@arcis/node 1.3.0 → 1.4.0

package/dist/middleware/index.d.mts

@@ -1,3 +0,0 @@
-export { g as arcis, h as arcisFunction, i as botProtection, j as createCors, k as createCsrf, l as createErrorHandler, m as createHeaders, n as createRateLimiter, o as createSecureCookies, p as createSlidingWindowLimiter, q as createTokenBucketLimiter, r as csrfProtection, h as default, s as detectBot, t as enforceSecureCookie, u as errorHandler, v as generateCsrfToken, w as rateLimit, x as safeCors, y as secureCookieDefaults, z as securityHeaders, A as validateCsrfToken } from '../index-DgJtWMSj.mjs';
-import '../types-BOkx5YJc.mjs';
-import 'express';

package/dist/sanitizers/index.d.mts

@@ -1,24 +0,0 @@
-export { c as createSanitizer, d as detectCommandInjection, a as detectHeaderInjection, b as detectJsonpInjection, e as detectNoSqlInjection, f as detectPathTraversal, g as detectPii, h as detectPrototypePollution, i as detectSql, j as detectSsti, k as detectXss, l as detectXxe, m as encodeForAttribute, n as encodeForCss, o as encodeForHtml, p as encodeForJs, q as encodeForUrl, r as getDangerousOperators, s as getDangerousProtoKeys, t as isDangerousNoSqlKey, u as isDangerousProtoKey, v as redactObjectPii, w as redactPii, x as sanitizeCommand, y as sanitizeHeaderValue, z as sanitizeHeaders, A as sanitizeJsonpCallback, B as sanitizeObject, C as sanitizePath, D as sanitizeSql, E as sanitizeSsti, F as sanitizeString, G as sanitizeXss, H as sanitizeXxe, I as scanObjectPii, J as scanPii } from '../encode-CrQCGlBq.mjs';
-import 'express';
-import '../types-BOkx5YJc.mjs';
-
-/**
- * @module @arcis/node/sanitizers/utils
- * Shared utilities for sanitizers
- */
-/**
- * Encodes HTML entities to prevent interpretation as markup.
- *
- * @param str - The string to encode
- * @returns The encoded string
- */
-declare function encodeHtmlEntities(str: string): string;
-/**
- * Checks if a value is a plain object (not null, array, Date, etc.)
- *
- * @param value - Value to check
- * @returns True if plain object
- */
-declare function isPlainObject(value: unknown): value is Record<string, unknown>;
-
-export { encodeHtmlEntities, isPlainObject };

package/dist/types-BOkx5YJc.d.ts

@@ -1,279 +0,0 @@
-import { Request, RequestHandler, Response, NextFunction } from 'express';
-
-/**
- * @module @arcis/node/core/types
- * All TypeScript interfaces and types for Arcis
- */
-
-/** Main Arcis configuration options */
-interface ArcisOptions {
-    /** Enable/configure input sanitization. Default: true */
-    sanitize?: boolean | SanitizeOptions;
-    /** Enable/configure rate limiting. Default: true */
-    rateLimit?: boolean | RateLimitOptions;
-    /** Enable/configure security headers. Default: true */
-    headers?: boolean | HeaderOptions;
-    /** Enable/configure safe logging. Default: true */
-    logging?: boolean | LogOptions;
-}
-/** Sanitization configuration */
-interface SanitizeOptions {
-    /** Sanitize XSS attempts. Default: true */
-    xss?: boolean;
-    /** Sanitize SQL injection attempts. Default: true */
-    sql?: boolean;
-    /** Sanitize NoSQL injection attempts. Default: true */
-    nosql?: boolean;
-    /** Sanitize path traversal attempts. Default: true */
-    path?: boolean;
-    /** Protect against prototype pollution. Default: true */
-    proto?: boolean;
-    /** Sanitize command injection attempts. Default: true */
-    command?: boolean;
-    /** Maximum input size in bytes. Default: 1000000 (1MB) */
-    maxSize?: number;
-    /**
-     * How to handle detected SQL and command injection threats.
-     * - 'reject': Throw SecurityThreatError (returns 400). Recommended for APIs. Default.
-     * - 'sanitize': Strip/replace threats in-place. Use only when rejection is not feasible.
-     */
-    mode?: 'sanitize' | 'reject';
-    /**
-     * HTML-encode output after XSS stripping.
-     * Enable for SSR/template rendering. Do NOT enable for JSON REST APIs
-     * — it corrupts stored data with HTML entities. Default: false.
-     */
-    htmlEncode?: boolean;
-    /** Freeze sanitized objects with Object.freeze() to prevent mutation. Default: false */
-    freeze?: boolean;
-}
-/** Result of sanitizing a string */
-interface SanitizeResult {
-    /** The sanitized value */
-    value: string;
-    /** Whether any sanitization was applied */
-    wasSanitized: boolean;
-    /** Details about detected threats */
-    threats: ThreatInfo[];
-}
-/** Information about a detected threat */
-interface ThreatInfo {
-    /** Type of threat detected */
-    type: ThreatType;
-    /** Pattern that matched */
-    pattern: string;
-    /** Original matched content */
-    original: string;
-    /** Location in the input (if applicable) */
-    location?: string;
-}
-/** Types of security threats */
-type ThreatType = 'xss' | 'sql_injection' | 'nosql_injection' | 'path_traversal' | 'command_injection' | 'prototype_pollution' | 'header_injection' | 'ssti' | 'xxe';
-/** Rate limiting configuration */
-interface RateLimitOptions {
-    /** Maximum requests per window. Default: 100 */
-    max?: number;
-    /** Window size in milliseconds. Default: 60000 (1 minute) */
-    windowMs?: number;
-    /** Error message when limit exceeded */
-    message?: string;
-    /** HTTP status code for rate limited responses. Default: 429 */
-    statusCode?: number;
-    /** Function to generate rate limit key from request */
-    keyGenerator?: (req: Request) => string;
-    /** Function to skip rate limiting for certain requests */
-    skip?: (req: Request) => boolean;
-    /** Optional external store for distributed rate limiting */
-    store?: RateLimitStore;
-}
-/** External store interface for distributed rate limiting */
-interface RateLimitStore {
-    /** Get current count for a key */
-    get(key: string): Promise<RateLimitEntry | null>;
-    /** Set entry for a key */
-    set(key: string, entry: RateLimitEntry): Promise<void>;
-    /** Increment count for a key */
-    increment(key: string): Promise<number>;
-    /** Decrement count for a key (for sliding window) */
-    decrement?(key: string): Promise<void>;
-    /** Reset count for a key */
-    reset?(key: string): Promise<void>;
-    /** Close the store (cleanup connections) */
-    close?(): Promise<void>;
-}
-/** Rate limit entry stored in a store */
-interface RateLimitEntry {
-    /** Number of requests in the current window */
-    count: number;
-    /** Timestamp when the window resets */
-    resetTime: number;
-}
-/** Result from incrementing a rate limit counter */
-interface RateLimitResult {
-    /** Current request count */
-    count: number;
-    /** When the window resets */
-    resetTime: Date;
-}
-/** Rate limiter middleware with cleanup support */
-interface RateLimiterMiddleware extends RequestHandler {
-    /** Clean up the rate limiter (clear intervals, close stores) */
-    close: () => void;
-}
-/** Security headers configuration */
-interface HeaderOptions {
-    /** Content Security Policy. true = default, string = custom, false = disabled */
-    contentSecurityPolicy?: boolean | string;
-    /** Enable X-XSS-Protection header. Default: true (sends '0' to disable legacy XSS auditor) */
-    xssFilter?: boolean;
-    /** Enable X-Content-Type-Options: nosniff. Default: true */
-    noSniff?: boolean;
-    /** X-Frame-Options value. Default: 'DENY' */
-    frameOptions?: 'DENY' | 'SAMEORIGIN' | false;
-    /** HSTS configuration. Default: true */
-    hsts?: boolean | HstsOptions;
-    /** Referrer-Policy value. Default: 'strict-origin-when-cross-origin' */
-    referrerPolicy?: string | false;
-    /** Permissions-Policy value */
-    permissionsPolicy?: string | false;
-    /** Cache-Control configuration. Default: true (no-cache) */
-    cacheControl?: boolean | string;
-    /** Cross-Origin-Opener-Policy value. Default: 'same-origin'. false to disable. */
-    crossOriginOpenerPolicy?: string | false;
-    /** Cross-Origin-Resource-Policy value. Default: 'same-origin'. false to disable. */
-    crossOriginResourcePolicy?: string | false;
-    /** Cross-Origin-Embedder-Policy value. Default: 'require-corp'. false to disable. */
-    crossOriginEmbedderPolicy?: string | false;
-    /** Origin-Agent-Cluster header. Default: true (sends '?1'). false to disable. */
-    originAgentCluster?: boolean;
-    /** X-DNS-Prefetch-Control value. Default: true (sends 'off'). false to disable. */
-    dnsPrefetchControl?: boolean;
-}
-/** HSTS (HTTP Strict Transport Security) options */
-interface HstsOptions {
-    /** Max age in seconds. Default: 31536000 (1 year) */
-    maxAge?: number;
-    /** Include subdomains. Default: true */
-    includeSubDomains?: boolean;
-    /** Enable HSTS preload. Default: false */
-    preload?: boolean;
-}
-/** Validation configuration */
-interface ValidationConfig {
-    /** Strip fields not in schema. Default: true (prevents mass assignment) */
-    stripUnknown?: boolean;
-    /** Stop on first error. Default: false */
-    abortEarly?: boolean;
-}
-/** Validation schema for request data */
-interface ValidationSchema {
-    [key: string]: FieldValidator;
-}
-/** Field validation rules */
-interface FieldValidator {
-    /** Expected data type */
-    type: 'string' | 'number' | 'boolean' | 'email' | 'url' | 'uuid' | 'array' | 'object';
-    /** Whether field is required. Default: false */
-    required?: boolean;
-    /** Minimum value (number) or length (string/array) */
-    min?: number;
-    /** Maximum value (number) or length (string/array) */
-    max?: number;
-    /** Regex pattern for string validation */
-    pattern?: RegExp;
-    /** Allowed values */
-    enum?: unknown[];
-    /** Whether to sanitize the value. Default: true */
-    sanitize?: boolean;
-    /**
-     * Custom validation function.
-     * Return `true` to pass, `false` to fail with a default message,
-     * or a non-empty string to fail with that message.
-     * Returning `undefined` (i.e. forgetting to return) throws at runtime.
-     */
-    custom?: (value: unknown) => true | false | string;
-}
-/** Validation result */
-interface ValidationResult {
-    /** Whether validation passed */
-    valid: boolean;
-    /** Validation errors */
-    errors: ValidationError[];
-    /** Validated and sanitized data */
-    data: Record<string, unknown>;
-}
-/** Single validation error */
-interface ValidationError {
-    /** Field that failed validation */
-    field: string;
-    /** Human-readable error message */
-    message: string;
-    /** Error code for programmatic handling */
-    code: string;
-}
-/** Safe logging configuration */
-type LogLevel = 'debug' | 'info' | 'warn' | 'error' | 'silent';
-interface LogOptions {
-    /** Additional keys to redact beyond defaults */
-    redactKeys?: string[];
-    /** Maximum message length before truncation. Default: 10000 */
-    maxLength?: number;
-    /** Additional patterns to redact (e.g., custom tokens) */
-    redactPatterns?: RegExp[];
-    /** Minimum log level. Messages below this level are skipped (no redaction work). Default: 'debug' */
-    level?: LogLevel;
-}
-/** Safe logger interface */
-interface SafeLogger {
-    /** Log at specified level */
-    log: (level: string, message: string, data?: unknown) => void;
-    /** Log info message */
-    info: (message: string, data?: unknown) => void;
-    /** Log warning message */
-    warn: (message: string, data?: unknown) => void;
-    /** Log error message */
-    error: (message: string, data?: unknown) => void;
-    /** Log debug message */
-    debug: (message: string, data?: unknown) => void;
-}
-/** Error handler configuration */
-interface ErrorHandlerOptions {
-    /** Show stack traces and detailed errors. Default: false */
-    isDev?: boolean;
-    /** Log errors. Default: true */
-    logErrors?: boolean;
-    /** Custom error logger */
-    logger?: SafeLogger;
-    /** Custom error handler */
-    customHandler?: (err: Error, req: Request, res: Response) => void;
-}
-/** Extended Error with optional status code */
-interface HttpError extends Error {
-    statusCode?: number;
-    status?: number;
-    /**
-     * Whether the error message is safe to expose to API clients.
-     * Set to true for known client-facing errors (4xx with controlled messages).
-     * Defaults to false — message is hidden in production unless explicitly exposed.
-     */
-    expose?: boolean;
-}
-/** Generic Arcis middleware type */
-type ArcisMiddleware = (req: Request, res: Response, next: NextFunction) => void | Promise<void>;
-/** Array of middlewares returned by arcis() with an attached cleanup method */
-type ArcisMiddlewareStack = RequestHandler[] & {
-    /** Clean up resources created by arcis() (rate limiter intervals, etc.) */
-    close: () => void;
-};
-/** Arcis function with attached utilities */
-interface ArcisFunction {
-    (options?: ArcisOptions): ArcisMiddlewareStack;
-    sanitize: (options?: SanitizeOptions) => RequestHandler;
-    rateLimit: (options?: RateLimitOptions) => RateLimiterMiddleware;
-    headers: (options?: HeaderOptions) => RequestHandler;
-    validate: (schema: ValidationSchema, source?: 'body' | 'query' | 'params') => RequestHandler;
-    logger: (options?: LogOptions) => SafeLogger;
-    errorHandler: (options?: ErrorHandlerOptions | boolean) => (err: Error, req: Request, res: Response, next: NextFunction) => void;
-}
-
-export type { ArcisFunction as A, ErrorHandlerOptions as E, FieldValidator as F, HeaderOptions as H, LogOptions as L, RateLimitEntry as R, SafeLogger as S, ThreatInfo as T, ValidationConfig as V, ArcisMiddleware as a, ArcisOptions as b, HstsOptions as c, HttpError as d, RateLimitOptions as e, RateLimitResult as f, RateLimitStore as g, RateLimiterMiddleware as h, SanitizeOptions as i, SanitizeResult as j, ThreatType as k, ValidationError as l, ValidationResult as m, ValidationSchema as n, ArcisMiddlewareStack as o };

package/dist/validation/index.d.mts

@@ -1,3 +0,0 @@
-export { g as createValidator, i as isDangerousExtension, h as isRedirectSafe, j as isUrlSafe, k as isValidEmailSyntax, s as sanitizeFilename, v as validate, l as validateEmail, m as validateFile, n as validateRedirect, o as validateUrl, p as verifyEmailMx } from '../index-Cd02z-0j.mjs';
-import 'express';
-import '../types-BOkx5YJc.mjs';