npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

electron-clear-data

v1.0.5

Published

Securely clears user data for your Electron application.

Downloads

2,327

Readme

electron-clear-data

License: MIT

Securely clears user data for your Electron application.

Why?

Electron applications are web applications running in the Chromium engine. The Chromium engine uses leveldb under the hood to store IndexedDB, localStorage, and Session Storage data. Each one of these is stored in a database. A database is represented by a set of files stored in a directory. Below is an example of a leveldb database:

Local Storage/
└── leveldb
    ├── 000003.log
    ├── CURRENT
    ├── LOCK
    ├── LOG
    └── MANIFEST-000001

Our main interests here are the Log files and Sorted tables. These files, which contain a log of updates made to localStorage and IndexedDB, including key/values in plaintext, are not deleted when localStorage or IndexedDB is cleared. This may expose private information from previous sessions, which is a security hazard.

In addition, even deleting records from IndexedDB does not remove those records from the log file. Please see this open issue on the leveldb repo for more.

The only sure-fire way to clear sensitive data that was once written to localStorage or IndexedDB is to delete the underlying files manually, and restart the application so that these files are recreated. This is precisely what this package does.

The core code involved in this package is not difficult to write yourself. However, it can be difficult to do safely, and to ascertain the correctness of your code. For this reason we've created this package to be as safe and reliable as possible. We've composed tests that ensure this functionality always works as you would expect and does not regress. The code is written in TypeScript to maximize compile-time safety. We'll also keep this package up to date with other Electron data-related vulnerabilities as and when they are discovered.


leveldb files

Each database is represented by a set of files stored in a directory. There are several different types of files as documented below (all of which will be deleted by electron-clear-data):

Log files

A log file (*.log) stores a sequence of recent updates. Each update is appended to the current log file. When the log file reaches a pre-determined size (approximately 4MB by default), it is converted to a sorted table and a new log file is created for future updates.

Sorted tables

A sorted table (*.ldb) stores a sequence of entries sorted by key. Each entry is either a value for the key or a deletion marker for the key. (Deletion markers are kept around to hide obsolete values present in older sorted tables).

Manifest

A MANIFEST file lists the set of sorted tables that make up each level, the corresponding key ranges, and other important metadata. A new MANIFEST file (with a new number embedded in the file name) is created whenever the database is reopened. The MANIFEST file is formatted as a log, and changes made to the serving state (as files are added or removed) are appended to this log.

Current

CURRENT is a simple text file that contains the name of the latest MANIFEST file.

Info logs

Informational messages are printed to files named LOG and LOG.old.

See leveldb implementation for a more detailed implementation document.

Installation

To install, run:

yarn add electron-clear-data

Or:

npm install electron-clear-data

Usage

import { clearSensitiveDirectories } from 'electron-clear-data';

...

clearSensitiveDirectories();
  • To clear all user data:
import { clearAllUserData } from 'electron-clear-data';

...

clearAllUserData();

Contributing

  1. Fork this repo
  2. Create your feature branch: git checkout -b feat/my-feature
  3. Code your feature
  4. Add your changes: git add .
  5. Commit your changes: git commit -am 'feat: my feature'
  6. Push the branch git push origin feat/my-feature
  7. Submit a pull request

License

See the LICENSE file for license rights and limitations (MIT).