditor, [file], { | ||
| stdio: 'inherit', | ||
| detached: true | ||
| }); | ||
| childProcess.on('data', () => process.exit()); | ||
| const abort = () => { | ||
| fs_1.default.unlinkSync(path); | ||
| console.log('\n'); | ||
| console.log(colors_1.default.bold.white(`Aborted no changes made.`)); | ||
| console.log('\n'); | ||
| process.exit(0); | ||
| }; | ||
| let saved = false; | ||
| fs_1.default.watch(path, (evenType) => { | ||
| console.log(evenType); | ||
| if (evenType === "change") { | ||
| if (saved) { | ||
| return; | ||
| } | ||
| saved = true; | ||
| const newEnvVars = fs_1.default.readFileSync(path); | ||
| const envVarsDiff = diff.diffLines(decrypted, newEnvVars.toString()); | ||
| const removed = (envVarsDiff.filter(line => line.removed))?.map((line) => line.value); | ||
| const added = (envVarsDiff.filter(line => line.added))?.map((line) => line.value); | ||
| if (!removed.length && !added.length) { | ||
| abort(); | ||
| } | ||
| console.log(colors_1.default.bold.white('Your changes:')); | ||
| console.log('\n'); | ||
| console.log(colors_1.default.bold.underline.red('Removed:')); | ||
| console.log('\n'); | ||
| console.log(colors_1.default.red(removed.join('\n'))); | ||
| console.log('\n'); | ||
| console.log(colors_1.default.bold.underline.green('Added:')); | ||
| console.log('\n'); | ||
| console.log(colors_1.default.green(added.join('\n'))); | ||
| console.log('\n'); | ||
| inquirer_1.default.prompt([{ | ||
| name: 'continue', | ||
| type: 'string', | ||
| message: 'Encrypt? Yes/ No', | ||
| }]).then((answers) => { | ||
| if (['yes', 'y'].includes(answers.continue.toLowerCase())) { | ||
| (0, cryptography_1.encrypt)({ secret, inputFile: file, outputFile: inputFile, encryptionAlgo, isEdit: true })?.then(() => { | ||
| fs_1.default.unlinkSync(path); | ||
| console.log('\n'); | ||
| console.log(colors_1.default.bold.white(`All done!`)); | ||
| console.log(colors_1.default.bold.white(`The Environment file "${inputFile}" has been edited.`)); | ||
| console.log(colors_1.default.bold.white(`Don't forget to push and commit "${inputFile}"".`)); | ||
| console.log('\n'); | ||
| process.exit(0); | ||
| }); | ||
| } | ||
| else { | ||
| abort(); | ||
| } | ||
| }); | ||
| } | ||
| }); | ||
| } | ||
| else { | ||
| (0, cryptography_1.encrypt)({ secret, inputFile, outputFile, encryptionAlgo }); | ||
| } |
@@ -57,4 +57,5 @@ /// <reference types="node" /> | ||
| ivLength?: number; | ||
| isEdit?: boolean; | ||
| } | ||
| export declare const decrypt: (options: IDecryptOptions) => (Buffer & string) | undefined; | ||
| export declare const encrypt: (options: IEncryptOptions) => void; | ||
| export declare const encrypt: (options: IEncryptOptions) => Promise<void> | undefined; |
@@ -64,2 +64,3 @@ "use strict"; | ||
| const ivLength = options.ivLength || 16; | ||
| const isEdit = options.isEdit; | ||
| // presumably createCipheriv() should work for all the algo in ./openssl_list-cipher-algorithms.csv with the right key/iv length | ||
@@ -70,11 +71,16 @@ if (!fs_1.default.existsSync(inputFile)) | ||
| throw new Error('No SecretKey provided.Use -s option to specify secret'); | ||
| const key = crypto_1.default.createHash('sha256').update(String(secret)).digest(); // /// TODO: node v10.5.0+ should use crypto.scrypt(secret, salt, keylen[, options], callback) | ||
| const iv = crypto_1.default.randomBytes(ivLength); | ||
| const cipher = crypto_1.default.createCipheriv(encryptionAlgo, key, iv); | ||
| const output = fs_1.default.createWriteStream(outputFilePath); | ||
| output.write(iv); | ||
| fs_1.default.createReadStream(inputFile).pipe(cipher).pipe(output); | ||
| output.on('finish', () => { | ||
| (0, log_1.default)(`The Environment file "${inputFile}" has been encrypted to "${outputFilePath}".`, log_1.logTypes.INFO); | ||
| (0, log_1.default)(`Make sure to delete "${inputFile}" for production use.`, log_1.logTypes.WARN); | ||
| return new Promise(resolve => { | ||
| const key = crypto_1.default.createHash('sha256').update(String(secret)).digest(); // /// TODO: node v10.5.0+ should use crypto.scrypt(secret, salt, keylen[, options], callback) | ||
| const iv = crypto_1.default.randomBytes(ivLength); | ||
| const cipher = crypto_1.default.createCipheriv(encryptionAlgo, key, iv); | ||
| const output = fs_1.default.createWriteStream(outputFilePath); | ||
| output.write(iv); | ||
| fs_1.default.createReadStream(inputFile).pipe(cipher).pipe(output); | ||
| output.on('finish', () => { | ||
| if (!isEdit) { | ||
| (0, log_1.default)(`The Environment file "${inputFile}" has been encrypted to "${outputFilePath}".`, log_1.logTypes.INFO); | ||
| (0, log_1.default)(`Make sure to delete "${inputFile}" for production use.`, log_1.logTypes.WARN); | ||
| } | ||
| resolve(); | ||
| }); | ||
| }); | ||
@@ -81,0 +87,0 @@ } |
| { | ||
| "name": "secure-env-ts", | ||
| "version": "1.2.4", | ||
| "version": "1.2.5", | ||
| "description": "Use ENVs securely with encryption", | ||
@@ -40,2 +40,5 @@ "license": "MIT", | ||
| "devDependencies": { | ||
| "@types/command-exists": "^1.2.0", | ||
| "@types/diff": "^5.0.1", | ||
| "@types/inquirer": "^8.1.3", | ||
| "@types/minimist": "^1.2.2", | ||
@@ -47,4 +50,8 @@ "@types/node": "^16.10.2", | ||
| "dependencies": { | ||
| "colors": "^1.4.0", | ||
| "command-exists": "^1.2.9", | ||
| "diff": "^5.0.0", | ||
| "inquirer": "^8.2.0", | ||
| "minimist": "^1.2.0" | ||
| } | ||
| } |
New alerts
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by17.85%
30070
- Number of package files
- increased by6.67%
16
- Lines of code
- increased by26.75%
417
Worsened metrics
- Dependency count
- increased by400%
5
- Dev dependency count
- increased by75%
7
- Number of low supply chain risk alerts
- increased by200%
3
- Number of medium supply chain risk alerts
- increased byInfinity%
1
Dependency changes
+ Addedcolors@^1.4.0
+ Addedcommand-exists@^1.2.9
+ Addeddiff@^5.0.0
+ Addedinquirer@^8.2.0
+ Addedansi-escapes@4.3.2(transitive)
+ Addedansi-regex@5.0.1(transitive)
+ Addedansi-styles@4.3.0(transitive)
+ Addedbase64-js@1.5.1(transitive)
+ Addedbl@4.1.0(transitive)
+ Addedbuffer@5.7.1(transitive)
+ Addedchalk@4.1.2(transitive)
+ Addedchardet@0.7.0(transitive)
+ Addedcli-cursor@3.1.0(transitive)
+ Addedcli-spinners@2.9.2(transitive)
+ Addedcli-width@3.0.0(transitive)
+ Addedclone@1.0.4(transitive)
+ Addedcolor-convert@2.0.1(transitive)
+ Addedcolor-name@1.1.4(transitive)
+ Addedcolors@1.4.0(transitive)
+ Addedcommand-exists@1.2.9(transitive)
+ Addeddefaults@1.0.4(transitive)
+ Addeddiff@5.2.0(transitive)
+ Addedemoji-regex@8.0.0(transitive)
+ Addedescape-string-regexp@1.0.5(transitive)
+ Addedexternal-editor@3.1.0(transitive)
+ Addedfigures@3.2.0(transitive)
+ Addedhas-flag@4.0.0(transitive)
+ Addediconv-lite@0.4.24(transitive)
+ Addedieee754@1.2.1(transitive)
+ Addedinherits@2.0.4(transitive)
+ Addedinquirer@8.2.6(transitive)
+ Addedis-fullwidth-code-point@3.0.0(transitive)
+ Addedis-interactive@1.0.0(transitive)
+ Addedis-unicode-supported@0.1.0(transitive)
+ Addedlodash@4.17.21(transitive)
+ Addedlog-symbols@4.1.0(transitive)
+ Addedmimic-fn@2.1.0(transitive)
+ Addedmute-stream@0.0.8(transitive)
+ Addedonetime@5.1.2(transitive)
+ Addedora@5.4.1(transitive)
+ Addedos-tmpdir@1.0.2(transitive)
+ Addedreadable-stream@3.6.2(transitive)
+ Addedrestore-cursor@3.1.0(transitive)
+ Addedrun-async@2.4.1(transitive)
+ Addedrxjs@7.8.1(transitive)
+ Addedsafe-buffer@5.2.1(transitive)
+ Addedsafer-buffer@2.1.2(transitive)
+ Addedsignal-exit@3.0.7(transitive)
+ Addedstring-width@4.2.3(transitive)
+ Addedstring_decoder@1.3.0(transitive)
+ Addedstrip-ansi@6.0.1(transitive)
+ Addedsupports-color@7.2.0(transitive)
+ Addedthrough@2.3.8(transitive)
+ Addedtmp@0.0.33(transitive)
+ Addedtslib@2.8.1(transitive)
+ Addedtype-fest@0.21.3(transitive)
+ Addedutil-deprecate@1.0.2(transitive)
+ Addedwcwidth@1.0.1(transitive)
+ Addedwrap-ansi@6.2.0(transitive)