secure-rm-cli
Advanced tools
Completely erases files by making recovery impossible. (CLI for secure-rm)
When you delete a file using the rm command or fs.unlink in node, it only remove direct pointers to the data disk sectors and make the data recovery possible with common software tools.
Permanent data erasure goes beyond basic file deletion commands, which:
This package is the command line interface version of secure-rm. To install it, run:
npm install secure-rm-cli -g
Looking for the npm module version? Visit secure-rm.
Secure-rm will retry 3 times if an error occur to ensure the task succeeded.
If you want to delete files on the fly with a pass of cryptographically strong pseudo-random data, run:
secure-rm ./your-folder/*.js
When you submit files, secure-rm asks you if you are sure:
And then you get a complete log of what happened:
secure-rm <PATHS> [OPTIONS]
PATHS:
D:\data /d/data ./data/file.js ../../data)./*.js ./**/* @(pattern|pat*|pat?erN))OPTIONS (flags):
-f, --force: avoid checks if you want to use it in a shell or bash file;-h, --help: show CLI help, see below;-m, --mute: mutes the cli to the bare minimum, just the end messages;-s, --standard: text ID of the standard, default is secure. See them detailed below;-r, --retries: max retries if an error occur;-t, --table : show the standards table. See them detailed below;-v, --version : show CLI version;--no-globbing : disable file globbing.Example:
secure-rm ./folder/*.js ./file.js -s gutmann -f
You can invoke the built-in help with secure-rm -h:
| ID | Name | Passes | Description |
|---|---|---|---|
| randomData | Pseudorandom data | 1 | Also kwown as "Australian Information Security Manual Standard ISM 6.2.92" and "New Zealand Information and Communications Technology Standard NZSIT 402" Your data is overwritten with cryptographically strong pseudo-random data. (The data is indistinguishable from random noise.) |
| randomByte | Pseudorandom byte | 1 | Overwriting with a random byte. |
| zeroes | Zeroes | 1 | Overwriting with zeroes. |
| ones | Ones | 1 | Overwriting with ones. |
| secure | Secure-rm standard | 3 | Pass 1: Overwriting with random data; Pass 2: Renaming the file with random data; Pass 3: Truncating between 25% and 75% of the file. |
| GOST_R50739-95 | Russian State Standard GOST R 50739-95 | 2 | Pass 1: Overwriting with zeroes; Pass 2: Overwriting with random data. |
| HMG_IS5 | British HMG Infosec Standard 5 | 3 | Also known as "Air Force System Security Instructions AFSSI-5020", "Standard of the American Department of Defense (DoD 5220.22 M)" "National Computer Security Center NCSC-TG-025 Standard" and "Navy Staff Office Publication NAVSO P-5239-26" Pass 1: Overwriting with zeroes; Pass 2: Overwriting with ones; Pass 3: Overwriting with random data as well as verifying the writing of this data. |
| AR380-19 | US Army AR380-19 | 3 | Pass 1: Overwriting with random data; Pass 2: Overwriting with a random byte; Pass 3: Overwriting with the complement of the 2nd pass, and verifying the writing. |
| VSITR | Standard of the Federal Office for Information Security (BSI-VSITR) | 7 | Also known as "Royal Canadian Mounted Police TSSIT OPS-II" Pass 1: Overwriting with zeroes; Pass 2: Overwriting with ones; Pass 3-6: Same as 1-2; Pass 7: Overwriting with a random data as well as review the writing of this character. |
| schneier | Bruce Schneier Algorithm | 7 | Pass 1: Overwriting with zeros; Pass 2: Overwriting with ones; Pass 3-7: Overwriting with random data. |
| pfitzner | Pfitzner Method | 33 | Pass 1-33: Overwriting with random data. |
| gutmann | Peter Gutmann Algorithm | 35 | Pass 1-4: Overwriting with random data; Pass 5: Overwriting with 0x55; Pass 6: Overwriting with 0xAA; Pass 7-9: Overwriting with 0x92 0x49 0x24, then cycling through the bytes; Pass 10-25: Overwriting with 0x00, incremented by 1 at each pass, until 0xFF; Pass 26-28: Same as 7-9; Pass 29-31: Overwriting with 0x6D 0xB6 0xDB, then cycling through the bytes; Pass 32-35: Overwriting with random data. |
Note: Node ensures that the file is correctly written, checking the writing in these algorithms is unnecessary. (Report this if I'm wrong)
Should works on OS X, Linux (almost, see below), and Windows. (See build status)
secure-rm will only work on file systems that overwrite blocks in place.
List of known file systems that will not work:
Don't worry, you've just submited too much file for Node. The tool will retry 3 times to ensure the task succeeded. While you don't get an error, the tool can handle this issue.
If you really need to delete millions of file in one time, split the task (e.g. ./your_folder/a* then ./your_folder/b* ...).
Be sure to use secure-rm ".\path\file" with doublequotes since back-slashes will always be interpreted as escape characters, not path separators.
Another solution is to double the back-slashes like: secure-rm .\\path\\file
Or if you can, use forward slashes!
See the changelog or releases.
This project is under MIT License.
FAQs
Completely erases files by making recovery impossible. (CLI for secure-rm)
We found that secure-rm-cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.
Security News
The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.