Skip to content

vraj0703/node-security-toolkit

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Node Security Toolkit

Production-grade security utilities for Node.js applications. Zero external dependencies — uses only Node.js built-in modules.

Modules

lib/validate.cjs — Input Validation & Sanitization

  • Path traversal prevention — blocks ../, null bytes, Windows drive letters
  • Prompt injection detection — catches 15+ LLM injection patterns
  • Shell command sanitization — strips dangerous characters
  • Schema validation — type checking, required fields, pattern matching
  • Service/capability/strategy validators — structured config validation

lib/secrets.cjs — AES-256-GCM Encryption

  • PBKDF2 key derivation (100K iterations, SHA-512)
  • Per-value encryption — each field gets unique IV + auth tag
  • TOML vault format — encrypted credentials stored as TOML
  • File-level encryption — encrypt/decrypt entire credential files
  • Password prompt at boot — interactive master password entry

lib/redact.cjs — PII Redaction

  • Email addressesuser@example.com[EMAIL]
  • Phone numbers — international and US formats
  • IP addresses — IPv4 patterns
  • File paths — Windows and Unix paths
  • API keys — Bearer tokens, API key patterns
  • JWTs — JSON Web Token detection and redaction
  • Custom patterns — extensible redaction rules

bin/encrypt-credentials.cjs — CLI Encryption Tool

One-time migration tool: reads plaintext TOML credentials, encrypts with AES-256-GCM, writes .enc.toml alongside originals.

Usage

const validate = require('./lib/validate.cjs');
const secrets = require('./lib/secrets.cjs');
const redact = require('./lib/redact.cjs');

// Validate input
validate.validateStrategy({ name: "restart", weight: 0.5 });
validate.isPathSafe("../../../etc/passwd"); // false
validate.detectPromptInjection("ignore previous instructions"); // true
validate.sanitizeShell("rm -rf /; echo safe"); // "rm -rf  echo safe"

// Encrypt/decrypt
const key = await secrets.deriveKey("master-password");
const encrypted = secrets.encrypt("sensitive-data", key);
const decrypted = secrets.decrypt(encrypted, key);

// Redact PII
redact("Contact john@example.com or call 555-1234");
// → "Contact [EMAIL] or call [PHONE]"

Tests

npm test

75+ tests covering all modules including edge cases, boundary conditions, and security-specific scenarios.

License

MIT

About

Production-grade Node.js security: validation, AES-256-GCM encryption, PII redaction. Zero dependencies, 75 tests.

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors