@eggjs/security 5.0.0-beta.20 → 5.0.0-beta.21

package/dist/lib/middlewares/nosniff.d.ts

@@ -1,7 +1,4 @@
-import { SecurityConfig } from "../../config.default-D8v08Vox.js";
-import { MiddlewareFunc } from "egg";
-
-//#region src/lib/middlewares/nosniff.d.ts
+import type { MiddlewareFunc } from 'egg';
+import type { SecurityConfig } from '../../config/config.default.ts';
 declare const _default: (options: SecurityConfig["nosniff"]) => MiddlewareFunc;
-//#endregion
-export { _default as default };
+export default _default;

package/dist/lib/middlewares/nosniff.js

@@ -1,4 +1,28 @@
-import "../../utils-Cajs5P8M.js";
-import { nosniff_default } from "../../nosniff-CcLkhX2I.js";
-
-export { nosniff_default as default };
+import { checkIfIgnore } from "../utils.js";
+// status codes for redirects
+// @see https://github.com/jshttp/statuses/blob/master/index.js#L33
+const RedirectStatus = {
+    300: true,
+    301: true,
+    302: true,
+    303: true,
+    305: true,
+    307: true,
+    308: true,
+};
+export default (options) => {
+    return async function nosniff(ctx, next) {
+        await next();
+        // ignore redirect response
+        if (RedirectStatus[ctx.status])
+            return;
+        const opts = {
+            ...options,
+            ...ctx.securityOptions.nosniff,
+        };
+        if (checkIfIgnore(opts, ctx))
+            return;
+        ctx.set('x-content-type-options', 'nosniff');
+    };
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibm9zbmlmZi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9saWIvbWlkZGxld2FyZXMvbm9zbmlmZi50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFFQSxPQUFPLEVBQUUsYUFBYSxFQUFFLE1BQU0sYUFBYSxDQUFDO0FBRzVDLDZCQUE2QjtBQUM3QixtRUFBbUU7QUFDbkUsTUFBTSxjQUFjLEdBQTRCO0lBQzlDLEdBQUcsRUFBRSxJQUFJO0lBQ1QsR0FBRyxFQUFFLElBQUk7SUFDVCxHQUFHLEVBQUUsSUFBSTtJQUNULEdBQUcsRUFBRSxJQUFJO0lBQ1QsR0FBRyxFQUFFLElBQUk7SUFDVCxHQUFHLEVBQUUsSUFBSTtJQUNULEdBQUcsRUFBRSxJQUFJO0NBQ1YsQ0FBQztBQUVGLGVBQWUsQ0FBQyxPQUFrQyxFQUFrQixFQUFFO0lBQ3BFLE9BQU8sS0FBSyxVQUFVLE9BQU8sQ0FBQyxHQUFHLEVBQUUsSUFBSTtRQUNyQyxNQUFNLElBQUksRUFBRSxDQUFDO1FBRWIsMkJBQTJCO1FBQzNCLElBQUksY0FBYyxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUM7WUFBRSxPQUFPO1FBRXZDLE1BQU0sSUFBSSxHQUFHO1lBQ1gsR0FBRyxPQUFPO1lBQ1YsR0FBRyxHQUFHLENBQUMsZUFBZSxDQUFDLE9BQU87U0FDL0IsQ0FBQztRQUNGLElBQUksYUFBYSxDQUFDLElBQUksRUFBRSxHQUFHLENBQUM7WUFBRSxPQUFPO1FBRXJDLEdBQUcsQ0FBQyxHQUFHLENBQUMsd0JBQXdCLEVBQUUsU0FBUyxDQUFDLENBQUM7SUFDL0MsQ0FBQyxDQUFDO0FBQ0osQ0FBQyxDQUFDIn0=

package/dist/lib/middlewares/referrerPolicy.d.ts

@@ -1,7 +1,4 @@
-import { SecurityConfig } from "../../config.default-D8v08Vox.js";
-import { MiddlewareFunc } from "egg";
-
-//#region src/lib/middlewares/referrerPolicy.d.ts
+import type { MiddlewareFunc } from 'egg';
+import type { SecurityConfig } from '../../config/config.default.ts';
 declare const _default: (options: SecurityConfig["referrerPolicy"]) => MiddlewareFunc;
-//#endregion
-export { _default as default };
+export default _default;

package/dist/lib/middlewares/referrerPolicy.js

@@ -1,4 +1,35 @@
-import "../../utils-Cajs5P8M.js";
-import { referrerPolicy_default } from "../../referrerPolicy-D4Uafq6c.js";
-
-export { referrerPolicy_default as default };
+import { checkIfIgnore } from "../utils.js";
+// https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Headers/Referrer-Policy
+const ALLOWED_POLICIES_ENUM = [
+    'no-referrer',
+    'no-referrer-when-downgrade',
+    'origin',
+    'origin-when-cross-origin',
+    'same-origin',
+    'strict-origin',
+    'strict-origin-when-cross-origin',
+    'unsafe-url',
+    '',
+];
+export default (options) => {
+    return async function referrerPolicy(ctx, next) {
+        await next();
+        const opts = {
+            ...options,
+            // check refererPolicy for backward compatibility
+            // typo on the old version
+            // @see https://github.com/eggjs/security/blob/e3408408adec5f8d009d37f75126ed082481d0ac/lib/middlewares/referrerPolicy.js#L21C59-L21C72
+            // @ts-expect-error alias for referrerPolicy
+            ...ctx.securityOptions.refererPolicy,
+            ...ctx.securityOptions.referrerPolicy,
+        };
+        if (checkIfIgnore(opts, ctx))
+            return;
+        const policy = opts.value;
+        if (!ALLOWED_POLICIES_ENUM.includes(policy)) {
+            throw new Error(`"${policy}" is not available.`);
+        }
+        ctx.set('referrer-policy', policy);
+    };
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicmVmZXJyZXJQb2xpY3kuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvbGliL21pZGRsZXdhcmVzL3JlZmVycmVyUG9saWN5LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUVBLE9BQU8sRUFBRSxhQUFhLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFHNUMsNEVBQTRFO0FBQzVFLE1BQU0scUJBQXFCLEdBQUc7SUFDNUIsYUFBYTtJQUNiLDRCQUE0QjtJQUM1QixRQUFRO0lBQ1IsMEJBQTBCO0lBQzFCLGFBQWE7SUFDYixlQUFlO0lBQ2YsaUNBQWlDO0lBQ2pDLFlBQVk7SUFDWixFQUFFO0NBQ0gsQ0FBQztBQUVGLGVBQWUsQ0FBQyxPQUF5QyxFQUFrQixFQUFFO0lBQzNFLE9BQU8sS0FBSyxVQUFVLGNBQWMsQ0FBQyxHQUFHLEVBQUUsSUFBSTtRQUM1QyxNQUFNLElBQUksRUFBRSxDQUFDO1FBRWIsTUFBTSxJQUFJLEdBQUc7WUFDWCxHQUFHLE9BQU87WUFDVixpREFBaUQ7WUFDakQsMEJBQTBCO1lBQzFCLHVJQUF1STtZQUN2SSw0Q0FBNEM7WUFDNUMsR0FBRyxHQUFHLENBQUMsZUFBZSxDQUFDLGFBQWE7WUFDcEMsR0FBRyxHQUFHLENBQUMsZUFBZSxDQUFDLGNBQWM7U0FDdEMsQ0FBQztRQUNGLElBQUksYUFBYSxDQUFDLElBQUksRUFBRSxHQUFHLENBQUM7WUFBRSxPQUFPO1FBRXJDLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUM7UUFDMUIsSUFBSSxDQUFDLHFCQUFxQixDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDO1lBQzVDLE1BQU0sSUFBSSxLQUFLLENBQUMsSUFBSSxNQUFNLHFCQUFxQixDQUFDLENBQUM7UUFDbkQsQ0FBQztRQUVELEdBQUcsQ0FBQyxHQUFHLENBQUMsaUJBQWlCLEVBQUUsTUFBTSxDQUFDLENBQUM7SUFDckMsQ0FBQyxDQUFDO0FBQ0osQ0FBQyxDQUFDIn0=

package/dist/lib/middlewares/xframe.d.ts

@@ -1,7 +1,4 @@
-import { SecurityConfig } from "../../config.default-D8v08Vox.js";
-import { MiddlewareFunc } from "egg";
-
-//#region src/lib/middlewares/xframe.d.ts
+import type { MiddlewareFunc } from 'egg';
+import type { SecurityConfig } from '../../config/config.default.ts';
 declare const _default: (options: SecurityConfig["xframe"]) => MiddlewareFunc;
-//#endregion
-export { _default as default };
+export default _default;

package/dist/lib/middlewares/xframe.js

@@ -1,4 +1,17 @@
-import "../../utils-Cajs5P8M.js";
-import { xframe_default } from "../../xframe-q9fEZkVI.js";
-
-export { xframe_default as default };
+import { checkIfIgnore } from "../utils.js";
+export default (options) => {
+    return async function xframe(ctx, next) {
+        await next();
+        const opts = {
+            ...options,
+            ...ctx.securityOptions.xframe,
+        };
+        if (checkIfIgnore(opts, ctx))
+            return;
+        // DENY, SAMEORIGIN, ALLOW-FROM
+        // https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options?redirectlocale=en-US&redirectslug=The_X-FRAME-OPTIONS_response_header
+        const value = opts.value || 'SAMEORIGIN';
+        ctx.set('x-frame-options', value);
+    };
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoieGZyYW1lLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2xpYi9taWRkbGV3YXJlcy94ZnJhbWUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBRUEsT0FBTyxFQUFFLGFBQWEsRUFBRSxNQUFNLGFBQWEsQ0FBQztBQUc1QyxlQUFlLENBQUMsT0FBaUMsRUFBa0IsRUFBRTtJQUNuRSxPQUFPLEtBQUssVUFBVSxNQUFNLENBQUMsR0FBRyxFQUFFLElBQUk7UUFDcEMsTUFBTSxJQUFJLEVBQUUsQ0FBQztRQUViLE1BQU0sSUFBSSxHQUFHO1lBQ1gsR0FBRyxPQUFPO1lBQ1YsR0FBRyxHQUFHLENBQUMsZUFBZSxDQUFDLE1BQU07U0FDOUIsQ0FBQztRQUNGLElBQUksYUFBYSxDQUFDLElBQUksRUFBRSxHQUFHLENBQUM7WUFBRSxPQUFPO1FBRXJDLCtCQUErQjtRQUMvQixzSUFBc0k7UUFDdEksTUFBTSxLQUFLLEdBQUcsSUFBSSxDQUFDLEtBQUssSUFBSSxZQUFZLENBQUM7UUFDekMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxpQkFBaUIsRUFBRSxLQUFLLENBQUMsQ0FBQztJQUNwQyxDQUFDLENBQUM7QUFDSixDQUFDLENBQUMifQ==

package/dist/lib/middlewares/xssProtection.d.ts

@@ -1,7 +1,4 @@
-import { SecurityConfig } from "../../config.default-D8v08Vox.js";
-import { MiddlewareFunc } from "egg";
-
-//#region src/lib/middlewares/xssProtection.d.ts
+import type { MiddlewareFunc } from 'egg';
+import type { SecurityConfig } from '../../config/config.default.ts';
 declare const _default: (options: SecurityConfig["xssProtection"]) => MiddlewareFunc;
-//#endregion
-export { _default as default };
+export default _default;

package/dist/lib/middlewares/xssProtection.js

@@ -1,4 +1,14 @@
-import "../../utils-Cajs5P8M.js";
-import { xssProtection_default } from "../../xssProtection-D5QsHX-e.js";
-
-export { xssProtection_default as default };
+import { checkIfIgnore } from "../utils.js";
+export default (options) => {
+    return async function xssProtection(ctx, next) {
+        await next();
+        const opts = {
+            ...options,
+            ...ctx.securityOptions.xssProtection,
+        };
+        if (checkIfIgnore(opts, ctx))
+            return;
+        ctx.set('x-xss-protection', opts.value);
+    };
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoieHNzUHJvdGVjdGlvbi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9saWIvbWlkZGxld2FyZXMveHNzUHJvdGVjdGlvbi50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFFQSxPQUFPLEVBQUUsYUFBYSxFQUFFLE1BQU0sYUFBYSxDQUFDO0FBRzVDLGVBQWUsQ0FBQyxPQUF3QyxFQUFrQixFQUFFO0lBQzFFLE9BQU8sS0FBSyxVQUFVLGFBQWEsQ0FBQyxHQUFHLEVBQUUsSUFBSTtRQUMzQyxNQUFNLElBQUksRUFBRSxDQUFDO1FBRWIsTUFBTSxJQUFJLEdBQUc7WUFDWCxHQUFHLE9BQU87WUFDVixHQUFHLEdBQUcsQ0FBQyxlQUFlLENBQUMsYUFBYTtTQUNyQyxDQUFDO1FBQ0YsSUFBSSxhQUFhLENBQUMsSUFBSSxFQUFFLEdBQUcsQ0FBQztZQUFFLE9BQU87UUFFckMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxrQkFBa0IsRUFBRSxJQUFJLENBQUMsS0FBSyxDQUFDLENBQUM7SUFDMUMsQ0FBQyxDQUFDO0FBQ0osQ0FBQyxDQUFDIn0=

package/dist/lib/utils.d.ts

@@ -1,24 +1,19 @@
-import { SecurityConfig } from "../config.default-D8v08Vox.js";
-import { Context } from "egg";
-import { PathMatchingFun } from "egg-path-matching";
-
-//#region src/lib/utils.d.ts
-
+import type { Context } from 'egg';
+import type { PathMatchingFun } from 'egg-path-matching';
+import type { SecurityConfig } from '../config/config.default.ts';
 /**
  * Check whether a domain is in the safe domain white list or not.
  * @param {String} domain The inputted domain.
  * @param {Array<string>} whiteList The white list for domain.
  * @return {Boolean} If the `domain` is in the white list, return true; otherwise false.
  */
-declare function isSafeDomain(domain: string, whiteList: string[]): boolean;
-declare function isSafePath(path: string, ctx: Context): boolean;
-declare function checkIfIgnore(opts: {
-  enable: boolean;
-  matching?: PathMatchingFun;
+export declare function isSafeDomain(domain: string, whiteList: string[]): boolean;
+export declare function isSafePath(path: string, ctx: Context): boolean;
+export declare function checkIfIgnore(opts: {
+    enable: boolean;
+    matching?: PathMatchingFun;
 }, ctx: Context): boolean;
-declare function getCookieDomain(hostname: string): string;
-declare function merge(origin: Record<string, any>, opts?: Record<string, any>): Record<string, any>;
-declare function preprocessConfig(config: SecurityConfig): void;
-declare function getFromUrl(url: string, prop: string): string | null;
-//#endregion
-export { checkIfIgnore, getCookieDomain, getFromUrl, isSafeDomain, isSafePath, merge, preprocessConfig };
+export declare function getCookieDomain(hostname: string): string;
+export declare function merge(origin: Record<string, any>, opts?: Record<string, any>): Record<string, any>;
+export declare function preprocessConfig(config: SecurityConfig): void;
+export declare function getFromUrl(url: string, prop: string): string | null;

package/dist/lib/utils.js

@@ -1,3 +1,192 @@
-import { checkIfIgnore, getCookieDomain, getFromUrl, isSafeDomain, isSafePath, merge, preprocessConfig } from "../utils-Cajs5P8M.js";
-
-export { checkIfIgnore, getCookieDomain, getFromUrl, isSafeDomain, isSafePath, merge, preprocessConfig };
+import { normalize } from 'node:path';
+import matcher from 'matcher';
+import IP from '@eggjs/ip';
+/**
+ * Check whether a domain is in the safe domain white list or not.
+ * @param {String} domain The inputted domain.
+ * @param {Array<string>} whiteList The white list for domain.
+ * @return {Boolean} If the `domain` is in the white list, return true; otherwise false.
+ */
+export function isSafeDomain(domain, whiteList) {
+    // domain must be string, otherwise return false
+    if (typeof domain !== 'string')
+        return false;
+    // Ignore case sensitive first
+    domain = domain.toLowerCase();
+    // add prefix `.`, because all domains in white list start with `.`
+    const hostname = '.' + domain;
+    return whiteList.some(rule => {
+        // Check whether we've got '*' as a wild character symbol
+        if (rule.includes('*')) {
+            return matcher.isMatch(domain, rule);
+        }
+        // If domain is an absolute path such as `http://...`
+        // We can directly check whether it directly equals to `domain`
+        // And we don't need to cope with `endWith`.
+        if (domain === rule)
+            return true;
+        // ensure wwweggjs.com not match eggjs.com
+        if (!rule.startsWith('.'))
+            rule = `.${rule}`;
+        return hostname.endsWith(rule);
+    });
+}
+export function isSafePath(path, ctx) {
+    path = '.' + path;
+    if (path.includes('%')) {
+        try {
+            path = decodeURIComponent(path);
+        }
+        catch {
+            if (ctx.app.config.env === 'local' || ctx.app.config.env === 'unittest') {
+                // not under production environment, output log
+                ctx.coreLogger.warn('[@eggjs/security: dta global block] : decode file path %j failed.', path);
+            }
+        }
+    }
+    const normalizePath = normalize(path);
+    return !(normalizePath.startsWith('../') || normalizePath.startsWith('..\\'));
+}
+export function checkIfIgnore(opts, ctx) {
+    // check opts.enable first
+    if (!opts.enable)
+        return true;
+    return !opts.matching?.(ctx);
+}
+const IP_RE = /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/;
+const topDomains = {};
+['.net.cn', '.gov.cn', '.org.cn', '.com.cn'].forEach(item => {
+    topDomains[item] = 2 - item.split('.').length;
+});
+export function getCookieDomain(hostname) {
+    // TODO(fengmk2): support ipv6
+    if (IP_RE.test(hostname)) {
+        return hostname;
+    }
+    // app.test.domain.com => .test.domain.com
+    // app.stable.domain.com => .domain.com
+    // app.domain.com => .domain.com
+    // domain=.domain.com;
+    const splits = hostname.split('.');
+    let index = -2;
+    // only when `*.test.*.com` set `.test.*.com`
+    if (splits.length >= 4 && splits[splits.length - 3] === 'test') {
+        index = -3;
+    }
+    let domain = getDomain(splits, index);
+    if (topDomains[domain]) {
+        // app.foo.org.cn => .foo.org.cn
+        domain = getDomain(splits, index + topDomains[domain]);
+    }
+    return domain;
+}
+function getDomain(splits, index) {
+    return '.' + splits.slice(index).join('.');
+}
+export function merge(origin, opts) {
+    if (!opts) {
+        return origin;
+    }
+    const res = {};
+    const originKeys = Object.keys(origin);
+    for (let i = 0; i < originKeys.length; i++) {
+        const key = originKeys[i];
+        res[key] = origin[key];
+    }
+    const keys = Object.keys(opts);
+    for (let i = 0; i < keys.length; i++) {
+        const key = keys[i];
+        res[key] = opts[key];
+    }
+    return res;
+}
+export function preprocessConfig(config) {
+    // transfer ssrf.ipBlackList to ssrf.checkAddress
+    // ssrf.ipExceptionList can easily pick out unwanted ips from ipBlackList
+    // checkAddress has higher priority than ipBlackList
+    const ssrf = config.ssrf;
+    if (ssrf && ssrf.ipBlackList && !ssrf.checkAddress) {
+        const blackList = ssrf.ipBlackList.map(getContains);
+        const exceptionList = (ssrf.ipExceptionList || []).map(getContains);
+        const hostnameExceptionList = ssrf.hostnameExceptionList;
+        ssrf.checkAddress = (ipAddresses, _family, hostname) => {
+            // Check white hostname first
+            if (hostname && hostnameExceptionList) {
+                if (hostnameExceptionList.includes(hostname)) {
+                    return true;
+                }
+            }
+            // ipAddresses will be array address on Node.js >= 20
+            // [
+            //   { address: '220.181.125.241', family: 4 },
+            //   { address: '240e:964:ea02:b00:3::3ec', family: 6 }
+            // ]
+            if (!Array.isArray(ipAddresses)) {
+                ipAddresses = [ipAddresses];
+            }
+            for (const ipAddress of ipAddresses) {
+                let address;
+                if (typeof ipAddress === 'string') {
+                    address = ipAddress;
+                }
+                else {
+                    // FIXME: should support ipv6
+                    if (ipAddress.family === 6) {
+                        continue;
+                    }
+                    address = ipAddress.address;
+                }
+                // check white list first
+                for (const exception of exceptionList) {
+                    if (exception(address)) {
+                        return true;
+                    }
+                }
+                // check black list
+                for (const contains of blackList) {
+                    if (contains(address)) {
+                        return false;
+                    }
+                }
+            }
+            // default allow
+            return true;
+        };
+    }
+    // Make sure that `whiteList` or `protocolWhiteList` is case insensitive
+    config.domainWhiteList = config.domainWhiteList || [];
+    config.domainWhiteList = config.domainWhiteList.map((domain) => domain.toLowerCase());
+    config.protocolWhiteList = config.protocolWhiteList || [];
+    config.protocolWhiteList = config.protocolWhiteList.map((protocol) => protocol.toLowerCase());
+    // Make sure refererWhiteList is case insensitive
+    if (config.csrf && config.csrf.refererWhiteList) {
+        config.csrf.refererWhiteList = config.csrf.refererWhiteList.map((ref) => ref.toLowerCase());
+    }
+    // Directly converted to Set collection by a private property (not documented),
+    // And we NO LONGER need to do conversion in `foreach` again and again in `lib/helper/surl.ts`.
+    const protocolWhiteListSet = new Set(config.protocolWhiteList);
+    protocolWhiteListSet.add('http');
+    protocolWhiteListSet.add('https');
+    protocolWhiteListSet.add('file');
+    protocolWhiteListSet.add('data');
+    Object.defineProperty(config, '__protocolWhiteListSet', {
+        value: protocolWhiteListSet,
+        enumerable: false,
+    });
+}
+export function getFromUrl(url, prop) {
+    try {
+        const parsed = new URL(url);
+        return Reflect.get(parsed, prop);
+    }
+    catch {
+        return null;
+    }
+}
+function getContains(ip) {
+    if (IP.isV4Format(ip) || IP.isV6Format(ip)) {
+        return (address) => address === ip;
+    }
+    return IP.cidrSubnet(ip).contains;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidXRpbHMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvbGliL3V0aWxzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSxXQUFXLENBQUM7QUFFdEMsT0FBTyxPQUFPLE1BQU0sU0FBUyxDQUFDO0FBQzlCLE9BQU8sRUFBRSxNQUFNLFdBQVcsQ0FBQztBQU0zQjs7Ozs7R0FLRztBQUNILE1BQU0sVUFBVSxZQUFZLENBQUMsTUFBYyxFQUFFLFNBQW1CO0lBQzlELGdEQUFnRDtJQUNoRCxJQUFJLE9BQU8sTUFBTSxLQUFLLFFBQVE7UUFBRSxPQUFPLEtBQUssQ0FBQztJQUM3Qyw4QkFBOEI7SUFDOUIsTUFBTSxHQUFHLE1BQU0sQ0FBQyxXQUFXLEVBQUUsQ0FBQztJQUM5QixtRUFBbUU7SUFDbkUsTUFBTSxRQUFRLEdBQUcsR0FBRyxHQUFHLE1BQU0sQ0FBQztJQUU5QixPQUFPLFNBQVMsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEVBQUU7UUFDM0IseURBQXlEO1FBQ3pELElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ3ZCLE9BQU8sT0FBTyxDQUFDLE9BQU8sQ0FBQyxNQUFNLEVBQUUsSUFBSSxDQUFDLENBQUM7UUFDdkMsQ0FBQztRQUNELHFEQUFxRDtRQUNyRCwrREFBK0Q7UUFDL0QsNENBQTRDO1FBQzVDLElBQUksTUFBTSxLQUFLLElBQUk7WUFBRSxPQUFPLElBQUksQ0FBQztRQUNqQywwQ0FBMEM7UUFDMUMsSUFBSSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsR0FBRyxDQUFDO1lBQUUsSUFBSSxHQUFHLElBQUksSUFBSSxFQUFFLENBQUM7UUFDN0MsT0FBTyxRQUFRLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxDQUFDO0lBQ2pDLENBQUMsQ0FBQyxDQUFDO0FBQ0wsQ0FBQztBQUVELE1BQU0sVUFBVSxVQUFVLENBQUMsSUFBWSxFQUFFLEdBQVk7SUFDbkQsSUFBSSxHQUFHLEdBQUcsR0FBRyxJQUFJLENBQUM7SUFDbEIsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7UUFDdkIsSUFBSSxDQUFDO1lBQ0gsSUFBSSxHQUFHLGtCQUFrQixDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ2xDLENBQUM7UUFBQyxNQUFNLENBQUM7WUFDUCxJQUFJLEdBQUcsQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsS0FBSyxPQUFPLElBQUksR0FBRyxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxLQUFLLFVBQVUsRUFBRSxDQUFDO2dCQUN4RSwrQ0FBK0M7Z0JBQy9DLEdBQUcsQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLG1FQUFtRSxFQUFFLElBQUksQ0FBQyxDQUFDO1lBQ2pHLENBQUM7UUFDSCxDQUFDO0lBQ0gsQ0FBQztJQUNELE1BQU0sYUFBYSxHQUFHLFNBQVMsQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUN0QyxPQUFPLENBQUMsQ0FBQyxhQUFhLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQyxJQUFJLGFBQWEsQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQztBQUNoRixDQUFDO0FBRUQsTUFBTSxVQUFVLGFBQWEsQ0FBQyxJQUFxRCxFQUFFLEdBQVk7SUFDL0YsMEJBQTBCO0lBQzFCLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTTtRQUFFLE9BQU8sSUFBSSxDQUFDO0lBQzlCLE9BQU8sQ0FBQyxJQUFJLENBQUMsUUFBUSxFQUFFLENBQUMsR0FBRyxDQUFDLENBQUM7QUFDL0IsQ0FBQztBQUVELE1BQU0sS0FBSyxHQUFHLHNDQUFzQyxDQUFDO0FBQ3JELE1BQU0sVUFBVSxHQUEyQixFQUFFLENBQUM7QUFDOUMsQ0FBQyxTQUFTLEVBQUUsU0FBUyxFQUFFLFNBQVMsRUFBRSxTQUFTLENBQUMsQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLEVBQUU7SUFDMUQsVUFBVSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE1BQU0sQ0FBQztBQUNoRCxDQUFDLENBQUMsQ0FBQztBQUVILE1BQU0sVUFBVSxlQUFlLENBQUMsUUFBZ0I7SUFDOUMsOEJBQThCO0lBQzlCLElBQUksS0FBSyxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO1FBQ3pCLE9BQU8sUUFBUSxDQUFDO0lBQ2xCLENBQUM7SUFDRCwwQ0FBMEM7SUFDMUMsdUNBQXVDO0lBQ3ZDLGdDQUFnQztJQUNoQyxzQkFBc0I7SUFDdEIsTUFBTSxNQUFNLEdBQUcsUUFBUSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUNuQyxJQUFJLEtBQUssR0FBRyxDQUFDLENBQUMsQ0FBQztJQUVmLDZDQUE2QztJQUM3QyxJQUFJLE1BQU0sQ0FBQyxNQUFNLElBQUksQ0FBQyxJQUFJLE1BQU0sQ0FBQyxNQUFNLENBQUMsTUFBTSxHQUFHLENBQUMsQ0FBQyxLQUFLLE1BQU0sRUFBRSxDQUFDO1FBQy9ELEtBQUssR0FBRyxDQUFDLENBQUMsQ0FBQztJQUNiLENBQUM7SUFDRCxJQUFJLE1BQU0sR0FBRyxTQUFTLENBQUMsTUFBTSxFQUFFLEtBQUssQ0FBQyxDQUFDO0lBQ3RDLElBQUksVUFBVSxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUM7UUFDdkIsZ0NBQWdDO1FBQ2hDLE1BQU0sR0FBRyxTQUFTLENBQUMsTUFBTSxFQUFFLEtBQUssR0FBRyxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQztJQUN6RCxDQUFDO0lBQ0QsT0FBTyxNQUFNLENBQUM7QUFDaEIsQ0FBQztBQUVELFNBQVMsU0FBUyxDQUFDLE1BQWdCLEVBQUUsS0FBYTtJQUNoRCxPQUFPLEdBQUcsR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztBQUM3QyxDQUFDO0FBRUQsTUFBTSxVQUFVLEtBQUssQ0FBQyxNQUEyQixFQUFFLElBQTBCO0lBQzNFLElBQUksQ0FBQyxJQUFJLEVBQUUsQ0FBQztRQUNWLE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFDRCxNQUFNLEdBQUcsR0FBd0IsRUFBRSxDQUFDO0lBRXBDLE1BQU0sVUFBVSxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7SUFDdkMsS0FBSyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxHQUFHLFVBQVUsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQztRQUMzQyxNQUFNLEdBQUcsR0FBRyxVQUFVLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDMUIsR0FBRyxDQUFDLEdBQUcsQ0FBQyxHQUFHLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUN6QixDQUFDO0lBRUQsTUFBTSxJQUFJLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUMvQixLQUFLLElBQUksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLEdBQUcsSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDLEVBQUUsRUFBRSxDQUFDO1FBQ3JDLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUNwQixHQUFHLENBQUMsR0FBRyxDQUFDLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ3ZCLENBQUM7SUFDRCxPQUFPLEdBQUcsQ0FBQztBQUNiLENBQUM7QUFFRCxNQUFNLFVBQVUsZ0JBQWdCLENBQUMsTUFBc0I7SUFDckQsaURBQWlEO0lBQ2pELHlFQUF5RTtJQUN6RSxvREFBb0Q7SUFDcEQsTUFBTSxJQUFJLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQztJQUN6QixJQUFJLElBQUksSUFBSSxJQUFJLENBQUMsV0FBVyxJQUFJLENBQUMsSUFBSSxDQUFDLFlBQVksRUFBRSxDQUFDO1FBQ25ELE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBQ3BELE1BQU0sYUFBYSxHQUFHLENBQUMsSUFBSSxDQUFDLGVBQWUsSUFBSSxFQUFFLENBQUMsQ0FBQyxHQUFHLENBQUMsV0FBVyxDQUFDLENBQUM7UUFDcEUsTUFBTSxxQkFBcUIsR0FBRyxJQUFJLENBQUMscUJBQXFCLENBQUM7UUFDekQsSUFBSSxDQUFDLFlBQVksR0FBRyxDQUFDLFdBQVcsRUFBRSxPQUFPLEVBQUUsUUFBUSxFQUFFLEVBQUU7WUFDckQsNkJBQTZCO1lBQzdCLElBQUksUUFBUSxJQUFJLHFCQUFxQixFQUFFLENBQUM7Z0JBQ3RDLElBQUkscUJBQXFCLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUM7b0JBQzdDLE9BQU8sSUFBSSxDQUFDO2dCQUNkLENBQUM7WUFDSCxDQUFDO1lBQ0QscURBQXFEO1lBQ3JELElBQUk7WUFDSiwrQ0FBK0M7WUFDL0MsdURBQXVEO1lBQ3ZELElBQUk7WUFDSixJQUFJLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxXQUFXLENBQUMsRUFBRSxDQUFDO2dCQUNoQyxXQUFXLEdBQUcsQ0FBQyxXQUFXLENBQUMsQ0FBQztZQUM5QixDQUFDO1lBQ0QsS0FBSyxNQUFNLFNBQVMsSUFBSSxXQUFXLEVBQUUsQ0FBQztnQkFDcEMsSUFBSSxPQUFlLENBQUM7Z0JBQ3BCLElBQUksT0FBTyxTQUFTLEtBQUssUUFBUSxFQUFFLENBQUM7b0JBQ2xDLE9BQU8sR0FBRyxTQUFTLENBQUM7Z0JBQ3RCLENBQUM7cUJBQU0sQ0FBQztvQkFDTiw2QkFBNkI7b0JBQzdCLElBQUksU0FBUyxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQzt3QkFDM0IsU0FBUztvQkFDWCxDQUFDO29CQUNELE9BQU8sR0FBRyxTQUFTLENBQUMsT0FBTyxDQUFDO2dCQUM5QixDQUFDO2dCQUNELHlCQUF5QjtnQkFDekIsS0FBSyxNQUFNLFNBQVMsSUFBSSxhQUFhLEVBQUUsQ0FBQztvQkFDdEMsSUFBSSxTQUFTLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQzt3QkFDdkIsT0FBTyxJQUFJLENBQUM7b0JBQ2QsQ0FBQztnQkFDSCxDQUFDO2dCQUNELG1CQUFtQjtnQkFDbkIsS0FBSyxNQUFNLFFBQVEsSUFBSSxTQUFTLEVBQUUsQ0FBQztvQkFDakMsSUFBSSxRQUFRLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQzt3QkFDdEIsT0FBTyxLQUFLLENBQUM7b0JBQ2YsQ0FBQztnQkFDSCxDQUFDO1lBQ0gsQ0FBQztZQUNELGdCQUFnQjtZQUNoQixPQUFPLElBQUksQ0FBQztRQUNkLENBQUMsQ0FBQztJQUNKLENBQUM7SUFFRCx3RUFBd0U7SUFDeEUsTUFBTSxDQUFDLGVBQWUsR0FBRyxNQUFNLENBQUMsZUFBZSxJQUFJLEVBQUUsQ0FBQztJQUN0RCxNQUFNLENBQUMsZUFBZSxHQUFHLE1BQU0sQ0FBQyxlQUFlLENBQUMsR0FBRyxDQUFDLENBQUMsTUFBYyxFQUFFLEVBQUUsQ0FBQyxNQUFNLENBQUMsV0FBVyxFQUFFLENBQUMsQ0FBQztJQUU5RixNQUFNLENBQUMsaUJBQWlCLEdBQUcsTUFBTSxDQUFDLGlCQUFpQixJQUFJLEVBQUUsQ0FBQztJQUMxRCxNQUFNLENBQUMsaUJBQWlCLEdBQUcsTUFBTSxDQUFDLGlCQUFpQixDQUFDLEdBQUcsQ0FBQyxDQUFDLFFBQWdCLEVBQUUsRUFBRSxDQUFDLFFBQVEsQ0FBQyxXQUFXLEVBQUUsQ0FBQyxDQUFDO0lBRXRHLGlEQUFpRDtJQUNqRCxJQUFJLE1BQU0sQ0FBQyxJQUFJLElBQUksTUFBTSxDQUFDLElBQUksQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO1FBQ2hELE1BQU0sQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxHQUFHLENBQUMsQ0FBQyxHQUFXLEVBQUUsRUFBRSxDQUFDLEdBQUcsQ0FBQyxXQUFXLEVBQUUsQ0FBQyxDQUFDO0lBQ3RHLENBQUM7SUFFRCwrRUFBK0U7SUFDL0UsK0ZBQStGO0lBQy9GLE1BQU0sb0JBQW9CLEdBQUcsSUFBSSxHQUFHLENBQUMsTUFBTSxDQUFDLGlCQUFpQixDQUFDLENBQUM7SUFDL0Qsb0JBQW9CLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQ2pDLG9CQUFvQixDQUFDLEdBQUcsQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUNsQyxvQkFBb0IsQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLENBQUM7SUFDakMsb0JBQW9CLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBRWpDLE1BQU0sQ0FBQyxjQUFjLENBQUMsTUFBTSxFQUFFLHdCQUF3QixFQUFFO1FBQ3RELEtBQUssRUFBRSxvQkFBb0I7UUFDM0IsVUFBVSxFQUFFLEtBQUs7S0FDbEIsQ0FBQyxDQUFDO0FBQ0wsQ0FBQztBQUVELE1BQU0sVUFBVSxVQUFVLENBQUMsR0FBVyxFQUFFLElBQVk7SUFDbEQsSUFBSSxDQUFDO1FBQ0gsTUFBTSxNQUFNLEdBQUcsSUFBSSxHQUFHLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDNUIsT0FBTyxPQUFPLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxJQUFJLENBQUMsQ0FBQztJQUNuQyxDQUFDO0lBQUMsTUFBTSxDQUFDO1FBQ1AsT0FBTyxJQUFJLENBQUM7SUFDZCxDQUFDO0FBQ0gsQ0FBQztBQUVELFNBQVMsV0FBVyxDQUFDLEVBQVU7SUFDN0IsSUFBSSxFQUFFLENBQUMsVUFBVSxDQUFDLEVBQUUsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxVQUFVLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQztRQUMzQyxPQUFPLENBQUMsT0FBZSxFQUFFLEVBQUUsQ0FBQyxPQUFPLEtBQUssRUFBRSxDQUFDO0lBQzdDLENBQUM7SUFDRCxPQUFPLEVBQUUsQ0FBQyxVQUFVLENBQUMsRUFBRSxDQUFDLENBQUMsUUFBUSxDQUFDO0FBQ3BDLENBQUMifQ==

package/dist/types.d.ts

@@ -1,3 +1,36 @@
-import "./config.default-D8v08Vox.js";
-import "./safe_curl-mqZZv_YQ.js";
-import "./types-BZR2U30p.js";
+import type { SecurityConfig, SecurityHelperConfig } from './config/config.default.ts';
+import type { HttpClientRequestURL, HttpClientResponse, HttpClientOptions } from './lib/extend/safe_curl.ts';
+declare module 'egg' {
+    interface EggAppConfig {
+        /**
+         * security options
+         * @member Config#security
+         */
+        security: SecurityConfig;
+        helper: SecurityHelperConfig;
+    }
+    interface Agent {
+        safeCurl<T = any>(url: HttpClientRequestURL, options?: HttpClientOptions): Promise<HttpClientResponse<T>>;
+    }
+    interface Application {
+        injectCsrf(html: string): string;
+        injectNonce(html: string): string;
+        injectHijackingDefense(html: string): string;
+        safeCurl<T = any>(url: HttpClientRequestURL, options?: HttpClientOptions): Promise<HttpClientResponse<T>>;
+    }
+    interface Context {
+        get securityOptions(): Partial<SecurityConfig & SecurityHelperConfig>;
+        isSafeDomain(domain: string, customWhiteList?: string[]): boolean;
+        get nonce(): string;
+        get csrf(): string;
+        ensureCsrfSecret(rotate?: boolean): void;
+        rotateCsrfSecret(): void;
+        assertCsrf(): void;
+        safeCurl<T = any>(url: HttpClientRequestURL, options?: HttpClientOptions): Promise<HttpClientResponse<T>>;
+        unsafeRedirect(url: string, alt?: string): void;
+    }
+    interface Response {
+        unsafeRedirect(url: string, alt?: string): void;
+        redirect(url: string, alt?: string): void;
+    }
+}

package/dist/types.js

@@ -1,3 +1,2 @@
-import "./types-DnJpiSJb.js";
-
-export {  };
+export {};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvdHlwZXMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IiJ9

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@eggjs/security",
-  "version": "5.0.0-beta.20",
+  "version": "5.0.0-beta.21",
   "type": "module",
   "publishConfig": {
     "access": "public"
@@ -84,7 +84,7 @@
     "zod": "^3.24.1"
   },
   "peerDependencies": {
-    "egg": "4.1.0-beta.20"
+    "egg": "4.1.0-beta.21"
   },
   "devDependencies": {
     "@types/escape-html": "^1.0.4",
@@ -100,9 +100,9 @@
     "tsdown": "^0.15.4",
     "typescript": "^5.9.3",
     "vitest": "4.0.0-beta.16",
-    "@eggjs/mock": "7.0.0-beta.20",
-    "@eggjs/tsconfig": "3.1.0-beta.20",
-    "@eggjs/supertest": "9.0.0-beta.20"
+    "@eggjs/mock": "7.0.0-beta.21",
+    "@eggjs/tsconfig": "3.1.0-beta.21",
+    "@eggjs/supertest": "9.0.0-beta.21"
   },
   "files": [
     "dist"
@@ -111,7 +111,7 @@
   "module": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "scripts": {
-    "build": "tsdown",
+    "build": "tsdown && rimraf dist && tsc -b --clean && tsc",
     "typecheck": "tsc --noEmit",
     "lint": "oxlint --type-aware",
     "lint:fix": "npm run lint -- --fix",

package/dist/application-COC0mYEe.js

@@ -1,32 +0,0 @@
-import { safeCurlForApplication } from "./safe_curl-UlViaxoF.js";
-import { Application } from "egg";
-
-//#region src/app/extend/application.ts
-const INPUT_CSRF = "\r\n<input type=\"hidden\" name=\"_csrf\" value=\"{{ctx.csrf}}\" /></form>";
-const INJECTION_DEFENSE = "<!--for injection--><!--</html>--><!--for injection-->";
-var SecurityApplication = class extends Application {
-	injectCsrf(html) {
-		html = html.replace(/(<form.*?>)([\s\S]*?)<\/form>/gi, (_, $1, $2) => {
-			const match = $2;
-			if (match.indexOf("name=\"_csrf\"") !== -1 || match.indexOf("name='_csrf'") !== -1) return $1 + match + "</form>";
-			return $1 + match + INPUT_CSRF;
-		});
-		return html;
-	}
-	injectNonce(html) {
-		html = html.replace(/<script(.*?)>([\s\S]*?)<\/script[^>]*?>/gi, (_, $1, $2) => {
-			if (!$1.includes("nonce=")) $1 += " nonce=\"{{ctx.nonce}}\"";
-			return "<script" + $1 + ">" + $2 + "<\/script>";
-		});
-		return html;
-	}
-	injectHijackingDefense(html) {
-		return INJECTION_DEFENSE + html + INJECTION_DEFENSE;
-	}
-	async safeCurl(url, options) {
-		return await safeCurlForApplication(this, url, options);
-	}
-};
-
-//#endregion
-export { SecurityApplication };

package/dist/application-n5bk2L_z.d.ts

@@ -1,12 +0,0 @@
-import { HttpClientOptions, HttpClientRequestURL, HttpClientResponse } from "./safe_curl-mqZZv_YQ.js";
-import { Application } from "egg";
-
-//#region src/app/extend/application.d.ts
-declare class SecurityApplication extends Application {
-  injectCsrf(html: string): string;
-  injectNonce(html: string): string;
-  injectHijackingDefense(html: string): string;
-  safeCurl<T = any>(url: HttpClientRequestURL, options?: HttpClientOptions): Promise<HttpClientResponse<T>>;
-}
-//#endregion
-export { SecurityApplication };

package/dist/cliFilter-7BSD8Nc_.js

@@ -1,18 +0,0 @@
-//#region src/lib/helper/cliFilter.ts
-/**
-* remote command execution
-*/
-const BASIC_ALPHABETS = new Set("abcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ.-_".split(""));
-function cliFilter(text) {
-	const str = "" + text;
-	let res = "";
-	let ascii;
-	for (let index = 0; index < str.length; index++) {
-		ascii = str[index];
-		if (BASIC_ALPHABETS.has(ascii)) res += ascii;
-	}
-	return res;
-}
-
-//#endregion
-export { cliFilter };

package/dist/cliFilter-DKZxCxSe.d.ts

@@ -1,7 +0,0 @@
-//#region src/lib/helper/cliFilter.d.ts
-/**
- * remote command execution
- */
-declare function cliFilter(text: string): string;
-//#endregion
-export { cliFilter };