@blamejs/core 0.8.51 → 0.8.57
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +6 -0
- package/index.js +8 -0
- package/lib/audit.js +4 -0
- package/lib/auth/fido-mds3.js +624 -0
- package/lib/auth/passkey.js +214 -2
- package/lib/auth-bot-challenge.js +1 -1
- package/lib/credential-hash.js +2 -2
- package/lib/framework-error.js +55 -0
- package/lib/guard-cidr.js +2 -1
- package/lib/guard-jwt.js +2 -2
- package/lib/guard-oauth.js +2 -2
- package/lib/http-client-cache.js +916 -0
- package/lib/http-client.js +242 -0
- package/lib/local-db-thin.js +8 -7
- package/lib/mail-arf.js +343 -0
- package/lib/mail-auth.js +265 -40
- package/lib/mail-bimi.js +948 -33
- package/lib/mail-bounce.js +386 -4
- package/lib/mail-mdn.js +424 -0
- package/lib/mail-unsubscribe.js +265 -25
- package/lib/mail.js +403 -21
- package/lib/middleware/bearer-auth.js +1 -1
- package/lib/middleware/clear-site-data.js +122 -0
- package/lib/middleware/dpop.js +1 -1
- package/lib/middleware/index.js +9 -0
- package/lib/middleware/nel.js +214 -0
- package/lib/middleware/security-headers.js +56 -4
- package/lib/middleware/speculation-rules.js +323 -0
- package/lib/mime-parse.js +198 -0
- package/lib/network-dns.js +890 -27
- package/lib/network-tls.js +745 -0
- package/lib/object-store/sigv4.js +54 -0
- package/lib/public-suffix.js +414 -0
- package/lib/safe-buffer.js +7 -0
- package/lib/safe-json.js +1 -1
- package/lib/static.js +120 -0
- package/lib/storage.js +11 -0
- package/lib/vendor/MANIFEST.json +33 -0
- package/lib/vendor/bimi-trust-anchors.pem +33 -0
- package/lib/vendor/public-suffix-list.dat +16376 -0
- package/package.json +1 -1
- package/sbom.cyclonedx.json +6 -6
package/lib/storage.js
CHANGED
|
@@ -675,6 +675,14 @@ function presignedUploadUrl(key, opts) { return _presign("Upload", key, opts);
|
|
|
675
675
|
* classification: string, // route to a backend serving this classification
|
|
676
676
|
* backend: string, // explicit backend by name
|
|
677
677
|
* expiresInSec: number, // URL lifetime; backend-defaulted when omitted
|
|
678
|
+
* responseHeaders: { // S3 response-header overrides (sigv4 backend)
|
|
679
|
+
* contentDisposition: string, // e.g. 'attachment; filename="invoice.pdf"'
|
|
680
|
+
* contentType: string,
|
|
681
|
+
* contentLanguage: string,
|
|
682
|
+
* contentEncoding: string,
|
|
683
|
+
* cacheControl: string,
|
|
684
|
+
* expires: string,
|
|
685
|
+
* },
|
|
678
686
|
*
|
|
679
687
|
* @example
|
|
680
688
|
* b.storage.init({
|
|
@@ -694,6 +702,9 @@ function presignedUploadUrl(key, opts) { return _presign("Upload", key, opts);
|
|
|
694
702
|
* var presigned = b.storage.presignedDownloadUrl("public/logo.png", {
|
|
695
703
|
* backend: "us-ops",
|
|
696
704
|
* expiresInSec: 60,
|
|
705
|
+
* responseHeaders: {
|
|
706
|
+
* contentDisposition: 'attachment; filename="logo.png"',
|
|
707
|
+
* },
|
|
697
708
|
* });
|
|
698
709
|
* presigned.method; // → "GET"
|
|
699
710
|
*/
|
package/lib/vendor/MANIFEST.json
CHANGED
|
@@ -83,6 +83,39 @@
|
|
|
83
83
|
"server": "sha256:4adb3f0afb4a10cf19ebe48d8c69a46f934bbc8d77c694c210564f9583e7f4ba"
|
|
84
84
|
}
|
|
85
85
|
},
|
|
86
|
+
"bimi-trust-anchors": {
|
|
87
|
+
"version": "operator-managed",
|
|
88
|
+
"license": "BIMI Group / per-issuer",
|
|
89
|
+
"author": "BIMI Group / DigiCert / Entrust",
|
|
90
|
+
"source": "https://bimigroup.org/",
|
|
91
|
+
"_about": "RFC 9091 BIMI Group Verified Mark trust-anchor bundle (PEM, concatenated). Loaded by lib/mail-bimi.js for VMC + CMC chain validation. Source-tree default is empty-of-PEM (operators populate via the documented refresh procedure in the file header); call-site overrides via b.mail.bimi.fetchAndVerifyMark({ trustAnchorsPem }) are supported. Refresh procedure pulls https://www.digicert.com/CACerts/DigiCertVerifiedMarkRootCA.pem + https://web.entrust.com/root-certificates/entrust_verified_mark_root_g3.cer and concatenates them into the file.",
|
|
92
|
+
"exports": [
|
|
93
|
+
"bimi-vmc-trust-anchors"
|
|
94
|
+
],
|
|
95
|
+
"files": {
|
|
96
|
+
"server": "lib/vendor/bimi-trust-anchors.pem"
|
|
97
|
+
},
|
|
98
|
+
"bundler": "operator-managed (see file header for refresh procedure)",
|
|
99
|
+
"bundledAt": "2026-05-09",
|
|
100
|
+
"hashes": {
|
|
101
|
+
"server": "sha256:81ff9f5ab3c9774132c845684e783be95cf73146f8b670d964105f0a3765b4b4"
|
|
102
|
+
}
|
|
103
|
+
},
|
|
104
|
+
"publicsuffix-list": {
|
|
105
|
+
"version": "master",
|
|
106
|
+
"license": "MPL-2.0",
|
|
107
|
+
"author": "Mozilla Foundation",
|
|
108
|
+
"source": "https://publicsuffix.org/list/public_suffix_list.dat",
|
|
109
|
+
"_about": "Mozilla Public Suffix List — canonical catalog of effective top-level domains used by b.publicSuffix to derive organizational domains for DMARCbis (psd= / np=), BIMI, cookie-scope checks, and same-site policies. Loaded at module-init from lib/vendor/public-suffix-list.dat; the file is the data, not a code bundle.",
|
|
110
|
+
"files": {
|
|
111
|
+
"server": "lib/vendor/public-suffix-list.dat"
|
|
112
|
+
},
|
|
113
|
+
"bundler": "curl https://publicsuffix.org/list/public_suffix_list.dat",
|
|
114
|
+
"bundledAt": "2026-05-09",
|
|
115
|
+
"hashes": {
|
|
116
|
+
"server": "sha256:a00855bbf027ca86cead1cf0bafc0b9b1ae904dda97f3e24b0062aa2e6e289e2"
|
|
117
|
+
}
|
|
118
|
+
},
|
|
86
119
|
"peculiar-pki": {
|
|
87
120
|
"version": "2.0.0+pkijs-3.4.0",
|
|
88
121
|
"license": "MIT",
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
# BIMI Group Verified Mark Trust Anchors — RFC 9091
|
|
2
|
+
#
|
|
3
|
+
# This file MUST contain the published BIMI Group VMC + CMC issuing-root
|
|
4
|
+
# X.509 certificates in PEM format, concatenated. The current published
|
|
5
|
+
# anchors are:
|
|
6
|
+
#
|
|
7
|
+
# - DigiCert Verified Mark Root CA
|
|
8
|
+
# https://www.digicert.com/CACerts/DigiCertVerifiedMarkRootCA.pem
|
|
9
|
+
#
|
|
10
|
+
# - Entrust Verified Mark Root Certification Authority - VMR1
|
|
11
|
+
# https://web.entrust.com/root-certificates/entrust_verified_mark_root_g3.cer
|
|
12
|
+
#
|
|
13
|
+
# Refresh procedure (operator):
|
|
14
|
+
#
|
|
15
|
+
# 1. Fetch each of the above PEM files.
|
|
16
|
+
# 2. Concatenate them into this file (replace the contents below).
|
|
17
|
+
# 3. Re-run the framework's vendor-MANIFEST hash refresh:
|
|
18
|
+
# node scripts/vendor-update.sh
|
|
19
|
+
# 4. Commit alongside the framework version bump.
|
|
20
|
+
#
|
|
21
|
+
# Operators may also pass a custom anchor bundle at call time via
|
|
22
|
+
# `b.mail.bimi.fetchAndVerifyMark({ ..., trustAnchorsPem: "<PEM bytes>" })`
|
|
23
|
+
# — this overrides the vendored bundle for that single call. Use the
|
|
24
|
+
# override path when integrating with a CA list managed by the operator's
|
|
25
|
+
# own PKI inventory rather than the framework's vendored snapshot.
|
|
26
|
+
#
|
|
27
|
+
# The file is intentionally checked-in EMPTY-of-PEM in pre-1.0 source
|
|
28
|
+
# trees: the live issuers rotate, and committing a snapshot here would
|
|
29
|
+
# rot. Operators MUST either (a) populate via the refresh procedure
|
|
30
|
+
# above OR (b) pass `trustAnchorsPem` at call time. Calls to
|
|
31
|
+
# fetchAndVerifyMark with an empty trust-anchor bundle and no operator
|
|
32
|
+
# override raise `bimi/vmc-chain-invalid` with a "no trust anchors
|
|
33
|
+
# configured" message.
|