@eggjs/security 4.0.1 → 5.0.0-beta.15

package/dist/lib/middlewares/dta.d.ts

@@ -0,0 +1,6 @@
+import { MiddlewareFunc } from "egg";
+
+//#region src/lib/middlewares/dta.d.ts
+declare const _default: () => MiddlewareFunc;
+//#endregion
+export { _default as default };

package/dist/lib/middlewares/dta.js

@@ -0,0 +1,13 @@
+import { isSafePath } from "../utils.js";
+
+//#region src/lib/middlewares/dta.ts
+var dta_default = () => {
+	return function dta(ctx, next) {
+		const path = ctx.path;
+		if (!isSafePath(path, ctx)) ctx.throw(400);
+		return next();
+	};
+};
+
+//#endregion
+export { dta_default as default };

package/dist/lib/middlewares/hsts.d.ts

@@ -0,0 +1,7 @@
+import { SecurityConfig } from "../../config/config.default.js";
+import { MiddlewareFunc } from "egg";
+
+//#region src/lib/middlewares/hsts.d.ts
+declare const _default: (options: SecurityConfig["hsts"]) => MiddlewareFunc;
+//#endregion
+export { _default as default };

package/dist/lib/middlewares/hsts.js

@@ -0,0 +1,19 @@
+import { checkIfIgnore } from "../utils.js";
+
+//#region src/lib/middlewares/hsts.ts
+var hsts_default = (options) => {
+	return async function hsts(ctx, next) {
+		await next();
+		const opts = {
+			...options,
+			...ctx.securityOptions.hsts
+		};
+		if (checkIfIgnore(opts, ctx)) return;
+		let val = `max-age=${opts.maxAge}`;
+		if (opts.includeSubdomains) val = `${val}; includeSubdomains`;
+		ctx.set("strict-transport-security", val);
+	};
+};
+
+//#endregion
+export { hsts_default as default };

package/dist/lib/middlewares/index.d.ts

@@ -0,0 +1,18 @@
+import { SecurityConfig } from "../../config/config.default.js";
+import * as egg0 from "egg";
+
+//#region src/lib/middlewares/index.d.ts
+declare const _default: {
+  csp: (options: SecurityConfig["csp"]) => egg0.MiddlewareFunc;
+  csrf: (options: SecurityConfig["csrf"]) => egg0.MiddlewareFunc;
+  dta: () => egg0.MiddlewareFunc;
+  hsts: (options: SecurityConfig["hsts"]) => egg0.MiddlewareFunc;
+  methodnoallow: () => egg0.MiddlewareFunc;
+  noopen: (options: SecurityConfig["noopen"]) => egg0.MiddlewareFunc;
+  nosniff: (options: SecurityConfig["nosniff"]) => egg0.MiddlewareFunc;
+  referrerPolicy: (options: SecurityConfig["referrerPolicy"]) => egg0.MiddlewareFunc;
+  xframe: (options: SecurityConfig["xframe"]) => egg0.MiddlewareFunc;
+  xssProtection: (options: SecurityConfig["xssProtection"]) => egg0.MiddlewareFunc;
+};
+//#endregion
+export { _default as default };

package/dist/lib/middlewares/index.js

@@ -0,0 +1,27 @@
+import csp_default from "./csp.js";
+import csrf_default from "./csrf.js";
+import dta_default from "./dta.js";
+import hsts_default from "./hsts.js";
+import methodnoallow_default from "./methodnoallow.js";
+import noopen_default from "./noopen.js";
+import nosniff_default from "./nosniff.js";
+import referrerPolicy_default from "./referrerPolicy.js";
+import xframe_default from "./xframe.js";
+import xssProtection_default from "./xssProtection.js";
+
+//#region src/lib/middlewares/index.ts
+var middlewares_default = {
+	csp: csp_default,
+	csrf: csrf_default,
+	dta: dta_default,
+	hsts: hsts_default,
+	methodnoallow: methodnoallow_default,
+	noopen: noopen_default,
+	nosniff: nosniff_default,
+	referrerPolicy: referrerPolicy_default,
+	xframe: xframe_default,
+	xssProtection: xssProtection_default
+};
+
+//#endregion
+export { middlewares_default as default };

package/dist/lib/middlewares/methodnoallow.d.ts

@@ -0,0 +1,6 @@
+import { MiddlewareFunc } from "egg";
+
+//#region src/lib/middlewares/methodnoallow.d.ts
+declare const _default: () => MiddlewareFunc;
+//#endregion
+export { _default as default };

package/dist/lib/middlewares/methodnoallow.js

@@ -0,0 +1,15 @@
+import { METHODS } from "node:http";
+
+//#region src/lib/middlewares/methodnoallow.ts
+const METHODS_NOT_ALLOWED = ["TRACE", "TRACK"];
+const safeHttpMethodsMap = {};
+for (const method of METHODS) if (!METHODS_NOT_ALLOWED.includes(method)) safeHttpMethodsMap[method.toUpperCase()] = true;
+var methodnoallow_default = () => {
+	return function notAllow(ctx, next) {
+		if (!safeHttpMethodsMap[ctx.method]) ctx.throw(405);
+		return next();
+	};
+};
+
+//#endregion
+export { methodnoallow_default as default };

package/dist/lib/middlewares/noopen.d.ts

@@ -0,0 +1,7 @@
+import { SecurityConfig } from "../../config/config.default.js";
+import { MiddlewareFunc } from "egg";
+
+//#region src/lib/middlewares/noopen.d.ts
+declare const _default: (options: SecurityConfig["noopen"]) => MiddlewareFunc;
+//#endregion
+export { _default as default };

package/dist/lib/middlewares/noopen.js

@@ -0,0 +1,17 @@
+import { checkIfIgnore } from "../utils.js";
+
+//#region src/lib/middlewares/noopen.ts
+var noopen_default = (options) => {
+	return async function noopen(ctx, next) {
+		await next();
+		const opts = {
+			...options,
+			...ctx.securityOptions.noopen
+		};
+		if (checkIfIgnore(opts, ctx)) return;
+		ctx.set("x-download-options", "noopen");
+	};
+};
+
+//#endregion
+export { noopen_default as default };

package/dist/lib/middlewares/nosniff.d.ts

@@ -0,0 +1,7 @@
+import { SecurityConfig } from "../../config/config.default.js";
+import { MiddlewareFunc } from "egg";
+
+//#region src/lib/middlewares/nosniff.d.ts
+declare const _default: (options: SecurityConfig["nosniff"]) => MiddlewareFunc;
+//#endregion
+export { _default as default };

package/dist/lib/middlewares/nosniff.js

@@ -0,0 +1,27 @@
+import { checkIfIgnore } from "../utils.js";
+
+//#region src/lib/middlewares/nosniff.ts
+const RedirectStatus = {
+	300: true,
+	301: true,
+	302: true,
+	303: true,
+	305: true,
+	307: true,
+	308: true
+};
+var nosniff_default = (options) => {
+	return async function nosniff(ctx, next) {
+		await next();
+		if (RedirectStatus[ctx.status]) return;
+		const opts = {
+			...options,
+			...ctx.securityOptions.nosniff
+		};
+		if (checkIfIgnore(opts, ctx)) return;
+		ctx.set("x-content-type-options", "nosniff");
+	};
+};
+
+//#endregion
+export { nosniff_default as default };

package/dist/lib/middlewares/referrerPolicy.d.ts

@@ -0,0 +1,7 @@
+import { SecurityConfig } from "../../config/config.default.js";
+import { MiddlewareFunc } from "egg";
+
+//#region src/lib/middlewares/referrerPolicy.d.ts
+declare const _default: (options: SecurityConfig["referrerPolicy"]) => MiddlewareFunc;
+//#endregion
+export { _default as default };

package/dist/lib/middlewares/referrerPolicy.js

@@ -0,0 +1,31 @@
+import { checkIfIgnore } from "../utils.js";
+
+//#region src/lib/middlewares/referrerPolicy.ts
+const ALLOWED_POLICIES_ENUM = [
+	"no-referrer",
+	"no-referrer-when-downgrade",
+	"origin",
+	"origin-when-cross-origin",
+	"same-origin",
+	"strict-origin",
+	"strict-origin-when-cross-origin",
+	"unsafe-url",
+	""
+];
+var referrerPolicy_default = (options) => {
+	return async function referrerPolicy(ctx, next) {
+		await next();
+		const opts = {
+			...options,
+			...ctx.securityOptions.refererPolicy,
+			...ctx.securityOptions.referrerPolicy
+		};
+		if (checkIfIgnore(opts, ctx)) return;
+		const policy = opts.value;
+		if (!ALLOWED_POLICIES_ENUM.includes(policy)) throw new Error(`"${policy}" is not available.`);
+		ctx.set("referrer-policy", policy);
+	};
+};
+
+//#endregion
+export { referrerPolicy_default as default };

package/dist/lib/middlewares/xframe.d.ts

@@ -0,0 +1,7 @@
+import { SecurityConfig } from "../../config/config.default.js";
+import { MiddlewareFunc } from "egg";
+
+//#region src/lib/middlewares/xframe.d.ts
+declare const _default: (options: SecurityConfig["xframe"]) => MiddlewareFunc;
+//#endregion
+export { _default as default };

package/dist/lib/middlewares/xframe.js

@@ -0,0 +1,18 @@
+import { checkIfIgnore } from "../utils.js";
+
+//#region src/lib/middlewares/xframe.ts
+var xframe_default = (options) => {
+	return async function xframe(ctx, next) {
+		await next();
+		const opts = {
+			...options,
+			...ctx.securityOptions.xframe
+		};
+		if (checkIfIgnore(opts, ctx)) return;
+		const value = opts.value || "SAMEORIGIN";
+		ctx.set("x-frame-options", value);
+	};
+};
+
+//#endregion
+export { xframe_default as default };

package/dist/lib/middlewares/xssProtection.d.ts

@@ -0,0 +1,7 @@
+import { SecurityConfig } from "../../config/config.default.js";
+import { MiddlewareFunc } from "egg";
+
+//#region src/lib/middlewares/xssProtection.d.ts
+declare const _default: (options: SecurityConfig["xssProtection"]) => MiddlewareFunc;
+//#endregion
+export { _default as default };

package/dist/lib/middlewares/xssProtection.js

@@ -0,0 +1,17 @@
+import { checkIfIgnore } from "../utils.js";
+
+//#region src/lib/middlewares/xssProtection.ts
+var xssProtection_default = (options) => {
+	return async function xssProtection(ctx, next) {
+		await next();
+		const opts = {
+			...options,
+			...ctx.securityOptions.xssProtection
+		};
+		if (checkIfIgnore(opts, ctx)) return;
+		ctx.set("x-xss-protection", opts.value);
+	};
+};
+
+//#endregion
+export { xssProtection_default as default };

package/dist/lib/utils.d.ts

@@ -0,0 +1,24 @@
+import { SecurityConfig } from "../config/config.default.js";
+import { Context } from "egg";
+import { PathMatchingFun } from "egg-path-matching";
+
+//#region src/lib/utils.d.ts
+
+/**
+ * Check whether a domain is in the safe domain white list or not.
+ * @param {String} domain The inputted domain.
+ * @param {Array<string>} whiteList The white list for domain.
+ * @return {Boolean} If the `domain` is in the white list, return true; otherwise false.
+ */
+declare function isSafeDomain(domain: string, whiteList: string[]): boolean;
+declare function isSafePath(path: string, ctx: Context): boolean;
+declare function checkIfIgnore(opts: {
+  enable: boolean;
+  matching?: PathMatchingFun;
+}, ctx: Context): boolean;
+declare function getCookieDomain(hostname: string): string;
+declare function merge(origin: Record<string, any>, opts?: Record<string, any>): Record<string, any>;
+declare function preprocessConfig(config: SecurityConfig): void;
+declare function getFromUrl(url: string, prop: string): string | null;
+//#endregion
+export { checkIfIgnore, getCookieDomain, getFromUrl, isSafeDomain, isSafePath, merge, preprocessConfig };

package/dist/lib/utils.js

@@ -0,0 +1,127 @@
+import { normalize } from "node:path";
+import matcher from "matcher";
+import IP from "@eggjs/ip";
+
+//#region src/lib/utils.ts
+/**
+* Check whether a domain is in the safe domain white list or not.
+* @param {String} domain The inputted domain.
+* @param {Array<string>} whiteList The white list for domain.
+* @return {Boolean} If the `domain` is in the white list, return true; otherwise false.
+*/
+function isSafeDomain(domain, whiteList) {
+	if (typeof domain !== "string") return false;
+	domain = domain.toLowerCase();
+	const hostname = "." + domain;
+	return whiteList.some((rule) => {
+		if (rule.includes("*")) return matcher.isMatch(domain, rule);
+		if (domain === rule) return true;
+		if (!rule.startsWith(".")) rule = `.${rule}`;
+		return hostname.endsWith(rule);
+	});
+}
+function isSafePath(path, ctx) {
+	path = "." + path;
+	if (path.includes("%")) try {
+		path = decodeURIComponent(path);
+	} catch {
+		if (ctx.app.config.env === "local" || ctx.app.config.env === "unittest") ctx.coreLogger.warn("[@eggjs/security: dta global block] : decode file path %j failed.", path);
+	}
+	const normalizePath = normalize(path);
+	return !(normalizePath.startsWith("../") || normalizePath.startsWith("..\\"));
+}
+function checkIfIgnore(opts, ctx) {
+	if (!opts.enable) return true;
+	return !opts.matching?.(ctx);
+}
+const IP_RE = /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/;
+const topDomains = {};
+[
+	".net.cn",
+	".gov.cn",
+	".org.cn",
+	".com.cn"
+].forEach((item) => {
+	topDomains[item] = 2 - item.split(".").length;
+});
+function getCookieDomain(hostname) {
+	if (IP_RE.test(hostname)) return hostname;
+	const splits = hostname.split(".");
+	let index = -2;
+	if (splits.length >= 4 && splits[splits.length - 3] === "test") index = -3;
+	let domain = getDomain(splits, index);
+	if (topDomains[domain]) domain = getDomain(splits, index + topDomains[domain]);
+	return domain;
+}
+function getDomain(splits, index) {
+	return "." + splits.slice(index).join(".");
+}
+function merge(origin, opts) {
+	if (!opts) return origin;
+	const res = {};
+	const originKeys = Object.keys(origin);
+	for (let i = 0; i < originKeys.length; i++) {
+		const key = originKeys[i];
+		res[key] = origin[key];
+	}
+	const keys = Object.keys(opts);
+	for (let i = 0; i < keys.length; i++) {
+		const key = keys[i];
+		res[key] = opts[key];
+	}
+	return res;
+}
+function preprocessConfig(config) {
+	const ssrf = config.ssrf;
+	if (ssrf && ssrf.ipBlackList && !ssrf.checkAddress) {
+		const blackList = ssrf.ipBlackList.map(getContains);
+		const exceptionList = (ssrf.ipExceptionList || []).map(getContains);
+		const hostnameExceptionList = ssrf.hostnameExceptionList;
+		ssrf.checkAddress = (ipAddresses, _family, hostname) => {
+			if (hostname && hostnameExceptionList) {
+				if (hostnameExceptionList.includes(hostname)) return true;
+			}
+			if (!Array.isArray(ipAddresses)) ipAddresses = [ipAddresses];
+			for (const ipAddress of ipAddresses) {
+				let address;
+				if (typeof ipAddress === "string") address = ipAddress;
+				else {
+					if (ipAddress.family === 6) continue;
+					address = ipAddress.address;
+				}
+				for (const exception of exceptionList) if (exception(address)) return true;
+				for (const contains of blackList) if (contains(address)) return false;
+			}
+			return true;
+		};
+	}
+	config.domainWhiteList = config.domainWhiteList || [];
+	config.domainWhiteList = config.domainWhiteList.map((domain) => domain.toLowerCase());
+	config.protocolWhiteList = config.protocolWhiteList || [];
+	config.protocolWhiteList = config.protocolWhiteList.map((protocol) => protocol.toLowerCase());
+	if (config.csrf && config.csrf.refererWhiteList) config.csrf.refererWhiteList = config.csrf.refererWhiteList.map((ref) => ref.toLowerCase());
+	const protocolWhiteListSet = new Set(config.protocolWhiteList);
+	protocolWhiteListSet.add("http");
+	protocolWhiteListSet.add("https");
+	protocolWhiteListSet.add("file");
+	protocolWhiteListSet.add("data");
+	Object.defineProperty(config, "__protocolWhiteListSet", {
+		value: protocolWhiteListSet,
+		enumerable: false
+	});
+}
+function getFromUrl(url, prop) {
+	try {
+		const parsed = new URL(url);
+		return Reflect.get(parsed, prop);
+	} catch {
+		return null;
+	}
+}
+function getContains(ip) {
+	if (IP.isV4Format(ip) || IP.isV6Format(ip)) return (address) => address === ip;
+	return IP.cidrSubnet(ip).contains;
+}
+
+//#endregion
+export { checkIfIgnore, getCookieDomain, getFromUrl, isSafeDomain, isSafePath, merge, preprocessConfig };

package/dist/types.d.ts

@@ -0,0 +1,12 @@
+import { CSRFSupportRequestItem, IgnoreOrMatch, IgnoreOrMatchHandler, IgnoreOrMatchOption, LookupAddress, SSRFCheckAddressFunction, SecurityConfig, SecurityHelperConfig, SecurityHelperOnTagAttrHandler, SecurityMiddlewareName } from "./config/config.default.js";
+
+//#region src/types.d.ts
+
+declare module 'egg' {
+  interface EggAppConfig {
+    security: SecurityConfig;
+    helper: SecurityHelperConfig;
+  }
+}
+//#endregion
+export { CSRFSupportRequestItem, IgnoreOrMatch, IgnoreOrMatchHandler, IgnoreOrMatchOption, LookupAddress, SSRFCheckAddressFunction, SecurityConfig, SecurityHelperConfig, SecurityHelperOnTagAttrHandler, SecurityMiddlewareName };

package/dist/types.js

@@ -0,0 +1,5 @@
+import "./app/extend/application.js";
+import "./app/extend/context.js";
+import "./app/extend/response.js";
+
+export {  };

package/package.json

@@ -1,6 +1,7 @@
 {
   "name": "@eggjs/security",
-  "version": "4.0.1",
+  "version": "5.0.0-beta.15",
+  "type": "module",
   "publishConfig": {
     "access": "public"
   },
@@ -9,12 +10,7 @@
     "name": "security",
     "optionalDependencies": [
       "session"
-    ],
-    "exports": {
-      "import": "./dist/esm",
-      "require": "./dist/commonjs",
-      "typescript": "./src"
-    }
+    ]
   },
   "keywords": [
     "egg",
@@ -24,93 +20,101 @@
   ],
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/eggjs/security.git"
+    "url": "git+https://github.com/eggjs/egg.git",
+    "directory": "plugins/security"
   },
   "bugs": {
     "url": "https://github.com/eggjs/egg/issues"
   },
-  "homepage": "https://github.com/eggjs/security#readme",
+  "homepage": "https://github.com/eggjs/egg/tree/next/plugins/security#readme",
   "author": "jtyjty99999",
   "license": "MIT",
   "engines": {
-    "node": ">= 18.19.0"
+    "node": ">= 22.18.0"
+  },
+  "exports": {
+    ".": "./dist/index.js",
+    "./agent": "./dist/agent.js",
+    "./app": "./dist/app.js",
+    "./app/extend/agent": "./dist/app/extend/agent.js",
+    "./app/extend/application": "./dist/app/extend/application.js",
+    "./app/extend/context": "./dist/app/extend/context.js",
+    "./app/extend/helper": "./dist/app/extend/helper.js",
+    "./app/extend/response": "./dist/app/extend/response.js",
+    "./app/middleware/securities": "./dist/app/middleware/securities.js",
+    "./config/config.default": "./dist/config/config.default.js",
+    "./config/config.local": "./dist/config/config.local.js",
+    "./lib/extend/safe_curl": "./dist/lib/extend/safe_curl.js",
+    "./lib/helper": "./dist/lib/helper/index.js",
+    "./lib/helper/cliFilter": "./dist/lib/helper/cliFilter.js",
+    "./lib/helper/escape": "./dist/lib/helper/escape.js",
+    "./lib/helper/escapeShellArg": "./dist/lib/helper/escapeShellArg.js",
+    "./lib/helper/escapeShellCmd": "./dist/lib/helper/escapeShellCmd.js",
+    "./lib/helper/shtml": "./dist/lib/helper/shtml.js",
+    "./lib/helper/sjs": "./dist/lib/helper/sjs.js",
+    "./lib/helper/sjson": "./dist/lib/helper/sjson.js",
+    "./lib/helper/spath": "./dist/lib/helper/spath.js",
+    "./lib/helper/surl": "./dist/lib/helper/surl.js",
+    "./lib/middlewares": "./dist/lib/middlewares/index.js",
+    "./lib/middlewares/csp": "./dist/lib/middlewares/csp.js",
+    "./lib/middlewares/csrf": "./dist/lib/middlewares/csrf.js",
+    "./lib/middlewares/dta": "./dist/lib/middlewares/dta.js",
+    "./lib/middlewares/hsts": "./dist/lib/middlewares/hsts.js",
+    "./lib/middlewares/methodnoallow": "./dist/lib/middlewares/methodnoallow.js",
+    "./lib/middlewares/noopen": "./dist/lib/middlewares/noopen.js",
+    "./lib/middlewares/nosniff": "./dist/lib/middlewares/nosniff.js",
+    "./lib/middlewares/referrerPolicy": "./dist/lib/middlewares/referrerPolicy.js",
+    "./lib/middlewares/xframe": "./dist/lib/middlewares/xframe.js",
+    "./lib/middlewares/xssProtection": "./dist/lib/middlewares/xssProtection.js",
+    "./lib/utils": "./dist/lib/utils.js",
+    "./types": "./dist/types.js",
+    "./package.json": "./package.json"
   },
   "dependencies": {
-    "@eggjs/core": "^6.2.13",
     "@eggjs/ip": "^2.1.0",
-    "csrf": "^3.0.6",
-    "egg-path-matching": "^2.1.0",
+    "csrf": "^3.1.0",
+    "egg-path-matching": "^2.0.0",
     "escape-html": "^1.0.3",
-    "extend": "^3.0.1",
+    "extend": "^3.0.2",
     "koa-compose": "^4.1.0",
     "matcher": "^4.0.0",
     "nanoid": "^3.3.8",
-    "type-is": "^1.6.18",
-    "xss": "^1.0.3",
+    "type-is": "^2.0.0",
+    "xss": "^1.0.15",
     "zod": "^3.24.1"
   },
+  "peerDependencies": {
+    "egg": "4.1.0-beta.15"
+  },
   "devDependencies": {
-    "@arethetypeswrong/cli": "^0.17.1",
-    "@eggjs/bin": "7",
-    "@eggjs/mock": "^6.0.5",
-    "@eggjs/supertest": "^8.2.0",
-    "@eggjs/tsconfig": "1",
     "@types/escape-html": "^1.0.4",
     "@types/extend": "^3.0.4",
     "@types/koa-compose": "^3.2.8",
-    "@types/mocha": "10",
-    "@types/node": "22",
-    "@types/type-is": "^1.6.7",
+    "@types/mocha": "^10.0.10",
+    "@types/node": "24.5.2",
+    "@types/type-is": "^1.6.6",
     "beautify-benchmark": "^0.2.4",
     "benchmark": "^2.1.4",
-    "egg": "^4.0.4",
     "egg-view-nunjucks": "^2.3.0",
-    "eslint": "8",
-    "eslint-config-egg": "14",
-    "rimraf": "6",
-    "snap-shot-it": "^7.9.10",
     "spy": "^1.0.0",
-    "supertest": "^6.3.3",
-    "tshy": "3",
-    "tshy-after": "1",
-    "typescript": "5"
-  },
-  "scripts": {
-    "lint": "eslint --cache src test --ext .ts",
-    "pretest": "npm run clean && npm run lint -- --fix",
-    "test": "egg-bin test",
-    "test:snapshot:update": "SNAPSHOT_UPDATE=1 egg-bin test",
-    "preci": "npm run clean &&  npm run lint",
-    "ci": "egg-bin cov",
-    "postci": "npm run prepublishOnly && npm run clean",
-    "clean": "rimraf dist",
-    "prepublishOnly": "tshy && tshy-after && attw --pack"
-  },
-  "type": "module",
-  "tshy": {
-    "exports": {
-      ".": "./src/index.ts",
-      "./package.json": "./package.json"
-    }
-  },
-  "exports": {
-    ".": {
-      "import": {
-        "types": "./dist/esm/index.d.ts",
-        "default": "./dist/esm/index.js"
-      },
-      "require": {
-        "types": "./dist/commonjs/index.d.ts",
-        "default": "./dist/commonjs/index.js"
-      }
-    },
-    "./package.json": "./package.json"
+    "tsdown": "^0.15.4",
+    "typescript": "5.9.2",
+    "vitest": "4.0.0-beta.13",
+    "@eggjs/supertest": "9.0.0-beta.15",
+    "@eggjs/tsconfig": "3.1.0-beta.15",
+    "@eggjs/mock": "7.0.0-beta.15"
   },
   "files": [
-    "dist",
-    "src"
+    "dist"
   ],
-  "types": "./dist/commonjs/index.d.ts",
-  "main": "./dist/commonjs/index.js",
-  "module": "./dist/esm/index.js"
-}
+  "main": "./dist/index.js",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "scripts": {
+    "build": "tsdown",
+    "typecheck": "tsc --noEmit",
+    "lint": "oxlint --type-aware",
+    "lint:fix": "npm run lint -- --fix",
+    "test": "npm run lint:fix && vitest"
+  }
+}

package/dist/commonjs/agent.d.ts

@@ -1,6 +0,0 @@
-import type { ILifecycleBoot, EggCore } from '@eggjs/core';
-export default class AgentBoot implements ILifecycleBoot {
-    private readonly agent;
-    constructor(agent: EggCore);
-    configWillLoad(): Promise<void>;
-}