npm - @npm-pipl/device-intelligence - Versions diffs - 1.1.1 → 1.1.3 - Mend

@npm-pipl/device-intelligence 1.1.1 → 1.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/dist/device-intelligence.cjs.js +144 -50
package/dist/device-intelligence.cjs.js.map +1 -1
package/dist/device-intelligence.esm.js +144 -50
package/dist/device-intelligence.esm.js.map +1 -1
package/dist/device-intelligence.esm.min.js +2 -2
package/dist/device-intelligence.esm.min.js.map +1 -1
package/dist/device-intelligence.js +144 -50
package/dist/device-intelligence.js.map +1 -1
package/dist/device-intelligence.min.js +2 -2
package/dist/device-intelligence.min.js.map +1 -1
package/dist/device-intelligence.umd.js +144 -50
package/dist/device-intelligence.umd.js.map +1 -1
package/dist/device-intelligence.umd.min.js +2 -2
package/dist/device-intelligence.umd.min.js.map +1 -1
package/package.json +1 -1

package/dist/device-intelligence.cjs.js CHANGED Viewed

@@ -1,5 +1,5 @@
 /*!
- * Device Intelligence SDK v1.1.1
+ * Device Intelligence SDK v1.1.3
  * (c) 2026 Your Company
  * Released under the MIT License
  */
@@ -5519,7 +5519,19 @@ const automationDetected = {
         // Check webdriver property
         if (nav.webdriver === true)
             return true;
-        // Check for automation-related properties
+        // Detect navigator.webdriver tampering (stealth plugins redefine the getter)
+        try {
+            const desc = Object.getOwnPropertyDescriptor(Navigator.prototype, "webdriver");
+            if (desc?.get) {
+                const src = Function.prototype.toString.call(desc.get);
+                if (!/\[native code\]/.test(src))
+                    return true;
+            }
+        }
+        catch {
+            /* ignore */
+        }
+        // Check for automation-related properties on window / document
         const automationProps = [
             "__selenium_unwrapped",
             "__webdriver_evaluate",
@@ -5538,12 +5550,22 @@ const automationDetected = {
             "$chrome_asyncScriptInfo",
             "__nightmare",
             "__puppeteer_evaluation_script__",
-            "__playwright_evaluation_script__"
+            "__playwright_evaluation_script__",
+            "__playwright",
+            "__pw_manual"
         ];
         for (const prop of automationProps) {
             if (prop in win || prop in document)
                 return true;
         }
+        // Dynamic $cdc_ scan — ChromeDriver injects keys with varying suffixes
+        try {
+            if (Object.keys(win).some((k) => k.startsWith("$cdc_")))
+                return true;
+        }
+        catch {
+            /* ignore */
+        }
         // Check for PhantomJS
         if ("callPhantom" in win || "_phantom" in win || "phantom" in win) {
             return true;
@@ -5553,8 +5575,44 @@ const automationDetected = {
         if (ua.includes("headless") || ua.includes("phantomjs")) {
             return true;
         }
-        // Check for CriOS (Chrome on iOS), which is legitimate
-        // but check for other weird UA patterns
+        // WebGL renderer — headless Chromium uses SwiftShader (software renderer)
+        try {
+            const canvas = document.createElement("canvas");
+            const gl = canvas.getContext("webgl") || canvas.getContext("experimental-webgl");
+            if (gl) {
+                const dbg = gl.getExtension("WEBGL_debug_renderer_info");
+                if (dbg) {
+                    const renderer = gl.getParameter(dbg.UNMASKED_RENDERER_WEBGL);
+                    if (typeof renderer === "string" && /swiftshader/i.test(renderer)) {
+                        return true;
+                    }
+                }
+            }
+        }
+        catch {
+            /* ignore */
+        }
+        // Plugins — headless browsers report 0 plugins; real Chrome always has >=1
+        try {
+            if (nav.plugins && nav.plugins.length === 0 && !ua.includes("firefox")) {
+                return true;
+            }
+        }
+        catch {
+            /* ignore */
+        }
+        // Chrome object inconsistency — Chrome UA but missing window.chrome
+        try {
+            if (ua.includes("chrome") && !("chrome" in win)) {
+                return true;
+            }
+            if (win.chrome && !win.chrome.runtime && !win.chrome.csi) {
+                return true;
+            }
+        }
+        catch {
+            /* ignore */
+        }
         return false;
     }
 };
@@ -5716,67 +5774,103 @@ const debuggerDetected = {
 const incognitoMode = {
     category: "risk",
     key: "incognito_mode",
-    version: 1,
+    version: 2,
     cacheTtlMs: 300000,
-    timeoutMs: 2000,
+    timeoutMs: 3000,
     collect: async () => {
-        // Safari: Check storage quota (with timeout to prevent hanging)
+        const ua = (navigator.userAgent || "").toLowerCase();
+        const isChromium = ua.includes("chrome") || ua.includes("chromium");
+        const isFirefox = ua.includes("firefox");
+        // ── Storage quota ──────────────────────────────────────────────────
+        // Normal mode:   quota ≈ 50–60 % of disk (tens to hundreds of GB).
+        // Incognito:     quota is RAM-based and much smaller.
+        //   • Safari / Firefox private: typically < 200 MB
+        //   • Chrome incognito: scales with device RAM (1–16 GB)
         try {
-            const storage = await withTimeout(navigator.storage.estimate(), 1000);
-            if (storage &&
-                storage.quota !== undefined &&
-                storage.quota < 120000000) {
-                return {
-                    is_private: true,
-                    confidence: "high",
-                    method: "storage_quota"
-                };
+            const est = await withTimeout(navigator.storage.estimate(), 1500);
+            if (est && est.quota !== undefined) {
+                const quota = est.quota;
+                // Tier 1: very small quota — catches Safari & Firefox private
+                if (quota < 200000000) {
+                    return {
+                        is_private: true,
+                        confidence: "high",
+                        method: "storage_quota"
+                    };
+                }
+                if (isChromium) {
+                    // Tier 2: compare quota to device memory (most reliable for Chrome).
+                    // In incognito, quota is RAM-based → quota ≤ ~RAM.
+                    // In normal mode, quota is disk-based → quota >> RAM.
+                    // navigator.deviceMemory is capped at 8 (GB) and coarsened,
+                    // so we use a 3× multiplier to cover the gap between the
+                    // capped value and real RAM.  Even on a 64 GB RAM machine
+                    // (deviceMemory=8), incognito quota (~16 GB) < 3×8 GB = 24 GB,
+                    // while normal quota on a 128 GB SSD (~64 GB) > 24 GB.
+                    const deviceMemGB = navigator.deviceMemory;
+                    if (deviceMemGB && quota < deviceMemGB * 3 * 1024 * 1024 * 1024) {
+                        return {
+                            is_private: true,
+                            confidence: "medium",
+                            method: "storage_quota_vs_memory"
+                        };
+                    }
+                    // Tier 3: absolute fallback when deviceMemory is unavailable.
+                    // 16 GB catches incognito on most machines (up to ~32 GB RAM)
+                    // while staying below normal-mode quota on any disk ≥ 64 GB.
+                    if (!deviceMemGB && quota < 16000000000) {
+                        return {
+                            is_private: true,
+                            confidence: "medium",
+                            method: "storage_quota_chrome"
+                        };
+                    }
+                }
             }
         }
         catch {
-            // Not supported
+            // API not supported
         }
-        // Firefox: Check IndexedDB behavior (with timeout to prevent hanging)
+        // ── webkitTemporaryStorage (Chromium legacy) ───────────────────────
+        // Still present in some Chromium builds; incognito returns a small
+        // quota (often ≈ 120 MB) vs normal (multiple GB).
         try {
-            const dbResult = await withTimeout(new Promise((resolve, reject) => {
-                const db = indexedDB.open("test");
-                db.onerror = () => reject(new Error("IndexedDB error"));
-                db.onsuccess = () => {
-                    db.result.close();
-                    resolve(true);
-                };
-            }), 1000);
-            // If timeout occurred (null), treat as inconclusive, not private
-            if (dbResult === null) {
-                // Timeout - can't determine, continue to next check
+            const tmpStorage = navigator.webkitTemporaryStorage;
+            if (tmpStorage?.queryUsageAndQuota) {
+                const quota = await withTimeout(new Promise((resolve, reject) => {
+                    tmpStorage.queryUsageAndQuota((_usage, q) => resolve(q), () => reject(new Error("quota query failed")));
+                }), 1000);
+                if (quota !== null && quota < 200000000) {
+                    return {
+                        is_private: true,
+                        confidence: "medium",
+                        method: "webkit_temporary_storage"
+                    };
+                }
             }
         }
         catch {
-            return {
-                is_private: true,
-                confidence: "medium",
-                method: "indexeddb"
-            };
+            // Not available
         }
-        // Chrome: Check filesystem API (deprecated but still works)
+        // ── IndexedDB ────────────────────────────────────────────────────────
+        // Firefox private mode rejects indexedDB.open().  Some Chrome/Edge
+        // incognito edge-cases (enterprise policies, older builds) also fail
+        // here, so we keep this as a universal late fallback.
         try {
-            const fs = window.webkitRequestFileSystem;
-            if (fs) {
-                const fsResult = await withTimeout(new Promise((resolve, reject) => {
-                    fs(0, // TEMPORARY
-                    1, () => resolve(true), () => reject(new Error("FileSystem error")));
-                }), 1000);
-                // If timeout occurred, continue
-                if (fsResult === null) {
-                    // Timeout - can't determine
-                }
-            }
+            await withTimeout(new Promise((resolve, reject) => {
+                const req = indexedDB.open("_di_priv_check");
+                req.onerror = () => reject(new Error("blocked"));
+                req.onsuccess = () => {
+                    req.result.close();
+                    resolve(true);
+                };
+            }), 1000);
         }
         catch {
             return {
                 is_private: true,
-                confidence: "medium",
-                method: "filesystem"
+                confidence: isFirefox ? "medium" : "low",
+                method: "indexeddb"
             };
         }
         return {
@@ -5930,7 +6024,7 @@ function getDefaultCollectors() {
     return getAllCollectors();
 }
-var version = "1.1.1";
+var version = "1.1.3";
 var packageJson = {
 	version: version};