npm - @formseal/embed - Versions diffs - 3.1.0 → 3.1.1 - Mend

@formseal/embed 3.1.0 → 3.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md +39 -11
package/cli/commands/configure.py +39 -62
package/package.json +1 -1
package/src/config/fields.jsonl +3 -0
package/src/config/fse.config.js +5 -20
package/src/globals.js +31 -3

package/README.md CHANGED Viewed

@@ -3,11 +3,14 @@
 </p>
 <p align="center">
-  <img src="https://img.shields.io/badge/encryption-X25519-10b981?style=flat-square&labelColor=1e293b&borderRadius=6px">
-  <img src="https://img.shields.io/badge/decryption-offline%20only-f59e0b?style=flat-square&labelColor=1e293b&borderRadius=6px">
-  <img src="https://img.shields.io/badge/backend-blind-6366f1?style=flat-square&labelColor=1e293b&borderRadius=6px">
-  <img src="https://img.shields.io/npm/v/@formseal/embed?style=flat-square&label=npm&labelColor=fff&color=cb0000&borderRadius=6px">
-  <img src="https://img.shields.io/badge/license-MIT-fc8181?style=flat-square&labelColor=1e293b&borderRadius=6px">
+  <img src="https://img.shields.io/badge/encryption-X25519-10b981?style=flat&labelColor=1e293b">
+  <img src="https://img.shields.io/badge/decryption-offline%20only-f59e0b?style=flat&labelColor=1e293b">
+  <img src="https://img.shields.io/badge/backend-blind-6366f1?style=flat&labelColor=1e293b">
+  <img src="https://img.shields.io/npm/v/@formseal/embed?style=flat&label=npm&labelColor=fff&color=cb0000">
+  <img src="https://img.shields.io/badge/license-MIT-fc8181?style=flat&labelColor=1e293b">
+</p>
+<p align="center">
+  <img src="https://badge.socket.dev/npm/package/@formseal/embed/3.1.0">
 </p>
 <p align="center">
@@ -24,12 +27,34 @@ formseal is not a hosted service, dashboard, or SaaS product. It is a drop-in cl
 ## Installation
+**Via npm (recommended)**
 ```bash
 npm install -g @formseal/embed
 fse init
 ```
-Scaffolds `./formseal-embed/` into your project, then:
+**Via GitHub release (zero toolchain)**
+1. Download the latest [release artifact](https://github.com/grayguava/formseal-embed/releases)
+2. Unzip → drop `formseal/` into your project
+3. Edit `fse.config.js` manually
+> Both paths are identical. The CLI is a scaffolding tool that lives globally — your project only gets `./formseal-embed/`, which is static files with zero dependencies. No `node_modules`, no `package.json`, no build step. Works fully offline after setup. The CLI can be uninstalled anytime.
+---
+## 60-second demo
+```bash
+npm install -g @formseal/embed && fse init && open sample/index.html
+```
+Or: download a release → unzip → open `sample/index.html`.
+---
+## Configure
 ```bash
 fse configure quick
@@ -37,8 +62,6 @@ fse configure quick
 You'll be prompted for your POST endpoint and public key. See [Getting started](./docs/getting-started.md) for key generation.
-> If you prefer not to install globally, `npx @formseal/embed init` works — but you'll need to edit `fse.config.js` manually instead of using the CLI.
 ---
 ## Security guarantee
@@ -77,6 +100,8 @@ Your endpoint stores the ciphertext. Only the holder of the private key can decr
 ## Wire up your HTML
+> After `fse init`, files live in `./formseal-embed/`. Reference them via your server's static path (e.g. `/formseal-embed/globals.js`).
 ```html
 <form id="contact-form">
@@ -100,14 +125,16 @@ Your endpoint stores the ciphertext. Only the holder of the private key can decr
 <script>
   window.fseCallbacks = {
-    onSuccess: function(response) {},
-    onError:   function(error)    {},
+    onSuccess: () => document.getElementById('contact-status').textContent = 'Sent securely.',
+    onError:   (err) => console.error('formseal error:', err),
   };
 </script>
 <script src="/formseal-embed/globals.js"></script>
 ```
+> Works fully offline after setup. No CDN, no runtime fetches, no external dependencies.
 ---
 ## Payload format
@@ -118,7 +145,6 @@ Your endpoint stores the ciphertext. Only the holder of the private key can decr
   "origin": "contact-form",
   "id": "<uuid>",
   "submitted_at": "<iso8601>",
-  "client_tz": "Europe/London",
   "data": {
     "name": "...",
     "email": "...",
@@ -129,6 +155,8 @@ Your endpoint stores the ciphertext. Only the holder of the private key can decr
 The entire object is sealed with `crypto_box_seal`. Your endpoint receives raw ciphertext as the request body.
+> No IP, no timezone, no fingerprints — just the data you explicitly collect.
 ---
 ## CSS hooks

package/cli/commands/configure.py CHANGED Viewed

@@ -15,6 +15,7 @@ from pathlib import Path
 from ui.output import br, rule, row, code, fail, C, G, Y, S, W, R, D
 CONFIG_PATH = Path.cwd() / "formseal-embed" / "config" / "fse.config.js"
+FIELDS_PATH = Path.cwd() / "formseal-embed" / "config" / "fields.jsonl"
 MARKERS = {
     "endpoint":   "endpoint:",
@@ -60,42 +61,30 @@ def _normalize_endpoint(url: str) -> str:
     return url
-def _load_config() -> dict:
-    if not CONFIG_PATH.exists():
-        return {}
-    content = CONFIG_PATH.read_text(encoding="utf-8")
-    match = re.search(r'var FSE = (\{[\s\S]*?\});', content)
-    if not match:
-        return {}
-    try:
-        return json.loads(match.group(1))
-    except json.JSONDecodeError:
+def _load_fields_jsonl() -> dict:
+    if not FIELDS_PATH.exists():
         return {}
-def _save_config(cfg: dict):
-    lines = CONFIG_PATH.read_text(encoding="utf-8").splitlines(keepends=True)
-    out = []
+    lines = FIELDS_PATH.read_text(encoding="utf-8").strip().split('\n')
+    fields = {}
     for line in lines:
-        if line.strip().startswith("fields:") and "{" in line:
-            out.append(line)
-            break
-        out.append(line)
-    else:
-        out.append(f"  fields: {json.dumps(cfg.get('fields', {}), indent=4)},\n")
-        CONFIG_PATH.write_text("".join(out), encoding="utf-8")
-        return
-    indent = "  "
-    fields_json = json.dumps(cfg.get("fields", {}), indent=4)
-    fields_json = "\n".join(indent + line for line in fields_json.splitlines())
-    out.append(fields_json + ",\n")
-    while lines and not lines[-1].strip().startswith("}"):
-        lines.pop()
-    out.extend(lines)
-    CONFIG_PATH.write_text("".join(out), encoding="utf-8")
+        line = line.strip()
+        if not line:
+            continue
+        try:
+            obj = json.loads(line)
+            key = list(obj.keys())[0]
+            fields[key] = obj[key]
+        except:
+            pass
+    return fields
+def _save_fields_jsonl(fields: dict):
+    lines = []
+    for name, opts in fields.items():
+        line = json.dumps({name: opts})
+        lines.append(line)
+    FIELDS_PATH.write_text('\n'.join(lines) + '\n', encoding="utf-8")
 def run(subcommand: str, args: list):
@@ -172,13 +161,10 @@ def _field_add(args: list):
         fail("Usage: fse configure field add <name> [required:true] [maxLength:n] [type:email]")
     name = args[0]
-    cfg = _load_config()
-    fields = cfg.get("fields", {})
-    if name in fields:
-        fail(f"Field {W}{name}{R} already exists.")
+    fields = _load_fields_jsonl()
-    field = {}
+    is_update = name in fields
+    field = fields.get(name, {"enabled": True})
     for opt in args[1:]:
         if ":" in opt:
             k, v = opt.split(":", 1)
@@ -195,14 +181,13 @@ def _field_add(args: list):
                 field["type"] = v
     fields[name] = field
-    cfg["fields"] = fields
-    _save_config(cfg)
+    _save_fields_jsonl(fields)
     br()
-    print(f"  {G}Added field:{R} {name}")
-    if field:
-        for k, v in field.items():
-            row("", k, str(v))
+    action = "Updated" if is_update else "Added"
+    print(f"  {G}{action} field:{R} {name}")
+    for k, v in field.items():
+        row("", k, str(v))
 def _field_remove(args: list):
@@ -210,15 +195,13 @@ def _field_remove(args: list):
         fail("Usage: fse configure field remove <name>")
     name = args[0]
-    cfg = _load_config()
-    fields = cfg.get("fields", {})
+    fields = _load_fields_jsonl()
     if name not in fields:
         fail(f"Field {W}{name}{R} not found.")
     del fields[name]
-    cfg["fields"] = fields
-    _save_config(cfg)
+    _save_fields_jsonl(fields)
     br()
     print(f"  {G}Removed field:{R} {name}")
@@ -232,15 +215,13 @@ def _field_required(args: list):
     if value not in ("true", "false"):
         fail("Use true or false")
-    cfg = _load_config()
-    fields = cfg.get("fields", {})
+    fields = _load_fields_jsonl()
     if name not in fields:
         fail(f"Field {W}{name}{R} not found.")
     fields[name]["required"] = value == "true"
-    cfg["fields"] = fields
-    _save_config(cfg)
+    _save_fields_jsonl(fields)
     br()
     row(">", f"{name}.required", value)
@@ -256,15 +237,13 @@ def _field_maxlength(args: list):
     except ValueError:
         fail(f"Invalid number: {value}")
-    cfg = _load_config()
-    fields = cfg.get("fields", {})
+    fields = _load_fields_jsonl()
     if name not in fields:
         fail(f"Field {W}{name}{R} not found.")
     fields[name]["maxLength"] = maxlen
-    cfg["fields"] = fields
-    _save_config(cfg)
+    _save_fields_jsonl(fields)
     br()
     row(">", f"{name}.maxLength", str(maxlen))
@@ -278,15 +257,13 @@ def _field_type(args: list):
     if value not in ("email", "tel", "text"):
         fail(f"Invalid type: {value}. Use email, tel, or text.")
-    cfg = _load_config()
-    fields = cfg.get("fields", {})
+    fields = _load_fields_jsonl()
     if name not in fields:
         fail(f"Field {W}{name}{R} not found.")
     fields[name]["type"] = value
-    cfg["fields"] = fields
-    _save_config(cfg)
+    _save_fields_jsonl(fields)
     br()
     row(">", f"{name}.type", value)

package/package.json CHANGED Viewed

@@ -26,5 +26,5 @@
     "type": "git",
     "url": "https://github.com/grayguava/formseal-embed.git"
   },
-  "version": "3.1.0"
+  "version": "3.1.1"
 }

package/src/config/fields.jsonl ADDED Viewed

@@ -0,0 +1,3 @@
+{"name": {"required": true, "maxLength": 100, "enabled": true}}
+{"email": {"type": "email", "required": true, "maxLength": 200, "enabled": true}}
+{"message": {"type": "text", "required": true, "maxLength": 1000, "enabled": true}}

package/src/config/fse.config.js CHANGED Viewed

@@ -3,7 +3,7 @@
 //
 // Edit this file or use the CLI:
 //   fse configure endpoint <url>
-//   fse configure key <base64url>
+//   fse configure publicKey <base64url>
 //   fse configure field add <name> [options]
 //   fse configure field remove <name>
 //   fse configure field required <name> <true|false>
@@ -12,11 +12,11 @@
 var FSE = {
   // -- Endpoint --
-  // POST target. Receives: { ciphertext: "<base64url>" }
+  // POST target. Receives raw ciphertext.
   endpoint: "https://your-api.example.com/submit",
   // -- Origin --
-  // Identifier for this form deployment. Useful when you have multiple forms.
+  // Identifier for this form deployment.
   origin: "contact-form",
   // -- Encryption --
@@ -48,22 +48,7 @@ var FSE = {
   },
   // -- Fields --
-  // Key = field name (matches [name] attribute in HTML)
-  // Value = validation rules
-  fields: {
-    name: {
-      required:  true,
-      maxLength: 100,
-    },
-    email: {
-      type:      "email",
-      required:  true,
-      maxLength: 200,
-    },
-    message: {
-      required:  true,
-      maxLength: 1000,
-    },
-  },
+  // Loaded from fields.jsonl at runtime
+  fields: FSE_FIELDS,
 };

package/src/globals.js CHANGED Viewed

@@ -19,6 +19,7 @@
   var FILES = [
     "vendor/sodium.js",
+    "config/fields.jsonl",
     "config/fse.config.js",
     "runtime/fse.crypto.js",
     "runtime/fse.payload.js",
@@ -26,6 +27,25 @@
     "runtime/fse.form.js",
   ];
+  var FSE_FIELDS = {};
+  function parseFieldsJsonl(code) {
+    var lines = code.trim().split('\n');
+    var fields = {};
+    for (var i = 0; i < lines.length; i++) {
+      var line = lines[i].trim();
+      if (!line) continue;
+      try {
+        var obj = JSON.parse(line);
+        var key = Object.keys(obj)[0];
+        if (key) {
+          fields[key] = obj[key];
+        }
+      } catch (e) {}
+    }
+    return fields;
+  }
   function loadNext(index) {
     if (index >= FILES.length) {
       try {
@@ -56,9 +76,17 @@
       })
       .then(function (code) {
         if (code === null || code === undefined) return;
-        var s = document.createElement("script");
-        s.textContent = code;
-        document.head.appendChild(s);
+        if (FILES[index] === "config/fields.jsonl") {
+          FSE_FIELDS = parseFieldsJsonl(code);
+        } else {
+          var s = document.createElement("script");
+          if (FILES[index] === "config/fse.config.js") {
+            code = "var FSE_FIELDS = " + JSON.stringify(FSE_FIELDS) + ";\n" + code;
+          }
+          s.textContent = code;
+          document.head.appendChild(s);
+        }
         loadNext(index + 1);
       })
       .catch(function (err) {