@mack1ch/fingerprint-js 0.1.3 → 0.1.4

package/dist/index.cjs

@@ -946,6 +946,20 @@ var VOLATILE_DEVICE_KEYS = /* @__PURE__ */ new Set([
   "screenLeft",
   "screenTop"
 ]);
+var HARDWARE_DEVICE_KEYS = /* @__PURE__ */ new Set([
+  "hardwareConcurrency",
+  "deviceMemory",
+  "platform",
+  "unmaskedVendor",
+  "unmaskedRenderer",
+  "width",
+  "height",
+  "colorDepth",
+  "pixelDepth",
+  "timeZone",
+  "sampleRate",
+  "maxTouchPoints"
+]);
 function getSignalStability(key) {
   if (STABLE_DEVICE_KEYS.has(key)) {
     return "stable";
@@ -1004,6 +1018,16 @@ function toCoreCanonicalPayload(components) {
     return false;
   }).map((component) => `${component.key}=${component.value}`).join("|");
 }
+function toHardwareCanonicalPayload(components) {
+  return components.filter((component) => {
+    if (component.kind === "required" && component.key === "required.merchantId") return true;
+    if (component.kind === "device") {
+      const key = component.key.replace(/^device\./, "");
+      return HARDWARE_DEVICE_KEYS.has(key);
+    }
+    return false;
+  }).map((component) => `${component.key}=${component.value}`).join("|");
+}
 function computeConfidenceScore(components, timedOutCollectors, failedCollectorsCount) {
   const weightedTotal = components.reduce((total, component) => total + component.weight, 0);
   if (weightedTotal === 0) {
@@ -1053,10 +1077,12 @@ async function getFingerprint(options) {
     deviceSignals: gathered.deviceSignals
   });
   const corePayload = toCoreCanonicalPayload(components);
+  const hardwarePayload = toHardwareCanonicalPayload(components);
   const fullPayload = toCanonicalPayload(components);
   const digestAlgorithm = ((_a = options.hash) == null ? void 0 : _a.algorithm) ?? "SHA-256";
-  const [coreHash, fullHash] = await Promise.all([
+  const [coreHash, hardwareCoreHash, fullHash] = await Promise.all([
     createDigest(corePayload, digestAlgorithm),
+    createDigest(hardwarePayload, digestAlgorithm),
     createDigest(fullPayload, digestAlgorithm)
   ]);
   const completedAtMs = Date.now();
@@ -1064,6 +1090,7 @@ async function getFingerprint(options) {
   const maskedRaw = applyPrivacy(gathered.rawItems, ((_c = options.privacy) == null ? void 0 : _c.maskSensitive) ?? false);
   return {
     coreHash,
+    hardwareCoreHash,
     fullHash,
     hash: fullHash,
     hashVersion: "fp_v1",
@@ -1104,10 +1131,12 @@ async function getFingerprintQuick(options) {
     deviceSignals: gathered.deviceSignals
   });
   const corePayload = toCoreCanonicalPayload(components);
+  const hardwarePayload = toHardwareCanonicalPayload(components);
   const fullPayload = toCanonicalPayload(components);
   const digestAlgorithm = ((_a = options.hash) == null ? void 0 : _a.algorithm) ?? "SHA-256";
-  const [coreHash, fullHash] = await Promise.all([
+  const [coreHash, hardwareCoreHash, fullHash] = await Promise.all([
     createDigest(corePayload, digestAlgorithm),
+    createDigest(hardwarePayload, digestAlgorithm),
     createDigest(fullPayload, digestAlgorithm)
   ]);
   const completedAtMs = Date.now();
@@ -1115,6 +1144,7 @@ async function getFingerprintQuick(options) {
   const maskedRaw = applyPrivacy(gathered.rawItems, ((_c = options.privacy) == null ? void 0 : _c.maskSensitive) ?? false);
   return {
     coreHash,
+    hardwareCoreHash,
     fullHash,
     hash: fullHash,
     hashVersion: "fp_v1",
@@ -1200,8 +1230,9 @@ function compareFingerprints(current, reference) {
     if (refComponent.stability === "volatile") changedVolatileKeys.push(refComponent.key);
   }
   const similarityScore = totalReferenceWeight === 0 ? 0 : round3(matchedWeight / totalReferenceWeight);
+  const crossBrowserSimilarityScore = current.hardwareCoreHash === reference.hardwareCoreHash ? Math.max(similarityScore, 0.9) : similarityScore;
   const reasons = [];
-  let risk = 1 - similarityScore;
+  let risk = 1 - crossBrowserSimilarityScore;
   if (changedStableKeys.length >= 3) {
     risk += 0.2;
     reasons.push("Multiple stable identifiers changed");
@@ -1244,13 +1275,15 @@ function compareFingerprints(current, reference) {
   const riskScore = round3(risk);
   let verdict = "different_device";
   if (similarityScore >= 0.85 && riskScore < 0.35) verdict = "same_device";
+  else if (crossBrowserSimilarityScore >= 0.82 && riskScore < 0.45) verdict = "likely_same_cross_browser";
   else if (similarityScore >= 0.7 && riskScore < 0.55) verdict = "likely_same";
-  else if (similarityScore >= 0.45) verdict = "suspicious";
+  else if (crossBrowserSimilarityScore >= 0.45) verdict = "suspicious";
   if (!reasons.length) {
     reasons.push("No meaningful drift between profiles");
   }
   return {
     similarityScore,
+    crossBrowserSimilarityScore,
     riskScore,
     verdict,
     matchedWeight,
@@ -1398,7 +1431,10 @@ function assessPaymentRisk(input) {
   var _a, _b, _c, _d;
   const reasons = [...input.comparison.reasons];
   let score = input.comparison.riskScore;
-  const similarityScore = input.comparison.similarityScore;
+  const effectiveSimilarity = Math.max(
+    input.comparison.similarityScore,
+    input.comparison.crossBrowserSimilarityScore
+  );
   if (input.history) {
     if (input.history.aggregateRiskScore > 0.6) {
       score += 0.1;
@@ -1428,14 +1464,14 @@ function assessPaymentRisk(input) {
   }
   const finalScore = Math.max(0, Math.min(1, Number(score.toFixed(3))));
   let decision = "manual_review";
-  if (finalScore < 0.35 && similarityScore >= 0.82) decision = "allow";
-  else if (finalScore < 0.55 && similarityScore >= 0.65) decision = "challenge";
-  else if (finalScore >= 0.8 || similarityScore < 0.35) decision = "deny";
+  if (finalScore < 0.35 && effectiveSimilarity >= 0.82) decision = "allow";
+  else if (finalScore < 0.55 && effectiveSimilarity >= 0.65) decision = "challenge";
+  else if (finalScore >= 0.8 || effectiveSimilarity < 0.35) decision = "deny";
   const output = {
     decision,
     score: finalScore,
     reasons: Array.from(new Set(reasons)),
-    similarityScore,
+    similarityScore: effectiveSimilarity,
     riskScore: input.comparison.riskScore
   };
   fetch("http://127.0.0.1:7417/ingest/67545057-d930-4022-a3c5-818008410ad2", { method: "POST", headers: { "Content-Type": "application/json", "X-Debug-Session-Id": "ce1cd9" }, body: JSON.stringify({ sessionId: "ce1cd9", runId: "payment-risk", hypothesisId: "H4", location: "src/fingerprint/payment.ts:assessPaymentRisk", message: "payment risk assessed", data: { decision: output.decision, score: output.score, similarity: output.similarityScore, risk: output.riskScore, reasonsCount: output.reasons.length }, timestamp: Date.now() }) }).catch(() => {

package/dist/index.d.cts

@@ -59,6 +59,7 @@ type FingerprintMeta = {
 };
 type FingerprintResult = {
     coreHash: string;
+    hardwareCoreHash: string;
     fullHash: string;
     hash: string;
     hashVersion: 'fp_v1';
@@ -71,8 +72,9 @@ type FingerprintResult = {
 };
 type FingerprintComparison = {
     similarityScore: number;
+    crossBrowserSimilarityScore: number;
     riskScore: number;
-    verdict: 'same_device' | 'likely_same' | 'suspicious' | 'different_device';
+    verdict: 'same_device' | 'likely_same' | 'likely_same_cross_browser' | 'suspicious' | 'different_device';
     matchedWeight: number;
     totalReferenceWeight: number;
     reasons: string[];

package/dist/index.d.ts

@@ -59,6 +59,7 @@ type FingerprintMeta = {
 };
 type FingerprintResult = {
     coreHash: string;
+    hardwareCoreHash: string;
     fullHash: string;
     hash: string;
     hashVersion: 'fp_v1';
@@ -71,8 +72,9 @@ type FingerprintResult = {
 };
 type FingerprintComparison = {
     similarityScore: number;
+    crossBrowserSimilarityScore: number;
     riskScore: number;
-    verdict: 'same_device' | 'likely_same' | 'suspicious' | 'different_device';
+    verdict: 'same_device' | 'likely_same' | 'likely_same_cross_browser' | 'suspicious' | 'different_device';
     matchedWeight: number;
     totalReferenceWeight: number;
     reasons: string[];

package/dist/index.js

@@ -913,6 +913,20 @@ var VOLATILE_DEVICE_KEYS = /* @__PURE__ */ new Set([
   "screenLeft",
   "screenTop"
 ]);
+var HARDWARE_DEVICE_KEYS = /* @__PURE__ */ new Set([
+  "hardwareConcurrency",
+  "deviceMemory",
+  "platform",
+  "unmaskedVendor",
+  "unmaskedRenderer",
+  "width",
+  "height",
+  "colorDepth",
+  "pixelDepth",
+  "timeZone",
+  "sampleRate",
+  "maxTouchPoints"
+]);
 function getSignalStability(key) {
   if (STABLE_DEVICE_KEYS.has(key)) {
     return "stable";
@@ -971,6 +985,16 @@ function toCoreCanonicalPayload(components) {
     return false;
   }).map((component) => `${component.key}=${component.value}`).join("|");
 }
+function toHardwareCanonicalPayload(components) {
+  return components.filter((component) => {
+    if (component.kind === "required" && component.key === "required.merchantId") return true;
+    if (component.kind === "device") {
+      const key = component.key.replace(/^device\./, "");
+      return HARDWARE_DEVICE_KEYS.has(key);
+    }
+    return false;
+  }).map((component) => `${component.key}=${component.value}`).join("|");
+}
 function computeConfidenceScore(components, timedOutCollectors, failedCollectorsCount) {
   const weightedTotal = components.reduce((total, component) => total + component.weight, 0);
   if (weightedTotal === 0) {
@@ -1020,10 +1044,12 @@ async function getFingerprint(options) {
     deviceSignals: gathered.deviceSignals
   });
   const corePayload = toCoreCanonicalPayload(components);
+  const hardwarePayload = toHardwareCanonicalPayload(components);
   const fullPayload = toCanonicalPayload(components);
   const digestAlgorithm = ((_a = options.hash) == null ? void 0 : _a.algorithm) ?? "SHA-256";
-  const [coreHash, fullHash] = await Promise.all([
+  const [coreHash, hardwareCoreHash, fullHash] = await Promise.all([
     createDigest(corePayload, digestAlgorithm),
+    createDigest(hardwarePayload, digestAlgorithm),
     createDigest(fullPayload, digestAlgorithm)
   ]);
   const completedAtMs = Date.now();
@@ -1031,6 +1057,7 @@ async function getFingerprint(options) {
   const maskedRaw = applyPrivacy(gathered.rawItems, ((_c = options.privacy) == null ? void 0 : _c.maskSensitive) ?? false);
   return {
     coreHash,
+    hardwareCoreHash,
     fullHash,
     hash: fullHash,
     hashVersion: "fp_v1",
@@ -1071,10 +1098,12 @@ async function getFingerprintQuick(options) {
     deviceSignals: gathered.deviceSignals
   });
   const corePayload = toCoreCanonicalPayload(components);
+  const hardwarePayload = toHardwareCanonicalPayload(components);
   const fullPayload = toCanonicalPayload(components);
   const digestAlgorithm = ((_a = options.hash) == null ? void 0 : _a.algorithm) ?? "SHA-256";
-  const [coreHash, fullHash] = await Promise.all([
+  const [coreHash, hardwareCoreHash, fullHash] = await Promise.all([
     createDigest(corePayload, digestAlgorithm),
+    createDigest(hardwarePayload, digestAlgorithm),
     createDigest(fullPayload, digestAlgorithm)
   ]);
   const completedAtMs = Date.now();
@@ -1082,6 +1111,7 @@ async function getFingerprintQuick(options) {
   const maskedRaw = applyPrivacy(gathered.rawItems, ((_c = options.privacy) == null ? void 0 : _c.maskSensitive) ?? false);
   return {
     coreHash,
+    hardwareCoreHash,
     fullHash,
     hash: fullHash,
     hashVersion: "fp_v1",
@@ -1167,8 +1197,9 @@ function compareFingerprints(current, reference) {
     if (refComponent.stability === "volatile") changedVolatileKeys.push(refComponent.key);
   }
   const similarityScore = totalReferenceWeight === 0 ? 0 : round3(matchedWeight / totalReferenceWeight);
+  const crossBrowserSimilarityScore = current.hardwareCoreHash === reference.hardwareCoreHash ? Math.max(similarityScore, 0.9) : similarityScore;
   const reasons = [];
-  let risk = 1 - similarityScore;
+  let risk = 1 - crossBrowserSimilarityScore;
   if (changedStableKeys.length >= 3) {
     risk += 0.2;
     reasons.push("Multiple stable identifiers changed");
@@ -1211,13 +1242,15 @@ function compareFingerprints(current, reference) {
   const riskScore = round3(risk);
   let verdict = "different_device";
   if (similarityScore >= 0.85 && riskScore < 0.35) verdict = "same_device";
+  else if (crossBrowserSimilarityScore >= 0.82 && riskScore < 0.45) verdict = "likely_same_cross_browser";
   else if (similarityScore >= 0.7 && riskScore < 0.55) verdict = "likely_same";
-  else if (similarityScore >= 0.45) verdict = "suspicious";
+  else if (crossBrowserSimilarityScore >= 0.45) verdict = "suspicious";
   if (!reasons.length) {
     reasons.push("No meaningful drift between profiles");
   }
   return {
     similarityScore,
+    crossBrowserSimilarityScore,
     riskScore,
     verdict,
     matchedWeight,
@@ -1365,7 +1398,10 @@ function assessPaymentRisk(input) {
   var _a, _b, _c, _d;
   const reasons = [...input.comparison.reasons];
   let score = input.comparison.riskScore;
-  const similarityScore = input.comparison.similarityScore;
+  const effectiveSimilarity = Math.max(
+    input.comparison.similarityScore,
+    input.comparison.crossBrowserSimilarityScore
+  );
   if (input.history) {
     if (input.history.aggregateRiskScore > 0.6) {
       score += 0.1;
@@ -1395,14 +1431,14 @@ function assessPaymentRisk(input) {
   }
   const finalScore = Math.max(0, Math.min(1, Number(score.toFixed(3))));
   let decision = "manual_review";
-  if (finalScore < 0.35 && similarityScore >= 0.82) decision = "allow";
-  else if (finalScore < 0.55 && similarityScore >= 0.65) decision = "challenge";
-  else if (finalScore >= 0.8 || similarityScore < 0.35) decision = "deny";
+  if (finalScore < 0.35 && effectiveSimilarity >= 0.82) decision = "allow";
+  else if (finalScore < 0.55 && effectiveSimilarity >= 0.65) decision = "challenge";
+  else if (finalScore >= 0.8 || effectiveSimilarity < 0.35) decision = "deny";
   const output = {
     decision,
     score: finalScore,
     reasons: Array.from(new Set(reasons)),
-    similarityScore,
+    similarityScore: effectiveSimilarity,
     riskScore: input.comparison.riskScore
   };
   fetch("http://127.0.0.1:7417/ingest/67545057-d930-4022-a3c5-818008410ad2", { method: "POST", headers: { "Content-Type": "application/json", "X-Debug-Session-Id": "ce1cd9" }, body: JSON.stringify({ sessionId: "ce1cd9", runId: "payment-risk", hypothesisId: "H4", location: "src/fingerprint/payment.ts:assessPaymentRisk", message: "payment risk assessed", data: { decision: output.decision, score: output.score, similarity: output.similarityScore, risk: output.riskScore, reasonsCount: output.reasons.length }, timestamp: Date.now() }) }).catch(() => {

package/package.json

@@ -2,7 +2,7 @@
 
   "name": "@mack1ch/fingerprint-js",
 
-  "version": "0.1.3",
+  "version": "0.1.4",
 
   "private": false,