nix/infisical-node-sdk
1
0
Fork 0
Code Issues Pull Requests Activity

(init): Adjust everything wrong with this dumb fucking package. EAT MY ASS INFISICAL.

Browse Source
This commit is contained in:
Nix "UwU" Krystik
2026-03-12 02:05:00 +08:00
parent 1764a4cbfa
commit dda882ff66
11 changed files with 92 additions and 2216 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitattributes vendored
View File

@@ -1,2 +1 @@
# Auto detect text files and perform LF normalization
* text=auto
* text=auto eol=lf

51
.github/workflows/release.yml vendored
View File

@@ -1,51 +0,0 @@
---
name: Release Node.js SDK
run-name: Release Node.js SDK
on:
push:
tags:
- "*.*.*" # version, e.g. 1.0.0
jobs:
npm:
name: Publish NPM
runs-on: ubuntu-22.04
steps:
- name: Checkout repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup Node
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
with:
node-version: 20
cache: "npm"
cache-dependency-path: package-lock.json
- name: Install dependencies
run: npm install
- name: Set NPM version
run: npm version ${{ github.ref_name }} --allow-same-version --no-git-tag-version
- name: Build SDK
run: npm run build
- name: Setup NPM
run: |
echo 'registry="https://registry.npmjs.org/"' > ./.npmrc
echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ./.npmrc
echo 'registry="https://registry.npmjs.org/"' > ~/.npmrc
echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc
env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Pack NPM
run: npm pack
- name: Publish NPM
run: npm publish --tarball=./infisical-sdk-${{github.ref_name}} --access public --registry=https://registry.npmjs.org/
env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

139
.gitignore vendored
View File

@@ -1,136 +1,3 @@
# Logs
logs
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*
lerna-debug.log*
.pnpm-debug.log*
# Diagnostic reports (https://nodejs.org/api/report.html)
report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
# Runtime data
pids
*.pid
*.seed
*.pid.lock
# Directory for instrumented libs generated by jscoverage/JSCover
lib-cov
# Coverage directory used by tools like istanbul
coverage
*.lcov
# nyc test coverage
.nyc_output
# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
.grunt
# Bower dependency directory (https://bower.io/)
bower_components
# node-waf configuration
.lock-wscript
# Compiled binary addons (https://nodejs.org/api/addons.html)
build/Release
# Dependency directories
node_modules/
jspm_packages/
# Snowpack dependency directory (https://snowpack.dev/)
web_modules/
# TypeScript cache
*.tsbuildinfo
# Optional npm cache directory
.npm
# Optional eslint cache
.eslintcache
# Optional stylelint cache
.stylelintcache
# Microbundle cache
.rpt2_cache/
.rts2_cache_cjs/
.rts2_cache_es/
.rts2_cache_umd/
# Optional REPL history
.node_repl_history
# Output of 'npm pack'
*.tgz
# Yarn Integrity file
.yarn-integrity
# dotenv environment variable files
.env
.env.development.local
.env.test.local
.env.production.local
.env.local
# parcel-bundler cache (https://parceljs.org/)
.cache
.parcel-cache
# Next.js build output
.next
out
# Nuxt.js build / generate output
.nuxt
dist
# Gatsby files
.cache/
# Comment in the public line in if your project uses Gatsby and not Next.js
# https://nextjs.org/blog/next-9-1#public-directory-support
# public
# vuepress build output
.vuepress/dist
# vuepress v2.x temp and cache directory
.temp
.cache
# Docusaurus cache and generated files
.docusaurus
# Serverless directories
.serverless/
# FuseBox cache
.fusebox/
# DynamoDB Local files
.dynamodb/
# TernJS port file
.tern-port
# Stores VSCode versions used for testing VSCode extensions
.vscode-test
# yarn v2
.yarn/cache
.yarn/unplugged
.yarn/build-state.yml
.yarn/install-state.gz
.pnp.*
/src/infisicalapi_client
/lib
.DS_Store
/test/pytest
# Directories
dist/
node_modules/

45
README.md
View File

@@ -1,40 +1,11 @@
<h1 align="center">
<img width="300" src="/img/logoname-white.svg#gh-dark-mode-only" alt="infisical">
</h1>
<p align="center">
<p align="center"><b>Infisical Node.js SDK</b></p>
<h4 align="center">
|
<a href="https://infisical.com/docs/sdks/languages/node">Documentation</a> |
<a href="https://www.infisical.com">Website</a> |
<a href="https://infisical.com/slack">Slack</a> |
</h4>
# @nixkrystik/infisical-node-sdk
Nix's fork of Infisical's NodeJS NPM package.
<h4 align="center">
<a href="https://github.com/Infisical/node-sdk-v2/blob/main/LICENSE">
<img src="https://img.shields.io/badge/license-MIT-blue.svg" alt="Infisical SDK's are released under the MIT license." />
</a>
<a href="https://infisical.com/slack">
<img src="https://img.shields.io/badge/chat-on%20Slack-blueviolet" alt="Slack community channel" />
</a>
<a href="https://twitter.com/infisical">
<img src="https://img.shields.io/twitter/follow/infisical?label=Follow" alt="Infisical Twitter" />
</a>
</h4>
## Can i contribute?
you can suggest fixes through Discord, but making pull requests is a no.
## Introduction
## Can i use it?
sure, i couldn't give a shit.
**[Infisical](https://infisical.com)** is the open source secret management platform that teams use to centralize their secrets like API keys, database credentials, and configurations.
If youre working with Node.js, the official Infisical Node.js SDK package is the easiest way to fetch and work with secrets for your application. You can read the documentation [here](https://infisical.com/docs/sdks/languages/node).
## Documentation
You can find the documentation for the Node.js SDK on our [SDK documentation page](https://infisical.com/docs/sdks/languages/node).
## Security
Please do not file GitHub issues or post on our public forum for security vulnerabilities, as they are public!
Infisical takes security issues very seriously. If you have any concerns about Infisical or believe you have uncovered a vulnerability, please get in touch via the e-mail address security@infisical.com. In the message, try to provide a description of the issue and ideally a way of reproducing it. The security team will get back to you as soon as possible.
Note that this security address should be used only for undisclosed vulnerabilities. Please report any security problems to us before disclosing it publicly.
## Can i fork it?
it's a public library, not sure why not.

4
img/logoname-white.svg
View File

File diff suppressed because one or more lines are too long
Side by Side

Before

Width:  |  Height:  |  Size: 9.2 KiB

1860
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

66
package.json
View File

@@ -1,44 +1,38 @@
{
"name": "@infisical/sdk",
"version": "0.0.0",
"main": "./lib/index.js",
"private": false,
"files": [
"lib"
],
"scripts": {
"build": "tsup src/index.ts --out-dir lib --dts --format cjs,esm --tsconfig tsconfig.json --no-splitting"
},
"keywords": [
"infisical",
"open-source",
"sdk",
"typescript"
],
"repository": {
"type": "git",
"url": "git+https://git.hep.gg/nix/infisical-node-sdk.git"
},
"author": "Nix Krystik <nix@archwing.dev>",
"license": "ISC",
"name": "@nixkrystik/infisical-node-sdk",
"description": "Modified fork of the Infisical NodeJS SDK removing unnecessary features.",
"devDependencies": {
"@types/node": "^22.5.1",
"tsc": "^2.0.4",
"tsup": "^8.2.4"
"version": "1.0.0",
"author": {
"name": "Nix Krystik",
"url": "https://teamhydra.dev/"
},
"dependencies": {
"axios": "^1.13.2",
"typescript": "^5.5.4",
"zod": "^3.23.8"
"repository": {
"url": "https://git.hep.gg/nix/infisical-node-sdk",
"type": "git"
},
"directories": {
"lib": "lib",
"test": "test"
},
"types": "./lib/index.d.ts",
"bugs": {
"url": "https://git.hep.gg/nix/infisical-node-sdk/issues"
},
"homepage": "https://git.hep.gg/nix/infisical-node-sdk#readme"
"license": "ISC",
"main": "./dist/index.js",
"types": "./dist/index.d.ts",
"scripts": {
"prepublish": "tsc"
},
"dependencies": {
"axios": "1.13.6",
"zod": "4.3.6"
},
"devDependencies": {
"@types/node": "25.4.0",
"typescript": "5.9.3"
}
}

0
src/custom/constants.ts
View File

10
src/custom/schemas/dynamic-secrets.ts
View File

@@ -172,7 +172,7 @@ const DynamicSecretMongoAtlasSchema = z.object({
.trim()
.min(1)
.describe(
"Unique 24-hexadecimal digit string that identifies your project. This is same as project id"
"Unique 24-hexadecimal digit string that identifies your project. This is same as project id",
),
roles: z
.object({
@@ -188,7 +188,7 @@ const DynamicSecretMongoAtlasSchema = z.object({
.string()
.min(1)
.describe(
' Enum: "atlasAdmin" "backup" "clusterMonitor" "dbAdmin" "dbAdminAnyDatabase" "enableSharding" "read" "readAnyDatabase" "readWrite" "readWriteAnyDatabase" "<a custom role name>".Human-readable label that identifies a group of privileges assigned to a database user. This value can either be a built-in role or a custom role.'
' Enum: "atlasAdmin" "backup" "clusterMonitor" "dbAdmin" "dbAdminAnyDatabase" "enableSharding" "read" "readAnyDatabase" "readWrite" "readWriteAnyDatabase" "<a custom role name>".Human-readable label that identifies a group of privileges assigned to a database user. This value can either be a built-in role or a custom role.',
),
})
.array()
@@ -199,13 +199,13 @@ const DynamicSecretMongoAtlasSchema = z.object({
.string()
.min(1)
.describe(
"Human-readable label that identifies the cluster or MongoDB Atlas Data Lake that this database user can access."
"Human-readable label that identifies the cluster or MongoDB Atlas Data Lake that this database user can access.",
),
type: z
.string()
.min(1)
.describe(
"Category of resource that this database user can access. Enum: CLUSTER, DATA_LAKE, STREAM"
"Category of resource that this database user can access. Enum: CLUSTER, DATA_LAKE, STREAM",
),
})
.array(),
@@ -223,7 +223,7 @@ const DynamicSecretMongoDBSchema = z.object({
.array()
.min(1)
.describe(
'Enum: "atlasAdmin" "backup" "clusterMonitor" "dbAdmin" "dbAdminAnyDatabase" "enableSharding" "read" "readAnyDatabase" "readWrite" "readWriteAnyDatabase" "<a custom role name>".Human-readable label that identifies a group of privileges assigned to a database user. This value can either be a built-in role or a custom role.'
'Enum: "atlasAdmin" "backup" "clusterMonitor" "dbAdmin" "dbAdminAnyDatabase" "enableSharding" "read" "readAnyDatabase" "readWrite" "readWriteAnyDatabase" "<a custom role name>".Human-readable label that identifies a group of privileges assigned to a database user. This value can either be a built-in role or a custom role.',
),
});

99
src/custom/util.ts
View File

@@ -1,100 +1,11 @@
import axios from "axios";
import { AWS_IDENTITY_DOCUMENT_URI, AWS_TOKEN_METADATA_URI } from "./constants";
import { Sha256 } from "@aws-crypto/sha256-js";
import { fromNodeProviderChain } from "@aws-sdk/credential-providers";
import { HttpRequest } from "@aws-sdk/protocol-http";
import { SignatureV4 } from "@aws-sdk/signature-v4";
import { InfisicalSDKError } from "./errors";
import { Secret } from "../api/types";
export const getUniqueSecretsByKey = (secrets: Secret[]) => {
const secretMap = new Map<string, Secret>();
const secretMap = new Map<string, Secret>();
for (const secret of secrets) {
secretMap.set(secret.secretKey, secret);
}
for (const secret of secrets) {
secretMap.set(secret.secretKey, secret);
}
return Array.from(secretMap.values());
};
export const getAwsRegion = async () => {
const region = process.env.AWS_REGION; // Typically found in lambda runtime environment
if (region) {
return region;
}
try {
const tokenRes = await axios.put(AWS_TOKEN_METADATA_URI, undefined, {
headers: {
"X-aws-ec2-metadata-token-ttl-seconds": "21600"
},
timeout: 5_000 // 5 seconds
});
const identityResponse = await axios.get<{ region: string }>(AWS_IDENTITY_DOCUMENT_URI, {
headers: {
"X-aws-ec2-metadata-token": tokenRes.data,
Accept: "application/json"
},
timeout: 5_000
});
return identityResponse.data.region;
} catch (e) {
throw e;
}
};
export const performAwsIamLogin = async (region: string) => {
const credentials = await fromNodeProviderChain()();
if (!credentials.accessKeyId || !credentials.secretAccessKey) {
throw new InfisicalSDKError("Credentials not found");
}
const iamRequestURL = `https://sts.${region}.amazonaws.com/`;
const iamRequestBody = "Action=GetCallerIdentity&Version=2011-06-15";
const iamRequestHeaders = {
"Content-Type": "application/x-www-form-urlencoded; charset=utf-8",
Host: `sts.${region}.amazonaws.com`
};
const request = new HttpRequest({
protocol: "https:",
hostname: `sts.${region}.amazonaws.com`,
path: "/",
method: "POST",
headers: {
...iamRequestHeaders,
"Content-Length": String(Buffer.byteLength(iamRequestBody))
},
body: iamRequestBody
});
const signer = new SignatureV4({
credentials,
region,
service: "sts",
sha256: Sha256
});
const signedRequest = await signer.sign(request);
const headers: Record<string, string> = {};
Object.entries(signedRequest.headers).forEach(([key, value]) => {
if (typeof value === "string") {
// Normalize Authorization header to proper case
const normalizedKey = key.toLowerCase() === "authorization" ? "Authorization" : key;
headers[normalizedKey] = value;
}
});
return {
iamHttpRequestMethod: "POST",
iamRequestUrl: iamRequestURL,
iamRequestBody: iamRequestBody,
iamRequestHeaders: headers
};
return Array.from(secretMap.values());
};

31
tsconfig.json
View File

@@ -1,15 +1,18 @@
{
"compilerOptions": {
"target": "es6",
"module": "commonjs",
"declaration": true,
"rootDir": "./src",
"outDir": "./lib",
"strict": true,
"resolveJsonModule": true,
"removeComments": true,
"esModuleInterop": true
},
"include": [".", "src"],
"exclude": ["examples", "node_modules", "lib", "test"]
}
"compilerOptions": {
"target": "ES2020",
"module": "ES2020",
"rootDir": "src",
"outDir": "dist",
"declaration": true,
"sourceMap": true,
"strict": true,
"esModuleInterop": true,
"moduleResolution": "node"
},
"include": ["src"],
"exclude": ["node_modules"]
}