@networkpro/web 1.25.9 → 1.25.11

package/.env.template

@@ -5,7 +5,7 @@
 # Rename to `.env` (or `.env.local`) and customize as needed
 
 # Custom environment mode for scripts and tooling
-# One of: dev, test, ci, preview, production
+# One of: dev, test, ci, audit, production
 ENV_MODE=dev
 
 # Optional: API keys or tokens for local dev (never commit real values)

package/.github/workflows/auto-assign.yml

@@ -25,6 +25,8 @@ on:
 jobs:
   auto-assign:
     runs-on: ubuntu-24.04
+    env:
+      ENV_MODE: ci
 
     steps:
       - name: 'Auto-assign issue or PR'

package/.github/workflows/backup-branch.yml

@@ -22,6 +22,8 @@ jobs:
     name: Sync backup/nightly-snapshot to master
     runs-on: ubuntu-24.04
     if: github.ref == 'refs/heads/master' && github.event_name != 'pull_request'
+    env:
+      ENV_MODE: ci
 
     steps:
       - name: Checkout master branch

package/.github/workflows/build-and-publish.yml

@@ -42,11 +42,6 @@ jobs:
           cache: npm
           cache-dependency-path: package-lock.json
 
-      #- name: Show Node.js and npm versions
-      #  run: |
-      #    echo "Node.js version: $(node -v)"
-      #    echo "npm version: $(npm -v)"
-
       - name: Upgrade npm
         run: |
           corepack enable
@@ -132,11 +127,6 @@ jobs:
           cache: npm
           cache-dependency-path: package-lock.json
 
-      #- name: Show Node.js and npm versions
-      #  run: |
-      #    echo "Node.js version: $(node -v)"
-      #    echo "npm version: $(npm -v)"
-
       - name: Upgrade npm
         run: |
           corepack enable
@@ -193,11 +183,6 @@ jobs:
           cache: npm
           cache-dependency-path: package-lock.json
 
-      #- name: Show Node.js and npm versions
-      #  run: |
-      #    echo "Node.js version: $(node -v)"
-      #    echo "npm version: $(npm -v)"
-
       - name: Upgrade npm
         run: |
           corepack enable

package/.github/workflows/check-security-txt-expiry.yml

@@ -12,6 +12,8 @@ jobs:
   check-expiry:
     runs-on: ubuntu-latest
     name: Validate .well-known/security.txt expiration
+    env:
+      ENV_MODE: ci
 
     steps:
       - name: Checkout repo

package/.github/workflows/dependency-review.yml

@@ -13,6 +13,8 @@ permissions:
 jobs:
   dependency-review:
     runs-on: ubuntu-24.04
+    env:
+      ENV_MODE: ci
 
     steps:
       - name: 'Checkout Repository'

package/.github/workflows/meta-check.yml

@@ -18,6 +18,9 @@ permissions:
 jobs:
   meta:
     runs-on: ubuntu-24.04
+    env:
+      ENV_MODE: ci
+
     steps:
       - name: Checkout repo
         uses: actions/checkout@v5

package/.github/workflows/prevent-audit-merge.yml

@@ -16,6 +16,9 @@ permissions:
 jobs:
   check-branch:
     runs-on: ubuntu-24.04
+    env:
+      ENV_MODE: ci
+
     steps:
       - name: Fail if source is audit-netlify
         run: |

package/.github/workflows/secret-scan.yml

@@ -21,6 +21,8 @@ jobs:
       issues: write
     env:
       CODEQL_ACTION_ANALYSIS_KEY: gitleaks
+      ENV_MODE: ci
+
     steps:
       # ---------------------------------------------------------------------
       # Checkout the full repo history (needed for Gitleaks to scan all commits)

package/.github/workflows/templates/check-codeql.template.yml

@@ -24,6 +24,8 @@ jobs:
   check:
     name: Check CodeQL Status
     runs-on: ubuntu-24.04
+    env:
+      ENV_MODE: ci
 
     steps:
       - name: Check CodeQL Workflow

package/.github/workflows/templates/publish.template.yml

@@ -50,11 +50,6 @@ jobs:
           cache: npm
           cache-dependency-path: package-lock.json
 
-      #- name: Show Node.js and npm versions
-      #  run: |
-      #    echo "Node.js version: $(node -v)"
-      #    echo "npm version: $(npm -v)"
-
       - name: Upgrade npm
         run: |
           corepack enable
@@ -136,11 +131,6 @@ jobs:
           cache: npm
           cache-dependency-path: package-lock.json
 
-      #- name: Show Node.js and npm versions
-      #  run: |
-      #    echo "Node.js version: $(node -v)"
-      #    echo "npm version: $(npm -v)"
-
       - name: Upgrade npm
         run: |
           corepack enable
@@ -197,11 +187,6 @@ jobs:
           cache: npm
           cache-dependency-path: package-lock.json
 
-      #- name: Show Node.js and npm versions
-      #  run: |
-      #    echo "Node.js version: $(node -v)"
-      #    echo "npm version: $(npm -v)"
-
       - name: Upgrade npm
         run: |
           corepack enable

package/CHANGELOG.md

@@ -22,6 +22,55 @@ This project attempts to follow [Keep a Changelog](https://keepachangelog.com/en
 
 ---
 
+## [1.25.11] - 2025-11-12
+
+### Added
+
+- `gotoDesktop(page, path)` and `gotoMobile(page, path)` helper functions to streamline viewport + navigation setup.
+- `clickAndWaitForNavigation(page, locator, options)` utility for safe SPA or full-page navigation detection with optional URL pattern matching.
+- `DEBUG_LOGS` flag in `helpers.js` to allow toggling of console logs for test diagnostics.
+- Navigation debug logs to `getVisibleNav()` to indicate which navigation region was detected (when debugging is enabled).
+
+### Changed
+
+- Refactored all E2E tests to use `gotoDesktop()` and `gotoMobile()` for consistency and DRY principles.
+- Replaced brittle direct `waitForNavigation()` usages with `clickAndWaitForNavigation()` helper.
+- Updated mobile and desktop tests to improve consistency across specs and improve visibility assertions.
+
+### Removed
+
+- Legacy direct `setViewportSize()` and `page.goto()` calls from individual test blocks (now handled via `goto*()` helpers).
+
+---
+
+## [1.25.10] - 2025-11-12
+
+### Changed
+
+- Updated GitHub workflows to specify `ENV: ci` where appropriate:
+  - `templates/check-codeql.template.yml`
+  - `templates/publish.template.yml`
+  - `auto-assign.yml`
+  - `branch-backup.yml`
+  - `check-security-txt-expiry.yml`
+  - `dependency-review.yml`
+  - `meta-check.yml`
+  - `prevent-audit-merges.yml`
+  - `secret-scan.yml`
+- Added `@sveltejs/adapter-netlify` devDependency for smoother toggling between production and audit modes.
+  - Production uses `@sveltejs/adapter-vercel` only. `@sveltejs/adapter-netlify` exists solely to support the audit environment.
+- Bumped project version to `v1.25.10`.
+- Updated dependencies:
+  - `@testing-library/svelte` `^5.2.8` → `^5.2.9`
+  - `eslint-plugin-jsdoc` `^61.1.12` → `^61.2.0`
+  - `posthog-js` `^1.290.0` → `^1.292.0`
+
+## Removed
+
+- Removed unneeded comments in `build-and-publish.yml` workflow.
+
+---
+
 ## [1.25.9] - 2025-11-11
 
 ### Changed
@@ -1827,7 +1876,9 @@ This enables analytics filtering and CSP hardening for the audit environment.
 
 <!-- Link references -->
 
-[Unreleased]: https://github.com/netwk-pro/netwk-pro.github.io/compare/v1.25.9...HEAD
+[Unreleased]: https://github.com/netwk-pro/netwk-pro.github.io/compare/v1.25.11...HEAD
+[1.25.11]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.25.11
+[1.25.10]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.25.10
 [1.25.9]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.25.9
 [1.25.8]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.25.8
 [1.25.7]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.25.7

package/cspell.json

@@ -14,6 +14,7 @@
     "CCPA",
     "CPRA",
     "cryptomator",
+    "domcontentloaded",
     "dont",
     "elif",
     "Embedder",
@@ -28,6 +29,7 @@
     "homescreen",
     "HREFTOP",
     "HSTS",
+    "interactable",
     "Izzy",
     "Keybase",
     "keypair",
@@ -40,6 +42,7 @@
     "lightningcss",
     "linksheet",
     "linktree",
+    "LOCALAPPDATA",
     "lsheet",
     "Mailvelope",
     "Maricopa",

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@networkpro/web",
   "private": false,
-  "version": "1.25.9",
+  "version": "1.25.11",
   "description": "Locking Down Networks, Unlocking Confidence™ | Security, Networking, Privacy — Network Pro Strategies",
   "keywords": [
     "advisory",
@@ -54,6 +54,7 @@
     "verify": "npm run checkout",
     "delete": "rm -rf .svelte-kit node_modules package-lock.json",
     "clean": "npm run delete && npm cache clean --force && npm install",
+    "repair": "npm run delete && npx playwright uninstall && rm -rf %LOCALAPPDATA%/ms-playwright && npm install && npx playwright install",
     "upgrade": "ncu -u --format group --color",
     "check:updates": "ncu --format group --color",
     "test": "npm run test:all",
@@ -85,7 +86,7 @@
   },
   "dependencies": {
     "dompurify": "^3.3.0",
-    "posthog-js": "^1.290.0",
+    "posthog-js": "^1.292.0",
     "semver": "^7.7.3",
     "svelte": "5.43.6"
   },
@@ -94,17 +95,18 @@
     "@eslint/js": "^9.39.1",
     "@lhci/cli": "^0.15.1",
     "@playwright/test": "^1.56.1",
+    "@sveltejs/adapter-netlify": "^5.2.4",
     "@sveltejs/adapter-vercel": "^6.1.1",
     "@sveltejs/kit": "2.48.4",
     "@sveltejs/vite-plugin-svelte": "^6.2.1",
     "@testing-library/jest-dom": "^6.9.1",
-    "@testing-library/svelte": "^5.2.8",
+    "@testing-library/svelte": "^5.2.9",
     "@vitest/coverage-v8": "3.2.4",
     "autoprefixer": "^10.4.22",
     "browserslist": "^4.28.0",
     "eslint": "^9.39.1",
     "eslint-config-prettier": "^10.1.8",
-    "eslint-plugin-jsdoc": "^61.1.12",
+    "eslint-plugin-jsdoc": "^61.2.0",
     "eslint-plugin-svelte": "^3.13.0",
     "globals": "^16.5.0",
     "jsdom": "26.1.0",

package/src/lib/security/probely.js

@@ -15,7 +15,7 @@ This file is part of Network Pro.
  * @updated 2025-11-11
  */
 
-/** @typedef {{ ua: string, ip: string }} ScannerInput */
+/** @typedef {{ ua?: string, ip?: string }} ScannerInput */
 
 /**
  * Check if a request is likely from Probely.
@@ -23,7 +23,13 @@ This file is part of Network Pro.
  * @returns {boolean} - True if the request matches Probely’s fingerprint.
  */
 export function isProbelyScanner({ ua, ip }) {
-  const PROBELY_UA_FRAGMENT = 'probelyspdr/';
+  const PROBELY_UA_FRAGMENTS = [
+    'probelyspdr/',
+    'probelyfp/',
+    'probelymrkt/',
+    'probelysc/',
+    'python-httpx/',
+  ];
   const PROBELY_IPS = [
     '18.235.241.170',
     '52.65.214.19',
@@ -41,7 +47,10 @@ export function isProbelyScanner({ ua, ip }) {
   const normalizedIP = ip?.trim() ?? '';
 
   return (
-    normalizedUA.includes(PROBELY_UA_FRAGMENT) ||
-    PROBELY_IPS.includes(normalizedIP)
+    PROBELY_UA_FRAGMENTS.some((fragment) =>
+      normalizedUA.includes(fragment.toLowerCase()),
+    ) || PROBELY_IPS.includes(normalizedIP)
   );
 }
+
+// cspell:ignore probelyfp probelymrkt probelysc httpx

package/tests/e2e/app.spec.js

@@ -11,15 +11,16 @@ This file is part of Network Pro.
  * @description Runs Playwright E2E tests with desktop and root route assertions.
  * @module tests/e2e
  * @author Scott Lopez
- * @updated 2025-10-21
+ * @updated 2025-11-12
  */
 
 import { expect, test } from '@playwright/test';
 import {
+  clickAndWaitForNavigation,
   getFooter,
   getVisibleNav,
-  setDesktopView,
-  setMobileView,
+  gotoDesktop,
+  gotoMobile,
 } from './shared/helpers.js';
 
 // Root route should display nav bar and about link
@@ -29,9 +30,7 @@ test.describe('Desktop Tests', () => {
   test("should display the navigation bar and 'about' link", async ({
     page,
   }) => {
-    await setDesktopView(page);
-    await page.goto('/');
-    await page.waitForLoadState('domcontentloaded', { timeout: 60000 });
+    await gotoDesktop(page);
 
     const nav = await getVisibleNav(page);
 
@@ -42,9 +41,7 @@ test.describe('Desktop Tests', () => {
 
   // Root route should display the footer properly
   test('should display the footer correctly', async ({ page }) => {
-    await setDesktopView(page);
-    await page.goto('/');
-    await page.waitForLoadState('domcontentloaded', { timeout: 60000 });
+    await gotoDesktop(page);
 
     const footer = getFooter(page);
     await expect(footer).toBeVisible();
@@ -54,9 +51,7 @@ test.describe('Desktop Tests', () => {
   test("should render the 'about' page with footer visible", async ({
     page,
   }) => {
-    await setDesktopView(page);
-    await page.goto('/about');
-    await page.waitForLoadState('domcontentloaded', { timeout: 60000 });
+    await gotoDesktop(page, '/about');
 
     const footer = getFooter(page);
     await expect(footer).toBeVisible();
@@ -64,20 +59,16 @@ test.describe('Desktop Tests', () => {
 
   // Root route should have a clickable "about" link
   test("should ensure the 'about' link is clickable", async ({ page }) => {
-    await setDesktopView(page);
-    await page.goto('/');
-    await page.waitForLoadState('domcontentloaded', { timeout: 60000 });
+    await gotoDesktop(page);
 
     const nav = await getVisibleNav(page);
     const aboutLink = nav.getByRole('link', { name: 'about' });
-    await expect(aboutLink).toBeVisible();
-    await aboutLink.click();
 
-    // safer wait pattern with load state
-    await Promise.all([
-      page.waitForLoadState('load'),
-      page.waitForURL('**/about', { timeout: 60000 }),
-    ]);
+    await clickAndWaitForNavigation(page, aboutLink, {
+      urlPattern: /\/about/,
+      timeout: 60000,
+    });
+
     await expect(page).toHaveURL(/\/about/);
   });
 }); // End Desktop Tests
@@ -85,13 +76,10 @@ test.describe('Desktop Tests', () => {
 // Root route should display headings properly on mobile
 test.describe('Mobile Tests', () => {
   test('should display main content correctly on mobile', async ({ page }) => {
-    await setMobileView(page);
-    await page.goto('/');
-    await page.waitForLoadState('domcontentloaded', { timeout: 60000 });
+    await gotoMobile(page);
 
-    const mainHeading = page.locator('h1, h2');
-    await expect(mainHeading).toBeVisible();
+    // Ensure main headline is present on mobile
+    const h2 = page.locator('h2.index-title2');
+    await expect(h2).toContainText(/security/i);
   });
 });
-
-// cspell:ignore domcontentloaded

package/tests/e2e/mobile.spec.js

@@ -11,7 +11,7 @@ This file is part of Network Pro.
  * @description Runs Playwright E2E tests with mobile assertions.
  * @module tests/e2e
  * @author Scott Lopez
- * @updated 2025-10-21
+ * @updated 2025-11-12
  */
 
 import { expect, test } from '@playwright/test';
@@ -19,7 +19,7 @@ import {
   clickAndWaitForNavigation,
   getFooter,
   getVisibleNav,
-  setMobileView,
+  gotoMobile,
 } from './shared/helpers.js';
 
 // ---------------------------------------------------------------------------
@@ -27,21 +27,20 @@ import {
 // ---------------------------------------------------------------------------
 
 test.describe('Mobile Tests', () => {
-  // Increase timeout for all mobile tests
   test.setTimeout(90_000);
 
+  test.beforeEach(({ browserName }) => {
+    if (browserName === 'webkit')
+      test.skip('Skipping WebKit: manual validation only');
+  });
+
   // -------------------------------------------------------------------------
   // 🧱 Test 1: Main description text
   // -------------------------------------------------------------------------
   test('should display the main description text on mobile', async ({
     page,
-    browserName,
   }) => {
-    if (browserName === 'webkit') test.skip();
-
-    await setMobileView(page);
-    await page.goto('/');
-    await page.waitForLoadState('domcontentloaded', { timeout: 60_000 });
+    await gotoMobile(page);
 
     const description = page.locator(
       'div.index-title1:has-text("Locking Down Networks")',
@@ -52,18 +51,11 @@ test.describe('Mobile Tests', () => {
   // -------------------------------------------------------------------------
   // 🧱 Test 2: Main content
   // -------------------------------------------------------------------------
-  test('should display main content correctly on mobile', async ({
-    page,
-    browserName,
-  }) => {
-    if (browserName === 'webkit') test.skip();
-
-    await setMobileView(page);
-    await page.goto('/');
-    await page.waitForLoadState('domcontentloaded', { timeout: 60_000 });
+  test('should display main content correctly on mobile', async ({ page }) => {
+    await gotoMobile(page);
 
-    const mainHeading = page.locator('h1, h2');
-    await expect(mainHeading).toBeVisible();
+    const mainHeading = page.locator('h2.index-title2');
+    await expect(mainHeading).toContainText(/security/i);
   });
 
   // -------------------------------------------------------------------------
@@ -71,41 +63,27 @@ test.describe('Mobile Tests', () => {
   // -------------------------------------------------------------------------
   test("should ensure the 'about' link is clickable on mobile", async ({
     page,
-    browserName,
   }) => {
-    if (browserName === 'webkit') test.skip();
-
-    await setMobileView(page);
-    await page.goto('/', { waitUntil: 'networkidle' });
+    await gotoMobile(page);
 
     const nav = await getVisibleNav(page);
-
-    // Ensure the link exists before interacting
-    await page.waitForSelector('a[href="/about"]', { timeout: 10_000 });
     const aboutLink = nav.getByRole('link', { name: 'about' });
 
-    // Use the safe navigation helper
     await clickAndWaitForNavigation(page, aboutLink, {
       urlPattern: /\/about/,
       timeout: 60_000,
     });
+
+    await expect(page).toHaveURL(/\/about/);
   });
 
   // -------------------------------------------------------------------------
   // 🧱 Test 4: Footer presence on /about
   // -------------------------------------------------------------------------
-  test('should display the footer on /about (mobile)', async ({
-    page,
-    browserName,
-  }) => {
-    if (browserName === 'webkit') test.skip();
-
-    await setMobileView(page);
-    await page.goto('/about');
+  test('should display the footer on /about (mobile)', async ({ page }) => {
+    await gotoMobile(page, '/about');
 
     const footer = getFooter(page);
     await expect(footer).toBeVisible();
   });
 });
-
-// cspell:ignore domcontentloaded networkidle

package/tests/e2e/shared/helpers.js

@@ -11,19 +11,19 @@ This file is part of Network Pro.
  * @description Stores commonly used functions for importing into E2E tests.
  * @module tests/e2e/shared
  * @author Scott Lopez
- * @updated 2025-10-29
+ * @updated 2025-11-12
  */
 
-import { expect } from '@playwright/test';
+const DEBUG_LOGS = false; // set to true to enable console logs
 
 /**
- * @param {import('@playwright/test').Page} page - The Playwright page object.
+ * @param {import('@playwright/test').Page} page
  * @returns {Promise<void>}
- * @description Sets standard desktop viewport and waits for animations.
+ * @description Sets desktop viewport and allows layout to settle.
  */
 export async function setDesktopView(page) {
   await page.setViewportSize({ width: 1280, height: 720 });
-  await page.waitForTimeout(1500);
+  await page.waitForTimeout(1500); // Known-stable stabilization delay
 }
 
 /**
@@ -36,18 +36,47 @@ export async function setMobileView(page) {
 }
 
 /**
- * @param {import('@playwright/test').Page} page - The Playwright page object.
- * @returns {Promise<import('@playwright/test').Locator>} - A visible navigation locator.
- * @throws {Error} If no visible navigation is found.
+ * Navigate with desktop viewport + initial DOM load.
+ * @param {import('@playwright/test').Page} page
+ * @param {string} path
+ */
+export async function gotoDesktop(page, path = '/') {
+  await setDesktopView(page);
+  await page.goto(path, { waitUntil: 'domcontentloaded', timeout: 60000 });
+}
+
+/**
+ * Navigate with mobile viewport + initial DOM load.
+ * @param {import('@playwright/test').Page} page
+ * @param {string} path
+ */
+export async function gotoMobile(page, path = '/') {
+  await setMobileView(page);
+  await page.goto(path, { waitUntil: 'domcontentloaded', timeout: 60000 });
+}
+
+/**
+ * Returns the visible navigation region.
+ * @param {import('@playwright/test').Page} page
+ * @returns {Promise<import('@playwright/test').Locator>}
  */
 export async function getVisibleNav(page) {
   const navHome = page.getByRole('navigation', { name: 'Homepage navigation' });
   const navMain = page.getByRole('navigation', { name: 'Main navigation' });
 
-  if (await navHome.isVisible()) return navHome;
-  if (await navMain.isVisible()) return navMain;
+  const timeout = 5000;
+
+  if (await navHome.isVisible({ timeout }).catch(() => false)) {
+    if (DEBUG_LOGS) console.log('✅ Detected visible nav: Homepage navigation');
+    return navHome;
+  }
 
-  throw new Error('No visible navigation element found.');
+  if (await navMain.isVisible({ timeout }).catch(() => false)) {
+    if (DEBUG_LOGS) console.log('✅ Detected visible nav: Main navigation');
+    return navMain;
+  }
+
+  throw new Error('❌ No visible navigation element found within timeout.');
 }
 
 /**
@@ -59,37 +88,28 @@ export function getFooter(page) {
 }
 
 /**
- * @function clickAndWaitForNavigation
- * @description Clicks a link or button and waits for navigation or URL change.
- * Works for both SPA (client-side) and full-page navigations.
+ * Click + wait for SPA or full navigation event.
  *
  * @param {import('@playwright/test').Page} page
  * @param {import('@playwright/test').Locator} locator
- * @param {object} [options]
- * @param {string|RegExp} [options.urlPattern] - URL or regex to match
- * @param {number} [options.timeout=60000] - Max wait time
+ * @param {{ urlPattern?: string | RegExp, timeout?: number }} [options]
  */
 export async function clickAndWaitForNavigation(page, locator, options = {}) {
   const { urlPattern = /\/.*/, timeout = 60000 } = options;
 
-  // Ensure the element is ready for interaction
   await locator.scrollIntoViewIfNeeded();
-  await locator.waitFor({ state: 'visible', timeout: 10000 });
-  await locator.click({ trial: true });
+  await locator.waitFor({ state: 'visible', timeout: 60000 });
 
-  // Capture current URL to detect SPA navigation
-  const currentUrl = page.url();
+  const previousURL = page.url();
 
-  // Handle both SPA transitions and full page reloads
-  await Promise.all([
-    page.waitForURL(urlPattern, { timeout }).catch(() => {}),
-    page.waitForLoadState('load', { timeout }).catch(() => {}),
-    locator.click(),
+  const [, newURL] = await Promise.all([
+    page.waitForURL(
+      (url) =>
+        url.toString() !== previousURL && urlPattern.test(url.toString()),
+      { timeout },
+    ),
+    locator.click().then(() => page.url()),
   ]);
 
-  // Confirm the URL changed successfully
-  await expect(page).toHaveURL(urlPattern, { timeout });
-
-  // Optional: log navigation success (helps in CI)
-  console.log(`✅ Navigation from ${currentUrl} → ${page.url()}`);
+  console.log(`✅ Navigation from ${previousURL} → ${newURL}`);
 }