npm - @nuxt/scripts - Versions diffs - 1.0.0-beta.6 → 1.0.0-rc.1 - Mend

@nuxt/scripts 1.0.0-beta.6 → 1.0.0-rc.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (256) hide show

package/dist/runtime/server/proxy-handler.js CHANGED Viewed

@@ -1,15 +1,18 @@
-import { defineEventHandler, getHeaders, getRequestIP, readBody, getQuery, setResponseHeader, createError } from "h3";
 import { useRuntimeConfig } from "#imports";
+import { createError, defineEventHandler, getHeaders, getQuery, getRequestIP, getRequestWebStream, readBody, setResponseHeader } from "h3";
 import { useNitroApp } from "nitropack/runtime";
 import {
-  SENSITIVE_HEADERS,
   anonymizeIP,
+  mergePrivacy,
   normalizeLanguage,
   normalizeUserAgent,
-  stripPayloadFingerprinting,
   resolvePrivacy,
-  mergePrivacy
+  SENSITIVE_HEADERS,
+  stripPayloadFingerprinting
 } from "./utils/privacy.js";
+const COMPRESSION_RE = /gzip|deflate|br|compress|base64/i;
+const CLIENT_HINT_VERSION_RE = /;v="(\d+)\.[^"]*"/g;
+const SKIP_RESPONSE_HEADERS = /* @__PURE__ */ new Set(["set-cookie", "transfer-encoding", "content-encoding", "content-length"]);
 function stripQueryFingerprinting(query, privacy) {
   const stripped = stripPayloadFingerprinting(query, privacy);
   const params = new URLSearchParams();
@@ -18,11 +21,10 @@ function stripQueryFingerprinting(query, privacy) {
       params.set(key, typeof value === "object" ? JSON.stringify(value) : String(value));
     }
   }
-  return params.toString();
+  return { queryString: params.toString(), stripped };
 }
 export default defineEventHandler(async (event) => {
   const config = useRuntimeConfig();
-  const nitro = useNitroApp();
   const proxyConfig = config["nuxt-scripts-proxy"];
   if (!proxyConfig) {
     throw createError({
@@ -30,63 +32,79 @@ export default defineEventHandler(async (event) => {
       statusMessage: "First-party proxy not configured"
     });
   }
-  const { routes, privacy: globalPrivacy, routePrivacy, debug = import.meta.dev } = proxyConfig;
+  const { proxyPrefix, domainPrivacy, privacy: globalPrivacy, debug = import.meta.dev } = proxyConfig;
   const path = event.path;
   const log = debug ? (message, ...args) => {
     console.debug(message, ...args);
   } : () => {
   };
-  let targetBase;
-  let matchedPrefix;
-  let matchedRoutePattern;
-  const sortedRoutes = Object.entries(routes).sort((a, b) => b[0].length - a[0].length);
-  for (const [routePattern, target] of sortedRoutes) {
-    const prefix = routePattern.replace(/\/\*\*$/, "");
-    if (path.startsWith(prefix)) {
-      targetBase = target.replace(/\/\*\*$/, "");
-      matchedPrefix = prefix;
-      matchedRoutePattern = routePattern;
-      log("[proxy] Matched:", prefix, "->", targetBase);
+  const afterPrefix = path.slice(proxyPrefix.length + 1);
+  const slashIdx = afterPrefix.indexOf("/");
+  const domain = slashIdx > 0 ? afterPrefix.slice(0, slashIdx) : afterPrefix;
+  const remainingPath = slashIdx > 0 ? afterPrefix.slice(slashIdx) : "/";
+  if (!domain) {
+    log("[proxy] No domain in path:", path);
+    throw createError({
+      statusCode: 404,
+      statusMessage: "No proxy domain found",
+      message: `No domain in proxy path: ${path}`
+    });
+  }
+  let perScriptInput;
+  for (const [configDomain, privacyInput] of Object.entries(domainPrivacy)) {
+    if (domain === configDomain || domain.endsWith(`.${configDomain}`)) {
+      perScriptInput = privacyInput;
       break;
     }
   }
-  if (!targetBase || !matchedPrefix || !matchedRoutePattern) {
-    log("[proxy] No match for path:", path);
+  if (perScriptInput === void 0) {
+    log("[proxy] Rejected: domain not in allowlist:", domain);
     throw createError({
-      statusCode: 404,
-      statusMessage: "No proxy route matched",
-      message: `No proxy target found for path: ${path}`
+      statusCode: 403,
+      statusMessage: "Domain not allowed",
+      message: `Proxy domain not in allowlist: ${domain}`
     });
   }
-  const perScriptInput = routePrivacy[matchedRoutePattern];
-  if (debug && perScriptInput === void 0) {
-    log("[proxy] WARNING: No privacy config for route", matchedRoutePattern, "\u2014 defaulting to full anonymization");
-  }
+  const targetBase = `https://${domain}`;
+  log("[proxy] Matched:", domain, "->", targetBase);
   const perScriptResolved = resolvePrivacy(perScriptInput ?? true);
   const privacy = globalPrivacy !== void 0 ? mergePrivacy(perScriptResolved, globalPrivacy) : perScriptResolved;
   const anyPrivacy = privacy.ip || privacy.userAgent || privacy.language || privacy.screen || privacy.timezone || privacy.hardware;
-  let targetPath = path.slice(matchedPrefix.length);
-  if (targetPath && !targetPath.startsWith("/")) {
-    targetPath = "/" + targetPath;
-  }
-  let targetUrl = targetBase + targetPath;
+  const originalHeaders = getHeaders(event);
+  const originalQuery = getQuery(event);
+  const contentType = originalHeaders["content-type"] || "";
+  const compressionParam = originalQuery.compression || "";
+  const isBinaryBody = Boolean(
+    originalHeaders["content-encoding"] || contentType.includes("octet-stream") || compressionParam && COMPRESSION_RE.test(compressionParam)
+  );
+  let targetUrl = targetBase + remainingPath;
+  let strippedQueryRecord;
   if (anyPrivacy) {
-    const query = getQuery(event);
-    if (Object.keys(query).length > 0) {
-      const strippedQuery = stripQueryFingerprinting(query, privacy);
+    if (Object.keys(originalQuery).length > 0) {
+      const { queryString, stripped } = stripQueryFingerprinting(originalQuery, privacy);
+      strippedQueryRecord = stripped;
       const basePath = targetUrl.split("?")[0] || targetUrl;
-      targetUrl = strippedQuery ? `${basePath}?${strippedQuery}` : basePath;
+      targetUrl = queryString ? `${basePath}?${queryString}` : basePath;
     }
   }
-  const originalHeaders = getHeaders(event);
   const headers = {};
   for (const [key, value] of Object.entries(originalHeaders)) {
-    if (!value) continue;
+    if (!value)
+      continue;
     const lowerKey = key.toLowerCase();
-    if (SENSITIVE_HEADERS.includes(lowerKey)) continue;
-    if (anyPrivacy && lowerKey === "content-length") continue;
+    if (lowerKey === "host")
+      continue;
+    if (SENSITIVE_HEADERS.includes(lowerKey))
+      continue;
+    if (lowerKey === "content-length") {
+      if (anyPrivacy && !isBinaryBody)
+        continue;
+      headers[lowerKey] = value;
+      continue;
+    }
     if (lowerKey === "x-forwarded-for" || lowerKey === "x-real-ip" || lowerKey === "forwarded" || lowerKey === "cf-connecting-ip" || lowerKey === "true-client-ip" || lowerKey === "x-client-ip" || lowerKey === "x-cluster-client-ip") {
-      if (privacy.ip) continue;
+      if (privacy.ip)
+        continue;
       headers[lowerKey] = value;
       continue;
     }
@@ -99,11 +117,12 @@ export default defineEventHandler(async (event) => {
       continue;
     }
     if (lowerKey === "sec-ch-ua" || lowerKey === "sec-ch-ua-full-version-list") {
-      headers[lowerKey] = privacy.hardware ? value.replace(/;v="(\d+)\.[^"]*"/g, ';v="$1"') : value;
+      headers[lowerKey] = privacy.hardware ? value.replace(CLIENT_HINT_VERSION_RE, ';v="$1"') : value;
       continue;
     }
     if (lowerKey === "sec-ch-ua-platform-version" || lowerKey === "sec-ch-ua-arch" || lowerKey === "sec-ch-ua-model" || lowerKey === "sec-ch-ua-bitness") {
-      if (privacy.hardware) continue;
+      if (privacy.hardware)
+        continue;
       headers[lowerKey] = value;
       continue;
     }
@@ -123,98 +142,126 @@ export default defineEventHandler(async (event) => {
   }
   let body;
   let rawBody;
-  const contentType = originalHeaders["content-type"] || "";
+  let passthroughBody = false;
   const method = event.method?.toUpperCase();
-  const originalQuery = getQuery(event);
-  if (method === "POST" || method === "PUT" || method === "PATCH") {
-    rawBody = await readBody(event);
-    if (anyPrivacy && rawBody) {
-      if (typeof rawBody === "object") {
-        body = stripPayloadFingerprinting(rawBody, privacy);
-      } else if (typeof rawBody === "string") {
-        if (rawBody.startsWith("{") || rawBody.startsWith("[")) {
-          let parsed = null;
-          try {
-            parsed = JSON.parse(rawBody);
-          } catch {
-          }
-          if (parsed && typeof parsed === "object") {
-            body = stripPayloadFingerprinting(parsed, privacy);
+  const isWriteMethod = method === "POST" || method === "PUT" || method === "PATCH";
+  if (isWriteMethod) {
+    if (isBinaryBody || !anyPrivacy) {
+      passthroughBody = true;
+    } else {
+      rawBody = await readBody(event);
+      if (rawBody != null) {
+        if (Array.isArray(rawBody)) {
+          body = rawBody.map(
+            (item) => item && typeof item === "object" && !Array.isArray(item) ? stripPayloadFingerprinting(item, privacy) : item
+          );
+        } else if (typeof rawBody === "object") {
+          body = stripPayloadFingerprinting(rawBody, privacy);
+        } else if (typeof rawBody === "string") {
+          if (contentType.includes("application/x-www-form-urlencoded")) {
+            const params = new URLSearchParams(rawBody);
+            const obj = {};
+            for (const [key, value] of params.entries()) {
+              if (key in obj) {
+                const existing = obj[key];
+                obj[key] = Array.isArray(existing) ? [...existing, value] : [existing, value];
+              } else {
+                obj[key] = value;
+              }
+            }
+            const stripped = stripPayloadFingerprinting(obj, privacy);
+            const out = new URLSearchParams();
+            for (const [k, v] of Object.entries(stripped)) {
+              if (v === void 0 || v === null)
+                continue;
+              if (Array.isArray(v)) {
+                for (const item of v)
+                  out.append(k, typeof item === "string" ? item : JSON.stringify(item));
+              } else {
+                out.append(k, typeof v === "string" ? v : JSON.stringify(v));
+              }
+            }
+            body = out.toString();
           } else {
-            body = rawBody;
+            const maybeJson = contentType.includes("json") || (rawBody.startsWith("{") || rawBody.startsWith("["));
+            if (maybeJson) {
+              let parsed = null;
+              try {
+                parsed = JSON.parse(rawBody);
+              } catch {
+              }
+              if (Array.isArray(parsed)) {
+                body = parsed.map(
+                  (item) => item && typeof item === "object" && !Array.isArray(item) ? stripPayloadFingerprinting(item, privacy) : item
+                );
+              } else if (parsed && typeof parsed === "object") {
+                body = stripPayloadFingerprinting(parsed, privacy);
+              } else {
+                body = rawBody;
+              }
+            } else {
+              body = rawBody;
+            }
           }
-        } else if (contentType.includes("application/x-www-form-urlencoded")) {
-          const params = new URLSearchParams(rawBody);
-          const obj = {};
-          params.forEach((value, key) => {
-            obj[key] = value;
-          });
-          const stripped = stripPayloadFingerprinting(obj, privacy);
-          const stringified = {};
-          for (const [k, v] of Object.entries(stripped)) {
-            if (v === void 0 || v === null) continue;
-            stringified[k] = typeof v === "string" ? v : JSON.stringify(v);
-          }
-          body = new URLSearchParams(stringified).toString();
         } else {
           body = rawBody;
         }
-      } else {
-        body = rawBody;
       }
-    } else {
-      body = rawBody;
     }
   }
+  const nitro = useNitroApp();
   await nitro.hooks.callHook("nuxt-scripts:proxy", {
     timestamp: Date.now(),
     path: event.path,
     targetUrl,
     method: method || "GET",
     privacy,
+    passthroughBody,
     original: {
       headers: { ...originalHeaders },
       query: originalQuery,
-      body: rawBody ?? null
+      body: passthroughBody ? "<passthrough>" : rawBody ?? null
     },
     stripped: {
       headers,
-      query: anyPrivacy ? stripPayloadFingerprinting(originalQuery, privacy) : originalQuery,
-      body: body ?? null
+      query: strippedQueryRecord ?? originalQuery,
+      body: passthroughBody ? "<passthrough>" : body ?? null
     }
   });
   log("[proxy] Fetching:", targetUrl);
   const controller = new AbortController();
   const timeoutId = setTimeout(() => controller.abort(), 15e3);
+  let fetchBody;
+  if (passthroughBody) {
+    fetchBody = getRequestWebStream(event);
+  } else if (body !== void 0) {
+    fetchBody = typeof body === "string" ? body : JSON.stringify(body);
+  }
   let response;
   try {
     response = await fetch(targetUrl, {
       method: method || "GET",
       headers,
-      body: body ? typeof body === "string" ? body : JSON.stringify(body) : void 0,
+      body: fetchBody,
       credentials: "omit",
       // Don't send cookies to third parties
-      signal: controller.signal
+      signal: controller.signal,
+      // @ts-expect-error Node fetch supports duplex for streaming request bodies
+      duplex: passthroughBody ? "half" : void 0
     });
   } catch (err) {
-    clearTimeout(timeoutId);
-    log("[proxy] Fetch error:", err instanceof Error ? err.message : err);
-    if (path.includes("/collect") || path.includes("/tr") || path.includes("/events")) {
-      event.node.res.statusCode = 204;
-      return "";
-    }
-    const isTimeout = err instanceof Error && (err.message.includes("aborted") || err.message.includes("timeout"));
+    log("[proxy] Upstream error:", err);
     throw createError({
-      statusCode: isTimeout ? 504 : 502,
-      statusMessage: isTimeout ? "Upstream timeout" : "Bad Gateway",
-      message: "Failed to reach upstream"
+      statusCode: 502,
+      statusMessage: "Bad Gateway",
+      message: `Proxy upstream request failed: ${targetUrl}`
     });
+  } finally {
+    clearTimeout(timeoutId);
   }
-  clearTimeout(timeoutId);
   log("[proxy] Response:", response.status, response.statusText);
-  const skipHeaders = ["set-cookie", "transfer-encoding", "content-encoding", "content-length"];
   response.headers.forEach((value, key) => {
-    if (!skipHeaders.includes(key.toLowerCase())) {
+    if (!SKIP_RESPONSE_HEADERS.has(key.toLowerCase())) {
       setResponseHeader(event, key, value);
     }
   });

package/dist/runtime/server/utils/image-proxy.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+export interface ImageProxyConfig {
+    allowedDomains: string[] | ((hostname: string) => boolean);
+    accept?: string;
+    userAgent?: string;
+    cacheMaxAge?: number;
+    contentType?: string;
+    /** Follow redirects (default: true). Set to false to reject redirects (SSRF protection). */
+    followRedirects?: boolean;
+    /** Decode &amp; in URL query parameter */
+    decodeAmpersands?: boolean;
+}
+export declare function createImageProxyHandler(config: ImageProxyConfig): import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<any>>;

package/dist/runtime/server/utils/image-proxy.js ADDED Viewed

@@ -0,0 +1,70 @@
+import { createError, defineEventHandler, getQuery, setHeader } from "h3";
+import { $fetch } from "ofetch";
+const AMP_RE = /&amp;/g;
+export function createImageProxyHandler(config) {
+  const {
+    accept = "image/webp,image/jpeg,image/png,image/*,*/*;q=0.8",
+    userAgent,
+    cacheMaxAge = 3600,
+    contentType = "image/jpeg",
+    followRedirects = true,
+    decodeAmpersands = false
+  } = config;
+  return defineEventHandler(async (event) => {
+    const query = getQuery(event);
+    let url = query.url;
+    if (decodeAmpersands && url)
+      url = url.replace(AMP_RE, "&");
+    if (!url) {
+      throw createError({
+        statusCode: 400,
+        statusMessage: "Image URL is required"
+      });
+    }
+    let parsedUrl;
+    try {
+      parsedUrl = new URL(url);
+    } catch {
+      throw createError({
+        statusCode: 400,
+        statusMessage: "Invalid image URL"
+      });
+    }
+    if (parsedUrl.protocol !== "http:" && parsedUrl.protocol !== "https:") {
+      throw createError({
+        statusCode: 400,
+        statusMessage: "Invalid URL scheme"
+      });
+    }
+    const domainAllowed = typeof config.allowedDomains === "function" ? config.allowedDomains(parsedUrl.hostname) : config.allowedDomains.includes(parsedUrl.hostname);
+    if (!domainAllowed) {
+      throw createError({
+        statusCode: 403,
+        statusMessage: "Domain not allowed"
+      });
+    }
+    const headers = { Accept: accept };
+    if (userAgent)
+      headers["User-Agent"] = userAgent;
+    const response = await $fetch.raw(url, {
+      timeout: 5e3,
+      redirect: followRedirects ? "follow" : "manual",
+      ignoreResponseError: !followRedirects,
+      headers
+    }).catch((error) => {
+      throw createError({
+        statusCode: error.statusCode || 500,
+        statusMessage: error.statusMessage || "Failed to fetch image"
+      });
+    });
+    if (!followRedirects && response.status >= 300 && response.status < 400) {
+      throw createError({
+        statusCode: 403,
+        statusMessage: "Redirects not allowed"
+      });
+    }
+    setHeader(event, "Content-Type", response.headers.get("content-type") || contentType);
+    setHeader(event, "Cache-Control", `public, max-age=${cacheMaxAge}, s-maxage=${cacheMaxAge}`);
+    return response._data;
+  });
+}

package/dist/runtime/server/utils/privacy.d.ts CHANGED Viewed

@@ -20,7 +20,7 @@ export interface ProxyPrivacy {
  * Privacy input: `true` = full anonymize, `false` = passthrough (still strips sensitive headers),
  * or a `ProxyPrivacy` object for granular control (unset flags default to `false` — opt-in).
  */
-export type ProxyPrivacyInput = boolean | ProxyPrivacy | null;
+export type ProxyPrivacyInput = boolean | ProxyPrivacy;
 /** Resolved privacy with all flags explicitly set. */
 export type ResolvedProxyPrivacy = Required<ProxyPrivacy>;
 /**
@@ -71,7 +71,6 @@ export declare const STRIP_PARAMS: {
     browserVersion: string[];
     browserData: string[];
     location: string[];
-    canvas: string[];
     deviceInfo: string[];
 };
 /**
@@ -130,12 +129,4 @@ export declare function generalizeTimezone(value: unknown): string | number;
  * (timezone, language, screen dimensions) while keeping low-entropy values.
  */
 export declare function anonymizeDeviceInfo(value: string): string;
-/**
- * Recursively anonymize fingerprinting data in payload.
- * Fields are generalized or normalized rather than stripped, so endpoints
- * still receive valid data with reduced fingerprinting precision.
- *
- * When `privacy` is provided, only categories with their flag set to `true` are processed.
- * Default (no arg) = all categories active, so existing callers work unchanged.
- */
 export declare function stripPayloadFingerprinting(payload: Record<string, unknown>, privacy?: ResolvedProxyPrivacy): Record<string, unknown>;

package/dist/runtime/server/utils/privacy.js CHANGED Viewed

@@ -1,8 +1,17 @@
 const FULL_PRIVACY = { ip: true, userAgent: true, language: true, screen: true, timezone: true, hardware: true };
 const NO_PRIVACY = { ip: false, userAgent: false, language: false, screen: false, timezone: false, hardware: false };
+const MAJOR_VERSION_RE = /^(\d+)/;
+const VERSION_RE = /^(\d+)(([.\-_])\d+)*/;
+const VERSION_SPLIT_RE = /[.\-_]/;
+const SNAPCHAT_VERSION_RE = /("version"\s*:\s*")(\d+(?:\.\d+)*)/g;
+const GA_VERSION_RE = /;(\d+(?:\.\d+)*)/g;
+const UPPERCASE_RE = /^[A-Z]/;
+const LANG_CODE_RE = /^[a-z]{2}(?:-[a-z]{2,})?$/i;
 export function resolvePrivacy(input) {
-  if (input === true) return { ...FULL_PRIVACY };
-  if (input === false || input === void 0 || input === null) return { ...NO_PRIVACY };
+  if (input === true)
+    return { ...FULL_PRIVACY };
+  if (input === false || input === void 0)
+    return { ...NO_PRIVACY };
   return {
     ip: input.ip ?? false,
     userAgent: input.userAgent ?? false,
@@ -13,8 +22,10 @@ export function resolvePrivacy(input) {
   };
 }
 export function mergePrivacy(base, override) {
-  if (override === void 0 || override === null) return base;
-  if (typeof override === "boolean") return resolvePrivacy(override);
+  if (override === void 0)
+    return base;
+  if (typeof override === "boolean")
+    return resolvePrivacy(override);
   return {
     ip: override.ip !== void 0 ? override.ip : base.ip,
     userAgent: override.userAgent !== void 0 ? override.userAgent : base.userAgent,
@@ -67,11 +78,13 @@ export const STRIP_PARAMS = {
   // Browser version lists — generalized to major versions (d_bvs = Snapchat, uafvl = GA Client Hints)
   browserVersion: ["d_bvs", "uafvl"],
   // Browser data lists — replaced with empty value
-  browserData: ["plugins", "fonts"],
+  browserData: ["plugins", "fonts", "audiofingerprint"],
   // Location/Timezone — generalized
   location: ["tz", "timezone", "timezoneoffset"],
-  // Canvas/WebGL/Audio fingerprints — replaced with empty value (pure fingerprints, no analytics value)
-  canvas: ["canvas", "webgl", "audiofingerprint"],
+  // Canvas/WebGL fingerprints — neutralized at build time via AST rewriting (rewrite-ast.ts).
+  // These params are no longer stripped at runtime; the source APIs (toDataURL, WEBGL_debug_renderer_info)
+  // are neutralized before the script ever runs.
+  // canvas: ['canvas', 'webgl'],
   // Combined device fingerprinting (X/Twitter dv param contains: timezone, locale, vendor, platform, screen, etc.)
   deviceInfo: ["dv", "device_info", "deviceinfo"]
 };
@@ -81,7 +94,7 @@ export const NORMALIZE_PARAMS = {
 };
 export function anonymizeIP(ip) {
   if (ip.includes(":")) {
-    return ip.split(":").slice(0, 3).join(":") + "::";
+    return `${ip.split(":").slice(0, 3).join(":")}::`;
   }
   const parts = ip.split(".");
   if (parts.length === 4) {
@@ -103,7 +116,7 @@ export function normalizeUserAgent(ua) {
     const idx = ua.indexOf(pattern);
     if (idx !== -1) {
       const versionStart = idx + pattern.length;
-      const majorVersion = ua.slice(versionStart).match(/^(\d+)/)?.[1];
+      const majorVersion = ua.slice(versionStart).match(MAJOR_VERSION_RE)?.[1];
       if (majorVersion)
         return `Mozilla/5.0 (compatible; ${family}/${majorVersion}.0)`;
     }
@@ -119,8 +132,10 @@ const SCREEN_BUCKETS = {
   mobile: { w: 360, h: 640 }
 };
 function getDeviceClass(width) {
-  if (width >= 1200) return "desktop";
-  if (width >= 700) return "tablet";
+  if (width >= 1200)
+    return "desktop";
+  if (width >= 700)
+    return "tablet";
   return "mobile";
 }
 export function generalizeScreen(value, dimension) {
@@ -139,31 +154,38 @@ export function generalizeScreen(value, dimension) {
 }
 export function generalizeHardware(value) {
   const num = typeof value === "number" ? value : Number(value);
-  if (Number.isNaN(num)) return 4;
-  if (num >= 16) return 16;
-  if (num >= 8) return 8;
-  if (num >= 4) return 4;
+  if (Number.isNaN(num))
+    return 4;
+  if (num >= 16)
+    return 16;
+  if (num >= 8)
+    return 8;
+  if (num >= 4)
+    return 4;
   return 2;
 }
 export function generalizeVersion(value) {
-  if (typeof value !== "string") return String(value);
-  const match = value.match(/^(\d+)(([.\-_])\d+)*/);
-  if (!match) return String(value);
+  if (typeof value !== "string")
+    return String(value);
+  const match = value.match(VERSION_RE);
+  if (!match)
+    return String(value);
   const major = match[1];
   const sep = match[3] || ".";
-  const segmentCount = value.split(/[.\-_]/).length;
-  return major + (sep + "0").repeat(segmentCount - 1);
+  const segmentCount = value.split(VERSION_SPLIT_RE).length;
+  return major + `${sep}0`.repeat(segmentCount - 1);
 }
 export function generalizeBrowserVersions(value) {
-  if (typeof value !== "string") return String(value);
+  if (typeof value !== "string")
+    return String(value);
   const zeroSegments = (ver) => {
     const parts = ver.split(".");
     return parts[0] + parts.slice(1).map(() => ".0").join("");
   };
   if (value.includes('"version"'))
-    return value.replace(/("version"\s*:\s*")(\d+(?:\.\d+)*)/g, (_, prefix, ver) => prefix + zeroSegments(ver));
+    return value.replace(SNAPCHAT_VERSION_RE, (_, prefix, ver) => prefix + zeroSegments(ver));
   if (value.includes(";"))
-    return value.replace(/;(\d+(?:\.\d+)*)/g, (_, ver) => ";" + zeroSegments(ver));
+    return value.replace(GA_VERSION_RE, (_, ver) => `;${zeroSegments(ver)}`);
   return value;
 }
 export function generalizeTimezone(value) {
@@ -178,15 +200,16 @@ export function generalizeTimezone(value) {
 export function anonymizeDeviceInfo(value) {
   const sep = value.includes("|") ? "|" : "&";
   const parts = value.split(sep);
-  if (parts.length < 4) return value;
+  if (parts.length < 4)
+    return value;
   const result = [...parts];
   for (let i = 0; i < parts.length; i++) {
     const part = parts[i];
-    if (part.includes("/") && /^[A-Z]/.test(part)) {
+    if (part.includes("/") && UPPERCASE_RE.test(part)) {
       result[i] = String(generalizeTimezone(part));
       continue;
     }
-    if (/^[a-z]{2}(?:-[a-z]{2,})?$/i.test(part)) {
+    if (LANG_CODE_RE.test(part)) {
       result[i] = normalizeLanguage(part);
       continue;
     }
@@ -209,6 +232,13 @@ export function anonymizeDeviceInfo(value) {
   }
   return result.join(sep);
 }
+function matchesParam(key, params) {
+  const lk = key.toLowerCase();
+  return params.some((pm) => {
+    const lp = pm.toLowerCase();
+    return lk === lp || lk.startsWith(`${lp}[`);
+  });
+}
 export function stripPayloadFingerprinting(payload, privacy) {
   const p = privacy || FULL_PRIVACY;
   const result = {};
@@ -216,18 +246,12 @@ export function stripPayloadFingerprinting(payload, privacy) {
   for (const [key, value] of Object.entries(payload)) {
     if (key.toLowerCase() === "sw") {
       const num = typeof value === "number" ? value : Number(value);
-      if (!Number.isNaN(num)) deviceClass = getDeviceClass(num);
+      if (!Number.isNaN(num))
+        deviceClass = getDeviceClass(num);
     }
   }
   for (const [key, value] of Object.entries(payload)) {
     const lowerKey = key.toLowerCase();
-    const matchesParam = (key2, params) => {
-      const lk = key2.toLowerCase();
-      return params.some((pm) => {
-        const lp = pm.toLowerCase();
-        return lk === lp || lk.startsWith(lp + "[");
-      });
-    };
     const isLanguageParam = NORMALIZE_PARAMS.language.some((pm) => lowerKey === pm.toLowerCase());
     if (isLanguageParam) {
       if (Array.isArray(value)) {
@@ -264,7 +288,7 @@ export function stripPayloadFingerprinting(payload, privacy) {
       continue;
     }
     if (matchesParam(key, STRIP_PARAMS.hardware)) {
-      result[key] = p.screen ? generalizeHardware(value) : value;
+      result[key] = p.hardware ? generalizeHardware(value) : value;
       continue;
     }
     if (matchesParam(key, STRIP_PARAMS.version)) {
@@ -280,11 +304,7 @@ export function stripPayloadFingerprinting(payload, privacy) {
       continue;
     }
     if (matchesParam(key, STRIP_PARAMS.browserData)) {
-      result[key] = p.hardware ? Array.isArray(value) ? [] : "" : value;
-      continue;
-    }
-    if (matchesParam(key, STRIP_PARAMS.canvas)) {
-      result[key] = p.hardware ? typeof value === "number" ? 0 : typeof value === "object" ? {} : "" : value;
+      result[key] = p.hardware ? Array.isArray(value) ? [] : typeof value === "number" ? 0 : "" : value;
       continue;
     }
     if (matchesParam(key, STRIP_PARAMS.deviceInfo)) {