npm - @blamejs/blamejs-shop - Versions diffs - 0.4.33 → 0.4.37 - Mend

@blamejs/blamejs-shop 0.4.33 → 0.4.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (48) hide show

package/lib/vendor/blamejs/test/layer-0-primitives/pipl-cn.test.js ADDED Viewed

@@ -0,0 +1,172 @@
+"use strict";
+// b.pipl.sccFilingAssessment + b.pipl.securityAssessmentCertificate —
+// China PIPL Art. 38/40/55 cross-border transfer record-builders (pure;
+// no DB). Drives the real b.pipl.* consumer path, asserts frozen records +
+// audit emission via a captured injected sink, and the config-time throws.
+var helpers = require("../helpers");
+var b       = helpers.b;
+var check   = helpers.check;
+// A b.audit-shaped capture sink — the builder prefers an injected
+// opts.audit object over the global b.audit (drop-silent without a DB
+// handler), so this is how the test asserts emission.
+function _captureAudit() {
+  var events = [];
+  return { events: events, safeEmit: function (ev) { events.push(ev); } };
+}
+function expectCode(label, fn, code) {
+  var threw = null;
+  try { fn(); } catch (e) { threw = e; }
+  check(label, threw && (threw.code || "") === code);
+}
+function expectThrows(label, fn) {
+  var threw = null;
+  try { fn(); } catch (e) { threw = e; }
+  check(label, threw instanceof Error);
+}
+function run() {
+  check("sccFilingAssessment is a function", typeof b.pipl.sccFilingAssessment === "function");
+  check("securityAssessmentCertificate is a function", typeof b.pipl.securityAssessmentCertificate === "function");
+  check("PiplError exposed on b.frameworkError", typeof b.frameworkError.PiplError === "function");
+  check("b.pipl.PiplError is the same constructor", b.pipl.PiplError === b.frameworkError.PiplError);
+  check("LEGAL_BASES is the Art. 38(1) triad",
+    b.pipl.LEGAL_BASES.length === 3 &&
+    b.pipl.LEGAL_BASES.indexOf("standard-contract") !== -1 &&
+    b.pipl.LEGAL_BASES.indexOf("security-assessment") !== -1 &&
+    b.pipl.LEGAL_BASES.indexOf("certification") !== -1);
+  check("pipl-cn is a cross-border-regulated posture",
+    b.compliance.isCrossBorderRegulated("pipl-cn") === true);
+  var recordedAt = 1700000000000;
+  // ---- sccFilingAssessment: below-threshold standard contract ----
+  var sink1 = _captureAudit();
+  var scc = b.pipl.sccFilingAssessment({
+    assessmentId: "xfer-1", transferType: "processor", recipientJurisdiction: "US",
+    dataCategories: ["contact", "billing"], legalBasis: "standard-contract",
+    volume: 5000, sensitivePI: false, recordedAt: recordedAt, audit: sink1,
+  });
+  check("scc: honors standard-contract below thresholds", scc.mechanismRequired === "standard-contract");
+  check("scc: securityAssessmentRequired false", scc.securityAssessmentRequired === false);
+  check("scc: record frozen", Object.isFrozen(scc));
+  check("scc: dataCategories frozen", Object.isFrozen(scc.dataCategories));
+  check("scc: nextReviewDueBy = recordedAt + 1 year",
+    scc.nextReviewDueBy === recordedAt + b.constants.TIME.days(365));
+  check("scc: emitted pipl.transfer.assessed",
+    sink1.events.length === 1 && sink1.events[0].action === "pipl.transfer.assessed");
+  check("scc: audit carries mechanismRequired",
+    sink1.events[0].metadata.mechanismRequired === "standard-contract");
+  // ---- CIIO forces security assessment over declared basis ----
+  var ciio = b.pipl.sccFilingAssessment({
+    assessmentId: "xfer-2", transferType: "controller-to-controller", recipientJurisdiction: "EU",
+    dataCategories: ["health"], legalBasis: "standard-contract",
+    volume: 100, sensitivePI: true, ciio: true, recordedAt: recordedAt,
+  });
+  check("scc: CIIO forces security-assessment", ciio.mechanismRequired === "security-assessment");
+  check("scc: CIIO sets securityAssessmentRequired", ciio.securityAssessmentRequired === true);
+  check("scc: CIIO trigger named", ciio.securityAssessmentTriggers.indexOf("ciio") !== -1);
+  check("scc: mandated assessment carries 3-year clock",
+    ciio.nextReviewDueBy === recordedAt + b.constants.TIME.days(365 * 3));
+  // ---- >1M non-sensitive PI forces it ----
+  var bigVol = b.pipl.sccFilingAssessment({
+    assessmentId: "xfer-3", transferType: "processor", recipientJurisdiction: "SG",
+    dataCategories: ["contact"], legalBasis: "certification",
+    volume: 1000001, sensitivePI: false, recordedAt: recordedAt,
+  });
+  check("scc: >1M non-sensitive volume forces security-assessment",
+    bigVol.mechanismRequired === "security-assessment" &&
+    bigVol.securityAssessmentTriggers.indexOf("non-sensitive-pi-volume") !== -1);
+  // ---- 100k-1M non-sensitive band is SCC, NOT security-assessment (the
+  //      100k cumulative threshold is the standard-contract tier per the CAC
+  //      2024 Provisions; a 200k non-sensitive transfer must not over-classify) ----
+  var midBand = b.pipl.sccFilingAssessment({
+    assessmentId: "xfer-3b", transferType: "processor", recipientJurisdiction: "US",
+    dataCategories: ["contact"], legalBasis: "standard-contract",
+    volume: 200000, sensitivePI: false, recordedAt: recordedAt,
+  });
+  check("scc: 200k non-sensitive stays standard-contract (no over-classify)",
+    midBand.mechanismRequired === "standard-contract" &&
+    midBand.securityAssessmentRequired === false);
+  // ---- THIS transfer's volume counts toward the cumulative sensitive
+  //      threshold: a first transfer of 10,001 sensitive subjects forces it
+  //      even with cumulativeSensitivePI omitted (defaults 0) ----
+  var firstSens = b.pipl.sccFilingAssessment({
+    assessmentId: "xfer-3c", transferType: "processor", recipientJurisdiction: "US",
+    dataCategories: ["biometric"], legalBasis: "standard-contract",
+    volume: 10001, sensitivePI: true, recordedAt: recordedAt,
+  });
+  check("scc: first 10,001 sensitive-PI transfer forces it (own volume counts)",
+    firstSens.securityAssessmentRequired === true &&
+    firstSens.securityAssessmentTriggers.indexOf("sensitive-pi-volume") !== -1);
+  // ---- cumulative sensitive-PI threshold (this transfer + prior cumulative) ----
+  var cumSens = b.pipl.sccFilingAssessment({
+    assessmentId: "xfer-4", transferType: "processor", recipientJurisdiction: "US",
+    dataCategories: ["biometric"], legalBasis: "standard-contract",
+    volume: 200, sensitivePI: true, cumulativeSensitivePI: 10001, recordedAt: recordedAt,
+  });
+  check("scc: >10k cumulative sensitive-PI forces it",
+    cumSens.securityAssessmentRequired === true &&
+    cumSens.securityAssessmentTriggers.indexOf("sensitive-pi-volume") !== -1);
+  // ---- securityAssessmentCertificate: happy path ----
+  var sink3 = _captureAudit();
+  var cert = b.pipl.securityAssessmentCertificate({
+    certId: "sa-1", assessmentScope: "CRM outbound replication",
+    dataExporter: "Acme (Shanghai) Co., Ltd.", overseasRecipient: "Acme Inc.",
+    riskRating: "medium", safeguards: ["XChaCha20 at rest", "standard contractual clauses"],
+    filingRef: "CAC-2026-0042", recordedAt: recordedAt, audit: sink3,
+  });
+  check("cert: record frozen", Object.isFrozen(cert));
+  check("cert: safeguards frozen", Object.isFrozen(cert.safeguards));
+  check("cert: validUntil = recordedAt + 3 years",
+    cert.validUntil === recordedAt + b.constants.TIME.days(365 * 3));
+  check("cert: filingRef carried", cert.filingRef === "CAC-2026-0042");
+  check("cert: emitted pipl.security_assessment.recorded",
+    sink3.events.length === 1 && sink3.events[0].action === "pipl.security_assessment.recorded");
+  check("cert: filingRef omitted defaults null",
+    b.pipl.securityAssessmentCertificate({
+      certId: "sa-2", assessmentScope: "s", dataExporter: "e", overseasRecipient: "r",
+      riskRating: "low", safeguards: ["x"], recordedAt: recordedAt,
+    }).filingRef === null);
+  // ---- Config-time throws ----
+  expectCode("scc: non-object opts throws",
+    function () { b.pipl.sccFilingAssessment("nope"); }, "pipl/bad-opts");
+  expectThrows("scc: unknown opt key throws",
+    function () { b.pipl.sccFilingAssessment({ assessmentId: "x", bogusKey: 1 }); });
+  expectCode("scc: missing assessmentId throws",
+    function () { b.pipl.sccFilingAssessment({ transferType: "p", recipientJurisdiction: "US", dataCategories: ["c"], legalBasis: "standard-contract", volume: 1, sensitivePI: false, recordedAt: recordedAt }); }, "pipl/bad-assessment-id");
+  expectCode("scc: empty dataCategories throws",
+    function () { b.pipl.sccFilingAssessment({ assessmentId: "x", transferType: "p", recipientJurisdiction: "US", dataCategories: [], legalBasis: "standard-contract", volume: 1, sensitivePI: false, recordedAt: recordedAt }); }, "pipl/bad-data-categories");
+  expectCode("scc: bad legalBasis throws",
+    function () { b.pipl.sccFilingAssessment({ assessmentId: "x", transferType: "p", recipientJurisdiction: "US", dataCategories: ["c"], legalBasis: "bogus", volume: 1, sensitivePI: false, recordedAt: recordedAt }); }, "pipl/bad-legal-basis");
+  expectCode("scc: non-boolean sensitivePI throws",
+    function () { b.pipl.sccFilingAssessment({ assessmentId: "x", transferType: "p", recipientJurisdiction: "US", dataCategories: ["c"], legalBasis: "standard-contract", volume: 1, sensitivePI: "yes", recordedAt: recordedAt }); }, "pipl/bad-sensitive-pi");
+  expectCode("scc: missing recordedAt throws",
+    function () { b.pipl.sccFilingAssessment({ assessmentId: "x", transferType: "p", recipientJurisdiction: "US", dataCategories: ["c"], legalBasis: "standard-contract", volume: 1, sensitivePI: false }); }, "pipl/bad-recorded-at");
+  expectCode("cert: missing certId throws",
+    function () { b.pipl.securityAssessmentCertificate({ assessmentScope: "s", dataExporter: "e", overseasRecipient: "r", riskRating: "low", safeguards: ["x"], recordedAt: recordedAt }); }, "pipl/bad-cert-id");
+  expectCode("cert: bad riskRating throws",
+    function () { b.pipl.securityAssessmentCertificate({ certId: "c", assessmentScope: "s", dataExporter: "e", overseasRecipient: "r", riskRating: "critical", safeguards: ["x"], recordedAt: recordedAt }); }, "pipl/bad-risk-rating");
+  expectCode("cert: empty safeguards throws",
+    function () { b.pipl.securityAssessmentCertificate({ certId: "c", assessmentScope: "s", dataExporter: "e", overseasRecipient: "r", riskRating: "low", safeguards: [], recordedAt: recordedAt }); }, "pipl/bad-safeguards");
+  expectCode("cert: bad audit sink shape throws",
+    function () { b.pipl.securityAssessmentCertificate({ certId: "c", assessmentScope: "s", dataExporter: "e", overseasRecipient: "r", riskRating: "low", safeguards: ["x"], recordedAt: recordedAt, audit: { nope: 1 } }); }, "pipl/bad-audit");
+}
+module.exports = { run: run };
+if (require.main === module) {
+  try { run(); console.log("[pipl-cn] OK"); }
+  catch (e) { console.error("FAIL:", e && e.stack || e); process.exit(1); }
+}

package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js CHANGED Viewed

@@ -317,7 +317,64 @@ async function testRotateRekeysFingerprint() {
   }
 }
+async function testLogoutEmitsClearSiteData() {
+  var tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "ses-logout-"));
+  try {
+    await setupTestDb(tmpDir);
+    var s = await b.session.create({ userId: "u-logout" });
+    check("session created", typeof s.token === "string");
+    var headers = {};
+    var res = {
+      setHeader: function (k, v) { headers[k] = v; },
+    };
+    var destroyed = await b.session.logout(res, s.token);
+    check("logout returns true (session destroyed)", destroyed === true);
+    check("logout emits Clear-Site-Data header",
+      typeof headers["Clear-Site-Data"] === "string" &&
+      headers["Clear-Site-Data"].indexOf('"cookies"') !== -1 &&
+      headers["Clear-Site-Data"].indexOf('"storage"') !== -1);
+    check("logout expires the session cookie",
+      typeof headers["Set-Cookie"] === "string" &&
+      /(^|;)\s*Max-Age=0/.test(headers["Set-Cookie"]) &&
+      headers["Set-Cookie"].indexOf("sid=;") === 0);
+    check("logout cookie is Secure + HttpOnly",
+      /HttpOnly/.test(headers["Set-Cookie"]) && /Secure/.test(headers["Set-Cookie"]));
+    // The session is gone cluster-wide.
+    var after = await b.session.verify(s.token);
+    check("logout destroyed the session (verify returns null)", after === null);
+    // Custom cookie name + an unknown Clear-Site-Data directive throws.
+    var s2 = await b.session.create({ userId: "u-logout-2" });
+    var h2 = {}; var res2 = { setHeader: function (k, v) { h2[k] = v; } };
+    await b.session.logout(res2, s2.token, { cookieName: "__Host-sid" });
+    check("logout honors custom cookieName", h2["Set-Cookie"].indexOf("__Host-sid=;") === 0);
+    // An unknown directive throws BEFORE any side effect — the session is NOT
+    // destroyed and no client-wipe headers are queued (validate-before-revoke).
+    var s3 = await b.session.create({ userId: "u-logout-3" });
+    var h3 = {}; var res3 = { setHeader: function (k, v) { h3[k] = v; } };
+    var threw = null;
+    try { await b.session.logout(res3, s3.token, { types: ["bogus"] }); }
+    catch (e) { threw = e; }
+    check("logout rejects an unknown Clear-Site-Data directive", threw !== null);
+    check("logout did NOT queue headers on the bad-directive throw",
+      h3["Clear-Site-Data"] === undefined && h3["Set-Cookie"] === undefined);
+    check("logout did NOT destroy the session on the bad-directive throw",
+      (await b.session.verify(s3.token)) !== null);
+    var badRes = null;
+    try { await b.session.logout({}, "x"); } catch (e) { badRes = e; }
+    check("logout rejects a res without setHeader", badRes && badRes.code === "session/bad-res");
+  } finally {
+    await teardownTestDb(tmpDir);
+  }
+}
 async function run() {
+  await testLogoutEmitsClearSiteData();
   await testSealedCookieDefault();
   await testSealedCookieRotateAndDestroy();
   await testClientIpPrefixV4();

package/lib/vendor/blamejs/test/layer-0-primitives/watcher.test.js CHANGED Viewed

@@ -81,8 +81,11 @@ async function run() {
       audit: false,
     });
-    check("watcher.create: returns stop + root",
-      typeof w.stop === "function" && w.root === path.resolve(tmpDir));
+    // .root is canonicalized (realpathSync.native) so a Windows 8.3 short-name
+    // or a macOS /var -> /private/var symlink resolves — fs.watch event paths
+    // then prefix-match the watched root.
+    check("watcher.create: returns stop + canonical root",
+      typeof w.stop === "function" && w.root === fs.realpathSync.native(path.resolve(tmpDir)));
     // Drop the legacy "prime the watcher with a 200ms sleep" step —
     // helpers.waitForWatcher (15s default budget) absorbs fs.watch's
@@ -151,7 +154,8 @@ async function run() {
     var shape = changes.find(function (e) { return e.relativePath === "shape.txt"; });
     check("watcher.create: onChange has type/relativePath/fullPath/size/mtime",
       shape && shape.type === "file" && shape.size === 4 &&
-      shape.fullPath === path.join(tmpDir, "shape.txt") &&
+      // fullPath is rooted at the canonical (realpath'd) watcher root.
+      shape.fullPath === path.join(w.root, "shape.txt") &&
       shape.mtime instanceof Date);
     // Symlinks must be skipped on the post-event lstat path. Skip on

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/blamejs-shop",
-  "version": "0.4.33",
+  "version": "0.4.37",
   "description": "Open-source framework built on blamejs. Vendored stack, zero npm runtime deps, PQC-first crypto, security-on by default.",
   "main": "lib/index.js",
   "scripts": {