[PM-11721] [BEEEP] Add initial password-protected zip export support

[quexten]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-11721

📔 Objective

Use the zip.js library instead of jszip, in order to add support for large (>4GB) zip archives, and encrypted exports.

📸 Screenshots

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[github-actions]

Checkmarx One – Scan Summary & Details – 83b0af15-513f-4e69-95d7-0c31c902fc31

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	Client_Privacy_Violation	/libs/tools/export/vault-export/vault-export-core/src/services/individual-vault-export.service.ts: 78	Attack Vector

Fixed Issues

Severity	Issue	Source File / Package
	Client_Privacy_Violation	/libs/tools/export/vault-export/vault-export-core/src/services/individual-vault-export.service.ts: 73
	Unpinned Actions Full Length Commit SHA	/version-bump.yml: 246
	Unpinned Actions Full Length Commit SHA	/build-web.yml: 190
	Unpinned Actions Full Length Commit SHA	/release-desktop-beta.yml: 50
	Unpinned Actions Full Length Commit SHA	/publish-cli.yml: 103
	Unpinned Actions Full Length Commit SHA	/version-bump.yml: 186
	Unpinned Actions Full Length Commit SHA	/deploy-web.yml: 190
	Unpinned Actions Full Length Commit SHA	/publish-web.yml: 43
	Unpinned Actions Full Length Commit SHA	/build-web.yml: 341
	Unpinned Actions Full Length Commit SHA	/publish-desktop.yml: 121
	Unpinned Actions Full Length Commit SHA	/release-cli.yml: 43
	Unpinned Actions Full Length Commit SHA	/build-desktop.yml: 890
	Unpinned Actions Full Length Commit SHA	/build-desktop.yml: 1292
	Unpinned Actions Full Length Commit SHA	/version-bump.yml: 358
	Unpinned Actions Full Length Commit SHA	/version-bump.yml: 47
	Unpinned Actions Full Length Commit SHA	/release-browser.yml: 95
	Unpinned Actions Full Length Commit SHA	/deploy-web.yml: 221
	Unpinned Actions Full Length Commit SHA	/publish-cli.yml: 140
	Unpinned Actions Full Length Commit SHA	/version-bump.yml: 193
	Unpinned Actions Full Length Commit SHA	/build-browser.yml: 407
	Unpinned Actions Full Length Commit SHA	/version-bump.yml: 81
	Unpinned Actions Full Length Commit SHA	/publish-desktop.yml: 195
	Unpinned Actions Full Length Commit SHA	/version-bump.yml: 179
	Unpinned Actions Full Length Commit SHA	/build-browser.yml: 366
	Unpinned Actions Full Length Commit SHA	/staged-rollout-desktop.yml: 28
	Unpinned Actions Full Length Commit SHA	/publish-desktop.yml: 244
	Unpinned Actions Full Length Commit SHA	/version-bump.yml: 296
	Unpinned Actions Full Length Commit SHA	/release-desktop-beta.yml: 667
	Unpinned Actions Full Length Commit SHA	/deploy-web.yml: 269
	Unpinned Actions Full Length Commit SHA	/build-desktop.yml: 1338
	Unpinned Actions Full Length Commit SHA	/version-bump.yml: 200
	Unpinned Actions Full Length Commit SHA	/release-desktop.yml: 70
	Unpinned Actions Full Length Commit SHA	/release-desktop.yml: 93
	Unpinned Actions Full Length Commit SHA	/version-bump.yml: 498
	Unpinned Actions Full Length Commit SHA	/version-bump.yml: 506
	Unpinned Actions Full Length Commit SHA	/release-web.yml: 40
	Unpinned Actions Full Length Commit SHA	/build-desktop.yml: 287
	Unpinned Actions Full Length Commit SHA	/crowdin-pull.yml: 40
	Unpinned Actions Full Length Commit SHA	/release-desktop.yml: 43
	Unpinned Actions Full Length Commit SHA	/build-web.yml: 296
	Unpinned Actions Full Length Commit SHA	/build-cli.yml: 404
	Unpinned Actions Full Length Commit SHA	/version-bump.yml: 161
	Unpinned Actions Full Length Commit SHA	/release-web.yml: 56
	Unpinned Actions Full Length Commit SHA	/retrieve-current-desktop-rollout.yml: 22
	Unpinned Actions Full Length Commit SHA	/version-bump.yml: 514
	Unpinned Actions Full Length Commit SHA	/version-auto-bump.yml: 20
	Unpinned Actions Full Length Commit SHA	/publish-cli.yml: 180
	Unpinned Actions Full Length Commit SHA	/build-web.yml: 266
	Unpinned Actions Full Length Commit SHA	/crowdin-pull.yml: 34
	Unpinned Actions Full Length Commit SHA	/release-desktop-beta.yml: 247
	Unpinned Actions Full Length Commit SHA	/brew-bump-desktop.yml: 25
	Unpinned Actions Full Length Commit SHA	/release-browser.yml: 43
	Unpinned Actions Full Length Commit SHA	/release-cli.yml: 58
	Unpinned Actions Full Length Commit SHA	/version-bump.yml: 522

[djsmith85]

@quexten I love that you continue to push forward with this. Let me know if I can assist, even with just feedback like this:

One thing to keep in mind for the sake of automation. A lot user want to use the CLI to create regular backups. Does this new lib work under node ? If it doesn't we'll have to think about how we would be able to support the new format within the CLI.

[quexten]

@djsmith85 I did not test the library under node yet, but it seems to have support for node, deno and bun, going through docs / github issues, so anything that can run js/ts.

[codecov]

Codecov Report

Attention: Patch coverage is 70.58824% with 5 lines in your changes missing coverage. Please review.

Project coverage is 33.32%. Comparing base (02c957c) to head (f8a28d7).

✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
...re/src/services/individual-vault-export.service.ts	75.00%	3 Missing and 1 partial ⚠️
...t-export-core/src/services/vault-export.service.ts	0.00%	1 Missing ⚠️

Additional details and impacted files

@@                  Coverage Diff                   @@
##           auth/beeep/zip-export   #10926   +/-   ##
======================================================
  Coverage                  33.32%   33.32%           
======================================================
  Files                       2787     2787           
  Lines                      86619    86625    +6     
  Branches                   16523    16525    +2     
======================================================
+ Hits                       28868    28870    +2     
- Misses                     55446    55449    +3     
- Partials                    2305     2306    +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[quexten]

Ok, @djsmith85 there are a few quirks with using the library in node, (noticed during fixing the jest tests). The blobreader / textreader and writers don't work because they rely on a global Response which we would have to polyfill for the tests. I chose to just use uint8reader/writer instead. Further, we have to require / conditionally set on globalThis the TransformStream and ReadableStream / WriteableStream for node. This is done by running "require" in eval in order to circumvent webpack causing build issues on web/desktop/browser. This is done by using a jest setup script. Would be neat if the package did this internally, but it's also not too bad in my books.

If we want to actually use the library for streaming data (not just encryption) for very large zip files (we can on both cli and web), we'd have to take another look, but then again this needs re-thinking about how we present the progress to the user anyways and is a future endeavor.

[djasonpenney]

Branch conflicts need to be resolved.

I also note some regressions in code coverage. It looks mainly like a few more unit tests need to be written.

[quexten]

@djasonpenney Was on vacation, apologies for the delayed response. This is waiting for review from the tools team. Once they reviewed, the minor package-lock conflict will be resolved in order not to have too much merge conflict resolution overhead.