# Changelog for `pagecrypt`

### Unreleased

### Fixes

-   Reduce size of `decrypt-template.html` by 12% (-889 bytes) by using latest versions of Vite and Rollup.
-   Allow `generatePassword()` to use 255 characters instead of only 254.
-   Maintenance: Upgrade dependencies to latest versions and verify output.
-   Simplify clearing of the URL hash after decryption - fix #50
-   Export types first. Resolves error from https://publint.dev/rules#exports_types_should_be_first
-   Fix reference error in case globalThis is undefined. Inspired by #44. Thanks[@PysKa-Ratzinger](https://github.com/PysKa-Ratzinger)!

## 6.1.1 - 2023-07-17

### Fixes

-   Maintenance: Update dev dependencies to latest versions.

## 6.1.0 - 2023-03-24

### Features

Two improvements inspired by [Harry Rabin](https://github.com/harryrabin) - thank you!

-   Better operational security by removing logging of predefined passwords when encrypting via the pagecrypt CLI.
-   Better operational security by removing the GitHub link in the web template, to make it harder for attackers to analyse the project.

### Fixes

-   Improved documentation for generating a password with a custom character set `generatePassword(length: number, characters: string)`.
-   Upgrade dependencies to latest versions.
-   Export TypeScript type definitions in npm package - Thanks to [Bjorn Lu](https://github.com/bluwy) and <https://github.com/bluwy/publint>

## 6.0.1 - 2022-12-31

### Fixes

-   Cleanup README. No code changes.

## 6.0.0 - 2022-12-27

This is a major upgrade, reducing the amount of CSS by 50%, removing about 40% of the required third-party npm modules, and adding support for a custom number of password `iterations` which allows for greatly improved security.

### Breaking changes

-   License changed to AGPL-3.0. If you prefer the MIT license, you can keep using pagecrypt 5.x.

### Features

-   Improved security: It's now possible to specify a custom number of password `iterations` for both `encryptHTML()` and `encrypt()`. See usage examples in [README](./README.md) to learn more.
-   Added support for specifying the new `iterations` option through the CLI. See usage examples in [README](./README.md) to learn more.

### Fixes

-   Prefer `globalThis` over `window` in Node 19 - thanks [@metonym](https://github.com/metonym)
-   Reduce CSS size with 50% by replacing Tailwind CSS with custom CSS. This also greatly simplifies the development and build setup for this project.
-   Update dependencies to latest versions.

## 5.4.0 - 2022-04-18

### Fixes

-   Update dependencies and verify that the project works with latest versions.
-   Clarified installation instructions.

---

## 5.3.0 - 2021-08-31

### Features

-   feature(ui): Add submit button to simplify mobile usage.
-   feature(ui): Build and use the latest decrypt template with new submit button

### Fixes

-   fix(deps): Update deps to latest minor and patch releases.
-   fix(build): Update build script with improved html template transformations
-   fix(build): Improve removal of the vite module inline script.
-   fix(build): Simplify build process to remove the steps no longer necessary.
-   fix(dev): Update dev template.

---

## 5.2.0 - 2021-08-15

Added dark mode as new default theme since it probably is what the primary audience prefers. Also added a bug fix for magic links to preserve the URL and allow hosting the output HTML files on other routes than `/`.

### Features

-   feature(ui): Add dark mode design by default.
-   feature(tests): Improve testing framework and simplify development
-   feature(tests): Update tests to use new dark template
-   feature(tests): Greatly improve testing DX by automating several manual steps and displaying everything neatly in the browser.
-   feature(build): Simplify package builds to greatly improve DX

### Fixes

-   fix(ui): Ensure full page URL except the hash is preserved when using magic links.
-   fix(tests): Improve testing html file
-   fix(package): Update dev command for consistency
-   fix(package): Automatically remove whitespace from new decrypt template builds
-   chore(deps): Update deps to latest minor and patch versions.

---

## 5.1.0 - 2021-07-30

Another major UX improvement incoming: Magic links to unlock encrypted pages with a single click!

Also slightly improved browser support for the `pagecrypt/core` module.

### Features

-   feature(ux): Implement + add docs for magic links that allow single-click unlocks
-   feature(core): Improve crypto loading to support older browsers for the core package.
-   feature(decrypt): Convert decryption script to TypeScript

### Fixes

-   docs(general): Highlight required Node.js version
-   fix(dev server): Remove `sirv-cli` dev dependency since we no longer need HTTPS for local dev.
-   docs(core): Clarify docstrings, improve terminology used and add link to related blog post.
-   docs(dev): Update testing and dev server instructions.
-   chore(test): Remove hardcoded test package version
-   chore(test): Improve browser encryption test

---

## 5.0.0 - 2021-07-15

### Features

-   BREAKING: feature(package): Convert modules to use ESM by default instead of CommonJS. Update your build tool to use `import` syntax instead of `require` - or keep using `pagecrypt@^4.0.1` which supports CommonJS `require`.

-   feature(package): Add a new `pagecrypt/core` module that can be imported to use the core library features in browsers, Deno and any other ESM compatible modern JS environment. For Node.js, the index import `pagecrypt` still works just like before.
-   feature(types): Add TypeScript definitions to improve DX and automation in TypeScript projects.
-   feature(crypto): Use isomorphic Web Crypto API to allow code reuse between Node.js, browsers and other ESM compatible environments.
-   feature(password generator): Use the isomorphic Web Crypto API to make project run in Node.js, browsers and other ESM compatible environments.
-   feature(build): Improve package build setup using esbuild and node-fs-extra

### Fixes

-   fix(package): Explicitly use CommonJS for config files.
-   chore(deps): Upgrade dependencies.

---

## 4.0.1 - 2021-05-04

### Fixes

-   fix(crypto): Ensure key derivation function is not extractable to fix bug in Chrome and Safari.

---

## 4.0.0 - 2021-04-29

Major UX and performance improvements!

This version uses `document.write()` to show the encrypted payload instead of using an `<iframe>` like `pagecrypt < v4` did. Since this means browsers won't have to create a separate DOM instance, this brings good performance improvements.

### Features

-   feature(UX): Major UX improvement - save CryptoKey to `sessionStorage` to gain massive UX + performance improvement on repeat visits.
-   feature(UX): Show results faster by removing the `<iframe>` and show content directly in the top-level document instead.
-   feature(DX): By removing the `<iframe>`, we also now allow embedded apps and webpages to use the full top-level document. Unlocks many new possible features that wouldn't work in `pagecrypt < v4`.
-   feature(UX): Show a loading state when loading large encrypted payloads.
-   feature(UX): Show loading spinner when decrypting for better UX.
-   feature(UX): Improve perceived loading performance by not blocking the main thread on page load.
    -   This was achieved in part by the loading state, but also by moving the encrypted payload from a render-blocking inline `<script>` into a `<pre>` that only contains the raw data.
    -   This way, the browser can do more work in parallel, which speeds up the initial page load.
-   feature(UX): Remove the success message and 1s timeout after successful decryption to improved perceived loading performance.
-   feature(build): Improve code transformations applied at build time to optimize `decrypt-template.html`
-   feature(UX): Add autofocus to password input when pageload has completed.

### Fixes

-   fix(build): Remove old iframe solution that's no longer relevant
-   fix(docs): Fix invalid docstring for `encryptHTML()`

---

## 3.3.0 - 2021-04-25

### Features

-   Set `<iframe>` and document `title` to improve accessibility for the page.

### Fixes

-   Clarify test instructions
-   Fix missing import in code sample

---

## 3.2.0 - 2021-04-24

### Features

-   Add password generator, built with the Node.js `crypto` module and without any external dependencies. Convenient, performant and secure.
-   CLI: Add `--generate-password` (alias `-g`) option to encrypt using a generated password of given length. See `README.md` for more info.
-   The password generator works well together with the JS API too.

### Fixes

-   Update tests and docs to describe new password generator feature.

---

## 3.1.0 - 2021-04-24

### Features

-   Replace `yargs` with `sade` and simplify CLI + dependencies. No breaking changes.
    -   This greatly improves both installation + runtime performance.
    -   It also simplifies the CLI implementation.
    -   The CLI API is preserved exactly like in 3.0.0

---

## 3.0.0 - 2021-04-24

### Features

-   Replace `node-forge` with the standard Web Crypto API - both in Node.js and in browsers.

    -   This greatly improves performance, bundle size and security compared to `v1.x` and `v2.x`.
    -   This allows using the same native code both for encryption in Node.js and decryption in the browser, simplifying the codebase.

-   `decrypt-template.html` file size reduced from `290 KB` to `10 KB` - (**96 % less boilerplate code**). This ensures the encrypted page will be the clear majority of the code shipped to the user.
-   PBKDF2 default iteration count increased from `1e5` to `2e6`, greatly improving security.

### Fixes

-   Fix [#6](https://github.com/Greenheart/pagecrypt/issues/6): Replace `vite preview` with `sirv-cli` to fix upstream issue
-   Upgrade to Tailwind CSS 2.1.2
-   Cleanup web/index.html to reduce unused characters
-   Update README with instructions for enabling `https` for localhost
-   Use stronger test password

---

## 2.0.0 - 2021-04-23

### Features

-   Use `node-forge` instead of `cryptojs` for encryption + decryption.
-   Use `vite` instead of `snowpack` for simplified and more performant web build process.
-   Small design + UX improvements for the decryption template.

---

## 1.2.0 - 2021-03-15

### Features

-   Expose new `encryptHTML()` function to easily get the encrypted HTML file contents when using the JS API.
-   Improved documentation

### Fixes

-   Cleanup code and move into separate smaller functions
-   dev: Improve test command to always install latest package build

---

## 1.1.0 - 2021-03-14

### Features

-   Added JS API

Usage:

```js
import { encrypt } from 'pagecrypt'

await encrypt('input.html', 'output.html', 'strong password')
```

-   Improved documentation
-   Added basic testing setup to easily verify `pagecrypt` builds

### Fixes

-   Updated how `decrypt-template.html` is loaded to allow JS API to work from any directory, and not just project root.

---

## 1.0.1 - 2021-03-11

-   Improved `test.html` sample page.

---

## 1.0.0 - 2021-03-10

-   Initial release