@blamejs/core 0.16.0 → 0.16.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (560) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/bin/blamejs.js +2 -0
  3. package/index.js +2 -0
  4. package/lib/_test/crypto-fixtures.js +2 -0
  5. package/lib/a2a-tasks.js +2 -0
  6. package/lib/a2a.js +2 -0
  7. package/lib/acme.js +7 -1
  8. package/lib/agent-audit.js +2 -0
  9. package/lib/agent-envelope-mac.js +2 -0
  10. package/lib/agent-event-bus.js +2 -0
  11. package/lib/agent-idempotency.js +2 -0
  12. package/lib/agent-orchestrator.js +2 -0
  13. package/lib/agent-posture-chain.js +2 -0
  14. package/lib/agent-saga.js +2 -0
  15. package/lib/agent-snapshot.js +2 -0
  16. package/lib/agent-stream.js +2 -0
  17. package/lib/agent-tenant.js +2 -0
  18. package/lib/agent-trace.js +2 -0
  19. package/lib/ai-adverse-decision.js +2 -0
  20. package/lib/ai-aedt-bias-audit.js +2 -0
  21. package/lib/ai-capability.js +2 -0
  22. package/lib/ai-content-detect.js +2 -0
  23. package/lib/ai-disclosure.js +2 -0
  24. package/lib/ai-dp.js +2 -0
  25. package/lib/ai-frontier-protocol.js +2 -0
  26. package/lib/ai-input.js +2 -0
  27. package/lib/ai-model-manifest.js +2 -0
  28. package/lib/ai-output.js +2 -0
  29. package/lib/ai-pref.js +2 -0
  30. package/lib/ai-prompt.js +2 -0
  31. package/lib/ai-quota.js +2 -0
  32. package/lib/api-key.js +2 -0
  33. package/lib/api-snapshot.js +2 -0
  34. package/lib/app-shutdown.js +2 -0
  35. package/lib/app.js +2 -0
  36. package/lib/archive-adapters.js +2 -0
  37. package/lib/archive-entry-policy.js +2 -0
  38. package/lib/archive-gz.js +2 -0
  39. package/lib/archive-read.js +2 -0
  40. package/lib/archive-tar-read.js +2 -0
  41. package/lib/archive-tar.js +2 -0
  42. package/lib/archive-wrap.js +2 -0
  43. package/lib/archive.js +2 -0
  44. package/lib/arg-parser.js +2 -0
  45. package/lib/argon2-builtin.js +2 -0
  46. package/lib/asn1-der.js +2 -0
  47. package/lib/asyncapi-bindings.js +2 -0
  48. package/lib/asyncapi-traits.js +2 -0
  49. package/lib/asyncapi.js +2 -0
  50. package/lib/atomic-file.js +2 -0
  51. package/lib/audit-chain.js +2 -0
  52. package/lib/audit-daily-review.js +2 -0
  53. package/lib/audit-emit.js +2 -0
  54. package/lib/audit-sign.js +2 -0
  55. package/lib/audit-tools.js +2 -0
  56. package/lib/audit.js +2 -0
  57. package/lib/auth/aal.js +2 -0
  58. package/lib/auth/access-lock.js +2 -0
  59. package/lib/auth/acr-vocabulary.js +2 -0
  60. package/lib/auth/ato-kill-switch.js +2 -0
  61. package/lib/auth/auth-time-tracker.js +2 -0
  62. package/lib/auth/bot-challenge.js +2 -0
  63. package/lib/auth/ciba.js +2 -0
  64. package/lib/auth/dpop.js +2 -0
  65. package/lib/auth/elevation-grant.js +2 -0
  66. package/lib/auth/fal.js +2 -0
  67. package/lib/auth/fido-mds3.js +2 -0
  68. package/lib/auth/jar.js +2 -0
  69. package/lib/auth/jwt-external.js +2 -0
  70. package/lib/auth/jwt.js +2 -0
  71. package/lib/auth/lockout.js +2 -0
  72. package/lib/auth/oauth.js +84 -17
  73. package/lib/auth/oid4vci.js +2 -0
  74. package/lib/auth/oid4vp.js +2 -0
  75. package/lib/auth/openid-federation.js +2 -0
  76. package/lib/auth/passkey.js +2 -0
  77. package/lib/auth/password.js +2 -0
  78. package/lib/auth/saml.js +30 -5
  79. package/lib/auth/sd-jwt-vc-disclosure.js +2 -0
  80. package/lib/auth/sd-jwt-vc-holder.js +2 -0
  81. package/lib/auth/sd-jwt-vc-issuer.js +2 -0
  82. package/lib/auth/sd-jwt-vc.js +2 -0
  83. package/lib/auth/status-list.js +2 -0
  84. package/lib/auth/step-up-policy.js +2 -0
  85. package/lib/auth/step-up.js +2 -0
  86. package/lib/auth-bot-challenge.js +2 -0
  87. package/lib/auth-header.js +2 -0
  88. package/lib/backup/bundle.js +2 -0
  89. package/lib/backup/crypto.js +2 -0
  90. package/lib/backup/index.js +14 -0
  91. package/lib/backup/manifest.js +2 -0
  92. package/lib/base32.js +2 -0
  93. package/lib/boot-gates.js +2 -0
  94. package/lib/bounded-map.js +2 -0
  95. package/lib/breach-deadline.js +2 -0
  96. package/lib/break-glass.js +2 -0
  97. package/lib/budr.js +2 -0
  98. package/lib/bundler.js +2 -0
  99. package/lib/cache-redis.js +2 -0
  100. package/lib/cache-status.js +2 -0
  101. package/lib/cache.js +2 -0
  102. package/lib/calendar.js +2 -0
  103. package/lib/canonical-json.js +2 -0
  104. package/lib/cbor.js +2 -0
  105. package/lib/cdn-cache-control.js +2 -0
  106. package/lib/cert.js +2 -0
  107. package/lib/chain-writer.js +2 -0
  108. package/lib/circuit-breaker.js +2 -0
  109. package/lib/cli-helpers.js +2 -0
  110. package/lib/cli.js +57 -20
  111. package/lib/client-hints.js +2 -0
  112. package/lib/cloud-events.js +2 -0
  113. package/lib/cluster-provider-db.js +2 -0
  114. package/lib/cluster-storage.js +2 -0
  115. package/lib/cluster.js +2 -0
  116. package/lib/cms-codec.js +2 -0
  117. package/lib/codepoint-class.js +2 -0
  118. package/lib/compliance-ai-act-logging.js +2 -0
  119. package/lib/compliance-ai-act-prohibited.js +2 -0
  120. package/lib/compliance-ai-act-risk.js +2 -0
  121. package/lib/compliance-ai-act-transparency.js +2 -0
  122. package/lib/compliance-ai-act.js +2 -0
  123. package/lib/compliance-eaa.js +2 -0
  124. package/lib/compliance-sanctions-aliases.js +2 -0
  125. package/lib/compliance-sanctions-fetcher.js +2 -0
  126. package/lib/compliance-sanctions-fuzzy.js +2 -0
  127. package/lib/compliance-sanctions.js +2 -0
  128. package/lib/compliance.js +2 -0
  129. package/lib/config-drift.js +2 -0
  130. package/lib/config.js +2 -0
  131. package/lib/consent.js +2 -0
  132. package/lib/constants.js +2 -0
  133. package/lib/content-credentials.js +2 -0
  134. package/lib/content-digest.js +2 -0
  135. package/lib/cookies.js +2 -0
  136. package/lib/cose.js +2 -0
  137. package/lib/cra-report.js +2 -0
  138. package/lib/crdt.js +2 -0
  139. package/lib/credential-hash.js +2 -0
  140. package/lib/crypto-field.js +2 -0
  141. package/lib/crypto-hpke-pq.js +2 -0
  142. package/lib/crypto-hpke.js +2 -0
  143. package/lib/crypto-oprf.js +2 -0
  144. package/lib/crypto-xwing.js +2 -0
  145. package/lib/crypto.js +2 -0
  146. package/lib/csp.js +2 -0
  147. package/lib/csv.js +2 -0
  148. package/lib/cwt.js +2 -0
  149. package/lib/daemon.js +2 -0
  150. package/lib/dark-patterns.js +2 -0
  151. package/lib/data-act.js +2 -0
  152. package/lib/db-collection.js +2 -0
  153. package/lib/db-declare-row-policy.js +2 -0
  154. package/lib/db-declare-view.js +2 -0
  155. package/lib/db-file-lifecycle.js +2 -0
  156. package/lib/db-query.js +2 -0
  157. package/lib/db-role-context.js +2 -0
  158. package/lib/db-schema.js +2 -0
  159. package/lib/db.js +2 -0
  160. package/lib/dbsc.js +2 -0
  161. package/lib/ddl-change-control.js +2 -0
  162. package/lib/deprecate.js +2 -0
  163. package/lib/dev.js +2 -0
  164. package/lib/did.js +2 -0
  165. package/lib/dora.js +2 -0
  166. package/lib/dr-runbook.js +2 -0
  167. package/lib/dsa.js +2 -0
  168. package/lib/dsr.js +2 -0
  169. package/lib/dual-control.js +2 -0
  170. package/lib/early-hints.js +2 -0
  171. package/lib/eat.js +2 -0
  172. package/lib/error-page.js +2 -0
  173. package/lib/events.js +2 -0
  174. package/lib/external-db-migrate.js +2 -0
  175. package/lib/external-db.js +2 -0
  176. package/lib/fapi2.js +2 -0
  177. package/lib/fda-21cfr11.js +2 -0
  178. package/lib/fdx.js +2 -0
  179. package/lib/fedcm.js +2 -0
  180. package/lib/file-type.js +2 -0
  181. package/lib/file-upload.js +2 -0
  182. package/lib/flag-cache.js +2 -0
  183. package/lib/flag-evaluation-context.js +2 -0
  184. package/lib/flag-providers.js +2 -0
  185. package/lib/flag-targeting.js +2 -0
  186. package/lib/flag.js +2 -0
  187. package/lib/forms.js +2 -0
  188. package/lib/framework-error.js +2 -0
  189. package/lib/framework-files.js +2 -0
  190. package/lib/framework-schema.js +2 -0
  191. package/lib/framework-sha1-hibp.js +2 -0
  192. package/lib/fsm.js +2 -0
  193. package/lib/gate-contract.js +2 -0
  194. package/lib/gdpr-ropa.js +2 -0
  195. package/lib/graphql-federation.js +2 -0
  196. package/lib/guard-agent-registry.js +2 -0
  197. package/lib/guard-all.js +2 -0
  198. package/lib/guard-archive.js +2 -0
  199. package/lib/guard-auth.js +2 -0
  200. package/lib/guard-cidr.js +2 -0
  201. package/lib/guard-csv.js +2 -0
  202. package/lib/guard-domain.js +2 -0
  203. package/lib/guard-dsn.js +2 -0
  204. package/lib/guard-email.js +2 -0
  205. package/lib/guard-envelope.js +2 -0
  206. package/lib/guard-event-bus-payload.js +2 -0
  207. package/lib/guard-event-bus-topic.js +2 -0
  208. package/lib/guard-filename.js +2 -0
  209. package/lib/guard-graphql.js +2 -0
  210. package/lib/guard-html-wcag-aria.js +2 -0
  211. package/lib/guard-html-wcag-forms.js +2 -0
  212. package/lib/guard-html-wcag-tables.js +2 -0
  213. package/lib/guard-html-wcag-tagwalk.js +2 -0
  214. package/lib/guard-html-wcag.js +2 -0
  215. package/lib/guard-html.js +2 -0
  216. package/lib/guard-idempotency-key.js +2 -0
  217. package/lib/guard-image.js +2 -0
  218. package/lib/guard-imap-command.js +2 -0
  219. package/lib/guard-jmap.js +2 -0
  220. package/lib/guard-json.js +2 -0
  221. package/lib/guard-jsonpath.js +2 -0
  222. package/lib/guard-jwt.js +2 -0
  223. package/lib/guard-list-id.js +2 -0
  224. package/lib/guard-list-unsubscribe.js +2 -0
  225. package/lib/guard-mail-compose.js +2 -0
  226. package/lib/guard-mail-move.js +2 -0
  227. package/lib/guard-mail-query.js +2 -0
  228. package/lib/guard-mail-reply.js +2 -0
  229. package/lib/guard-mail-sieve.js +2 -0
  230. package/lib/guard-managesieve-command.js +2 -0
  231. package/lib/guard-markdown.js +2 -0
  232. package/lib/guard-message-id.js +2 -0
  233. package/lib/guard-mime.js +2 -0
  234. package/lib/guard-oauth.js +2 -0
  235. package/lib/guard-pdf.js +2 -0
  236. package/lib/guard-pop3-command.js +2 -0
  237. package/lib/guard-posture-chain.js +2 -0
  238. package/lib/guard-regex.js +2 -0
  239. package/lib/guard-saga-config.js +2 -0
  240. package/lib/guard-shell.js +2 -0
  241. package/lib/guard-smtp-command.js +2 -0
  242. package/lib/guard-snapshot-envelope.js +2 -0
  243. package/lib/guard-sql.js +2 -0
  244. package/lib/guard-stream-args.js +2 -0
  245. package/lib/guard-svg.js +2 -0
  246. package/lib/guard-template.js +2 -0
  247. package/lib/guard-tenant-id.js +2 -0
  248. package/lib/guard-text.js +2 -0
  249. package/lib/guard-time.js +2 -0
  250. package/lib/guard-trace-context.js +2 -0
  251. package/lib/guard-uuid.js +2 -0
  252. package/lib/guard-xml.js +2 -0
  253. package/lib/guard-yaml.js +2 -0
  254. package/lib/hal.js +2 -0
  255. package/lib/handlers.js +2 -0
  256. package/lib/honeytoken.js +2 -0
  257. package/lib/html-balance.js +2 -0
  258. package/lib/http-client-cache.js +2 -0
  259. package/lib/http-client-cookie-jar.js +2 -0
  260. package/lib/http-client.js +2 -0
  261. package/lib/http-message-signature.js +2 -0
  262. package/lib/http2-teardown.js +2 -0
  263. package/lib/i18n-messageformat.js +2 -0
  264. package/lib/i18n.js +2 -0
  265. package/lib/iab-mspa.js +2 -0
  266. package/lib/iab-tcf.js +2 -0
  267. package/lib/importmap-integrity.js +2 -0
  268. package/lib/inbox.js +2 -0
  269. package/lib/incident-report.js +2 -0
  270. package/lib/ip-utils.js +2 -0
  271. package/lib/jobs.js +2 -0
  272. package/lib/jose-jwe-experimental.js +2 -0
  273. package/lib/json-merge-patch.js +2 -0
  274. package/lib/json-patch.js +2 -0
  275. package/lib/json-path.js +2 -0
  276. package/lib/json-pointer.js +2 -0
  277. package/lib/json-schema.js +2 -0
  278. package/lib/jsonapi.js +2 -0
  279. package/lib/jtd.js +2 -0
  280. package/lib/jwk.js +2 -0
  281. package/lib/keychain.js +32 -10
  282. package/lib/lazy-require.js +2 -0
  283. package/lib/legal-hold.js +2 -0
  284. package/lib/link-header.js +2 -0
  285. package/lib/local-db-thin.js +2 -0
  286. package/lib/log-stream-cloudwatch.js +2 -0
  287. package/lib/log-stream-local.js +2 -0
  288. package/lib/log-stream-otlp-grpc.js +2 -0
  289. package/lib/log-stream-otlp.js +2 -0
  290. package/lib/log-stream-syslog.js +2 -0
  291. package/lib/log-stream-webhook.js +2 -0
  292. package/lib/log-stream.js +2 -0
  293. package/lib/log.js +2 -0
  294. package/lib/lro.js +2 -0
  295. package/lib/mail-agent.js +2 -0
  296. package/lib/mail-arc-reuse-token.js +2 -0
  297. package/lib/mail-arc-sign.js +2 -0
  298. package/lib/mail-arf.js +2 -0
  299. package/lib/mail-auth.js +7 -1
  300. package/lib/mail-bimi.js +2 -0
  301. package/lib/mail-bounce.js +2 -0
  302. package/lib/mail-crypto-pgp.js +2 -0
  303. package/lib/mail-crypto-smime.js +2 -0
  304. package/lib/mail-crypto.js +2 -0
  305. package/lib/mail-dav.js +2 -0
  306. package/lib/mail-deploy.js +2 -0
  307. package/lib/mail-dkim.js +2 -0
  308. package/lib/mail-greylist.js +2 -0
  309. package/lib/mail-helo.js +2 -0
  310. package/lib/mail-journal.js +2 -0
  311. package/lib/mail-mdn.js +2 -0
  312. package/lib/mail-rbl.js +2 -0
  313. package/lib/mail-require-tls.js +2 -0
  314. package/lib/mail-scan.js +2 -0
  315. package/lib/mail-send-deliver.js +2 -0
  316. package/lib/mail-server-imap.js +2 -0
  317. package/lib/mail-server-jmap.js +2 -0
  318. package/lib/mail-server-managesieve.js +2 -0
  319. package/lib/mail-server-mx.js +2 -0
  320. package/lib/mail-server-net.js +2 -0
  321. package/lib/mail-server-pop3.js +2 -0
  322. package/lib/mail-server-rate-limit.js +2 -0
  323. package/lib/mail-server-registry.js +2 -0
  324. package/lib/mail-server-submission.js +2 -0
  325. package/lib/mail-server-tls.js +2 -0
  326. package/lib/mail-sieve.js +2 -0
  327. package/lib/mail-spam-score.js +2 -0
  328. package/lib/mail-srs.js +2 -0
  329. package/lib/mail-store-fts.js +2 -0
  330. package/lib/mail-store.js +2 -0
  331. package/lib/mail-unsubscribe.js +2 -0
  332. package/lib/mail.js +2 -0
  333. package/lib/markup-escape.js +2 -0
  334. package/lib/markup-tokenizer.js +2 -0
  335. package/lib/mcp-tool-registry.js +2 -0
  336. package/lib/mcp.js +2 -0
  337. package/lib/mdoc.js +2 -0
  338. package/lib/metrics.js +2 -0
  339. package/lib/middleware/age-gate.js +2 -0
  340. package/lib/middleware/ai-act-disclosure.js +2 -0
  341. package/lib/middleware/api-encrypt.js +2 -0
  342. package/lib/middleware/assetlinks.js +2 -0
  343. package/lib/middleware/asyncapi-serve.js +2 -0
  344. package/lib/middleware/attach-user.js +2 -0
  345. package/lib/middleware/bearer-auth.js +2 -0
  346. package/lib/middleware/body-parser.js +2 -0
  347. package/lib/middleware/bot-disclose.js +2 -0
  348. package/lib/middleware/bot-guard.js +2 -0
  349. package/lib/middleware/clear-site-data.js +2 -0
  350. package/lib/middleware/compose-pipeline.js +2 -0
  351. package/lib/middleware/compression.js +2 -0
  352. package/lib/middleware/cookies.js +2 -0
  353. package/lib/middleware/cors.js +2 -0
  354. package/lib/middleware/csp-nonce.js +2 -0
  355. package/lib/middleware/csp-report.js +2 -0
  356. package/lib/middleware/csrf-protect.js +2 -0
  357. package/lib/middleware/daily-byte-quota.js +2 -0
  358. package/lib/middleware/db-role-for.js +2 -0
  359. package/lib/middleware/deny-response.js +2 -0
  360. package/lib/middleware/dpop.js +2 -0
  361. package/lib/middleware/error-handler.js +2 -0
  362. package/lib/middleware/fetch-metadata.js +2 -0
  363. package/lib/middleware/flag-context.js +2 -0
  364. package/lib/middleware/gpc.js +2 -0
  365. package/lib/middleware/headers.js +2 -0
  366. package/lib/middleware/health.js +2 -0
  367. package/lib/middleware/host-allowlist.js +2 -0
  368. package/lib/middleware/idempotency-key.js +2 -0
  369. package/lib/middleware/index.js +2 -0
  370. package/lib/middleware/nel.js +2 -0
  371. package/lib/middleware/network-allowlist.js +2 -0
  372. package/lib/middleware/no-cache.js +2 -0
  373. package/lib/middleware/openapi-serve.js +2 -0
  374. package/lib/middleware/protected-resource-metadata.js +2 -0
  375. package/lib/middleware/rate-limit.js +2 -0
  376. package/lib/middleware/request-id.js +2 -0
  377. package/lib/middleware/request-log.js +2 -0
  378. package/lib/middleware/require-aal.js +2 -0
  379. package/lib/middleware/require-auth.js +2 -0
  380. package/lib/middleware/require-bound-key.js +2 -0
  381. package/lib/middleware/require-content-type.js +2 -0
  382. package/lib/middleware/require-methods.js +2 -0
  383. package/lib/middleware/require-mtls.js +2 -0
  384. package/lib/middleware/require-step-up.js +2 -0
  385. package/lib/middleware/scim-server.js +2 -0
  386. package/lib/middleware/security-headers.js +2 -0
  387. package/lib/middleware/security-txt.js +2 -0
  388. package/lib/middleware/span-http-server.js +2 -0
  389. package/lib/middleware/speculation-rules.js +2 -0
  390. package/lib/middleware/sse.js +2 -0
  391. package/lib/middleware/trace-log-correlation.js +2 -0
  392. package/lib/middleware/trace-propagate.js +2 -0
  393. package/lib/middleware/tus-upload.js +2 -0
  394. package/lib/middleware/web-app-manifest.js +2 -0
  395. package/lib/migration-files.js +2 -0
  396. package/lib/migrations.js +2 -0
  397. package/lib/mime-parse.js +2 -0
  398. package/lib/module-loader.js +2 -0
  399. package/lib/money.js +2 -0
  400. package/lib/mtls-ca.js +2 -0
  401. package/lib/mtls-engine-default.js +2 -0
  402. package/lib/network-byte-quota.js +2 -0
  403. package/lib/network-dane.js +2 -0
  404. package/lib/network-dns-resolver.js +2 -0
  405. package/lib/network-dns.js +2 -0
  406. package/lib/network-dnssec.js +2 -0
  407. package/lib/network-heartbeat.js +2 -0
  408. package/lib/network-nts.js +2 -0
  409. package/lib/network-proxy.js +2 -0
  410. package/lib/network-smtp-policy.js +6 -1
  411. package/lib/network-tls.js +2 -0
  412. package/lib/network-tsig.js +2 -0
  413. package/lib/network.js +2 -0
  414. package/lib/nis2-report.js +2 -0
  415. package/lib/nist-crosswalk.js +2 -0
  416. package/lib/nonce-store.js +2 -0
  417. package/lib/notify.js +2 -0
  418. package/lib/ntp-check.js +2 -0
  419. package/lib/numeric-bounds.js +2 -0
  420. package/lib/numeric-checks.js +2 -0
  421. package/lib/object-store/azure-blob-bucket-ops.js +2 -0
  422. package/lib/object-store/azure-blob.js +2 -0
  423. package/lib/object-store/gcs-bucket-ops.js +2 -0
  424. package/lib/object-store/gcs.js +2 -0
  425. package/lib/object-store/http-put.js +2 -0
  426. package/lib/object-store/http-request.js +2 -0
  427. package/lib/object-store/index.js +2 -0
  428. package/lib/object-store/local.js +2 -0
  429. package/lib/object-store/sigv4-bucket-ops.js +2 -0
  430. package/lib/object-store/sigv4.js +2 -0
  431. package/lib/observability-otlp-exporter.js +2 -0
  432. package/lib/observability-tracer.js +2 -0
  433. package/lib/observability.js +2 -0
  434. package/lib/openapi-paths-builder.js +2 -0
  435. package/lib/openapi-schema-walk.js +2 -0
  436. package/lib/openapi-security.js +2 -0
  437. package/lib/openapi-yaml.js +2 -0
  438. package/lib/openapi.js +2 -0
  439. package/lib/otel-export.js +2 -0
  440. package/lib/outbox.js +2 -0
  441. package/lib/pagination.js +2 -0
  442. package/lib/parsers/index.js +2 -0
  443. package/lib/parsers/safe-env.js +2 -0
  444. package/lib/parsers/safe-ini.js +2 -0
  445. package/lib/parsers/safe-toml.js +2 -0
  446. package/lib/parsers/safe-xml.js +2 -0
  447. package/lib/parsers/safe-yaml.js +2 -0
  448. package/lib/permissions.js +2 -0
  449. package/lib/pick.js +2 -0
  450. package/lib/pipl-cn.js +2 -0
  451. package/lib/pqc-agent.js +2 -0
  452. package/lib/pqc-gate.js +2 -0
  453. package/lib/pqc-software.js +2 -0
  454. package/lib/privacy-pass.js +2 -0
  455. package/lib/privacy.js +2 -0
  456. package/lib/problem-details.js +2 -0
  457. package/lib/process-spawn.js +2 -0
  458. package/lib/promise-pool.js +2 -0
  459. package/lib/protobuf-encoder.js +2 -0
  460. package/lib/protocol-dispatcher.js +2 -0
  461. package/lib/public-suffix.js +2 -0
  462. package/lib/pubsub-cluster.js +2 -0
  463. package/lib/pubsub-redis.js +2 -0
  464. package/lib/pubsub.js +2 -0
  465. package/lib/queue-local.js +2 -0
  466. package/lib/queue-redis.js +2 -0
  467. package/lib/queue-sqs.js +2 -0
  468. package/lib/queue.js +2 -0
  469. package/lib/redact.js +2 -0
  470. package/lib/redis-client.js +2 -0
  471. package/lib/render.js +2 -0
  472. package/lib/request-helpers.js +2 -0
  473. package/lib/resource-access-lock.js +2 -0
  474. package/lib/restore-bundle.js +2 -0
  475. package/lib/restore-rollback.js +2 -0
  476. package/lib/restore.js +2 -0
  477. package/lib/retention.js +2 -0
  478. package/lib/retry.js +2 -0
  479. package/lib/rfc3339.js +2 -0
  480. package/lib/router.js +83 -18
  481. package/lib/safe-archive.js +2 -0
  482. package/lib/safe-async.js +2 -0
  483. package/lib/safe-buffer.js +2 -0
  484. package/lib/safe-decompress.js +2 -0
  485. package/lib/safe-dns.js +2 -0
  486. package/lib/safe-ical.js +2 -0
  487. package/lib/safe-icap.js +2 -0
  488. package/lib/safe-json.js +2 -0
  489. package/lib/safe-jsonpath.js +2 -0
  490. package/lib/safe-mime.js +2 -0
  491. package/lib/safe-mount-info.js +2 -0
  492. package/lib/safe-path.js +2 -0
  493. package/lib/safe-redirect.js +2 -0
  494. package/lib/safe-schema.js +2 -0
  495. package/lib/safe-sieve.js +2 -0
  496. package/lib/safe-smtp.js +2 -0
  497. package/lib/safe-sql.js +2 -0
  498. package/lib/safe-url.js +2 -0
  499. package/lib/safe-vcard.js +2 -0
  500. package/lib/sandbox-worker.js +2 -0
  501. package/lib/sandbox.js +2 -0
  502. package/lib/scheduler.js +2 -0
  503. package/lib/scitt.js +2 -0
  504. package/lib/sd-notify.js +2 -0
  505. package/lib/sec-cyber.js +2 -0
  506. package/lib/security-assert.js +2 -0
  507. package/lib/seeders.js +2 -0
  508. package/lib/self-update-standalone-verifier.js +2 -0
  509. package/lib/self-update.js +2 -0
  510. package/lib/server-timing.js +2 -0
  511. package/lib/session-device-binding.js +2 -0
  512. package/lib/session-stores.js +2 -0
  513. package/lib/session.js +2 -0
  514. package/lib/slug.js +2 -0
  515. package/lib/sql.js +2 -0
  516. package/lib/sse.js +2 -0
  517. package/lib/ssrf-guard.js +2 -0
  518. package/lib/standard-webhooks.js +2 -0
  519. package/lib/static.js +2 -0
  520. package/lib/storage.js +2 -0
  521. package/lib/stream-throttle.js +2 -0
  522. package/lib/structured-fields.js +2 -0
  523. package/lib/subject.js +2 -0
  524. package/lib/tcpa-10dlc.js +2 -0
  525. package/lib/template.js +2 -0
  526. package/lib/tenant-quota.js +2 -0
  527. package/lib/test-harness.js +2 -0
  528. package/lib/testing.js +2 -0
  529. package/lib/time.js +2 -0
  530. package/lib/tls-exporter.js +2 -0
  531. package/lib/totp.js +2 -0
  532. package/lib/tracing.js +2 -0
  533. package/lib/tsa.js +2 -0
  534. package/lib/uri-template.js +2 -0
  535. package/lib/uuid.js +2 -0
  536. package/lib/validate-opts.js +2 -0
  537. package/lib/vault/index.js +2 -0
  538. package/lib/vault/passphrase-ops.js +2 -0
  539. package/lib/vault/passphrase-source.js +2 -0
  540. package/lib/vault/rotate.js +2 -0
  541. package/lib/vault/seal-pem-file.js +2 -0
  542. package/lib/vault/wrap.js +2 -0
  543. package/lib/vault-aad.js +2 -0
  544. package/lib/vc.js +2 -0
  545. package/lib/vendor-data.js +2 -0
  546. package/lib/vex.js +2 -0
  547. package/lib/watcher.js +2 -0
  548. package/lib/web-push-vapid.js +2 -0
  549. package/lib/webhook-dispatcher.js +2 -0
  550. package/lib/webhook.js +2 -0
  551. package/lib/websocket-channels.js +2 -0
  552. package/lib/websocket.js +2 -0
  553. package/lib/wiki-concepts.js +2 -0
  554. package/lib/worker-pool.js +2 -0
  555. package/lib/worm.js +2 -0
  556. package/lib/ws-client.js +2 -0
  557. package/lib/x509-chain.js +2 -0
  558. package/lib/xml-c14n.js +2 -0
  559. package/package.json +1 -1
  560. package/sbom.cdx.json +6 -6
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * Multi-format safe parsers — apply the same security defaults blamejs's
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * Security-focused .env loader.
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * INI parser — same security defaults as the framework's other parsers.
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * Security-focused TOML 1.0 parser.
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * Security-focused XML parser. Same security defaults blamejs's json
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * Security-focused YAML parser (safe subset of YAML 1.2).
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.permissions
package/lib/pick.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * b.pick — mass-assignment (CWE-915 / OWASP API3:2023) defense.
package/lib/pipl-cn.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.pipl
package/lib/pqc-agent.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.pqcAgent
package/lib/pqc-gate.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * pqc-gate — TCP-level enforcement of post-quantum key exchange.
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.pqcSoftware
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.privacyPass
package/lib/privacy.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.privacy
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.problemDetails
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.processSpawn
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.promisePool
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * protobuf-encoder — minimal proto3 wire-format encoder.
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * protocol-dispatcher — pluggable protocol resolver with deferred-protocol
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.publicSuffix
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * pubsub-cluster — table-polling backend for `lib/pubsub.js`.
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * pubsub-redis — Redis PUB/SUB backend for `lib/pubsub.js`.
package/lib/pubsub.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.pubsub
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * Local-protocol queue adapter — DB-backed, dialect-portable.
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * Redis-protocol queue adapter — backs b.queue with Redis instead of
package/lib/queue-sqs.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * AWS SQS queue adapter — backs `b.queue` with Amazon SQS so multi-replica
package/lib/queue.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.queue
package/lib/redact.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.redact
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * Bespoke RESP2 Redis client — zero npm runtime deps.
package/lib/render.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.render
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.requestHelpers
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * b.resourceAccessLock — three-mode access-lock for arbitrary
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.restoreBundle
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.restoreRollback
package/lib/restore.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * restore — operator-facing restore from a backup bundle in storage.
package/lib/retention.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.retention
package/lib/retry.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.retry
package/lib/rfc3339.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * rfc3339 — strict RFC 3339 date-time validation, shared by the primitives
package/lib/router.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.router
@@ -42,6 +44,7 @@ var requestHelpers = require("./request-helpers");
42
44
  var lazyRequire = require("./lazy-require");
43
45
  var safeAsync = require("./safe-async");
44
46
  var safeEnv = require("./parsers/safe-env");
47
+ var safeJson = require("./safe-json");
45
48
  var safeUrl = require("./safe-url");
46
49
  var validateOpts = require("./validate-opts");
47
50
  var websocket = require("./websocket");
@@ -161,9 +164,25 @@ function _makeSchemaValidator(spec) {
161
164
  };
162
165
  }
163
166
 
167
+ // True when a res.end body structurally looks like a JSON document — the
168
+ // first non-whitespace byte is an object/array opener. Narrow on purpose:
169
+ // a plain-text / HTML body on a response-schema route (leading "<", a bare
170
+ // word, etc.) is skipped so the validator never throws on a non-JSON
171
+ // response, and a JSON scalar (a bare number / quoted string) is not
172
+ // mistaken for a schema-shaped document.
173
+ function _bodyLooksLikeJson(text) {
174
+ for (var i = 0; i < text.length; i += 1) {
175
+ var ch = text.charCodeAt(i);
176
+ if (ch === 0x20 || ch === 0x09 || ch === 0x0A || ch === 0x0D) continue; // skip leading whitespace
177
+ return ch === 0x7B || ch === 0x5B; // "{" or "["
178
+ }
179
+ return false;
180
+ }
181
+
164
182
  function _makeResponseValidator(spec) {
165
- // Wraps res.json (and res.end when called with a JSON-shaped buffer)
166
- // to validate the response body against spec.response. Mode:
183
+ // Validate the response body against spec.response no matter which exit
184
+ // the handler used res.json OR a raw res.end(JSON.stringify(...)) that
185
+ // ships a JSON-shaped buffer. Mode:
167
186
  // - BLAMEJS_VALIDATE_RESPONSES=throw (or per-route validateResponse: "throw")
168
187
  // → throw a SafeSchemaError-shaped error; route handler's caller sees a 500.
169
188
  // - BLAMEJS_VALIDATE_RESPONSES=warn (or per-route validateResponse: "warn")
@@ -175,21 +194,59 @@ function _makeResponseValidator(spec) {
175
194
  if (!mode) return function passthrough(_req, _res, next) { next(); };
176
195
 
177
196
  return function responseValidator(req, res, next) {
197
+ // One request-scoped check shared by both the res.json and res.end
198
+ // wrappers so a single failure shape covers every exit.
199
+ var validated = false;
200
+ function runCheck(value, headersAlreadySent) {
201
+ var rr = spec.response.safeParse(value);
202
+ if (rr.ok) return;
203
+ if (mode === "throw") {
204
+ // A raw res.end after writeHead cannot be un-sent — throwing there
205
+ // would abort mid-flush and can't reach a clean 500. Degrade to a
206
+ // logged error in that case; res.json (and a pre-writeHead res.end)
207
+ // still throw before any header is committed.
208
+ if (!headersAlreadySent) {
209
+ throw new Error("router response-validation failed for " +
210
+ (req.method + " " + req.routePattern) + ": " +
211
+ JSON.stringify(rr.errors));
212
+ }
213
+ log.error("response-validation failed after headers sent on " +
214
+ req.method + " " + req.routePattern + ": " +
215
+ JSON.stringify(rr.errors).slice(0, 500));
216
+ return;
217
+ }
218
+ // warn mode
219
+ log.warn("response-validation drift on " + req.method + " " + req.routePattern +
220
+ ": " + JSON.stringify(rr.errors).slice(0, 500));
221
+ }
222
+
178
223
  var origJson = typeof res.json === "function" ? res.json.bind(res) : null;
179
224
  if (origJson) {
180
225
  res.json = function (value) {
181
- var rr = spec.response.safeParse(value);
182
- if (!rr.ok) {
183
- if (mode === "throw") {
184
- throw new Error("router response-validation failed for " +
185
- (req.method + " " + req.routePattern) + ": " +
186
- JSON.stringify(rr.errors));
226
+ runCheck(value, false); // res.json validates before it writes headers
227
+ validated = true; // res.json delegates to res.end internally — don't re-check
228
+ return origJson(value);
229
+ };
230
+ }
231
+
232
+ var origEnd = typeof res.end === "function" ? res.end.bind(res) : null;
233
+ if (origEnd) {
234
+ res.end = function (chunk) {
235
+ if (!validated) {
236
+ var text = null;
237
+ if (typeof chunk === "string") text = chunk;
238
+ else if (Buffer.isBuffer(chunk)) text = chunk.toString("utf8");
239
+ if (text !== null && _bodyLooksLikeJson(text)) {
240
+ var parsed;
241
+ var parsedOk = true;
242
+ try { parsed = safeJson.parse(text); } catch (_e) { parsedOk = false; }
243
+ if (parsedOk) {
244
+ validated = true;
245
+ runCheck(parsed, res.headersSent === true);
246
+ }
187
247
  }
188
- // warn mode
189
- log.warn("response-validation drift on " + req.method + " " + req.routePattern +
190
- ": " + JSON.stringify(rr.errors).slice(0, 500));
191
248
  }
192
- return origJson(value);
249
+ return origEnd.apply(res, arguments);
193
250
  };
194
251
  }
195
252
  next();
@@ -956,16 +1013,24 @@ class Router {
956
1013
  "res.redirect: target must be a non-empty string"
957
1014
  );
958
1015
  }
959
- // Reject embedded CR / LF / NUL early header injection class.
960
- // Node's writeHead would refuse these too, but the explicit
961
- // refusal here gives operators a router-shaped error rather than
962
- // a generic ERR_INVALID_CHAR.
1016
+ // Reject every byte a header line or a URL-parsing user agent
1017
+ // treats specially. CR / LF / NUL are the header-injection class
1018
+ // (Node's writeHead would refuse them too the explicit refusal
1019
+ // gives operators a router-shaped error over ERR_INVALID_CHAR).
1020
+ // TAB (0x09) is the open-redirect class: Node PERMITS a horizontal
1021
+ // tab in a header value, but WHATWG URL removes ASCII TAB / LF / CR
1022
+ // from a URL before parsing it, so "/<TAB>/evil.example" — which
1023
+ // the same-origin heuristic below reads as a rooted path — collapses
1024
+ // to the protocol-relative "//evil.example" in the browser and
1025
+ // bounces to an attacker origin. Refuse the whole browser-stripped
1026
+ // set here so the byte the heuristic inspects is the byte the user
1027
+ // agent parses.
963
1028
  for (var ci = 0; ci < url.length; ci += 1) {
964
1029
  var cc = url.charCodeAt(ci);
965
- if (cc === 0x00 || cc === 0x0A || cc === 0x0D) {
1030
+ if (cc === 0x00 || cc === 0x09 || cc === 0x0A || cc === 0x0D) {
966
1031
  throw new RouterError(
967
1032
  "router/redirect-target-has-control-chars",
968
- "res.redirect: target must not contain CR / LF / NUL bytes"
1033
+ "res.redirect: target must not contain CR / LF / TAB / NUL bytes"
969
1034
  );
970
1035
  }
971
1036
  }
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.safeArchive
package/lib/safe-async.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.safeAsync
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.safeBuffer
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.safeDecompress
package/lib/safe-dns.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.safeDns
package/lib/safe-ical.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.safeIcal
package/lib/safe-icap.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  // codebase-patterns:allow-file raw-byte-literal — RFC 3507 ICAP status-code
3
5
  // table (200 / 204 / 400 / 403 / 404 / 405 / 408 / 500 / 504). These are
package/lib/safe-json.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.safeJson
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * safe-jsonpath — Postgres SQL/JSON path validator for JSONB query
package/lib/safe-mime.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.safeMime
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.safeMountInfo
package/lib/safe-path.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.safePath
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * safe-redirect — open-redirect (CWE-601) defense for operator-supplied
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.safeSchema
package/lib/safe-sieve.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
 
3
5
  /**
package/lib/safe-smtp.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.safeSmtp
package/lib/safe-sql.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.safeSql
package/lib/safe-url.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.safeUrl
package/lib/safe-vcard.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.safeVcard
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * sandbox-worker — bootstrap module loaded inside the worker_threads
package/lib/sandbox.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * b.sandbox - isolation harness for operator-supplied transforms.
package/lib/scheduler.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.scheduler
package/lib/scitt.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.scitt
package/lib/sd-notify.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.sdNotify
package/lib/sec-cyber.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * b.secCyber — SEC Cybersecurity Disclosure Item 1.05 (Form 8-K)
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * security-assert — boot-time policy assertions for production posture.
package/lib/seeders.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * b.seeders — DB seeders.
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.selfUpdate.standaloneVerifier
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.selfUpdate
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.serverTiming
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * b.sessionDeviceBinding — bind sessions to a device fingerprint and