@better-auth/core 1.4.16 → 1.4.17

package/.turbo/turbo-build.log

@@ -1,5 +1,5 @@
 
-> @better-auth/core@1.4.16 build /home/runner/work/better-auth/better-auth/packages/core
+> @better-auth/core@1.4.17 build /home/runner/work/better-auth/better-auth/packages/core
 > tsdown
 
 ℹ tsdown v0.17.2 powered by rolldown v1.0.0-beta.53
@@ -100,7 +100,7 @@
 ℹ dist/error/index.d.mts                           0.27 kB │ gzip: 0.21 kB
 ℹ dist/async_hooks/index.d.mts                     0.24 kB │ gzip: 0.16 kB
 ℹ dist/async_hooks/pure.index.d.mts                0.22 kB │ gzip: 0.16 kB
-ℹ dist/types/init-options.d.mts                   39.01 kB │ gzip: 8.77 kB
+ℹ dist/types/init-options.d.mts                   39.00 kB │ gzip: 8.77 kB
 ℹ dist/types/context.d.mts                         9.09 kB │ gzip: 2.66 kB
 ℹ dist/social-providers/zoom.d.mts                 6.71 kB │ gzip: 2.29 kB
 ℹ dist/oauth2/oauth-provider.d.mts                 5.92 kB │ gzip: 1.67 kB
@@ -138,7 +138,7 @@
 ℹ dist/social-providers/kick.d.mts                 1.62 kB │ gzip: 0.59 kB
 ℹ dist/social-providers/linkedin.d.mts             1.61 kB │ gzip: 0.60 kB
 ℹ dist/social-providers/linear.d.mts               1.60 kB │ gzip: 0.59 kB
-ℹ dist/utils/ip.d.mts                              1.58 kB │ gzip: 0.69 kB
+ℹ dist/utils/ip.d.mts                              1.58 kB │ gzip: 0.68 kB
 ℹ dist/oauth2/validate-authorization-code.d.mts    1.57 kB │ gzip: 0.49 kB
 ℹ dist/social-providers/notion.d.mts               1.56 kB │ gzip: 0.59 kB
 ℹ dist/social-providers/reddit.d.mts               1.54 kB │ gzip: 0.57 kB
@@ -180,5 +180,5 @@
 ℹ dist/utils/json.d.mts                            0.13 kB │ gzip: 0.13 kB
 ℹ dist/utils/id.d.mts                              0.12 kB │ gzip: 0.12 kB
 ℹ dist/env/color-depth.d.mts                       0.12 kB │ gzip: 0.11 kB
-ℹ 173 files, total: 448.95 kB
-✔ Build complete in 6430ms
+ℹ 173 files, total: 448.94 kB
+✔ Build complete in 7089ms

package/dist/context/global.mjs

@@ -2,7 +2,7 @@
 const symbol = Symbol.for("better-auth:global");
 let bind = null;
 const __context = {};
-const __betterAuthVersion = "1.4.16";
+const __betterAuthVersion = "1.4.17";
 /**
 * We store context instance in the globalThis.
 *

package/dist/types/init-options.d.mts

@@ -138,7 +138,7 @@ type BetterAuthAdvancedOptions = {
      * Note: This only affects IPv6 addresses. IPv4 addresses are always
      * rate limited individually.
      *
-     * @default 128 (individual address)
+     * @default 64 (/64 subnet)
      */
     ipv6Subnet?: 128 | 64 | 48 | 32 | undefined;
   } | undefined;

package/dist/utils/ip.d.mts

@@ -30,7 +30,7 @@ declare function isValidIP(ip: string): boolean;
  *
  * @example
  * normalizeIP("2001:DB8::1")
- * // -> "2001:0db8:0000:0000:0000:0000:0000:0001"
+ * // -> "2001:0db8:0000:0000:0000:0000:0000:0000"
  *
  * @example
  * normalizeIP("::ffff:192.0.2.1")

package/dist/utils/ip.mjs

@@ -85,7 +85,7 @@ function normalizeIPv6(ipv6, subnetPrefix) {
 *
 * @example
 * normalizeIP("2001:DB8::1")
-* // -> "2001:0db8:0000:0000:0000:0000:0000:0001"
+* // -> "2001:0db8:0000:0000:0000:0000:0000:0000"
 *
 * @example
 * normalizeIP("::ffff:192.0.2.1")
@@ -100,7 +100,7 @@ function normalizeIP(ip, options = {}) {
 	if (!isIPv6(ip)) return ip.toLowerCase();
 	const ipv4 = extractIPv4FromMapped(ip);
 	if (ipv4) return ipv4.toLowerCase();
-	return normalizeIPv6(ip, options.ipv6Subnet || 128);
+	return normalizeIPv6(ip, options.ipv6Subnet || 64);
 }
 /**
 * Creates a rate limit key from IP and path

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@better-auth/core",
-  "version": "1.4.16",
+  "version": "1.4.17",
   "description": "The most comprehensive authentication framework for TypeScript.",
   "type": "module",
   "repository": {
@@ -122,7 +122,7 @@
   },
   "dependencies": {
     "@standard-schema/spec": "^1.0.0",
-    "zod": "^4.1.12"
+    "zod": "^4.3.5"
   },
   "peerDependencies": {
     "@better-auth/utils": "0.3.0",

package/src/types/init-options.ts

@@ -158,7 +158,7 @@ export type BetterAuthAdvancedOptions = {
 				 * Note: This only affects IPv6 addresses. IPv4 addresses are always
 				 * rate limited individually.
 				 *
-				 * @default 128 (individual address)
+				 * @default 64 (/64 subnet)
 				 */
 				ipv6Subnet?: 128 | 64 | 48 | 32 | undefined;
 		  }

package/src/utils/ip.test.ts

@@ -34,20 +34,22 @@ describe("IP Normalization", () => {
 
 	describe("IPv6 Normalization", () => {
 		it("should normalize compressed IPv6 to full form", () => {
-			expect(normalizeIP("2001:db8::1")).toBe(
+			expect(normalizeIP("2001:db8::1", { ipv6Subnet: 128 })).toBe(
 				"2001:0db8:0000:0000:0000:0000:0000:0001",
 			);
-			expect(normalizeIP("::1")).toBe(
+			expect(normalizeIP("::1", { ipv6Subnet: 128 })).toBe(
 				"0000:0000:0000:0000:0000:0000:0000:0001",
 			);
-			expect(normalizeIP("::")).toBe("0000:0000:0000:0000:0000:0000:0000:0000");
+			expect(normalizeIP("::", { ipv6Subnet: 128 })).toBe(
+				"0000:0000:0000:0000:0000:0000:0000:0000",
+			);
 		});
 
 		it("should normalize uppercase to lowercase", () => {
-			expect(normalizeIP("2001:DB8::1")).toBe(
+			expect(normalizeIP("2001:DB8::1", { ipv6Subnet: 128 })).toBe(
 				"2001:0db8:0000:0000:0000:0000:0000:0001",
 			);
-			expect(normalizeIP("2001:0DB8:ABCD:EF00::1")).toBe(
+			expect(normalizeIP("2001:0DB8:ABCD:EF00::1", { ipv6Subnet: 128 })).toBe(
 				"2001:0db8:abcd:ef00:0000:0000:0000:0001",
 			);
 		});
@@ -55,16 +57,22 @@ describe("IP Normalization", () => {
 		it("should handle various IPv6 formats consistently", () => {
 			// All these represent the same address
 			const normalized = "2001:0db8:0000:0000:0000:0000:0000:0001";
-			expect(normalizeIP("2001:db8::1")).toBe(normalized);
-			expect(normalizeIP("2001:0db8:0:0:0:0:0:1")).toBe(normalized);
-			expect(normalizeIP("2001:db8:0::1")).toBe(normalized);
-			expect(normalizeIP("2001:0db8::0:0:0:1")).toBe(normalized);
+			expect(normalizeIP("2001:db8::1", { ipv6Subnet: 128 })).toBe(normalized);
+			expect(normalizeIP("2001:0db8:0:0:0:0:0:1", { ipv6Subnet: 128 })).toBe(
+				normalized,
+			);
+			expect(normalizeIP("2001:db8:0::1", { ipv6Subnet: 128 })).toBe(
+				normalized,
+			);
+			expect(normalizeIP("2001:0db8::0:0:0:1", { ipv6Subnet: 128 })).toBe(
+				normalized,
+			);
 		});
 
 		it("should handle IPv6 with :: at different positions", () => {
-			expect(normalizeIP("2001:db8:85a3::8a2e:370:7334")).toBe(
-				"2001:0db8:85a3:0000:0000:8a2e:0370:7334",
-			);
+			expect(
+				normalizeIP("2001:db8:85a3::8a2e:370:7334", { ipv6Subnet: 128 }),
+			).toBe("2001:0db8:85a3:0000:0000:8a2e:0370:7334");
 			expect(normalizeIP("::ffff:192.0.2.1")).not.toContain("::");
 		});
 	});
@@ -131,11 +139,11 @@ describe("IP Normalization", () => {
 			expect(ip1).toBe(ip2);
 		});
 
-		it("should handle /128 (full address) by default", () => {
+		it("should handle /64 subnet by default", () => {
 			const ip1 = normalizeIP("2001:db8::1");
-			const ip2 = normalizeIP("2001:db8::1", { ipv6Subnet: 128 });
+			const ip2 = normalizeIP("2001:db8::1", { ipv6Subnet: 64 });
 			expect(ip1).toBe(ip2);
-			expect(ip1).toBe("2001:0db8:0000:0000:0000:0000:0000:0001");
+			expect(ip1).toBe("2001:0db8:0000:0000:0000:0000:0000:0000");
 		});
 
 		it("should not affect IPv4 addresses when ipv6Subnet is set", () => {
@@ -179,7 +187,9 @@ describe("IP Normalization", () => {
 				"2001:db8::0:1",
 			];
 
-			const normalized = representations.map((ip) => normalizeIP(ip));
+			const normalized = representations.map((ip) =>
+				normalizeIP(ip, { ipv6Subnet: 128 }),
+			);
 			// All should normalize to the same value
 			const uniqueValues = new Set(normalized);
 			expect(uniqueValues.size).toBe(1);
@@ -223,19 +233,21 @@ describe("IP Normalization", () => {
 	describe("Edge Cases", () => {
 		it("should handle localhost addresses", () => {
 			expect(normalizeIP("127.0.0.1")).toBe("127.0.0.1");
-			expect(normalizeIP("::1")).toBe(
+			expect(normalizeIP("::1", { ipv6Subnet: 128 })).toBe(
 				"0000:0000:0000:0000:0000:0000:0000:0001",
 			);
 		});
 
 		it("should handle all-zeros address", () => {
 			expect(normalizeIP("0.0.0.0")).toBe("0.0.0.0");
-			expect(normalizeIP("::")).toBe("0000:0000:0000:0000:0000:0000:0000:0000");
+			expect(normalizeIP("::", { ipv6Subnet: 128 })).toBe(
+				"0000:0000:0000:0000:0000:0000:0000:0000",
+			);
 		});
 
 		it("should handle link-local addresses", () => {
 			expect(normalizeIP("169.254.0.1")).toBe("169.254.0.1");
-			expect(normalizeIP("fe80::1")).toBe(
+			expect(normalizeIP("fe80::1", { ipv6Subnet: 128 })).toBe(
 				"fe80:0000:0000:0000:0000:0000:0000:0001",
 			);
 		});

package/src/utils/ip.ts

@@ -160,7 +160,7 @@ function normalizeIPv6(
  *
  * @example
  * normalizeIP("2001:DB8::1")
- * // -> "2001:0db8:0000:0000:0000:0000:0000:0001"
+ * // -> "2001:0db8:0000:0000:0000:0000:0000:0000"
  *
  * @example
  * normalizeIP("::ffff:192.0.2.1")
@@ -192,7 +192,7 @@ export function normalizeIP(
 	}
 
 	// Normalize IPv6
-	const subnetPrefix = options.ipv6Subnet || 128;
+	const subnetPrefix = options.ipv6Subnet || 64;
 	return normalizeIPv6(ip, subnetPrefix);
 }