@arcjet/analyze 1.0.0-beta.1 → 1.0.0-beta.10

package/README.md

@@ -22,37 +22,71 @@ against common attacks.
 
 This is the [Arcjet][arcjet] local analysis engine.
 
-## Installation
+- [npm package (`@arcjet/analyze`)](https://www.npmjs.com/package/@arcjet/analyze)
+- [GitHub source code (`analyze/` in `arcjet/arcjet-js`)](https://github.com/arcjet/arcjet-js/tree/main/analyze)
 
-```shell
-npm install -S @arcjet/analyze
-```
+## What is this?
 
-## Example
+This package provides functionality to analyze requests.
+The work is done in WebAssembly but is called here from JavaScript.
+The functionality is wrapped up into rules in our core package
+([`arcjet`][github-arcjet-arcjet]),
+in turn exposed from our adapters (such as `@arcjet/next`).
 
-```ts
-import { generateFingerprint, isValidEmail } from "@arcjet/analyze";
+<!-- TODO(@wooorm-arcjet): link `adapters` above when the main repo is up to date. -->
+
+The WebAssembly files are in
+[`@arcjet/analyze-wasm`][github-arcjet-analyze-wasm].
+They are separate because we need to change the import structure for each
+runtime that we support in the bindings.
+Separate packages lets us not duplicate code while providing a combined
+higher-level API for calling our core functionality.
+
+## When should I use this?
 
-const fingerprint = generateFingerprint("127.0.0.1");
-console.log("fingerprint: ", fingerprint);
+This is an internal Arcjet package not designed for public use.
+See our [_Get started_ guide][arcjet-get-started] for how to use Arcjet in your
+application.
 
-const valid = isValidEmail("hello@example.com");
-console.log("is email valid?", valid);
+## Install
+
+This package is ESM only.
+Install with npm in Node.js:
+
+```sh
+npm install @arcjet/analyze
 ```
 
-## Implementation
+## Use
 
-This package uses the Wasm bindings provided by `@arcjet/analyze-wasm` to
-call various functions that are exported by our wasm bindings.
+```js
+import { generateFingerprint, isValidEmail } from "@arcjet/analyze";
 
-We chose to put this logic in a separate package because we need to change the
-import structure for each runtime that we support in the wasm bindings. Moving
-this to a separate package allows us not to have to duplicate code while providing
-a combined higher-level api for calling our core functionality in Wasm.
+const fingerprint = await generateFingerprint(
+  { characteristics: [] },
+  { ip: "127.0.0.1" },
+);
+console.log(fingerprint);
+// => "fp::2::0d219da6100b99f95cf639b77e088c6df3c096aa5fd61dec5287c5cf94d5e545"
+
+const result = await isValidEmail({}, "hello@example.com", {
+  tag: "allow-email-validation-config",
+  val: {
+    allowDomainLiteral: false,
+    allow: [],
+    requireTopLevelDomain: true,
+  },
+});
+console.log(result);
+// => { blocked: [], validity: "valid" }
+```
 
 ## License
 
-Licensed under the [Apache License, Version 2.0][apache-license].
+[Apache License, Version 2.0][apache-license] © [Arcjet Labs, Inc.][arcjet]
 
 [arcjet]: https://arcjet.com
+[arcjet-get-started]: https://docs.arcjet.com/get-started
 [apache-license]: http://www.apache.org/licenses/LICENSE-2.0
+[github-arcjet-analyze-wasm]: https://github.com/arcjet/arcjet-js/tree/main/analyze-wasm
+[github-arcjet-arcjet]: https://github.com/arcjet/arcjet-js/tree/main/arcjet

package/index.js

@@ -7,14 +7,20 @@ const FREE_EMAIL_PROVIDERS = [
     "aol.com",
     "hotmail.co.uk",
 ];
-function noOpDetect() {
+function noOpSensitiveInfoDetect() {
+    return [];
+}
+function noOpBotsDetect() {
     return [];
 }
 function createCoreImports(detect) {
     if (typeof detect !== "function") {
-        detect = noOpDetect;
+        detect = noOpSensitiveInfoDetect;
     }
     return {
+        "arcjet:js-req/bot-identifier": {
+            detect: noOpBotsDetect,
+        },
         "arcjet:js-req/email-validator-overrides": {
             isFreeEmail(domain) {
                 if (FREE_EMAIL_PROVIDERS.includes(domain)) {
@@ -32,9 +38,11 @@ function createCoreImports(detect) {
                 return "unknown";
             },
         },
+        // TODO(@wooorm-arcjet): figure out a test case for this with the default `detect`.
         "arcjet:js-req/sensitive-information-identifier": {
             detect,
         },
+        // TODO(@wooorm-arcjet): figure out a test case for this that calls `verify`.
         "arcjet:js-req/verify-bot": {
             verify() {
                 return "unverifiable";
@@ -42,6 +50,7 @@ function createCoreImports(detect) {
         },
     };
 }
+// TODO(@wooorm-arcjet): document what is used to fingerprint.
 /**
  * Generate a fingerprint for the client. This is used to identify the client
  * across multiple requests.
@@ -55,46 +64,39 @@ async function generateFingerprint(context, request) {
     const analyze = await initializeWasm(coreImports);
     if (typeof analyze !== "undefined") {
         return analyze.generateFingerprint(JSON.stringify(request), context.characteristics);
+        // Ignore the `else` branch as we test in places that have WebAssembly.
+        /* node:coverage ignore next 4 */
     }
-    else {
-        log.debug("WebAssembly is not supported in this runtime");
-    }
+    log.debug("WebAssembly is not supported in this runtime");
     return "";
 }
+// TODO(@wooorm-arcjet): docs.
 async function isValidEmail(context, candidate, options) {
     const { log } = context;
     const coreImports = createCoreImports();
     const analyze = await initializeWasm(coreImports);
     if (typeof analyze !== "undefined") {
         return analyze.isValidEmail(candidate, options);
+        // Ignore the `else` branch as we test in places that have WebAssembly.
+        /* node:coverage ignore next 4 */
     }
-    else {
-        log.debug("WebAssembly is not supported in this runtime");
-        // Skip the local evaluation of the rule if WASM is not available
-        return {
-            validity: "valid",
-            blocked: [],
-        };
-    }
+    log.debug("WebAssembly is not supported in this runtime");
+    return { blocked: [], validity: "valid" };
 }
+// TODO(@wooorm-arcjet): docs.
 async function detectBot(context, request, options) {
     const { log } = context;
     const coreImports = createCoreImports();
     const analyze = await initializeWasm(coreImports);
     if (typeof analyze !== "undefined") {
         return analyze.detectBot(JSON.stringify(request), options);
+        // Ignore the `else` branch as we test in places that have WebAssembly.
+        /* node:coverage ignore next 4 */
     }
-    else {
-        log.debug("WebAssembly is not supported in this runtime");
-        // Skip the local evaluation of the rule if Wasm is not available
-        return {
-            allowed: [],
-            denied: [],
-            spoofed: false,
-            verified: false,
-        };
-    }
+    log.debug("WebAssembly is not supported in this runtime");
+    return { allowed: [], denied: [], spoofed: false, verified: false };
 }
+// TODO(@wooorm-arcjet): docs.
 async function detectSensitiveInfo(context, candidate, entities, contextWindowSize, detect) {
     const { log } = context;
     const coreImports = createCoreImports(detect);
@@ -106,11 +108,11 @@ async function detectSensitiveInfo(context, candidate, entities, contextWindowSi
             contextWindowSize,
             skipCustomDetect,
         });
+        // Ignore the `else` branch as we test in places that have WebAssembly.
+        /* node:coverage ignore next 4 */
     }
-    else {
-        log.debug("WebAssembly is not supported in this runtime");
-        throw new Error("SENSITIVE_INFO rule failed to run because Wasm is not supported in this environment.");
-    }
+    log.debug("WebAssembly is not supported in this runtime");
+    throw new Error("SENSITIVE_INFO rule failed to run because Wasm is not supported in this environment.");
 }
 
 export { detectBot, detectSensitiveInfo, generateFingerprint, isValidEmail };

package/package.json

@@ -1,7 +1,15 @@
 {
   "name": "@arcjet/analyze",
-  "version": "1.0.0-beta.1",
+  "version": "1.0.0-beta.10",
   "description": "Arcjet local analysis engine",
+  "keywords": [
+    "analyze",
+    "arcjet",
+    "attack",
+    "limit",
+    "protect",
+    "verify"
+  ],
   "license": "Apache-2.0",
   "homepage": "https://arcjet.com",
   "repository": {
@@ -25,34 +33,30 @@
   "main": "./index.js",
   "types": "./index.d.ts",
   "files": [
-    "LICENSE",
-    "README.md",
-    "_virtual/",
-    "wasm/",
-    "*.js",
-    "*.d.ts",
-    "!*.config.js"
+    "index.d.ts",
+    "index.js"
   ],
   "scripts": {
-    "prepublishOnly": "npm run build",
     "build": "rollup --config rollup.config.js",
     "lint": "eslint .",
-    "pretest": "npm run build",
-    "test": "node --test --experimental-test-coverage"
+    "prepublishOnly": "npm run build",
+    "test-api": "node --test",
+    "test-coverage": "node --experimental-test-coverage --test",
+    "test": "npm run build && npm run lint && npm run test-coverage"
   },
   "dependencies": {
-    "@arcjet/analyze-wasm": "1.0.0-beta.1",
-    "@arcjet/protocol": "1.0.0-beta.1"
+    "@arcjet/analyze-wasm": "1.0.0-beta.10",
+    "@arcjet/protocol": "1.0.0-beta.10"
   },
   "devDependencies": {
-    "@arcjet/eslint-config": "1.0.0-beta.1",
-    "@arcjet/rollup-config": "1.0.0-beta.1",
-    "@arcjet/tsconfig": "1.0.0-beta.1",
+    "@arcjet/eslint-config": "1.0.0-beta.10",
+    "@arcjet/rollup-config": "1.0.0-beta.10",
+    "@arcjet/tsconfig": "1.0.0-beta.10",
     "@bytecodealliance/jco": "1.5.0",
-    "@rollup/wasm-node": "4.30.1",
+    "@rollup/wasm-node": "4.46.2",
     "@types/node": "18.18.0",
-    "expect": "29.7.0",
-    "typescript": "5.7.3"
+    "eslint": "9.32.0",
+    "typescript": "5.9.2"
   },
   "publishConfig": {
     "access": "public",