Hey everyone, I've put together this Node.js snippet to store and retrieve license data in system-native secure storage (Windows Registry, macOS Keychain, Linux secret-tool) with the goal of zero manual user input. I'm reaching out first to Mac users for hands-on feedback, but any cross-platform insights are super appreciated!

My core questions: #

1. Does this code run smoothly on macOS without popping up any user authorization prompts?
2. Are there edge cases on Windows/Linux where it might still trigger prompts (like UAC, sudo requests, or keychain access approvals)?

The code in question: #

const { execSync } = require("child_process");
const os = require("os");

const platform = os.platform();
const APP_NAME = "com.test";
const KEY_NAME = "LicenseData";

function saveJSON(data) {
  const json = JSON.stringify(data);
  const encoded = Buffer.from(json).toString("base64");

  if (platform === "win32") {
    execSync(
      `reg add HKCU\\Software\\${APP_NAME} /v ${KEY_NAME} /t REG_SZ /d "${encoded}" /f`
    );
  } else if (platform === "darwin") {
    execSync(
      `security add-generic-password -a ${APP_NAME} -s ${KEY_NAME} -w "${encoded}" -U`
    );
  } else if (platform === "linux") {
    execSync(
      `secret-tool store --label="${APP_NAME}" service ${APP_NAME} key ${KEY_NAME} <<< "${encoded}"`
    );
  }
}

function loadJSON() {
  try {
    let output;
    if (platform === "win32") {
      output = execSync(
        `reg query HKCU\\Software\\${APP_NAME} /v ${KEY_NAME}`
      ).toString();
      const match = output.match(/REG_SZ\s+(.*)/);
      if (!match) return null;
      return JSON.parse(
        Buffer.from(match[1], "base64").toString("utf8")
      );
    } else if (platform === "darwin") {
      output = execSync(
        `security find-generic-password -a ${APP_NAME} -s ${KEY_NAME} -w`
      ).toString();
      return JSON.parse(
        Buffer.from(output.trim(), "base64").toString("utf8")
      );
    } else if (platform === "linux") {
      output = execSync(
        `secret-tool lookup service ${APP_NAME} key ${KEY_NAME}`
      ).toString();
      return JSON.parse(
        Buffer.from(output.trim(), "base64").toString("utf8")
      );
    }
  } catch (err) {
    return null;
  }
}

// saveJSON({
//   license: "ABC-123-XYZ",
//   activated: true,
//   trialStart: Date.now(),
//   version: 1
// });

const data = loadJSON();
if (data) {
  console.log(data)
  console.log("License:", data.license);
  console.log("Activated:", data.activated);
} else {
  console.log("No stored data found.");
}

Quick context: #

• The code encodes JSON data to base64 before storing, then decodes it on retrieval to avoid formatting conflicts.
• For macOS, I used the security CLI with -U (update existing entry) and -w (return only the raw value) flags. My biggest worry is that macOS Keychain might prompt the user to allow access the first time the entry is created.
• On Windows, the /f flag in reg add should force overwrites without prompts, but I'm curious if restricted environments might still trigger UAC.
• For Linux, it relies on secret-tool (which requires a running keyring service like GNOME Keyring) — I assume if the keyring is locked, it fails silently instead of prompting, but I could be wrong.

If you're a Mac user who's tested this, please let me know:

• Did you get any keychain access prompts when running saveJSON or loadJSON?
• Did the data save and load correctly without errors?
• Any odd behavior I should watch out for?

And if anyone on Windows/Linux spots a scenario where this would prompt the user, feel free to chime in too! Thanks a ton for the help.