@arcis/node 1.5.2 → 1.6.1

package/README.md

@@ -4,17 +4,55 @@
 [![npm downloads](https://img.shields.io/npm/dm/@arcis/node.svg?label=downloads&color=00996D)](https://www.npmjs.com/package/@arcis/node)
 [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
 
-**One-line security middleware for Node.js.**
+**Inside-the-app security middleware for Node.js. One line of code, 30+ attack vectors handled, zero runtime dependencies.**
 
-Part of the [Arcis](https://github.com/Gagancm/arcis) ecosystem with implementations for Node.js, Python, and Go.
+```bash
+npm install @arcis/node
+```
+
+```js
+import { arcis } from '@arcis/node';
+app.use(arcis({ block: true }));
+```
+
+That's it. XSS, SQL injection, NoSQL injection, command injection, path traversal, prototype pollution, SSTI, XXE, SSRF, CSRF, HPP, prompt injection (V32), modern deserialization markers (V33), GraphQL alias bomb (V34), bot detection (635 patterns), rate limiting, security headers, error scrubbing, and a stateful per-IP correlation window are all wired up before your handler runs.
+
+**Docs**: [Quickstart](https://gagancm.github.io/arcis/documentation/getting-started.html) · [Detector reference](https://gagancm.github.io/arcis/documentation/detectors/) · [Framework adapters](https://gagancm.github.io/arcis/documentation/frameworks.html) · [Why Arcis](https://gagancm.github.io/arcis/documentation/why-arcis.html) · [Release notes](https://gagancm.github.io/arcis/documentation/release-notes.html)
+
+**Part of the [Arcis](https://github.com/Gagancm/arcis) ecosystem.** Node + Python + Go SDKs at full parity from one shared specification. **2,116+ Node tests · 1,688+ Python · 483+ Go.** All passing in CI on every PR.
+
+## Framework support
+
+10 first-party framework adapters as subpath imports. The core sanitizers work standalone with any framework.
+
+| Framework | Import | Status |
+|---|---|---|
+| Express | `import { arcis } from '@arcis/node'` | Built-in |
+| Fastify | `@arcis/node/fastify` | Adapter |
+| Koa | `@arcis/node/koa` | Adapter |
+| Hono | `@arcis/node/hono` | Adapter |
+| Next.js | `@arcis/node/nextjs` | Adapter |
+| NestJS | `@arcis/node/nestjs` | Adapter |
+| SvelteKit | `@arcis/node/sveltekit` | Adapter |
+| Astro | `@arcis/node/astro` | Adapter |
+| Nuxt | `@arcis/node/nuxt` | Adapter |
+| Bun | `@arcis/node/bun` | Adapter |
+
+## What's new in v1.6.0
 
-**20+ attack vectors covered. 1,869+ tests. Zero runtime dependencies.**
+- **NFKC normalization + multi-decode chain** at the top of `sanitizeString`. Fullwidth glyphs, encoded `<script>`, and triple-encoded payloads now match the same patterns as their plain forms.
+- **Modern deserialization detection (V33)**: new `detectDeserialization(payload)` returns `'python_pickle'`, `'java_fastjson'`, `'php_unserialize'`, `'ruby_marshal'`, `'dotnet_binary_formatter'`, or `null`. Detection-only because the right response is to refuse the request, not strip the bytes.
+- **GraphQL alias bomb + fragment cycle (V34)**: `graphqlGuard` accepts `maxAliases` (default 50) and `blockFragmentCycles` (default `true`). Brace-matched fragment dependency-graph walker catches self-reference and longer cycles.
+- **Toolcall-injection patterns (V32)**: 5 new patterns in `detectPromptInjection` covering `"tool_call"` / `"function_call"` markers, ANSI escapes, Claude `<tool_use>` tags, tool-name spoofing.
+- **`CorrelationWindow` middleware**: stateful per-IP rolling window (60s default) with scanner / credential-stuffing / race-window detection. Memory-capped at 10,000 IPs, 200 events per IP, LRU eviction.
+- **`protectLogin / protectSignup / protectApi` correlation wireup**: pass `correlation: { window }` to the existing helper and the stack records each request and refuses on a detection hit.
+- **Mutation tester**: 142 case-flip / URL-encode / HTML-entity / fullwidth variants ran against the XSS / SQLi / path corpora. Catches future pattern or normalization regressions that would re-open a bypass class.
 
-## What's new in v1.5.0
+## What was new in v1.5.0
 
 - **10 first-party framework adapters** — Express + Fastify (`@arcis/node/fastify`) + Koa (`@arcis/node/koa`) + Hono (`@arcis/node/hono`) + Next.js (`@arcis/node/nextjs`) + NestJS + SvelteKit + Astro + Nuxt + Bun. Each subpath import keeps the framework SDK as a type-only dependency.
-- **New attack vectors**: GraphQL depth-bombs (`graphqlGuard`), LDAP / XPath / email-header injection wired into block-mode, mass assignment (`massAssign`), HTTP method tampering (`methodAllowlist`), response splitting (`responseSplittingGuard`), event-loop overload (`eventLoopProtection`), SSRF DNS TOCTOU (`validateUrlAsync` + `pinnedDnsLookup` + `safeFollowRedirect`).
-- **AI-era protections**: 28-signature prompt-injection library (`detectPromptInjection`), per-key `tokenBudget` middleware, 646-pattern bot corpus.
+- **9 new attack vectors**: GraphQL depth-bombs (`graphqlGuard`), LDAP / XPath / email-header injection wired into block-mode, mass assignment (`massAssign`), HTTP method tampering (`methodAllowlist`), response splitting (`responseSplittingGuard`), event-loop overload (`eventLoopProtection`), SSRF DNS TOCTOU (`validateUrlAsync` + `pinnedDnsLookup` + `safeFollowRedirect`).
+- **AI-era protections**: 28-signature prompt-injection library (`detectPromptInjection`), per-key `tokenBudget` middleware, 635-pattern bot corpus.
 - **Composite helpers**: `protectLogin`, `protectSignup`, `protectApi`.
 - **Dry-run / `onSanitize` mode**: observe attack surface without enforcing.
 - **Guards API**: `arcis.guard({ input, context })` for queue consumers + agent tool handlers.
@@ -146,7 +184,10 @@ app.use('*', async (c, next) => {
 | CORS Misconfiguration | Whitelist-based origins, `null` origin blocked, `Vary: Origin` enforced |
 | Cookie Security | HttpOnly, Secure, SameSite enforced on all cookies |
 | Rate Limiting | Per-IP, sliding window, token bucket, in-memory or Redis, `X-RateLimit-*` headers |
-| Bot Detection | 80+ patterns, 7 categories (crawlers, scrapers, AI bots, etc.), behavioral signals |
+| Bot Detection | 635 patterns, 7 categories (crawlers, scrapers, AI bots, etc.), behavioral signals |
+| Deserialization (v1.6) | `detectDeserialization()` flags Python pickle, Java FastJSON `@type`, PHP `unserialize`, Ruby Marshal, .NET BinaryFormatter payloads |
+| GraphQL Abuse | `graphqlGuard` with `maxDepth`, `maxAliases`, `blockIntrospection`, `blockFragmentCycles` (v1.6) |
+| Stateful Correlation (v1.6) | `CorrelationWindow` detects scanners, credential stuffing, race-window probes per IP |
 | CSRF | Double-submit cookie, token generation and validation |
 | Security Headers | CSP, HSTS, X-Frame-Options, 10 headers out of the box |
 | Input Validation | Type checking, ranges, enums, email (disposable blocklist, typo suggestions, MX verify), mass assignment prevention |