@mikkelscheike/email-provider-links 1.5.1 → 1.7.0

package/dist/index.js

@@ -11,7 +11,22 @@
  *
  * @packageDocumentation
  */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.RateLimit = void 0;
 exports.isValidEmail = isValidEmail;
 exports.extractDomain = extractDomain;
 exports.findEmailProvider = findEmailProvider;
@@ -31,17 +46,77 @@ const resolveTxtAsync = (0, util_1.promisify)(dns_1.resolveTxt);
  * Default timeout for DNS queries in milliseconds.
  */
 const DEFAULT_DNS_TIMEOUT = 5000; // 5 seconds
+/**
+ * Rate limiting configuration for DNS queries.
+ */
+const RATE_LIMIT_MAX_REQUESTS = 10; // Maximum requests per time window
+const RATE_LIMIT_WINDOW_MS = 60000; // Time window in milliseconds (1 minute)
+/**
+ * Simple rate limiter to prevent excessive DNS queries.
+ * Tracks request timestamps and enforces a maximum number of requests per time window.
+ */
+class SimpleRateLimiter {
+    constructor(maxRequests = RATE_LIMIT_MAX_REQUESTS, windowMs = RATE_LIMIT_WINDOW_MS) {
+        this.maxRequests = maxRequests;
+        this.windowMs = windowMs;
+        this.requestTimestamps = [];
+    }
+    /**
+     * Checks if a request is allowed under the current rate limit.
+     * @returns true if request is allowed, false if rate limited
+     */
+    isAllowed() {
+        const now = Date.now();
+        // Remove old timestamps outside the current window
+        this.requestTimestamps = this.requestTimestamps.filter(timestamp => now - timestamp < this.windowMs);
+        // Check if we're under the limit
+        if (this.requestTimestamps.length < this.maxRequests) {
+            this.requestTimestamps.push(now);
+            return true;
+        }
+        return false;
+    }
+    /**
+     * Gets the current number of requests in the window.
+     */
+    getCurrentCount() {
+        const now = Date.now();
+        this.requestTimestamps = this.requestTimestamps.filter(timestamp => now - timestamp < this.windowMs);
+        return this.requestTimestamps.length;
+    }
+    /**
+     * Gets the time until the rate limit resets (when oldest request expires).
+     * @returns milliseconds until reset, or 0 if not rate limited
+     */
+    getTimeUntilReset() {
+        if (this.requestTimestamps.length === 0)
+            return 0;
+        const oldestTimestamp = Math.min(...this.requestTimestamps);
+        const resetTime = oldestTimestamp + this.windowMs;
+        const now = Date.now();
+        return Math.max(0, resetTime - now);
+    }
+}
+// Global rate limiter instance
+const dnsRateLimiter = new SimpleRateLimiter();
 /**
  * Creates a Promise that rejects after the specified timeout.
  *
  * @param ms - Timeout in milliseconds
- * @returns Promise that rejects with timeout error
+ * @returns Promise that rejects with timeout error and a cleanup function
  * @internal
  */
 function createTimeout(ms) {
-    return new Promise((_, reject) => {
-        setTimeout(() => reject(new Error(`DNS query timeout after ${ms}ms`)), ms);
+    let timeoutId;
+    const promise = new Promise((_, reject) => {
+        timeoutId = setTimeout(() => reject(new Error(`DNS query timeout after ${ms}ms`)), ms);
     });
+    const cleanup = () => {
+        if (timeoutId) {
+            clearTimeout(timeoutId);
+        }
+    };
+    return { promise, cleanup };
 }
 /**
  * Wraps a DNS query with a timeout.
@@ -52,7 +127,11 @@ function createTimeout(ms) {
  * @internal
  */
 function withTimeout(promise, timeoutMs) {
-    return Promise.race([promise, createTimeout(timeoutMs)]);
+    const { promise: timeoutPromise, cleanup } = createTimeout(timeoutMs);
+    return Promise.race([
+        promise.finally(() => cleanup()), // Clean up timeout when original promise settles
+        timeoutPromise
+    ]);
 }
 // Load providers from external JSON file
 let EMAIL_PROVIDERS = [];
@@ -318,12 +397,18 @@ function detectProxyService(mxRecords) {
  *
  * @remarks
  * **Detection Algorithm:**
- * 1. Performs MX record lookup for the domain
- * 2. Checks if MX records match known proxy services (Cloudflare, etc.)
- * 3. If proxy detected, returns null provider with proxy info
- * 4. Otherwise, matches MX records against business email provider patterns
- * 5. If no MX match, falls back to TXT record analysis (SPF records, etc.)
- * 6. Returns the first matching provider or null if none found
+ * 1. Checks rate limiting (max 10 requests per minute)
+ * 2. Performs MX record lookup for the domain
+ * 3. Checks if MX records match known proxy services (Cloudflare, etc.)
+ * 4. If proxy detected, returns null provider with proxy info
+ * 5. Otherwise, matches MX records against business email provider patterns
+ * 6. If no MX match, falls back to TXT record analysis (SPF records, etc.)
+ * 7. Returns the first matching provider or null if none found
+ *
+ * **Rate Limiting:**
+ * - Maximum 10 DNS requests per 60-second window
+ * - Rate limit exceeded returns error with retry information
+ * - Prevents abuse and excessive DNS queries
  *
  * **Provider Patterns Checked:**
  * - Google Workspace: aspmx.l.google.com, aspmx2.googlemail.com, etc.
@@ -338,6 +423,11 @@ function detectProxyService(mxRecords) {
  */
 async function detectProviderByDNS(domain, timeoutMs = DEFAULT_DNS_TIMEOUT) {
     const normalizedDomain = domain.toLowerCase();
+    // Check rate limiting
+    if (!dnsRateLimiter.isAllowed()) {
+        const retryAfter = Math.ceil(dnsRateLimiter.getTimeUntilReset() / 1000);
+        throw new Error(`Rate limit exceeded. DNS queries limited to ${RATE_LIMIT_MAX_REQUESTS} requests per minute. Try again in ${retryAfter} seconds.`);
+    }
     // Get providers that support custom domain detection
     const customDomainProviders = EMAIL_PROVIDERS.filter(provider => provider.customDomainDetection &&
         (provider.customDomainDetection.mxPatterns || provider.customDomainDetection.txtPatterns));
@@ -502,6 +592,26 @@ async function getEmailProviderLinkWithDNS(email, timeoutMs = DEFAULT_DNS_TIMEOU
         loginUrl: null
     };
 }
+/**
+ * Rate limiting configuration constants and utilities.
+ * @public
+ */
+exports.RateLimit = {
+    MAX_REQUESTS: RATE_LIMIT_MAX_REQUESTS,
+    WINDOW_MS: RATE_LIMIT_WINDOW_MS,
+    SimpleRateLimiter,
+    /**
+     * Gets the current rate limiter instance for inspection or testing.
+     * @internal
+     */
+    getCurrentLimiter: () => dnsRateLimiter
+};
+// Export alias detection module
+__exportStar(require("./alias-detection"), exports);
+// Export security modules
+__exportStar(require("./security/url-validator"), exports);
+__exportStar(require("./security/hash-verifier"), exports);
+__exportStar(require("./security/secure-loader"), exports);
 // Default export for convenience
 exports.default = {
     getEmailProviderLink,
@@ -511,5 +621,6 @@ exports.default = {
     extractDomain,
     findEmailProvider,
     getSupportedProviders,
-    isEmailProviderSupported
+    isEmailProviderSupported,
+    RateLimit: exports.RateLimit
 };

package/dist/security/hash-verifier.js

@@ -27,9 +27,9 @@ const path_1 = require("path");
  */
 const KNOWN_GOOD_HASHES = {
     // SHA-256 hash of the legitimate emailproviders.json
-    'emailproviders.json': 'da7a856fe04b11e326230d195fcc3d44f078e481b8929cf4fb5040276e05ffd0',
+    'emailproviders.json': '41d2084580270f77ae2c2c5593995ebace7877a74f7d1c1e1bc7ed3b37611aa4',
     // You can add hashes for other critical files
-    'package.json': '4fec42bf25d33615a2b19bfe573b6d706404d39bfcdd6464a6958e70fca2a579'
+    'package.json': 'c73f9f005cc4204d321cb1382f80354e932dffc38804600cdcf307ef11a0525e'
 };
 /**
  * Calculates SHA-256 hash of a file or string content
@@ -206,7 +206,7 @@ function handleHashMismatch(result, options = {}) {
         '4. Verify file integrity from trusted source',
         '5. Report security incident if confirmed',
         '',
-        '📧 Consider reporting to: security@[your-domain].com'
+        '📧 Report security issues: https://github.com/mikkelscheike/email-provider-links/security'
     ].join('\n');
     if (logLevel === 'error') {
         console.error(securityAlert);

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@mikkelscheike/email-provider-links",
-  "version": "1.5.1",
-  "description": "A TypeScript package that provides direct links to email providers based on email addresses to streamline login and password reset flows",
+  "version": "1.7.0",
+  "description": "A TypeScript package providing direct links to 93 email providers (180+ domains) with enterprise security features, email alias detection, rate limiting, and comprehensive international coverage for login and password reset flows",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "files": [
@@ -30,6 +30,11 @@
     "gmail",
     "outlook",
     "yahoo",
+    "alias-detection",
+    "email-normalization",
+    "plus-addressing",
+    "fraud-prevention",
+    "deduplication",
     "typescript",
     "npm",
     "utility"