@mikkelscheike/email-provider-links 4.0.11 → 5.0.0

package/README.md

@@ -2,9 +2,9 @@
 
 [![npm version](https://img.shields.io/npm/v/%40mikkelscheike%2Femail-provider-links)](https://www.npmjs.com/package/@mikkelscheike/email-provider-links)
 
-> **Generate direct login links for any email address across 129+ providers (Gmail, Outlook, Yahoo, etc.) to streamline user authentication flows.**
+> **Generate direct login links for any email address across 130+ providers (Gmail, Outlook, Yahoo, etc.) to streamline user authentication flows.**
 
-A robust TypeScript library providing direct links to **129 email providers** (217 domains) with **concurrent DNS resolution**, **optimized performance**, **comprehensive email validation**, and advanced security features for login and password reset flows.
+A robust TypeScript library providing direct links to **130 email providers** (218 domains) with **concurrent DNS resolution**, **optimized performance**, **comprehensive email validation**, and advanced security features for login and password reset flows.
 
 ## 🚀 Try it out
 
@@ -26,8 +26,8 @@ A robust TypeScript library providing direct links to **129 email providers** (2
 ## ✨ Core Features
 
 - 🚀 **Fast & Lightweight**: Zero dependencies, ultra-low memory (0.10MB initial, 0.00004MB per 1000 ops), small footprint (~39.5KB compressed)
-- 📧 **129 Email Providers**: Gmail, Outlook, Yahoo, ProtonMail, iCloud, and many more
-- 🌐 **217 Domains Supported**: Comprehensive international coverage
+- 📧 **130 Email Providers**: Gmail, Outlook, Yahoo, ProtonMail, iCloud, and many more
+- 🌐 **218 Domains Supported**: Comprehensive international coverage
 - 🌍 **Full IDN Support**: International domain names with RFC compliance and Punycode
 - ✅ **Advanced Email Validation**: International email validation with detailed error reporting
 - 🏢 **Business Domain Detection**: DNS-based detection for custom domains (Google Workspace, Microsoft 365, etc.)
@@ -66,7 +66,7 @@ Fully compatible with the latest Node.js 24.x and 25.x! The library is tested on
 
 ## Supported Providers
 
-**📊 Current Coverage: 129 providers supporting 217 domains**
+**📊 Current Coverage: 130 providers supporting 218 domains**
 
 **Consumer Email Providers:**
 - **Gmail** (2 domains): gmail.com, googlemail.com
@@ -102,6 +102,10 @@ Fully compatible with the latest Node.js 24.x and 25.x! The library is tested on
 #### `getEmailProvider(email, timeout?)`
 **Recommended** - Complete provider detection with business domain support.
 
+Error notes:
+- `INVALID_EMAIL` is returned for common malformed inputs (e.g. missing `@`, missing TLD).
+- `IDN_VALIDATION_ERROR` is reserved for true encoding issues.
+
 ```typescript
 // Known providers (instant response)
 const result1 = await getEmailProvider('user@gmail.com');
@@ -286,6 +290,20 @@ npm run benchmark:dns
 # and can be modified for custom performance testing
 ```
 
+### Live DNS verification (optional)
+
+There is an optional test suite that performs real DNS lookups for all domains in `providers/emailproviders.json`:
+
+```bash
+RUN_LIVE_DNS=1 npm test -- __tests__/provider-live-dns.test.ts
+```
+
+Optional strict mode (also validates configured MX/TXT patterns):
+
+```bash
+RUN_LIVE_DNS=1 RUN_LIVE_DNS_STRICT=1 npm test -- __tests__/provider-live-dns.test.ts
+```
+
 ## Contributing
 
 We welcome contributions! See [CONTRIBUTING.md](docs/CONTRIBUTING.md) for guidelines on adding new email providers.

package/dist/alias-detection.js

@@ -47,6 +47,7 @@ exports.detectEmailAlias = detectEmailAlias;
 exports.normalizeEmail = normalizeEmail;
 exports.emailsMatch = emailsMatch;
 const loader_1 = require("./loader");
+const idn_1 = require("./idn");
 /**
  * Validates email format
  */
@@ -79,14 +80,14 @@ function isValidEmail(email) {
  * ```
  */
 function detectEmailAlias(email) {
-    if (!isValidEmail(email)) {
+    const originalEmail = email.trim();
+    if (!isValidEmail(originalEmail)) {
         throw new Error('Invalid email format');
     }
-    const originalEmail = email.trim();
     // Split normally, lowering case both for username and domain by default
     const emailParts = originalEmail.toLowerCase().split('@');
     const username = emailParts[0];
-    const domain = emailParts[1]; // domain is always case-insensitive per RFC 5321
+    const domain = (0, idn_1.domainToPunycode)(emailParts[1] || ''); // domain is always case-insensitive per RFC 5321
     if (!username || !domain) {
         throw new Error('Invalid email format - missing username or domain');
     }

package/dist/api.d.ts

@@ -176,7 +176,7 @@ export declare function getEmailProviderFast(email: string, options?: {
         total: number;
     };
     confidence?: number;
-    debug?: any;
+    debug?: unknown;
 }>;
 /**
  * Configuration constants

package/dist/api.js

@@ -14,6 +14,74 @@ exports.emailsMatch = emailsMatch;
 exports.getEmailProviderFast = getEmailProviderFast;
 const concurrent_dns_1 = require("./concurrent-dns");
 const provider_loader_1 = require("./provider-loader");
+const idn_1 = require("./idn");
+let cachedProvidersRef = null;
+let cachedDomainMap = null;
+function getDomainMapFromProviders(providers) {
+    if (cachedProvidersRef === providers && cachedDomainMap) {
+        return cachedDomainMap;
+    }
+    const domainMap = new Map();
+    for (const loadedProvider of providers) {
+        for (const domain of loadedProvider.domains) {
+            domainMap.set(domain.toLowerCase(), loadedProvider);
+        }
+    }
+    cachedProvidersRef = providers;
+    cachedDomainMap = domainMap;
+    return domainMap;
+}
+function validateAndParseEmailForLookup(email) {
+    if (!email || typeof email !== 'string') {
+        return {
+            ok: false,
+            email: email || '',
+            error: {
+                type: 'INVALID_EMAIL',
+                message: 'Email address is required and must be a string'
+            }
+        };
+    }
+    const trimmedEmail = email.trim();
+    // Strict validation: treat any IDN validation failure as invalid input.
+    // Only surface IDN_VALIDATION_ERROR for true encoding issues.
+    const idnError = (0, idn_1.validateInternationalEmail)(trimmedEmail);
+    if (idnError) {
+        if (idnError.code === idn_1.IDNValidationError.INVALID_ENCODING) {
+            return {
+                ok: false,
+                email: trimmedEmail,
+                error: {
+                    type: 'IDN_VALIDATION_ERROR',
+                    message: idnError.message,
+                    idnError: idnError.code
+                }
+            };
+        }
+        return {
+            ok: false,
+            email: trimmedEmail,
+            error: {
+                type: 'INVALID_EMAIL',
+                message: 'Invalid email format'
+            }
+        };
+    }
+    const atIndex = trimmedEmail.lastIndexOf('@');
+    if (atIndex === -1) {
+        return {
+            ok: false,
+            email: trimmedEmail,
+            error: {
+                type: 'INVALID_EMAIL',
+                message: 'Invalid email format'
+            }
+        };
+    }
+    const domainRaw = trimmedEmail.slice(atIndex + 1).toLowerCase();
+    const domain = (0, idn_1.domainToPunycode)(domainRaw);
+    return { ok: true, trimmedEmail, domain };
+}
 /**
  * Get email provider information for any email address.
  *
@@ -46,43 +114,16 @@ const provider_loader_1 = require("./provider-loader");
  */
 async function getEmailProvider(email, timeout) {
     try {
-        // Input validation
-        if (!email || typeof email !== 'string') {
+        const parsed = validateAndParseEmailForLookup(email);
+        if (!parsed.ok) {
             return {
                 provider: null,
-                email: email || '',
+                email: parsed.email,
                 loginUrl: null,
-                error: {
-                    type: 'INVALID_EMAIL',
-                    message: 'Email address is required and must be a string'
-                }
-            };
-        }
-        // Basic email format validation
-        const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
-        if (!emailRegex.test(email)) {
-            return {
-                provider: null,
-                email,
-                loginUrl: null,
-                error: {
-                    type: 'INVALID_EMAIL',
-                    message: 'Invalid email format'
-                }
-            };
-        }
-        const domain = email.split('@')[1]?.toLowerCase();
-        if (!domain) {
-            return {
-                provider: null,
-                email,
-                loginUrl: null,
-                error: {
-                    type: 'INVALID_EMAIL',
-                    message: 'Invalid email format - missing domain'
-                }
+                error: parsed.error
             };
         }
+        const domain = parsed.domain;
         // First try synchronous domain matching
         const syncResult = getEmailProviderSync(email);
         if (syncResult.provider) {
@@ -130,9 +171,9 @@ async function getEmailProvider(email, timeout) {
     }
     catch (error) {
         // Enhanced error handling
-        if (error.message?.includes('Rate limit exceeded')) {
+        if (error instanceof Error && error.message.includes('Rate limit exceeded')) {
             const retryMatch = error.message.match(/Try again in (\d+) seconds/);
-            const retryAfter = retryMatch ? parseInt(retryMatch[1], 10) : undefined;
+            const retryAfter = retryMatch?.[1] ? parseInt(retryMatch[1], 10) : undefined;
             return {
                 provider: null,
                 email,
@@ -144,7 +185,7 @@ async function getEmailProvider(email, timeout) {
                 }
             };
         }
-        if (error.message?.includes('timeout')) {
+        if (error instanceof Error && error.message.includes('timeout')) {
             return {
                 provider: null,
                 email,
@@ -161,7 +202,7 @@ async function getEmailProvider(email, timeout) {
             loginUrl: null,
             error: {
                 type: 'NETWORK_ERROR',
-                message: error.message || 'Unknown network error'
+                message: error instanceof Error ? error.message : 'Unknown network error'
             }
         };
     }
@@ -189,44 +230,16 @@ async function getEmailProvider(email, timeout) {
  */
 function getEmailProviderSync(email) {
     try {
-        // Input validation
-        if (!email || typeof email !== 'string') {
-            return {
-                provider: null,
-                email: email || '',
-                loginUrl: null,
-                error: {
-                    type: 'INVALID_EMAIL',
-                    message: 'Email address is required and must be a string'
-                }
-            };
-        }
-        // Basic email format validation
-        const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
-        if (!emailRegex.test(email)) {
+        const parsed = validateAndParseEmailForLookup(email);
+        if (!parsed.ok) {
             return {
                 provider: null,
-                email,
+                email: parsed.email,
                 loginUrl: null,
-                error: {
-                    type: 'INVALID_EMAIL',
-                    message: 'Invalid email format'
-                }
-            };
-        }
-        // Pure synchronous domain matching
-        const domain = email.split('@')[1]?.toLowerCase();
-        if (!domain) {
-            return {
-                provider: null,
-                email,
-                loginUrl: null,
-                error: {
-                    type: 'INVALID_EMAIL',
-                    message: 'Invalid email format - missing domain'
-                }
+                error: parsed.error
             };
         }
+        const domain = parsed.domain;
         // Load providers with verification
         let provider = null;
         try {
@@ -246,13 +259,7 @@ function getEmailProviderSync(email) {
                     }
                 };
             }
-            const domainMap = new Map();
-            // Build domain map from loaded providers
-            for (const loadedProvider of result.providers) {
-                for (const domain of loadedProvider.domains) {
-                    domainMap.set(domain.toLowerCase(), loadedProvider);
-                }
-            }
+            const domainMap = getDomainMapFromProviders(result.providers);
             provider = domainMap.get(domain) || null;
         }
         catch (error) {
@@ -291,7 +298,7 @@ function getEmailProviderSync(email) {
             loginUrl: null,
             error: {
                 type: 'INVALID_EMAIL',
-                message: error.message || 'Invalid email address'
+                message: error instanceof Error ? error.message : 'Invalid email address'
             }
         };
     }
@@ -327,7 +334,7 @@ function normalizeEmail(email) {
         return lowercaseEmail;
     }
     let localPart = lowercaseEmail.slice(0, atIndex);
-    const domainPart = lowercaseEmail.slice(atIndex + 1);
+    const domainPart = (0, idn_1.domainToPunycode)(lowercaseEmail.slice(atIndex + 1));
     // Use providers for domain lookup
     let provider = null;
     try {
@@ -335,12 +342,7 @@ function normalizeEmail(email) {
         if (!result.success) {
             return lowercaseEmail; // Return as-is if providers can't be loaded
         }
-        const domainMap = new Map();
-        for (const loadedProvider of result.providers) {
-            for (const domain of loadedProvider.domains) {
-                domainMap.set(domain.toLowerCase(), loadedProvider);
-            }
-        }
+        const domainMap = getDomainMapFromProviders(result.providers);
         provider = domainMap.get(domainPart) || null;
     }
     catch (error) {
@@ -414,45 +416,19 @@ function emailsMatch(email1, email2) {
 async function getEmailProviderFast(email, options = {}) {
     const { timeout = 5000, enableParallel = true, collectDebugInfo = false } = options;
     try {
-        // Input validation
-        if (!email || typeof email !== 'string') {
-            return {
-                provider: null,
-                email: email || '',
-                loginUrl: null,
-                error: {
-                    type: 'INVALID_EMAIL',
-                    message: 'Email address is required and must be a string'
-                }
-            };
-        }
-        // Basic email format validation
-        const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
-        if (!emailRegex.test(email)) {
-            return {
-                provider: null,
-                email,
-                loginUrl: null,
-                error: {
-                    type: 'INVALID_EMAIL',
-                    message: 'Invalid email format'
-                }
-            };
-        }
-        const domain = email.split('@')[1]?.toLowerCase();
-        if (!domain) {
+        const parsed = validateAndParseEmailForLookup(email);
+        if (!parsed.ok) {
             return {
                 provider: null,
-                email,
+                email: parsed.email,
                 loginUrl: null,
-                error: {
-                    type: 'INVALID_EMAIL',
-                    message: 'Invalid email format - missing domain'
-                }
+                error: parsed.error
             };
         }
+        const domain = parsed.domain;
+        const trimmedEmail = parsed.trimmedEmail;
         // First try standard domain matching (fast path)
-        const syncResult = getEmailProviderSync(email);
+        const syncResult = getEmailProviderSync(trimmedEmail);
         if (syncResult.provider) {
             return {
                 ...syncResult,
@@ -466,7 +442,7 @@ async function getEmailProviderFast(email, options = {}) {
         if (!result.success) {
             return {
                 provider: null,
-                email,
+                email: trimmedEmail,
                 loginUrl: null,
                 error: {
                     type: 'NETWORK_ERROR',
@@ -482,7 +458,7 @@ async function getEmailProviderFast(email, options = {}) {
         });
         const fastResult = {
             provider: concurrentResult.provider,
-            email,
+            email: trimmedEmail,
             loginUrl: concurrentResult.provider?.loginUrl || null,
             detectionMethod: concurrentResult.detectionMethod || 'mx_record',
             timing: concurrentResult.timing,
@@ -505,7 +481,7 @@ async function getEmailProviderFast(email, options = {}) {
             loginUrl: null,
             error: {
                 type: 'NETWORK_ERROR',
-                message: error.message || 'DNS detection failed'
+                message: error instanceof Error ? error.message : 'DNS detection failed'
             }
         };
     }

package/dist/concurrent-dns.d.ts

@@ -5,6 +5,10 @@
  * Uses Promise.allSettled for fault tolerance and intelligent result merging.
  */
 import { EmailProvider } from './api';
+type MXRecordLike = {
+    exchange?: string;
+};
+type TXTRecordLike = string;
 /**
  * Configuration for concurrent DNS detection
  */
@@ -29,13 +33,13 @@ export interface DNSQueryResult {
     /** Whether the query succeeded */
     success: boolean;
     /** DNS records returned (if successful) */
-    records?: any[];
+    records?: MXRecordLike[] | TXTRecordLike[];
     /** Error information (if failed) */
     error?: Error;
     /** Query execution time in milliseconds */
     timing: number;
     /** Raw DNS response for debugging */
-    rawResponse?: any;
+    rawResponse?: unknown;
 }
 /**
  * Result from concurrent DNS detection
@@ -130,4 +134,5 @@ export declare function createConcurrentDNSDetector(providers: EmailProvider[],
  * Utility function for quick concurrent DNS detection
  */
 export declare function detectProviderConcurrent(domain: string, providers: EmailProvider[], config?: Partial<ConcurrentDNSConfig>): Promise<ConcurrentDNSResult>;
+export {};
 //# sourceMappingURL=concurrent-dns.d.ts.map

package/dist/concurrent-dns.js

@@ -295,6 +295,8 @@ class ConcurrentDNSDetector {
         let confidence = 0;
         if (query.type === 'mx' && detection.mxPatterns) {
             for (const record of query.records) {
+                if (typeof record !== 'object' || record === null)
+                    continue;
                 const exchange = record.exchange?.toLowerCase() || '';
                 for (const pattern of detection.mxPatterns) {
                     if (exchange.includes(pattern.toLowerCase())) {
@@ -306,6 +308,8 @@ class ConcurrentDNSDetector {
         }
         else if (query.type === 'txt' && detection.txtPatterns) {
             for (const record of query.records) {
+                if (typeof record !== 'string')
+                    continue;
                 const txtRecord = record.toLowerCase();
                 for (const pattern of detection.txtPatterns) {
                     if (txtRecord.includes(pattern.toLowerCase())) {
@@ -368,6 +372,8 @@ class ConcurrentDNSDetector {
         if (!mxQuery?.records)
             return null;
         for (const record of mxQuery.records) {
+            if (typeof record !== 'object' || record === null)
+                continue;
             const exchange = record.exchange?.toLowerCase() || '';
             for (const provider of this.providers) {
                 if (provider.type === 'proxy_service' && provider.customDomainDetection?.mxPatterns) {
@@ -402,9 +408,11 @@ class ConcurrentDNSDetector {
             return Promise.reject(new Error(`DNS query timeout after ${ms}ms`));
         }
         let rejectFn;
+        let queryEntry;
         const wrappedPromise = new Promise((resolve, reject) => {
             rejectFn = reject;
-            const timeout = setTimeout(() => reject(new Error(`DNS query timeout after ${ms}ms`)), ms).unref();
+            const timeout = setTimeout(() => reject(new Error(`DNS query timeout after ${ms}ms`)), ms);
+            timeout.unref?.();
             // Start the underlying operation only after setting up the timeout
             fn()
                 .then(resolve)
@@ -412,7 +420,6 @@ class ConcurrentDNSDetector {
                 .finally(() => {
                 clearTimeout(timeout);
                 // Clean up active query
-                const queryEntry = Array.from(this.activeQueries).find(entry => entry.promise === wrappedPromise);
                 if (queryEntry) {
                     this.activeQueries.delete(queryEntry);
                 }
@@ -420,7 +427,7 @@ class ConcurrentDNSDetector {
         });
         // Track active query for potential cleanup in tests
         if (rejectFn) {
-            const queryEntry = { promise: wrappedPromise, reject: rejectFn };
+            queryEntry = { promise: wrappedPromise, reject: rejectFn };
             this.activeQueries.add(queryEntry);
         }
         return wrappedPromise;

package/dist/hash-verifier.d.ts

@@ -4,6 +4,10 @@
  * Provides cryptographic integrity verification for the email providers database
  * to detect tampering or unauthorized modifications.
  */
+type ProviderLike = {
+    companyProvider?: string;
+    loginUrl?: string | null;
+};
 export interface HashVerificationResult {
     isValid: boolean;
     expectedHash?: string;
@@ -40,7 +44,7 @@ export declare function verifyProvidersIntegrity(filePath: string, expectedHash?
  * @param expectedHash - Expected hash of the JSON string
  * @returns Verification result
  */
-export declare function verifyProvidersDataIntegrity(providersData: any, expectedHash?: string): HashVerificationResult;
+export declare function verifyProvidersDataIntegrity(providersData: unknown, expectedHash?: string): HashVerificationResult;
 /**
  * Generates security hashes for critical files - use this during development
  *
@@ -85,10 +89,11 @@ export declare function performSecurityAudit(providersFilePath?: string): {
  * @param providers - Array of email providers
  * @returns Signed manifest with URL hashes
  */
-export declare function createProviderManifest(providers: any[]): {
+export declare function createProviderManifest(providers: ProviderLike[]): {
     timestamp: string;
     providerCount: number;
     urlHashes: Record<string, string>;
     manifestHash: string;
 };
+export {};
 //# sourceMappingURL=hash-verifier.d.ts.map

package/dist/hash-verifier.js

@@ -29,7 +29,7 @@ const KNOWN_GOOD_HASHES = {
     // SHA-256 hash of the legitimate emailproviders.json
     'emailproviders.json': 'a4fe056edad44ae5479cc100d5cc67cb5f6df86e19c4209db6c5f715f5bf070e',
     // You can add hashes for other critical files
-    'package.json': 'eb87dda83960aa1c2c3bc7a6e4bb4800ff5b8a53d7cc319181662a4b02ba5287',
+    'package.json': '4133771103c0b1600b7d19c2290822eaeaaa9b1b84ef42965de4066545e1e960',
 };
 /**
  * Calculates SHA-256 hash of a file or string content
@@ -96,8 +96,17 @@ function verifyProvidersIntegrity(filePath, expectedHash) {
  */
 function verifyProvidersDataIntegrity(providersData, expectedHash) {
     try {
+        if (providersData === null || typeof providersData !== 'object') {
+            return {
+                isValid: false,
+                actualHash: '',
+                reason: 'Invalid providers data format',
+                file: 'providersData'
+            };
+        }
         // Create deterministic JSON string (sorted keys)
-        const jsonString = JSON.stringify(providersData, Object.keys(providersData).sort(), 2);
+        const providersObject = providersData;
+        const jsonString = JSON.stringify(providersObject, Object.keys(providersObject).sort(), 2);
         const actualHash = calculateHash(jsonString);
         const expectedHashToUse = expectedHash || KNOWN_GOOD_HASHES['emailproviders.json'];
         if (expectedHashToUse === 'TO_BE_CALCULATED') {
@@ -266,7 +275,7 @@ function createProviderManifest(providers) {
     const urlHashes = {};
     for (const provider of providers) {
         if (provider.loginUrl) {
-            const key = `${provider.companyProvider}::${provider.loginUrl}`;
+            const key = `${provider.companyProvider ?? 'Unknown'}::${provider.loginUrl}`;
             urlHashes[key] = calculateHash(provider.loginUrl);
         }
     }

package/dist/index.d.ts

@@ -12,13 +12,15 @@
  *
  * @author Email Provider Links Team
  * @license MIT
- * @version 2.7.0
+ * @version See package.json
  */
-export { getEmailProvider, getEmailProviderSync, getEmailProviderFast, normalizeEmail, emailsMatch, Config } from './api';
+import { loadProviders } from './loader';
+import { getEmailProvider, getEmailProviderSync, getEmailProviderFast, normalizeEmail, emailsMatch, Config } from './api';
+import { detectProviderConcurrent } from './concurrent-dns';
+import { validateInternationalEmail, emailToPunycode, domainToPunycode } from './idn';
+export { getEmailProvider, getEmailProviderSync, getEmailProviderFast, normalizeEmail, emailsMatch, Config };
 export type { EmailProvider, EmailProviderResult } from './api';
-export { loadProviders } from './loader';
-export { detectProviderConcurrent } from './concurrent-dns';
-export { validateInternationalEmail, emailToPunycode, domainToPunycode } from './idn';
+export { loadProviders, detectProviderConcurrent, validateInternationalEmail, emailToPunycode, domainToPunycode };
 export type { ConcurrentDNSConfig, ConcurrentDNSResult } from './concurrent-dns';
 /**
  * Enhanced email validation with comprehensive error reporting
@@ -45,10 +47,6 @@ export declare function validateEmailAddress(email: string): {
         message: string;
     };
 };
-import { loadProviders } from './loader';
-import { getEmailProvider, getEmailProviderSync, getEmailProviderFast, normalizeEmail, emailsMatch } from './api';
-import { detectProviderConcurrent } from './concurrent-dns';
-import { validateInternationalEmail } from './idn';
 /**
  * Get comprehensive list of all supported email providers
  *
@@ -169,8 +167,8 @@ export declare const isValidEmailAddress: typeof isValidEmail;
 /**
  * Library metadata (legacy constants)
  */
-export declare const PROVIDER_COUNT = 130;
-export declare const DOMAIN_COUNT = 218;
+export declare const PROVIDER_COUNT: 130;
+export declare const DOMAIN_COUNT: 218;
 /**
  * Default export for convenience
  *
@@ -203,12 +201,9 @@ declare const _default: {
         readonly SUPPORTED_PROVIDERS_COUNT: 130;
         readonly SUPPORTED_DOMAINS_COUNT: 218;
     };
-    PROVIDER_COUNT: number;
-    DOMAIN_COUNT: number;
+    PROVIDER_COUNT: 130;
+    DOMAIN_COUNT: 218;
 };
 export default _default;
-/**
- * Version information
- */
-export declare const VERSION = "2.7.0";
+export declare const VERSION: string;
 //# sourceMappingURL=index.d.ts.map

package/dist/index.js

@@ -13,7 +13,7 @@
  *
  * @author Email Provider Links Team
  * @license MIT
- * @version 2.7.0
+ * @version See package.json
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.VERSION = exports.DOMAIN_COUNT = exports.PROVIDER_COUNT = exports.isValidEmailAddress = exports.domainToPunycode = exports.emailToPunycode = exports.validateInternationalEmail = exports.detectProviderConcurrent = exports.loadProviders = exports.Config = exports.emailsMatch = exports.normalizeEmail = exports.getEmailProviderFast = exports.getEmailProviderSync = exports.getEmailProvider = void 0;
@@ -24,22 +24,18 @@ exports.extractDomain = extractDomain;
 exports.isValidEmail = isValidEmail;
 exports.getLibraryStats = getLibraryStats;
 exports.batchProcessEmails = batchProcessEmails;
-// ===== PRIMARY API =====
-// Core functions that 95% of users need
-var api_1 = require("./api");
+const loader_1 = require("./loader");
+Object.defineProperty(exports, "loadProviders", { enumerable: true, get: function () { return loader_1.loadProviders; } });
+const api_1 = require("./api");
 Object.defineProperty(exports, "getEmailProvider", { enumerable: true, get: function () { return api_1.getEmailProvider; } });
 Object.defineProperty(exports, "getEmailProviderSync", { enumerable: true, get: function () { return api_1.getEmailProviderSync; } });
 Object.defineProperty(exports, "getEmailProviderFast", { enumerable: true, get: function () { return api_1.getEmailProviderFast; } });
 Object.defineProperty(exports, "normalizeEmail", { enumerable: true, get: function () { return api_1.normalizeEmail; } });
 Object.defineProperty(exports, "emailsMatch", { enumerable: true, get: function () { return api_1.emailsMatch; } });
 Object.defineProperty(exports, "Config", { enumerable: true, get: function () { return api_1.Config; } });
-// ===== ADVANCED FEATURES =====
-// For power users and custom implementations
-var loader_1 = require("./loader");
-Object.defineProperty(exports, "loadProviders", { enumerable: true, get: function () { return loader_1.loadProviders; } });
-var concurrent_dns_1 = require("./concurrent-dns");
+const concurrent_dns_1 = require("./concurrent-dns");
 Object.defineProperty(exports, "detectProviderConcurrent", { enumerable: true, get: function () { return concurrent_dns_1.detectProviderConcurrent; } });
-var idn_1 = require("./idn");
+const idn_1 = require("./idn");
 Object.defineProperty(exports, "validateInternationalEmail", { enumerable: true, get: function () { return idn_1.validateInternationalEmail; } });
 Object.defineProperty(exports, "emailToPunycode", { enumerable: true, get: function () { return idn_1.emailToPunycode; } });
 Object.defineProperty(exports, "domainToPunycode", { enumerable: true, get: function () { return idn_1.domainToPunycode; } });
@@ -86,7 +82,7 @@ function validateEmailAddress(email) {
         };
     }
     // Use international validation
-    const idnError = (0, idn_2.validateInternationalEmail)(trimmedEmail);
+    const idnError = (0, idn_1.validateInternationalEmail)(trimmedEmail);
     if (idnError) {
         return {
             isValid: false,
@@ -104,10 +100,6 @@ function validateEmailAddress(email) {
 }
 // ===== UTILITY FUNCTIONS =====
 // Helper functions for common tasks
-const loader_2 = require("./loader");
-const api_2 = require("./api");
-const concurrent_dns_2 = require("./concurrent-dns");
-const idn_2 = require("./idn");
 /**
  * Get comprehensive list of all supported email providers
  *
@@ -124,7 +116,7 @@ const idn_2 = require("./idn");
  */
 function getSupportedProviders() {
     try {
-        const { providers } = (0, loader_2.loadProviders)();
+        const { providers } = (0, loader_1.loadProviders)();
         return [...providers]; // Return defensive copy to prevent external mutations
     }
     catch (error) {
@@ -150,7 +142,7 @@ function isEmailProviderSupported(email) {
         if (!email || typeof email !== 'string') {
             return false;
         }
-        const result = (0, api_2.getEmailProviderSync)(email);
+        const result = (0, api_1.getEmailProviderSync)(email);
         return result.provider !== null;
     }
     catch {
@@ -227,7 +219,7 @@ function getLibraryStats() {
         return {
             providerCount: providers.length,
             domainCount,
-            version: '2.7.0',
+            version: exports.VERSION,
             supportsAsync: true,
             supportsIDN: true,
             supportsAliasDetection: true,
@@ -238,7 +230,7 @@ function getLibraryStats() {
         return {
             providerCount: 0,
             domainCount: 0,
-            version: '2.7.0',
+            version: exports.VERSION,
             supportsAsync: true,
             supportsIDN: true,
             supportsAliasDetection: true,
@@ -282,7 +274,7 @@ function batchProcessEmails(emails, options = {}) {
             // Add normalized email if requested
             if (normalizeEmails && validation.normalizedEmail) {
                 try {
-                    result.normalized = (0, api_2.normalizeEmail)(validation.normalizedEmail);
+                    result.normalized = (0, api_1.normalizeEmail)(validation.normalizedEmail);
                 }
                 catch {
                     result.normalized = validation.normalizedEmail;
@@ -300,7 +292,7 @@ function batchProcessEmails(emails, options = {}) {
             // Add provider info if requested
             if (includeProviderInfo && validation.normalizedEmail) {
                 try {
-                    const providerResult = (0, api_2.getEmailProviderSync)(validation.normalizedEmail);
+                    const providerResult = (0, api_1.getEmailProviderSync)(validation.normalizedEmail);
                     result.provider = providerResult.provider?.companyProvider || null;
                     result.loginUrl = providerResult.loginUrl;
                 }
@@ -329,8 +321,8 @@ exports.isValidEmailAddress = isValidEmail;
 /**
  * Library metadata (legacy constants)
  */
-exports.PROVIDER_COUNT = 130;
-exports.DOMAIN_COUNT = 218;
+exports.PROVIDER_COUNT = api_1.Config?.SUPPORTED_PROVIDERS_COUNT ?? 130;
+exports.DOMAIN_COUNT = api_1.Config?.SUPPORTED_DOMAINS_COUNT ?? 218;
 /**
  * Default export for convenience
  *
@@ -343,14 +335,14 @@ exports.DOMAIN_COUNT = 218;
  */
 exports.default = {
     // Core functions
-    getEmailProvider: api_2.getEmailProvider,
-    getEmailProviderSync: api_2.getEmailProviderSync,
-    getEmailProviderFast: api_2.getEmailProviderFast,
+    getEmailProvider: api_1.getEmailProvider,
+    getEmailProviderSync: api_1.getEmailProviderSync,
+    getEmailProviderFast: api_1.getEmailProviderFast,
     // Validation
     validateEmailAddress,
     isValidEmail,
-    normalizeEmail: api_2.normalizeEmail,
-    emailsMatch: api_2.emailsMatch,
+    normalizeEmail: api_1.normalizeEmail,
+    emailsMatch: api_1.emailsMatch,
     // Utilities
     getSupportedProviders,
     isEmailProviderSupported,
@@ -358,16 +350,25 @@ exports.default = {
     getLibraryStats,
     batchProcessEmails,
     // Advanced
-    loadProviders: loader_2.loadProviders,
-    detectProviderConcurrent: concurrent_dns_2.detectProviderConcurrent,
-    validateInternationalEmail: idn_2.validateInternationalEmail,
+    loadProviders: loader_1.loadProviders,
+    detectProviderConcurrent: concurrent_dns_1.detectProviderConcurrent,
+    validateInternationalEmail: idn_1.validateInternationalEmail,
     // Constants
-    Config: api_2.Config,
+    Config: api_1.Config,
     PROVIDER_COUNT: exports.PROVIDER_COUNT,
     DOMAIN_COUNT: exports.DOMAIN_COUNT
 };
 /**
  * Version information
  */
-exports.VERSION = '2.7.0';
+function readPackageVersion() {
+    try {
+        const pkg = require('../package.json');
+        return pkg.version || 'unknown';
+    }
+    catch {
+        return 'unknown';
+    }
+}
+exports.VERSION = readPackageVersion();
 //# sourceMappingURL=index.js.map

package/dist/loader.js

@@ -10,9 +10,8 @@ exports.clearCache = clearCache;
 exports.getLoadingStats = getLoadingStats;
 exports.loadProviders = loadProviders;
 exports.loadProvidersDebug = loadProvidersDebug;
-const fs_1 = require("fs");
 const path_1 = require("path");
-const schema_1 = require("./schema");
+const provider_store_1 = require("./provider-store");
 /**
  * Internal cached data
  */
@@ -25,35 +24,6 @@ let loadingStats = null;
 const DEFAULT_CONFIG = {
     debug: false
 };
-/**
- * Convert compressed provider to EmailProvider format
- */
-function convertProviderToEmailProvider(compressedProvider) {
-    if (!compressedProvider.type) {
-        console.warn(`Missing type for provider ${compressedProvider.id}`);
-    }
-    const provider = {
-        companyProvider: compressedProvider.companyProvider,
-        loginUrl: compressedProvider.loginUrl || null,
-        domains: compressedProvider.domains || [],
-        type: compressedProvider.type,
-        alias: compressedProvider.alias
-    };
-    // Include DNS detection patterns for business email services and proxy services
-    const needsCustomDomainDetection = compressedProvider.type === 'custom_provider' ||
-        compressedProvider.type === 'proxy_service';
-    if (needsCustomDomainDetection && (compressedProvider.mx?.length || compressedProvider.txt?.length)) {
-        provider.customDomainDetection = {};
-        if (compressedProvider.mx?.length) {
-            provider.customDomainDetection.mxPatterns = compressedProvider.mx;
-        }
-        if (compressedProvider.txt?.length) {
-            // Decompress TXT patterns
-            provider.customDomainDetection.txtPatterns = compressedProvider.txt.map(schema_1.decompressTxtPattern);
-        }
-    }
-    return provider;
-}
 /**
  * Internal provider data loader with configuration
  */
@@ -73,14 +43,8 @@ function loadProvidersInternal(config = {}) {
         const dataPath = mergedConfig.path || (0, path_1.join)(basePath, 'emailproviders.json');
         if (mergedConfig.debug)
             console.log('🔄 Loading provider data...');
-        const content = (0, fs_1.readFileSync)(dataPath, 'utf8');
-        const data = JSON.parse(content);
-        // Validate format
-        if (!data.version || !data.providers || !Array.isArray(data.providers)) {
-            throw new Error('Invalid provider data format');
-        }
-        const providers = data.providers.map(convertProviderToEmailProvider);
-        const fileSize = content.length;
+        const { data, fileSize } = (0, provider_store_1.readProvidersDataFile)(dataPath);
+        const providers = data.providers.map(provider_store_1.convertProviderToEmailProviderShared);
         if (mergedConfig.debug) {
             console.log(`✅ Loaded ${providers.length} providers`);
             console.log(`📊 File size: ${(fileSize / 1024).toFixed(1)} KB`);
@@ -120,14 +84,8 @@ function buildDomainMap(providers) {
     if (cachedDomainMap) {
         return cachedDomainMap;
     }
-    const domainMap = new Map();
-    for (const provider of providers) {
-        for (const domain of provider.domains) {
-            domainMap.set(domain.toLowerCase(), provider);
-        }
-    }
-    cachedDomainMap = domainMap;
-    return domainMap;
+    cachedDomainMap = (0, provider_store_1.buildDomainMapShared)(providers);
+    return cachedDomainMap;
 }
 /**
  * Clear all caches (useful for testing or hot reloading)

package/dist/provider-loader.d.ts

@@ -4,7 +4,17 @@
  * Integrates URL validation and hash verification to load and validate
  * email provider data with security checks.
  */
-import type { EmailProvider } from './index';
+import type { EmailProvider } from './api';
+type MiddlewareRequestLike = Record<string, unknown> & {
+    secureProviders?: EmailProvider[];
+    securityReport?: LoadResult['securityReport'];
+};
+type MiddlewareResponseLike = {
+    status: (code: number) => {
+        json: (body: unknown) => unknown;
+    };
+};
+type MiddlewareNextLike = () => void;
 export interface LoadResult {
     success: boolean;
     providers: EmailProvider[];
@@ -43,7 +53,7 @@ interface SecurityMiddlewareOptions {
     onSecurityIssue?: (report: LoadResult['securityReport']) => void;
     getProviders?: () => LoadResult;
 }
-export declare function createSecurityMiddleware(options?: SecurityMiddlewareOptions): (req: any, res: any, next: any) => any;
+export declare function createSecurityMiddleware(options?: SecurityMiddlewareOptions): (req: MiddlewareRequestLike, res: MiddlewareResponseLike, next: MiddlewareNextLike) => void;
 declare const _default: {
     loadProviders: typeof loadProviders;
     initializeSecurity: typeof initializeSecurity;

package/dist/provider-loader.js

@@ -10,11 +10,10 @@ exports.clearCache = clearCache;
 exports.loadProviders = loadProviders;
 exports.initializeSecurity = initializeSecurity;
 exports.createSecurityMiddleware = createSecurityMiddleware;
-const fs_1 = require("fs");
 const path_1 = require("path");
 const url_validator_1 = require("./url-validator");
 const hash_verifier_1 = require("./hash-verifier");
-const schema_1 = require("./schema");
+const provider_store_1 = require("./provider-store");
 // Cache for load results
 let cachedLoadResult = null;
 /**
@@ -23,35 +22,6 @@ let cachedLoadResult = null;
 function clearCache() {
     cachedLoadResult = null;
 }
-/**
- * Convert compressed provider to EmailProvider format
- */
-function convertProviderToEmailProvider(compressedProvider) {
-    if (!compressedProvider.type) {
-        console.warn(`Missing type for provider ${compressedProvider.id}`);
-    }
-    const provider = {
-        companyProvider: compressedProvider.companyProvider,
-        loginUrl: compressedProvider.loginUrl || null,
-        domains: compressedProvider.domains || [],
-        type: compressedProvider.type,
-        alias: compressedProvider.alias
-    };
-    // Include DNS detection patterns for business email services and proxy services
-    const needsCustomDomainDetection = compressedProvider.type === 'custom_provider' ||
-        compressedProvider.type === 'proxy_service';
-    if (needsCustomDomainDetection && (compressedProvider.mx?.length || compressedProvider.txt?.length)) {
-        provider.customDomainDetection = {};
-        if (compressedProvider.mx?.length) {
-            provider.customDomainDetection.mxPatterns = compressedProvider.mx;
-        }
-        if (compressedProvider.txt?.length) {
-            // Decompress TXT patterns
-            provider.customDomainDetection.txtPatterns = compressedProvider.txt.map(schema_1.decompressTxtPattern);
-        }
-    }
-    return provider;
-}
 /**
  * Loads and validates email provider data with security checks
  *
@@ -83,14 +53,8 @@ function loadProviders(providersPath, expectedHash) {
     }
     // Step 2: Load and parse JSON
     try {
-        const fileContent = (0, fs_1.readFileSync)(filePath, 'utf8');
-        const data = JSON.parse(fileContent);
-        // Validate format
-        if (!data.version || !data.providers || !Array.isArray(data.providers)) {
-            throw new Error('Invalid provider data format');
-        }
-        // Convert to EmailProvider format
-        providers = data.providers.map(convertProviderToEmailProvider);
+        const { data } = (0, provider_store_1.readProvidersDataFile)(filePath);
+        providers = data.providers.map(provider_store_1.convertProviderToEmailProviderShared);
     }
     catch (error) {
         issues.push(`Failed to load providers file: ${error instanceof Error ? error.message : 'Unknown error'}`);
@@ -178,15 +142,17 @@ function createSecurityMiddleware(options = {}) {
             if (options.onSecurityIssue) {
                 options.onSecurityIssue(result.securityReport);
             }
-            return res.status(500).json({
+            res.status(500).json({
                 error: 'Security validation failed',
                 details: result.securityReport
             });
+            return;
         }
         // Attach secure providers to request
         req.secureProviders = result.providers;
         req.securityReport = result.securityReport;
         next();
+        return;
     };
 }
 exports.default = {

package/dist/provider-store.d.ts

@@ -0,0 +1,9 @@
+import type { EmailProvider } from './api';
+import { Provider, ProvidersData } from './schema';
+export declare function convertProviderToEmailProviderShared(compressedProvider: Provider): EmailProvider;
+export declare function readProvidersDataFile(filePath: string): {
+    data: ProvidersData;
+    fileSize: number;
+};
+export declare function buildDomainMapShared(providers: EmailProvider[]): Map<string, EmailProvider>;
+//# sourceMappingURL=provider-store.d.ts.map

package/dist/provider-store.js

@@ -0,0 +1,49 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.convertProviderToEmailProviderShared = convertProviderToEmailProviderShared;
+exports.readProvidersDataFile = readProvidersDataFile;
+exports.buildDomainMapShared = buildDomainMapShared;
+const fs_1 = require("fs");
+const schema_1 = require("./schema");
+function convertProviderToEmailProviderShared(compressedProvider) {
+    if (!compressedProvider.type) {
+        console.warn(`Missing type for provider ${compressedProvider.id}`);
+    }
+    const provider = {
+        companyProvider: compressedProvider.companyProvider,
+        loginUrl: compressedProvider.loginUrl || null,
+        domains: compressedProvider.domains || [],
+        type: compressedProvider.type,
+        alias: compressedProvider.alias
+    };
+    const needsCustomDomainDetection = compressedProvider.type === 'custom_provider' ||
+        compressedProvider.type === 'proxy_service';
+    if (needsCustomDomainDetection && (compressedProvider.mx?.length || compressedProvider.txt?.length)) {
+        provider.customDomainDetection = {};
+        if (compressedProvider.mx?.length) {
+            provider.customDomainDetection.mxPatterns = compressedProvider.mx;
+        }
+        if (compressedProvider.txt?.length) {
+            provider.customDomainDetection.txtPatterns = compressedProvider.txt.map(schema_1.decompressTxtPattern);
+        }
+    }
+    return provider;
+}
+function readProvidersDataFile(filePath) {
+    const content = (0, fs_1.readFileSync)(filePath, 'utf8');
+    const data = JSON.parse(content);
+    if (!data.version || !data.providers || !Array.isArray(data.providers)) {
+        throw new Error('Invalid provider data format');
+    }
+    return { data, fileSize: content.length };
+}
+function buildDomainMapShared(providers) {
+    const domainMap = new Map();
+    for (const provider of providers) {
+        for (const domain of provider.domains) {
+            domainMap.set(domain.toLowerCase(), provider);
+        }
+    }
+    return domainMap;
+}
+//# sourceMappingURL=provider-store.js.map

package/dist/url-validator.d.ts

@@ -4,6 +4,10 @@
  * Provides validation and allowlisting for email provider URLs to prevent
  * malicious redirects and supply chain attacks.
  */
+type ProviderUrlLike = {
+    companyProvider?: string;
+    loginUrl?: string | null;
+};
 export interface URLValidationResult {
     isValid: boolean;
     reason?: string;
@@ -23,7 +27,7 @@ export declare function validateEmailProviderUrl(url: string): URLValidationResu
  * @param providers - Array of email providers to validate
  * @returns Array of validation results
  */
-export declare function validateAllProviderUrls(providers: any[]): Array<{
+export declare function validateAllProviderUrls(providers: ProviderUrlLike[]): Array<{
     provider: string;
     url: string;
     validation: URLValidationResult;
@@ -34,7 +38,7 @@ export declare function validateAllProviderUrls(providers: any[]): Array<{
  * @param providers - Array of email providers to audit
  * @returns Security audit report
  */
-export declare function auditProviderSecurity(providers: any[]): {
+export declare function auditProviderSecurity(providers: ProviderUrlLike[]): {
     total: number;
     valid: number;
     invalid: number;
@@ -45,4 +49,5 @@ export declare function auditProviderSecurity(providers: any[]): {
     }[];
     report: string;
 };
+export {};
 //# sourceMappingURL=url-validator.d.ts.map

package/dist/url-validator.js

@@ -9,19 +9,31 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.validateEmailProviderUrl = validateEmailProviderUrl;
 exports.validateAllProviderUrls = validateAllProviderUrls;
 exports.auditProviderSecurity = auditProviderSecurity;
-const loader_1 = require("./loader");
+const fs_1 = require("fs");
+const path_1 = require("path");
+const hash_verifier_1 = require("./hash-verifier");
 /**
  * Get allowlisted domains from provider data
  * Only URLs from these domains will be considered safe.
  */
 function getAllowedDomains() {
-    const { providers } = (0, loader_1.loadProviders)();
+    const filePath = (0, path_1.join)(__dirname, '..', 'providers', 'emailproviders.json');
+    const integrity = (0, hash_verifier_1.verifyProvidersIntegrity)(filePath);
+    if (!integrity.isValid) {
+        return new Set();
+    }
+    if (cachedAllowedDomains && cachedAllowlistHash === integrity.actualHash) {
+        return cachedAllowedDomains;
+    }
+    const fileContent = (0, fs_1.readFileSync)(filePath, 'utf8');
+    const data = JSON.parse(fileContent);
+    const providers = data.providers;
     const allowedDomains = new Set();
     for (const provider of providers) {
         if (provider.loginUrl) {
             try {
                 const url = new URL(provider.loginUrl);
-                allowedDomains.add(url.hostname);
+                allowedDomains.add((0, idn_1.domainToPunycode)(url.hostname.toLowerCase()));
             }
             catch {
                 // Skip invalid URLs
@@ -29,8 +41,12 @@ function getAllowedDomains() {
             }
         }
     }
+    cachedAllowedDomains = allowedDomains;
+    cachedAllowlistHash = integrity.actualHash;
     return allowedDomains;
 }
+let cachedAllowedDomains = null;
+let cachedAllowlistHash = null;
 /**
  * Suspicious URL patterns that should always be rejected
  */

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mikkelscheike/email-provider-links",
-  "version": "4.0.11",
+  "version": "5.0.0",
   "description": "TypeScript library for email provider detection with 130 providers (218 domains), concurrent DNS resolution, optimized performance, 94.65% test coverage, and enterprise security for login and password reset flows",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",