Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
typeorm-encrypted
Advanced tools
Readme
Encrypted field for typeorm.
npm install --save typeorm-encrypted
This library can invoked in 2 ways: transformers or subscribers. In both of the examples below, the Key
and IV
vary based on the algorithm. See the node docs for more info.
The following example has the field automatically encrypted/decrypted on save/fetch respectively.
import { Entity, Column } from "typeorm";
import { EncryptionTransformer } from "typeorm-encrypted";
@Entity()
class User {
...
@Column({
type: "varchar",
nullable: false,
transformer: new EncryptionTransformer({
key: 'e41c966f21f9e1577802463f8924e6a3fe3e9751f201304213b2f845d8841d61',
algorithm: 'aes-256-cbc',
ivLength: 16,
iv: 'ff5ac19190424b1d88f9419ef949ae56'
})
})
secret: string;
...
}
For JSON fields you can use JSONEncryptionTransformer
.
import { Entity, Column } from "typeorm";
import { EncryptionTransformer } from "typeorm-encrypted";
@Entity()
class User {
...
@Column({
type: "json",
nullable: false,
transformer: new JSONEncryptionTransformer({
key: 'e41c966f21f9e1577802463f8924e6a3fe3e9751f201304213b2f845d8841d61',
algorithm: 'aes-256-cbc',
ivLength: 16,
iv: 'ff5ac19190424b1d88f9419ef949ae56'
})
})
secret: object;
...
}
More information about transformers is available in the typeorm docs.
The following example has the field automatically encrypted/decrypted on save/fetch respectively.
import { BaseEntity, Entity, Column, createConnection } from "typeorm";
import { ExtendedColumnOptions, AutoEncryptSubscriber } from "typeorm-encrypted";
@Entity()
class User extends BaseEntity {
...
@Column(<ExtendedColumnOptions>{
type: "varchar",
nullable: false,
encrypt: {
key: "d85117047fd06d3afa79b6e44ee3a52eb426fc24c3a2e3667732e8da0342b4da",
algorithm: "aes-256-cbc",
ivLength: 16
}
})
secret: string;
...
}
let connection = createConnection({
...
entities: [ User, ... ],
subscribers: [ AutoEncryptSubscriber, ... ]
...
});
Entities and subscribers can be configured via ormconfig.json
and environment variables as well. See the typeorm docs for more details.
The following example is how you can create a config stored in a separate and use it
encryption-config.ts
// it is recommended to not store encryption keys directly in config files,
// it's better to use an environment variable or to use dotenv in order to load the value
export const MyEncryptionTransformerConfig = {
key: process.env.ENCRYPTION_KEY,
algorithm: 'aes-256-cbc',
ivLength: 16
};
user.entity.ts
import { Entity, Column } from "typeorm";
import { EncryptionTransformer } from "typeorm-encrypted";
import { MyEncryptionTransformerConfig } from './encryption-config.ts'; // path to where you stored your config file
@Entity()
class User {
// ...
@Column({
type: "varchar",
nullable: false,
transformer: new EncryptionTransformer(MyEncryptionTransformerConfig)
})
secret: string;
// ...
}
It's possible to customize the config if you need to use a different ivLength or customize other fields, a brief example below
user.entity.ts
class User {
// same as before, but for the transformer line
@Column({
type: "varchar",
nullable: false,
transformer: new EncryptionTransformer({...MyEncryptionTransformerConfig, ivLength: 24})
})
secret: string;
// ...
}
Queries that transform the encrypted column wont work because transformers and subscribers operate outside of the DBMS.
The most likely reasons you're receiving this error:
typeorm cache:clear
. For other, more specific, solutions, see the typeorm documentation.Follow these steps to add an encrypted column.
No. This library encrypts specific fields in a database.
Popular databases like MySQL and PostgreSQL are capable of data-at-rest and in-flight encryption. Refer to your database manual to figure out how to encrypt the entirety of the database.
FAQs
encrypted typeorm fields
The npm package typeorm-encrypted receives a total of 6,720 weekly downloads. As such, typeorm-encrypted popularity was classified as popular.
We found that typeorm-encrypted demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.