npm - @keverdjs/fraud-sdk-react - Versions diffs - 1.1.2 → 3.0.0 - Mend

@keverdjs/fraud-sdk-react 1.1.2 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/index.js CHANGED Viewed

@@ -1,5 +1,6 @@
 'use strict';
+var fraudSdk = require('@keverdjs/fraud-sdk');
 var react = require('react');
 var jsxRuntime = require('react/jsx-runtime');
@@ -633,8 +634,6 @@ var KeverdBehavioralCollector = class {
     }, 0);
   }
 };
-// src/core/keverd-sdk.ts
 var KeverdSDK = class {
   constructor() {
     this.config = null;
@@ -653,9 +652,6 @@ var KeverdSDK = class {
       }
       return;
     }
-    if (!config.apiKey) {
-      throw new Error("Keverd SDK: apiKey is required");
-    }
     this.config = {
       debug: false,
       ...config
@@ -666,8 +662,6 @@ var KeverdSDK = class {
     if (this.config.debug) {
       console.log("[Keverd SDK] Initialized successfully");
     }
-    this.startSession().catch(() => {
-    });
   }
   /**
    * Get visitor data (fingerprint and risk assessment)
@@ -689,7 +683,8 @@ var KeverdSDK = class {
         session: sessionInfo,
         behavioral: behavioralData
       };
-      const response = await this.sendFingerprintRequest(request, options);
+      const privacySignals = this.collectPrivacySignals();
+      const response = await this.sendFingerprintRequest(request, options, privacySignals);
       return this.transformResponse(response);
     } catch (error) {
       const keverdError = {
@@ -702,6 +697,27 @@ var KeverdSDK = class {
       throw keverdError;
     }
   }
+  /**
+   * Verify user identity during login attempts.
+   *
+   * This is a thin wrapper around the core web SDK `verifyLogin`, so it sends
+   * the same enhanced signals and structured login context as the vanilla SDK.
+   */
+  async verifyLogin(options) {
+    if (!this.isInitialized || !this.config) {
+      throw new Error("Keverd SDK not initialized. Call init() first.");
+    }
+    if (!this.config.apiKey) {
+      throw new Error("Keverd SDK: apiKey is required for verifyLogin");
+    }
+    fraudSdk.Keverd.init({
+      apiKey: this.config.apiKey,
+      userId: this.config.userId,
+      endpoint: this.getDefaultEndpoint(),
+      debug: this.config.debug || false
+    });
+    return fraudSdk.Keverd.verifyLogin(options);
+  }
   /**
    * Extract origin and referrer from browser
    */
@@ -716,11 +732,11 @@ var KeverdSDK = class {
   /**
    * Send fingerprint request to backend
    */
-  async sendFingerprintRequest(request, options) {
+  async sendFingerprintRequest(request, options, privacySignals) {
     if (!this.config) {
       throw new Error("SDK not initialized");
     }
-    const url = `${this.getDefaultEndpoint()}/fingerprint/score`;
+    const url = `${this.getDefaultEndpoint()}/v2/fingerprint`;
     const headers = {
       "Content-Type": "application/json",
       "X-SDK-Source": "react"
@@ -739,20 +755,11 @@ var KeverdSDK = class {
       headers["X-API-KEY"] = apiKey;
       headers["Authorization"] = `Bearer ${apiKey}`;
     }
-    if (options?.tag === "sandbox") {
-      headers["X-Sandbox"] = "true";
-    }
-    const requestBody = {
-      ...request,
-      session: {
-        ...request.session || {},
-        sessionId: this.sessionId || request.session?.sessionId
-      }
-    };
+    const signalsPayload = this.buildV2SignalsPayload(request, privacySignals);
     const response = await fetch(url, {
       method: "POST",
       headers,
-      body: JSON.stringify(requestBody)
+      body: JSON.stringify({ signals: signalsPayload })
     });
     if (!response.ok) {
       const errorText = await response.text().catch(() => "Unknown error");
@@ -773,25 +780,345 @@ var KeverdSDK = class {
    * Transform API response to visitor data format
    */
   transformResponse(response) {
+    const fingerprintId = response.device_id || response.fingerprint;
+    if (fingerprintId) {
+      const similarity = typeof response.similarity === "number" ? response.similarity : 0;
+      const score = Number((1 - similarity).toFixed(3));
+      const riskScore = Math.round(score * 100);
+      const reasons = [];
+      if (response.is_new) reasons.push("new_device");
+      if (response.is_drifted) reasons.push("device_drifted");
+      if (reasons.length === 0) reasons.push("known_device_match");
+      const requestId = response.requestId || response.event_id || fingerprintId;
+      const historyCount = response.history_count ?? response.times_seen ?? 1;
+      return {
+        visitorId: fingerprintId,
+        riskScore,
+        score,
+        action: this.actionFromRisk(riskScore),
+        reasons,
+        sessionId: this.sessionId || fingerprintId,
+        requestId,
+        confidence: similarity,
+        extendedResult: {
+          fingerprint: fingerprintId,
+          eventId: requestId,
+          similarity,
+          isNew: response.is_new ?? false,
+          isDrifted: response.is_drifted ?? false,
+          visitCount: historyCount,
+          historyCount,
+          firstSeen: response.first_seen,
+          lastSeen: response.last_seen || (/* @__PURE__ */ new Date()).toISOString(),
+          browser: {
+            name: this._detectBrowser(),
+            version: void 0
+          },
+          network: {
+            anonymizer: "Unknown"
+          }
+        }
+      };
+    }
     return {
-      visitorId: response.requestId,
-      riskScore: response.risk_score,
-      score: response.score,
-      action: response.action,
+      visitorId: response.requestId || this.sessionId || this.generateSessionId(),
+      riskScore: response.risk_score ?? 0,
+      score: response.score ?? 0,
+      action: response.action ?? "allow",
       reasons: response.reason || [],
-      sessionId: response.session_id,
-      requestId: response.requestId,
+      sessionId: response.session_id || this.sessionId || this.generateSessionId(),
+      requestId: response.requestId || this.sessionId || this.generateSessionId(),
       simSwapEngine: response.sim_swap_engine,
-      confidence: 1 - response.score
-      // Inverse of risk score as confidence
+      confidence: response.confidence ?? 1 - (response.score ?? 0),
+      // Prefer backend confidence when present
+      deviceMatch: response.device_match,
+      fraudProbability: response.fraud_probability,
+      recommendedAction: response.recommended_action,
+      adaptiveResponse: response.adaptive_response ? {
+        recommendedAction: response.adaptive_response.recommended_action,
+        challenges: Array.isArray(response.adaptive_response.challenges) ? response.adaptive_response.challenges : void 0,
+        reason: response.adaptive_response.reason,
+        confidence: response.adaptive_response.confidence
+      } : void 0
+    };
+  }
+  buildV2SignalsPayload(request, privacySignals) {
+    const behavioral = request.behavioral || {};
+    const device = request.device;
+    const session = request.session || {};
+    const webgl = this.getWebGLInfo();
+    const browserInfo = this.parseBrowserInfo();
+    const osInfo = this.parseOsInfo();
+    const audioHash = this.computeSimpleHash(
+      `${navigator.userAgent}|${navigator.language}|${device.fingerprint}`
+    );
+    const detectedFonts = this.detectBasicFonts();
+    const screenWidth = Number(device.screenWidth ?? window.screen.width);
+    const screenHeight = Number(device.screenHeight ?? window.screen.height);
+    const maxTouchPoints = Number(navigator.maxTouchPoints || 0);
+    const touchSupport = maxTouchPoints > 0 || "ontouchstart" in window;
+    const memory = Number(navigator.deviceMemory || 0);
+    const concurrency = Number(navigator.hardwareConcurrency || 0);
+    const plugins = Array.from(navigator.plugins || []).map((plugin) => plugin.name).filter(Boolean).slice(0, 20);
+    const storageFlags = this.getStorageFlags();
+    const isIncognitoByStorage = !storageFlags.local_storage && !storageFlags.session_storage && !storageFlags.cookies;
+    const isIncognito = (privacySignals?.isIncognito ?? false) || isIncognitoByStorage;
+    const payload = {
+      hardware: {
+        ...memory > 0 ? { memory, device_memory: memory } : {},
+        concurrency,
+        screen_width: Number.isFinite(screenWidth) ? screenWidth : window.screen.width,
+        screen_height: Number.isFinite(screenHeight) ? screenHeight : window.screen.height,
+        color_depth: window.screen.colorDepth,
+        device_pixel_ratio: window.devicePixelRatio || 1,
+        touch_support: touchSupport,
+        max_touch_points: maxTouchPoints,
+        platform: navigator.platform || "unknown",
+        architecture: navigator.platform || "unknown",
+        device: device.device,
+        timezone: device.timezone,
+        languages: Array.isArray(navigator.languages) ? navigator.languages : [navigator.language],
+        gpu: {
+          renderer: webgl.renderer !== "unknown" ? webgl.renderer : "extraction-failed",
+          vendor: webgl.vendor !== "unknown" ? webgl.vendor : "extraction-failed",
+          version: webgl.version || void 0,
+          shading_language_version: webgl.shadingLanguageVersion || void 0
+        }
+      },
+      graphics: {
+        vendor: webgl.vendor,
+        renderer: webgl.renderer,
+        canvas_hash: device.fingerprint,
+        canvas: {
+          hash_webgl: this.computeSimpleHash(`${webgl.vendor}|${webgl.renderer}|${webgl.version || ""}`),
+          hash_winding: this.computeSimpleHash(`${device.fingerprint}|winding`),
+          hash_2d: this.computeSimpleHash(`${device.fingerprint}|2d`),
+          hash_text: this.computeSimpleHash(`${device.fingerprint}|text`)
+        },
+        webgl: {
+          vendor: webgl.vendor,
+          renderer: webgl.renderer,
+          version: webgl.version || void 0,
+          shading_language_version: webgl.shadingLanguageVersion || void 0
+        }
+      },
+      audio: {
+        fingerprint: audioHash,
+        audio_hash: audioHash,
+        available: true,
+        sample_rate: 44100,
+        codecs: this.getAudioCodecs()
+      },
+      behavioral: {
+        mouse_speed: behavioral.swipe_velocity ?? 0,
+        languages: Array.isArray(navigator.languages) ? navigator.languages : [navigator.language],
+        timezone: device.timezone
+      },
+      software: {
+        os: osInfo.os,
+        browser: browserInfo.browser,
+        version: browserInfo.version,
+        platform: navigator.platform,
+        ua: navigator.userAgent,
+        fonts: detectedFonts.slice(0, 20),
+        plugins,
+        storage_flags: storageFlags,
+        do_not_track: navigator.doNotTrack ?? null
+      },
+      network: {
+        ip_isp: "unknown",
+        vpn: privacySignals?.isVPN ?? false,
+        vpn_detected: privacySignals?.isVPN ?? false,
+        proxy: false,
+        tor: false
+      },
+      session: {
+        incognito: isIncognito,
+        session_id: this.sessionId || session.sessionId || request.userId || this.generateSessionId(),
+        bot: privacySignals?.isAutomated ?? false,
+        automation: privacySignals?.isAutomated ?? false,
+        hasAdBlocker: privacySignals?.hasAdBlocker ?? false,
+        has_ad_blocker: privacySignals?.hasAdBlocker ?? false
+      },
+      confidence: 0.9
+    };
+    const persistenceScore = this.calculatePersistenceScore(payload);
+    const fallback = persistenceScore < 0.7;
+    payload._metadata = {
+      fallback,
+      fallback_reason: fallback ? "incognito_restrictions" : void 0,
+      sdk_version: "2.0.0",
+      persistence_score: persistenceScore,
+      collected_at: Date.now()
+    };
+    if (fallback) {
+      return {
+        hardware: payload.hardware,
+        graphics: {
+          canvas: {
+            hash_webgl: payload.graphics?.canvas?.hash_webgl,
+            hash_winding: payload.graphics?.canvas?.hash_winding
+          },
+          webgl: {
+            vendor: payload.graphics?.webgl?.vendor,
+            renderer: payload.graphics?.webgl?.renderer
+          }
+        },
+        session: payload.session,
+        _metadata: payload._metadata
+      };
+    }
+    return payload;
+  }
+  getWebGLInfo() {
+    try {
+      const canvas = document.createElement("canvas");
+      const gl = canvas.getContext("webgl") || canvas.getContext("experimental-webgl");
+      if (!gl) {
+        return { vendor: "unknown", renderer: "unknown" };
+      }
+      const debugInfo = gl.getExtension("WEBGL_debug_renderer_info");
+      if (debugInfo) {
+        return {
+          vendor: String(gl.getParameter(debugInfo.UNMASKED_VENDOR_WEBGL) || "unknown"),
+          renderer: String(gl.getParameter(debugInfo.UNMASKED_RENDERER_WEBGL) || "unknown"),
+          version: String(gl.getParameter(gl.VERSION) || "unknown"),
+          shadingLanguageVersion: String(gl.getParameter(gl.SHADING_LANGUAGE_VERSION) || "unknown")
+        };
+      }
+      return {
+        vendor: String(gl.getParameter(gl.VENDOR) || "unknown"),
+        renderer: String(gl.getParameter(gl.RENDERER) || "unknown"),
+        version: String(gl.getParameter(gl.VERSION) || "unknown"),
+        shadingLanguageVersion: String(gl.getParameter(gl.SHADING_LANGUAGE_VERSION) || "unknown")
+      };
+    } catch {
+      return { vendor: "unknown", renderer: "unknown" };
+    }
+  }
+  parseBrowserInfo() {
+    const ua = navigator.userAgent;
+    const browser = this._detectBrowser();
+    const versionMatch = ua.match(/Chrome\/([\d.]+)/) || ua.match(/Firefox\/([\d.]+)/) || ua.match(/Version\/([\d.]+)/) || ua.match(/Edg\/([\d.]+)/);
+    return { browser, version: versionMatch?.[1] || "unknown" };
+  }
+  parseOsInfo() {
+    const ua = navigator.userAgent;
+    if (ua.includes("Mac OS X")) return { os: "Mac OS X" };
+    if (ua.includes("Windows")) return { os: "Windows" };
+    if (ua.includes("Android")) return { os: "Android" };
+    if (ua.includes("iPhone") || ua.includes("iPad")) return { os: "iOS" };
+    if (ua.includes("Linux")) return { os: "Linux" };
+    return { os: "unknown" };
+  }
+  detectBasicFonts() {
+    const commonFonts = ["Arial", "Helvetica", "Verdana", "Times New Roman", "Courier New"];
+    return commonFonts.slice(0, 3);
+  }
+  calculatePersistenceScore(payload) {
+    let score = 0;
+    if (payload.hardware?.gpu?.renderer && payload.hardware.gpu.renderer !== "extraction-failed") score += 0.25;
+    if (payload.hardware?.screen_width && payload.hardware?.screen_height) score += 0.15;
+    if ((payload.hardware?.concurrency || 0) > 0) score += 0.1;
+    if (payload.graphics?.webgl?.renderer || payload.graphics?.webgl?.vendor) score += 0.2;
+    if (payload.graphics?.canvas?.hash_webgl) score += 0.15;
+    if (payload.audio?.fingerprint) score += 0.1;
+    if ((payload.software?.fonts || []).length > 0) score += 0.03;
+    if ((payload.software?.plugins || []).length > 0) score += 0.02;
+    return Number(Math.min(1, score).toFixed(2));
+  }
+  getStorageFlags() {
+    return {
+      local_storage: this.isApiAvailable(() => window.localStorage),
+      session_storage: this.isApiAvailable(() => window.sessionStorage),
+      indexed_db: this.isApiAvailable(() => window.indexedDB),
+      cookies: navigator.cookieEnabled === true
     };
   }
+  isApiAvailable(accessor) {
+    try {
+      return typeof accessor() !== "undefined";
+    } catch {
+      return false;
+    }
+  }
+  getAudioCodecs() {
+    const audio = document.createElement("audio");
+    return {
+      mp3: audio.canPlayType("audio/mpeg"),
+      ogg: audio.canPlayType("audio/ogg"),
+      aac: audio.canPlayType("audio/aac"),
+      opus: audio.canPlayType("audio/ogg; codecs=opus")
+    };
+  }
+  collectPrivacySignals() {
+    const isIncognito = this.isStorageUnavailable();
+    return {
+      isIncognito,
+      isVPN: false,
+      isAutomated: navigator.webdriver === true,
+      hasAdBlocker: this.detectAdBlocker()
+    };
+  }
+  isStorageUnavailable() {
+    try {
+      const hasLocal = typeof window.localStorage !== "undefined";
+      const hasSession = typeof window.sessionStorage !== "undefined";
+      const cookies = navigator.cookieEnabled === true;
+      return !hasLocal && !hasSession && !cookies;
+    } catch {
+      return true;
+    }
+  }
+  detectAdBlocker() {
+    try {
+      const bait = document.createElement("div");
+      bait.className = "adsbox";
+      bait.style.position = "absolute";
+      bait.style.left = "-9999px";
+      document.body.appendChild(bait);
+      const blocked = bait.offsetHeight === 0 || bait.offsetWidth === 0;
+      document.body.removeChild(bait);
+      return blocked;
+    } catch {
+      return false;
+    }
+  }
+  computeSimpleHash(value) {
+    let hash = 0;
+    for (let i = 0; i < value.length; i++) {
+      hash = (hash << 5) - hash + value.charCodeAt(i) | 0;
+    }
+    return Math.abs(hash).toString(16);
+  }
+  actionFromRisk(riskScore) {
+    if (riskScore >= 85) return "block";
+    if (riskScore >= 65) return "hard_challenge";
+    if (riskScore >= 40) return "soft_challenge";
+    return "allow";
+  }
   /**
-   * Get default endpoint
+   * Resolve endpoint: config > env > production default.
    */
   getDefaultEndpoint() {
+    const configuredEndpoint = this.normalizeEndpoint(this.config?.endpoint);
+    if (configuredEndpoint) {
+      return configuredEndpoint;
+    }
+    const envEndpoint = this.normalizeEndpoint(
+      typeof globalThis !== "undefined" ? globalThis?.process?.env?.NEXT_PUBLIC_API_URL : void 0
+    );
+    if (envEndpoint) {
+      return envEndpoint;
+    }
     return "https://api.keverd.com";
   }
+  normalizeEndpoint(value) {
+    if (!value) return void 0;
+    const trimmed = value.trim();
+    if (!trimmed) return void 0;
+    return trimmed.replace(/\/+$/, "");
+  }
   /**
    * Generate a session ID
    */
@@ -993,9 +1320,6 @@ var KeverdSDK = class {
    * Destroy the SDK instance
    */
   async destroy() {
-    if (this.sessionId) {
-      await this.endSession();
-    }
     const wasDebug = this.config?.debug;
     this.behavioralCollector.stop();
     this.isInitialized = false;
@@ -1019,15 +1343,19 @@ var KeverdSDK = class {
   }
 };
 var KeverdContext = react.createContext(null);
-function KeverdProvider({ loadOptions, children }) {
+function KeverdProvider({ apiKey, endpoint, debug, loadOptions, children }) {
   const sdkRef = react.useRef(new KeverdSDK());
   const [isReady, setIsReady] = react.useState(false);
   react.useEffect(() => {
     const sdk = sdkRef.current;
     if (!sdk.isReady()) {
+      const resolvedApiKey = apiKey ?? loadOptions?.apiKey;
+      const resolvedEndpoint = endpoint ?? loadOptions?.endpoint;
+      const resolvedDebug = debug ?? loadOptions?.debug ?? false;
       sdk.init({
-        apiKey: loadOptions.apiKey,
-        debug: loadOptions.debug || false
+        apiKey: resolvedApiKey,
+        endpoint: resolvedEndpoint,
+        debug: resolvedDebug
       });
       setIsReady(true);
     }
@@ -1038,7 +1366,7 @@ function KeverdProvider({ loadOptions, children }) {
         setIsReady(false);
       }
     };
-  }, []);
+  }, [apiKey, endpoint, debug, loadOptions]);
   const contextValue = {
     sdk: sdkRef.current,
     isReady
@@ -1105,11 +1433,112 @@ function useKeverdVisitorData(options) {
     getData
   };
 }
+function useKeverd() {
+  const { isLoading, error, data, getData } = useKeverdVisitorData({ immediate: true });
+  react.useEffect(() => {
+    if (typeof window === "undefined") return;
+    if (data?.visitorId) {
+      window.__KEVERD_DEVICE_ID__ = data.visitorId;
+    }
+  }, [data?.visitorId]);
+  const refresh = async () => {
+    await getData({ ignoreCache: true });
+  };
+  return react.useMemo(
+    () => ({
+      deviceId: data?.visitorId || null,
+      riskScore: typeof data?.riskScore === "number" ? data.riskScore : null,
+      isLoading,
+      error,
+      refresh
+    }),
+    [data?.visitorId, data?.riskScore, isLoading, error]
+  );
+}
+// src/utils/identifiers.ts
+function bufferToHex(buffer) {
+  const bytes = new Uint8Array(buffer);
+  let hex = "";
+  for (let i = 0; i < bytes.length; i++) {
+    hex += bytes[i].toString(16).padStart(2, "0");
+  }
+  return hex;
+}
+function fallbackHash(input) {
+  let hash = 0;
+  for (let i = 0; i < input.length; i++) {
+    hash = (hash << 5) - hash + input.charCodeAt(i);
+    hash |= 0;
+  }
+  return Math.abs(hash).toString(16);
+}
+async function hashLoginIdentifier(identifier, options) {
+  if (!identifier) {
+    throw new Error("[Keverd SDK] identifier is required for hashing");
+  }
+  const salt = options?.salt ?? "";
+  const normalized = (salt + identifier).toLowerCase();
+  const prefix = options?.prefix ?? "sha256";
+  try {
+    if (typeof window !== "undefined" && window.crypto?.subtle) {
+      const encoder = new TextEncoder();
+      const digest = await window.crypto.subtle.digest("SHA-256", encoder.encode(normalized));
+      return `${prefix}:${bufferToHex(digest)}`;
+    }
+  } catch {
+  }
+  return `${prefix}:${fallbackHash(normalized)}`;
+}
+async function buildLoginContextFromIdentifier(options) {
+  const identifierHash = await hashLoginIdentifier(options.identifier, {
+    salt: options.salt
+  });
+  return {
+    identifierHash,
+    result: options.result,
+    failureReason: options.failureReason,
+    authMethod: options.authMethod,
+    mfaUsed: options.mfaUsed,
+    attemptId: options.attemptId
+  };
+}
+// src/utils/adaptive.ts
+function handleAdaptiveResponse(response, handlers) {
+  const anyResp = response;
+  const adaptive = anyResp.adaptive_response || {};
+  const recommendedAction = anyResp.recommended_action || adaptive.recommended_action || response.action;
+  const challenges = Array.isArray(adaptive.challenges) ? adaptive.challenges : [];
+  switch (recommendedAction) {
+    case "allow":
+      handlers.onAllow?.(response);
+      break;
+    case "soft_challenge":
+      handlers.onSoftChallenge?.(response);
+      break;
+    case "hard_challenge":
+      handlers.onHardChallenge?.(response);
+      break;
+    case "block":
+      handlers.onBlock?.(response);
+      break;
+    default:
+      handlers.onUnknown?.(response);
+  }
+  if (challenges.length) {
+    handlers.onChallenges?.(response, challenges);
+  }
+}
 exports.KeverdBehavioralCollector = KeverdBehavioralCollector;
 exports.KeverdDeviceCollector = KeverdDeviceCollector;
 exports.KeverdProvider = KeverdProvider;
 exports.KeverdSDK = KeverdSDK;
+exports.buildLoginContextFromIdentifier = buildLoginContextFromIdentifier;
+exports.handleAdaptiveResponse = handleAdaptiveResponse;
+exports.hashLoginIdentifier = hashLoginIdentifier;
+exports.useKeverd = useKeverd;
 exports.useKeverdContext = useKeverdContext;
 exports.useKeverdVisitorData = useKeverdVisitorData;
 //# sourceMappingURL=index.js.map