npm - @arcis/node - Versions diffs - 1.2.0 → 1.4.0 - Mend

@arcis/node 1.2.0 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (122) hide show

package/dist/core/{index.d.mts → constants.d.ts} +21 -70
package/dist/core/constants.d.ts.map +1 -0
package/dist/core/errors.d.ts +53 -0
package/dist/core/errors.d.ts.map +1 -0
package/dist/core/index.d.ts +6 -168
package/dist/core/index.d.ts.map +1 -0
package/dist/{types-CsOFHoD9.d.mts → core/types.d.ts} +38 -31
package/dist/core/types.d.ts.map +1 -0
package/dist/index.d.ts +71 -166
package/dist/index.d.ts.map +1 -0
package/dist/index.js +151 -4
package/dist/index.js.map +1 -1
package/dist/index.mjs +145 -5
package/dist/index.mjs.map +1 -1
package/dist/logging/index.d.ts +4 -36
package/dist/logging/index.d.ts.map +1 -0
package/dist/logging/{index.d.mts → redactor.d.ts} +5 -9
package/dist/logging/redactor.d.ts.map +1 -0
package/dist/middleware/bot-detection.d.ts +86 -0
package/dist/middleware/bot-detection.d.ts.map +1 -0
package/dist/middleware/cookies.d.ts +48 -0
package/dist/middleware/cookies.d.ts.map +1 -0
package/dist/middleware/cors.d.ts +65 -0
package/dist/middleware/cors.d.ts.map +1 -0
package/dist/middleware/csrf.d.ts +109 -0
package/dist/middleware/csrf.d.ts.map +1 -0
package/dist/middleware/error-handler.d.ts +43 -0
package/dist/middleware/error-handler.d.ts.map +1 -0
package/dist/middleware/headers.d.ts +29 -0
package/dist/middleware/headers.d.ts.map +1 -0
package/dist/middleware/hpp.d.ts +56 -0
package/dist/middleware/hpp.d.ts.map +1 -0
package/dist/middleware/index.d.ts +16 -3
package/dist/middleware/index.d.ts.map +1 -0
package/dist/middleware/index.js +28 -3
package/dist/middleware/index.js.map +1 -1
package/dist/middleware/index.mjs +28 -3
package/dist/middleware/index.mjs.map +1 -1
package/dist/middleware/main.d.ts +40 -0
package/dist/middleware/main.d.ts.map +1 -0
package/dist/middleware/rate-limit-sliding.d.ts +46 -0
package/dist/middleware/rate-limit-sliding.d.ts.map +1 -0
package/dist/middleware/rate-limit-token.d.ts +51 -0
package/dist/middleware/rate-limit-token.d.ts.map +1 -0
package/dist/middleware/rate-limit.d.ts +34 -0
package/dist/middleware/rate-limit.d.ts.map +1 -0
package/dist/sanitizers/command.d.ts +28 -0
package/dist/sanitizers/command.d.ts.map +1 -0
package/dist/sanitizers/encode.d.ts +46 -0
package/dist/sanitizers/encode.d.ts.map +1 -0
package/dist/sanitizers/headers.d.ts +46 -0
package/dist/sanitizers/headers.d.ts.map +1 -0
package/dist/sanitizers/index.d.ts +17 -22
package/dist/sanitizers/index.d.ts.map +1 -0
package/dist/sanitizers/index.js +72 -0
package/dist/sanitizers/index.js.map +1 -1
package/dist/sanitizers/index.mjs +68 -1
package/dist/sanitizers/index.mjs.map +1 -1
package/dist/sanitizers/jsonp.d.ts +34 -0
package/dist/sanitizers/jsonp.d.ts.map +1 -0
package/dist/sanitizers/nosql.d.ts +31 -0
package/dist/sanitizers/nosql.d.ts.map +1 -0
package/dist/sanitizers/path.d.ts +28 -0
package/dist/sanitizers/path.d.ts.map +1 -0
package/dist/sanitizers/pii.d.ts +80 -0
package/dist/sanitizers/pii.d.ts.map +1 -0
package/dist/sanitizers/prototype.d.ts +34 -0
package/dist/sanitizers/prototype.d.ts.map +1 -0
package/dist/sanitizers/sanitize.d.ts +51 -0
package/dist/sanitizers/sanitize.d.ts.map +1 -0
package/dist/sanitizers/sql.d.ts +28 -0
package/dist/sanitizers/sql.d.ts.map +1 -0
package/dist/sanitizers/ssti.d.ts +20 -0
package/dist/sanitizers/ssti.d.ts.map +1 -0
package/dist/sanitizers/utils.d.ts +19 -0
package/dist/sanitizers/utils.d.ts.map +1 -0
package/dist/sanitizers/xss.d.ts +35 -0
package/dist/sanitizers/xss.d.ts.map +1 -0
package/dist/sanitizers/xxe.d.ts +20 -0
package/dist/sanitizers/xxe.d.ts.map +1 -0
package/dist/stores/index.d.ts +6 -104
package/dist/stores/index.d.ts.map +1 -0
package/dist/stores/memory.d.ts +35 -0
package/dist/stores/memory.d.ts.map +1 -0
package/dist/stores/{index.d.mts → redis.d.ts} +6 -45
package/dist/stores/redis.d.ts.map +1 -0
package/dist/utils/duration.d.ts +34 -0
package/dist/utils/duration.d.ts.map +1 -0
package/dist/utils/fingerprint.d.ts +64 -0
package/dist/utils/fingerprint.d.ts.map +1 -0
package/dist/utils/index.d.ts +10 -0
package/dist/utils/index.d.ts.map +1 -0
package/dist/utils/index.js +188 -0
package/dist/utils/index.js.map +1 -0
package/dist/utils/index.mjs +182 -0
package/dist/utils/index.mjs.map +1 -0
package/dist/utils/ip.d.ts +70 -0
package/dist/utils/ip.d.ts.map +1 -0
package/dist/validation/email.d.ts +82 -0
package/dist/validation/email.d.ts.map +1 -0
package/dist/validation/file.d.ts +90 -0
package/dist/validation/file.d.ts.map +1 -0
package/dist/validation/index.d.ts +10 -3
package/dist/validation/index.d.ts.map +1 -0
package/dist/validation/redirect.d.ts +64 -0
package/dist/validation/redirect.d.ts.map +1 -0
package/dist/validation/schema.d.ts +36 -0
package/dist/validation/schema.d.ts.map +1 -0
package/dist/validation/url.d.ts +65 -0
package/dist/validation/url.d.ts.map +1 -0
package/package.json +8 -6
package/dist/index-A-m-pPeW.d.mts +0 -340
package/dist/index-CgK94hY_.d.mts +0 -532
package/dist/index-Co5kPRZz.d.ts +0 -340
package/dist/index-D_bdJcF0.d.ts +0 -532
package/dist/index.d.mts +0 -175
package/dist/middleware/index.d.mts +0 -3
package/dist/pii-CXcHMlnX.d.mts +0 -438
package/dist/pii-DhNpl7M3.d.ts +0 -438
package/dist/sanitizers/index.d.mts +0 -24
package/dist/types-CsOFHoD9.d.ts +0 -269
package/dist/validation/index.d.mts +0 -3

package/dist/middleware/main.d.ts ADDED Viewed

@@ -0,0 +1,40 @@
+/**
+ * @module @arcis/node/middleware/main
+ * Main arcis() middleware factory
+ */
+import type { ArcisOptions, ArcisFunction, ArcisMiddlewareStack } from '../core/types';
+/**
+ * Create Arcis middleware with all protections enabled.
+ *
+ * @param options - Configuration options
+ * @returns Array of Express middleware
+ *
+ * @example
+ * // Full protection (recommended)
+ * app.use(arcis());
+ *
+ * @example
+ * // Custom configuration
+ * app.use(arcis({
+ *   rateLimit: { max: 50 },
+ *   headers: { frameOptions: 'SAMEORIGIN' }
+ * }));
+ *
+ * @example
+ * // Disable specific features
+ * app.use(arcis({
+ *   rateLimit: false,
+ *   sanitize: { sql: false }
+ * }));
+ *
+ * @example
+ * // Cleanup on shutdown
+ * const middleware = arcis();
+ * app.use(middleware);
+ * process.on('SIGTERM', () => middleware.close());
+ */
+export declare function arcis(options?: ArcisOptions): ArcisMiddlewareStack;
+declare const arcisWithMethods: ArcisFunction;
+export { arcisWithMethods as arcisFunction };
+export default arcisWithMethods;
+//# sourceMappingURL=main.d.ts.map

package/dist/middleware/main.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"main.d.ts","sourceRoot":"","sources":["../../src/middleware/main.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,KAAK,EACV,YAAY,EACZ,aAAa,EACb,oBAAoB,EAIrB,MAAM,eAAe,CAAC;AAQvB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,wBAAgB,KAAK,CAAC,OAAO,GAAE,YAAiB,GAAG,oBAAoB,CAuCtE;AAGD,QAAA,MAAM,gBAAgB,EAAY,aAAa,CAAC;AAQhD,OAAO,EAAE,gBAAgB,IAAI,aAAa,EAAE,CAAC;AAC7C,eAAe,gBAAgB,CAAC"}

package/dist/middleware/rate-limit-sliding.d.ts ADDED Viewed

@@ -0,0 +1,46 @@
+/**
+ * @module @arcis/node/middleware/rate-limit-sliding
+ * Sliding window rate limiting middleware.
+ *
+ * More accurate than fixed window — uses a weighted sum of the previous
+ * and current window to approximate a true sliding window.
+ *
+ * Algorithm:
+ *   weight = (windowMs - elapsed) / windowMs
+ *   count = (prevWindow * weight) + currentWindow
+ *   allow = count < limit
+ *
+ * @example
+ * app.use(createSlidingWindowLimiter({ max: 100, window: '15m' }));
+ */
+import type { Request, RequestHandler } from 'express';
+export interface SlidingWindowOptions {
+    /** Maximum requests per window. Default: 100 */
+    max?: number;
+    /** Window size in ms or duration string. Default: '1m' */
+    window?: string | number;
+    /** Error message when limit exceeded */
+    message?: string;
+    /** HTTP status code for rate limited responses. Default: 429 */
+    statusCode?: number;
+    /** Function to generate rate limit key from request */
+    keyGenerator?: (req: Request) => string;
+    /** Function to skip rate limiting for certain requests */
+    skip?: (req: Request) => boolean;
+}
+export interface SlidingWindowMiddleware extends RequestHandler {
+    close: () => void;
+}
+/**
+ * Create sliding window rate limiter middleware.
+ *
+ * @example
+ * // 100 requests per 15 minutes
+ * app.use(createSlidingWindowLimiter({ max: 100, window: '15m' }));
+ *
+ * @example
+ * // Strict API limit
+ * app.use('/api', createSlidingWindowLimiter({ max: 30, window: '1m' }));
+ */
+export declare function createSlidingWindowLimiter(options?: SlidingWindowOptions): SlidingWindowMiddleware;
+//# sourceMappingURL=rate-limit-sliding.d.ts.map

package/dist/middleware/rate-limit-sliding.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"rate-limit-sliding.d.ts","sourceRoot":"","sources":["../../src/middleware/rate-limit-sliding.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,OAAO,EAA0B,cAAc,EAAE,MAAM,SAAS,CAAC;AAI/E,MAAM,WAAW,oBAAoB;IACnC,gDAAgD;IAChD,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,0DAA0D;IAC1D,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACzB,wCAAwC;IACxC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,gEAAgE;IAChE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,uDAAuD;IACvD,YAAY,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,MAAM,CAAC;IACxC,0DAA0D;IAC1D,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,OAAO,CAAC;CAClC;AAOD,MAAM,WAAW,uBAAwB,SAAQ,cAAc;IAC7D,KAAK,EAAE,MAAM,IAAI,CAAC;CACnB;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,0BAA0B,CAAC,OAAO,GAAE,oBAAyB,GAAG,uBAAuB,CAiGtG"}

package/dist/middleware/rate-limit-token.d.ts ADDED Viewed

@@ -0,0 +1,51 @@
+/**
+ * @module @arcis/node/middleware/rate-limit-token
+ * Token bucket rate limiting middleware.
+ *
+ * Allows burst traffic while enforcing an average rate.
+ * Tokens refill at a steady rate. Each request costs 1 token.
+ *
+ * Algorithm:
+ *   tokens = min(capacity, tokens + elapsed * refillRate)
+ *   if tokens >= cost: allow, subtract cost
+ *   else: deny
+ *
+ * @example
+ * app.use(createTokenBucketLimiter({ capacity: 50, refillRate: 10 }));
+ */
+import type { Request, RequestHandler } from 'express';
+export interface TokenBucketOptions {
+    /** Maximum tokens (burst size). Default: 100 */
+    capacity?: number;
+    /** Tokens added per second. Default: 10 */
+    refillRate?: number;
+    /** Tokens consumed per request. Default: 1 */
+    cost?: number;
+    /** Error message when limit exceeded */
+    message?: string;
+    /** HTTP status code for rate limited responses. Default: 429 */
+    statusCode?: number;
+    /** Function to generate rate limit key from request */
+    keyGenerator?: (req: Request) => string;
+    /** Function to skip rate limiting for certain requests */
+    skip?: (req: Request) => boolean;
+}
+export interface TokenBucketMiddleware extends RequestHandler {
+    close: () => void;
+}
+/**
+ * Create token bucket rate limiter middleware.
+ *
+ * @example
+ * // Allow bursts of 50, sustained rate of 10/sec
+ * app.use(createTokenBucketLimiter({ capacity: 50, refillRate: 10 }));
+ *
+ * @example
+ * // Strict API: 5 requests burst, 1/sec sustained
+ * app.use('/api/expensive', createTokenBucketLimiter({
+ *   capacity: 5,
+ *   refillRate: 1,
+ * }));
+ */
+export declare function createTokenBucketLimiter(options?: TokenBucketOptions): TokenBucketMiddleware;
+//# sourceMappingURL=rate-limit-token.d.ts.map

package/dist/middleware/rate-limit-token.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"rate-limit-token.d.ts","sourceRoot":"","sources":["../../src/middleware/rate-limit-token.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,OAAO,EAA0B,cAAc,EAAE,MAAM,SAAS,CAAC;AAG/E,MAAM,WAAW,kBAAkB;IACjC,gDAAgD;IAChD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,2CAA2C;IAC3C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,8CAA8C;IAC9C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,wCAAwC;IACxC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,gEAAgE;IAChE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,uDAAuD;IACvD,YAAY,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,MAAM,CAAC;IACxC,0DAA0D;IAC1D,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,OAAO,CAAC;CAClC;AAOD,MAAM,WAAW,qBAAsB,SAAQ,cAAc;IAC3D,KAAK,EAAE,MAAM,IAAI,CAAC;CACnB;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,wBAAwB,CAAC,OAAO,GAAE,kBAAuB,GAAG,qBAAqB,CA2FhG"}

package/dist/middleware/rate-limit.d.ts ADDED Viewed

@@ -0,0 +1,34 @@
+/**
+ * @module @arcis/node/middleware/rate-limit
+ * Rate limiting middleware
+ */
+import type { RateLimitOptions, RateLimiterMiddleware } from '../core/types';
+/**
+ * Create Express middleware for rate limiting.
+ *
+ * @param options - Rate limit configuration
+ * @returns Express middleware with cleanup method
+ *
+ * @example
+ * app.use(createRateLimiter({ max: 100, windowMs: 60000 }));
+ *
+ * @example
+ * // Skip rate limiting for certain routes
+ * app.use(createRateLimiter({
+ *   max: 50,
+ *   skip: (req) => req.path === '/health'
+ * }));
+ *
+ * @example
+ * // Cleanup on shutdown
+ * const limiter = createRateLimiter();
+ * app.use(limiter);
+ * process.on('SIGTERM', () => limiter.close());
+ */
+export declare function createRateLimiter(options?: RateLimitOptions): RateLimiterMiddleware;
+/**
+ * Alias for createRateLimiter
+ * @see createRateLimiter
+ */
+export declare const rateLimit: typeof createRateLimiter;
+//# sourceMappingURL=rate-limit.d.ts.map

package/dist/middleware/rate-limit.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"rate-limit.d.ts","sourceRoot":"","sources":["../../src/middleware/rate-limit.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,KAAK,EAAE,gBAAgB,EAAE,qBAAqB,EAAkB,MAAM,eAAe,CAAC;AAO7F;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,GAAE,gBAAqB,GAAG,qBAAqB,CAiHvF;AAED;;;GAGG;AACH,eAAO,MAAM,SAAS,0BAAoB,CAAC"}

package/dist/sanitizers/command.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+/**
+ * @module @arcis/node/sanitizers/command
+ * Command injection prevention
+ */
+import type { SanitizeResult } from '../core/types';
+/**
+ * Sanitizes a string to prevent command injection attacks.
+ * Replaces shell metacharacters and dangerous commands with [BLOCKED].
+ *
+ * @param input - The string to sanitize
+ * @param collectThreats - Whether to collect threat information (default: false for performance)
+ * @returns Sanitized string or SanitizeResult if collectThreats is true
+ *
+ * @example
+ * sanitizeCommand("file.txt; rm -rf /")
+ * // Returns: "file.txt  rm -rf /"
+ */
+export declare function sanitizeCommand(input: string, collectThreats?: false): string;
+export declare function sanitizeCommand(input: string, collectThreats: true): SanitizeResult;
+/**
+ * Checks if a string contains command injection patterns.
+ * Does not sanitize — use sanitizeCommand() for that.
+ *
+ * @param input - The string to check
+ * @returns True if command injection patterns detected
+ */
+export declare function detectCommandInjection(input: string): boolean;
+//# sourceMappingURL=command.d.ts.map

package/dist/sanitizers/command.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"command.d.ts","sourceRoot":"","sources":["../../src/sanitizers/command.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,KAAK,EAAE,cAAc,EAAc,MAAM,eAAe,CAAC;AAEhE;;;;;;;;;;;GAWG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,cAAc,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC;AAC/E,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,GAAG,cAAc,CAAC;AA4CrF;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAW7D"}

package/dist/sanitizers/encode.d.ts ADDED Viewed

@@ -0,0 +1,46 @@
+/**
+ * @module @arcis/node/sanitizers/encode
+ * Context-aware output encoding for XSS prevention.
+ *
+ * Wrong-context encoding is the #1 cause of XSS bypasses in "protected" apps.
+ * A single sanitize() is not enough when output goes to JS, CSS, or attribute contexts.
+ */
+/**
+ * Encodes for HTML body context. Entity-encodes & < > " '
+ *
+ * Use when outputting to HTML element content:
+ *   `<p>${encodeForHtml(userInput)}</p>`
+ */
+export declare function encodeForHtml(value: string): string;
+/**
+ * Encodes for HTML attribute context.
+ * All non-alphanumeric characters are encoded as `&#xHH;` hex entities.
+ *
+ * Use when outputting to HTML attributes:
+ *   `<div title="${encodeForAttribute(userInput)}">`
+ */
+export declare function encodeForAttribute(value: string): string;
+/**
+ * Encodes for JavaScript string context.
+ * Non-alphanumeric characters are escaped as `\xHH` (ASCII) or `\uHHHH` (Unicode).
+ *
+ * Use when embedding in JS string literals:
+ *   `var x = '${encodeForJs(userInput)}';`
+ */
+export declare function encodeForJs(value: string): string;
+/**
+ * Encodes for URL parameter context. Percent-encodes all non-unreserved chars.
+ *
+ * Use when building query strings:
+ *   `?q=${encodeForUrl(userInput)}`
+ */
+export declare function encodeForUrl(value: string): string;
+/**
+ * Encodes for CSS value context.
+ * Non-alphanumeric characters are hex-escaped as `\HH ` (trailing space per CSS spec).
+ *
+ * Use when embedding in CSS values:
+ *   `content: '${encodeForCss(userInput)}';`
+ */
+export declare function encodeForCss(value: string): string;
+//# sourceMappingURL=encode.d.ts.map

package/dist/sanitizers/encode.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"encode.d.ts","sourceRoot":"","sources":["../../src/sanitizers/encode.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAaH;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAGnD;AAED;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAiBxD;AAED;;;;;;GAMG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAmBjD;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAOlD;AAED;;;;;;GAMG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAkBlD"}

package/dist/sanitizers/headers.d.ts ADDED Viewed

@@ -0,0 +1,46 @@
+/**
+ * @module @arcis/node/sanitizers/headers
+ * HTTP Header Injection & CRLF Injection prevention
+ *
+ * Prevents attackers from injecting newline characters (\r\n) into HTTP header
+ * values, which can lead to response splitting, session fixation, XSS via
+ * injected headers, and cache poisoning.
+ */
+import type { SanitizeResult } from '../core/types';
+/**
+ * Sanitizes a header value by stripping CRLF sequences, bare CR/LF, and null bytes.
+ *
+ * @param input - The header value to sanitize
+ * @param collectThreats - Whether to collect threat information (default: false)
+ * @returns Sanitized string or SanitizeResult if collectThreats is true
+ *
+ * @example
+ * sanitizeHeaderValue("safe-value")
+ * // Returns: "safe-value"
+ *
+ * sanitizeHeaderValue("value\r\nX-Injected: evil")
+ * // Returns: "valueX-Injected: evil"
+ */
+export declare function sanitizeHeaderValue(input: string, collectThreats?: false): string;
+export declare function sanitizeHeaderValue(input: string, collectThreats: true): SanitizeResult;
+/**
+ * Sanitizes an object of header key-value pairs.
+ * Strips CRLF/null bytes from both keys and values.
+ *
+ * @param headers - Object with header names as keys and header values as values
+ * @returns New object with sanitized header names and values
+ *
+ * @example
+ * sanitizeHeaders({ "X-Custom": "safe", "X-Bad\r\n": "value\r\ninjected" })
+ * // Returns: { "X-Custom": "safe", "X-Bad": "valueinjected" }
+ */
+export declare function sanitizeHeaders(headers: Record<string, string>): Record<string, string>;
+/**
+ * Checks if a string contains HTTP header injection patterns (CRLF, null bytes).
+ * Does not sanitize — use sanitizeHeaderValue() for that.
+ *
+ * @param input - The string to check
+ * @returns True if header injection patterns detected
+ */
+export declare function detectHeaderInjection(input: string): boolean;
+//# sourceMappingURL=headers.d.ts.map

package/dist/sanitizers/headers.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"headers.d.ts","sourceRoot":"","sources":["../../src/sanitizers/headers.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAc,MAAM,eAAe,CAAC;AAUhE;;;;;;;;;;;;;GAaG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,EAAE,cAAc,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC;AACnF,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,GAAG,cAAc,CAAC;AAuCzF;;;;;;;;;;GAUG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAcvF;AAED;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAK5D"}

package/dist/sanitizers/index.d.ts CHANGED Viewed

@@ -1,24 +1,19 @@
-export { c as createSanitizer, d as detectCommandInjection, a as detectHeaderInjection, b as detectJsonpInjection, e as detectNoSqlInjection, f as detectPathTraversal, g as detectPii, h as detectPrototypePollution, i as detectSql, j as detectSsti, k as detectXss, l as detectXxe, m as getDangerousOperators, n as getDangerousProtoKeys, o as isDangerousNoSqlKey, p as isDangerousProtoKey, r as redactObjectPii, q as redactPii, s as sanitizeCommand, t as sanitizeHeaderValue, u as sanitizeHeaders, v as sanitizeJsonpCallback, w as sanitizeObject, x as sanitizePath, y as sanitizeSql, z as sanitizeSsti, A as sanitizeString, B as sanitizeXss, C as sanitizeXxe, D as scanObjectPii, E as scanPii } from '../pii-DhNpl7M3.js';
-import 'express';
-import '../types-CsOFHoD9.js';
 /**
- * @module @arcis/node/sanitizers/utils
- * Shared utilities for sanitizers
+ * @module @arcis/node/sanitizers
+ * All sanitization functions for Arcis
  */
-/**
- * Encodes HTML entities to prevent interpretation as markup.
- *
- * @param str - The string to encode
- * @returns The encoded string
- */
-declare function encodeHtmlEntities(str: string): string;
-/**
- * Checks if a value is a plain object (not null, array, Date, etc.)
- *
- * @param value - Value to check
- * @returns True if plain object
- */
-declare function isPlainObject(value: unknown): value is Record<string, unknown>;
-export { encodeHtmlEntities, isPlainObject };
+export { sanitizeString, sanitizeObject, createSanitizer } from './sanitize';
+export { sanitizeXss, detectXss } from './xss';
+export { sanitizeSql, detectSql } from './sql';
+export { sanitizePath, detectPathTraversal } from './path';
+export { sanitizeCommand, detectCommandInjection } from './command';
+export { isDangerousNoSqlKey, detectNoSqlInjection, getDangerousOperators } from './nosql';
+export { isDangerousProtoKey, detectPrototypePollution, getDangerousProtoKeys } from './prototype';
+export { sanitizeSsti, detectSsti } from './ssti';
+export { sanitizeXxe, detectXxe } from './xxe';
+export { sanitizeJsonpCallback, detectJsonpInjection } from './jsonp';
+export { sanitizeHeaderValue, sanitizeHeaders, detectHeaderInjection } from './headers';
+export { scanPii, detectPii, redactPii, scanObjectPii, redactObjectPii } from './pii';
+export { encodeForHtml, encodeForAttribute, encodeForJs, encodeForUrl, encodeForCss } from './encode';
+export { encodeHtmlEntities, isPlainObject } from './utils';
+//# sourceMappingURL=index.d.ts.map

package/dist/sanitizers/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/sanitizers/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAG7E,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAC/C,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,mBAAmB,EAAE,MAAM,QAAQ,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,sBAAsB,EAAE,MAAM,WAAW,CAAC;AAGpE,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,SAAS,CAAC;AAG3F,OAAO,EAAE,mBAAmB,EAAE,wBAAwB,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAGnG,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAGlD,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAG/C,OAAO,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,MAAM,SAAS,CAAC;AAGtE,OAAO,EAAE,mBAAmB,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAC;AAGxF,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,OAAO,CAAC;AAGtF,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,WAAW,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAGtG,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC"}

package/dist/sanitizers/index.js CHANGED Viewed

@@ -901,6 +901,73 @@ function redactObjectPii(obj, options = {}) {
   return result;
 }
+// src/sanitizers/encode.ts
+var HTML_ENTITIES = {
+  "&": "&amp;",
+  "<": "&lt;",
+  ">": "&gt;",
+  '"': "&quot;",
+  "'": "&#x27;"
+};
+var HTML_ENCODE_RE = /[&<>"']/g;
+function encodeForHtml(value) {
+  if (!value) return "";
+  return value.replace(HTML_ENCODE_RE, (ch) => HTML_ENTITIES[ch]);
+}
+function encodeForAttribute(value) {
+  if (!value) return "";
+  let result = "";
+  for (let i = 0; i < value.length; i++) {
+    const ch = value.charCodeAt(i);
+    if (ch >= 48 && ch <= 57 || // 0-9
+    ch >= 65 && ch <= 90 || // A-Z
+    ch >= 97 && ch <= 122) {
+      result += value[i];
+    } else {
+      result += `&#x${ch.toString(16).toUpperCase()};`;
+    }
+  }
+  return result;
+}
+function encodeForJs(value) {
+  if (!value) return "";
+  let result = "";
+  for (let i = 0; i < value.length; i++) {
+    const ch = value.charCodeAt(i);
+    if (ch >= 48 && ch <= 57 || // 0-9
+    ch >= 65 && ch <= 90 || // A-Z
+    ch >= 97 && ch <= 122) {
+      result += value[i];
+    } else if (ch < 256) {
+      result += `\\x${ch.toString(16).toUpperCase().padStart(2, "0")}`;
+    } else {
+      result += `\\u${ch.toString(16).toUpperCase().padStart(4, "0")}`;
+    }
+  }
+  return result;
+}
+function encodeForUrl(value) {
+  if (!value) return "";
+  return encodeURIComponent(value).replace(/[!'()*]/g, (ch) => {
+    return `%${ch.charCodeAt(0).toString(16).toUpperCase()}`;
+  });
+}
+function encodeForCss(value) {
+  if (!value) return "";
+  let result = "";
+  for (let i = 0; i < value.length; i++) {
+    const ch = value.charCodeAt(i);
+    if (ch >= 48 && ch <= 57 || // 0-9
+    ch >= 65 && ch <= 90 || // A-Z
+    ch >= 97 && ch <= 122) {
+      result += value[i];
+    } else {
+      result += `\\${ch.toString(16).toUpperCase()} `;
+    }
+  }
+  return result;
+}
 exports.createSanitizer = createSanitizer;
 exports.detectCommandInjection = detectCommandInjection;
 exports.detectHeaderInjection = detectHeaderInjection;
@@ -913,6 +980,11 @@ exports.detectSql = detectSql;
 exports.detectSsti = detectSsti;
 exports.detectXss = detectXss;
 exports.detectXxe = detectXxe;
+exports.encodeForAttribute = encodeForAttribute;
+exports.encodeForCss = encodeForCss;
+exports.encodeForHtml = encodeForHtml;
+exports.encodeForJs = encodeForJs;
+exports.encodeForUrl = encodeForUrl;
 exports.encodeHtmlEntities = encodeHtmlEntities;
 exports.getDangerousOperators = getDangerousOperators;
 exports.getDangerousProtoKeys = getDangerousProtoKeys;