@mikkelscheike/email-provider-links 1.5.1 → 1.6.0

package/README.md

@@ -7,14 +7,16 @@ A TypeScript package that provides direct links to email providers based on emai
 ## ✨ Features
 
 - 🚀 **Fast & Lightweight**: Zero dependencies, minimal footprint
-- 📧 **64+ Email Providers**: Gmail, Outlook, Yahoo, ProtonMail, iCloud, and more
+- 📧 **74 Email Providers**: Gmail, Outlook, Yahoo, ProtonMail, iCloud, and more
+- 🌐 **147+ Domains Supported**: Comprehensive international coverage
 - 🏢 **Business Domain Detection**: DNS-based detection for custom domains (Google Workspace, Microsoft 365, etc.)
 - 🔒 **Enterprise Security**: Multi-layer protection against malicious URLs and supply chain attacks
 - 🛡️ **URL Validation**: HTTPS-only enforcement with domain allowlisting
 - 🔐 **Integrity Verification**: Cryptographic hash verification for data integrity
 - 📝 **Type Safe**: Full TypeScript support with comprehensive interfaces
 - ⚡ **Performance Optimized**: Smart DNS fallback with configurable timeouts
-- 🧪 **Thoroughly Tested**: 83+ tests including comprehensive security coverage
+- 🚦 **Rate Limiting**: Built-in DNS query rate limiting to prevent abuse
+- 🧪 **Thoroughly Tested**: 142+ tests with 94.69% code coverage
 
 ## Installation
 
@@ -38,11 +40,33 @@ console.log(business.provider?.companyProvider); // "Google Workspace" (if detec
 
 ## Supported Providers
 
-**Consumer Email:**
-Gmail, Outlook, Yahoo Mail, iCloud, ProtonMail, Zoho, AOL, GMX, Web.de, Mail.ru, QQ Mail, NetEase, Yandex, and more.
+**📊 Current Coverage: 74 providers supporting 147+ domains**
+
+**Consumer Email Providers:**
+- **Gmail** (2 domains): gmail.com, googlemail.com
+- **Microsoft Outlook** (15 domains): outlook.com, hotmail.com, live.com, msn.com, and 11 more
+- **Yahoo Mail** (19 domains): yahoo.com, yahoo.co.uk, yahoo.fr, ymail.com, rocketmail.com, and 14 more
+- **ProtonMail** (4 domains): proton.me, protonmail.com, protonmail.ch, pm.me
+- **iCloud Mail** (3 domains): icloud.com, me.com, mac.com
+- **Tutanota** (6 domains): tutanota.com, tutanota.de, tutamail.com, tuta.io, keemail.me, tuta.com
+- **SimpleLogin** (10 domains): simplelogin.io, 8alias.com, aleeas.com, slmail.me, and 6 more
+- **FastMail, Zoho Mail, AOL Mail, GMX, Web.de, Mail.ru, QQ Mail, NetEase, Yandex**, and many more
 
 **Business Email (via DNS detection):**
-Microsoft 365, Google Workspace, ProtonMail Business, Hostinger, FastMail, GoDaddy, Tutanota, Zoho Workplace, and others.
+- **Microsoft 365** (Business domains via MX/TXT records)
+- **Google Workspace** (Custom domains via DNS patterns)
+- **Amazon WorkMail** (AWS email infrastructure via awsapps.com patterns)
+- **Zoho Workplace, FastMail Business, GoDaddy Email, Bluehost Email**
+- **ProtonMail Business, Rackspace Email, IONOS**, and others
+
+**Security & Privacy Focused:**
+- **ProtonMail, Tutanota, Hushmail, CounterMail, Posteo**
+- **Mailfence, SimpleLogin, AnonAddy**
+
+**International Providers:**
+- **Europe**: GMX, Web.de, Orange, Free.fr, T-Online, Libero
+- **Asia**: QQ Mail, NetEase, Sina Mail, Rakuten, Nifty, **Naver** (Korea), **Daum** (Korea), **Biglobe** (Japan)
+- **Other Regions**: UOL (Brazil), Telkom (South Africa), Xtra (New Zealand)
 
 ## API
 
@@ -85,6 +109,14 @@ const result = await getEmailProviderLinkWithDNS(email, 2000);
 // Check if provider is supported
 import { isEmailProviderSupported } from '@mikkelscheike/email-provider-links';
 const supported = isEmailProviderSupported('user@gmail.com');
+
+// Rate limiting configuration
+import { RateLimit } from '@mikkelscheike/email-provider-links';
+console.log('Max requests:', RateLimit.MAX_REQUESTS); // 10
+console.log('Time window:', RateLimit.WINDOW_MS);     // 60000ms
+
+// Custom rate limiter for specific use cases
+const customLimiter = new RateLimit.SimpleRateLimiter(20, 120000); // 20 requests per 2 minutes
 ```
 
 ## TypeScript Support
@@ -97,6 +129,13 @@ interface EmailProviderResult {
   detectionMethod?: 'domain_match' | 'mx_record' | 'txt_record' | 'proxy_detected';
   proxyService?: string;
 }
+
+interface RateLimitConfig {
+  MAX_REQUESTS: number;     // 10 requests
+  WINDOW_MS: number;        // 60000ms (1 minute)
+  SimpleRateLimiter: class; // Custom rate limiter class
+  getCurrentLimiter(): SimpleRateLimiter; // Get current global limiter
+}
 ```
 
 ## 🛡️ Security Features

package/dist/index.d.ts

@@ -10,6 +10,30 @@
  *
  * @packageDocumentation
  */
+/**
+ * Simple rate limiter to prevent excessive DNS queries.
+ * Tracks request timestamps and enforces a maximum number of requests per time window.
+ */
+declare class SimpleRateLimiter {
+    private maxRequests;
+    private windowMs;
+    private requestTimestamps;
+    constructor(maxRequests?: number, windowMs?: number);
+    /**
+     * Checks if a request is allowed under the current rate limit.
+     * @returns true if request is allowed, false if rate limited
+     */
+    isAllowed(): boolean;
+    /**
+     * Gets the current number of requests in the window.
+     */
+    getCurrentCount(): number;
+    /**
+     * Gets the time until the rate limit resets (when oldest request expires).
+     * @returns milliseconds until reset, or 0 if not rate limited
+     */
+    getTimeUntilReset(): number;
+}
 /**
  * Represents an email provider with its associated domains and login URL.
  *
@@ -226,12 +250,18 @@ export declare function isEmailProviderSupported(email: string): boolean;
  *
  * @remarks
  * **Detection Algorithm:**
- * 1. Performs MX record lookup for the domain
- * 2. Checks if MX records match known proxy services (Cloudflare, etc.)
- * 3. If proxy detected, returns null provider with proxy info
- * 4. Otherwise, matches MX records against business email provider patterns
- * 5. If no MX match, falls back to TXT record analysis (SPF records, etc.)
- * 6. Returns the first matching provider or null if none found
+ * 1. Checks rate limiting (max 10 requests per minute)
+ * 2. Performs MX record lookup for the domain
+ * 3. Checks if MX records match known proxy services (Cloudflare, etc.)
+ * 4. If proxy detected, returns null provider with proxy info
+ * 5. Otherwise, matches MX records against business email provider patterns
+ * 6. If no MX match, falls back to TXT record analysis (SPF records, etc.)
+ * 7. Returns the first matching provider or null if none found
+ *
+ * **Rate Limiting:**
+ * - Maximum 10 DNS requests per 60-second window
+ * - Rate limit exceeded returns error with retry information
+ * - Prevents abuse and excessive DNS queries
  *
  * **Provider Patterns Checked:**
  * - Google Workspace: aspmx.l.google.com, aspmx2.googlemail.com, etc.
@@ -303,6 +333,20 @@ export declare function detectProviderByDNS(domain: string, timeoutMs?: number):
  * - Business domain analysis for enterprise features
  */
 export declare function getEmailProviderLinkWithDNS(email: string, timeoutMs?: number): Promise<EmailProviderResult>;
+/**
+ * Rate limiting configuration constants and utilities.
+ * @public
+ */
+export declare const RateLimit: {
+    MAX_REQUESTS: number;
+    WINDOW_MS: number;
+    SimpleRateLimiter: typeof SimpleRateLimiter;
+    /**
+     * Gets the current rate limiter instance for inspection or testing.
+     * @internal
+     */
+    getCurrentLimiter: () => SimpleRateLimiter;
+};
 declare const _default: {
     getEmailProviderLink: typeof getEmailProviderLink;
     getEmailProviderLinkWithDNS: typeof getEmailProviderLinkWithDNS;
@@ -312,5 +356,15 @@ declare const _default: {
     findEmailProvider: typeof findEmailProvider;
     getSupportedProviders: typeof getSupportedProviders;
     isEmailProviderSupported: typeof isEmailProviderSupported;
+    RateLimit: {
+        MAX_REQUESTS: number;
+        WINDOW_MS: number;
+        SimpleRateLimiter: typeof SimpleRateLimiter;
+        /**
+         * Gets the current rate limiter instance for inspection or testing.
+         * @internal
+         */
+        getCurrentLimiter: () => SimpleRateLimiter;
+    };
 };
 export default _default;

package/dist/index.js

@@ -12,6 +12,7 @@
  * @packageDocumentation
  */
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.RateLimit = void 0;
 exports.isValidEmail = isValidEmail;
 exports.extractDomain = extractDomain;
 exports.findEmailProvider = findEmailProvider;
@@ -31,17 +32,77 @@ const resolveTxtAsync = (0, util_1.promisify)(dns_1.resolveTxt);
  * Default timeout for DNS queries in milliseconds.
  */
 const DEFAULT_DNS_TIMEOUT = 5000; // 5 seconds
+/**
+ * Rate limiting configuration for DNS queries.
+ */
+const RATE_LIMIT_MAX_REQUESTS = 10; // Maximum requests per time window
+const RATE_LIMIT_WINDOW_MS = 60000; // Time window in milliseconds (1 minute)
+/**
+ * Simple rate limiter to prevent excessive DNS queries.
+ * Tracks request timestamps and enforces a maximum number of requests per time window.
+ */
+class SimpleRateLimiter {
+    constructor(maxRequests = RATE_LIMIT_MAX_REQUESTS, windowMs = RATE_LIMIT_WINDOW_MS) {
+        this.maxRequests = maxRequests;
+        this.windowMs = windowMs;
+        this.requestTimestamps = [];
+    }
+    /**
+     * Checks if a request is allowed under the current rate limit.
+     * @returns true if request is allowed, false if rate limited
+     */
+    isAllowed() {
+        const now = Date.now();
+        // Remove old timestamps outside the current window
+        this.requestTimestamps = this.requestTimestamps.filter(timestamp => now - timestamp < this.windowMs);
+        // Check if we're under the limit
+        if (this.requestTimestamps.length < this.maxRequests) {
+            this.requestTimestamps.push(now);
+            return true;
+        }
+        return false;
+    }
+    /**
+     * Gets the current number of requests in the window.
+     */
+    getCurrentCount() {
+        const now = Date.now();
+        this.requestTimestamps = this.requestTimestamps.filter(timestamp => now - timestamp < this.windowMs);
+        return this.requestTimestamps.length;
+    }
+    /**
+     * Gets the time until the rate limit resets (when oldest request expires).
+     * @returns milliseconds until reset, or 0 if not rate limited
+     */
+    getTimeUntilReset() {
+        if (this.requestTimestamps.length === 0)
+            return 0;
+        const oldestTimestamp = Math.min(...this.requestTimestamps);
+        const resetTime = oldestTimestamp + this.windowMs;
+        const now = Date.now();
+        return Math.max(0, resetTime - now);
+    }
+}
+// Global rate limiter instance
+const dnsRateLimiter = new SimpleRateLimiter();
 /**
  * Creates a Promise that rejects after the specified timeout.
  *
  * @param ms - Timeout in milliseconds
- * @returns Promise that rejects with timeout error
+ * @returns Promise that rejects with timeout error and a cleanup function
  * @internal
  */
 function createTimeout(ms) {
-    return new Promise((_, reject) => {
-        setTimeout(() => reject(new Error(`DNS query timeout after ${ms}ms`)), ms);
+    let timeoutId;
+    const promise = new Promise((_, reject) => {
+        timeoutId = setTimeout(() => reject(new Error(`DNS query timeout after ${ms}ms`)), ms);
     });
+    const cleanup = () => {
+        if (timeoutId) {
+            clearTimeout(timeoutId);
+        }
+    };
+    return { promise, cleanup };
 }
 /**
  * Wraps a DNS query with a timeout.
@@ -52,7 +113,11 @@ function createTimeout(ms) {
  * @internal
  */
 function withTimeout(promise, timeoutMs) {
-    return Promise.race([promise, createTimeout(timeoutMs)]);
+    const { promise: timeoutPromise, cleanup } = createTimeout(timeoutMs);
+    return Promise.race([
+        promise.finally(() => cleanup()), // Clean up timeout when original promise settles
+        timeoutPromise
+    ]);
 }
 // Load providers from external JSON file
 let EMAIL_PROVIDERS = [];
@@ -318,12 +383,18 @@ function detectProxyService(mxRecords) {
  *
  * @remarks
  * **Detection Algorithm:**
- * 1. Performs MX record lookup for the domain
- * 2. Checks if MX records match known proxy services (Cloudflare, etc.)
- * 3. If proxy detected, returns null provider with proxy info
- * 4. Otherwise, matches MX records against business email provider patterns
- * 5. If no MX match, falls back to TXT record analysis (SPF records, etc.)
- * 6. Returns the first matching provider or null if none found
+ * 1. Checks rate limiting (max 10 requests per minute)
+ * 2. Performs MX record lookup for the domain
+ * 3. Checks if MX records match known proxy services (Cloudflare, etc.)
+ * 4. If proxy detected, returns null provider with proxy info
+ * 5. Otherwise, matches MX records against business email provider patterns
+ * 6. If no MX match, falls back to TXT record analysis (SPF records, etc.)
+ * 7. Returns the first matching provider or null if none found
+ *
+ * **Rate Limiting:**
+ * - Maximum 10 DNS requests per 60-second window
+ * - Rate limit exceeded returns error with retry information
+ * - Prevents abuse and excessive DNS queries
  *
  * **Provider Patterns Checked:**
  * - Google Workspace: aspmx.l.google.com, aspmx2.googlemail.com, etc.
@@ -338,6 +409,11 @@ function detectProxyService(mxRecords) {
  */
 async function detectProviderByDNS(domain, timeoutMs = DEFAULT_DNS_TIMEOUT) {
     const normalizedDomain = domain.toLowerCase();
+    // Check rate limiting
+    if (!dnsRateLimiter.isAllowed()) {
+        const retryAfter = Math.ceil(dnsRateLimiter.getTimeUntilReset() / 1000);
+        throw new Error(`Rate limit exceeded. DNS queries limited to ${RATE_LIMIT_MAX_REQUESTS} requests per minute. Try again in ${retryAfter} seconds.`);
+    }
     // Get providers that support custom domain detection
     const customDomainProviders = EMAIL_PROVIDERS.filter(provider => provider.customDomainDetection &&
         (provider.customDomainDetection.mxPatterns || provider.customDomainDetection.txtPatterns));
@@ -502,6 +578,20 @@ async function getEmailProviderLinkWithDNS(email, timeoutMs = DEFAULT_DNS_TIMEOU
         loginUrl: null
     };
 }
+/**
+ * Rate limiting configuration constants and utilities.
+ * @public
+ */
+exports.RateLimit = {
+    MAX_REQUESTS: RATE_LIMIT_MAX_REQUESTS,
+    WINDOW_MS: RATE_LIMIT_WINDOW_MS,
+    SimpleRateLimiter,
+    /**
+     * Gets the current rate limiter instance for inspection or testing.
+     * @internal
+     */
+    getCurrentLimiter: () => dnsRateLimiter
+};
 // Default export for convenience
 exports.default = {
     getEmailProviderLink,
@@ -511,5 +601,6 @@ exports.default = {
     extractDomain,
     findEmailProvider,
     getSupportedProviders,
-    isEmailProviderSupported
+    isEmailProviderSupported,
+    RateLimit: exports.RateLimit
 };

package/dist/security/hash-verifier.js

@@ -27,9 +27,9 @@ const path_1 = require("path");
  */
 const KNOWN_GOOD_HASHES = {
     // SHA-256 hash of the legitimate emailproviders.json
-    'emailproviders.json': 'da7a856fe04b11e326230d195fcc3d44f078e481b8929cf4fb5040276e05ffd0',
+    'emailproviders.json': '1c7925d02cc66b487046afdce81f744bd7a42f5a489e16e53a1a979575e4473b',
     // You can add hashes for other critical files
-    'package.json': '4fec42bf25d33615a2b19bfe573b6d706404d39bfcdd6464a6958e70fca2a579'
+    'package.json': 'ba2810fd51f2d044890119e6f49926b80d822a4cafedaff25e3f91ba8ec65c2f'
 };
 /**
  * Calculates SHA-256 hash of a file or string content
@@ -206,7 +206,7 @@ function handleHashMismatch(result, options = {}) {
         '4. Verify file integrity from trusted source',
         '5. Report security incident if confirmed',
         '',
-        '📧 Consider reporting to: security@[your-domain].com'
+        '📧 Report security issues: https://github.com/mikkelscheike/email-provider-links/security'
     ].join('\n');
     if (logLevel === 'error') {
         console.error(securityAlert);

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@mikkelscheike/email-provider-links",
-  "version": "1.5.1",
-  "description": "A TypeScript package that provides direct links to email providers based on email addresses to streamline login and password reset flows",
+  "version": "1.6.0",
+  "description": "A TypeScript package providing direct links to 74 email providers (147+ domains) with enterprise security features, rate limiting, and comprehensive international coverage for login and password reset flows",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "files": [