npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

stegdoc

v5.7.0

Published

Hide files inside Office documents (XLSX/DOCX) with AES-256 encryption and steganography

Downloads

83

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

reemxreemx

Keywords

clisteganographyencryptionaes-256xlsxdocxhideencodedecodecovertofficespreadsheetsecurity

Readme

stegdoc

Hide files inside Office documents with AES-256 encryption and steganography

npm version License: MIT

stegdoc is a CLI tool that encodes any file into legitimate-looking Office documents (Excel/Word). Your data is hidden within realistic server access logs and Hebrew incident reports — no hidden sheets, no suspicious content. Optionally protected with AES-256-GCM encryption.

Features

  • Log-Based Steganography — Payload is embedded directly in realistic nginx access log entries (URL tokens, UUIDs, trace IDs). No hidden sheets — the data IS the logs
  • AES-256-GCM Encryption — Military-grade encryption with PBKDF2 key derivation (100k iterations)
  • Brotli Compression — 15-25% better compression than gzip
  • Dual Format Support
    • XLSX — Access log spreadsheet with realistic entries, any file size
    • DOCX — Hebrew RTL incident report with log excerpts, files under 1 MB
  • Multi-part Splitting — Automatically split large files across multiple documents
  • Integrity Verification — SHA-256 hashing detects tampering
  • Folder Support — Encode entire directories (automatically zipped)
  • Interactive Mode — User-friendly prompts guide you through options
  • Legacy Compatibility--legacy flag produces v4 format for older environments
  • Backward Compatible — Reads and decodes all previous format versions

Installation

npm install -g stegdoc

Or run directly with npx:

npx stegdoc encode myfile.pdf

Quick Start

# Encode a file with encryption (recommended)
stegdoc encode secret.pdf -p mypassword

# Decode it back
stegdoc decode access_log_20260315_1200_A1B2_part1.xlsx -p mypassword

# View file info without decoding
stegdoc info access_log_20260315_1200_A1B2_part1.xlsx

# Verify file integrity
stegdoc verify access_log_20260315_1200_A1B2_part1.xlsx -p mypassword

Commands

encode — Hide a file in an Office document

stegdoc encode <file> [options]

| Option | Description | Default | |--------|-------------|---------| | -o, --output-dir <dir> | Output directory | Current directory | | -s, --chunk-size <size> | Split size: 5MB, 25MB, 3 parts, max | 5MB | | -f, --format <format> | Output format: xlsx or docx | xlsx | | -p, --password <pass> | Encryption password | None (unencrypted) | | --legacy | Use v4 format for backward compatibility | Off | | --no-limit | Bypass DOCX 1 MB size limit | Off | | --force | Overwrite existing files | Prompt | | -q, --quiet | Minimal output for scripting | Off | | -y, --yes | Skip interactive prompts | Off |

Examples:

# Encode with password (produces access log spreadsheet)
stegdoc encode document.pdf -p mysecret

# Encode as Hebrew incident report (DOCX)
stegdoc encode config.json -p mysecret -f docx

# Split into 3 parts
stegdoc encode large-file.zip -p mysecret -s "3 parts"

# Legacy v4 format (for older environments)
stegdoc encode data.bin -p mysecret --legacy

# Encode a folder
stegdoc encode ./my-folder -p mysecret

decode — Recover the original file

stegdoc decode <file> [options]

| Option | Description | Default | |--------|-------------|---------| | -o, --output <path> | Output file path | Original filename | | -p, --password <pass> | Decryption password | Prompt if needed | | --force | Overwrite existing files | Prompt | | -q, --quiet | Minimal output | Off | | -y, --yes | Skip prompts, fail if password needed | Off |

Examples:

# Decode with password
stegdoc decode access_log_20260315_1200_A1B2_part1.xlsx -p mysecret

# Decode DOCX
stegdoc decode system_report_20260315_0800_CD42_part1.docx -p mysecret

# Multi-part files auto-detected (just provide part 1)
stegdoc decode access_log_20260315_1200_A1B2_part1.xlsx -p mysecret

info — View metadata without decoding

stegdoc info <file>

verify — Validate file integrity

stegdoc verify <file> [-p <password>]

How It Works

v5 Pipeline (default)

Input File
    |
[Brotli Compression]
    |
[AES-256-GCM Encryption] (optional)
    |
[Log-Embed Encoding] -- payload distributed across log line fields
    |
[Office Wrapper] -- XLSX access logs or DOCX incident report
    |
Output File(s)

Data Channels (per log line)

Each nginx access log entry carries 114 bytes of payload across 6 channels:

| Channel | Format | Bytes | |---------|--------|-------| | URL path segment | base64url | 21 | | Query param token | base64url | 21 | | Query param state | base64url | 21 | | Referer ref param | base64url | 21 | | X-Request-ID | UUID v4 (hex) | 14 | | X-Trace-ID | 32-char hex | 16 |

Output Formats

XLSX — Single "Access Logs" sheet with realistic nginx log entries. Columns: Remote Address, Timestamp, Method, Request, Status, Bytes, Referer, User-Agent, X-Request-ID, X-Trace-ID. No hidden sheets.

DOCX — Hebrew RTL incident report with title, executive summary, timeline table, log excerpts in monospace code blocks, root cause analysis, and recommendations. Reports are procedurally generated (15 services x 12 incident types = thousands of unique variants).

Encryption

  • Algorithm: AES-256-GCM (Galois/Counter Mode)
  • Key Derivation: PBKDF2-SHA256 with 100,000 iterations
  • Key Size: 256 bits
  • IV: 96 bits (randomly generated per part)
  • Salt: 128 bits (shared per session)
  • Authentication: 128-bit auth tag

Filenames

access_log_YYYYMMDD_HH00_XXXX[_partN].xlsx
system_report_YYYYMMDD_HH00_XXXX[_partN].docx

Legacy Mode

Use --legacy to produce v4 format files (hidden sheet + gzip compression) for environments that haven't upgraded to stegdoc v5:

stegdoc encode data.bin -p mypass --legacy

The decoder auto-detects format version — it reads both v4 and v5 files without any flags.

Requirements

  • Node.js 18.0.0 or higher

License

MIT License — see LICENSE for details.