@networkpro/web 1.12.9 → 1.13.0

package/CHANGELOG.md

@@ -22,6 +22,30 @@ This project attempts to follow [Keep a Changelog](https://keepachangelog.com/en
 
 ---
 
+## [1.13.0] - 2025-06-11
+
+### Added
+
+- Introduced `/pgp` route to publish OpenPGP contact information, download links, and QR codes
+- Added `.well-known/humans.txt` to document project authorship
+- Added `.well-known/security.txt` to define the official security contact and vulnerability disclosure policy
+- Linked OpenPGP keys to external directories for validation (e.g. keys.openpgp.org)
+- Added new GitHub Actions workflow: `check-security-txt-expiry.yml` to monitor `security.txt` expiration
+
+### Changed
+
+- Enforced `"singleQuote": true` in `.prettierrc` and formatted the codebase using Prettier
+- Updated `src/service-worker.js` to exclude `security.txt.asc` from caching
+- CSP policy updated to allow `clipboard-write` for improved UX on PGP fingerprint buttons
+- Clarified that addresses under the `s.neteng.pro` domain are powered by Proton Mail and support native E2EE
+- Revised `SECURITY.md` and `security.txt` with accurate Proton Mail usage notes and PGP policy references
+
+### Removed
+
+- Legacy reference to a "coming soon" PGP section in `SECURITY.md` (now live and linked)
+
+---
+
 ## [1.12.9] - 2025-06-11
 
 ### Added
@@ -286,7 +310,8 @@ This project attempts to follow [Keep a Changelog](https://keepachangelog.com/en
 
 <!-- Link references -->
 
-[Unreleased]: https://github.com/netwk-pro/netwk-pro.github.io/compare/v1.12.9...HEAD
+[Unreleased]: https://github.com/netwk-pro/netwk-pro.github.io/compare/v1.13.0...HEAD
+[1.13.0]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.13.0
 [1.12.9]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.12.9
 [1.12.8]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.12.8
 [1.12.7]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.12.7

package/README.md

@@ -221,12 +221,12 @@ This script runs `scripts/checkNode.js`, which compares your current Node.js and
 **_Node Version Check (snippet from `scripts/checkNode.js`)_**
 
 ```javascript
-const semver = require("semver");
-const { engines } = require("../package.json");
+const semver = require('semver');
+const { engines } = require('../package.json');
 
 const requiredNode = engines.node;
 const requiredNpm = engines.npm;
-const isPostInstall = process.env.npm_lifecycle_event === "postinstall";
+const isPostInstall = process.env.npm_lifecycle_event === 'postinstall';
 
 let hasError = false;
 
@@ -236,8 +236,8 @@ if (!semver.satisfies(process.version, requiredNode)) {
   if (!isPostInstall) hasError = true;
 }
 
-const npmVersion = require("child_process")
-  .execSync("npm -v")
+const npmVersion = require('child_process')
+  .execSync('npm -v')
   .toString()
   .trim();
 
@@ -248,7 +248,7 @@ if (!semver.satisfies(npmVersion, requiredNpm)) {
 }
 
 if (!hasError) {
-  console.log("✅ Node and npm versions are valid.");
+  console.log('✅ Node and npm versions are valid.');
 } else {
   process.exit(1);
 }
@@ -343,7 +343,7 @@ It unregisters **all active service worker registrations** and logs the result.
 Located at `static/disableSw.js`, this file sets a global flag if the URL contains the `?nosw` query parameter:
 
 ```js
-if (location.search.includes("nosw")) {
+if (location.search.includes('nosw')) {
   window.__DISABLE_SW__ = true;
 }
 ```
@@ -365,7 +365,7 @@ https://netwk.pro/?nosw
 To register the service worker conditionally, call the function from client code:
 
 ```js
-import { registerServiceWorker } from "$lib/registerServiceWorker.js";
+import { registerServiceWorker } from '$lib/registerServiceWorker.js';
 
 registerServiceWorker();
 ```

package/eslint.config.mjs

@@ -6,57 +6,57 @@ SPDX-License-Identifier: CC-BY-4.0 OR GPL-3.0-or-later
 This file is part of Network Pro.
 ========================================================================= */
 
-import js from "@eslint/js"; // Provides ESLint core rules and recommended config
-import eslintConfigPrettier from "eslint-config-prettier"; // Prettier config to disable conflicting ESLint rules
-import jsdocPlugin from "eslint-plugin-jsdoc"; // JSDoc plugin
-import sveltePlugin from "eslint-plugin-svelte"; // Svelte plugin
-import globals from "globals";
-import svelteParser from "svelte-eslint-parser"; // Svelte parser
+import js from '@eslint/js'; // Provides ESLint core rules and recommended config
+import eslintConfigPrettier from 'eslint-config-prettier'; // Prettier config to disable conflicting ESLint rules
+import jsdocPlugin from 'eslint-plugin-jsdoc'; // JSDoc plugin
+import sveltePlugin from 'eslint-plugin-svelte'; // Svelte plugin
+import globals from 'globals';
+import svelteParser from 'svelte-eslint-parser'; // Svelte parser
 
 const GLOBALS = {
   ...globals.browser,
   ...globals.node,
-  self: "readonly",
-  location: "readonly",
-  indexedDB: "readonly",
+  self: 'readonly',
+  location: 'readonly',
+  indexedDB: 'readonly',
   ...globals.vitest, // Add Vitest globals for test functions like afterEach, describe, etc.
 };
 
 // Define general ESLint rules (non-Svelte-specific)
 const ESLINT_RULES = {
-  indent: "off", // Turn off the 'indent' rule, managed by Prettier
-  quotes: "off", // Turn off the 'quotes' rule, managed by Prettier
-  semi: "off", // Turn off the 'semi' rule, managed by Prettier
+  indent: 'off', // Turn off the 'indent' rule, managed by Prettier
+  quotes: 'off', // Turn off the 'quotes' rule, managed by Prettier
+  semi: 'off', // Turn off the 'semi' rule, managed by Prettier
 };
 
 export default [
   // Global ignores
   {
     ignores: [
-      ".*", // Hidden files
-      "*.xml", // XML files
-      "**/.cache/**", // Cache directories
-      "**/.vscode/**", // VSCode-specific files
-      "**/coverage/**", // Coverage reports
-      "**/build/**", // Distribution files
-      "package.json", // NPM package manifest
-      "package-lock.json", // NPM lockfile
-      "**/playwright-report/**", // Playwright report files
-      "node_modules/", // Node.js dependencies
-      "**/test-results/**", // Test results
-      ".vite/", // Vite-specific cache directory
-      "*.lock", // Lock files
-      ".env*", // Environment files
+      '.*', // Hidden files
+      '*.xml', // XML files
+      '**/.cache/**', // Cache directories
+      '**/.vscode/**', // VSCode-specific files
+      '**/coverage/**', // Coverage reports
+      '**/build/**', // Distribution files
+      'package.json', // NPM package manifest
+      'package-lock.json', // NPM lockfile
+      '**/playwright-report/**', // Playwright report files
+      'node_modules/', // Node.js dependencies
+      '**/test-results/**', // Test results
+      '.vite/', // Vite-specific cache directory
+      '*.lock', // Lock files
+      '.env*', // Environment files
     ],
   },
 
   // General JavaScript/Node.js configuration
   {
-    files: ["**/*.mjs", "**/*.js"],
+    files: ['**/*.mjs', '**/*.js'],
     languageOptions: {
       globals: GLOBALS,
-      ecmaVersion: "latest",
-      sourceType: "module",
+      ecmaVersion: 'latest',
+      sourceType: 'module',
     },
     plugins: {
       jsdoc: jsdocPlugin, // Include JSDoc plugin
@@ -65,21 +65,21 @@ export default [
       ...js.configs.recommended.rules, // ESLint's core recommended rules (scoped)
       ...eslintConfigPrettier.rules, // Prettier config to disable conflicting ESLint rules (scoped)
       ...ESLINT_RULES, // Additional custom rules
-      "no-unused-vars": ["error", { argsIgnorePattern: "^_" }], // Ignore unused variables starting with an underscore
-      "jsdoc/check-alignment": "warn", // Ensure JSDoc block tags are aligned
-      "jsdoc/check-param-names": "warn", // Checks parameter names in JSDoc
+      'no-unused-vars': ['error', { argsIgnorePattern: '^_' }], // Ignore unused variables starting with an underscore
+      'jsdoc/check-alignment': 'warn', // Ensure JSDoc block tags are aligned
+      'jsdoc/check-param-names': 'warn', // Checks parameter names in JSDoc
       // Updated rule to allow the @updated tag
-      "jsdoc/check-tag-names": [
-        "warn",
+      'jsdoc/check-tag-names': [
+        'warn',
         {
-          definedTags: ["updated"],
+          definedTags: ['updated'],
         },
       ],
-      "jsdoc/check-types": "warn", // Checks if types in JSDoc are defined correctly
-      "jsdoc/require-param": "warn", // Requires @param in JSDoc
-      "jsdoc/require-returns": "warn", // Requires @returns in JSDoc
-      "jsdoc/require-jsdoc": [
-        "warn",
+      'jsdoc/check-types': 'warn', // Checks if types in JSDoc are defined correctly
+      'jsdoc/require-param': 'warn', // Requires @param in JSDoc
+      'jsdoc/require-returns': 'warn', // Requires @returns in JSDoc
+      'jsdoc/require-jsdoc': [
+        'warn',
         {
           publicOnly: true,
           require: {
@@ -94,33 +94,33 @@ export default [
 
   // Svelte-specific configuration
   {
-    files: ["**/*.svelte"],
+    files: ['**/*.svelte'],
     plugins: { svelte: sveltePlugin }, // Use imported Svelte plugin
     languageOptions: {
       parser: svelteParser, // Use imported Svelte parser
       globals: GLOBALS, // Your global variables
-      ecmaVersion: "latest", // Use "latest" for Svelte to leverage modern features
-      sourceType: "module",
+      ecmaVersion: 'latest', // Use "latest" for Svelte to leverage modern features
+      sourceType: 'module',
     },
     rules: {
       ...sveltePlugin.configs.recommended.rules, // Svelte recommended rules
       ...sveltePlugin.configs.prettier.rules, // Prettier compatibility for Svelte
-      "svelte/no-at-html-tags": "warn", // Warn on use of @html (security risk)
-      "svelte/require-optimized-style-attribute": "warn", // Recommend optimized style attributes
+      'svelte/no-at-html-tags': 'warn', // Warn on use of @html (security risk)
+      'svelte/require-optimized-style-attribute': 'warn', // Recommend optimized style attributes
     },
   },
 
   // Vitest-specific configuration
   {
-    files: ["**/*.test.js", "**/*.spec.js", "**/vitest-setup-client.js"], // Test-related files
+    files: ['**/*.test.js', '**/*.spec.js', '**/vitest-setup-client.js'], // Test-related files
     languageOptions: {
       globals: {
         ...GLOBALS,
-        afterEach: "readonly", // Explicitly declare afterEach as a global
+        afterEach: 'readonly', // Explicitly declare afterEach as a global
       },
     },
     rules: {
-      "no-undef": "off", // Turn off no-undef for test globals
+      'no-undef': 'off', // Turn off no-undef for test globals
     },
   },
 ];

package/netlify/edge-functions/csp-report.js

@@ -27,29 +27,29 @@ This file is part of Network Pro.
  * @returns {Promise<Response>} HTTP Response with status 204 or 405
  */
 export default async (request, _context) => {
-  if (request.method !== "POST") {
-    return new Response("Method Not Allowed", { status: 405 });
+  if (request.method !== 'POST') {
+    return new Response('Method Not Allowed', { status: 405 });
   }
 
   try {
     const body = await request.json();
-    const report = body["csp-report"];
+    const report = body['csp-report'];
 
     // Ignore if report is missing or malformed
-    if (!report || typeof report !== "object") {
+    if (!report || typeof report !== 'object') {
       return new Response(null, { status: 204 });
     }
 
-    const violated = report["violated-directive"] ?? "";
-    const blockedUri = report["blocked-uri"] ?? "";
+    const violated = report['violated-directive'] ?? '';
+    const blockedUri = report['blocked-uri'] ?? '';
 
     // Filter: Skip img-src violations and empty URIs
     const ignored = [
-      violated.startsWith("img-src"),
-      blockedUri === "",
-      blockedUri === "about",
-      blockedUri.startsWith("chrome-extension://"),
-      blockedUri.startsWith("moz-extension://"),
+      violated.startsWith('img-src'),
+      blockedUri === '',
+      blockedUri === 'about',
+      blockedUri.startsWith('chrome-extension://'),
+      blockedUri.startsWith('moz-extension://'),
     ].some(Boolean);
 
     if (ignored) {
@@ -60,15 +60,15 @@ export default async (request, _context) => {
     await sendToNtfy(violated, blockedUri, report);
 
     // Log useful violations
-    console.log("[CSP-Edge] Violation:", {
+    console.log('[CSP-Edge] Violation:', {
       directive: violated,
       uri: blockedUri,
-      referrer: report["referrer"],
-      source: report["source-file"],
-      line: report["line-number"],
+      referrer: report['referrer'],
+      source: report['source-file'],
+      line: report['line-number'],
     });
   } catch (err) {
-    console.warn("[CSP-Edge] Failed to parse CSP report:", err.message);
+    console.warn('[CSP-Edge] Failed to parse CSP report:', err.message);
   }
 
   return new Response(null, { status: 204 });
@@ -87,13 +87,13 @@ const VIOLATION_TTL_MS = 60_000;
  */
 async function sendToNtfy(violated, blockedUri, report) {
   const highRiskDirectives = [
-    "script-src",
-    "form-action",
-    "frame-ancestors",
-    "base-uri",
+    'script-src',
+    'form-action',
+    'frame-ancestors',
+    'base-uri',
   ];
 
-  const directiveKey = violated.split(" ")[0]; // strip fallback values or sources
+  const directiveKey = violated.split(' ')[0]; // strip fallback values or sources
   const isHighRisk = highRiskDirectives.includes(directiveKey);
   console.log(`[CSP-Edge] Checking directive: ${directiveKey}`);
   if (!isHighRisk) return;
@@ -120,23 +120,23 @@ async function sendToNtfy(violated, blockedUri, report) {
     }
   }
 
-  const topicUrl = "https://ntfy.neteng.pro/csp-alerts";
+  const topicUrl = 'https://ntfy.neteng.pro/csp-alerts';
 
   const message = [
     `🚨 CSP Violation Detected`,
     `Directive: ${violated}`,
     `Blocked URI: ${blockedUri}`,
-    `Referrer: ${report.referrer || "N/A"}`,
-    `Source: ${report["source-file"] || "N/A"}`,
-    `Line: ${report["line-number"] || "N/A"}`,
-  ].join("\n");
+    `Referrer: ${report.referrer || 'N/A'}`,
+    `Source: ${report['source-file'] || 'N/A'}`,
+    `Line: ${report['line-number'] || 'N/A'}`,
+  ].join('\n');
 
   await fetch(topicUrl, {
-    method: "POST",
+    method: 'POST',
     headers: {
-      "Content-Type": "text/plain",
-      "X-Title": "High-Risk CSP Violation",
-      "X-Priority": "5",
+      'Content-Type': 'text/plain',
+      'X-Title': 'High-Risk CSP Violation',
+      'X-Priority': '5',
     },
     body: message,
   });
@@ -147,5 +147,5 @@ async function sendToNtfy(violated, blockedUri, report) {
  * This sets the endpoint route to /api/csp-report
  */
 export const config = {
-  path: "/api/csp-report",
+  path: '/api/csp-report',
 };

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@networkpro/web",
   "private": false,
-  "version": "1.12.9",
+  "version": "1.13.0",
   "description": "Locking Down Networks, Unlocking Confidence™ | Security, Networking, Privacy — Network Pro Strategies",
   "keywords": [
     "advisory",

package/playwright.config.js

@@ -7,14 +7,14 @@ This file is part of Network Pro.
 ========================================================================== */
 
 // @ts-check
-import { defineConfig, devices } from "@playwright/test";
+import { defineConfig, devices } from '@playwright/test';
 
 /**
  * @see https://playwright.dev/docs/test-configuration
  */
 export default defineConfig({
-  testDir: "./tests/e2e",
-  testMatch: "*.spec.js",
+  testDir: './tests/e2e',
+  testMatch: '*.spec.js',
 
   /* Run tests in files in parallel */
   fullyParallel: true,
@@ -29,12 +29,12 @@ export default defineConfig({
   workers: process.env.CI ? 1 : undefined,
 
   /* Reporter to use. See https://playwright.dev/docs/test-reporters */
-  reporter: "html",
+  reporter: 'html',
 
   /* Shared settings for all projects */
   use: {
-    baseURL: "http://localhost:4173?nosw", // Update to use preview server URL
-    trace: "on-first-retry",
+    baseURL: 'http://localhost:4173?nosw', // Update to use preview server URL
+    trace: 'on-first-retry',
     timeout: 60000, // Default action timeout of 60 seconds for each step
     navigationTimeout: 60000, // Timeout for navigation operations
   },
@@ -43,16 +43,16 @@ export default defineConfig({
   projects: [
     // Desktop Browsers
     {
-      name: "chromium",
+      name: 'chromium',
       use: {
-        browserName: "chromium", // Use Chromium browser
+        browserName: 'chromium', // Use Chromium browser
         headless: true, // Enable true headless mode
       },
     },
     {
-      name: "firefox",
+      name: 'firefox',
       use: {
-        ...devices["Desktop Firefox"], // Use default Firefox settings
+        ...devices['Desktop Firefox'], // Use default Firefox settings
       },
     },
     // FIXME: Webkit and Safari consistently failing, disabled for now
@@ -65,9 +65,9 @@ export default defineConfig({
 
     // Mobile Browsers
     {
-      name: "Mobile Chrome",
+      name: 'Mobile Chrome',
       use: {
-        ...devices["Galaxy S9+"], // Use the Galaxy S9+ device profile
+        ...devices['Galaxy S9+'], // Use the Galaxy S9+ device profile
         headless: true, // Enable true headless mode
       },
     },
@@ -82,8 +82,8 @@ export default defineConfig({
 
   /* Run your local preview server before starting the tests */
   webServer: {
-    command: "npm run preview", // Use preview server
-    url: "http://localhost:4173?nosw", // Match the preview server URL
+    command: 'npm run preview', // Use preview server
+    url: 'http://localhost:4173?nosw', // Match the preview server URL
     reuseExistingServer: !process.env.CI,
     timeout: 60 * 1000, // wait up to 60 seconds for preview to be ready
   },

package/postcss.config.mjs

@@ -6,7 +6,7 @@ SPDX-License-Identifier: CC-BY-4.0 OR GPL-3.0-or-later
 This file is part of Network Pro.
 ========================================================================== */
 
-import autoprefixer from "autoprefixer";
+import autoprefixer from 'autoprefixer';
 
 export default {
   plugins: [

package/scripts/auditScripts.js

@@ -15,16 +15,16 @@ This file is part of Network Pro.
  * @updated 2025-05-21
  */
 
-import fs from "fs";
-import path from "path";
+import fs from 'fs';
+import path from 'path';
 
-const scriptsDir = path.resolve("./scripts");
-const testsDir = path.resolve("./tests");
+const scriptsDir = path.resolve('./scripts');
+const testsDir = path.resolve('./tests');
 
 // Scripts intentionally excluded from test coverage
 const allowList = new Set([
-  "checkNode.js",
-  "auditScripts.js", // itself
+  'checkNode.js',
+  'auditScripts.js', // itself
 ]);
 
 // Recursively gather all test files
@@ -38,10 +38,10 @@ function getAllTestFiles(dir) {
       files.push(...getAllTestFiles(fullPath));
     } else if (
       entry.isFile() &&
-      (entry.name.endsWith(".test.js") ||
-        entry.name.endsWith(".spec.js") ||
-        entry.name.endsWith(".test.mjs") ||
-        entry.name.endsWith(".spec.mjs"))
+      (entry.name.endsWith('.test.js') ||
+        entry.name.endsWith('.spec.js') ||
+        entry.name.endsWith('.test.mjs') ||
+        entry.name.endsWith('.spec.mjs'))
     ) {
       files.push(fullPath);
     }
@@ -56,17 +56,17 @@ const testedModules = new Set(
   testFiles.map((filePath) =>
     path
       .basename(filePath)
-      .replace(/\.test\.js$|\.spec\.js$|\.test\.mjs$|\.spec\.mjs$/, ""),
+      .replace(/\.test\.js$|\.spec\.js$|\.test\.mjs$|\.spec\.mjs$/, ''),
   ),
 );
 
 // Gather all scripts (.js and .mjs)
 const scriptFiles = fs
   .readdirSync(scriptsDir)
-  .filter((file) => file.endsWith(".js") || file.endsWith(".mjs"));
+  .filter((file) => file.endsWith('.js') || file.endsWith('.mjs'));
 
 const untested = scriptFiles.filter((file) => {
-  const base = file.replace(/\.(js|mjs)$/, "");
+  const base = file.replace(/\.(js|mjs)$/, '');
   return !allowList.has(file) && !testedModules.has(base);
 });
 
@@ -75,7 +75,7 @@ const pathRelative = (file) =>
 
 // Output results
 if (untested.length) {
-  console.warn("\n⚠ Untested script files detected:\n");
+  console.warn('\n⚠ Untested script files detected:\n');
 
   untested.forEach((file) => {
     const filePath = pathRelative(file);
@@ -87,9 +87,9 @@ if (untested.length) {
   console.warn(
     `\nAdd a corresponding test file in /tests (e.g., ${untested[0].replace(
       /\.(js|mjs)$/,
-      ".test.js",
+      '.test.js',
     )})`,
   );
 } else {
-  console.log("✅ All script files have corresponding tests.");
+  console.log('✅ All script files have corresponding tests.');
 }

package/scripts/bundleCss.js

@@ -15,15 +15,15 @@ This file is part of Network Pro.
  * @updated 2025-05-16
  */
 
-import fs from "fs";
-import { bundle } from "lightningcss";
-import path from "path";
+import fs from 'fs';
+import { bundle } from 'lightningcss';
+import path from 'path';
 
 // Define the path to your input CSS file
-const inputFilePath = path.resolve("src/lib/styles/css/global.css");
+const inputFilePath = path.resolve('src/lib/styles/css/global.css');
 
 // Define the path for the output CSS file
-const outputFilePath = path.resolve("src/lib/styles/css/global.min.css");
+const outputFilePath = path.resolve('src/lib/styles/css/global.min.css');
 
 // Bundle and minify the CSS
 const { code, map } = bundle({

package/scripts/checkEnv.js

@@ -15,10 +15,10 @@ This file is part of Network Pro.
  * @updated 2025-05-21
  */
 
-import { basename } from "path";
-import { fileURLToPath } from "url";
+import { basename } from 'path';
+import { fileURLToPath } from 'url';
 
-const validEnvs = new Set(["dev", "test", "ci", "prod", "preview"]);
+const validEnvs = new Set(['dev', 'test', 'ci', 'prod', 'preview']);
 
 /**
  * Checks and returns validation for ENV_MODE
@@ -36,7 +36,7 @@ export function checkEnv() {
   let wasDefaulted = false;
 
   if (!mode) {
-    mode = "dev";
+    mode = 'dev';
     process.env.ENV_MODE = mode;
     wasDefaulted = true;
     console.warn("⚠️ ENV_MODE not set. Defaulting to 'dev'.");
@@ -45,11 +45,11 @@ export function checkEnv() {
   valid = validEnvs.has(mode);
 
   if (valid) {
-    const tag = wasDefaulted ? "[info]" : "[ok]";
+    const tag = wasDefaulted ? '[info]' : '[ok]';
     console.log(`${tag} ENV_MODE is set to: "${mode}"`);
   } else {
     console.error(
-      `❌ Invalid ENV_MODE "${mode}". Must be one of: ${[...validEnvs].join(", ")}`,
+      `❌ Invalid ENV_MODE "${mode}". Must be one of: ${[...validEnvs].join(', ')}`,
     );
   }