@jmruthers/pace-core 0.6.4 → 0.6.6

package/dist/utils.js

@@ -1,103 +1,20 @@
-import {
-  calculatePasswordStrength,
-  dateSchema,
-  emailSchema,
-  formatCompactNumber,
-  formatCurrency,
-  formatDate,
-  formatDateOnlyForDisplay,
-  formatDateTime,
-  formatDateTimeForDisplay,
-  formatDateTimeForMap,
-  formatDateTimeForTable,
-  formatFileSize,
-  formatNumber,
-  formatPercent,
-  formatTime,
-  getAppConfig,
-  getCurrentAppId,
-  nameSchema,
-  passwordSchema,
-  phoneSchema,
-  setAppConfig,
-  urlSchema,
-  useSessionTracking
-} from "./chunk-FFQEQTNW.js";
-import {
-  CachedAppIdResolver,
-  LoadingSpinner,
-  cachedAppIdResolver,
-  formatInTimeZone,
-  formatTimeInTimeZone,
-  fromZonedTime,
-  getAppId,
-  getAppIds,
-  getTimeZoneDifference,
-  getTimezoneAbbreviation,
-  getUserTimeZone,
-  roundToNearestMinutes,
-  toZonedTime
-} from "./chunk-J36DSWQK.js";
-import {
-  cn,
-  renderSafeHtml,
-  sanitizeHtml,
-  validateHtml
-} from "./chunk-M43Y4SSO.js";
-import {
-  getAppNameFromBuildTime,
-  getAppNameFromEnvironment,
-  getAppNameFromGlobal,
-  getAppNameFromPackageJson,
-  getCurrentAppName,
-  getCurrentAppNameWithFallback,
-  setRBACAppName
-} from "./chunk-M7MPQISP.js";
-import {
-  useComponentPerformance
-} from "./chunk-E66EQZE6.js";
-import {
-  clearInFlightRequests,
-  createAddressFromPlaceResult,
-  deduplicatedQuery,
-  fetchPlaceAutocomplete,
-  fetchPlaceDetails,
-  generateRequestKey,
-  getAddressByPlaceId,
-  getInFlightRequestStats,
-  getOrCreateRequest,
-  parseAddressComponents
-} from "./chunk-G37KK66H.js";
-import {
-  PERFORMANCE_BUDGETS,
-  performanceBudgetMonitor
-} from "./chunk-FMUCXFII.js";
-import {
-  clearOrganisationContext,
-  getOrganisationContext,
-  isOrganisationContextAvailable,
-  secureStorage,
-  setOrganisationContext
-} from "./chunk-VBXEHIUJ.js";
-import {
-  changePasswordSchema,
-  combineSchemas,
-  contactFormSchema,
-  loginSchema,
-  passwordResetSchema,
-  pickSchema,
-  registrationSchema,
-  secureLoginSchema,
-  securePasswordSchema,
-  userProfileSchema
-} from "./chunk-LMC26NLJ.js";
-import {
-  LogLevel,
-  Logger,
-  createLogger,
-  logger
-} from "./chunk-PWLANIRT.js";
-import "./chunk-DGUM43GV.js";
+import { sanitizeUserInput, emailSchema, nameSchema, sanitizeFormData } from './chunk-UIYSCEV7.js';
+export { calculatePasswordStrength, createBaseClient, dateSchema, emailSchema, formatCompactNumber, formatCurrency, formatDate, formatDateOnlyForDisplay, formatDateTime, formatDateTimeForDisplay, formatDateTimeForMap, formatDateTimeForTable, formatFileSize, formatNumber, formatPercent, formatTime, getAppConfig, getCurrentAppId, nameSchema, passwordSchema, phoneSchema, sanitizeFormData, sanitizeUserInput, setAppConfig, urlSchema, useSessionTracking } from './chunk-UIYSCEV7.js';
+import { LoadingSpinner } from './chunk-2HGJFNAH.js';
+export { CachedAppIdResolver, cachedAppIdResolver, formatInTimeZone, formatTimeInTimeZone, fromZonedTime, getAppId, getAppIds, getTimeZoneDifference, getTimezoneAbbreviation, getUserTimeZone, roundToNearestMinutes, toZonedTime } from './chunk-2HGJFNAH.js';
+export { renderSafeHtml, sanitizeHtml, validateHtml } from './chunk-3QC3KRHK.js';
+export { cn, getAppNameFromBuildTime, getAppNameFromEnvironment, getAppNameFromGlobal, getAppNameFromPackageJson, getCurrentAppName, getCurrentAppNameWithFallback, setRBACAppName } from './chunk-A55DK444.js';
+export { useComponentPerformance } from './chunk-6GLLNA6U.js';
+export { clearInFlightRequests, clearOrganisationContext, createAddressFromPlaceResult, deduplicatedQuery, fetchPlaceAutocomplete, fetchPlaceDetails, generateRequestKey, getAddressByPlaceId, getInFlightRequestStats, getOrCreateRequest, getOrganisationContext, isOrganisationContextAvailable, parseAddressComponents, setOrganisationContext } from './chunk-FYHN4DD5.js';
+export { PERFORMANCE_BUDGETS, performanceBudgetMonitor } from './chunk-SD6WQY43.js';
+import { secureStorage } from './chunk-HF6O3O37.js';
+import { createLogger } from './chunk-TTRFSOKR.js';
+export { LogLevel, Logger, createLogger, logger } from './chunk-TTRFSOKR.js';
+export { changePasswordSchema, combineSchemas, contactFormSchema, loginSchema, passwordResetSchema, pickSchema, registrationSchema, secureLoginSchema, securePasswordSchema, userProfileSchema } from './chunk-MBADTM7L.js';
+import './chunk-3RG5ZIWI.js';
+import { z } from 'zod';
+import { lazy, Suspense } from 'react';
+import { jsx } from 'react/jsx-runtime';
 
 // src/utils/core/debugLogger.ts
 var DebugLogger = class {
@@ -206,104 +123,13 @@ function deepMerge(target, source) {
 function isObject(item) {
   return item !== null && typeof item === "object" && !Array.isArray(item);
 }
-
-// src/utils/validation/validationUtils.ts
-import { z as z2 } from "zod";
-
-// src/utils/validation/sanitization.ts
-import { z } from "zod";
-var DEFAULT_OPTIONS = {
-  allowHtml: false,
-  allowedTags: [],
-  maxLength: 1e3,
-  trim: true,
-  removeScripts: true,
-  removeEvents: true
-};
-function sanitizeUserInput(input, options = {}) {
-  if (typeof input !== "string") {
-    return "";
-  }
-  const opts = { ...DEFAULT_OPTIONS, ...options };
-  let sanitized = input;
-  if (opts.trim) {
-    sanitized = sanitized.trim();
-  }
-  if (opts.maxLength && sanitized.length > opts.maxLength) {
-    sanitized = sanitized.substring(0, opts.maxLength);
-  }
-  if (!opts.allowHtml) {
-    sanitized = sanitized.replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#x27;").replace(/\//g, "&#x2F;");
-  } else if (opts.allowedTags && opts.allowedTags.length > 0) {
-    const allowedTagsRegex = new RegExp(`<(?!/?(?:${opts.allowedTags.join("|")})s*/?>)[^>]+>`, "gi");
-    sanitized = sanitized.replace(allowedTagsRegex, "");
-  }
-  if (opts.removeScripts) {
-    sanitized = sanitized.replace(/<script[^>]*>.*?<\/script>/gi, "").replace(/javascript:/gi, "").replace(/vbscript:/gi, "").replace(/data:/gi, "");
-  }
-  if (opts.removeEvents) {
-    sanitized = sanitized.replace(/on\w+\s*=/gi, "");
-  }
-  return sanitized;
-}
-function sanitizeEmail(email) {
-  if (typeof email !== "string") {
-    return "";
-  }
-  return email.trim().toLowerCase().replace(/[^\w@.-]/g, "");
-}
-function sanitizeFormData(data, schema, sanitizationRules) {
-  try {
-    if (sanitizationRules && typeof data === "object" && data !== null) {
-      const sanitizedData = { ...data };
-      Object.entries(sanitizationRules).forEach(([field, options]) => {
-        if (typeof sanitizedData[field] === "string") {
-          sanitizedData[field] = sanitizeUserInput(sanitizedData[field], options);
-        }
-      });
-      data = sanitizedData;
-    }
-    const result = schema.parse(data);
-    return { success: true, data: result };
-  } catch (error) {
-    if (error instanceof z.ZodError) {
-      return {
-        success: false,
-        error: error.errors.map((e) => e.message).join(", ")
-      };
-    }
-    return {
-      success: false,
-      error: "Validation failed"
-    };
-  }
-}
-var secureEmailSchema = z.string().min(1, "Email is required").email("Invalid email format").max(254, "Email too long").refine(
-  (email) => {
-    if (!email || typeof email !== "string") return false;
-    const domain = email.split("@")[1];
-    return domain && domain.includes(".") && domain.length > 3;
-  },
-  "Invalid email domain"
-).transform((email) => sanitizeEmail(email));
-var emailSchema2 = z.string().min(1, "Email is required").email("Invalid email format");
-var nameSchema2 = z.string().min(1, "Name is required").max(100, "Name too long").regex(/^[a-zA-Z\s'-]+$/, "Name contains invalid characters");
-var phoneSchema2 = z.string().regex(/^[\+]?[1-9][\d]{0,15}$/, "Invalid phone number format");
-var urlSchema2 = z.string().url("Invalid URL format");
-var dateSchema2 = z.string().regex(/^\d{4}-\d{2}-\d{2}$/, "Invalid date format (YYYY-MM-DD)");
-var secureLoginSchema2 = z.object({
-  email: secureEmailSchema,
-  password: z.string().min(1, "Password is required")
-});
-
-// src/utils/validation/validationUtils.ts
 function validateUserInput(schema, data, sanitizationRules) {
   return sanitizeFormData(data, schema, sanitizationRules);
 }
-var emailSchema3 = z2.string().transform((email) => email.toLowerCase().trim()).pipe(z2.string().min(1, "Email is required").email("Invalid email format").max(254, "Email too long"));
-var passwordSchema2 = z2.string().min(8, "Password must be at least 8 characters").max(128, "Password too long").regex(/[A-Z]/, "Password must contain at least one uppercase letter").regex(/[a-z]/, "Password must contain at least one lowercase letter").regex(/[0-9]/, "Password must contain at least one number").regex(/[^A-Za-z0-9]/, "Password must contain at least one special character");
-var usernameSchema = z2.string().transform((username) => username.toLowerCase().trim()).pipe(z2.string().min(3, "Username must be at least 3 characters").max(30, "Username too long").regex(/^[a-zA-Z0-9_-]+$/, "Username can only contain letters, numbers, hyphens, and underscores"));
-var nameSchema3 = z2.string().min(1, "Name is required").max(100, "Name too long").refine((name) => {
+z.string().transform((email) => email.toLowerCase().trim()).pipe(z.string().min(1, "Email is required").email("Invalid email format").max(254, "Email too long"));
+z.string().min(8, "Password must be at least 8 characters").max(128, "Password too long").regex(/[A-Z]/, "Password must contain at least one uppercase letter").regex(/[a-z]/, "Password must contain at least one lowercase letter").regex(/[0-9]/, "Password must contain at least one number").regex(/[^A-Za-z0-9]/, "Password must contain at least one special character");
+var usernameSchema = z.string().transform((username) => username.toLowerCase().trim()).pipe(z.string().min(3, "Username must be at least 3 characters").max(30, "Username too long").regex(/^[a-zA-Z0-9_-]+$/, "Username can only contain letters, numbers, hyphens, and underscores"));
+z.string().min(1, "Name is required").max(100, "Name too long").refine((name) => {
   const dangerousPatterns = [
     /<script/i,
     /<img/i,
@@ -318,11 +144,11 @@ var nameSchema3 = z2.string().min(1, "Name is required").max(100, "Name too long
   maxLength: 100,
   trim: true
 }));
-var phoneSchema3 = z2.string().min(10, "Phone number must be at least 10 digits").max(20, "Phone number too long").regex(/^[\+]?[0-9\s\-\(\)\.]+$/, "Invalid phone number format").refine((phone) => {
+z.string().min(10, "Phone number must be at least 10 digits").max(20, "Phone number too long").regex(/^[\+]?[0-9\s\-\(\)\.]+$/, "Invalid phone number format").refine((phone) => {
   const digitsOnly = phone.replace(/\D/g, "");
   return digitsOnly.length >= 10 && digitsOnly.length <= 15;
 }, "Phone number must be between 10 and 15 digits");
-var urlSchema3 = z2.string().min(1, "URL is required").max(2048, "URL too long").refine((url) => {
+z.string().min(1, "URL is required").max(2048, "URL too long").refine((url) => {
   try {
     const parsed = new URL(url);
     return ["http:", "https:"].includes(parsed.protocol);
@@ -374,7 +200,7 @@ var CSRFManager = class {
       this.tokenCache.set(token, tokenData);
       await this.persistTokens();
       return token;
-    } catch (error) {
+    } catch (_error) {
       throw new Error("CSRF token generation failed");
     }
   }
@@ -405,7 +231,7 @@ var CSRFManager = class {
       this.tokenCache.set(token, tokenData);
       await this.persistTokens();
       return true;
-    } catch (error) {
+    } catch (_error) {
       return false;
     }
   }
@@ -450,7 +276,7 @@ var CSRFManager = class {
         JSON.stringify(tokensArray),
         { encrypt: true, expiry: this.TOKEN_EXPIRY }
       );
-    } catch (error) {
+    } catch (_error) {
     }
   }
   /**
@@ -464,7 +290,7 @@ var CSRFManager = class {
         this.tokenCache = new Map(tokensArray);
         await this.cleanupExpiredTokens();
       }
-    } catch (error) {
+    } catch (_error) {
       this.tokenCache.clear();
     }
   }
@@ -492,9 +318,6 @@ async function validateCSRFToken(token, sessionId) {
 async function getCSRFToken(sessionId) {
   return csrfManager.getCurrentToken(sessionId);
 }
-
-// src/utils/validation/sqlInjectionProtection.ts
-import { z as z3 } from "zod";
 var SQL_INJECTION_PATTERNS = [
   /(\b(SELECT|INSERT|UPDATE|DELETE|DROP|CREATE|ALTER|EXEC|EXECUTE|UNION|SCRIPT|JAVASCRIPT)\b)/i,
   /(\'|(\\\')|(\'\')|(\"|(\\\")|(\\")))|(\\x)|(\\u)/i,
@@ -516,13 +339,13 @@ var SQL_INJECTION_PATTERNS = [
   /(%3B|;).+?(%44|%64|d)(%52|%72|r)(%4F|%6F|o)(%50|%70|p)/i
 ];
 var DANGEROUS_CHARS = /[';\"\\%]/g;
-var searchQuerySchema = z3.string().max(500, "Search query too long").refine(
+var searchQuerySchema = z.string().max(500, "Search query too long").refine(
   (query) => {
     return !SQL_INJECTION_PATTERNS.some((pattern) => pattern.test(query));
   },
   "Invalid characters detected in search query"
 ).transform((query) => sanitizeSearchQuery(query));
-var sqlIdentifierSchema = z3.string().min(1, "Identifier cannot be empty").max(63, "Identifier too long").regex(/^[a-zA-Z_][a-zA-Z0-9_]*$/, "Invalid identifier format").refine(
+var sqlIdentifierSchema = z.string().min(1, "Identifier cannot be empty").max(63, "Identifier too long").regex(/^[a-zA-Z_][a-zA-Z0-9_]*$/, "Invalid identifier format").refine(
   (identifier) => {
     const reservedWords = [
       "SELECT",
@@ -544,8 +367,8 @@ var sqlIdentifierSchema = z3.string().min(1, "Identifier cannot be empty").max(6
   },
   "Identifier cannot be a reserved SQL keyword"
 );
-var orderBySchema = z3.string().regex(/^[a-zA-Z_][a-zA-Z0-9_]*(\s+(ASC|DESC|asc|desc))?$/, "Invalid order by format");
-var limitOffsetSchema = z3.number().int("Must be an integer").min(0, "Must be non-negative").max(1e3, "Limit too large");
+var orderBySchema = z.string().regex(/^[a-zA-Z_][a-zA-Z0-9_]*(\s+(ASC|DESC|asc|desc))?$/, "Invalid order by format");
+var limitOffsetSchema = z.number().int("Must be an integer").min(0, "Must be non-negative").max(1e3, "Limit too large");
 function sanitizeSearchQuery(query) {
   return query.replace(DANGEROUS_CHARS, "").replace(/\s+/g, " ").trim().slice(0, 500);
 }
@@ -641,28 +464,25 @@ function detectSQLInjection(input) {
     riskLevel: maxRisk
   };
 }
-
-// src/utils/validation/user.ts
-import { z as z4 } from "zod";
-var userProfileSchema2 = z4.object({
+z.object({
   name: nameSchema,
   email: emailSchema,
-  phone: z4.string().optional(),
-  website: z4.string().url().optional(),
-  bio: z4.string().max(500).optional()
+  phone: z.string().optional(),
+  website: z.string().url().optional(),
+  bio: z.string().max(500).optional()
 });
-var userSettingsSchema = z4.object({
-  notifications: z4.object({
-    email: z4.boolean(),
-    push: z4.boolean()
+var userSettingsSchema = z.object({
+  notifications: z.object({
+    email: z.boolean(),
+    push: z.boolean()
   }),
-  language: z4.string()
+  language: z.string()
 });
-var userPreferencesSchema = z4.object({
+var userPreferencesSchema = z.object({
   displayName: nameSchema,
-  timezone: z4.string(),
-  dateFormat: z4.string(),
-  currency: z4.string()
+  timezone: z.string(),
+  dateFormat: z.string(),
+  currency: z.string()
 });
 
 // src/utils/security/security.ts
@@ -754,10 +574,6 @@ function createPerformanceBenchmark(name) {
         bundleSize: 0
         // Would be measured at build time
       };
-      const _unused = {
-        benchmark: `Performance Benchmark [${name}]`,
-        metrics
-      };
       return metrics;
     }
   };
@@ -774,10 +590,6 @@ function measureRenderPerformance(componentName, renderFn) {
     memoryUsage: endMemory - startMemory,
     bundleSize: 0
   };
-  const _unused = {
-    benchmark: `Render Performance [${componentName}]`,
-    metrics
-  };
   return metrics;
 }
 
@@ -881,25 +693,25 @@ function trackDynamicImport(moduleName) {
 
 // src/utils/dynamic/dynamicUtils.ts
 var loadLodash = async () => {
-  const debounceModule = await import("lodash.debounce");
-  const throttleModule = await import("lodash.throttle");
+  const debounceModule = await import('lodash.debounce');
+  const throttleModule = await import('lodash.throttle');
   return {
     debounce: debounceModule.default || debounceModule,
     throttle: throttleModule.default || throttleModule
   };
 };
 var loadDateUtils = async () => {
-  const dateFns = await import("date-fns");
+  const dateFns = await import('date-fns');
   return dateFns;
 };
 var loadChartUtils = async () => {
-  const recharts = await import("recharts");
+  const recharts = await import('recharts');
   return recharts;
 };
 var loadFormUtils = async () => {
   const [reactHookForm, zodResolvers] = await Promise.all([
-    import("react-hook-form"),
-    import("@hookform/resolvers/zod")
+    import('react-hook-form'),
+    import('@hookform/resolvers/zod')
   ]);
   return {
     ...reactHookForm,
@@ -907,7 +719,7 @@ var loadFormUtils = async () => {
   };
 };
 var loadCSVUtils = async () => {
-  const papaparse = await import("papaparse");
+  const papaparse = await import('papaparse');
   return papaparse.default;
 };
 function createLazyUtility(loader) {
@@ -933,10 +745,6 @@ var lazyDateUtils = createLazyUtility(loadDateUtils);
 var lazyChartUtils = createLazyUtility(loadChartUtils);
 var lazyFormUtils = createLazyUtility(loadFormUtils);
 var lazyCSVUtils = createLazyUtility(loadCSVUtils);
-
-// src/utils/dynamic/lazyLoad.tsx
-import { Suspense, lazy } from "react";
-import { jsx } from "react/jsx-runtime";
 function createLazyComponent(importFn, componentName, options = {}) {
   const LazyComponent = lazy(importFn);
   const WrappedComponent = (props) => {
@@ -951,7 +759,7 @@ function createLazyComponent(importFn, componentName, options = {}) {
   return WrappedComponent;
 }
 var LazyDataTable = createLazyComponent(
-  () => import("./DataTable-E7YQZD7D.js").then((module) => ({ default: module.DataTable })),
+  () => import('./DataTable-LRJL4IRV.js').then((module) => ({ default: module.DataTable })),
   "DataTable"
 );
 
@@ -1263,151 +1071,5 @@ function getGoogleMapsUrl(coords) {
   }
   return `https://www.google.com/maps/search/?api=1&query=${coords.lat},${coords.lng}`;
 }
-export {
-  CachedAppIdResolver,
-  DebugLogger,
-  LazyDataTable,
-  LogLevel,
-  Logger,
-  PERFORMANCE_BUDGETS,
-  PERFORMANCE_THRESHOLDS,
-  PermissionType,
-  areCoordinatesEqual,
-  auditLogger,
-  buildSafeQueryParams,
-  bundleAnalyzer,
-  cachedAppIdResolver,
-  calculatePasswordStrength,
-  changePasswordSchema,
-  clearInFlightRequests,
-  clearOrganisationContext,
-  cn,
-  combineSchemas,
-  contactFormSchema,
-  createAddressFromPlaceResult,
-  createLazyComponent,
-  createLazyUtility,
-  createLogger,
-  createPerformanceBenchmark,
-  csrfManager,
-  dateSchema,
-  deduplicatedQuery,
-  deepMerge,
-  detectSQLInjection,
-  emailSchema,
-  escapeLikeQuery,
-  fetchPlaceAutocomplete,
-  fetchPlaceDetails,
-  formatCompactNumber,
-  formatCoordinates,
-  formatCurrency,
-  formatDate,
-  formatDateOnlyForDisplay,
-  formatDateTime,
-  formatDateTimeForDisplay,
-  formatDateTimeForMap,
-  formatDateTimeForTable,
-  formatFileSize,
-  formatInTimeZone,
-  formatNumber,
-  formatPercent,
-  formatTime,
-  formatTimeInTimeZone,
-  fromZonedTime,
-  generateCSRFToken,
-  generateDeviceFingerprint,
-  generateRequestKey,
-  getAddressByPlaceId,
-  getAppConfig,
-  getAppId,
-  getAppIds,
-  getAppNameFromBuildTime,
-  getAppNameFromEnvironment,
-  getAppNameFromGlobal,
-  getAppNameFromPackageJson,
-  getCSRFToken,
-  getCurrentAppId,
-  getCurrentAppName,
-  getCurrentAppNameWithFallback,
-  getGoogleMapsUrl,
-  getInFlightRequestStats,
-  getOrCreateRequest,
-  getOrganisationContext,
-  getSecurityHeaders,
-  getTimeZoneDifference,
-  getTimezoneAbbreviation,
-  getUserTimeZone,
-  hasAllPermissions,
-  hasAnyPermission,
-  hasPermission,
-  hasValidCoordinates,
-  isEmpty,
-  isObject,
-  isOrganisationContextAvailable,
-  isStrongPassword,
-  isValidDate,
-  isValidEmail,
-  isValidUrl,
-  isWithinRange,
-  lazyCSVUtils,
-  lazyChartUtils,
-  lazyDateUtils,
-  lazyFormUtils,
-  lazyLodash,
-  limitOffsetSchema,
-  loadCSVUtils,
-  loadChartUtils,
-  loadDateUtils,
-  loadFormUtils,
-  loadLodash,
-  logAuditEvent,
-  logAuthEvent,
-  logPermissionEvent,
-  logSecurityEvent2 as logSecurityEvent,
-  logger,
-  loginSchema,
-  matchesPattern,
-  measureRenderPerformance,
-  nameSchema,
-  orderBySchema,
-  parseAddressComponents,
-  parsePermission,
-  passwordResetSchema,
-  passwordSchema,
-  performanceBudgetMonitor,
-  phoneSchema,
-  pickSchema,
-  registrationSchema,
-  renderSafeHtml,
-  roundToNearestMinutes,
-  sanitizeFilters,
-  sanitizeFormData,
-  sanitizeHtml,
-  sanitizeSearchQuery,
-  sanitizeUserInput,
-  searchQuerySchema,
-  secureLoginSchema,
-  securePasswordSchema,
-  securityMonitor,
-  setAppConfig,
-  setOrganisationContext,
-  setRBACAppName,
-  sqlIdentifierSchema,
-  toZonedTime,
-  trackDynamicImport,
-  transformPermissionMapToBoolean,
-  urlSchema,
-  useComponentPerformance,
-  useSessionTracking,
-  userPreferencesSchema,
-  userProfileSchema,
-  userSettingsSchema,
-  usernameSchema,
-  validateCSRFToken,
-  validateDeviceFingerprint,
-  validateHtml,
-  validateImportPattern,
-  validateSecurityHeaders,
-  validateUserInput
-};
-//# sourceMappingURL=utils.js.map
+
+export { DebugLogger, LazyDataTable, PERFORMANCE_THRESHOLDS, PermissionType, areCoordinatesEqual, auditLogger, buildSafeQueryParams, bundleAnalyzer, createLazyComponent, createLazyUtility, createPerformanceBenchmark, csrfManager, deepMerge, detectSQLInjection, escapeLikeQuery, formatCoordinates, generateCSRFToken, generateDeviceFingerprint, getCSRFToken, getGoogleMapsUrl, getSecurityHeaders, hasAllPermissions, hasAnyPermission, hasPermission, hasValidCoordinates, isEmpty, isObject, isStrongPassword, isValidDate, isValidEmail, isValidUrl, isWithinRange, lazyCSVUtils, lazyChartUtils, lazyDateUtils, lazyFormUtils, lazyLodash, limitOffsetSchema, loadCSVUtils, loadChartUtils, loadDateUtils, loadFormUtils, loadLodash, logAuditEvent, logAuthEvent, logPermissionEvent, logSecurityEvent2 as logSecurityEvent, matchesPattern, measureRenderPerformance, orderBySchema, parsePermission, sanitizeFilters, sanitizeSearchQuery, searchQuerySchema, securityMonitor, sqlIdentifierSchema, trackDynamicImport, transformPermissionMapToBoolean, userPreferencesSchema, userSettingsSchema, usernameSchema, validateCSRFToken, validateDeviceFingerprint, validateImportPattern, validateSecurityHeaders, validateUserInput };

package/docs/README.md

@@ -18,17 +18,27 @@ Use this page as the launchpad for the rest of the documentation set.
 npm install @jmruthers/pace-core \
   react react-dom \
   @tanstack/react-table \
-  @radix-ui/react-avatar @radix-ui/react-checkbox @radix-ui/react-dialog \
-  @radix-ui/react-label @radix-ui/react-slot \
+  @radix-ui/react-checkbox @radix-ui/react-label @radix-ui/react-slot \
   @radix-ui/react-switch @radix-ui/react-tabs @radix-ui/react-toast @radix-ui/react-tooltip \
-  clsx lucide-react react-day-picker react-hook-form react-router-dom tailwind-merge zod
+  clsx lucide-react react-day-picker react-hook-form react-router-dom tailwind-merge tailwindcss zod
 
-npm install -D tailwindcss @tailwindcss/vite vite
+npm install -D @tailwindcss/vite tailwindcss@^4.0.0
 ```
 
-**Note**: `@supabase/supabase-js` and `@tanstack/react-query` are included as dependencies in `@jmruthers/pace-core` and do not need to be installed separately.
+> **📦 Dependencies Guide**: See [Dependencies Guide](./getting-started/dependencies.md) for complete details on which packages to install and which are already included.
+> 
+> **🔍 Auditing your dependencies?** Start with [AUDIT-YOUR-DEPENDENCIES.md](./getting-started/AUDIT-YOUR-DEPENDENCIES.md) for a quick overview.
 
-The peer dependencies list is derived from [`package.json`](../package.json).
+**Important**: 
+- ❌ **DO NOT install** `@supabase/supabase-js`, `@radix-ui/*`, or `lucide-react` - they're included in pace-core. Use pace-core exports instead:
+  - `createBaseClient()` from `@jmruthers/pace-core` (instead of `createClient` from `@supabase/supabase-js`)
+  - pace-core components (instead of `@radix-ui/*` primitives)
+  - `@jmruthers/pace-core/icons` (instead of `lucide-react`)
+- ⚠️ `@tanstack/react-query` is a **peer dependency** - you MUST install it (required for QueryClient configuration)
+- ⚠️ All listed packages above are **required peer dependencies** - you must install them
+- ❌ Installing included dependencies will create duplicates and cause conflicts
+
+The peer dependencies list is derived from [`package.json`](../package.json). See [Dependencies Guide](./getting-started/dependencies.md) for the complete breakdown.
 
 ### 2. Enable Tailwind v4 in Vite