skrub
v1.4.0
Published
Secure file deletion from any operating system
Downloads
44
Maintainers
Readme
Irreversible file deletion on every operating system * Will only work securely on file systems that overwrite blocks in place *
In contrast to rm
, which leaves file contents unallocated in memory, skrub
first floods file(s) with garbage data and then removes them forever.
The current method is low fidelity and "will prevent the data from being retrieved simply by reading using standard system functions". Read more in the FAQ below or on Wikipedia here.
Works on OS X, Linux, and Windows.
Looking for the command-line version?
Install
npm install --save skrub
Or try the command-line version
npm install --global skrub
Usage
const skrub = require('skrub');
skrub(['*', '!important*']).then(paths => {
console.log('Skrubbed files and folders:\n', paths.join('\n'));
});
You can use glob patterns.
API
skrub(patterns, [options])
Returns a promise for an array of skrubbed paths.
patterns
Type: string
, array
See supported minimatch patterns.
options
Type: object
dryRun
Type: boolean
Default: false
See what would be skrubbed without actually deleting anything.
skrub(['tmp/*.js'], {dryRun: true}).then(paths => {
console.log('Files and folders that would be skrubbed:\n', paths.join('\n'));
});
In additon to these two options, all node-glob
options are also available.
iterations
Type: number
(must be >= 0)
Default: 1
Zero-fill the specified file multiple times.
skrub(['tmp/*.js'], {iterations: 7}).then(paths => {
console.log('Files and folders that would be skrubbed:\n', paths.join('\n'));
});
skrub.floodFile(filePath, iterations)
Returns a promise for the flooded filePath. Replaces the contents of file at filePath
with the same amount of bytes zero-filled.
filePath
Type: string
iterations
Type: number
(must be >= 0)
Default: 1
Zero-fill the specified file multiple times.
FAQ
Unreliable file systems
skrub
and other overwriting-based methods may not be effective on your file system, since the disk may not actually write where you think it's writing. Here is a list of systems which are known not to cooperate with the current file overwriting method. Why don't these work?
- copy-on-write systems like btrfs
- ssd's at large
- reiserfs
- COW
In the above scenarios, skrub
is just a friendly wrapper around rm
.
How secure is this?
At a minimum, this will prevent the data from being retrieved simply by reading from the media again using standard system functions.
But I can do the same thing with rm
Not really. The rm
command simply frees the file-pointer in your operating system. This allows the file contents to be written over at a later date. This means that during the time before that memory location is needed (which it may never), your data is still at rest on your system.
rm
ships with a -P
flag which first does file overwrites with blank data. Although the end result is similar, this does not support negation in globbing and is not cross-platform.
But I can do the same thing with shred
Not the case. The shred
command is a Linux only distribution while skrub
is cross-platform. skrub
also supports negation within file globbing. shred
does not have a friendly node.js module wrapper around it either.
Benchmarking
TL;DR: Running more iterations than one is hardly slower.
skrub(tempFile, {iterations: 1}) x 57,512 ops/sec ±2.60% (69 runs sampled)
skrub(tempFile, {iterations: 7}) x 54,338 ops/sec ±2.59% (82 runs sampled)
skrub(tempFile, {iterations: 36}) x 54,631 ops/sec ±2.95% (79 runs sampled)
Fastest is skrub(tempFile, {iterations: 1})
Try it yourself:
npm run benchmark
Related
License
MIT © Dawson Botsford