Version 2.17.0 of commander was just published.

This version is covered by your current version range and after updating it in your project the build failed.

commander is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Your Greenkeeper Bot 🌴

☝️ Greenkeeper’s updated Terms of Service will come into effect on April 6th, 2018.

Version 8.4.0 of rollup-plugin-commonjs was just published.

This version is covered by your current version range and after updating it in your project the build failed.

rollup-plugin-commonjs is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

The devDependency husky was updated from 1.1.3 to 1.1.4.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

husky is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

Hi, thanks for your great work, it works very well in most cases in my project.
But I noticed it cannot work for some file, I got a error 'crptedhls.js:361
RangeError: Source is too large'
Could you please take a look? Thanks again!
You can get the original encrypted ts file,

The key and IV is below:
var iv = new Uint32Array([
0, 0, 0, 0
]);

var key = new Uint32Array([2894323006, 674122501, 375558812, 1943787975]);

132.ori.ts.zip

Version 6.0.2 of videojs-standard was just published.

This version is covered by your current version range and after updating it in your project the build failed.

videojs-standard is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

I am unsure what the main use is for this. I intend to have large video files on a local SD card, and those are in turn the video sources for the videojs player (making a cordova android app). If the video files on the SD card were already encrypted, I don't have to worry to much about theft of the content.

Would this be able to decrypt and be used as a source in videojs? The app is completely local, and would not be using an internet connection to possibly use HLS

The devDependency conventional-changelog-cli was updated from 2.0.5 to 2.0.7.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

conventional-changelog-cli is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

webcrypto now supports AES-CBC and PKCS7, so, we can do the decryption natively. We should fall back to current behavior when this is not available.
See https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto and https://www.w3.org/TR/WebCryptoAPI/#examples-symmetric-encryption

Reducing the attack vector to the minimum is a worthwhile effort. How a question may be asked as to why we would like to increase the dependency for a seemingly marginal benefit. Security exploits in the wild have been proved to take an innocuous vector to wreak havoc.

Protecting memory buffers to enforce security policies on which buffers are written and read by processes.

The secure buffers are where you saved your security keys on the drive. An attacker may force core dump and access memory.

Fortunately, libsodium has a mechanism to protect memory. By using its sodium.sodium_mprotect_noaccess(buffer) api to make a buffer inaccessible as subsequent access to the memory are now denied. However, you can use sodium.sodium_mprotect_readwrite(buf) to make it accessible again.

const sodium = require('sodium-native');
var securePrivateKey = sodium.sodium_malloc(keystore.privateKey.length);
sodium.sodium_mprotect_noaccess(securePrivateKey);
sodium.sodium_mprotect_readwrite(securePrivateKey);
return securePrivateKey;

The demo examples is a concept that I have in mind

var Decrypter = require('aes-decrypter').Decrypter;
var fs = require('fs');
var keyContent = fs.readFileSync('something.key');
var encryptedBytes = fs.readFileSync('somithing.txt');

// keyContent is a string of the aes-keys content
var keyContent = fs.readFileSync(keyFile);


var securePrivateKey = sodium.sodium_malloc(keyContent.buffer.length);
securePrivateKey.copykeyContent.buffer()
sodium.sodium_mprotect_noaccess(securePrivateKey);
sodium.sodium_mprotect_readwrite(securePrivateKey);


var view = new DataView(securePrivateKey);
var key.bytes = new Uint32Array([
  view.getUint32(0),
  view.getUint32(4),
  view.getUint32(8),

https://github.com/jedisct1/libsodium/blob/4f5e89fa84ce1d178a6765b8b46f2b6f91216677/src/libsodium/include/sodium/utils.h#L153

https://github.com/jedisct1/libsodium/blob/4f5e89fa84ce1d178a6765b8b46f2b6f91216677/src/libsodium/sodium/utils.c#L671-L700

I am open to having conversation and see if it is something that will be useful for your project. I am also open to make contributions in form of source codes.

Inspired by https://github.com/sodium-friends/learntocrypto/blob/master/problems/15.md

Version 10 of Node.js (code name Dubnium) has been released! 🎊

To see what happens to your code in Node.js 10, Greenkeeper has created a branch with the following changes:

• Added the new Node.js version to your .travis.yml

If you’re interested in upgrading this repo to Node.js 10, you can open a PR with these changes. Please note that this issue is just intended as a friendly reminder and the PR as a possible starting point for getting your code running on Node.js 10.

Your Greenkeeper Bot 🌴

I need to aes decrypter to my file which is a webpage made using ReactJS. Please help.

Version 3.4.0 of rollup-plugin-node-resolve was just published.

This version is covered by your current version range and after updating it in your project the build failed.

rollup-plugin-node-resolve is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

Version 5.5.1 of semver was just published.

This version is covered by your current version range and after updating it in your project the build failed.

semver is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

Please ignore this issue!

The devDependency doctoc was updated from 1.3.1 to 1.4.0.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

doctoc is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

Version 3.4.0 of uglify-js was just published.

This version is covered by your current version range and after updating it in your project the build failed.

uglify-js is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

The devDependency karma was updated from 3.1.1 to 3.1.2.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

karma is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

Version 3.5.2 of bluebird was just published.

This version is covered by your current version range and after updating it in your project the build failed.

bluebird is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

The devDependency npm-run-all was updated from 4.1.3 to 4.1.4.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

npm-run-all is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴