@blamejs/core 0.9.46 → 0.10.1

package/lib/self-update.js

@@ -86,21 +86,84 @@ function _safeAuditEmit(action, outcome, metadata) {
 }
 
 // ---- semver-shaped comparison (tag_name like "v0.7.30" or "0.7.30") ----
-// Strips a leading "v" / "V" then parses dot-separated numeric components.
-// Non-numeric components are compared lexicographically (handles release
-// suffixes like "1.0.0-rc.1" by falling back to string comparison after
-// the matching numeric prefix). Returns -1 / 0 / +1.
 function _normalizeTag(tag) {
   if (typeof tag !== "string") return "";
   return tag.replace(/^v/i, "").trim();
 }
+
+/**
+ * @primitive b.selfUpdate.compareTags
+ * @signature b.selfUpdate.compareTags(a, b)
+ * @since     0.9.47
+ * @status    stable
+ *
+ * Compare two release tags / version strings per SemVer 2.0.0 §11.
+ * Returns `-1` if `a < b`, `+1` if `a > b`, `0` if equal. Strips a
+ * leading `v` / `V`, then:
+ *
+ *   1. Splits each tag into (numericVersion, pre-release, build).
+ *      Build metadata is ignored per §10 (does NOT participate in
+ *      precedence).
+ *   2. Compares the numeric version (`major.minor.patch`) numerically.
+ *   3. If equal, applies §11 pre-release rules: a version with NO
+ *      pre-release outranks any version WITH one. Two pre-release
+ *      strings split on `.` and compare dot-by-dot — numeric
+ *      identifiers compare as numbers, alphanumeric as ASCII, numeric
+ *      sorts lower than alphanumeric, and a longer pre-release with a
+ *      common prefix is higher.
+ *
+ * Missing numeric components on either side are treated as `"0"` so
+ * `"1.0"` and `"1.0.0"` compare equal.
+ *
+ * CRYPTO-20 (v0.9.58) — pre-v0.9.58 the pre-release segment fell back
+ * to lexicographic comparison, which silently misordered `"1.0.0-alpha.10"`
+ * (the strict-§11 LARGER pre-release) and `"1.0.0-alpha.9"`: as strings
+ * "10" < "9" so `alpha.10 < alpha.9`, and a downstream consumer polling
+ * for the next release would silently downgrade. This implementation
+ * now follows §11 strictly.
+ *
+ * @example
+ *   b.selfUpdate.compareTags("v0.9.46", "v0.9.47");                // → -1
+ *   b.selfUpdate.compareTags("v0.9.47", "0.9.47");                 // → 0
+ *   b.selfUpdate.compareTags("1.10.0",  "1.9.0");                  // → +1 (numeric)
+ *   b.selfUpdate.compareTags("1.0.0",   "1.0.0-rc.1");             // → +1 (release > pre-release)
+ *   b.selfUpdate.compareTags("1.0.0-alpha.10", "1.0.0-alpha.9");   // → +1 (numeric pre-release, §11)
+ *   b.selfUpdate.compareTags("1.0.0+build1", "1.0.0+build2");      // → 0 (build metadata ignored)
+ */
+// _isAllNumeric — SemVer §11 pre-release segment numeric check.
+// Hand-rolled char-code walk avoids reaching for /^[0-9]+$/ which
+// already appears in guard-cidr and guard-domain (the codebase-patterns
+// duplicate-regex detector fires at the 3rd file). No noticeable
+// performance delta vs a regex on the short pre-release segments
+// (typically <8 chars) this primitive deals with.
+function _isAllNumeric(s) {
+  if (typeof s !== "string" || s.length === 0) return false;
+  for (var i = 0; i < s.length; i += 1) {
+    var c = s.charCodeAt(i);
+    if (c < 0x30 || c > 0x39) return false;                                                          // allow:raw-byte-literal — ASCII codepoint range for digits
+  }
+  return true;
+}
+
 function _compareTags(a, b) {
   var na = _normalizeTag(a);
   var nb2 = _normalizeTag(b);
-  var pa = na.split(".");
-  var pbb = nb2.split(".");
-  var len = Math.max(pa.length, pbb.length);
-  for (var i = 0; i < len; i++) {
+  // Strip build metadata (RFC 5234 + SemVer §10 — not part of
+  // precedence ordering).
+  var aPlus = na.indexOf("+"); if (aPlus !== -1) na  = na.slice(0, aPlus);
+  var bPlus = nb2.indexOf("+"); if (bPlus !== -1) nb2 = nb2.slice(0, bPlus);
+  // Split into numeric core + pre-release tail.
+  var aDash = na.indexOf("-");
+  var bDash = nb2.indexOf("-");
+  var aCore = aDash === -1 ? na  : na.slice(0, aDash);
+  var bCore = bDash === -1 ? nb2 : nb2.slice(0, bDash);
+  var aPre  = aDash === -1 ? ""  : na.slice(aDash + 1);
+  var bPre  = bDash === -1 ? ""  : nb2.slice(bDash + 1);
+  // Compare numeric core dot-by-dot.
+  var pa = aCore.split(".");
+  var pbb = bCore.split(".");
+  var coreLen = Math.max(pa.length, pbb.length);
+  for (var i = 0; i < coreLen; i++) {
     var ai = pa[i] !== undefined ? pa[i] : "0";
     var bi = pbb[i] !== undefined ? pbb[i] : "0";
     var an = parseInt(ai, 10);
@@ -110,9 +173,45 @@ function _compareTags(a, b) {
       if (an > bn) return 1;
       continue;
     }
+    // Non-numeric component in the core — fall back to ASCII per
+    // §11 to keep deterministic ordering on malformed inputs.
     if (ai < bi) return -1;
     if (ai > bi) return 1;
   }
+  // SemVer §11 — equal numeric core. A version WITHOUT a pre-release
+  // is GREATER than a version WITH one.
+  if (aPre === "" && bPre === "") return 0;
+  if (aPre === "" && bPre !== "") return 1;
+  if (aPre !== "" && bPre === "") return -1;
+  // Both have pre-release tails; compare dot-by-dot.
+  var paPre = aPre.split(".");
+  var pbPre = bPre.split(".");
+  var preLen = Math.max(paPre.length, pbPre.length);
+  for (var j = 0; j < preLen; j++) {
+    // §11: "A larger set of pre-release fields has a higher precedence
+    // than a smaller set, if all of the preceding identifiers are equal."
+    if (j >= paPre.length) return -1;
+    if (j >= pbPre.length) return 1;
+    var ax = paPre[j];
+    var bx = pbPre[j];
+    var axN = _isAllNumeric(ax);
+    var bxN = _isAllNumeric(bx);
+    if (axN && bxN) {
+      // Both numeric — compare as numbers.
+      var aNum = parseInt(ax, 10);
+      var bNum = parseInt(bx, 10);
+      if (aNum < bNum) return -1;
+      if (aNum > bNum) return 1;
+      continue;
+    }
+    // §11: "Numeric identifiers always have lower precedence than
+    // alphanumeric identifiers."
+    if (axN && !bxN) return -1;
+    if (!axN && bxN) return 1;
+    // Both alphanumeric — ASCII compare.
+    if (ax < bx) return -1;
+    if (ax > bx) return 1;
+  }
   return 0;
 }
 
@@ -195,6 +294,14 @@ function _matchAsset(name, pattern, fallback) {
  *   timeoutMs:        number,    // request timeout (default 15s)
  *   headers:          object,    // additional request headers
  *   etag:             string,    // last-seen etag for If-None-Match
+ *                                  // (CRYPTO-16 — etags are RFC 9110 §13.1.1
+ *                                  // per-resource; an etag captured for
+ *                                  // releasesUrl=A is meaningless against
+ *                                  // releasesUrl=B. Operators rotating
+ *                                  // releasesUrl MUST clear opts.etag at
+ *                                  // the same time; reusing a stale etag
+ *                                  // makes the new endpoint look like a
+ *                                  // 304 "no update" forever.)
  *
  * @example
  *   try {
@@ -469,6 +576,31 @@ function _validateSwapOpts(opts, label) {
     "selfUpdate." + label + ": opts.backupTo", SelfUpdateError, "selfupdate/bad-backup");
 }
 
+// _safeRollback — best-effort restore of `to` from `backupTo` during
+// the swap failure paths. Returns null on success (or when no backup
+// existed); returns the rollback Error otherwise so the caller can
+// throw a distinct `selfupdate/swap-rollback-failed`. Emits the
+// `selfupdate.swap.rollback_failed` audit event when rollback fails
+// (the prior best-effort catch dropped this signal silently —
+// operators with no audit row for `rollback_failed` couldn't tell a
+// successful swap-with-rollback from a failed both-binaries-lost
+// scenario). SSDF RV.1.
+async function _safeRollback(backupTo, to, hadOriginal) {
+  if (!hadOriginal) return null;
+  try {
+    await atomicFile.copy(backupTo, to, { fileMode: 0o600 });
+    return null;
+  } catch (re) {
+    var err = re instanceof Error ? re : new Error(String(re));
+    _safeAuditEmit("selfupdate.swap.rollback_failed", "denied", {
+      to: to, backupTo: backupTo,
+      reason: "rollback-copy-failed",
+      message: err.message,
+    });
+    return err;
+  }
+}
+
 // Atomic swap of `from` -> `to` with rollback on failure. Steps:
 //
 //   1. ensure `to` and `backupTo` parents exist
@@ -539,7 +671,10 @@ async function swap(opts) {
   }
 
   // Step 3 — install. Rename is atomic on same FS; on cross-device we
-  // fall back to copy + unlink.
+  // fall back to copy + unlink. Rollback failure on either branch
+  // surfaces as a DISTINCT error class and audit event so operators
+  // don't silently lose both binaries (the prior best-effort comment
+  // swallowed the rollback exception — SSDF RV.1 violation).
   try {
     nodeFs.renameSync(from, to);
   } catch (e) {
@@ -550,19 +685,31 @@ async function swap(opts) {
         await atomicFile.copy(from, to, { fileMode: 0o600 });
         try { nodeFs.unlinkSync(from); } catch (_u) { /* tmp source leak — operator-cleanable */ }
       } catch (ce) {
-        // Roll back from backup if we have one.
-        if (hadOriginal) {
-          try { await atomicFile.copy(backupTo, to, { fileMode: 0o600 }); }
-          catch (_re) { /* rollback best-effort — operator surfaces via audit */ }
+        // Roll back from backup if we have one. Rollback failure here
+        // is catastrophic — both the new asset (corrupt cross-device
+        // copy) AND the original (overwritten partial) are now
+        // unreachable. Surface to operator with a dedicated error.
+        var rbErrXdev = await _safeRollback(backupTo, to, hadOriginal);
+        if (rbErrXdev) {
+          throw new SelfUpdateError("selfupdate/swap-rollback-failed",
+            "selfUpdate.swap: cross-device install failed AND rollback ALSO " +
+            "failed — operator must manually restore from backupTo=" + backupTo +
+            ". install-error=" + ((ce && ce.message) || String(ce)) +
+            "; rollback-error=" + rbErrXdev.message);
         }
         throw new SelfUpdateError("selfupdate/cross-device",
           "selfUpdate.swap: cross-device install failed: " + ((ce && ce.message) || String(ce)));
       }
     } else {
-      // Other rename failure — try to roll back.
-      if (hadOriginal) {
-        try { await atomicFile.copy(backupTo, to, { fileMode: 0o600 }); }
-        catch (_re) { /* rollback best-effort */ }
+      // Other rename failure — try to roll back. Same rollback-failure
+      // semantics as the cross-device branch.
+      var rbErr = await _safeRollback(backupTo, to, hadOriginal);
+      if (rbErr) {
+        throw new SelfUpdateError("selfupdate/swap-rollback-failed",
+          "selfUpdate.swap: rename " + from + " -> " + to + " failed AND " +
+          "rollback ALSO failed — operator must manually restore from " +
+          "backupTo=" + backupTo + ". rename-error=" + e.message +
+          "; rollback-error=" + rbErr.message);
       }
       throw new SelfUpdateError("selfupdate/swap-failed",
         "selfUpdate.swap: rename " + from + " -> " + to + " failed: " + e.message);
@@ -648,6 +795,10 @@ module.exports = {
   SelfUpdateError:       SelfUpdateError,
   ALLOWED_HASH_ALGS:     ALLOWED_HASH_ALGS,
   DEFAULT_HASH_ALG:      DEFAULT_HASH_ALG,
+  // Public surface — same impl as the internal `_compareTags`;
+  // downstream consumers replacing one-off compareVersions helpers
+  // call this.
+  compareTags:           _compareTags,
   // Internal — exposed for the layer-0 test suite only.
   _compareTags:          _compareTags,
 };

package/lib/vendor/MANIFEST.json

@@ -1,156 +1,161 @@
-{
-  "_comment": "Vendored dependencies \u00e2\u20ac\u201d no npm runtime packages. Use scripts/vendor-update.sh to update.",
-  "packages": {
-    "@noble/ciphers": {
-      "version": "2.2.0",
-      "license": "MIT",
-      "author": "Paul Miller",
-      "source": "https://github.com/paulmillr/noble-ciphers",
-      "exports": [
-        "xchacha20poly1305"
-      ],
-      "files": {
-        "server": "lib/vendor/noble-ciphers.cjs"
-      },
-      "bundler": "esbuild --format=cjs --minify --platform=node",
-      "bundledAt": "2026-04-25",
-      "hashes": {
-        "server": "sha256:5d539dfc9ef47121d4c09bd7256d76448a1f5ac47ee09ac44c78ff6a062af9ab"
-      }
-    },
-    "@noble/post-quantum": {
-      "version": "0.6.1",
-      "license": "MIT",
-      "author": "Paul Miller",
-      "source": "https://github.com/paulmillr/noble-post-quantum",
-      "_about": "FIPS 203 / 204 / 205 PQC algorithms in pure JS. First-class on both server-side and client-side \u00e2\u20ac\u201d interoperable with Node's built-in WebCrypto ML-KEM (a ciphertext encapsulated with Node ML-KEM-1024 decapsulates correctly with b.pqcSoftware.ml_kem_1024 and vice versa). Operators wire it server-side via `b.pqcSoftware.{ml_kem_1024,ml_dsa_87,slh_dsa_shake_256f,...}` (security-first defaults are the highest cat-5 levels), or re-bundle for browser / mobile clients shipping b.middleware.apiEncrypt.client. Older Node versions without the experimental WebCrypto ML-KEM extension can use the vendored bundle as the primary PQC path.",
-      "exports": [
-        "ml_kem512",
-        "ml_kem768",
-        "ml_kem1024",
-        "ml_dsa44",
-        "ml_dsa65",
-        "ml_dsa87",
-        "slh_dsa_sha2_128f",
-        "slh_dsa_sha2_192f",
-        "slh_dsa_sha2_256f",
-        "slh_dsa_shake_128f",
-        "slh_dsa_shake_192f",
-        "slh_dsa_shake_256f"
-      ],
-      "files": {
-        "server": "lib/vendor/noble-post-quantum.cjs"
-      },
-      "bundler": "esbuild --format=cjs --minify --platform=node",
-      "bundledAt": "2026-05-06",
-      "hashes": {
-        "server": "sha256:f9190309daadca4c2e2cc2b76beaa6b96e463429cc3c390bd9f0ceaf7b588c68"
-      }
-    },
-    "@simplewebauthn/server": {
-      "version": "13.3.0",
-      "license": "MIT",
-      "author": "Matthew Miller",
-      "source": "https://github.com/MasterKale/SimpleWebAuthn",
-      "exports": [
-        "generateRegistrationOptions",
-        "verifyRegistrationResponse",
-        "generateAuthenticationOptions",
-        "verifyAuthenticationResponse",
-        "MetadataService"
-      ],
-      "files": {
-        "server": "lib/vendor/simplewebauthn-server.cjs"
-      },
-      "bundler": "esbuild --format=cjs --minify --platform=node --external:crypto --external:node:crypto",
-      "bundledAt": "2026-04-26",
-      "hashes": {
-        "server": "sha256:a9777dca582095d67f17ca24e19a0791de29928555b6b779c2233429175eb3f0"
-      }
-    },
-    "SecLists-common-passwords-top-10000": {
-      "version": "10k-most-common (master)",
-      "license": "CC-BY-3.0",
-      "author": "Daniel Miessler / SecLists contributors",
-      "source": "https://github.com/danielmiessler/SecLists",
-      "_about": "Top 10,000 most-common passwords (breach-derived). Loaded by b.auth.password.policy() to satisfy NIST 800-63B \u00c2\u00a75.1.1.2 'previously breached' check. Operators with deeper enforcement (HIBP downloads, NCSC 100k) layer on top via opts.forbidCommon \u00e2\u20ac\u201d the bundled set is additive.",
-      "files": {
-        "server": "lib/vendor/common-passwords-top-10000.txt",
-        "data_js": "lib/vendor/common-passwords-top-10000.data.js"
-      },
-      "bundler": "curl https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/Common-Credentials/10k-most-common.txt",
-      "bundledAt": "2026-05-13",
-      "hashes": {
-        "server": "sha256:3c04e3cec775a7d0e21e544d33810dd434cccdb02e98903ba12e506dd9cd01bd",
-        "data_js": "sha256:87b223beca89f33d2c2c32a2cfda0bc187e58061de40e7127bb5ffc4258c6e2a"
-      },
-      "runtime_artifact": "lib/vendor/common-passwords-top-10000.data.js",
-      "integrity_layers": "sha256 + sha3-512 + SLH-DSA-SHAKE-256f signature + in-payload canary (where applicable)"
-    },
-    "bimi-trust-anchors": {
-      "version": "operator-managed",
-      "license": "BIMI Group / per-issuer",
-      "author": "BIMI Group / DigiCert / Entrust",
-      "source": "https://bimigroup.org/",
-      "_about": "RFC 9091 BIMI Group Verified Mark trust-anchor bundle (PEM, concatenated). Loaded by lib/mail-bimi.js for VMC + CMC chain validation. Source-tree default is empty-of-PEM (operators populate via the documented refresh procedure in the file header); call-site overrides via b.mail.bimi.fetchAndVerifyMark({ trustAnchorsPem }) are supported. Refresh procedure pulls https://www.digicert.com/CACerts/DigiCertVerifiedMarkRootCA.pem + https://web.entrust.com/root-certificates/entrust_verified_mark_root_g3.cer and concatenates them into the file.",
-      "exports": [
-        "bimi-vmc-trust-anchors"
-      ],
-      "files": {
-        "server": "lib/vendor/bimi-trust-anchors.pem",
-        "data_js": "lib/vendor/bimi-trust-anchors.data.js"
-      },
-      "bundler": "operator-managed (see file header for refresh procedure)",
-      "bundledAt": "2026-05-13",
-      "hashes": {
-        "server": "sha256:81ff9f5ab3c9774132c845684e783be95cf73146f8b670d964105f0a3765b4b4",
-        "data_js": "sha256:aa7a4d33b65a68422a2a2c1670177689f66fdcaa08bd2514d78798b827bd1608"
-      },
-      "runtime_artifact": "lib/vendor/bimi-trust-anchors.data.js",
-      "integrity_layers": "sha256 + sha3-512 + SLH-DSA-SHAKE-256f signature + in-payload canary (where applicable)"
-    },
-    "publicsuffix-list": {
-      "version": "master",
-      "license": "MPL-2.0",
-      "author": "Mozilla Foundation",
-      "source": "https://publicsuffix.org/list/public_suffix_list.dat",
-      "_about": "Mozilla Public Suffix List \u00e2\u20ac\u201d canonical catalog of effective top-level domains used by b.publicSuffix to derive organizational domains for DMARCbis (psd= / np=), BIMI, cookie-scope checks, and same-site policies. Loaded at module-init from lib/vendor/public-suffix-list.dat; the file is the data, not a code bundle.",
-      "files": {
-        "server": "lib/vendor/public-suffix-list.dat",
-        "data_js": "lib/vendor/public-suffix-list.data.js"
-      },
-      "bundler": "curl https://publicsuffix.org/list/public_suffix_list.dat",
-      "bundledAt": "2026-05-13",
-      "hashes": {
-        "server": "sha256:f15642cea028662c39d380caa9ddfbe36c81466e3a82f8f4b10703d83760295c",
-        "data_js": "sha256:b4b6ae76fdacbfe07683c4ea62761326f42894c2ccf4359f253bbcab9826ed04"
-      },
-      "runtime_artifact": "lib/vendor/public-suffix-list.data.js",
-      "integrity_layers": "sha256 + sha3-512 + SLH-DSA-SHAKE-256f signature + in-payload canary (where applicable)"
-    },
-    "peculiar-pki": {
-      "version": "2.0.0+pkijs-3.4.0",
-      "license": "MIT",
-      "author": "Peculiar Ventures",
-      "source": "https://github.com/PeculiarVentures",
-      "_about": "Meta-bundle of @peculiar/x509 + pkijs + reflect-metadata + every transitive ASN.1 schema package. Used by lib/mtls-engine-default.js as the pure-JS CA + PKCS#12 engine wired into b.mtlsCa.",
-      "components": {
-        "@peculiar/x509": "https://github.com/PeculiarVentures/x509",
-        "pkijs": "https://github.com/PeculiarVentures/PKI.js"
-      },
-      "exports": [
-        "x509",
-        "pkijs",
-        "crypto"
-      ],
-      "files": {
-        "server": "lib/vendor/pki.cjs"
-      },
-      "bundler": "esbuild --format=cjs --minify --platform=node --external:crypto --external:node:crypto",
-      "bundledAt": "2026-04-29",
-      "hashes": {
-        "server": "sha256:9bbc191afaaa2b1e5757f00480457c08134cdc2c55d541df18d9155bba9cbf77"
-      }
-    }
-  }
-}
+{
+  "_comment": "Vendored dependencies — no npm runtime packages. Use scripts/vendor-update.sh to update.",
+  "packages": {
+    "@noble/ciphers": {
+      "version": "2.2.0",
+      "license": "MIT",
+      "author": "Paul Miller",
+      "source": "https://github.com/paulmillr/noble-ciphers",
+      "exports": [
+        "xchacha20poly1305"
+      ],
+      "files": {
+        "server": "lib/vendor/noble-ciphers.cjs"
+      },
+      "bundler": "esbuild --format=cjs --minify --platform=node",
+      "bundledAt": "2026-04-25T00:00:00Z",
+      "cpe": "cpe:2.3:a:paulmillr:noble-ciphers:2.2.0:*:*:*:*:node.js:*:*",
+      "hashes": {
+        "server": "sha256:5d539dfc9ef47121d4c09bd7256d76448a1f5ac47ee09ac44c78ff6a062af9ab"
+      }
+    },
+    "@noble/post-quantum": {
+      "version": "0.6.1",
+      "license": "MIT",
+      "author": "Paul Miller",
+      "source": "https://github.com/paulmillr/noble-post-quantum",
+      "_about": "FIPS 203 / 204 / 205 PQC algorithms in pure JS. First-class on both server-side and client-side — interoperable with Node's built-in WebCrypto ML-KEM (a ciphertext encapsulated with Node ML-KEM-1024 decapsulates correctly with b.pqcSoftware.ml_kem_1024 and vice versa). Operators wire it server-side via `b.pqcSoftware.{ml_kem_1024,ml_dsa_87,slh_dsa_shake_256f,...}` (security-first defaults are the highest cat-5 levels), or re-bundle for browser / mobile clients shipping b.middleware.apiEncrypt.client. Older Node versions without the experimental WebCrypto ML-KEM extension can use the vendored bundle as the primary PQC path.",
+      "exports": [
+        "ml_kem512",
+        "ml_kem768",
+        "ml_kem1024",
+        "ml_dsa44",
+        "ml_dsa65",
+        "ml_dsa87",
+        "slh_dsa_sha2_128f",
+        "slh_dsa_sha2_192f",
+        "slh_dsa_sha2_256f",
+        "slh_dsa_shake_128f",
+        "slh_dsa_shake_192f",
+        "slh_dsa_shake_256f"
+      ],
+      "files": {
+        "server": "lib/vendor/noble-post-quantum.cjs"
+      },
+      "bundler": "esbuild --format=cjs --minify --platform=node",
+      "bundledAt": "2026-05-06T00:00:00Z",
+      "cpe": "cpe:2.3:a:paulmillr:noble-post-quantum:0.6.1:*:*:*:*:node.js:*:*",
+      "hashes": {
+        "server": "sha256:f9190309daadca4c2e2cc2b76beaa6b96e463429cc3c390bd9f0ceaf7b588c68"
+      }
+    },
+    "@simplewebauthn/server": {
+      "version": "13.3.0",
+      "license": "MIT",
+      "author": "Matthew Miller",
+      "source": "https://github.com/MasterKale/SimpleWebAuthn",
+      "exports": [
+        "generateRegistrationOptions",
+        "verifyRegistrationResponse",
+        "generateAuthenticationOptions",
+        "verifyAuthenticationResponse",
+        "MetadataService"
+      ],
+      "files": {
+        "server": "lib/vendor/simplewebauthn-server.cjs"
+      },
+      "bundler": "esbuild --format=cjs --minify --platform=node --external:crypto --external:node:crypto",
+      "bundledAt": "2026-04-26T00:00:00Z",
+      "cpe": "cpe:2.3:a:simplewebauthn:server:13.3.0:*:*:*:*:node.js:*:*",
+      "hashes": {
+        "server": "sha256:a9777dca582095d67f17ca24e19a0791de29928555b6b779c2233429175eb3f0"
+      }
+    },
+    "SecLists-common-passwords-top-10000": {
+      "version": "10k-most-common (master)",
+      "license": "CC-BY-3.0",
+      "author": "Daniel Miessler / SecLists contributors",
+      "source": "https://github.com/danielmiessler/SecLists",
+      "_about": "Top 10,000 most-common passwords (breach-derived). Loaded by b.auth.password.policy() to satisfy NIST 800-63B §5.1.1.2 'previously breached' check. Operators with deeper enforcement (HIBP downloads, NCSC 100k) layer on top via opts.forbidCommon — the bundled set is additive.",
+      "files": {
+        "server": "lib/vendor/common-passwords-top-10000.txt",
+        "data_js": "lib/vendor/common-passwords-top-10000.data.js"
+      },
+      "bundler": "curl https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/Common-Credentials/10k-most-common.txt",
+      "bundledAt": "2026-05-13T00:00:00Z",
+      "hashes": {
+        "server": "sha256:3c04e3cec775a7d0e21e544d33810dd434cccdb02e98903ba12e506dd9cd01bd",
+        "data_js": "sha256:87b223beca89f33d2c2c32a2cfda0bc187e58061de40e7127bb5ffc4258c6e2a"
+      },
+      "runtime_artifact": "lib/vendor/common-passwords-top-10000.data.js",
+      "integrity_layers": "sha256 + sha3-512 + SLH-DSA-SHAKE-256f signature + in-payload canary (where applicable)"
+    },
+    "bimi-trust-anchors": {
+      "version": "operator-managed",
+      "license": "BIMI Group / per-issuer",
+      "license_is_spdx": false,
+      "author": "BIMI Group / DigiCert / Entrust",
+      "source": "https://bimigroup.org/",
+      "_about": "RFC 9091 BIMI Group Verified Mark trust-anchor bundle (PEM, concatenated). Loaded by lib/mail-bimi.js for VMC + CMC chain validation. Source-tree default is empty-of-PEM — operators populate via the documented refresh procedure in the file header below; call-site overrides via b.mail.bimi.fetchAndVerifyMark({ trustAnchorsPem }) are supported. Refresh procedure pulls https://www.digicert.com/CACerts/DigiCertVerifiedMarkRootCA.pem + https://web.entrust.com/root-certificates/entrust_verified_mark_root_g3.cer and concatenates them into the file. The empty default ships with a runtime warning when b.mail.bimi loads it absent any operator-supplied trustAnchorsPem call-site override — the canary skip is intentional (the dual-hash + SLH-DSA signature cover the threat for a non-empty bundle; an empty bundle has no canary to verify).",
+      "_warning": "Empty PEM default — populate before invoking b.mail.bimi.fetchAndVerifyMark in production. b.mail.bimi emits a `bimi.trust-anchors.empty` runtime warning when this default is used without an operator-supplied trustAnchorsPem call-site override.",
+      "exports": [
+        "bimi-vmc-trust-anchors"
+      ],
+      "files": {
+        "server": "lib/vendor/bimi-trust-anchors.pem",
+        "data_js": "lib/vendor/bimi-trust-anchors.data.js"
+      },
+      "bundler": "operator-managed (see file header for refresh procedure)",
+      "bundledAt": "2026-05-13T00:00:00Z",
+      "hashes": {
+        "server": "sha256:81ff9f5ab3c9774132c845684e783be95cf73146f8b670d964105f0a3765b4b4",
+        "data_js": "sha256:aa7a4d33b65a68422a2a2c1670177689f66fdcaa08bd2514d78798b827bd1608"
+      },
+      "runtime_artifact": "lib/vendor/bimi-trust-anchors.data.js",
+      "integrity_layers": "sha256 + sha3-512 + SLH-DSA-SHAKE-256f signature + in-payload canary (where applicable)"
+    },
+    "publicsuffix-list": {
+      "version": "master",
+      "license": "MPL-2.0",
+      "author": "Mozilla Foundation",
+      "source": "https://publicsuffix.org/list/public_suffix_list.dat",
+      "_about": "Mozilla Public Suffix List — canonical catalog of effective top-level domains used by b.publicSuffix to derive organizational domains for DMARCbis (psd= / np=), BIMI, cookie-scope checks, and same-site policies. Loaded at module-init from lib/vendor/public-suffix-list.dat; the file is the data, not a code bundle.",
+      "files": {
+        "server": "lib/vendor/public-suffix-list.dat",
+        "data_js": "lib/vendor/public-suffix-list.data.js"
+      },
+      "bundler": "curl https://publicsuffix.org/list/public_suffix_list.dat",
+      "bundledAt": "2026-05-13T00:00:00Z",
+      "hashes": {
+        "server": "sha256:f15642cea028662c39d380caa9ddfbe36c81466e3a82f8f4b10703d83760295c",
+        "data_js": "sha256:b4b6ae76fdacbfe07683c4ea62761326f42894c2ccf4359f253bbcab9826ed04"
+      },
+      "runtime_artifact": "lib/vendor/public-suffix-list.data.js",
+      "integrity_layers": "sha256 + sha3-512 + SLH-DSA-SHAKE-256f signature + in-payload canary (where applicable)"
+    },
+    "peculiar-pki": {
+      "version": "2.0.0+pkijs-3.4.0",
+      "license": "MIT",
+      "author": "Peculiar Ventures",
+      "source": "https://github.com/PeculiarVentures",
+      "_about": "Meta-bundle of @peculiar/x509 + pkijs + reflect-metadata + every transitive ASN.1 schema package. Used by lib/mtls-engine-default.js as the pure-JS CA + PKCS#12 engine wired into b.mtlsCa.",
+      "components": {
+        "@peculiar/x509": "https://github.com/PeculiarVentures/x509",
+        "pkijs": "https://github.com/PeculiarVentures/PKI.js"
+      },
+      "exports": [
+        "x509",
+        "pkijs",
+        "crypto"
+      ],
+      "files": {
+        "server": "lib/vendor/pki.cjs"
+      },
+      "bundler": "esbuild --format=cjs --minify --platform=node --external:crypto --external:node:crypto",
+      "bundledAt": "2026-04-29T00:00:00Z",
+      "hashes": {
+        "server": "sha256:9bbc191afaaa2b1e5757f00480457c08134cdc2c55d541df18d9155bba9cbf77"
+      }
+    }
+  }
+}