@networkpro/web 1.14.1 → 1.14.3

package/.github/workflows/build-and-publish.yml

@@ -41,10 +41,15 @@ jobs:
           cache: npm
           cache-dependency-path: package-lock.json
 
+      - name: Show Node.js and npm versions
+        run: |
+          echo "Node.js version: $(node -v)"
+          echo "npm version: $(npm -v)"
+
       - name: Upgrade npm
         run: |
           corepack enable
-          npm install -g npm@11.4.1
+          npm install -g npm@11.4.2
 
       - name: Install Node.js dependencies
         run: npm ci
@@ -58,7 +63,7 @@ jobs:
         run: |
           set -e
           output=$(npm run lint:jsdoc || true)
-          echo "$output"
+          echo "$output" | tee jsdoc-lint-output.txt
 
           count=$(echo "$output" | wc -l)
           echo "jsdoc_count=$count" >> "$GITHUB_OUTPUT"
@@ -69,7 +74,10 @@ jobs:
 
       - name: ⚠️ JSDoc violations detected (non-blocking)
         if: steps.jsdoc_lint.outputs.jsdoc_count != '0'
-        run: echo "⚠️ JSDoc lint check failed with ${{ steps.jsdoc_lint.outputs.jsdoc_count }} violations (non-blocking)"
+        run: |
+          echo "⚠️ JSDoc lint check failed with ${{ steps.jsdoc_lint.outputs.jsdoc_count }} violations (non-blocking)"
+          echo "--- JSDoc Violations ---"
+          cat jsdoc-lint-output.txt
 
       # Test to ensure the package is working
       - name: Build Node.js project
@@ -112,10 +120,15 @@ jobs:
           cache: npm
           cache-dependency-path: package-lock.json
 
+      - name: Show Node.js and npm versions
+        run: |
+          echo "Node.js version: $(node -v)"
+          echo "npm version: $(npm -v)"
+
       - name: Upgrade npm
         run: |
           corepack enable
-          npm install -g npm@11.4.1
+          npm install -g npm@11.4.2
 
       - name: Install Node.js dependencies
         run: npm ci
@@ -168,10 +181,15 @@ jobs:
           cache: npm
           cache-dependency-path: package-lock.json
 
+      - name: Show Node.js and npm versions
+        run: |
+          echo "Node.js version: $(node -v)"
+          echo "npm version: $(npm -v)"
+
       - name: Upgrade npm
         run: |
           corepack enable
-          npm install -g npm@11.4.1
+          npm install -g npm@11.4.2
 
       - name: Install Node.js dependencies
         run: npm ci

package/.github/workflows/check-codeql.yml

@@ -17,6 +17,8 @@ jobs:
   check:
     name: Check CodeQL Status
     runs-on: ubuntu-24.04
+    env:
+      ENV_MODE: ci
 
     steps:
       - name: Check CodeQL Workflow

package/.github/workflows/{check-security-txt-expirty.yml → check-security-txt-expiry.yml}

@@ -19,7 +19,7 @@ jobs:
 
       - name: Check security.txt expiration
         run: |
-          FILE=".well-known/security.txt"
+          FILE="static/.well-known/security.txt"
           if [ ! -f "$FILE" ]; then
             echo "::error ::security.txt file not found!"
             exit 1

package/.github/workflows/lighthouse.yml

@@ -44,15 +44,14 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: lts/*
-          check-latest: true
+          node-version: 24
           cache: npm
           cache-dependency-path: package-lock.json
 
       - name: Upgrade npm
         run: |
           corepack enable
-          npm install -g npm@11.4.1
+          npm install -g npm@11.4.2
 
       - name: Clean previous Lighthouse reports
         run: |

package/.github/workflows/playwright.yml

@@ -34,15 +34,14 @@ jobs:
       - name: Set up Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: lts/*
-          check-latest: true
+          node-version: 24
           cache: npm
           cache-dependency-path: package-lock.json
 
       - name: Upgrade npm
         run: |
           corepack enable
-          npm install -g npm@11.4.1
+          npm install -g npm@11.4.2
 
       - name: Install Node.js dependencies
         run: npm ci

package/.github/workflows/publish-test.yml

@@ -47,7 +47,7 @@ jobs:
       - name: Upgrade npm
         run: |
           corepack enable
-          npm install -g npm@11.4.1
+          npm install -g npm@11.4.2
 
       - name: Install Node.js dependencies
         run: npm ci
@@ -61,7 +61,7 @@ jobs:
         run: |
           set -e
           output=$(npm run lint:jsdoc || true)
-          echo "$output"
+          echo "$output" | tee jsdoc-lint-output.txt
 
           count=$(echo "$output" | wc -l)
           echo "jsdoc_count=$count" >> "$GITHUB_OUTPUT"
@@ -72,7 +72,10 @@ jobs:
 
       - name: ⚠️ JSDoc violations detected (non-blocking)
         if: steps.jsdoc_lint.outputs.jsdoc_count != '0'
-        run: echo "⚠️ JSDoc lint check failed with ${{ steps.jsdoc_lint.outputs.jsdoc_count }} violations (non-blocking)"
+        run: |
+          echo "⚠️ JSDoc lint check failed with ${{ steps.jsdoc_lint.outputs.jsdoc_count }} violations (non-blocking)"
+          echo "--- JSDoc Violations ---"
+          cat jsdoc-lint-output.txt
 
       # Test to ensure the package is working
       - name: Build Node.js project
@@ -123,7 +126,7 @@ jobs:
       - name: Upgrade npm
         run: |
           corepack enable
-          npm install -g npm@11.4.1
+          npm install -g npm@11.4.2
 
       - name: Install Node.js dependencies
         run: npm ci
@@ -184,7 +187,7 @@ jobs:
       - name: Upgrade npm
         run: |
           corepack enable
-          npm install -g npm@11.4.1
+          npm install -g npm@11.4.2
 
       - name: Install Node.js dependencies
         run: npm ci

package/.github/workflows/templates/publish.template.yml

@@ -0,0 +1,228 @@
+# .github/workflows/build-and-publish.yml
+#
+# Reusable GitHub Actions workflow to build and publish a package to npmjs and
+# GPR.
+#
+# Version: v1.0.0
+# Maintainer: Scott Lopez <support@neteng.pro>
+# Usage: Copy to `.github/workflows/publish.yml` in your repo or reference
+# directly if shared centrally.
+#
+# Copyright © 2025 Network Pro Strategies (Network Pro™)
+# SPDX-License-Identifier: CC-BY-4.0 OR GPL-3.0-or-later
+# This file is part of Network Pro
+
+name: Build and Publish to Registries
+
+on:
+  #  release:
+  #    types: [created]
+  workflow_dispatch:
+
+# Allow one concurrent deployment
+concurrency:
+  group: 'build-and-publish'
+  cancel-in-progress: true
+
+permissions:
+  actions: read
+  contents: read
+
+jobs:
+  check-codeql:
+    uses: ./.github/workflows/check-codeql.yml
+
+  build:
+    needs: check-codeql
+    runs-on: ubuntu-24.04
+    env:
+      ENV_MODE: ci
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 24
+          cache: npm
+          cache-dependency-path: package-lock.json
+
+      - name: Show Node.js and npm versions
+        run: |
+          echo "Node.js version: $(node -v)"
+          echo "npm version: $(npm -v)"
+
+      - name: Upgrade npm
+        run: |
+          corepack enable
+          npm install -g npm@11.4.2
+
+      - name: Install Node.js dependencies
+        run: npm ci
+
+      - name: Install jq
+        run: sudo apt-get install -y jq
+
+      - name: Run JSDoc lint check
+        id: jsdoc_lint
+        continue-on-error: true
+        run: |
+          set -e
+          output=$(npm run lint:jsdoc || true)
+          echo "$output" | tee jsdoc-lint-output.txt
+
+          count=$(echo "$output" | wc -l)
+          echo "jsdoc_count=$count" >> "$GITHUB_OUTPUT"
+
+      - name: ✅ Pass
+        if: steps.jsdoc_lint.outputs.jsdoc_count == '0'
+        run: echo "JSDoc lint passed successfully!"
+
+      - name: ⚠️ JSDoc violations detected (non-blocking)
+        if: steps.jsdoc_lint.outputs.jsdoc_count != '0'
+        run: |
+          echo "⚠️ JSDoc lint check failed with ${{ steps.jsdoc_lint.outputs.jsdoc_count }} violations (non-blocking)"
+          echo "--- JSDoc Violations ---"
+          cat jsdoc-lint-output.txt
+
+      # Test to ensure the package is working
+      - name: Build Node.js project
+        run: npm run build
+
+      # Create Git archive of version-controlled files
+      - name: Create clean source archive
+        run: git archive --format=tar.gz --output=clean-source.tar.gz HEAD
+
+      - name: Upload source archive
+        uses: actions/upload-artifact@v4
+        with:
+          name: clean-source
+          path: clean-source.tar.gz
+
+  publish-npmjs:
+    needs: build
+    runs-on: ubuntu-24.04
+    env:
+      ENV_MODE: ci
+
+    steps:
+      - name: Download clean source archive
+        uses: actions/download-artifact@v4
+        with:
+          name: clean-source
+          path: ./
+
+      - name: Extract source archive
+        run: tar -xzf clean-source.tar.gz
+
+      - name: Remove extracted source archive
+        run: rm clean-source.tar.gz
+
+      - name: Set up Node.js for npmjs
+        uses: actions/setup-node@v4
+        with:
+          node-version: 24
+          registry-url: https://registry.npmjs.org/
+          cache: npm
+          cache-dependency-path: package-lock.json
+
+      - name: Show Node.js and npm versions
+        run: |
+          echo "Node.js version: $(node -v)"
+          echo "npm version: $(npm -v)"
+
+      - name: Upgrade npm
+        run: |
+          corepack enable
+          npm install -g npm@11.4.2
+
+      - name: Install Node.js dependencies
+        run: npm ci
+
+      - name: Set up Git user
+        run: |
+          git config --global user.email "github@sl.neteng.cc"
+          git config --global user.name "SunDevil311"
+
+      - name: Verify version not already published
+        run: |
+          PACKAGE_NAME=$(node -p "require('./package.json').name")
+          PACKAGE_VERSION=$(node -p "require('./package.json').version")
+          echo "Checking if $PACKAGE_NAME@$PACKAGE_VERSION is already published..."
+
+          npm view $PACKAGE_NAME@$PACKAGE_VERSION > /dev/null && {
+            echo "❌ Version $PACKAGE_VERSION already exists on npm. Exiting..."
+            exit 1
+          } || echo "✅ Version is new. Proceeding with publish."
+
+      - name: Publish package to npmjs
+        run: npm publish --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_NETPRO }}
+
+  publish-gpr:
+    needs: build
+    runs-on: ubuntu-24.04
+    env:
+      ENV_MODE: ci
+
+    steps:
+      - name: Download clean source archive
+        uses: actions/download-artifact@v4
+        with:
+          name: clean-source
+          path: ./
+
+      - name: Extract source archive
+        run: tar -xzf clean-source.tar.gz
+
+      - name: Remove extracted source archive
+        run: rm clean-source.tar.gz
+
+      - name: Set up Node.js for GPR
+        uses: actions/setup-node@v4
+        with:
+          node-version: 24
+          registry-url: https://npm.pkg.github.com/
+          cache: npm
+          cache-dependency-path: package-lock.json
+
+      - name: Show Node.js and npm versions
+        run: |
+          echo "Node.js version: $(node -v)"
+          echo "npm version: $(npm -v)"
+
+      - name: Upgrade npm
+        run: |
+          corepack enable
+          npm install -g npm@11.4.2
+
+      - name: Install Node.js dependencies
+        run: npm ci
+
+      - name: Set up Git user
+        run: |
+          git config --global user.email "github@sl.neteng.cc"
+          git config --global user.name "SunDevil311"
+
+      - name: Update package name for GPR
+        run: |
+          sed -i 's/"name": ".*"/"name": "@netwk-pro\/web"/' package.json
+
+      - name: Verify version not already published
+        run: |
+          PACKAGE_NAME=$(node -p "require('./package.json').name")
+          PACKAGE_VERSION=$(node -p "require('./package.json').version")
+          echo "Checking if $PACKAGE_NAME@$PACKAGE_VERSION is already published..."
+
+          npm view $PACKAGE_NAME@$PACKAGE_VERSION > /dev/null && {
+            echo "❌ Version $PACKAGE_VERSION already exists on npm. Exiting..."
+            exit 1
+          } || echo "✅ Version is new. Proceeding with publish."
+
+      - name: Publish package to GPR
+        run: npm publish
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NWPRO_GPR }}

package/.node-version

@@ -1 +1 @@
-24.2.0
+24.3.0

package/.nvmrc

@@ -1 +1 @@
-24.2.0
+24.3.0

package/CHANGELOG.md

@@ -22,6 +22,73 @@ This project attempts to follow [Keep a Changelog](https://keepachangelog.com/en
 
 ---
 
+## [1.14.3] - 2025-06-30
+
+### Added
+
+- Manual event capture for redirect pages using PostHog, with automatic UTM parameter extraction
+- Utility function `getUTMParams` for parsing UTM query values from URLs
+- `trackingEnabled` named export from `trackingPreferences.js` for cleaner consumption
+
+### Changed
+
+- Refactored redirect logic in multiple pages to integrate UTM-aware analytics
+- All redirect pages now consistently open in a new browser tab using `<a>` fallback
+- Enhanced `utm.js` logic to support campaign identification for `/contact`, `/links`, `/posts`, and `/privacy-rights`
+- Updated `generator` metadata in `app.html` to `SvelteKit 2.22.2`
+- Modified `HomeContent.svelte` to use app constant for blog link
+- Removed inline styles from redirect pages and integrated them into the main stylesheet
+- Renamed "Data Sharing" section in Privacy Policy to "Legal Requests and Data Disclosure"
+- Expanded the above section to strengthen users' legal rights and privacy protections
+- Updated Privacy Policy effective date to June 30, 2025
+
+### Fixed
+
+- Reinstated filtering logic in `csp-report.js` to suppress low-value or noisy CSP violations
+- Resolved `ReferenceError` in `utm.test.js` by reordering mocked imports for `$app/environment` and `$app/stores` to comply with Vitest's hoisting behavior
+
+---
+
+## [1.14.2] - 2025-06-30
+
+### Added
+
+- Added Node.js and npm environment checks to `build-and-publish.yml`.
+- Added `.github/workflows/templates/publish.template.yml` for reuse in other org repos.
+- JSDoc linting now outputs violation details for better visibility during CI checks
+
+### Changed
+
+- Version bumped to **v1.14.2**
+- Corrected naming of `check-security-txt-expiry.yml`
+- Updated Node version reference in `.node-version` and `.nvmrc` to `24.3.0`
+- Aligned environment context (`ENV_MODE: ci`) in `check-codeql` workflow to match `build-and-publish.yml` standardization
+- Updated Node to `24` and npm to `11.4.2` across multiple workflows (`build-and-publish.yml`, `lighthouse.yml`, `playwright.yml`, and `publish-test.yml`) for version alignment
+- Upgraded dependencies:
+  - `@eslint/compat` ^1.3.0 → ^1.3.1
+  - `@eslint/js` ^9.29.0 → ^9.30.0
+  - `@lhci/cli` ^0.15.0 → ^0.15.1
+  - `@playwright/test` ^1.53.0 → ^1.53.2
+  - `@sveltejs/kit` 2.21.5 → 2.22.2
+  - `@vitest/coverage-v8` ^3.2.3 → ^3.2.4
+  - `browserslist` ^4.25.0 → ^4.25.1
+  - `eslint` ^9.29.0 → ^9.30.0
+  - `eslint-plugin-jsdoc` ^51.0.1 → ^51.3.1
+  - `eslint-plugin-svelte` ^3.9.2 → ^3.10.1
+  - `playwright` ^1.53.0 → ^1.53.2
+  - `posthog-js` ^1.253.4 → ^1.256.0
+  - `prettier` ^3.5.3 → ^3.6.2
+  - `stylelint` ^16.20.0 → ^16.21.0
+  - `svelte` 5.34.3 → 5.34.9
+  - `svelte-check` ^4.2.1 → ^4.2.2
+  - `vitest` ^3.2.3 → ^3.2.4
+
+### Fixed
+
+- Updated `check-security-txt-expiry.yml` to use correct path for `security.txt` (now looks in `static/.well-known/`)
+
+---
+
 ## [1.14.1] - 2025-06-16
 
 ### Changed
@@ -499,7 +566,9 @@ This project attempts to follow [Keep a Changelog](https://keepachangelog.com/en
 
 <!-- Link references -->
 
-[Unreleased]: https://github.com/netwk-pro/netwk-pro.github.io/compare/v1.14.1...HEAD
+[Unreleased]: https://github.com/netwk-pro/netwk-pro.github.io/compare/v1.14.3...HEAD
+[1.14.3]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.14.3
+[1.14.2]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.14.2
 [1.14.1]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.14.1
 [1.14.0]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.14.0
 [1.13.8]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.13.8

package/cspell.json

@@ -37,6 +37,7 @@
     "lighthouserc",
     "lightningcss",
     "linksheet",
+    "linktree",
     "lsheet",
     "Mailvelope",
     "Maricopa",
@@ -59,6 +60,7 @@
     "obtainium",
     "openpgp",
     "opgp",
+    "pallyy",
     "posthog",
     "precaching",
     "prefs",

package/netlify/edge-functions/csp-report.js

@@ -43,20 +43,25 @@ export default async (request, _context) => {
     const violated = report['violated-directive'] ?? '';
     const blockedUri = report['blocked-uri'] ?? '';
 
-    /*
-    // Filter: Skip img-src violations and empty URIs
-      const ignored = [
-        violated.startsWith('img-src'),
-        blockedUri === '',
-        blockedUri === 'about',
-        blockedUri.startsWith('chrome-extension://'),
-        blockedUri.startsWith('moz-extension://'),
-      ].some(Boolean);
-
-      if (ignored) {
-        return new Response(null, { status: 204 });
-      }
-    */
+    // Filter: Skip noisy or unactionable reports
+    const ignored = [
+      violated.startsWith('img-src'),
+      blockedUri === '',
+      blockedUri === 'eval',
+      blockedUri === 'about',
+      blockedUri.startsWith('chrome-extension://'),
+      blockedUri.startsWith('moz-extension://'),
+      !report['source-file'],
+      !report['document-uri'],
+    ].some(Boolean);
+
+    if (ignored) {
+      console.log('[CSP-Edge] Ignored low-value violation:', {
+        directive: violated,
+        uri: blockedUri,
+      });
+      return new Response(null, { status: 204 });
+    }
 
     // Send alert for high-risk directives
     await sendToNtfy(violated, blockedUri, report);
@@ -97,7 +102,9 @@ async function sendToNtfy(violated, blockedUri, report) {
 
   const directiveKey = violated.split(' ')[0]; // strip fallback values or sources
   const isHighRisk = highRiskDirectives.includes(directiveKey);
-  console.log(`[CSP-Edge] Checking directive: ${directiveKey}`);
+  console.log(
+    `[CSP-Edge] Directive ${directiveKey} is ${isHighRisk ? '' : 'not '}high-risk`,
+  );
   if (!isHighRisk) return;
 
   const key = `${violated}|${blockedUri}`;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@networkpro/web",
   "private": false,
-  "version": "1.14.1",
+  "version": "1.14.3",
   "description": "Locking Down Networks, Unlocking Confidence™ | Security, Networking, Privacy — Network Pro Strategies",
   "keywords": [
     "advisory",
@@ -80,49 +80,49 @@
   },
   "dependencies": {
     "dompurify": "^3.2.6",
-    "posthog-js": "^1.253.4",
+    "posthog-js": "^1.256.0",
     "semver": "^7.7.2",
-    "svelte": "5.34.3"
+    "svelte": "5.34.9"
   },
   "devDependencies": {
-    "@eslint/compat": "^1.3.0",
-    "@eslint/js": "^9.29.0",
-    "@lhci/cli": "^0.15.0",
-    "@playwright/test": "^1.53.0",
+    "@eslint/compat": "^1.3.1",
+    "@eslint/js": "^9.30.0",
+    "@lhci/cli": "^0.15.1",
+    "@playwright/test": "^1.53.2",
     "@sveltejs/adapter-netlify": "^5.0.2",
-    "@sveltejs/kit": "2.21.5",
+    "@sveltejs/kit": "2.22.2",
     "@sveltejs/vite-plugin-svelte": "5.1.0",
     "@testing-library/jest-dom": "^6.6.3",
     "@testing-library/svelte": "^5.2.8",
-    "@vitest/coverage-v8": "^3.2.3",
+    "@vitest/coverage-v8": "^3.2.4",
     "autoprefixer": "^10.4.21",
-    "browserslist": "^4.25.0",
-    "eslint": "^9.29.0",
+    "browserslist": "^4.25.1",
+    "eslint": "^9.30.0",
     "eslint-config-prettier": "^10.1.5",
-    "eslint-plugin-jsdoc": "^51.0.1",
-    "eslint-plugin-svelte": "^3.9.2",
+    "eslint-plugin-jsdoc": "^51.3.1",
+    "eslint-plugin-svelte": "^3.10.1",
     "globals": "^16.2.0",
     "jsdom": "^26.1.0",
     "lightningcss": "^1.30.1",
     "markdownlint": "^0.38.0",
     "markdownlint-cli2": "^0.18.1",
     "mdsvex": "^0.12.6",
-    "playwright": "^1.53.0",
+    "playwright": "^1.53.2",
     "postcss": "^8.5.6",
-    "prettier": "^3.5.3",
+    "prettier": "^3.6.2",
     "prettier-plugin-svelte": "^3.4.0",
-    "stylelint": "^16.20.0",
+    "stylelint": "^16.21.0",
     "stylelint-config-html": "^1.1.0",
     "stylelint-config-recommended": "^16.0.0",
     "stylelint-order": "^7.0.0",
-    "svelte-check": "^4.2.1",
+    "svelte-check": "^4.2.2",
     "svelte-eslint-parser": "^1.2.0",
     "svelte-preprocess": "^6.0.3",
     "typescript": "^5.8.3",
-    "vite": "^6.3.5",
+    "vite": "6.3.5",
     "vite-plugin-lightningcss": "^0.0.5",
     "vite-tsconfig-paths": "^5.1.4",
-    "vitest": "^3.2.3"
+    "vitest": "^3.2.4"
   },
   "overrides": {
     "@sveltejs/kit": {

package/src/app.html

@@ -63,7 +63,7 @@
       content="bx4ham0zkpvzztzu213bhpt76m9siq" />
     <!-- cspell:enable -->
 
-    <meta name="generator" content="SvelteKit 2.21.5" />
+    <meta name="generator" content="SvelteKit 2.22.2" />
 
     <script src="/disableSw.js"></script>