hashon

# Changelog All notable changes to this project will be documented in this file. --- ## [2.2.8] - 2025-08-23 ### Fixed 🔓 decrypt() now safely handles invalid or non-JSON input without crashing, preventing runtime errors when .sec.json files are corrupted or manually edited. ## [2.2.7] - 2025-08-05 ### Fixed * 🔐 Improved error handling in `autoEncryptIfChanged` and encryption logic to prevent issues with missing or unencrypted files. * ⚙️ Updated synchronization of encrypted `.sec.json` files to ensure data changes are always properly encrypted and saved. * 🛠️ Stability and logging enhancements in the hashon module for better debugging. --- ## [2.2.6] - 2025-07-15 ### Fixed - 🐞 Fixed an issue introduced in version 2.2.5 where the `README.md` contained an error. - 📄 Provided a **complete and corrected version** of the `README.md` with all improvements applied. - ⚠️ This fix addresses documentation only; no code or functionality changes. --- ## [2.2.5] - 2025-07-15 ### Fixed - ✅ Finally fixed the issue where the license badge was not displaying correctly on the npm website. - 🛠 Added the LICENSE file directly to the project root and ensured the `license` field is correctly set to `"MIT"` in `package.json`. - 🔁 Updated `.npmignore` to not exclude the LICENSE file. - 📄 Ensured `README.md` contains the correct badge link with `?cacheBust=1` to force update. - ⚠️ No code changes – only documentation, metadata, and publishing structure affected. --- ## [2.2.4] - 2025-07-15 ### Fixed * 🛠 Fixed an issue where the license was still not properly recognized despite previous fixes. * 📄 Updated README and package metadata to ensure the LICENSE file is correctly referenced and included in npm and GitHub. * 🧹 Cleaned up metadata and improved packaging consistency to avoid license detection problems. * ⚠️ This update does not affect functionality, only project metadata and documentation. --- ## [2.2.3] - 2025-07-15 ### Fixed * 🛠 Fixed license recognition issue not resolved properly in version 2.2.2. * Ensured license is correctly linked and detected by npm and GitHub. * 🧹 Minor metadata cleanup with no impact on functionality. --- ## [2.2.2] - 2025-07-15 ### Fixed * 🛠 Fixed license recognition issue not resolved properly in version 2.2.1. * Added `"license": "MIT"` field to `package.json` so npm correctly detects the license. * 🧹 Metadata improvement with no impact on functionality. --- ## [2.2.1] - 2025-07-15 ### Fixed * 🛠 Attempted to add `"license": "MIT"` field to `package.json` to ensure license recognition by npm (not fully effective). --- ## [2.2.0] - 2025-07-15 ### Added * 🛠 Added a `postinstall` script that runs automatically after `npm install`. * ⚠️ The `postinstall` script generates and suggests a secure random `HASHON_SECRET` key if none is found. * 📢 Displays a clear message prompting users to add `HASHON_SECRET` to their `.env` file for encryption support. * 🔐 Improves developer experience by ensuring users are aware of necessary environment configuration. ### Changed * Updated `package.json` to run both `version-status` and `postinstall.js` on install. ### Notes * This is a backward-compatible, non-breaking enhancement. * Helps prevent errors related to missing encryption secrets during runtime. --- ## [2.1.0] - 2025-07-15 ### Added * 🔐 Introduced support for encryption keys via `.env` file: * The Node/web version now uses `process.env.SECRET_KEY` as the default encryption key. * If no environment variable is found, a fallback key (`fallback-secret-key`) is used. * 🧪 The CLI version will soon prompt users to create and confirm a password interactively. ### Changed * Internal `encrypt()`, `decrypt()`, and `hash()` functions now depend on `SECRET_KEY` instead of a hardcoded value. * Enhanced security and better support for user-defined keys in both web and CLI contexts. ### Notes * This is a **backward-compatible** release — previously encrypted `.sec.json` files will continue to work as long as the same key is used. * Projects that don't use a `.env` file are unaffected (thanks to fallback behavior). --- ## [2.0.5] - 2025-07-14 ### Added - 📦 Placeholder for upcoming improvements and fixes in the next patch release. --- ## [2.0.4] - 2025-07-14 ### Fixed - 🐛 Fixed ESM import issues causing `versionStatus.js` to crash on Node.js v22+. - Improved async handling and dynamic import usage in version status script. ### Changed - Updated dependencies to support modern Node.js versions. - Enhanced error reporting in CLI commands. --- ## [2.0.3] - 2025-07-14 ### Added - 🆕 Introduced dynamic version status check on `npm install` to warn users if they are not running the latest release. - Added color-coded terminal output for version status (Latest, Supported, Outdated, Deprecated). ### Fixed - Minor bugfixes to version comparison logic and package metadata. --- ## [2.0.2] - 2025-07-14 ### Added - 🟢 Added automated version status detection on `npm install` via `postinstall` script. - New `versionStatus.js` checks the installed version against the latest published version on npm. ### Improved - Version warnings (🟩 Latest, 🟨 Supported, 🟪 Outdated, 🟥 Deprecated) now appear automatically when older versions are installed. - Colors and messages now match semver-based upgrade expectations. - No hardcoded versions are used — everything is dynamic. > ✅ Great for debugging, transparency, and maintaining project hygiene! --- ## [2.0.1] - 2025-07-14 ### Fixed - 🫣 Fixed a Markdown formatting error in `CHANGELOG.md` that caused the entire `2.0.0` section to render as a single code block on npm. - No code changes, no new features — just a formatting hotfix. > 💬 Yes, this deserves a patch. Let's never forget the power of a misplaced triple backtick. --- ## [2.0.0] - 2025-07-14 ### ⚠️ Breaking Change - 🚨 The API for encryption/decryption has changed from synchronous file operations to asynchronous (`async/await`). - Functions like `encrypt`, `decrypt`, `syncEncryptedData`, and other file-related operations are now asynchronous. - This requires users to update their code to handle promises. - The change improves performance and avoids blocking the event loop during file and cryptographic operations. ### Changed - Updated all file-related APIs to use async versions with `fs.promises`. - Enhanced error handling and cleaner, more modern codebase. - Cryptographic and hashing functions remain backward compatible. ### 📦 GitHub & Docs - Added project URL to `package.json` and footer in README. - Updated [README.md](https://github.com/FelixLind1/hashon#readme) with full examples for async usage and .env support. - Prepared project for open-source contributions. --- ## [1.1.0] - 2025-07-14 ### Changed - 🔁 Moved the SHA-512 hashing change from version `1.0.22` into this proper **minor release**. - The `secure()` and `hash()` functions now officially generate 512-bit hashes using `SHA-512`, sliced to 12 characters (format unchanged). - This improves cryptographic strength and future-proofs the library. ### ⚠️ Breaking Change - Hashes created before `1.0.22` using SHA-256 **will not match** the new ones. - If your project relies on matching hashes (e.g., fingerprinting, integrity checks), you **must rehash** existing data. - AES-encrypted `.sec.json` files are **not affected**. ### 🧻 Why the bump? The SHA-512 change originally landed in `1.0.22`, but it should have been a minor version bump according to semver. This release corrects that oversight to avoid silent breaking changes. Thank you for your patience! 💚 --- ## [1.0.22] - 2025-07-14 ### Changed - 🔐 Switched internal hashing algorithm from `SHA-256` to `SHA-512` for increased cryptographic strength. - The `secure()` and `hash()` functions now generate 512-bit hashes sliced to the first 12 hex characters. ### Why this matters `SHA-512` provides significantly better resistance to brute-force and collision attacks. > ✅ Note: Existing SHA-256 hashes remain valid but will not match new SHA-512 hashes. Consider rehashing if consistency is critical. --- ## [1.0.21] - 2025-07-14 ### Added - 🆕 Added `autoEncryptIfChanged(inputPath)` — a utility function that automatically detects `.json` files and keeps `.sec.json` encrypted copies in sync. - Facilitates plug-and-play integration in Express servers by simply calling `autoEncryptIfChanged(...)`. ### Changed - Improved logging and simplified setup. --- ## [1.0.20] - 2025-07-13 ### Added - Finalized CLI integration and ensured `hashon -v` works correctly when installed globally or via `npx`. - Improved `bin` entry in `package.json` for proper executable behavior. - Verified and tested public publishing flow. ### Changed - Deprecated versions 1.0.18 and 1.0.19 due to metadata/publishing issues. - Cleaned up release process for more reliable publishing. --- ## [1.0.19] - 2025-07-13 ### Deprecated - Marked as deprecated due to accidental publish and inconsistent CLI behavior. - Superseded by version 1.0.20. --- ## [1.0.18] - 2025-07-13 ### Deprecated - Marked deprecated due to metadata and publishing conflicts. - Superseded by version 1.0.20. --- ## [1.0.17] - 2025-07-13 ### Fixed - Removed accidental dependency from `package.json`. - Cleaned up `package-lock.json` and ensured no unintended packages are installed. - Updated internal documentation for dependency accuracy. --- ## [1.0.16] - 2025-07-13 ### Changed - Added MIT license file and updated package metadata accordingly. - Improved documentation around licensing and project setup. - Minor cleanup in project files and `package.json`. --- ## [1.0.15] - 2025-07-12 ### Changed - Added clear explanation in README about the difference between `data.json` (unencrypted) and `data.sec.json` (encrypted). - Minor text improvements and formatting fixes in documentation. - Updated examples for better clarity. --- ## [1.0.14] - 2025-07-12 ### Changed - Clarified in README that hashing supports *any* string or data, not only passwords. - Improved wording and examples for better clarity. - Minor code cleanup and refactoring for maintainability. --- ## [1.0.13] - 2025-07-12 ### Changed - Published version 1.0.13 with internal fixes and improvements. - Updated package metadata and publishing scripts. --- ## [1.0.12] - 2025-07-12 ### Changed - Improved deprecate script to check existing deprecation messages before applying new ones. - Avoided unnecessary re-deprecation of already deprecated versions. --- ## [1.0.11] - 2025-07-12 ### Changed - Fixed outdated deprecation messages pointing to version 1.0.7. - Ensured all versions up to 1.0.10 are deprecated with a correct reference to 1.0.11 as the latest stable version. - Cleaned up deprecation logic and added dynamic version resolution. --- ## [1.0.10] - 2025-07-12 ### Changed - Fully translated internal code and console messages to English for consistency. - Updated encryption logic and error handling for better robustness. - Cleaned and refactored code for maintainability. - Updated README.md to reflect latest changes and improve clarity. - Improved version deprecation script to dynamically handle latest stable version. --- ## [1.0.9] - 2025-07-12 ### Changed - Translated entire codebase and console output from Swedish to English. - Updated README.md to reflect new English usage, examples, and security instructions. - Internal code cleanup and consistency improvements for better maintainability. - Prepared for international usage and future contributions. --- ## [1.0.8] - 2025-07-12 ### Changed - Updated README with detailed environment variable instructions and clearer usage examples. - Deprecated versions 1.0.0 through 1.0.7 with warnings to upgrade. - Added encryption key support via `.env` file. - Improved API endpoints to serve encrypted and decrypted JSON data. - Updated deprecate script to dynamically reflect latest stable version. --- ## [1.0.7] - 2025-07-12 ### Added - First stable release with encryption, decryption, and syncing capabilities. - Basic Express server integration example. - Support for `.env` secret key configuration. --- ## Previous versions (1.0.0–1.0.6) - Early development versions with experimental functionality, internal testing, and minor fixes.