Skip to content
/ skrub Public

Irreversible file deletion on every OS

License

Notifications You must be signed in to change notification settings

dawsbot/skrub

Repository files navigation


Irreversible file deletion on every operating system
* Will only work securely on file systems that overwrite blocks in place *






In contrast to rm, which leaves file contents unallocated in memory, skrub first floods file(s) with garbage data and then removes them forever.

The current method is low fidelity and "will prevent the data from being retrieved simply by reading using standard system functions". Read more in the FAQ below or on Wikipedia here.

Works on OS X, Linux, and Windows.

Looking for the command-line version?


Install

npm install --save skrub

Or try the command-line version

npm install --global skrub

Usage

const skrub = require('skrub');

skrub(['*', '!important*']).then(paths => {
    console.log('Skrubbed files and folders:\n', paths.join('\n'));
});

You can use glob patterns.


API

skrub(patterns, [options])

Returns a promise for an array of skrubbed paths.

patterns

Type: string, array

See supported minimatch patterns.

options

Type: object

dryRun

Type: boolean
Default: false

See what would be skrubbed without actually deleting anything.

skrub(['tmp/*.js'], {dryRun: true}).then(paths => {
  console.log('Files and folders that would be skrubbed:\n', paths.join('\n'));
});

In additon to these two options, all node-glob options are also available.

iterations

Type: number(must be >= 0)
Default: 1

Zero-fill the specified file multiple times.

skrub(['tmp/*.js'], {iterations: 7}).then(paths => {
  console.log('Files and folders that would be skrubbed:\n', paths.join('\n'));
});

skrub.floodFile(filePath, iterations)

Returns a promise for the flooded filePath. Replaces the contents of file at filePath with the same amount of bytes zero-filled.

filePath

Type: string

iterations

Type: number(must be >= 0)
Default: 1

Zero-fill the specified file multiple times.


FAQ

Unreliable file systems

skrub and other overwriting-based methods may not be effective on your file system, since the disk may not actually write where you think it's writing. Here is a list of systems which are known not to cooperate with the current file overwriting method. Why don't these work?

In the above scenarios, skrub is just a friendly wrapper around rm.

How secure is this?

At a minimum, this will prevent the data from being retrieved simply by reading from the media again using standard system functions.

But I can do the same thing with rm

Not really. The rm command simply frees the file-pointer in your operating system. This allows the file contents to be written over at a later date. This means that during the time before that memory location is needed (which it may never), your data is still at rest on your system.

rm ships with a -P flag which first does file overwrites with blank data. Although the end result is similar, this does not support negation in globbing and is not cross-platform.

But I can do the same thing with shred

Not the case. The shred command is a Linux only distribution while skrub is cross-platform. skrub also supports negation within file globbing. shred does not have a friendly node.js module wrapper around it either.


Benchmarking

TL;DR: Running more iterations than one is hardly slower.

skrub(tempFile, {iterations: 1}) x 57,512 ops/sec ±2.60% (69 runs sampled)
skrub(tempFile, {iterations: 7}) x 54,338 ops/sec ±2.59% (82 runs sampled)
skrub(tempFile, {iterations: 36}) x 54,631 ops/sec ±2.95% (79 runs sampled)
Fastest is skrub(tempFile, {iterations: 1})

Try it yourself:

npm run benchmark

Related


License

MIT © Dawson Botsford