Bump v10.22.0 (#2189)

Enables trusted publishing of npm package, which requires Node >= 22.14 and npm >= 11.5.1 (npm 11.5.1 is bundled with node 24.5)
main build cannot currently be done with 24.5 due to minor incompatibilities in the codebase.

.github/workflows/releases.yml

@@ -18,7 +18,6 @@ env:
 jobs:
   main:
     permissions:
-      id-token: write
       packages: write
       contents: write
     runs-on: ubuntu-latest
@@ -96,5 +95,20 @@ jobs:
           file_glob: true
           body: "See the [CHANGELOG](https://github.com/gchq/CyberChef/blob/master/CHANGELOG.md) and [commit messages](https://github.com/gchq/CyberChef/commits/master) for details."
 
+  npm-publish:
+    permissions:
+      id-token: write
+      contents: read
+    needs: main
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Set node version
+        uses: actions/setup-node@v6
+        with:
+          node-version: ^24.5
+          registry-url: "https://registry.npmjs.org"
+
       - name: Publish to NPM
         run: npm publish

CHANGELOG.md

@@ -13,6 +13,16 @@ All major and minor version changes will be documented in this file. Details of
 
 ## Details
 
+### [10.22.0] - 2026-02-11
+- Separate npm publish out into separate job and run with Node 24.5 [@GCHQDeveloper581] | [#2188]
+- Fixed Percent delimiter for hex encoding [@beneri] [@C85297] | [#2137]
+- Added the ability to paste one or more Images from the Clipboard [@t-martine] [@a3957273] [@C85297] | [#1876]
+- Quoted Printable - consistent reference to 'email' [@wesinator] | [#2186]
+- Fix freeze when output text decoding fails [@Raka-loah] | [#1573]
+- Update Browserslist DB [@C85297] | [#2183]
+- Add contents write permission to releases workflow [@C85297] | [#2182]
+- Fix release workflow permissions [@C85297] | [#2181]
+
 ### [10.21.0] - 2026-02-05
 - Fix import operations with special chars in them [@d98762625] [@jg42526] | [#1040]
 - Remove custom CodeQL workflow [@C85297] | [#2176]
@@ -528,6 +538,7 @@ All major and minor version changes will be documented in this file. Details of
 ## [4.0.0] - 2016-11-28
 -  Initial open source commit [@n1474335] | [b1d73a72](https://github.com/gchq/CyberChef/commit/b1d73a725dc7ab9fb7eb789296efd2b7e4b08306)
 
+[10.22.0]: https://github.com/gchq/CyberChef/releases/tag/v10.22.0
 [10.21.0]: https://github.com/gchq/CyberChef/releases/tag/v10.21.0
 [10.20.0]: https://github.com/gchq/CyberChef/releases/tag/v10.20.0
 [10.19.0]: https://github.com/gchq/CyberChef/releases/tag/v10.19.0
@@ -782,6 +793,10 @@ All major and minor version changes will be documented in this file. Details of
 [@tuliperis]: https://github.com/tuliperis
 [@thomasxm]: https://github.com/thomasxm
 [@twostraws]: https://github.com/twostraws
+[@beneri]: https://github.com/beneri
+[@t-martine]: https://github.com/t-martine
+[@wesinator]: https://github.com/wesinator
+[@Raka-loah]: https://github.com/Raka-loah
 
 
 [8ad18b]: https://github.com/gchq/CyberChef/commit/8ad18bc7db6d9ff184ba3518686293a7685bf7b7
@@ -987,4 +1002,12 @@ All major and minor version changes will be documented in this file. Details of
 [#2086]: https://github.com/gchq/CyberChef/pull/2086
 [#2118]: https://github.com/gchq/CyberChef/pull/2118
 [#2166]: https://github.com/gchq/CyberChef/pull/2166
+[#2188]: https://github.com/gchq/CyberChef/pull/2188
+[#2137]: https://github.com/gchq/CyberChef/pull/2137
+[#1876]: https://github.com/gchq/CyberChef/pull/1876
+[#2186]: https://github.com/gchq/CyberChef/pull/2186
+[#1573]: https://github.com/gchq/CyberChef/pull/1573
+[#2183]: https://github.com/gchq/CyberChef/pull/2183
+[#2182]: https://github.com/gchq/CyberChef/pull/2182
+[#2181]: https://github.com/gchq/CyberChef/pull/2181
 

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "cyberchef",
-  "version": "10.21.0",
+  "version": "10.22.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "cyberchef",
-      "version": "10.21.0",
+      "version": "10.22.0",
       "hasInstallScript": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -6223,9 +6223,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001695",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001695.tgz",
-      "integrity": "sha512-vHyLade6wTgI2u1ec3WQBxv+2BrTERV28UXQu9LO6lZ9pYeMk34vjXFLOxo1A4UBA8XTL4njRQZdno/yYaSmWw==",
+      "version": "1.0.30001769",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001769.tgz",
+      "integrity": "sha512-BCfFL1sHijQlBGWBMuJyhZUhzo7wer5sVj9hqekB/7xn0Ypy+pER/edCYQm4exbXj4WiySGp40P8UuTh6w1srg==",
       "dev": true,
       "funding": [
         {

package.json

@@ -1,6 +1,6 @@
 {
   "name": "cyberchef",
-  "version": "10.21.0",
+  "version": "10.22.0",
   "description": "The Cyber Swiss Army Knife for encryption, encoding, compression and data analysis.",
   "author": "n1474335 <n1474335@gmail.com>",
   "homepage": "https://gchq.github.io/CyberChef",

src/core/lib/Hex.mjs

@@ -33,7 +33,7 @@ export function toHex(data, delim=" ", padding=2, extraDelim="", lineSize=0) {
     if (data instanceof ArrayBuffer) data = new Uint8Array(data);
 
     let output = "";
-    const prepend = (delim === "0x" || delim === "\\x");
+    const prepend = (delim === "0x" || delim === "\\x" || delim === "%");
 
     for (let i = 0; i < data.length; i++) {
         const hex = data[i].toString(16).padStart(padding, "0");

src/core/operations/FromQuotedPrintable.mjs

@@ -23,7 +23,7 @@ class FromQuotedPrintable extends Operation {
 
         this.name = "From Quoted Printable";
         this.module = "Default";
-        this.description = "Converts QP-encoded text back to standard text.<br><br>e.g. The quoted-printable encoded string <code>hello=20world</code> becomes <code>hello world</code>";
+        this.description = "Converts QP-encoded text back to standard text. This format is a content transfer encoding common in email messages.<br><br>e.g. The quoted-printable encoded string <code>hello=20world</code> becomes <code>hello world</code>";
         this.infoURL = "https://wikipedia.org/wiki/Quoted-printable";
         this.inputType = "string";
         this.outputType = "byteArray";

src/core/operations/ToQuotedPrintable.mjs

@@ -23,7 +23,7 @@ class ToQuotedPrintable extends Operation {
 
         this.name = "To Quoted Printable";
         this.module = "Default";
-        this.description = "Quoted-Printable, or QP encoding, is an encoding using printable ASCII characters (alphanumeric and the equals sign '=') to transmit 8-bit data over a 7-bit data path or, generally, over a medium which is not 8-bit clean. It is defined as a MIME content transfer encoding for use in e-mail.<br><br>QP works by using the equals sign '=' as an escape character. It also limits line length to 76, as some software has limits on line length.";
+        this.description = "Quoted-Printable, or QP encoding, is an encoding using printable ASCII characters (alphanumeric and the equals sign '=') to transmit 8-bit data over a 7-bit data path or, generally, over a medium which is not 8-bit clean. It is defined as a MIME content transfer encoding for use in email.<br><br>QP works by using the equals sign '=' as an escape character. It also limits line length to 76, as some software has limits on line length.";
         this.infoURL = "https://wikipedia.org/wiki/Quoted-printable";
         this.inputType = "ArrayBuffer";
         this.outputType = "string";

src/web/waiters/InputWaiter.mjs

@@ -151,8 +151,20 @@ class InputWaiter {
                 // Event handlers
                 EditorView.domEventHandlers({
                     paste(event, view) {
+                        const clipboardData = event.clipboardData;
+                        const items = clipboardData.items;
+                        const files = [];
+                        for (let i = 0; i < items.length; i++) {
+                            const item = items[i];
+                            if (item.kind === "file") {
+                                const file = item.getAsFile();
+                                files.push(file);
+
+                                event.preventDefault(); // Prevent the default paste behavior
+                            }
+                        }
                         setTimeout(() => {
-                            self.afterPaste(event);
+                            self.afterPaste(files);
                         });
                     }
                 })
@@ -914,9 +926,12 @@ class InputWaiter {
      * Handler that fires just after input paste events.
      * Checks whether the EOL separator or character encoding should be updated.
      *
-     * @param {event} e
+     * @param {File[]} files - An array of any files that were included in the paste event
      */
-    afterPaste(e) {
+    afterPaste(files) {
+        if (files.length > 0) {
+            this.loadUIFiles(files);
+        }
         // If EOL has been fixed, skip this.
         if (this.eolState > 1) return;
 

src/web/workers/DishWorker.mjs

@@ -7,6 +7,8 @@
  */
 
 import Dish from "../../core/Dish.mjs";
+import DishError from "../../core/errors/DishError.mjs";
+import { CHR_ENC_SIMPLE_REVERSE_LOOKUP } from "../../core/lib/ChrEnc.mjs";
 import Utils from "../../core/Utils.mjs";
 import cptable from "codepage";
 import loglevelMessagePrefix from "loglevel-message-prefix";
@@ -98,7 +100,7 @@ async function bufferToStr(data) {
         try {
             str = cptable.utils.decode(data.encoding, new Uint8Array(data.buffer));
         } catch (err) {
-            str = err;
+            str = new DishError(`Error decoding buffer with encoding ${CHR_ENC_SIMPLE_REVERSE_LOOKUP[data.encoding]}: ${err.message}`).toString();
         }
     }
 

tests/operations/tests/Hex.mjs

@@ -43,6 +43,20 @@ TestRegister.addTests([
             }
         ]
     },
+    {
+        name: "ASCII to Hex with percent deliminator",
+        input: "aberystwyth",
+        expectedOutput: "%61%62%65%72%79%73%74%77%79%74%68",
+        recipeConfig: [
+            {
+                "op": "To Hex",
+                "args": [
+                    "Percent",
+                    0
+                ]
+            }
+        ]
+    },
     {
         name: "ASCII to 0x Hex with comma and line breaks",
         input: "aberystwyth",