npm - @mikkelscheike/email-provider-links - Versions diffs - 1.5.1 → 1.7.0 - Mend

@mikkelscheike/email-provider-links 1.5.1 → 1.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md +137 -7
package/dist/alias-detection.d.ts +75 -0
package/dist/alias-detection.js +320 -0
package/dist/index.d.ts +64 -6
package/dist/index.js +122 -11
package/dist/security/hash-verifier.js +3 -3
package/package.json +7 -2
package/providers/emailproviders.json +864 -290

package/README.md CHANGED Viewed

@@ -1,20 +1,24 @@
 # Email Provider Links
-🔒 **Enterprise-grade secure email provider detection for login and password reset flows**
+🔒 **Enterprise-grade secure email provider detection with advanced alias normalization**
-A TypeScript package that provides direct links to email providers based on email addresses, with comprehensive security features to prevent malicious redirects and supply chain attacks.
+A TypeScript package providing direct links to **93 email providers** (180+ domains) with **email alias detection**, comprehensive security features, and international coverage for login and password reset flows.
 ## ✨ Features
 - 🚀 **Fast & Lightweight**: Zero dependencies, minimal footprint
-- 📧 **64+ Email Providers**: Gmail, Outlook, Yahoo, ProtonMail, iCloud, and more
+- 📧 **93 Email Providers**: Gmail, Outlook, Yahoo, ProtonMail, iCloud, and many more
+- 🌐 **180+ Domains Supported**: Comprehensive international coverage
 - 🏢 **Business Domain Detection**: DNS-based detection for custom domains (Google Workspace, Microsoft 365, etc.)
 - 🔒 **Enterprise Security**: Multi-layer protection against malicious URLs and supply chain attacks
 - 🛡️ **URL Validation**: HTTPS-only enforcement with domain allowlisting
 - 🔐 **Integrity Verification**: Cryptographic hash verification for data integrity
 - 📝 **Type Safe**: Full TypeScript support with comprehensive interfaces
 - ⚡ **Performance Optimized**: Smart DNS fallback with configurable timeouts
-- 🧪 **Thoroughly Tested**: 83+ tests including comprehensive security coverage
+- 🚦 **Rate Limiting**: Built-in DNS query rate limiting to prevent abuse
+- 🔄 **Email Alias Detection**: Normalize Gmail dots, plus addressing, and provider-specific aliases
+- 🛡️ **Fraud Prevention**: Detect duplicate accounts through email alias manipulation
+- 🧪 **Thoroughly Tested**: 188+ tests with comprehensive coverage
 ## Installation
@@ -38,11 +42,34 @@ console.log(business.provider?.companyProvider); // "Google Workspace" (if detec
 ## Supported Providers
-**Consumer Email:**
-Gmail, Outlook, Yahoo Mail, iCloud, ProtonMail, Zoho, AOL, GMX, Web.de, Mail.ru, QQ Mail, NetEase, Yandex, and more.
+**📊 Current Coverage: 93 providers supporting 180+ domains**
+**Consumer Email Providers:**
+- **Gmail** (2 domains): gmail.com, googlemail.com
+- **Microsoft Outlook** (15 domains): outlook.com, hotmail.com, live.com, msn.com, and 11 more
+- **Yahoo Mail** (19 domains): yahoo.com, yahoo.co.uk, yahoo.fr, ymail.com, rocketmail.com, and 14 more
+- **ProtonMail** (4 domains): proton.me, protonmail.com, protonmail.ch, pm.me
+- **iCloud Mail** (3 domains): icloud.com, me.com, mac.com
+- **Tutanota** (6 domains): tutanota.com, tutanota.de, tutamail.com, tuta.io, keemail.me, tuta.com
+- **SimpleLogin** (10 domains): simplelogin.io, 8alias.com, aleeas.com, slmail.me, and 6 more
+- **FastMail, Zoho Mail, AOL Mail, GMX, Web.de, Mail.ru, QQ Mail, NetEase, Yandex**, and many more
 **Business Email (via DNS detection):**
-Microsoft 365, Google Workspace, ProtonMail Business, Hostinger, FastMail, GoDaddy, Tutanota, Zoho Workplace, and others.
+- **Microsoft 365** (Business domains via MX/TXT records)
+- **Google Workspace** (Custom domains via DNS patterns)
+- **Amazon WorkMail** (AWS email infrastructure via awsapps.com patterns)
+- **Zoho Workplace, FastMail Business, GoDaddy Email, Bluehost Email**
+- **ProtonMail Business, Rackspace Email, IONOS**, and others
+**Security & Privacy Focused:**
+- **ProtonMail, Tutanota, Hushmail, CounterMail, Posteo**
+- **Mailfence, SimpleLogin, AnonAddy**
+**International Providers:**
+- **Europe**: GMX, Web.de, Orange, Free.fr, T-Online, Libero, Virgilio, Telekom, Tiscali, Skynet, Telenet, Xs4All, Planet.nl, Bluewin, Eircom
+- **Asia**: QQ Mail, NetEase, Sina Mail, Alibaba Mail, Rakuten, Nifty, **Naver** (Korea), **Daum** (Korea), **Biglobe** (Japan), Sify, IndiatTimes (India)
+- **Eastern Europe**: Centrum (Czech/Slovak), Interia, Onet (Poland), Rambler (Russia)
+- **Other Regions**: UOL, Terra (Brazil), Telkom (South Africa), Xtra (New Zealand)
 ## API
@@ -76,6 +103,94 @@ async function handlePasswordReset(email: string) {
 }
 ```
+## 🔄 Email Alias Detection
+**NEW in v1.7.0** - Advanced email alias detection and normalization to prevent duplicate accounts and improve user experience.
+### Features
+- **Gmail Dot Normalization**: `u.s.e.r@gmail.com` → `user@gmail.com`
+- **Plus Addressing**: `user+newsletter@provider.com` → `user@provider.com`
+- **Provider-Specific Rules**: Different providers have different aliasing capabilities
+- **Fraud Prevention**: Detect when users try to create multiple accounts with aliases
+- **Email Deduplication**: Normalize email lists to get accurate unique user counts
+### Quick Start
+```typescript
+import {
+  detectEmailAlias,
+  normalizeEmail,
+  emailsMatch
+} from '@mikkelscheike/email-provider-links';
+// Detect and analyze aliases
+const result = detectEmailAlias('u.s.e.r+work@gmail.com');
+console.log(result.canonical);  // 'user@gmail.com'
+console.log(result.isAlias);    // true
+console.log(result.aliasType);  // 'plus'
+console.log(result.aliasPart);  // 'work'
+// Normalize any email to canonical form
+const canonical = normalizeEmail('U.S.E.R+Newsletter@GMAIL.COM');
+console.log(canonical); // 'user@gmail.com'
+// Check if two emails are the same person
+const match = emailsMatch('user@gmail.com', 'u.s.e.r+work@gmail.com');
+console.log(match); // true
+```
+### Provider Support
+| Provider | Plus Addressing | Dots Ignored | Example |
+|----------|----------------|--------------|----------|
+| **Gmail** | ✅ Yes | ✅ Yes | `u.s.e.r+tag@gmail.com` → `user@gmail.com` |
+| **Outlook** | ✅ Yes | ❌ No | `user+tag@outlook.com` → `user@outlook.com` |
+| **Yahoo** | ✅ Yes | ❌ No | `user+tag@yahoo.com` → `user@yahoo.com` |
+| **ProtonMail** | ✅ Yes | ❌ No | `user+tag@proton.me` → `user@proton.me` |
+| **AOL** | ❌ No | ❌ No | No aliasing support |
+### Advanced Usage
+```typescript
+// Prevent duplicate account creation
+async function registerUser(email: string) {
+  const canonical = normalizeEmail(email);
+  const existingUser = await findUserByEmail(canonical);
+  if (existingUser) {
+    throw new Error('Email already registered');
+  }
+  // Store canonical email to prevent future duplicates
+  await createUser({ email: canonical });
+}
+// Analyze email list for duplicates
+import { analyzeEmailAliases } from '@mikkelscheike/email-provider-links';
+const emailList = [
+  'user@gmail.com',
+  'u.s.e.r@gmail.com',
+  'user+newsletter@gmail.com',
+  'different@gmail.com'
+];
+const analysis = analyzeEmailAliases(emailList);
+console.log(analysis.totalEmails);      // 4
+console.log(analysis.uniqueCanonical);  // 2 (actual unique users)
+// Generate test aliases
+import { generateAliases } from '@mikkelscheike/email-provider-links';
+const aliases = generateAliases('user@gmail.com', {
+  plusAliases: ['work', 'personal'],
+  includeDotVariations: true,
+  maxDotVariations: 3
+});
+// Returns: ['user+work@gmail.com', 'user+personal@gmail.com', 'u.ser@gmail.com', ...]
+```
 ## Configuration
 ```typescript
@@ -85,6 +200,14 @@ const result = await getEmailProviderLinkWithDNS(email, 2000);
 // Check if provider is supported
 import { isEmailProviderSupported } from '@mikkelscheike/email-provider-links';
 const supported = isEmailProviderSupported('user@gmail.com');
+// Rate limiting configuration
+import { RateLimit } from '@mikkelscheike/email-provider-links';
+console.log('Max requests:', RateLimit.MAX_REQUESTS); // 10
+console.log('Time window:', RateLimit.WINDOW_MS);     // 60000ms
+// Custom rate limiter for specific use cases
+const customLimiter = new RateLimit.SimpleRateLimiter(20, 120000); // 20 requests per 2 minutes
 ```
 ## TypeScript Support
@@ -97,6 +220,13 @@ interface EmailProviderResult {
   detectionMethod?: 'domain_match' | 'mx_record' | 'txt_record' | 'proxy_detected';
   proxyService?: string;
 }
+interface RateLimitConfig {
+  MAX_REQUESTS: number;     // 10 requests
+  WINDOW_MS: number;        // 60000ms (1 minute)
+  SimpleRateLimiter: class; // Custom rate limiter class
+  getCurrentLimiter(): SimpleRateLimiter; // Get current global limiter
+}
 ```
 ## 🛡️ Security Features

package/dist/alias-detection.d.ts ADDED Viewed

@@ -0,0 +1,75 @@
+/**
+ * Email Alias Detection Module
+ *
+ * Detects and normalizes email aliases across different providers.
+ * Supports plus addressing (+), dot variations, and provider-specific aliasing.
+ */
+export interface AliasDetectionResult {
+    /** The normalized/canonical email address */
+    canonical: string;
+    /** The original email address */
+    original: string;
+    /** Whether an alias was detected */
+    isAlias: boolean;
+    /** Type of alias detected */
+    aliasType: 'plus' | 'dot' | 'subdomain' | 'none';
+    /** The alias part (if any) */
+    aliasPart?: string;
+    /** The provider that supports this alias type */
+    provider?: string;
+}
+export interface AliasRule {
+    /** Email domains this rule applies to */
+    domains: string[];
+    /** Whether this provider supports plus addressing (user+alias@domain.com) */
+    supportsPlusAddressing: boolean;
+    /** Whether this provider ignores dots in username (user.name@domain.com = username@domain.com) */
+    ignoresDots: boolean;
+    /** Whether this provider supports subdomain aliases (user@alias.domain.com) */
+    supportsSubdomainAlias: boolean;
+    /** Custom alias patterns specific to this provider */
+    customPatterns?: RegExp[];
+    /** Function to normalize email for this provider */
+    normalize?: (email: string) => string;
+}
+/**
+ * Detects and analyzes email aliases
+ */
+export declare function detectEmailAlias(email: string): AliasDetectionResult;
+/**
+ * Normalizes an email address to its canonical form
+ */
+export declare function normalizeEmail(email: string): string;
+/**
+ * Checks if two email addresses are the same when normalized
+ */
+export declare function emailsMatch(email1: string, email2: string): boolean;
+/**
+ * Gets alias capabilities for a domain
+ */
+export declare function getAliasCapabilities(domain: string): AliasRule | null;
+/**
+ * Generates potential aliases for an email address
+ */
+export declare function generateAliases(email: string, options?: {
+    plusAliases?: string[];
+    includeDotVariations?: boolean;
+    maxDotVariations?: number;
+}): string[];
+/**
+ * Analyzes email aliasing patterns in a list of emails
+ */
+export declare function analyzeEmailAliases(emails: string[]): {
+    totalEmails: number;
+    uniqueCanonical: number;
+    aliasGroups: Array<{
+        canonical: string;
+        aliases: string[];
+        count: number;
+    }>;
+    providerStats: Record<string, {
+        total: number;
+        aliases: number;
+        types: Record<string, number>;
+    }>;
+};

package/dist/alias-detection.js ADDED Viewed

@@ -0,0 +1,320 @@
+"use strict";
+/**
+ * Email Alias Detection Module
+ *
+ * Detects and normalizes email aliases across different providers.
+ * Supports plus addressing (+), dot variations, and provider-specific aliasing.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detectEmailAlias = detectEmailAlias;
+exports.normalizeEmail = normalizeEmail;
+exports.emailsMatch = emailsMatch;
+exports.getAliasCapabilities = getAliasCapabilities;
+exports.generateAliases = generateAliases;
+exports.analyzeEmailAliases = analyzeEmailAliases;
+/**
+ * Email alias rules for major providers
+ */
+const ALIAS_RULES = [
+    {
+        domains: ['gmail.com', 'googlemail.com'],
+        supportsPlusAddressing: true,
+        ignoresDots: true,
+        supportsSubdomainAlias: false,
+        normalize: (email) => {
+            const [username, domain] = email.toLowerCase().split('@');
+            // Remove dots and everything after +
+            const cleanUsername = username.replace(/\./g, '').split('+')[0];
+            return `${cleanUsername}@${domain}`;
+        }
+    },
+    {
+        domains: ['outlook.com', 'hotmail.com', 'live.com', 'msn.com', 'hotmail.co.uk', 'hotmail.fr', 'hotmail.it', 'hotmail.es', 'hotmail.de', 'live.co.uk', 'live.fr', 'live.it', 'live.nl', 'live.com.au', 'live.ca', 'live.jp'],
+        supportsPlusAddressing: true,
+        ignoresDots: false,
+        supportsSubdomainAlias: false,
+        normalize: (email) => {
+            const [username, domain] = email.toLowerCase().split('@');
+            // Only remove plus addressing for Outlook
+            const cleanUsername = username.split('+')[0];
+            return `${cleanUsername}@${domain}`;
+        }
+    },
+    {
+        domains: ['yahoo.com', 'yahoo.co.uk', 'yahoo.fr', 'yahoo.co.in', 'yahoo.com.br', 'yahoo.co.jp', 'yahoo.it', 'yahoo.de', 'yahoo.in', 'yahoo.es', 'yahoo.ca', 'yahoo.com.au', 'yahoo.com.ar', 'yahoo.com.mx', 'yahoo.co.id', 'yahoo.com.sg', 'ymail.com', 'rocketmail.com'],
+        supportsPlusAddressing: true,
+        ignoresDots: false,
+        supportsSubdomainAlias: false,
+        normalize: (email) => {
+            const [username, domain] = email.toLowerCase().split('@');
+            const cleanUsername = username.split('+')[0];
+            return `${cleanUsername}@${domain}`;
+        }
+    },
+    {
+        domains: ['fastmail.com', 'fastmail.fm'],
+        supportsPlusAddressing: true,
+        ignoresDots: false,
+        supportsSubdomainAlias: true,
+        normalize: (email) => {
+            const [username, domain] = email.toLowerCase().split('@');
+            const cleanUsername = username.split('+')[0];
+            return `${cleanUsername}@${domain}`;
+        }
+    },
+    {
+        domains: ['proton.me', 'protonmail.com', 'protonmail.ch', 'pm.me'],
+        supportsPlusAddressing: true,
+        ignoresDots: false,
+        supportsSubdomainAlias: false,
+        normalize: (email) => {
+            const [username, domain] = email.toLowerCase().split('@');
+            const cleanUsername = username.split('+')[0];
+            return `${cleanUsername}@${domain}`;
+        }
+    },
+    {
+        domains: ['tutanota.com', 'tutanota.de', 'tutamail.com', 'tuta.io', 'keemail.me', 'tuta.com'],
+        supportsPlusAddressing: true,
+        ignoresDots: false,
+        supportsSubdomainAlias: false,
+        normalize: (email) => {
+            const [username, domain] = email.toLowerCase().split('@');
+            const cleanUsername = username.split('+')[0];
+            return `${cleanUsername}@${domain}`;
+        }
+    },
+    {
+        domains: ['zoho.com', 'zohomail.com', 'zoho.eu'],
+        supportsPlusAddressing: true,
+        ignoresDots: false,
+        supportsSubdomainAlias: false,
+        normalize: (email) => {
+            const [username, domain] = email.toLowerCase().split('@');
+            const cleanUsername = username.split('+')[0];
+            return `${cleanUsername}@${domain}`;
+        }
+    },
+    {
+        domains: ['icloud.com', 'me.com', 'mac.com'],
+        supportsPlusAddressing: true,
+        ignoresDots: false,
+        supportsSubdomainAlias: false,
+        normalize: (email) => {
+            const [username, domain] = email.toLowerCase().split('@');
+            const cleanUsername = username.split('+')[0];
+            return `${cleanUsername}@${domain}`;
+        }
+    },
+    {
+        domains: ['mail.com'],
+        supportsPlusAddressing: true,
+        ignoresDots: false,
+        supportsSubdomainAlias: false,
+        normalize: (email) => {
+            const [username, domain] = email.toLowerCase().split('@');
+            const cleanUsername = username.split('+')[0];
+            return `${cleanUsername}@${domain}`;
+        }
+    },
+    {
+        domains: ['aol.com', 'love.com', 'ygm.com', 'games.com', 'wow.com', 'aim.com'],
+        supportsPlusAddressing: false,
+        ignoresDots: false,
+        supportsSubdomainAlias: false,
+        normalize: (email) => email.toLowerCase()
+    },
+    {
+        domains: ['mail.ru'],
+        supportsPlusAddressing: true,
+        ignoresDots: false,
+        supportsSubdomainAlias: false,
+        normalize: (email) => {
+            const [username, domain] = email.toLowerCase().split('@');
+            const cleanUsername = username.split('+')[0];
+            return `${cleanUsername}@${domain}`;
+        }
+    },
+    {
+        domains: ['yandex.com', 'yandex.ru'],
+        supportsPlusAddressing: true,
+        ignoresDots: false,
+        supportsSubdomainAlias: false,
+        normalize: (email) => {
+            const [username, domain] = email.toLowerCase().split('@');
+            const cleanUsername = username.split('+')[0];
+            return `${cleanUsername}@${domain}`;
+        }
+    }
+];
+/**
+ * Validates email format
+ */
+function isValidEmail(email) {
+    const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+    return emailRegex.test(email);
+}
+/**
+ * Gets the alias rule for a given domain
+ */
+function getAliasRule(domain) {
+    return ALIAS_RULES.find(rule => rule.domains.includes(domain.toLowerCase()));
+}
+/**
+ * Detects and analyzes email aliases
+ */
+function detectEmailAlias(email) {
+    if (!isValidEmail(email)) {
+        throw new Error('Invalid email format');
+    }
+    const originalEmail = email.trim();
+    const [username, domain] = originalEmail.toLowerCase().split('@');
+    const rule = getAliasRule(domain);
+    const result = {
+        canonical: originalEmail.toLowerCase(),
+        original: originalEmail,
+        isAlias: false,
+        aliasType: 'none'
+    };
+    if (!rule) {
+        // No specific rule, just normalize case
+        result.canonical = originalEmail.toLowerCase();
+        return result;
+    }
+    result.provider = domain;
+    // Check for plus addressing
+    if (rule.supportsPlusAddressing && username.includes('+')) {
+        const plusIndex = username.indexOf('+');
+        const baseUsername = username.substring(0, plusIndex);
+        const aliasPart = username.substring(plusIndex + 1);
+        result.isAlias = true;
+        result.aliasType = 'plus';
+        result.aliasPart = aliasPart;
+        result.canonical = rule.normalize ? rule.normalize(originalEmail) : `${baseUsername}@${domain}`;
+        return result;
+    }
+    // Check for dot variations (Gmail)
+    if (rule.ignoresDots && username.includes('.')) {
+        const baseUsername = username.replace(/\./g, '');
+        if (baseUsername !== username) {
+            result.isAlias = true;
+            result.aliasType = 'dot';
+            result.aliasPart = username;
+            result.canonical = rule.normalize ? rule.normalize(originalEmail) : `${baseUsername}@${domain}`;
+            return result;
+        }
+    }
+    // Apply provider-specific normalization
+    if (rule.normalize) {
+        const normalized = rule.normalize(originalEmail);
+        if (normalized !== originalEmail.toLowerCase()) {
+            result.isAlias = true;
+            result.canonical = normalized;
+        }
+    }
+    return result;
+}
+/**
+ * Normalizes an email address to its canonical form
+ */
+function normalizeEmail(email) {
+    const result = detectEmailAlias(email);
+    return result.canonical;
+}
+/**
+ * Checks if two email addresses are the same when normalized
+ */
+function emailsMatch(email1, email2) {
+    try {
+        return normalizeEmail(email1) === normalizeEmail(email2);
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Gets alias capabilities for a domain
+ */
+function getAliasCapabilities(domain) {
+    const rule = getAliasRule(domain.toLowerCase());
+    return rule ? { ...rule } : null;
+}
+/**
+ * Generates potential aliases for an email address
+ */
+function generateAliases(email, options = {}) {
+    if (!isValidEmail(email)) {
+        throw new Error('Invalid email format');
+    }
+    const [username, domain] = email.toLowerCase().split('@');
+    const rule = getAliasRule(domain);
+    const aliases = [];
+    if (!rule) {
+        return [email.toLowerCase()];
+    }
+    // Generate plus aliases
+    if (rule.supportsPlusAddressing && options.plusAliases) {
+        for (const alias of options.plusAliases) {
+            aliases.push(`${username}+${alias}@${domain}`);
+        }
+    }
+    // Generate dot variations (Gmail only)
+    if (rule.ignoresDots && options.includeDotVariations && username.length > 1) {
+        const maxVariations = Math.min(options.maxDotVariations ?? 5, username.length - 1);
+        const variations = new Set();
+        // Simple dot variations (insert dots between characters)
+        for (let i = 1; i < username.length && variations.size < maxVariations; i++) {
+            const withDot = username.slice(0, i) + '.' + username.slice(i);
+            variations.add(`${withDot}@${domain}`);
+        }
+        aliases.push(...Array.from(variations));
+    }
+    return aliases.length > 0 ? aliases : [email.toLowerCase()];
+}
+/**
+ * Analyzes email aliasing patterns in a list of emails
+ */
+function analyzeEmailAliases(emails) {
+    const canonicalMap = new Map();
+    const providerStats = {};
+    for (const email of emails) {
+        try {
+            const result = detectEmailAlias(email);
+            const canonical = result.canonical;
+            if (!canonicalMap.has(canonical)) {
+                canonicalMap.set(canonical, []);
+            }
+            canonicalMap.get(canonical).push(email);
+            // Update provider stats
+            if (result.provider) {
+                if (!providerStats[result.provider]) {
+                    providerStats[result.provider] = {
+                        total: 0,
+                        aliases: 0,
+                        types: {}
+                    };
+                }
+                providerStats[result.provider].total++;
+                if (result.isAlias) {
+                    providerStats[result.provider].aliases++;
+                    const type = result.aliasType;
+                    providerStats[result.provider].types[type] = (providerStats[result.provider].types[type] || 0) + 1;
+                }
+            }
+        }
+        catch {
+            // Skip invalid emails
+        }
+    }
+    const aliasGroups = Array.from(canonicalMap.entries()).map(([canonical, aliases]) => ({
+        canonical,
+        aliases,
+        count: aliases.length
+    })).sort((a, b) => b.count - a.count);
+    return {
+        totalEmails: emails.length,
+        uniqueCanonical: canonicalMap.size,
+        aliasGroups,
+        providerStats
+    };
+}

package/dist/index.d.ts CHANGED Viewed

@@ -10,6 +10,30 @@
  *
  * @packageDocumentation
  */
+/**
+ * Simple rate limiter to prevent excessive DNS queries.
+ * Tracks request timestamps and enforces a maximum number of requests per time window.
+ */
+declare class SimpleRateLimiter {
+    private maxRequests;
+    private windowMs;
+    private requestTimestamps;
+    constructor(maxRequests?: number, windowMs?: number);
+    /**
+     * Checks if a request is allowed under the current rate limit.
+     * @returns true if request is allowed, false if rate limited
+     */
+    isAllowed(): boolean;
+    /**
+     * Gets the current number of requests in the window.
+     */
+    getCurrentCount(): number;
+    /**
+     * Gets the time until the rate limit resets (when oldest request expires).
+     * @returns milliseconds until reset, or 0 if not rate limited
+     */
+    getTimeUntilReset(): number;
+}
 /**
  * Represents an email provider with its associated domains and login URL.
  *
@@ -226,12 +250,18 @@ export declare function isEmailProviderSupported(email: string): boolean;
  *
  * @remarks
  * **Detection Algorithm:**
- * 1. Performs MX record lookup for the domain
- * 2. Checks if MX records match known proxy services (Cloudflare, etc.)
- * 3. If proxy detected, returns null provider with proxy info
- * 4. Otherwise, matches MX records against business email provider patterns
- * 5. If no MX match, falls back to TXT record analysis (SPF records, etc.)
- * 6. Returns the first matching provider or null if none found
+ * 1. Checks rate limiting (max 10 requests per minute)
+ * 2. Performs MX record lookup for the domain
+ * 3. Checks if MX records match known proxy services (Cloudflare, etc.)
+ * 4. If proxy detected, returns null provider with proxy info
+ * 5. Otherwise, matches MX records against business email provider patterns
+ * 6. If no MX match, falls back to TXT record analysis (SPF records, etc.)
+ * 7. Returns the first matching provider or null if none found
+ *
+ * **Rate Limiting:**
+ * - Maximum 10 DNS requests per 60-second window
+ * - Rate limit exceeded returns error with retry information
+ * - Prevents abuse and excessive DNS queries
  *
  * **Provider Patterns Checked:**
  * - Google Workspace: aspmx.l.google.com, aspmx2.googlemail.com, etc.
@@ -303,6 +333,24 @@ export declare function detectProviderByDNS(domain: string, timeoutMs?: number):
  * - Business domain analysis for enterprise features
  */
 export declare function getEmailProviderLinkWithDNS(email: string, timeoutMs?: number): Promise<EmailProviderResult>;
+/**
+ * Rate limiting configuration constants and utilities.
+ * @public
+ */
+export declare const RateLimit: {
+    MAX_REQUESTS: number;
+    WINDOW_MS: number;
+    SimpleRateLimiter: typeof SimpleRateLimiter;
+    /**
+     * Gets the current rate limiter instance for inspection or testing.
+     * @internal
+     */
+    getCurrentLimiter: () => SimpleRateLimiter;
+};
+export * from './alias-detection';
+export * from './security/url-validator';
+export * from './security/hash-verifier';
+export * from './security/secure-loader';
 declare const _default: {
     getEmailProviderLink: typeof getEmailProviderLink;
     getEmailProviderLinkWithDNS: typeof getEmailProviderLinkWithDNS;
@@ -312,5 +360,15 @@ declare const _default: {
     findEmailProvider: typeof findEmailProvider;
     getSupportedProviders: typeof getSupportedProviders;
     isEmailProviderSupported: typeof isEmailProviderSupported;
+    RateLimit: {
+        MAX_REQUESTS: number;
+        WINDOW_MS: number;
+        SimpleRateLimiter: typeof SimpleRateLimiter;
+        /**
+         * Gets the current rate limiter instance for inspection or testing.
+         * @internal
+         */
+        getCurrentLimiter: () => SimpleRateLimiter;
+    };
 };
 export default _default;