@mikkelscheike/email-provider-links 1.1.0 → 1.3.1

package/README.md

@@ -1,14 +1,20 @@
 # Email Provider Links
 
-A TypeScript package that provides direct links to email providers based on email addresses to streamline login and password reset flows.
+🔒 **Enterprise-grade secure email provider detection for login and password reset flows**
 
-## Features
+A TypeScript package that provides direct links to email providers based on email addresses, with comprehensive security features to prevent malicious redirects and supply chain attacks.
+
+## ✨ Features
 
 - 🚀 **Fast & Lightweight**: Zero dependencies, minimal footprint
-- 📧 **60+ Email Providers**: Gmail, Outlook, Yahoo, ProtonMail, and more
-- 🏢 **Business Domain Detection**: DNS-based detection for custom domains
-- 🔒 **Type Safe**: Full TypeScript support
+- 📧 **64+ Email Providers**: Gmail, Outlook, Yahoo, ProtonMail, iCloud, and more
+- 🏢 **Business Domain Detection**: DNS-based detection for custom domains (Google Workspace, Microsoft 365, etc.)
+- 🔒 **Enterprise Security**: Multi-layer protection against malicious URLs and supply chain attacks
+- 🛡️ **URL Validation**: HTTPS-only enforcement with domain allowlisting
+- 🔐 **Integrity Verification**: Cryptographic hash verification for data integrity
+- 📝 **Type Safe**: Full TypeScript support with comprehensive interfaces
 - ⚡ **Performance Optimized**: Smart DNS fallback with configurable timeouts
+- 🧪 **Thoroughly Tested**: 83+ tests including comprehensive security coverage
 
 ## Installation
 
@@ -93,13 +99,61 @@ interface EmailProviderResult {
 }
 ```
 
+## 🛡️ Security Features
+
+This package implements **enterprise-grade security** to protect against malicious redirects and supply chain attacks:
+
+### ✅ Multi-Layer Protection
+
+- **HTTPS-Only Enforcement**: All provider URLs must use HTTPS protocol
+- **Domain Allowlisting**: Only pre-approved domains are allowed (64+ verified providers)
+- **Malicious Pattern Detection**: Blocks IP addresses, URL shorteners, suspicious TLDs
+- **Path Traversal Prevention**: Detects and blocks `../` and encoded variants
+- **JavaScript Injection Protection**: Prevents `javascript:`, `data:`, and script injections
+- **File Integrity Verification**: SHA-256 hash verification for provider database
+
+### 🔒 Attack Prevention
+
+Protects against common attack vectors:
+- ❌ **URL Injection**: Blocked by strict allowlisting
+- ❌ **Typosquatting**: Blocked by domain validation
+- ❌ **URL Shorteners**: Blocked by pattern detection
+- ❌ **Protocol Downgrade**: Blocked by HTTPS enforcement
+- ❌ **Path Traversal**: Blocked by path validation
+- ❌ **Script Injection**: Blocked by content validation
+- ❌ **Supply Chain Attacks**: Blocked by integrity verification
+
+### 🧪 Security Testing
+
+- **29 dedicated security tests** covering all attack vectors
+- **94% security code coverage** with edge case testing
+- **Automated security validation** in CI/CD pipeline
+- **Regular security audits** of provider database
+
+### 🔐 For Security Teams
+
+Security validation can be integrated into your workflow:
+
+```typescript
+import { secureLoadProviders } from '@mikkelscheike/email-provider-links/security';
+
+// Secure loading with integrity verification
+const result = secureLoadProviders();
+if (result.securityReport.securityLevel === 'CRITICAL') {
+  // Handle security incident
+  console.error('Security validation failed:', result.securityReport.issues);
+}
+```
+
 ## Contributing
 
-We welcome contributions! See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines on adding new email providers.
+We welcome contributions! See [CONTRIBUTING.md](docs/CONTRIBUTING.md) for guidelines on adding new email providers.
+
+**Security Note**: All new providers undergo security validation and must pass our allowlist verification.
 
 ## Security
 
-For security concerns, see our [Security Policy](SECURITY.md).
+For security concerns or to report vulnerabilities, see our [Security Policy](docs/SECURITY.md).
 
 ## License
 

package/dist/security/hash-verifier.d.ts

@@ -0,0 +1,94 @@
+/**
+ * Hash Verification System
+ *
+ * Provides cryptographic integrity verification for the email providers database
+ * to detect tampering or unauthorized modifications.
+ */
+export interface HashVerificationResult {
+    isValid: boolean;
+    expectedHash?: string;
+    actualHash: string;
+    reason?: string;
+    file: string;
+}
+/**
+ * Calculates SHA-256 hash of a file or string content
+ *
+ * @param content - File content as string or Buffer
+ * @returns SHA-256 hash as hex string
+ */
+export declare function calculateHash(content: string | Buffer): string;
+/**
+ * Calculates SHA-256 hash of a file
+ *
+ * @param filePath - Path to the file
+ * @returns SHA-256 hash as hex string
+ */
+export declare function calculateFileHash(filePath: string): string;
+/**
+ * Verifies the integrity of the email providers JSON file
+ *
+ * @param filePath - Path to the providers JSON file
+ * @param expectedHash - Optional expected hash (if not provided, uses KNOWN_GOOD_HASHES)
+ * @returns Verification result
+ */
+export declare function verifyProvidersIntegrity(filePath: string, expectedHash?: string): HashVerificationResult;
+/**
+ * Verifies the integrity of providers data from JSON object
+ *
+ * @param providersData - The providers data object
+ * @param expectedHash - Expected hash of the JSON string
+ * @returns Verification result
+ */
+export declare function verifyProvidersDataIntegrity(providersData: any, expectedHash?: string): HashVerificationResult;
+/**
+ * Generates security hashes for critical files - use this during development
+ *
+ * @param basePath - Base path of the project
+ * @returns Object with calculated hashes
+ */
+export declare function generateSecurityHashes(basePath?: string): Record<string, string>;
+/**
+ * Easy-to-use function to recalculate and display current hashes
+ * for updating KNOWN_GOOD_HASHES when making legitimate changes
+ *
+ * @param basePath - Base path of the project
+ * @returns Formatted hash configuration for copy-paste
+ */
+export declare function recalculateHashes(basePath?: string): string;
+/**
+ * Enhanced security warning system for hash mismatches
+ *
+ * @param result - Hash verification result
+ * @param options - Warning options
+ */
+export declare function handleHashMismatch(result: HashVerificationResult, options?: {
+    throwOnMismatch?: boolean;
+    logLevel?: 'error' | 'warn' | 'silent';
+    onMismatch?: (result: HashVerificationResult) => void;
+}): void;
+/**
+ * Comprehensive security audit including hash verification
+ *
+ * @param providersFilePath - Path to providers JSON file
+ * @returns Complete security audit result
+ */
+export declare function performSecurityAudit(providersFilePath?: string): {
+    hashVerification: HashVerificationResult;
+    recommendations: string[];
+    securityLevel: 'HIGH' | 'MEDIUM' | 'LOW' | 'CRITICAL';
+};
+/**
+ * Creates a signed manifest of all provider URLs with their hashes
+ * This can be used to detect any URL modifications
+ *
+ * @param providers - Array of email providers
+ * @returns Signed manifest with URL hashes
+ */
+export declare function createProviderManifest(providers: any[]): {
+    timestamp: string;
+    providerCount: number;
+    urlHashes: Record<string, string>;
+    manifestHash: string;
+};
+//# sourceMappingURL=hash-verifier.d.ts.map

package/dist/security/hash-verifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hash-verifier.d.ts","sourceRoot":"","sources":["../../src/security/hash-verifier.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAqBH,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAE9D;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAG1D;AAED;;;;;;GAMG;AACH,wBAAgB,wBAAwB,CACtC,QAAQ,EAAE,MAAM,EAChB,YAAY,CAAC,EAAE,MAAM,GACpB,sBAAsB,CAgCxB;AAED;;;;;;GAMG;AACH,wBAAgB,4BAA4B,CAC1C,aAAa,EAAE,GAAG,EAClB,YAAY,CAAC,EAAE,MAAM,GACpB,sBAAsB,CAmCxB;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,QAAQ,GAAE,MAAkB,0BAoBlE;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAuB3D;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAChC,MAAM,EAAE,sBAAsB,EAC9B,OAAO,GAAE;IACP,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,QAAQ,CAAC;IACvC,UAAU,CAAC,EAAE,CAAC,MAAM,EAAE,sBAAsB,KAAK,IAAI,CAAC;CAClD,GACL,IAAI,CA6CN;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,iBAAiB,CAAC,EAAE,MAAM,GAAG;IAChE,gBAAgB,EAAE,sBAAsB,CAAC;IACzC,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,aAAa,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,UAAU,CAAC;CACvD,CA6BA;AAED;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CAAC,SAAS,EAAE,GAAG,EAAE,GAAG;IACxD,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAClC,YAAY,EAAE,MAAM,CAAC;CACtB,CAsBA"}

package/dist/security/hash-verifier.js

@@ -0,0 +1,284 @@
+"use strict";
+/**
+ * Hash Verification System
+ *
+ * Provides cryptographic integrity verification for the email providers database
+ * to detect tampering or unauthorized modifications.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.calculateHash = calculateHash;
+exports.calculateFileHash = calculateFileHash;
+exports.verifyProvidersIntegrity = verifyProvidersIntegrity;
+exports.verifyProvidersDataIntegrity = verifyProvidersDataIntegrity;
+exports.generateSecurityHashes = generateSecurityHashes;
+exports.recalculateHashes = recalculateHashes;
+exports.handleHashMismatch = handleHashMismatch;
+exports.performSecurityAudit = performSecurityAudit;
+exports.createProviderManifest = createProviderManifest;
+const crypto_1 = require("crypto");
+const fs_1 = require("fs");
+const path_1 = require("path");
+/**
+ * Known good hashes for the providers database.
+ * These should be updated whenever the legitimate data changes.
+ *
+ * IMPORTANT: These hashes should be stored in a separate, more secure location
+ * in production (e.g., environment variables, secure CI/CD secrets)
+ */
+const KNOWN_GOOD_HASHES = {
+    // SHA-256 hash of the legitimate emailproviders.json
+    'emailproviders.json': 'da7a856fe04b11e326230d195fcc3d44f078e481b8929cf4fb5040276e05ffd0',
+    // You can add hashes for other critical files
+    'package.json': '4fec42bf25d33615a2b19bfe573b6d706404d39bfcdd6464a6958e70fca2a579'
+};
+/**
+ * Calculates SHA-256 hash of a file or string content
+ *
+ * @param content - File content as string or Buffer
+ * @returns SHA-256 hash as hex string
+ */
+function calculateHash(content) {
+    return (0, crypto_1.createHash)('sha256').update(content).digest('hex');
+}
+/**
+ * Calculates SHA-256 hash of a file
+ *
+ * @param filePath - Path to the file
+ * @returns SHA-256 hash as hex string
+ */
+function calculateFileHash(filePath) {
+    const content = (0, fs_1.readFileSync)(filePath);
+    return calculateHash(content);
+}
+/**
+ * Verifies the integrity of the email providers JSON file
+ *
+ * @param filePath - Path to the providers JSON file
+ * @param expectedHash - Optional expected hash (if not provided, uses KNOWN_GOOD_HASHES)
+ * @returns Verification result
+ */
+function verifyProvidersIntegrity(filePath, expectedHash) {
+    try {
+        const actualHash = calculateFileHash(filePath);
+        const expectedHashToUse = expectedHash || KNOWN_GOOD_HASHES['emailproviders.json'];
+        if (expectedHashToUse === 'TO_BE_CALCULATED') {
+            return {
+                isValid: false,
+                actualHash,
+                reason: 'Expected hash not configured. Run generateSecurityHashes() first.',
+                file: filePath
+            };
+        }
+        const isValid = actualHash === expectedHashToUse;
+        return {
+            isValid,
+            expectedHash: expectedHashToUse,
+            actualHash,
+            reason: isValid ? undefined : 'File hash does not match expected value - potential tampering detected',
+            file: filePath
+        };
+    }
+    catch (error) {
+        return {
+            isValid: false,
+            actualHash: '',
+            reason: `Failed to verify file: ${error instanceof Error ? error.message : 'Unknown error'}`,
+            file: filePath
+        };
+    }
+}
+/**
+ * Verifies the integrity of providers data from JSON object
+ *
+ * @param providersData - The providers data object
+ * @param expectedHash - Expected hash of the JSON string
+ * @returns Verification result
+ */
+function verifyProvidersDataIntegrity(providersData, expectedHash) {
+    try {
+        // Create deterministic JSON string (sorted keys)
+        const jsonString = JSON.stringify(providersData, Object.keys(providersData).sort(), 2);
+        const actualHash = calculateHash(jsonString);
+        const expectedHashToUse = expectedHash || KNOWN_GOOD_HASHES['emailproviders.json'];
+        if (expectedHashToUse === 'TO_BE_CALCULATED') {
+            return {
+                isValid: false,
+                actualHash,
+                reason: 'Expected hash not configured',
+                file: 'providersData'
+            };
+        }
+        const isValid = actualHash === expectedHashToUse;
+        return {
+            isValid,
+            expectedHash: expectedHashToUse,
+            actualHash,
+            reason: isValid ? undefined : 'Data hash does not match expected value',
+            file: 'providersData'
+        };
+    }
+    catch (error) {
+        return {
+            isValid: false,
+            actualHash: '',
+            reason: `Failed to verify data: ${error instanceof Error ? error.message : 'Unknown error'}`,
+            file: 'providersData'
+        };
+    }
+}
+/**
+ * Generates security hashes for critical files - use this during development
+ *
+ * @param basePath - Base path of the project
+ * @returns Object with calculated hashes
+ */
+function generateSecurityHashes(basePath = __dirname) {
+    const files = [
+        'providers/emailproviders.json',
+        'package.json'
+    ];
+    const hashes = {};
+    for (const file of files) {
+        try {
+            const fullPath = (0, path_1.join)(basePath, '..', '..', file);
+            const hash = calculateFileHash(fullPath);
+            hashes[file.split('/').pop() || file] = hash;
+            console.log(`✅ ${file}: ${hash}`);
+        }
+        catch (error) {
+            console.error(`❌ Failed to hash ${file}:`, error);
+        }
+    }
+    return hashes;
+}
+/**
+ * Easy-to-use function to recalculate and display current hashes
+ * for updating KNOWN_GOOD_HASHES when making legitimate changes
+ *
+ * @param basePath - Base path of the project
+ * @returns Formatted hash configuration for copy-paste
+ */
+function recalculateHashes(basePath) {
+    console.log('🔄 RECALCULATING SECURITY HASHES');
+    console.log('='.repeat(50));
+    const hashes = generateSecurityHashes(basePath);
+    const configCode = `
+// Updated KNOWN_GOOD_HASHES configuration:
+const KNOWN_GOOD_HASHES = {
+  'emailproviders.json': '${hashes['emailproviders.json']}',
+  'package.json': '${hashes['package.json']}'
+};
+`;
+    console.log('\n📋 Copy this configuration to hash-verifier.ts:');
+    console.log(configCode);
+    console.log('\n⚠️  SECURITY REMINDER:');
+    console.log('- Only update hashes after verifying changes are legitimate');
+    console.log('- Review git diff before updating hash values');
+    console.log('- Consider requiring code review for hash updates');
+    return configCode;
+}
+/**
+ * Enhanced security warning system for hash mismatches
+ *
+ * @param result - Hash verification result
+ * @param options - Warning options
+ */
+function handleHashMismatch(result, options = {}) {
+    if (result.isValid)
+        return;
+    const { throwOnMismatch = false, logLevel = 'error', onMismatch } = options;
+    const securityAlert = [
+        '🚨🚨🚨 CRITICAL SECURITY ALERT 🚨🚨🚨',
+        `File: ${result.file}`,
+        `Reason: ${result.reason}`,
+        `Expected Hash: ${result.expectedHash}`,
+        `Actual Hash: ${result.actualHash}`,
+        '',
+        '⚠️  POTENTIAL SECURITY BREACH DETECTED:',
+        '- File may have been tampered with',
+        '- Unauthorized modifications detected',
+        '- Supply chain attack possible',
+        '',
+        '🔍 IMMEDIATE ACTIONS REQUIRED:',
+        '1. Stop using this package immediately',
+        '2. Investigate the source of file changes',
+        '3. Check git history for unauthorized commits',
+        '4. Verify file integrity from trusted source',
+        '5. Report security incident if confirmed',
+        '',
+        '📧 Consider reporting to: security@[your-domain].com'
+    ].join('\n');
+    if (logLevel === 'error') {
+        console.error(securityAlert);
+    }
+    else if (logLevel === 'warn') {
+        console.warn(securityAlert);
+    }
+    // Call custom handler if provided
+    if (onMismatch) {
+        onMismatch(result);
+    }
+    // Throw error if requested (for production environments)
+    if (throwOnMismatch) {
+        throw new Error(`SECURITY BREACH: Hash verification failed for ${result.file}. ` +
+            `Expected: ${result.expectedHash}, Got: ${result.actualHash}`);
+    }
+}
+/**
+ * Comprehensive security audit including hash verification
+ *
+ * @param providersFilePath - Path to providers JSON file
+ * @returns Complete security audit result
+ */
+function performSecurityAudit(providersFilePath) {
+    const filePath = providersFilePath || (0, path_1.join)(__dirname, '..', '..', 'providers', 'emailproviders.json');
+    const hashResult = verifyProvidersIntegrity(filePath);
+    const recommendations = [];
+    let securityLevel = 'HIGH';
+    if (!hashResult.isValid) {
+        securityLevel = 'CRITICAL';
+        recommendations.push('🚨 CRITICAL: File integrity check failed - investigate immediately');
+        recommendations.push('🔒 Verify the source of the providers file');
+        recommendations.push('📋 Check git history for unauthorized changes');
+    }
+    if (KNOWN_GOOD_HASHES['emailproviders.json'] === 'TO_BE_CALCULATED') {
+        securityLevel = securityLevel === 'HIGH' ? 'MEDIUM' : securityLevel;
+        recommendations.push('⚙️  Configure expected hash values in production');
+        recommendations.push('🔐 Store hashes in secure environment variables');
+    }
+    recommendations.push('🔄 Regularly update hash values when making legitimate changes');
+    recommendations.push('📊 Monitor for unexpected hash changes in CI/CD');
+    recommendations.push('🛡️  Consider implementing digital signatures for additional security');
+    return {
+        hashVerification: hashResult,
+        recommendations,
+        securityLevel
+    };
+}
+/**
+ * Creates a signed manifest of all provider URLs with their hashes
+ * This can be used to detect any URL modifications
+ *
+ * @param providers - Array of email providers
+ * @returns Signed manifest with URL hashes
+ */
+function createProviderManifest(providers) {
+    const urlHashes = {};
+    for (const provider of providers) {
+        if (provider.loginUrl) {
+            const key = `${provider.companyProvider}::${provider.loginUrl}`;
+            urlHashes[key] = calculateHash(provider.loginUrl);
+        }
+    }
+    const manifestData = {
+        timestamp: new Date().toISOString(),
+        providerCount: providers.length,
+        urlHashes
+    };
+    const manifestHash = calculateHash(JSON.stringify(manifestData, null, 2));
+    return {
+        ...manifestData,
+        manifestHash
+    };
+}
+//# sourceMappingURL=hash-verifier.js.map

package/dist/security/hash-verifier.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hash-verifier.js","sourceRoot":"","sources":["../../src/security/hash-verifier.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAmCH,sCAEC;AAQD,8CAGC;AASD,4DAmCC;AASD,oEAsCC;AAQD,wDAoBC;AASD,8CAuBC;AAQD,gDAoDC;AAQD,oDAiCC;AASD,wDA2BC;AA9UD,mCAAoC;AACpC,2BAAkC;AAClC,+BAA4B;AAE5B;;;;;;GAMG;AACH,MAAM,iBAAiB,GAAG;IACxB,qDAAqD;IACrD,qBAAqB,EAAE,kEAAkE;IAEzF,8CAA8C;IAC9C,cAAc,EAAE,kEAAkE;CACnF,CAAC;AAUF;;;;;GAKG;AACH,SAAgB,aAAa,CAAC,OAAwB;IACpD,OAAO,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC5D,CAAC;AAED;;;;;GAKG;AACH,SAAgB,iBAAiB,CAAC,QAAgB;IAChD,MAAM,OAAO,GAAG,IAAA,iBAAY,EAAC,QAAQ,CAAC,CAAC;IACvC,OAAO,aAAa,CAAC,OAAO,CAAC,CAAC;AAChC,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,wBAAwB,CACtC,QAAgB,EAChB,YAAqB;IAErB,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QAC/C,MAAM,iBAAiB,GAAG,YAAY,IAAI,iBAAiB,CAAC,qBAAqB,CAAC,CAAC;QAEnF,IAAI,iBAAiB,KAAK,kBAAkB,EAAE,CAAC;YAC7C,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,UAAU;gBACV,MAAM,EAAE,mEAAmE;gBAC3E,IAAI,EAAE,QAAQ;aACf,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,UAAU,KAAK,iBAAiB,CAAC;QAEjD,OAAO;YACL,OAAO;YACP,YAAY,EAAE,iBAAiB;YAC/B,UAAU;YACV,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,wEAAwE;YACtG,IAAI,EAAE,QAAQ;SACf,CAAC;IAEJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,KAAK;YACd,UAAU,EAAE,EAAE;YACd,MAAM,EAAE,0BAA0B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;YAC5F,IAAI,EAAE,QAAQ;SACf,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,4BAA4B,CAC1C,aAAkB,EAClB,YAAqB;IAErB,IAAI,CAAC;QACH,iDAAiD;QACjD,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,aAAa,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;QACvF,MAAM,UAAU,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;QAE7C,MAAM,iBAAiB,GAAG,YAAY,IAAI,iBAAiB,CAAC,qBAAqB,CAAC,CAAC;QAEnF,IAAI,iBAAiB,KAAK,kBAAkB,EAAE,CAAC;YAC7C,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,UAAU;gBACV,MAAM,EAAE,8BAA8B;gBACtC,IAAI,EAAE,eAAe;aACtB,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,UAAU,KAAK,iBAAiB,CAAC;QAEjD,OAAO;YACL,OAAO;YACP,YAAY,EAAE,iBAAiB;YAC/B,UAAU;YACV,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,yCAAyC;YACvE,IAAI,EAAE,eAAe;SACtB,CAAC;IAEJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,KAAK;YACd,UAAU,EAAE,EAAE;YACd,MAAM,EAAE,0BAA0B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;YAC5F,IAAI,EAAE,eAAe;SACtB,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAgB,sBAAsB,CAAC,WAAmB,SAAS;IACjE,MAAM,KAAK,GAAG;QACZ,+BAA+B;QAC/B,cAAc;KACf,CAAC;IAEF,MAAM,MAAM,GAA2B,EAAE,CAAC;IAE1C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,IAAA,WAAI,EAAC,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;YAClD,MAAM,IAAI,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;YACzC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,GAAG,IAAI,CAAC;YAC7C,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,KAAK,IAAI,EAAE,CAAC,CAAC;QACpC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,oBAAoB,IAAI,GAAG,EAAE,KAAK,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,iBAAiB,CAAC,QAAiB;IACjD,OAAO,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,GAAG,CAAE,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAE7B,MAAM,MAAM,GAAG,sBAAsB,CAAC,QAAQ,CAAC,CAAC;IAEhD,MAAM,UAAU,GAAG;;;4BAGO,MAAM,CAAC,qBAAqB,CAAC;qBACpC,MAAM,CAAC,cAAc,CAAC;;CAE1C,CAAC;IAEA,OAAO,CAAC,GAAG,CAAC,mDAAmD,CAAC,CAAC;IACjE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAExB,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;IACxC,OAAO,CAAC,GAAG,CAAC,6DAA6D,CAAC,CAAC;IAC3E,OAAO,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC;IAC7D,OAAO,CAAC,GAAG,CAAC,mDAAmD,CAAC,CAAC;IAEjE,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,kBAAkB,CAChC,MAA8B,EAC9B,UAII,EAAE;IAEN,IAAI,MAAM,CAAC,OAAO;QAAE,OAAO;IAE3B,MAAM,EAAE,eAAe,GAAG,KAAK,EAAE,QAAQ,GAAG,OAAO,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;IAE5E,MAAM,aAAa,GAAG;QACpB,uCAAuC;QACvC,SAAS,MAAM,CAAC,IAAI,EAAE;QACtB,WAAW,MAAM,CAAC,MAAM,EAAE;QAC1B,kBAAkB,MAAM,CAAC,YAAY,EAAE;QACvC,gBAAgB,MAAM,CAAC,UAAU,EAAE;QACnC,EAAE;QACF,yCAAyC;QACzC,oCAAoC;QACpC,uCAAuC;QACvC,gCAAgC;QAChC,EAAE;QACF,gCAAgC;QAChC,wCAAwC;QACxC,2CAA2C;QAC3C,+CAA+C;QAC/C,8CAA8C;QAC9C,0CAA0C;QAC1C,EAAE;QACF,sDAAsD;KACvD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEb,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QACzB,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;IAC/B,CAAC;SAAM,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QAC/B,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAC9B,CAAC;IAED,kCAAkC;IAClC,IAAI,UAAU,EAAE,CAAC;QACf,UAAU,CAAC,MAAM,CAAC,CAAC;IACrB,CAAC;IAED,yDAAyD;IACzD,IAAI,eAAe,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CACb,iDAAiD,MAAM,CAAC,IAAI,IAAI;YAChE,aAAa,MAAM,CAAC,YAAY,UAAU,MAAM,CAAC,UAAU,EAAE,CAC9D,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAgB,oBAAoB,CAAC,iBAA0B;IAK7D,MAAM,QAAQ,GAAG,iBAAiB,IAAI,IAAA,WAAI,EAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,EAAE,qBAAqB,CAAC,CAAC;IACtG,MAAM,UAAU,GAAG,wBAAwB,CAAC,QAAQ,CAAC,CAAC;IAEtD,MAAM,eAAe,GAAa,EAAE,CAAC;IACrC,IAAI,aAAa,GAA2C,MAAM,CAAC;IAEnE,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;QACxB,aAAa,GAAG,UAAU,CAAC;QAC3B,eAAe,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAC;QAC3F,eAAe,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;QACnE,eAAe,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;IACxE,CAAC;IAED,IAAI,iBAAiB,CAAC,qBAAqB,CAAC,KAAK,kBAAkB,EAAE,CAAC;QACpE,aAAa,GAAG,aAAa,KAAK,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC;QACpE,eAAe,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;QACzE,eAAe,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAC;IAC1E,CAAC;IAED,eAAe,CAAC,IAAI,CAAC,gEAAgE,CAAC,CAAC;IACvF,eAAe,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAC;IACxE,eAAe,CAAC,IAAI,CAAC,uEAAuE,CAAC,CAAC;IAE9F,OAAO;QACL,gBAAgB,EAAE,UAAU;QAC5B,eAAe;QACf,aAAa;KACd,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,sBAAsB,CAAC,SAAgB;IAMrD,MAAM,SAAS,GAA2B,EAAE,CAAC;IAE7C,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACtB,MAAM,GAAG,GAAG,GAAG,QAAQ,CAAC,eAAe,KAAK,QAAQ,CAAC,QAAQ,EAAE,CAAC;YAChE,SAAS,CAAC,GAAG,CAAC,GAAG,aAAa,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAED,MAAM,YAAY,GAAG;QACnB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,aAAa,EAAE,SAAS,CAAC,MAAM;QAC/B,SAAS;KACV,CAAC;IAEF,MAAM,YAAY,GAAG,aAAa,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAE1E,OAAO;QACL,GAAG,YAAY;QACf,YAAY;KACb,CAAC;AACJ,CAAC"}

package/dist/security/secure-loader.d.ts

@@ -0,0 +1,47 @@
+/**
+ * Secure Loader for Email Providers
+ *
+ * Integrates URL validation and hash verification to create a secure
+ * loading system for email provider data.
+ */
+import type { EmailProvider } from '../index';
+export interface SecureLoadResult {
+    success: boolean;
+    providers: EmailProvider[];
+    securityReport: {
+        hashVerification: boolean;
+        urlValidation: boolean;
+        totalProviders: number;
+        validUrls: number;
+        invalidUrls: number;
+        securityLevel: 'SECURE' | 'WARNING' | 'CRITICAL';
+        issues: string[];
+    };
+}
+/**
+ * Securely loads and validates email provider data
+ *
+ * @param providersPath - Path to the providers JSON file
+ * @param expectedHash - Optional expected hash for verification
+ * @returns Secure load result with validation details
+ */
+export declare function secureLoadProviders(providersPath?: string, expectedHash?: string): SecureLoadResult;
+/**
+ * Development utility to generate and display current hashes
+ */
+export declare function initializeSecurity(): Record<string, string>;
+/**
+ * Express middleware for secure provider loading (if using in web apps)
+ */
+export declare function createSecurityMiddleware(options?: {
+    expectedHash?: string;
+    allowInvalidUrls?: boolean;
+    onSecurityIssue?: (report: SecureLoadResult['securityReport']) => void;
+}): (req: any, res: any, next: any) => any;
+declare const _default: {
+    secureLoadProviders: typeof secureLoadProviders;
+    initializeSecurity: typeof initializeSecurity;
+    createSecurityMiddleware: typeof createSecurityMiddleware;
+};
+export default _default;
+//# sourceMappingURL=secure-loader.d.ts.map

package/dist/security/secure-loader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secure-loader.d.ts","sourceRoot":"","sources":["../../src/security/secure-loader.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAE9C,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,aAAa,EAAE,CAAC;IAC3B,cAAc,EAAE;QACd,gBAAgB,EAAE,OAAO,CAAC;QAC1B,aAAa,EAAE,OAAO,CAAC;QACvB,cAAc,EAAE,MAAM,CAAC;QACvB,SAAS,EAAE,MAAM,CAAC;QAClB,WAAW,EAAE,MAAM,CAAC;QACpB,aAAa,EAAE,QAAQ,GAAG,SAAS,GAAG,UAAU,CAAC;QACjD,MAAM,EAAE,MAAM,EAAE,CAAC;KAClB,CAAC;CACH;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CACjC,aAAa,CAAC,EAAE,MAAM,EACtB,YAAY,CAAC,EAAE,MAAM,GACpB,gBAAgB,CAoFlB;AAED;;GAEG;AACH,wBAAgB,kBAAkB,2BAWjC;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CAAC,OAAO,GAAE;IAChD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,eAAe,CAAC,EAAE,CAAC,MAAM,EAAE,gBAAgB,CAAC,gBAAgB,CAAC,KAAK,IAAI,CAAC;CACnE,IACI,KAAK,GAAG,EAAE,KAAK,GAAG,EAAE,MAAM,GAAG,SAmBtC;;;;;;AAED,wBAIE"}

package/dist/security/secure-loader.js

@@ -0,0 +1,141 @@
+"use strict";
+/**
+ * Secure Loader for Email Providers
+ *
+ * Integrates URL validation and hash verification to create a secure
+ * loading system for email provider data.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.secureLoadProviders = secureLoadProviders;
+exports.initializeSecurity = initializeSecurity;
+exports.createSecurityMiddleware = createSecurityMiddleware;
+const fs_1 = require("fs");
+const path_1 = require("path");
+const url_validator_1 = require("./url-validator");
+const hash_verifier_1 = require("./hash-verifier");
+/**
+ * Securely loads and validates email provider data
+ *
+ * @param providersPath - Path to the providers JSON file
+ * @param expectedHash - Optional expected hash for verification
+ * @returns Secure load result with validation details
+ */
+function secureLoadProviders(providersPath, expectedHash) {
+    const filePath = providersPath || (0, path_1.join)(__dirname, '..', '..', 'providers', 'emailproviders.json');
+    const issues = [];
+    let providers = [];
+    // Step 1: Hash verification
+    const hashResult = (0, hash_verifier_1.verifyProvidersIntegrity)(filePath, expectedHash);
+    if (!hashResult.isValid) {
+        issues.push(`Hash verification failed: ${hashResult.reason}`);
+        // In production, you might want to abort here
+        console.error('🚨 SECURITY WARNING: Hash verification failed!');
+        console.error('File:', hashResult.file);
+        console.error('Reason:', hashResult.reason);
+        console.error('Expected:', hashResult.expectedHash);
+        console.error('Actual:', hashResult.actualHash);
+    }
+    // Step 2: Load and parse JSON
+    try {
+        const fileContent = (0, fs_1.readFileSync)(filePath, 'utf8');
+        const data = JSON.parse(fileContent);
+        providers = data.providers || [];
+    }
+    catch (error) {
+        issues.push(`Failed to load providers file: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        return {
+            success: false,
+            providers: [],
+            securityReport: {
+                hashVerification: false,
+                urlValidation: false,
+                totalProviders: 0,
+                validUrls: 0,
+                invalidUrls: 0,
+                securityLevel: 'CRITICAL',
+                issues
+            }
+        };
+    }
+    // Step 3: URL validation audit
+    const urlAudit = (0, url_validator_1.auditProviderSecurity)(providers);
+    if (urlAudit.invalid > 0) {
+        issues.push(`${urlAudit.invalid} providers have invalid URLs`);
+        console.warn('⚠️  URL validation issues found:');
+        for (const invalid of urlAudit.invalidProviders) {
+            console.warn(`- ${invalid.provider}: ${invalid.validation.reason}`);
+        }
+    }
+    // Step 4: Filter out invalid providers in production
+    const secureProviders = providers.filter(provider => {
+        if (!provider.loginUrl)
+            return true; // Allow providers without login URLs
+        const validation = (0, url_validator_1.validateEmailProviderUrl)(provider.loginUrl);
+        return validation.isValid;
+    });
+    if (secureProviders.length < providers.length) {
+        const filtered = providers.length - secureProviders.length;
+        issues.push(`Filtered out ${filtered} providers with invalid URLs`);
+    }
+    // Step 5: Determine security level
+    let securityLevel = 'SECURE';
+    if (!hashResult.isValid) {
+        securityLevel = 'CRITICAL';
+    }
+    else if (urlAudit.invalid > 0 || issues.length > 0) {
+        securityLevel = 'WARNING';
+    }
+    return {
+        success: securityLevel !== 'CRITICAL',
+        providers: secureProviders,
+        securityReport: {
+            hashVerification: hashResult.isValid,
+            urlValidation: urlAudit.invalid === 0,
+            totalProviders: providers.length,
+            validUrls: urlAudit.valid,
+            invalidUrls: urlAudit.invalid,
+            securityLevel,
+            issues
+        }
+    };
+}
+/**
+ * Development utility to generate and display current hashes
+ */
+function initializeSecurity() {
+    console.log('🔐 Generating security hashes for email providers...');
+    const hashes = (0, hash_verifier_1.generateSecurityHashes)();
+    console.log('\n📋 Security Setup Instructions:');
+    console.log('1. Store these hashes securely (environment variables, CI/CD secrets)');
+    console.log('2. Update KNOWN_GOOD_HASHES in hash-verifier.ts');
+    console.log('3. Enable hash verification in production');
+    console.log('\n⚠️  Remember to update hashes when making legitimate changes to provider data!');
+    return hashes;
+}
+/**
+ * Express middleware for secure provider loading (if using in web apps)
+ */
+function createSecurityMiddleware(options = {}) {
+    return (req, res, next) => {
+        const result = secureLoadProviders(undefined, options.expectedHash);
+        if (result.securityReport.securityLevel === 'CRITICAL' && !options.allowInvalidUrls) {
+            if (options.onSecurityIssue) {
+                options.onSecurityIssue(result.securityReport);
+            }
+            return res.status(500).json({
+                error: 'Security validation failed',
+                details: result.securityReport
+            });
+        }
+        // Attach secure providers to request
+        req.secureProviders = result.providers;
+        req.securityReport = result.securityReport;
+        next();
+    };
+}
+exports.default = {
+    secureLoadProviders,
+    initializeSecurity,
+    createSecurityMiddleware
+};
+//# sourceMappingURL=secure-loader.js.map

package/dist/security/secure-loader.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secure-loader.js","sourceRoot":"","sources":["../../src/security/secure-loader.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AA6BH,kDAuFC;AAKD,gDAWC;AAKD,4DAwBC;AA/JD,2BAAkC;AAClC,+BAA4B;AAC5B,mDAAkF;AAClF,mDAAuG;AAiBvG;;;;;;GAMG;AACH,SAAgB,mBAAmB,CACjC,aAAsB,EACtB,YAAqB;IAErB,MAAM,QAAQ,GAAG,aAAa,IAAI,IAAA,WAAI,EAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,EAAE,qBAAqB,CAAC,CAAC;IAClG,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,SAAS,GAAoB,EAAE,CAAC;IAEpC,4BAA4B;IAC5B,MAAM,UAAU,GAAG,IAAA,wCAAwB,EAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IACpE,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CAAC,6BAA6B,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;QAE9D,8CAA8C;QAC9C,OAAO,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;QAChE,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC;QACxC,OAAO,CAAC,KAAK,CAAC,SAAS,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC;QAC5C,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,UAAU,CAAC,YAAY,CAAC,CAAC;QACpD,OAAO,CAAC,KAAK,CAAC,SAAS,EAAE,UAAU,CAAC,UAAU,CAAC,CAAC;IAClD,CAAC;IAED,8BAA8B;IAC9B,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,IAAA,iBAAY,EAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACnD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACrC,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,EAAE,CAAC;IACnC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,kCAAkC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;QAC1G,OAAO;YACL,OAAO,EAAE,KAAK;YACd,SAAS,EAAE,EAAE;YACb,cAAc,EAAE;gBACd,gBAAgB,EAAE,KAAK;gBACvB,aAAa,EAAE,KAAK;gBACpB,cAAc,EAAE,CAAC;gBACjB,SAAS,EAAE,CAAC;gBACZ,WAAW,EAAE,CAAC;gBACd,aAAa,EAAE,UAAU;gBACzB,MAAM;aACP;SACF,CAAC;IACJ,CAAC;IAED,+BAA+B;IAC/B,MAAM,QAAQ,GAAG,IAAA,qCAAqB,EAAC,SAAS,CAAC,CAAC;IAClD,IAAI,QAAQ,CAAC,OAAO,GAAG,CAAC,EAAE,CAAC;QACzB,MAAM,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,OAAO,8BAA8B,CAAC,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;QACjD,KAAK,MAAM,OAAO,IAAI,QAAQ,CAAC,gBAAgB,EAAE,CAAC;YAChD,OAAO,CAAC,IAAI,CAAC,KAAK,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;IAED,qDAAqD;IACrD,MAAM,eAAe,GAAG,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE;QAClD,IAAI,CAAC,QAAQ,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC,CAAC,qCAAqC;QAC1E,MAAM,UAAU,GAAG,IAAA,wCAAwB,EAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC/D,OAAO,UAAU,CAAC,OAAO,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,IAAI,eAAe,CAAC,MAAM,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC;QAC9C,MAAM,QAAQ,GAAG,SAAS,CAAC,MAAM,GAAG,eAAe,CAAC,MAAM,CAAC;QAC3D,MAAM,CAAC,IAAI,CAAC,gBAAgB,QAAQ,8BAA8B,CAAC,CAAC;IACtE,CAAC;IAED,mCAAmC;IACnC,IAAI,aAAa,GAAsC,QAAQ,CAAC;IAEhE,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;QACxB,aAAa,GAAG,UAAU,CAAC;IAC7B,CAAC;SAAM,IAAI,QAAQ,CAAC,OAAO,GAAG,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrD,aAAa,GAAG,SAAS,CAAC;IAC5B,CAAC;IAED,OAAO;QACL,OAAO,EAAE,aAAa,KAAK,UAAU;QACrC,SAAS,EAAE,eAAe;QAC1B,cAAc,EAAE;YACd,gBAAgB,EAAE,UAAU,CAAC,OAAO;YACpC,aAAa,EAAE,QAAQ,CAAC,OAAO,KAAK,CAAC;YACrC,cAAc,EAAE,SAAS,CAAC,MAAM;YAChC,SAAS,EAAE,QAAQ,CAAC,KAAK;YACzB,WAAW,EAAE,QAAQ,CAAC,OAAO;YAC7B,aAAa;YACb,MAAM;SACP;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB;IAChC,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;IACpE,MAAM,MAAM,GAAG,IAAA,sCAAsB,GAAE,CAAC;IAExC,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,uEAAuE,CAAC,CAAC;IACrF,OAAO,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC;IAC/D,OAAO,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC;IACzD,OAAO,CAAC,GAAG,CAAC,kFAAkF,CAAC,CAAC;IAEhG,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAgB,wBAAwB,CAAC,UAIrC,EAAE;IACJ,OAAO,CAAC,GAAQ,EAAE,GAAQ,EAAE,IAAS,EAAE,EAAE;QACvC,MAAM,MAAM,GAAG,mBAAmB,CAAC,SAAS,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;QAEpE,IAAI,MAAM,CAAC,cAAc,CAAC,aAAa,KAAK,UAAU,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC;YACpF,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;gBAC5B,OAAO,CAAC,eAAe,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;YACjD,CAAC;YACD,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC1B,KAAK,EAAE,4BAA4B;gBACnC,OAAO,EAAE,MAAM,CAAC,cAAc;aAC/B,CAAC,CAAC;QACL,CAAC;QAED,qCAAqC;QACpC,GAAW,CAAC,eAAe,GAAG,MAAM,CAAC,SAAS,CAAC;QAC/C,GAAW,CAAC,cAAc,GAAG,MAAM,CAAC,cAAc,CAAC;QAEpD,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;AACJ,CAAC;AAED,kBAAe;IACb,mBAAmB;IACnB,kBAAkB;IAClB,wBAAwB;CACzB,CAAC"}

package/dist/security/security-demo.d.ts

@@ -0,0 +1,10 @@
+#!/usr/bin/env tsx
+/**
+ * Security Demonstration Script
+ *
+ * This script demonstrates how the URL validation and hash verification
+ * systems work to protect against supply chain attacks.
+ */
+declare function demo(): void;
+export { demo };
+//# sourceMappingURL=security-demo.d.ts.map

package/dist/security/security-demo.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-demo.d.ts","sourceRoot":"","sources":["../../src/security/security-demo.ts"],"names":[],"mappings":";AAEA;;;;;GAKG;AAQH,iBAAS,IAAI,SA2JZ;AAOD,OAAO,EAAE,IAAI,EAAE,CAAC"}

package/dist/security/security-demo.js

@@ -0,0 +1,154 @@
+#!/usr/bin/env tsx
+"use strict";
+/**
+ * Security Demonstration Script
+ *
+ * This script demonstrates how the URL validation and hash verification
+ * systems work to protect against supply chain attacks.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.demo = demo;
+const url_validator_1 = require("./url-validator");
+const hash_verifier_1 = require("./hash-verifier");
+const secure_loader_1 = require("./secure-loader");
+const fs_1 = require("fs");
+const path_1 = require("path");
+function demo() {
+    console.log('🔐 EMAIL PROVIDER LINKS - SECURITY DEMONSTRATION\n');
+    // 1. URL Validation Demo
+    console.log('📋 1. URL VALIDATION DEMO');
+    console.log('='.repeat(50));
+    const testUrls = [
+        'https://mail.google.com/mail/', // ✅ Valid
+        'https://outlook.office365.com', // ✅ Valid  
+        'https://evil-phishing-site.com/gmail', // ❌ Invalid (not allowlisted)
+        'http://gmail.com', // ❌ Invalid (not HTTPS)
+        'https://192.168.1.1/webmail', // ❌ Invalid (IP address)
+        'https://bit.ly/fake-gmail', // ❌ Invalid (URL shortener)
+        'https://gmail.tk' // ❌ Invalid (suspicious TLD)
+    ];
+    testUrls.forEach(url => {
+        const result = (0, url_validator_1.validateEmailProviderUrl)(url);
+        const status = result.isValid ? '✅' : '❌';
+        console.log(`${status} ${url}`);
+        if (!result.isValid) {
+            console.log(`   Reason: ${result.reason}`);
+        }
+    });
+    // 2. Hash Verification Demo
+    console.log('\n📋 2. HASH VERIFICATION DEMO');
+    console.log('='.repeat(50));
+    try {
+        const providersPath = (0, path_1.join)(__dirname, '..', '..', 'providers', 'emailproviders.json');
+        const currentHash = (0, hash_verifier_1.calculateFileHash)(providersPath);
+        console.log(`Current providers file hash: ${currentHash}`);
+        // Simulate tampering detection
+        const fakeHash = 'fake_hash_indicating_tampering';
+        const verificationResult = (0, hash_verifier_1.verifyProvidersIntegrity)(providersPath, fakeHash);
+        console.log(`\\nTampering simulation:`);
+        console.log(`Expected: ${fakeHash}`);
+        console.log(`Actual: ${verificationResult.actualHash}`);
+        console.log(`Valid: ${verificationResult.isValid ? '✅' : '❌'}`);
+        if (!verificationResult.isValid) {
+            console.log(`Reason: ${verificationResult.reason}`);
+        }
+    }
+    catch (error) {
+        console.error('Failed to demonstrate hash verification:', error);
+    }
+    // 3. Provider Security Audit
+    console.log('\\n📋 3. PROVIDER SECURITY AUDIT');
+    console.log('='.repeat(50));
+    try {
+        const providersPath = (0, path_1.join)(__dirname, '..', '..', 'providers', 'emailproviders.json');
+        const providersData = JSON.parse((0, fs_1.readFileSync)(providersPath, 'utf8'));
+        const audit = (0, url_validator_1.auditProviderSecurity)(providersData.providers);
+        console.log(`Total providers: ${audit.total}`);
+        console.log(`Valid URLs: ${audit.valid}`);
+        console.log(`Invalid URLs: ${audit.invalid}`);
+        console.log(`Status: ${audit.report}`);
+        if (audit.invalid > 0) {
+            console.log('\\nInvalid providers:');
+            audit.invalidProviders.forEach(invalid => {
+                console.log(`- ${invalid.provider}: ${invalid.validation.reason}`);
+            });
+        }
+    }
+    catch (error) {
+        console.error('Failed to audit providers:', error);
+    }
+    // 4. Secure Loading Demo
+    console.log('\\n📋 4. SECURE LOADING DEMO');
+    console.log('='.repeat(50));
+    const secureResult = (0, secure_loader_1.secureLoadProviders)();
+    console.log(`Load success: ${secureResult.success ? '✅' : '❌'}`);
+    console.log(`Security level: ${secureResult.securityReport.securityLevel}`);
+    console.log(`Hash verification: ${secureResult.securityReport.hashVerification ? '✅' : '❌'}`);
+    console.log(`URL validation: ${secureResult.securityReport.urlValidation ? '✅' : '❌'}`);
+    console.log(`Total providers loaded: ${secureResult.providers.length}`);
+    if (secureResult.securityReport.issues.length > 0) {
+        console.log('\\nSecurity issues:');
+        secureResult.securityReport.issues.forEach(issue => {
+            console.log(`- ${issue}`);
+        });
+    }
+    // 5. Attack Simulation
+    console.log('\\n📋 5. ATTACK SIMULATION');
+    console.log('='.repeat(50));
+    console.log('Simulating common attack scenarios:\\n');
+    // Simulate malicious URL injection
+    const maliciousProvider = {
+        companyProvider: 'Fake Gmail',
+        loginUrl: 'https://gmaiI.com/login', // Note the capital i instead of l
+        domains: ['gmail.com']
+    };
+    const maliciousValidation = (0, url_validator_1.validateEmailProviderUrl)(maliciousProvider.loginUrl);
+    console.log(`🎭 Typosquatting attack: ${maliciousProvider.loginUrl}`);
+    console.log(`   Blocked: ${!maliciousValidation.isValid ? '✅' : '❌'}`);
+    if (!maliciousValidation.isValid) {
+        console.log(`   Reason: ${maliciousValidation.reason}`);
+    }
+    // Simulate URL shortener attack
+    const shortenerAttack = {
+        companyProvider: 'Shortened Gmail',
+        loginUrl: 'https://bit.ly/definitely-not-gmail',
+        domains: ['gmail.com']
+    };
+    const shortenerValidation = (0, url_validator_1.validateEmailProviderUrl)(shortenerAttack.loginUrl);
+    console.log(`\\n🔗 URL shortener attack: ${shortenerAttack.loginUrl}`);
+    console.log(`   Blocked: ${!shortenerValidation.isValid ? '✅' : '❌'}`);
+    if (!shortenerValidation.isValid) {
+        console.log(`   Reason: ${shortenerValidation.reason}`);
+    }
+    // Simulate non-HTTPS attack
+    const httpAttack = {
+        companyProvider: 'Insecure Gmail',
+        loginUrl: 'http://gmail.com',
+        domains: ['gmail.com']
+    };
+    const httpValidation = (0, url_validator_1.validateEmailProviderUrl)(httpAttack.loginUrl);
+    console.log(`\\n🔓 Non-HTTPS attack: ${httpAttack.loginUrl}`);
+    console.log(`   Blocked: ${!httpValidation.isValid ? '✅' : '❌'}`);
+    if (!httpValidation.isValid) {
+        console.log(`   Reason: ${httpValidation.reason}`);
+    }
+    console.log('\\n🎯 SECURITY SUMMARY');
+    console.log('='.repeat(50));
+    console.log('✅ URL allowlisting prevents malicious redirects');
+    console.log('✅ Hash verification detects file tampering');
+    console.log('✅ HTTPS enforcement prevents downgrade attacks');
+    console.log('✅ Suspicious pattern detection blocks common attacks');
+    console.log('✅ Comprehensive logging for security monitoring');
+    console.log('\\n🔧 NEXT STEPS FOR PRODUCTION');
+    console.log('='.repeat(50));
+    console.log('1. Store expected hashes in environment variables');
+    console.log('2. Enable strict security mode in CI/CD pipeline');
+    console.log('3. Set up monitoring alerts for security failures');
+    console.log('4. Regular security audits of provider data');
+    console.log('5. Consider adding digital signatures for extra security');
+}
+// Run the demo
+if (require.main === module) {
+    demo();
+}
+//# sourceMappingURL=security-demo.js.map

package/dist/security/security-demo.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-demo.js","sourceRoot":"","sources":["../../src/security/security-demo.ts"],"names":[],"mappings":";;AAEA;;;;;GAKG;;AA0KM,oBAAI;AAxKb,mDAAkF;AAClF,mDAAsG;AACtG,mDAA0E;AAC1E,2BAAkC;AAClC,+BAA4B;AAE5B,SAAS,IAAI;IACX,OAAO,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAC;IAElE,yBAAyB;IACzB,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;IACzC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAE,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAE7B,MAAM,QAAQ,GAAG;QACf,+BAA+B,EAAY,UAAU;QACrD,+BAA+B,EAAY,YAAY;QACvD,sCAAsC,EAAK,8BAA8B;QACzE,kBAAkB,EAAyB,wBAAwB;QACnE,6BAA6B,EAAa,yBAAyB;QACnE,2BAA2B,EAAgB,4BAA4B;QACvE,kBAAkB,CAAyB,6BAA6B;KACzE,CAAC;IAEF,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;QACrB,MAAM,MAAM,GAAG,IAAA,wCAAwB,EAAC,GAAG,CAAC,CAAC;QAC7C,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QAC1C,OAAO,CAAC,GAAG,CAAC,GAAG,MAAM,IAAI,GAAG,EAAE,CAAC,CAAC;QAChC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,CAAC,GAAG,CAAC,cAAc,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,4BAA4B;IAC5B,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,GAAG,CAAE,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAE7B,IAAI,CAAC;QACH,MAAM,aAAa,GAAG,IAAA,WAAI,EAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,EAAE,qBAAqB,CAAC,CAAC;QACtF,MAAM,WAAW,GAAG,IAAA,iCAAiB,EAAC,aAAa,CAAC,CAAC;QACrD,OAAO,CAAC,GAAG,CAAC,gCAAgC,WAAW,EAAE,CAAC,CAAC;QAE3D,+BAA+B;QAC/B,MAAM,QAAQ,GAAG,gCAAgC,CAAC;QAClD,MAAM,kBAAkB,GAAG,IAAA,wCAAwB,EAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;QAE7E,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,aAAa,QAAQ,EAAE,CAAC,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,WAAW,kBAAkB,CAAC,UAAU,EAAE,CAAC,CAAC;QACxD,OAAO,CAAC,GAAG,CAAC,UAAU,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;QAChE,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,CAAC;YAChC,OAAO,CAAC,GAAG,CAAC,WAAW,kBAAkB,CAAC,MAAM,EAAE,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,0CAA0C,EAAE,KAAK,CAAC,CAAC;IACnE,CAAC;IAED,6BAA6B;IAC7B,OAAO,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,GAAG,CAAE,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAE7B,IAAI,CAAC;QACH,MAAM,aAAa,GAAG,IAAA,WAAI,EAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,EAAE,qBAAqB,CAAC,CAAC;QACtF,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,iBAAY,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC,CAAC;QACtE,MAAM,KAAK,GAAG,IAAA,qCAAqB,EAAC,aAAa,CAAC,SAAS,CAAC,CAAC;QAE7D,OAAO,CAAC,GAAG,CAAC,oBAAoB,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;QAC/C,OAAO,CAAC,GAAG,CAAC,eAAe,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;QAC1C,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QAEvC,IAAI,KAAK,CAAC,OAAO,GAAG,CAAC,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;YACrC,KAAK,CAAC,gBAAgB,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;gBACvC,OAAO,CAAC,GAAG,CAAC,KAAK,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;YACrE,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;IACrD,CAAC;IAED,yBAAyB;IACzB,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;IAC5C,OAAO,CAAC,GAAG,CAAC,GAAG,CAAE,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAE7B,MAAM,YAAY,GAAG,IAAA,mCAAmB,GAAE,CAAC;IAC3C,OAAO,CAAC,GAAG,CAAC,iBAAiB,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IACjE,OAAO,CAAC,GAAG,CAAC,mBAAmB,YAAY,CAAC,cAAc,CAAC,aAAa,EAAE,CAAC,CAAC;IAC5E,OAAO,CAAC,GAAG,CAAC,sBAAsB,YAAY,CAAC,cAAc,CAAC,gBAAgB,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IAC9F,OAAO,CAAC,GAAG,CAAC,mBAAmB,YAAY,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IACxF,OAAO,CAAC,GAAG,CAAC,2BAA2B,YAAY,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;IAExE,IAAI,YAAY,CAAC,cAAc,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClD,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;QACnC,YAAY,CAAC,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;YACjD,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,EAAE,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;IACL,CAAC;IAED,uBAAuB;IACvB,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;IAC1C,OAAO,CAAC,GAAG,CAAC,GAAG,CAAE,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAE7B,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;IAEtD,mCAAmC;IACnC,MAAM,iBAAiB,GAAG;QACxB,eAAe,EAAE,YAAY;QAC7B,QAAQ,EAAE,yBAAyB,EAAG,kCAAkC;QACxE,OAAO,EAAE,CAAC,WAAW,CAAC;KACvB,CAAC;IAEF,MAAM,mBAAmB,GAAG,IAAA,wCAAwB,EAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IACjF,OAAO,CAAC,GAAG,CAAC,4BAA4B,iBAAiB,CAAC,QAAQ,EAAE,CAAC,CAAC;IACtE,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IACvE,IAAI,CAAC,mBAAmB,CAAC,OAAO,EAAE,CAAC;QACjC,OAAO,CAAC,GAAG,CAAC,cAAc,mBAAmB,CAAC,MAAM,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED,gCAAgC;IAChC,MAAM,eAAe,GAAG;QACtB,eAAe,EAAE,iBAAiB;QAClC,QAAQ,EAAE,qCAAqC;QAC/C,OAAO,EAAE,CAAC,WAAW,CAAC;KACvB,CAAC;IAEF,MAAM,mBAAmB,GAAG,IAAA,wCAAwB,EAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;IAC/E,OAAO,CAAC,GAAG,CAAC,+BAA+B,eAAe,CAAC,QAAQ,EAAE,CAAC,CAAC;IACvE,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IACvE,IAAI,CAAC,mBAAmB,CAAC,OAAO,EAAE,CAAC;QACjC,OAAO,CAAC,GAAG,CAAC,cAAc,mBAAmB,CAAC,MAAM,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED,4BAA4B;IAC5B,MAAM,UAAU,GAAG;QACjB,eAAe,EAAE,gBAAgB;QACjC,QAAQ,EAAE,kBAAkB;QAC5B,OAAO,EAAE,CAAC,WAAW,CAAC;KACvB,CAAC;IAEF,MAAM,cAAc,GAAG,IAAA,wCAAwB,EAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IACrE,OAAO,CAAC,GAAG,CAAC,2BAA2B,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC9D,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IAClE,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,cAAc,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC;IACrD,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;IACtC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAE,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC7B,OAAO,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC;IAC/D,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAC;IAC1D,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC;IAC9D,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;IACpE,OAAO,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC;IAE/D,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;IAC/C,OAAO,CAAC,GAAG,CAAC,GAAG,CAAE,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC7B,OAAO,CAAC,GAAG,CAAC,mDAAmD,CAAC,CAAC;IACjE,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAC;IAChE,OAAO,CAAC,GAAG,CAAC,mDAAmD,CAAC,CAAC;IACjE,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;IAC3D,OAAO,CAAC,GAAG,CAAC,0DAA0D,CAAC,CAAC;AAC1E,CAAC;AAED,eAAe;AACf,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;IAC5B,IAAI,EAAE,CAAC;AACT,CAAC"}

package/dist/security/url-validator.d.ts

@@ -0,0 +1,48 @@
+/**
+ * URL Security Validation Module
+ *
+ * Provides validation and allowlisting for email provider URLs to prevent
+ * malicious redirects and supply chain attacks.
+ */
+export interface URLValidationResult {
+    isValid: boolean;
+    reason?: string;
+    domain?: string;
+    normalizedUrl?: string;
+}
+/**
+ * Validates if a URL is safe for email provider redirects
+ *
+ * @param url - The URL to validate
+ * @returns Validation result with details
+ */
+export declare function validateEmailProviderUrl(url: string): URLValidationResult;
+/**
+ * Validates all URLs in an email providers array
+ *
+ * @param providers - Array of email providers to validate
+ * @returns Array of validation results
+ */
+export declare function validateAllProviderUrls(providers: any[]): Array<{
+    provider: string;
+    url: string;
+    validation: URLValidationResult;
+}>;
+/**
+ * Security audit function to check all provider URLs
+ *
+ * @param providers - Array of email providers to audit
+ * @returns Security audit report
+ */
+export declare function auditProviderSecurity(providers: any[]): {
+    total: number;
+    valid: number;
+    invalid: number;
+    invalidProviders: {
+        provider: string;
+        url: string;
+        validation: URLValidationResult;
+    }[];
+    report: string;
+};
+//# sourceMappingURL=url-validator.d.ts.map

package/dist/security/url-validator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"url-validator.d.ts","sourceRoot":"","sources":["../../src/security/url-validator.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAwIH,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;;;GAKG;AACH,wBAAgB,wBAAwB,CAAC,GAAG,EAAE,MAAM,GAAG,mBAAmB,CA4HzE;AAED;;;;;GAKG;AACH,wBAAgB,uBAAuB,CAAC,SAAS,EAAE,GAAG,EAAE,GAAG,KAAK,CAAC;IAC/D,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,UAAU,EAAE,mBAAmB,CAAC;CACjC,CAAC,CAkBD;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,SAAS,EAAE,GAAG,EAAE;;;;;kBA7B1C,MAAM;aACX,MAAM;oBACC,mBAAmB;;;EAyChC"}

package/dist/security/url-validator.js

@@ -0,0 +1,294 @@
+"use strict";
+/**
+ * URL Security Validation Module
+ *
+ * Provides validation and allowlisting for email provider URLs to prevent
+ * malicious redirects and supply chain attacks.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateEmailProviderUrl = validateEmailProviderUrl;
+exports.validateAllProviderUrls = validateAllProviderUrls;
+exports.auditProviderSecurity = auditProviderSecurity;
+/**
+ * Allowlisted domains for email providers.
+ * Only URLs from these domains will be considered safe.
+ *
+ * NOTE: This list should be maintained carefully and updated only
+ * through security review processes.
+ */
+const ALLOWED_DOMAINS = [
+    // Google services
+    'google.com',
+    'gmail.com',
+    'googlemail.com',
+    'mail.google.com',
+    'accounts.google.com',
+    // Microsoft services
+    'microsoft.com',
+    'outlook.com',
+    'outlook.office365.com',
+    'hotmail.com',
+    'live.com',
+    'office.com',
+    // Yahoo services
+    'yahoo.com',
+    'yahoo.co.uk',
+    'yahoo.fr',
+    'yahoo.de',
+    'login.yahoo.com',
+    // Privacy-focused providers
+    'proton.me',
+    'protonmail.com',
+    'protonmail.ch',
+    'tutanota.com',
+    'tutanota.de',
+    'posteo.de',
+    'runbox.com',
+    'countermail.com',
+    'hushmail.com',
+    // Business providers
+    'zoho.com',
+    'fastmail.com',
+    'rackspace.com',
+    'apps.rackspace.com',
+    // Other legitimate providers
+    'aol.com',
+    'mail.aol.com',
+    'gmx.com',
+    'gmx.net',
+    'mail.com',
+    'yandex.com',
+    'yandex.ru',
+    'web.de',
+    'mail.ru',
+    'libero.it',
+    'orange.fr',
+    'free.fr',
+    't-online.de',
+    'comcast.net',
+    'att.net',
+    'verizon.net',
+    'bluehost.com',
+    'godaddy.com',
+    'secureserver.net',
+    // Additional providers from security audit
+    'kolabnow.com',
+    'connect.xfinity.com',
+    'login.verizon.com',
+    'www.simply.com',
+    'www.one.com',
+    'mailfence.com',
+    'neo.space',
+    'mail.126.com',
+    'mail.qq.com',
+    'mail.sina.com.cn',
+    'www.xtra.co.nz',
+    'mail.rediff.com',
+    'mail.rakuten.co.jp',
+    'mail.nifty.com',
+    'mail.iij.ad.jp',
+    'email.uol.com.br',
+    'email.bol.com.br',
+    'email.globo.com',
+    'webmail.terra.com.br',
+    'webmail.movistar.es',
+    'webmail.ono.com',
+    'webmail.telkom.co.za',
+    'webmail.vodacom.co.za',
+    'webmail.mtnonline.com',
+    'bdmail.net',
+    'mail.aamra.com.bd',
+    'mail.link3.net',
+    'mail.ionos.com',
+    'www.icloud.com',
+    'icloud.com',
+    'mail.hostinger.com',
+    'ngx257.inmotionhosting.com',
+    'privateemail.com',
+    'app.titan.email',
+    'tools.siteground.com',
+    'portal.hostgator.com'
+];
+/**
+ * Suspicious URL patterns that should always be rejected
+ */
+const SUSPICIOUS_PATTERNS = [
+    /[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/, // IP addresses
+    /localhost/i,
+    /127\.0\.0\.1/,
+    /192\.168\./,
+    /10\./,
+    /172\./,
+    /\.tk$|\.ml$|\.ga$|\.cf$/i, // Suspicious TLDs
+    /[a-z0-9]+-[a-z0-9]+-[a-z0-9]+\./i, // Random subdomain patterns
+];
+/**
+ * URL shortener domains (should be rejected for security)
+ */
+const URL_SHORTENERS = [
+    'bit.ly',
+    'tinyurl.com',
+    't.co',
+    'short.link',
+    'ow.ly',
+    'is.gd',
+    'buff.ly'
+];
+/**
+ * Validates if a URL is safe for email provider redirects
+ *
+ * @param url - The URL to validate
+ * @returns Validation result with details
+ */
+function validateEmailProviderUrl(url) {
+    try {
+        // Check for malicious patterns in raw URL before parsing
+        const rawUrl = url.toLowerCase();
+        // Decode URL to catch encoded malicious patterns
+        let decodedUrl = '';
+        try {
+            decodedUrl = decodeURIComponent(rawUrl);
+        }
+        catch {
+            // If URL can't be decoded, treat as suspicious
+            return {
+                isValid: false,
+                reason: 'URL contains potentially malicious content',
+                domain: 'unknown'
+            };
+        }
+        // Check both raw and decoded URLs for malicious patterns
+        const urlsToCheck = [rawUrl, decodedUrl];
+        for (const urlToCheck of urlsToCheck) {
+            if (urlToCheck.includes('..') ||
+                urlToCheck.includes('%2e%2e') ||
+                urlToCheck.includes('javascript:') ||
+                urlToCheck.includes('data:') ||
+                urlToCheck.includes('vbscript:') ||
+                urlToCheck.includes('file:') ||
+                urlToCheck.includes('about:') ||
+                urlToCheck.includes('<script') ||
+                urlToCheck.includes('onload=') ||
+                urlToCheck.includes('onerror=')) {
+                return {
+                    isValid: false,
+                    reason: 'URL contains potentially malicious content',
+                    domain: 'unknown'
+                };
+            }
+        }
+        // Parse and normalize the URL
+        const urlObj = new URL(url);
+        const domain = urlObj.hostname.toLowerCase();
+        const normalizedUrl = urlObj.toString();
+        // Must use HTTPS
+        if (urlObj.protocol !== 'https:') {
+            return {
+                isValid: false,
+                reason: 'URL must use HTTPS protocol',
+                domain
+            };
+        }
+        // Check for suspicious patterns
+        for (const pattern of SUSPICIOUS_PATTERNS) {
+            if (pattern.test(domain)) {
+                return {
+                    isValid: false,
+                    reason: 'URL contains suspicious patterns',
+                    domain
+                };
+            }
+        }
+        // Check for URL shorteners
+        if (URL_SHORTENERS.includes(domain)) {
+            return {
+                isValid: false,
+                reason: 'URL shorteners are not allowed',
+                domain
+            };
+        }
+        // Check against allowlist
+        const isAllowed = ALLOWED_DOMAINS.some(allowedDomain => {
+            // Exact match or subdomain match
+            return domain === allowedDomain || domain.endsWith(`.${allowedDomain}`);
+        });
+        if (!isAllowed) {
+            return {
+                isValid: false,
+                reason: `Domain '${domain}' is not in the allowlist`,
+                domain
+            };
+        }
+        // Additional security checks for malicious content
+        const fullUrl = urlObj.toString().toLowerCase();
+        const pathname = urlObj.pathname.toLowerCase();
+        const search = urlObj.search.toLowerCase();
+        // Check for path traversal
+        if (pathname.includes('..') || pathname.includes('%2e%2e')) {
+            return {
+                isValid: false,
+                reason: 'URL contains potentially malicious content',
+                domain
+            };
+        }
+        // Check for JavaScript injection
+        if (fullUrl.includes('javascript:') || search.includes('javascript') || fullUrl.includes('data:')) {
+            return {
+                isValid: false,
+                reason: 'URL contains potentially malicious content',
+                domain
+            };
+        }
+        return {
+            isValid: true,
+            domain,
+            normalizedUrl
+        };
+    }
+    catch (error) {
+        return {
+            isValid: false,
+            reason: `Invalid URL format: ${error instanceof Error ? error.message : 'Unknown error'}`
+        };
+    }
+}
+/**
+ * Validates all URLs in an email providers array
+ *
+ * @param providers - Array of email providers to validate
+ * @returns Array of validation results
+ */
+function validateAllProviderUrls(providers) {
+    const results = [];
+    for (const provider of providers) {
+        if (provider.loginUrl) {
+            results.push({
+                provider: provider.companyProvider || 'Unknown',
+                url: provider.loginUrl,
+                validation: validateEmailProviderUrl(provider.loginUrl)
+            });
+        }
+    }
+    return results;
+}
+/**
+ * Security audit function to check all provider URLs
+ *
+ * @param providers - Array of email providers to audit
+ * @returns Security audit report
+ */
+function auditProviderSecurity(providers) {
+    const validations = validateAllProviderUrls(providers);
+    const invalid = validations.filter(v => !v.validation.isValid);
+    const valid = validations.filter(v => v.validation.isValid);
+    return {
+        total: validations.length,
+        valid: valid.length,
+        invalid: invalid.length,
+        invalidProviders: invalid,
+        report: invalid.length === 0
+            ? '✅ All provider URLs passed security validation'
+            : `⚠️  ${invalid.length} provider(s) failed security validation`
+    };
+}
+//# sourceMappingURL=url-validator.js.map

package/dist/security/url-validator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"url-validator.js","sourceRoot":"","sources":["../../src/security/url-validator.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAqJH,4DA4HC;AAQD,0DAsBC;AAQD,sDAcC;AAnUD;;;;;;GAMG;AACH,MAAM,eAAe,GAAG;IACtB,kBAAkB;IAClB,YAAY;IACZ,WAAW;IACX,gBAAgB;IAChB,iBAAiB;IACjB,qBAAqB;IAErB,qBAAqB;IACrB,eAAe;IACf,aAAa;IACb,uBAAuB;IACvB,aAAa;IACb,UAAU;IACV,YAAY;IAEZ,iBAAiB;IACjB,WAAW;IACX,aAAa;IACb,UAAU;IACV,UAAU;IACV,iBAAiB;IAEjB,4BAA4B;IAC5B,WAAW;IACX,gBAAgB;IAChB,eAAe;IACf,cAAc;IACd,aAAa;IACb,WAAW;IACX,YAAY;IACZ,iBAAiB;IACjB,cAAc;IAEd,qBAAqB;IACrB,UAAU;IACV,cAAc;IACd,eAAe;IACf,oBAAoB;IAEpB,6BAA6B;IAC7B,SAAS;IACT,cAAc;IACd,SAAS;IACT,SAAS;IACT,UAAU;IACV,YAAY;IACZ,WAAW;IACX,QAAQ;IACR,SAAS;IACT,WAAW;IACX,WAAW;IACX,SAAS;IACT,aAAa;IACb,aAAa;IACb,SAAS;IACT,aAAa;IACb,cAAc;IACd,aAAa;IACb,kBAAkB;IAElB,2CAA2C;IAC3C,cAAc;IACd,qBAAqB;IACrB,mBAAmB;IACnB,gBAAgB;IAChB,aAAa;IACb,eAAe;IACf,WAAW;IACX,cAAc;IACd,aAAa;IACb,kBAAkB;IAClB,gBAAgB;IAChB,iBAAiB;IACjB,oBAAoB;IACpB,gBAAgB;IAChB,gBAAgB;IAChB,kBAAkB;IAClB,kBAAkB;IAClB,iBAAiB;IACjB,sBAAsB;IACtB,qBAAqB;IACrB,iBAAiB;IACjB,sBAAsB;IACtB,uBAAuB;IACvB,uBAAuB;IACvB,YAAY;IACZ,mBAAmB;IACnB,gBAAgB;IAChB,gBAAgB;IAChB,gBAAgB;IAChB,YAAY;IACZ,oBAAoB;IACpB,4BAA4B;IAC5B,kBAAkB;IAClB,iBAAiB;IACjB,sBAAsB;IACtB,sBAAsB;CACvB,CAAC;AAEF;;GAEG;AACH,MAAM,mBAAmB,GAAG;IAC1B,gDAAgD,EAAE,eAAe;IACjE,YAAY;IACZ,cAAc;IACd,YAAY;IACZ,MAAM;IACN,OAAO;IACP,0BAA0B,EAAE,kBAAkB;IAC9C,kCAAkC,EAAE,4BAA4B;CACjE,CAAC;AAEF;;GAEG;AACH,MAAM,cAAc,GAAG;IACrB,QAAQ;IACR,aAAa;IACb,MAAM;IACN,YAAY;IACZ,OAAO;IACP,OAAO;IACP,SAAS;CACV,CAAC;AASF;;;;;GAKG;AACH,SAAgB,wBAAwB,CAAC,GAAW;IAClD,IAAI,CAAC;QACH,yDAAyD;QACzD,MAAM,MAAM,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QAEjC,iDAAiD;QACjD,IAAI,UAAU,GAAG,EAAE,CAAC;QACpB,IAAI,CAAC;YACH,UAAU,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,+CAA+C;YAC/C,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,4CAA4C;gBACpD,MAAM,EAAE,SAAS;aAClB,CAAC;QACJ,CAAC;QAED,yDAAyD;QACzD,MAAM,WAAW,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QACzC,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,IACE,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC;gBACzB,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAC7B,UAAU,CAAC,QAAQ,CAAC,aAAa,CAAC;gBAClC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;gBAC5B,UAAU,CAAC,QAAQ,CAAC,WAAW,CAAC;gBAChC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;gBAC5B,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAC7B,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAC9B,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAC9B,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,EAC/B,CAAC;gBACD,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,4CAA4C;oBACpD,MAAM,EAAE,SAAS;iBAClB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,8BAA8B;QAC9B,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAC7C,MAAM,aAAa,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;QAExC,iBAAiB;QACjB,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACjC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,6BAA6B;gBACrC,MAAM;aACP,CAAC;QACJ,CAAC;QAED,gCAAgC;QAChC,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;YAC1C,IAAI,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBACzB,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,kCAAkC;oBAC1C,MAAM;iBACP,CAAC;YACJ,CAAC;QACH,CAAC;QAED,2BAA2B;QAC3B,IAAI,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACpC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,gCAAgC;gBACxC,MAAM;aACP,CAAC;QACJ,CAAC;QAED,0BAA0B;QAC1B,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE;YACrD,iCAAiC;YACjC,OAAO,MAAM,KAAK,aAAa,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,aAAa,EAAE,CAAC,CAAC;QAC1E,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,WAAW,MAAM,2BAA2B;gBACpD,MAAM;aACP,CAAC;QACJ,CAAC;QAED,mDAAmD;QACnD,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC,WAAW,EAAE,CAAC;QAChD,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAC/C,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;QAE3C,2BAA2B;QAC3B,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3D,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,4CAA4C;gBACpD,MAAM;aACP,CAAC;QACJ,CAAC;QAED,iCAAiC;QACjC,IAAI,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAClG,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,4CAA4C;gBACpD,MAAM;aACP,CAAC;QACJ,CAAC;QAED,OAAO;YACL,OAAO,EAAE,IAAI;YACb,MAAM;YACN,aAAa;SACd,CAAC;IAEJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,uBAAuB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;SAC1F,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAgB,uBAAuB,CAAC,SAAgB;IAKtD,MAAM,OAAO,GAIR,EAAE,CAAC;IAER,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACtB,OAAO,CAAC,IAAI,CAAC;gBACX,QAAQ,EAAE,QAAQ,CAAC,eAAe,IAAI,SAAS;gBAC/C,GAAG,EAAE,QAAQ,CAAC,QAAQ;gBACtB,UAAU,EAAE,wBAAwB,CAAC,QAAQ,CAAC,QAAQ,CAAC;aACxD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,qBAAqB,CAAC,SAAgB;IACpD,MAAM,WAAW,GAAG,uBAAuB,CAAC,SAAS,CAAC,CAAC;IACvD,MAAM,OAAO,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAC/D,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAE5D,OAAO;QACL,KAAK,EAAE,WAAW,CAAC,MAAM;QACzB,KAAK,EAAE,KAAK,CAAC,MAAM;QACnB,OAAO,EAAE,OAAO,CAAC,MAAM;QACvB,gBAAgB,EAAE,OAAO;QACzB,MAAM,EAAE,OAAO,CAAC,MAAM,KAAK,CAAC;YAC1B,CAAC,CAAC,gDAAgD;YAClD,CAAC,CAAC,OAAO,OAAO,CAAC,MAAM,yCAAyC;KACnE,CAAC;AACJ,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mikkelscheike/email-provider-links",
-  "version": "1.1.0",
+  "version": "1.3.1",
   "description": "A TypeScript package that provides direct links to email providers based on email addresses to streamline login and password reset flows",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",