@keverdjs/fraud-sdk 1.0.0

package/LICENSE

@@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2024 Keverd
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+

package/README.md

@@ -0,0 +1,154 @@
+# @keverdjs/fraud-sdk
+
+Vanilla JavaScript SDK for Keverd fraud detection and device fingerprinting. Works in any JavaScript environment (browser, Node.js, etc.).
+
+## Installation
+
+```bash
+npm install @keverdjs/fraud-sdk
+```
+
+## Quick Start
+
+```javascript
+import { Keverd } from '@keverdjs/fraud-sdk';
+
+// Initialize with API key
+Keverd.init('your-api-key');
+
+// Get visitor data and risk assessment
+const result = await Keverd.getVisitorData();
+
+console.log('Risk Score:', result.risk_score);
+console.log('Action:', result.action);
+console.log('Session ID:', result.session_id);
+```
+
+### With Configuration Object
+
+```javascript
+import { Keverd } from '@keverdjs/fraud-sdk';
+
+// Initialize with configuration
+Keverd.init({
+  apiKey: 'your-api-key',
+  endpoint: 'https://app.keverd.com', // Optional
+  debug: true, // Optional: enable debug logging
+});
+
+// Get visitor data
+const result = await Keverd.getVisitorData();
+```
+
+## API Reference
+
+### `Keverd.init(config)`
+
+Initialize the SDK with your API key.
+
+**Parameters:**
+- `config` (string | SDKConfig): API key string or configuration object
+
+**Example:**
+```javascript
+// Simple initialization
+Keverd.init('your-api-key');
+
+// With options
+Keverd.init({
+  apiKey: 'your-api-key',
+  endpoint: 'https://app.keverd.com',
+  userId: 'optional-user-id',
+  debug: false
+});
+```
+
+### `Keverd.getVisitorData()`
+
+Get visitor data and risk assessment. This is the main method for fraud detection.
+
+**Returns:** Promise<FingerprintResponse>
+
+**Example:**
+```javascript
+const result = await Keverd.getVisitorData();
+
+// Result structure:
+// {
+//   risk_score: 25,           // 0-100
+//   score: 0.25,              // 0.0-1.0
+//   action: 'allow',          // 'allow' | 'soft_challenge' | 'hard_challenge' | 'block'
+//   reason: ['new_user'],     // Array of risk reasons
+//   session_id: 'uuid',       // Session identifier
+//   requestId: 'uuid',        // Request identifier
+//   sim_swap_engine: {...}    // SIM swap detection results (null for web)
+// }
+```
+
+### `Keverd.createTransactionID(metadata?)`
+
+Legacy method for backward compatibility. Returns the session ID from `getVisitorData()`.
+
+**Parameters:**
+- `metadata` (TransactionMetadata, optional): Transaction metadata
+
+**Returns:** Promise<string> - Session ID
+
+**Example:**
+```javascript
+const transactionId = await Keverd.createTransactionID({
+  amount: 1000,
+  currency: 'KES',
+  recipient: '254712345678'
+});
+```
+
+### `Keverd.destroy()`
+
+Destroy the SDK instance and stop all data collection.
+
+**Example:**
+```javascript
+Keverd.destroy();
+```
+
+## Response Structure
+
+```typescript
+interface FingerprintResponse {
+  risk_score: number;        // 0-100 risk score
+  score: number;             // 0.0-1.0 normalized score
+  action: 'allow' | 'soft_challenge' | 'hard_challenge' | 'block';
+  reason: string[];          // Array of risk reasons
+  session_id: string;        // UUID session identifier
+  requestId: string;         // UUID request identifier
+  sim_swap_engine?: {        // SIM swap detection (null for web SDKs)
+    userId?: string;
+    risk: number;
+    flags: {
+      sim_changed?: boolean;
+      device_changed?: boolean;
+      behavior_anomaly?: boolean;
+      time_anomaly?: boolean;
+      velocity_anomaly?: boolean;
+    };
+    updatedProfile?: Record<string, unknown>;
+  };
+}
+```
+
+## Browser Support
+
+- Chrome (latest)
+- Firefox (latest)
+- Safari (latest)
+- Edge (latest)
+
+## License
+
+MIT
+
+## Support
+
+For issues, questions, or contributions, please visit the [GitHub repository](https://github.com/keverd/keverd-fraud-sdk-web).
+

package/dist/collectors/behavioral.d.ts

@@ -0,0 +1,71 @@
+/**
+ * Behavioral Data Collector
+ * Collects typing patterns, mouse movements, swipe gestures, and calculates session entropy
+ * Matches React SDK implementation for consistency
+ */
+import { BehavioralData } from '../types';
+export declare class BehavioralCollector {
+    private keystrokes;
+    private mouseMovements;
+    private lastKeyDownTime;
+    private lastKeyUpTime;
+    private isActive;
+    private sessionStartTime;
+    private typingDwellTimes;
+    private typingFlightTimes;
+    private swipeVelocities;
+    private sessionEvents;
+    private touchStartPositions;
+    private keyDownHandler;
+    private keyUpHandler;
+    private mouseMoveHandler;
+    private touchStartHandler;
+    private touchEndHandler;
+    /**
+     * Start collecting behavioral data
+     * Uses passive listeners for efficiency (non-blocking)
+     */
+    start(): void;
+    /**
+     * Stop collecting behavioral data
+     */
+    stop(): void;
+    /**
+     * Get collected behavioral data
+     * Returns data in format expected by backend
+     */
+    getData(): BehavioralData;
+    /**
+     * Reset collected data
+     */
+    reset(): void;
+    /**
+     * Handle keydown event
+     */
+    private handleKeyDown;
+    /**
+     * Handle keyup event
+     */
+    private handleKeyUp;
+    /**
+     * Handle mouse move event
+     */
+    private handleMouseMove;
+    /**
+     * Handle touch start (for swipe detection)
+     */
+    private handleTouchStart;
+    /**
+     * Handle touch end (calculate swipe velocity)
+     */
+    private handleTouchEnd;
+    /**
+     * Calculate session entropy based on event diversity
+     * Uses Shannon entropy formula as expected by backend
+     */
+    private calculateSessionEntropy;
+    /**
+     * Check if key should be ignored
+     */
+    private shouldIgnoreKey;
+}

package/dist/collectors/device.d.ts

@@ -0,0 +1,76 @@
+/**
+ * Device Fingerprint Collector
+ * Collects device information and generates SHA-256 fingerprint
+ * Matches React SDK implementation for consistency
+ */
+import { DeviceInfo } from '../types';
+export declare class DeviceCollector {
+    private cachedDeviceInfo;
+    /**
+     * Collect all device information and generate fingerprint
+     */
+    collect(): DeviceInfo;
+    /**
+     * Generate a stable device fingerprint using multiple browser characteristics
+     * Returns SHA-256 hash (64 hex characters) as required by backend
+     */
+    private generateDeviceFingerprint;
+    /**
+     * Generate canvas fingerprint
+     */
+    private getCanvasFingerprint;
+    /**
+     * Generate WebGL fingerprint
+     */
+    private getWebGLFingerprint;
+    /**
+     * Generate a stable device ID from fingerprint
+     */
+    private generateDeviceId;
+    /**
+     * Get manufacturer from user agent
+     */
+    private getManufacturer;
+    /**
+     * Get model from user agent
+     */
+    private getModel;
+    /**
+     * Get brand from user agent
+     */
+    private getBrand;
+    /**
+     * Get device type
+     */
+    private getDevice;
+    /**
+     * Get product name
+     */
+    private getProduct;
+    /**
+     * Get hardware info
+     */
+    private getHardware;
+    /**
+     * Get OS version
+     */
+    private getOSVersion;
+    /**
+     * Get screen density
+     */
+    private getScreenDensity;
+    /**
+     * Hash a string using SHA-256-like algorithm (64 hex characters)
+     * Backend expects SHA-256 format (64 hex chars)
+     */
+    private hashString;
+    /**
+     * SHA-256-like hash function (synchronous, deterministic)
+     * Produces 64-character hex string matching SHA-256 format
+     */
+    private sha256LikeHash;
+    /**
+     * Clear cached device info (useful for testing)
+     */
+    clearCache(): void;
+}

package/dist/core/sdk.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Keverd Fraud SDK Core (Vanilla JS)
+ * Main SDK class for fingerprinting and risk assessment
+ * Matches backend FingerprintSDKRequest format exactly
+ */
+import { SDKConfig, FingerprintResponse, TransactionMetadata } from '../types';
+export declare class KeverdSDK {
+    private config;
+    private deviceCollector;
+    private behavioralCollector;
+    private isInitialized;
+    private sessionId;
+    constructor();
+    /**
+     * Initialize the SDK with configuration
+     */
+    init(config: SDKConfig | string): void;
+    /**
+     * Get visitor data (fingerprint and risk assessment)
+     * This is the main method for getting risk scores
+     */
+    getVisitorData(): Promise<FingerprintResponse>;
+    /**
+     * Create transaction ID with risk assessment (legacy method)
+     * For new implementations, use getVisitorData() instead
+     */
+    createTransactionID(metadata?: TransactionMetadata): Promise<string>;
+    /**
+     * Send fingerprint request to backend
+     */
+    private sendFingerprintRequest;
+    /**
+     * Generate a unique session ID
+     */
+    private generateSessionId;
+    /**
+     * Destroy the SDK instance
+     */
+    destroy(): void;
+}
+export declare const Keverd: KeverdSDK;

package/dist/fintechrisk.js

@@ -0,0 +1 @@
+!function(t,e){"object"==typeof exports&&"object"==typeof module?module.exports=e():"function"==typeof define&&define.amd?define([],e):"object"==typeof exports?exports.FintechRisk=e():t.FintechRisk=e()}(this,()=>(()=>{"use strict";var t={d:(e,i)=>{for(var s in i)t.o(i,s)&&!t.o(e,s)&&Object.defineProperty(e,s,{enumerable:!0,get:i[s]})},o:(t,e)=>Object.prototype.hasOwnProperty.call(t,e),r:t=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"t",{value:!0})}},e={};t.r(e),t.d(e,{BehavioralCollector:()=>s,DeviceCollector:()=>i,Keverd:()=>r,KeverdSDK:()=>n});class i{constructor(){this.cachedDeviceInfo=null}collect(){if(this.cachedDeviceInfo)return this.cachedDeviceInfo;const t=this.generateDeviceFingerprint(),e=this.generateDeviceId(t);return this.cachedDeviceInfo={deviceId:e,fingerprint:t,manufacturer:this.getManufacturer(),model:this.getModel(),brand:this.getBrand(),device:this.getDevice(),product:this.getProduct(),hardware:this.getHardware(),sdkVersion:"1.0.0",osVersion:this.getOSVersion(),screenWidth:String(screen.width),screenHeight:String(screen.height),screenDensity:this.getScreenDensity(),locale:navigator.language||navigator.languages?.[0]||"en",timezone:Intl.DateTimeFormat().resolvedOptions().timeZone},this.cachedDeviceInfo}generateDeviceFingerprint(){const t=[],e=this.getCanvasFingerprint();e&&t.push(e);const i=this.getWebGLFingerprint();if(i&&t.push(i),t.push(navigator.userAgent),t.push(navigator.language||navigator.languages?.[0]||""),t.push(`${screen.width}x${screen.height}x${screen.colorDepth}`),t.push(String((new Date).getTimezoneOffset())),t.push(navigator.platform),t.push(String(navigator.hardwareConcurrency||0)),"deviceMemory"in navigator&&t.push(String(navigator.deviceMemory)),"maxTouchPoints"in navigator&&t.push(String(navigator.maxTouchPoints)),navigator.plugins&&navigator.plugins.length>0){const e=Array.from(navigator.plugins).slice(0,3).map(t=>t.name).join(",");t.push(e)}const s=t.join("|");return this.hashString(s)}getCanvasFingerprint(){try{const t=document.createElement("canvas"),e=t.getContext("2d");return e?(t.width=200,t.height=50,e.textBaseline="top",e.font="14px Arial",e.fillStyle="#f60",e.fillRect(125,1,62,20),e.fillStyle="#069",e.fillText("KeverdFingerprint",2,15),e.fillStyle="rgba(102, 204, 0, 0.7)",e.fillText("KeverdFingerprint",4,17),this.hashString(t.toDataURL())):""}catch(t){return""}}getWebGLFingerprint(){try{const t=document.createElement("canvas"),e=t.getContext("webgl")||t.getContext("experimental-webgl");if(!e)return"";const i=e.getExtension("WEBGL_debug_renderer_info");if(i){const t=e.getParameter(i.UNMASKED_VENDOR_WEBGL),s=e.getParameter(i.UNMASKED_RENDERER_WEBGL);return this.hashString(`${t}|${s}`)}const s=e.getParameter(e.VERSION),n=e.getParameter(e.VENDOR);return this.hashString(`${s}|${n}`)}catch(t){return""}}generateDeviceId(t){return t.substring(0,32)}getManufacturer(){const t=navigator.userAgent.toLowerCase();if(t.includes("iphone")||t.includes("ipad"))return"Apple";if(t.includes("android")){const e=t.match(/(?:^|\s)([a-z]+)(?:\s|$)/);return e?e[1].charAt(0).toUpperCase()+e[1].slice(1):void 0}}getModel(){const t=navigator.userAgent.match(/(iPhone|iPad|Android)[\s\/]+([\w]+)/i);return t?t[2]:void 0}getBrand(){return this.getManufacturer()}getDevice(){const t=navigator.userAgent.toLowerCase();return t.includes("mobile")?"mobile":t.includes("tablet")?"tablet":"desktop"}getProduct(){const t=navigator.userAgent.match(/(iPhone|iPad|Android|Windows|Mac|Linux)/i);return t?t[1]:void 0}getHardware(){const t=navigator.userAgent.match(/\(([^)]+)\)/);return t?t[1]:void 0}getOSVersion(){const t=navigator.userAgent,e=[/OS\s+([\d_]+)/i,/Android\s+([\d.]+)/i,/Windows\s+([\d.]+)/i,/Mac\s+OS\s+X\s+([\d_]+)/i,/Linux/i];for(const i of e){const e=t.match(i);if(e)return e[1]?.replace(/_/g,".")||e[0]}}getScreenDensity(){if(window.devicePixelRatio)return String(window.devicePixelRatio)}hashString(t){return this.sha256LikeHash(t)}sha256LikeHash(t){const e=[];let i=5381;for(let e=0;e<t.length;e++)i=(i<<5)+i+t.charCodeAt(e),i&=4294967295;e.push(i);let s=0;for(let e=t.length-1;e>=0;e--)s=(s<<7)-s+t.charCodeAt(e),s&=4294967295;e.push(s);let n=0;for(let e=0;e<t.length;e++)n^=t.charCodeAt(e)<<e%4*8,n&=4294967295;e.push(n);let r=0;for(let e=0;e<t.length;e++)r=31*r+t.charCodeAt(e)&4294967295;e.push(r);let o=0;for(let e=0;e<t.length;e++){o=o+(4294967295&(t.charCodeAt(e)<<e%16|t.charCodeAt(e)>>>32-e%16))&4294967295}e.push(o);let h=2166136261;for(let e=0;e<t.length;e++)h=16777619*(h^t.charCodeAt(e)),h&=4294967295;e.push(h);let a=0;for(let e=0;e<t.length;e++)a=a+t.charCodeAt(e)*(e+1)&4294967295;e.push(a);let c=0;for(let e=0;e<t.length;e+=2){c=(c<<3)-c+(t.charCodeAt(e)+256*(t.charCodeAt(e+1)||0)),c&=4294967295}e.push(c);return e.map(t=>Math.abs(t).toString(16).padStart(8,"0")).join("").substring(0,64).padEnd(64,"0")}clearCache(){this.cachedDeviceInfo=null}}class s{constructor(){this.keystrokes=[],this.mouseMovements=[],this.lastKeyDownTime=new Map,this.lastKeyUpTime=null,this.isActive=!1,this.sessionStartTime=Date.now(),this.typingDwellTimes=[],this.typingFlightTimes=[],this.swipeVelocities=[],this.sessionEvents=[],this.touchStartPositions=new Map,this.keyDownHandler=t=>this.handleKeyDown(t),this.keyUpHandler=t=>this.handleKeyUp(t),this.mouseMoveHandler=t=>this.handleMouseMove(t),this.touchStartHandler=t=>this.handleTouchStart(t),this.touchEndHandler=t=>this.handleTouchEnd(t)}start(){this.isActive||("undefined"!=typeof document&&(document.addEventListener("keydown",this.keyDownHandler,{passive:!0}),document.addEventListener("keyup",this.keyUpHandler,{passive:!0}),document.addEventListener("mousemove",this.mouseMoveHandler,{passive:!0}),document.addEventListener("touchstart",this.touchStartHandler,{passive:!0}),document.addEventListener("touchend",this.touchEndHandler,{passive:!0})),this.isActive=!0,this.sessionStartTime=Date.now())}stop(){this.isActive&&("undefined"!=typeof document&&(document.removeEventListener("keydown",this.keyDownHandler),document.removeEventListener("keyup",this.keyUpHandler),document.removeEventListener("mousemove",this.mouseMoveHandler),document.removeEventListener("touchstart",this.touchStartHandler),document.removeEventListener("touchend",this.touchEndHandler)),this.isActive=!1)}getData(){const t=this.typingDwellTimes.slice(-20),e=this.typingFlightTimes.slice(-20),i=this.swipeVelocities.length>0?this.swipeVelocities.reduce((t,e)=>t+e,0)/this.swipeVelocities.length:0,s=this.calculateSessionEntropy();return{typing_dwell_ms:t.length>0?t:[],typing_flight_ms:e.length>0?e:[],swipe_velocity:i>0?i:0,session_entropy:s>=0?s:0}}reset(){this.keystrokes=[],this.mouseMovements=[],this.lastKeyDownTime.clear(),this.lastKeyUpTime=null,this.typingDwellTimes=[],this.typingFlightTimes=[],this.swipeVelocities=[],this.sessionEvents=[],this.touchStartPositions.clear(),this.sessionStartTime=Date.now()}handleKeyDown(t){if(this.shouldIgnoreKey(t))return;const e=performance.now();this.lastKeyDownTime.set(t.key,e);const i={key:t.key,timestamp:e,type:"keydown"};this.keystrokes.push(i),this.sessionEvents.push({type:"keydown",timestamp:e})}handleKeyUp(t){if(this.shouldIgnoreKey(t))return;const e=performance.now(),i=this.lastKeyDownTime.get(t.key);if(void 0!==i){const s=e-i;this.typingDwellTimes.push(s),this.lastKeyDownTime.delete(t.key)}if(null!==this.lastKeyUpTime){const t=e-this.lastKeyUpTime;this.typingFlightTimes.push(t)}this.lastKeyUpTime=e;const s={key:t.key,timestamp:e,type:"keyup"};this.keystrokes.push(s),this.sessionEvents.push({type:"keyup",timestamp:e})}handleMouseMove(t){const e={x:t.clientX,y:t.clientY,timestamp:performance.now(),type:"move"};if(this.mouseMovements.length>0){const t=this.mouseMovements[this.mouseMovements.length-1],i=e.timestamp-t.timestamp;if(i>0){const s=Math.sqrt(Math.pow(e.x-t.x,2)+Math.pow(e.y-t.y,2));e.velocity=s/i}}this.mouseMovements.push(e),this.sessionEvents.push({type:"mousemove",timestamp:e.timestamp})}handleTouchStart(t){const e=performance.now();for(let i=0;i<t.touches.length;i++){const s=t.touches[i];this.touchStartPositions.set(s.identifier,{x:s.clientX,y:s.clientY,timestamp:e})}this.sessionEvents.push({type:"touchstart",timestamp:e})}handleTouchEnd(t){const e=performance.now();for(let i=0;i<t.changedTouches.length;i++){const s=t.changedTouches[i],n=this.touchStartPositions.get(s.identifier);if(n){const t=e-n.timestamp;if(t>0&&t<1e3){const e=Math.sqrt(Math.pow(s.clientX-n.x,2)+Math.pow(s.clientY-n.y,2));if(e>10){const i=e/t;this.swipeVelocities.push(i)}}this.touchStartPositions.delete(s.identifier)}}this.sessionEvents.push({type:"touchend",timestamp:e})}calculateSessionEntropy(){if(0===this.sessionEvents.length)return 0;const t={};for(const e of this.sessionEvents)t[e.type]=(t[e.type]||0)+1;const e=this.sessionEvents.length;let i=0;for(const s of Object.values(t)){const t=s/e;t>0&&(i-=t*Math.log2(t))}return i}shouldIgnoreKey(t){return["Shift","Control","Alt","Meta","CapsLock","Tab","Escape","Enter","ArrowLeft","ArrowRight","ArrowUp","ArrowDown","Home","End","PageUp","PageDown","F1","F2","F3","F4","F5","F6","F7","F8","F9","F10","F11","F12"].includes(t.key)}}class n{constructor(){this.config=null,this.isInitialized=!1,this.sessionId=null,this.deviceCollector=new i,this.behavioralCollector=new s}init(t){this.isInitialized?this.config:(this.config="string"==typeof t?{apiKey:t,endpoint:"https://app.keverd.com",debug:!1}:{endpoint:"https://app.keverd.com",debug:!1,...t},this.behavioralCollector.start(),this.sessionId=this.generateSessionId(),this.isInitialized=!0,this.config.debug)}async getVisitorData(){if(!this.isInitialized||!this.config)throw new Error("Keverd SDK not initialized. Call init() first.");try{const t=this.deviceCollector.collect(),e=this.behavioralCollector.getData(),i={sessionId:this.sessionId||void 0,timestamp:(new Date).toISOString()},s={userId:this.config.userId,device:t,session:i,behavioral:e};return await this.sendFingerprintRequest(s)}catch(t){const e=t instanceof Error?t.message:"Unknown error";throw this.config.debug,new Error(`Failed to get visitor data: ${e}`)}}async createTransactionID(t){return(await this.getVisitorData()).session_id}async sendFingerprintRequest(t){if(!this.config)throw new Error("SDK not initialized");const e=`${this.config.endpoint||"https://app.keverd.com"}/fingerprint/score`,i={"Content-Type":"application/json","X-SDK-Source":"javascript"},s=this.config.apiKey;s&&(i["x-keverd-key"]=s,i["X-API-KEY"]=s,i.Authorization=`Bearer ${s}`);const n=await fetch(e,{method:"POST",headers:i,body:JSON.stringify(t)});if(!n.ok){const t=await n.text().catch(()=>"Unknown error");throw new Error(`HTTP ${n.status}: ${t}`)}return await n.json()}generateSessionId(){return`${Date.now()}_${Math.random().toString(36).substr(2,9)}`}destroy(){this.behavioralCollector.stop(),this.isInitialized=!1,this.config,this.config=null,this.sessionId=null}}const r=new n;return e})());

package/dist/index.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Keverd Fraud SDK (Vanilla JS)
+ * Main entry point
+ */
+export { KeverdSDK, Keverd } from './core/sdk';
+export { DeviceCollector } from './collectors/device';
+export { BehavioralCollector } from './collectors/behavioral';
+export type { SDKConfig, DeviceInfo, SessionInfo, BehavioralData, FingerprintRequest, FingerprintResponse, TransactionMetadata, } from './types';

package/dist/types.d.ts

@@ -0,0 +1,73 @@
+/**
+ * Type definitions for Keverd Fraud SDK (Vanilla JS)
+ * Matches backend FingerprintSDKRequest schema exactly
+ */
+export interface DeviceInfo {
+    deviceId: string;
+    fingerprint: string;
+    manufacturer?: string;
+    model?: string;
+    brand?: string;
+    device?: string;
+    product?: string;
+    hardware?: string;
+    sdkVersion?: string;
+    osVersion?: string;
+    screenWidth?: string;
+    screenHeight?: string;
+    screenDensity?: string;
+    locale?: string;
+    timezone: string;
+}
+export interface SessionInfo {
+    sessionId?: string;
+    installId?: string;
+    sessionCount?: string;
+    firstSession?: string;
+    timestamp?: string;
+}
+export interface BehavioralData {
+    typing_dwell_ms?: number[];
+    typing_flight_ms?: number[];
+    swipe_velocity?: number;
+    session_entropy?: number;
+}
+export interface FingerprintRequest {
+    userId?: string;
+    device: DeviceInfo;
+    session?: SessionInfo;
+    behavioral?: BehavioralData;
+}
+export interface FingerprintResponse {
+    risk_score: number;
+    score: number;
+    action: 'allow' | 'soft_challenge' | 'hard_challenge' | 'block';
+    reason: string[];
+    session_id: string;
+    requestId: string;
+    sim_swap_engine?: {
+        userId?: string;
+        risk: number;
+        flags: {
+            sim_changed?: boolean;
+            device_changed?: boolean;
+            behavior_anomaly?: boolean;
+            time_anomaly?: boolean;
+            velocity_anomaly?: boolean;
+        };
+        updatedProfile?: Record<string, unknown>;
+    };
+}
+export interface SDKConfig {
+    apiKey: string;
+    endpoint?: string;
+    userId?: string;
+    debug?: boolean;
+}
+export interface TransactionMetadata {
+    amount?: number;
+    currency?: string;
+    recipient?: string;
+    transactionType?: string;
+    customData?: Record<string, unknown>;
+}

package/package.json

@@ -0,0 +1,54 @@
+{
+  "name": "@keverdjs/fraud-sdk",
+  "version": "1.0.0",
+  "description": "Vanilla JavaScript SDK for Keverd fraud detection and device fingerprinting",
+  "main": "dist/fintechrisk.js",
+  "types": "dist/index.d.ts",
+  "module": "dist/fintechrisk.esm.js",
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "webpack --mode=production",
+    "dev": "webpack --mode=development --watch",
+    "lint": "eslint src/**/*.ts",
+    "typecheck": "tsc --noEmit",
+    "test": "jest",
+    "clean": "rm -rf dist",
+    "prepublishOnly": "npm run clean && npm run build"
+  },
+  "keywords": [
+    "keverd",
+    "fraud-detection",
+    "device-fingerprinting",
+    "behavioral-biometrics",
+    "vanilla-js",
+    "javascript",
+    "risk-assessment"
+  ],
+  "author": "Keverd",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/keverd/keverd-fraud-sdk-web.git",
+    "directory": "packages/@keverd/fraud-sdk"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "devDependencies": {
+    "@typescript-eslint/eslint-plugin": "^6.0.0",
+    "@typescript-eslint/parser": "^6.0.0",
+    "eslint": "^8.45.0",
+    "jest": "^29.6.0",
+    "ts-jest": "^29.1.0",
+    "typescript": "^5.1.6",
+    "webpack": "^5.88.0",
+    "webpack-cli": "^5.1.0",
+    "terser-webpack-plugin": "^5.3.9",
+    "ts-loader": "^9.4.0"
+  }
+}
+