@mikkelscheike/email-provider-links 2.5.0 → 2.6.0

package/README.md

@@ -6,9 +6,11 @@ A TypeScript library providing direct links to **93 email providers** (178 domai
 
 ## ✨ Features
 
-- 🚀 **Fast & Lightweight**: Zero dependencies, minimal footprint
+- 🚀 **Fast & Lightweight**: Zero dependencies, ultra-low memory (~0.39MB initial, ~0.02MB per 1000 ops)
 - 📧 **93 Email Providers**: Gmail, Outlook, Yahoo, ProtonMail, iCloud, and many more
 - 🌐 **178 Domains Supported**: Comprehensive international coverage
+- 🌍 **IDN Support**: Full internationalized domain name (punycode) support with RFC compliance
+- ✅ **Email Validation**: International email validation following RFC 5321, 5322, and 6530 standards
 - 🏢 **Business Domain Detection**: DNS-based detection for custom domains (Google Workspace, Microsoft 365, etc.)
 - 🔒 **Enterprise Security**: Multi-layer protection against malicious URLs and supply chain attacks
 - 🛡️ **URL Validation**: HTTPS-only enforcement with domain allowlisting
@@ -18,10 +20,11 @@ A TypeScript library providing direct links to **93 email providers** (178 domai
 - 🚦 **Rate Limiting**: Built-in DNS query rate limiting to prevent abuse
 - 🔄 **Email Alias Detection**: Normalize Gmail dots, plus addressing, and provider-specific aliases
 - 🛡️ **Fraud Prevention**: Detect duplicate accounts through email alias manipulation
-- 🧪 **Thoroughly Tested**: 371 tests with 91.75% code coverage
+- 🧪 **Thoroughly Tested**: 370 tests with 92.89% code coverage
 
 ## Installation
 
+Using npm:
 ```bash
 npm install @mikkelscheike/email-provider-links
 ```
@@ -152,6 +155,39 @@ console.log('Max requests:', Config.MAX_DNS_REQUESTS_PER_MINUTE); // 10
 console.log('Default timeout:', Config.DEFAULT_DNS_TIMEOUT);       // 5000ms
 ```
 
+## Email Validation
+
+The library includes comprehensive email validation following international standards:
+
+```typescript
+import { validateInternationalEmail } from '@mikkelscheike/email-provider-links';
+
+// Validate any email address
+const result = validateInternationalEmail('user@example.com');
+
+// Returns undefined for valid emails
+console.log(result); // undefined
+
+// Returns detailed error information for invalid emails
+const invalid = validateInternationalEmail('user@münchen.com');
+if (invalid) {
+  console.log(invalid.code);    // IDN_VALIDATION_ERROR
+  console.log(invalid.message); // Human-readable error message
+}
+```
+
+### Validation Features
+
+- ✅ **RFC Compliance**: Follows RFC 5321, 5322, and 6530 standards
+- 🌍 **International Support**: Full IDN (Punycode) validation
+- 📝 **Detailed Errors**: Clear, translatable error messages
+- 🔍 **Comprehensive Checks**:
+  - Local part validation (username)
+  - Domain format validation
+  - IDN encoding validation
+  - Length limits (local part, domain, total)
+  - TLD validation
+
 ## Advanced Usage
 
 <details>
@@ -254,6 +290,12 @@ interface EmailProviderResult {
   loginUrl: string | null;
   detectionMethod?: 'domain_match' | 'mx_record' | 'txt_record' | 'proxy_detected';
   proxyService?: string;
+  error?: {
+    type: 'INVALID_EMAIL' | 'DNS_TIMEOUT' | 'RATE_LIMITED' | 'UNKNOWN_DOMAIN' | 
+          'NETWORK_ERROR' | 'IDN_VALIDATION_ERROR';
+    message: string;
+    idnError?: string;  // Specific IDN validation error message
+  };
 }
 
 interface ConfigConstants {
@@ -310,11 +352,29 @@ if (result.securityReport.securityLevel === 'CRITICAL') {
 }
 ```
 
+## Performance Benchmarks
+
+This package is designed to be extremely memory efficient and fast. We continuously monitor performance metrics through automated benchmarks that run on every PR and release.
+
+Latest benchmark results show:
+- Provider loading: ~0.39MB heap usage, <0.5ms
+- Email lookups: ~0.02MB heap usage per 100 operations
+- Concurrent DNS: ~0.03MB heap usage, ~110ms for 10 lookups
+- Large scale (1000 ops): ~0.02MB heap usage, <3ms total
+- Cache effectiveness: ~0.01MB impact on subsequent loads
+
+To run benchmarks locally:
+```bash
+npm run benchmark
+```
+
+Benchmarks are automatically run in CI to catch any performance regressions.
+
 ## Contributing
 
 We welcome contributions! See [CONTRIBUTING.md](docs/CONTRIBUTING.md) for guidelines on adding new email providers.
 
-**Quality Assurance**: This project maintains high standards with 371 comprehensive tests achieving 91.75% code coverage.
+**Quality Assurance**: This project maintains high standards with 370 comprehensive tests achieving 92.89% code coverage.
 **Security Note**: All new providers undergo security validation and must pass our allowlist verification.
 
 ## Security

package/dist/api.d.ts

@@ -29,9 +29,10 @@ export interface EmailProviderResult {
     proxyService?: string;
     /** Error information if detection failed */
     error?: {
-        type: 'INVALID_EMAIL' | 'DNS_TIMEOUT' | 'RATE_LIMITED' | 'UNKNOWN_DOMAIN' | 'NETWORK_ERROR';
+        type: 'INVALID_EMAIL' | 'DNS_TIMEOUT' | 'RATE_LIMITED' | 'UNKNOWN_DOMAIN' | 'NETWORK_ERROR' | 'IDN_VALIDATION_ERROR';
         message: string;
         retryAfter?: number;
+        idnError?: string;
     };
 }
 /**

package/dist/concurrent-dns.d.ts

@@ -68,6 +68,8 @@ export interface ConcurrentDNSResult {
  * Concurrent DNS Detection Engine
  */
 export declare class ConcurrentDNSDetector {
+    private activeQueries;
+    cleanup(): Promise<void>;
     private config;
     private providers;
     constructor(providers: EmailProvider[], config?: Partial<ConcurrentDNSConfig>);

package/dist/concurrent-dns.js

@@ -28,7 +28,19 @@ const DEFAULT_CONFIG = {
  * Concurrent DNS Detection Engine
  */
 class ConcurrentDNSDetector {
+    // Cleanup method for tests
+    cleanup() {
+        // Cancel any in-progress timeouts
+        const timeoutError = new Error('Operation cancelled by cleanup');
+        for (const { reject } of this.activeQueries) {
+            reject(timeoutError);
+        }
+        this.activeQueries.clear();
+        return Promise.resolve();
+    }
     constructor(providers, config = {}) {
+        // Store active query states
+        this.activeQueries = new Set();
         this.config = { ...DEFAULT_CONFIG, ...config };
         this.providers = providers.filter(p => p.customDomainDetection &&
             (p.customDomainDetection.mxPatterns || p.customDomainDetection.txtPatterns));
@@ -38,7 +50,7 @@ class ConcurrentDNSDetector {
      */
     async detectProvider(domain) {
         const startTime = Date.now();
-        const normalizedDomain = domain.toLowerCase();
+        const normalizedDomain = domain.toLowerCase().trim().replace(/\.+$/, '');
         // Initialize result
         const result = {
             provider: null,
@@ -378,13 +390,28 @@ class ConcurrentDNSDetector {
      * Wrap a promise with a timeout
      */
     withTimeout(promise, ms) {
-        return new Promise((resolve, reject) => {
-            const timeout = setTimeout(() => reject(new Error(`DNS query timeout after ${ms}ms`)), ms);
+        let rejectFn;
+        const timeoutPromise = new Promise((resolve, reject) => {
+            rejectFn = reject;
+            const timeout = setTimeout(() => reject(new Error(`DNS query timeout after ${ms}ms`)), ms).unref();
             promise
                 .then(resolve)
                 .catch(reject)
-                .finally(() => clearTimeout(timeout));
+                .finally(() => {
+                clearTimeout(timeout);
+                // Clean up active query
+                const queryEntry = Array.from(this.activeQueries).find(entry => entry.promise === timeoutPromise);
+                if (queryEntry) {
+                    this.activeQueries.delete(queryEntry);
+                }
+            });
         });
+        // Only add to active queries if we have a reject function
+        if (rejectFn) {
+            const queryEntry = { promise: timeoutPromise, reject: rejectFn };
+            this.activeQueries.add(queryEntry);
+        }
+        return timeoutPromise;
     }
 }
 exports.ConcurrentDNSDetector = ConcurrentDNSDetector;

package/dist/{security/hash-verifier.js → hash-verifier.js}

@@ -29,7 +29,7 @@ const KNOWN_GOOD_HASHES = {
     // SHA-256 hash of the legitimate emailproviders.json
     'emailproviders.json': 'f77814bf0537019c6f38bf2744ae21640f04a2d39cb67c5116f6e03160c9486f',
     // You can add hashes for other critical files
-    'package.json': '6facf7082675511a8938fc7ae69f03cf9610103c410febbf514381373a0946be'
+    'package.json': 'da14e15d9602b7e2cdf3d08f4756ca7ff9af842906e4de1af7664c1d1cce8e9e'
 };
 /**
  * Calculates SHA-256 hash of a file or string content
@@ -140,7 +140,7 @@ function generateSecurityHashes(basePath = __dirname) {
     const hashes = {};
     for (const file of files) {
         try {
-            const fullPath = (0, path_1.join)(basePath, '..', '..', file);
+            const fullPath = (0, path_1.join)(basePath, '..', file);
             const hash = calculateFileHash(fullPath);
             hashes[file.split('/').pop() || file] = hash;
             console.log(`✅ ${file}: ${hash}`);
@@ -231,7 +231,7 @@ function handleHashMismatch(result, options = {}) {
  * @returns Complete security audit result
  */
 function performSecurityAudit(providersFilePath) {
-    const filePath = providersFilePath || (0, path_1.join)(__dirname, '..', '..', 'providers', 'emailproviders.json');
+    const filePath = providersFilePath || (0, path_1.join)(__dirname, '..', 'providers', 'emailproviders.json');
     const hashResult = verifyProvidersIntegrity(filePath);
     const recommendations = [];
     let securityLevel = 'HIGH';

package/dist/idn.d.ts

@@ -0,0 +1,46 @@
+/**
+ * IDN (Internationalized Domain Names) utilities
+ * Zero-dependency implementation for domain name handling
+ */
+/**
+ * Convert domain to Punycode format
+ * @param domain Domain name to convert
+ * @returns Punycode encoded domain
+ */
+export declare function domainToPunycode(domain: string): string;
+/**
+ * Convert email address's domain to Punycode
+ * @param email Email address to convert
+ * @returns Email with Punycode encoded domain
+ */
+export declare function emailToPunycode(email: string): string;
+/**
+ * Error codes for IDN validation
+ * These can be used as keys for translation systems
+ */
+export declare enum IDNValidationError {
+    MISSING_INPUT = "MISSING_INPUT",
+    EMAIL_TOO_LONG = "EMAIL_TOO_LONG",
+    MISSING_AT_SYMBOL = "MISSING_AT_SYMBOL",
+    LOCAL_PART_EMPTY = "LOCAL_PART_EMPTY",
+    LOCAL_PART_TOO_LONG = "LOCAL_PART_TOO_LONG",
+    LOCAL_PART_INVALID = "LOCAL_PART_INVALID",
+    DOMAIN_EMPTY = "DOMAIN_EMPTY",
+    DOMAIN_TOO_LONG = "DOMAIN_TOO_LONG",
+    DOMAIN_INVALID_FORMAT = "DOMAIN_INVALID_FORMAT",
+    MISSING_TLD = "MISSING_TLD",
+    NUMERIC_TLD = "NUMERIC_TLD",
+    INVALID_ENCODING = "INVALID_ENCODING"
+}
+/**
+ * Validates an email address according to international standards (IDNA)
+ * This implementation follows RFC 5321, 5322, and 6530 standards for email addresses
+ *
+ * @param email The email address to validate
+ * @returns Error information if validation fails, undefined if valid
+ */
+export declare function validateInternationalEmail(email: string): {
+    type: 'IDN_VALIDATION_ERROR';
+    code: IDNValidationError;
+    message: string;
+} | undefined;

package/dist/idn.js

@@ -0,0 +1,248 @@
+"use strict";
+/**
+ * IDN (Internationalized Domain Names) utilities
+ * Zero-dependency implementation for domain name handling
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.IDNValidationError = void 0;
+exports.domainToPunycode = domainToPunycode;
+exports.emailToPunycode = emailToPunycode;
+exports.validateInternationalEmail = validateInternationalEmail;
+const BASE = 36;
+const INITIAL_N = 128;
+const INITIAL_BIAS = 72;
+const DAMP = 700;
+const TMIN = 1;
+const TMAX = 26;
+const SKEW = 38;
+const DELIMITER = '-';
+function adaptBias(delta, numPoints, firstTime) {
+    delta = firstTime ? Math.floor(delta / DAMP) : Math.floor(delta / 2);
+    delta += Math.floor(delta / numPoints);
+    let k = 0;
+    while (delta > ((BASE - TMIN) * TMAX) / 2) {
+        delta = Math.floor(delta / (BASE - TMIN));
+        k += BASE;
+    }
+    return k + Math.floor(((BASE - TMIN + 1) * delta) / (delta + SKEW));
+}
+function digitToBasic(digit) {
+    return digit + 22 + 75 * Number(digit < 26);
+}
+function encode(str) {
+    const codePoints = Array.from(str).map(c => c.codePointAt(0));
+    let n = INITIAL_N;
+    let delta = 0;
+    let bias = INITIAL_BIAS;
+    let output = '';
+    // Copy ASCII chars directly
+    const basic = codePoints.filter(c => c < 0x80);
+    let h = basic.length;
+    let b = h;
+    if (b > 0) {
+        output = String.fromCodePoint(...basic);
+    }
+    if (b > 0) {
+        output += DELIMITER;
+    }
+    while (h < codePoints.length) {
+        let m = Number.MAX_SAFE_INTEGER;
+        for (const c of codePoints) {
+            if (c >= n && c < m)
+                m = c;
+        }
+        delta += (m - n) * (h + 1);
+        n = m;
+        for (const c of codePoints) {
+            if (c < n) {
+                delta++;
+            }
+            else if (c === n) {
+                let q = delta;
+                for (let k = BASE;; k += BASE) {
+                    const t = k <= bias ? TMIN : k >= bias + TMAX ? TMAX : k - bias;
+                    if (q < t)
+                        break;
+                    output += String.fromCodePoint(digitToBasic(t + (q - t) % (BASE - t)));
+                    q = Math.floor((q - t) / (BASE - t));
+                }
+                output += String.fromCodePoint(digitToBasic(q));
+                bias = adaptBias(delta, h + 1, h === b);
+                delta = 0;
+                h++;
+            }
+        }
+        delta++;
+        n++;
+    }
+    return output;
+}
+/**
+ * Convert domain to Punycode format
+ * @param domain Domain name to convert
+ * @returns Punycode encoded domain
+ */
+function domainToPunycode(domain) {
+    // Split domain into labels
+    return domain.toLowerCase().split('.').map(label => {
+        // Check if label needs encoding (contains non-ASCII)
+        if (!/[^\x00-\x7F]/.test(label)) {
+            return label;
+        }
+        return 'xn--' + encode(label);
+    }).join('.');
+}
+/**
+ * Convert email address's domain to Punycode
+ * @param email Email address to convert
+ * @returns Email with Punycode encoded domain
+ */
+function emailToPunycode(email) {
+    const [local, domain] = email.split('@');
+    if (!domain)
+        return email;
+    return `${local}@${domainToPunycode(domain)}`;
+}
+/**
+ * Error codes for IDN validation
+ * These can be used as keys for translation systems
+ */
+var IDNValidationError;
+(function (IDNValidationError) {
+    IDNValidationError["MISSING_INPUT"] = "MISSING_INPUT";
+    IDNValidationError["EMAIL_TOO_LONG"] = "EMAIL_TOO_LONG";
+    IDNValidationError["MISSING_AT_SYMBOL"] = "MISSING_AT_SYMBOL";
+    IDNValidationError["LOCAL_PART_EMPTY"] = "LOCAL_PART_EMPTY";
+    IDNValidationError["LOCAL_PART_TOO_LONG"] = "LOCAL_PART_TOO_LONG";
+    IDNValidationError["LOCAL_PART_INVALID"] = "LOCAL_PART_INVALID";
+    IDNValidationError["DOMAIN_EMPTY"] = "DOMAIN_EMPTY";
+    IDNValidationError["DOMAIN_TOO_LONG"] = "DOMAIN_TOO_LONG";
+    IDNValidationError["DOMAIN_INVALID_FORMAT"] = "DOMAIN_INVALID_FORMAT";
+    IDNValidationError["MISSING_TLD"] = "MISSING_TLD";
+    IDNValidationError["NUMERIC_TLD"] = "NUMERIC_TLD";
+    IDNValidationError["INVALID_ENCODING"] = "INVALID_ENCODING";
+})(IDNValidationError || (exports.IDNValidationError = IDNValidationError = {}));
+/**
+ * Validates an email address according to international standards (IDNA)
+ * This implementation follows RFC 5321, 5322, and 6530 standards for email addresses
+ *
+ * @param email The email address to validate
+ * @returns Error information if validation fails, undefined if valid
+ */
+function validateInternationalEmail(email) {
+    // Basic checks
+    if (!email || typeof email !== 'string') {
+        return {
+            type: 'IDN_VALIDATION_ERROR',
+            code: IDNValidationError.MISSING_INPUT,
+            message: 'The email field cannot be empty'
+        };
+    }
+    // Split into local and domain parts
+    const atIndex = email.lastIndexOf('@');
+    if (atIndex === -1) {
+        return {
+            type: 'IDN_VALIDATION_ERROR',
+            code: IDNValidationError.MISSING_AT_SYMBOL,
+            message: 'The email address must contain an @ symbol'
+        };
+    }
+    const local = email.slice(0, atIndex);
+    const domain = email.slice(atIndex + 1);
+    // Check for max length - RFC 5321
+    if (email.length > 254) {
+        return {
+            type: 'IDN_VALIDATION_ERROR',
+            code: IDNValidationError.EMAIL_TOO_LONG,
+            message: 'The email address is too long'
+        };
+    }
+    // Validate domain part
+    if (domain.length === 0) {
+        return {
+            type: 'IDN_VALIDATION_ERROR',
+            code: IDNValidationError.DOMAIN_EMPTY,
+            message: 'The domain part of the email cannot be empty'
+        };
+    }
+    if (domain.length > 255) {
+        return {
+            type: 'IDN_VALIDATION_ERROR',
+            code: IDNValidationError.DOMAIN_TOO_LONG,
+            message: 'The domain part of the email is too long'
+        };
+    }
+    // Validate local part
+    if (local.length === 0) {
+        return {
+            type: 'IDN_VALIDATION_ERROR',
+            code: IDNValidationError.LOCAL_PART_EMPTY,
+            message: 'The username part of the email cannot be empty'
+        };
+    }
+    if (local.length > 64) {
+        return {
+            type: 'IDN_VALIDATION_ERROR',
+            code: IDNValidationError.LOCAL_PART_TOO_LONG,
+            message: 'The username part of the email is too long'
+        };
+    }
+    // Check local part characters
+    // Allows: letters, numbers, and !#$%&'*+-/=?^_`{|}~.
+    // Dot can't be first, last, or consecutive
+    if (!/^[a-zA-Z0-9!#$%&'*+\-/=?^_`{|}~]([a-zA-Z0-9!#$%&'*+\-/=?^_`{|}~.]*[a-zA-Z0-9!#$%&'*+\-/=?^_`{|}~])?$/.test(local) || local.includes('..')) {
+        return {
+            type: 'IDN_VALIDATION_ERROR',
+            code: IDNValidationError.LOCAL_PART_INVALID,
+            message: 'The username contains invalid characters or dots in wrong places'
+        };
+    }
+    // Check domain format (including IDN domains)
+    try {
+        // Check for lone surrogates and control characters
+        if (/[\uD800-\uDFFF]/.test(domain)) {
+            return {
+                type: 'IDN_VALIDATION_ERROR',
+                code: IDNValidationError.INVALID_ENCODING,
+                message: 'The domain contains invalid characters or encoding'
+            };
+        }
+        // Convert to punycode to handle IDN
+        const punycodeDomain = domainToPunycode(domain);
+        // Check basic domain format
+        // Allows: letters, numbers, hyphens (not first/last), dots separating labels
+        if (!/^[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?)*$/.test(punycodeDomain)) {
+            return {
+                type: 'IDN_VALIDATION_ERROR',
+                code: IDNValidationError.DOMAIN_INVALID_FORMAT,
+                message: 'The domain format is invalid'
+            };
+        }
+        // Check if domain has at least one dot (TLD required)
+        if (!punycodeDomain.includes('.')) {
+            return {
+                type: 'IDN_VALIDATION_ERROR',
+                code: IDNValidationError.MISSING_TLD,
+                message: 'The email domain must include a top-level domain (like .com or .org)'
+            };
+        }
+        // Check TLD is not all-numeric
+        const tld = punycodeDomain.split('.').pop();
+        if (/^[0-9]+$/.test(tld)) {
+            return {
+                type: 'IDN_VALIDATION_ERROR',
+                code: IDNValidationError.NUMERIC_TLD,
+                message: 'The top-level domain cannot be all numbers'
+            };
+        }
+    }
+    catch (error) {
+        return {
+            type: 'IDN_VALIDATION_ERROR',
+            code: IDNValidationError.INVALID_ENCODING,
+            message: 'The domain contains invalid characters or encoding'
+        };
+    }
+    // If we get here, the email is valid
+    return undefined;
+}

package/dist/{security/secure-loader.d.ts → secure-loader.d.ts}

@@ -4,7 +4,7 @@
  * Integrates URL validation and hash verification to create a secure
  * loading system for email provider data.
  */
-import type { EmailProvider } from '../index';
+import type { EmailProvider } from './index';
 export interface SecureLoadResult {
     success: boolean;
     providers: EmailProvider[];
@@ -33,11 +33,13 @@ export declare function initializeSecurity(): Record<string, string>;
 /**
  * Express middleware for secure provider loading (if using in web apps)
  */
-export declare function createSecurityMiddleware(options?: {
+interface SecurityMiddlewareOptions {
     expectedHash?: string;
     allowInvalidUrls?: boolean;
     onSecurityIssue?: (report: SecureLoadResult['securityReport']) => void;
-}): (req: any, res: any, next: any) => any;
+    getProviders?: () => SecureLoadResult;
+}
+export declare function createSecurityMiddleware(options?: SecurityMiddlewareOptions): (req: any, res: any, next: any) => any;
 declare const _default: {
     secureLoadProviders: typeof secureLoadProviders;
     initializeSecurity: typeof initializeSecurity;

package/dist/{security/secure-loader.js → secure-loader.js}

@@ -21,7 +21,7 @@ const hash_verifier_1 = require("./hash-verifier");
  * @returns Secure load result with validation details
  */
 function secureLoadProviders(providersPath, expectedHash) {
-    const filePath = providersPath || (0, path_1.join)(__dirname, '..', '..', 'providers', 'emailproviders.json');
+    const filePath = providersPath || (0, path_1.join)(__dirname, '..', 'providers', 'emailproviders.json');
     const issues = [];
     let providers = [];
     // Step 1: Hash verification
@@ -118,12 +118,11 @@ function initializeSecurity() {
     console.log('\n⚠️  Remember to update hashes when making legitimate changes to provider data!');
     return hashes;
 }
-/**
- * Express middleware for secure provider loading (if using in web apps)
- */
 function createSecurityMiddleware(options = {}) {
     return (req, res, next) => {
-        const result = secureLoadProviders(undefined, options.expectedHash);
+        // If a custom providers getter is provided, use that instead of loading from file
+        const result = options.getProviders ? options.getProviders() : secureLoadProviders(undefined, options.expectedHash);
+        // Handle security level
         if (result.securityReport.securityLevel === 'CRITICAL' && !options.allowInvalidUrls) {
             if (options.onSecurityIssue) {
                 options.onSecurityIssue(result.securityReport);

package/dist/{security/url-validator.js → url-validator.js}

@@ -134,6 +134,7 @@ const URL_SHORTENERS = [
     'is.gd',
     'buff.ly'
 ];
+const idn_1 = require("./idn");
 /**
  * Validates if a URL is safe for email provider redirects
  *
@@ -179,7 +180,7 @@ function validateEmailProviderUrl(url) {
         }
         // Parse and normalize the URL
         const urlObj = new URL(url);
-        const domain = urlObj.hostname.toLowerCase();
+        const domain = (0, idn_1.domainToPunycode)(urlObj.hostname.toLowerCase());
         const normalizedUrl = urlObj.toString();
         // Must use HTTPS
         if (urlObj.protocol !== 'https:') {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mikkelscheike/email-provider-links",
-  "version": "2.5.0",
+  "version": "2.6.0",
   "description": "TypeScript library for email provider detection with 93 providers (178 domains), concurrent DNS resolution, optimized performance, 91.75% test coverage, and enterprise security for login and password reset flows",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -8,8 +8,7 @@
     "dist/**/*.js",
     "dist/**/*.d.ts",
     "providers/emailproviders.json",
-    "!dist/**/*.map",
-    "!dist/**/security-demo.*"
+    "!dist/**/*.map"
   ],
   "scripts": {
     "build": "tsc",
@@ -24,7 +23,8 @@
     "update-hashes": "tsx scripts/update-hashes.ts",
     "release:major": "tsx scripts/prepare-release.ts",
     "release:minor": "tsx scripts/prepare-release.ts",
-    "release:patch": "tsx scripts/prepare-release.ts"
+    "release:patch": "tsx scripts/prepare-release.ts",
+    "benchmark": "tsx --expose-gc benchmark/memory.ts"
   },
   "keywords": [
     "email",
@@ -60,10 +60,10 @@
   "publishConfig": {
     "access": "public"
   },
-  "packageManager": "pnpm@10.11.1",
   "devDependencies": {
+    "@jest/globals": "^30.0.2",
     "@semantic-release/commit-analyzer": "^13.0.1",
-    "@semantic-release/exec": "^6.0.3",
+    "@semantic-release/exec": "^7.1.0",
     "@semantic-release/git": "^10.0.1",
     "@semantic-release/github": "^11.0.3",
     "@semantic-release/npm": "^12.0.1",
@@ -71,7 +71,7 @@
     "@types/jest": "^30.0.0",
     "@types/node": "^24.0.3",
     "conventional-changelog-conventionalcommits": "^9.0.0",
-    "jest": "^30.0.1",
+    "jest": "^30.0.2",
     "semantic-release": "^24.2.5",
     "ts-jest": "^29.4.0",
     "tsx": "^4.20.3",