npm - @od-oneapp/security - Versions diffs - 2026.1.1301 - Mend

@od-oneapp/security 2026.1.1301

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/README.md +807 -0
package/dist/client-next.d.mts +2 -0
package/dist/client-next.mjs +17 -0
package/dist/client-next.mjs.map +1 -0
package/dist/client.d.mts +5 -0
package/dist/client.d.mts.map +1 -0
package/dist/client.mjs +48 -0
package/dist/client.mjs.map +1 -0
package/dist/env-DvTVXAjh.d.mts +163 -0
package/dist/env-DvTVXAjh.d.mts.map +1 -0
package/dist/rate-limit-DStYbhoa.mjs +736 -0
package/dist/rate-limit-DStYbhoa.mjs.map +1 -0
package/dist/server-next.d.mts +30 -0
package/dist/server-next.d.mts.map +1 -0
package/dist/server-next.mjs +269 -0
package/dist/server-next.mjs.map +1 -0
package/dist/server.d.mts +2 -0
package/dist/server.mjs +3 -0
package/package.json +80 -0
package/src/client-next.ts +13 -0
package/src/client.ts +47 -0
package/src/server-next.ts +347 -0
package/src/server.ts +14 -0

package/dist/client-next.d.mts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import { getSecurityHeaders } from "./client.mjs";
2	+ export { getSecurityHeaders };

package/dist/client-next.mjs ADDED Viewed

@@ -0,0 +1,17 @@
+'use client';
+import { getSecurityHeaders } from "./client.mjs";
+//#region src/client-next.ts
+/**
+* @fileoverview Client-side security exports for Next.js
+*
+* This file provides client-side security functionality specifically for Next.js applications.
+* Re-exports client security utilities for Next.js client components.
+*
+* @module @od-oneapp/security/client/next
+*/
+//#endregion
+export { getSecurityHeaders };
+//# sourceMappingURL=client-next.mjs.map

package/dist/client-next.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"client-next.mjs","names":[],"sources":["../src/client-next.ts"],"sourcesContent":["/**\n * @fileoverview Client-side security exports for Next.js\n *\n * This file provides client-side security functionality specifically for Next.js applications.\n * Re-exports client security utilities for Next.js client components.\n *\n * @module @repo/security/client/next\n */\n\n'use client';\n\n// Re-export client functionality (explicit exports to avoid circular dependencies)\nexport { getSecurityHeaders } from './client';\n"],"mappings":""}

package/dist/client.d.mts ADDED Viewed

@@ -0,0 +1,5 @@
+//#region src/client.d.ts
+declare function getSecurityHeaders(): {};
+//#endregion
+export { getSecurityHeaders };
+//# sourceMappingURL=client.d.mts.map

package/dist/client.d.mts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"client.d.mts","names":[],"sources":["../src/client.ts"],"mappings":";iBAyCgB,kBAAA,CAAA"}

package/dist/client.mjs ADDED Viewed

@@ -0,0 +1,48 @@
+//#region src/client.ts
+/**
+* @fileoverview Client-side security exports (non-Next.js)
+*
+* This file provides client-side security functionality for non-Next.js environments.
+* For Next.js applications, use '@od-oneapp/security/client/next' instead.
+*
+* Note: Security headers must be set server-side for actual protection.
+* This module provides placeholder functions for client-side compatibility.
+*
+* @module @od-oneapp/security/client
+*/
+/**
+* Get security headers (client-side placeholder).
+*
+* @remarks
+* This is a client-side placeholder function. Security headers must be set server-side
+* for actual protection. Use '@od-oneapp/security/server' instead for real security headers.
+*
+* **Why client-side can't set security headers**:
+* - Security headers (CSP, HSTS, etc.) must be set in HTTP responses
+* - Client-side JavaScript cannot modify HTTP response headers
+* - Headers set client-side are ignored by browsers for security reasons
+*
+* **Use server-side instead**:
+* - Next.js: Use middleware or API routes with `@od-oneapp/security/server/next`
+* - Express: Use middleware with `@od-oneapp/security/server`
+* - Other frameworks: Set headers in response handlers
+*
+* @returns Empty object (security headers must be set server-side)
+*
+* @example
+* ```typescript
+* import { getSecurityHeaders } from '@od-oneapp/security/client';
+*
+* // Returns empty object - headers must be set server-side
+* const headers = getSecurityHeaders();
+* ```
+*
+* @see Use '@od-oneapp/security/server' for actual security headers
+*/
+function getSecurityHeaders() {
+	return {};
+}
+//#endregion
+export { getSecurityHeaders };
+//# sourceMappingURL=client.mjs.map

package/dist/client.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"client.mjs","names":[],"sources":["../src/client.ts"],"sourcesContent":["/**\n * @fileoverview Client-side security exports (non-Next.js)\n *\n * This file provides client-side security functionality for non-Next.js environments.\n * For Next.js applications, use '@repo/security/client/next' instead.\n *\n * Note: Security headers must be set server-side for actual protection.\n * This module provides placeholder functions for client-side compatibility.\n *\n * @module @repo/security/client\n */\n\n/**\n * Get security headers (client-side placeholder).\n *\n * @remarks\n * This is a client-side placeholder function. Security headers must be set server-side\n * for actual protection. Use '@repo/security/server' instead for real security headers.\n *\n * **Why client-side can't set security headers**:\n * - Security headers (CSP, HSTS, etc.) must be set in HTTP responses\n * - Client-side JavaScript cannot modify HTTP response headers\n * - Headers set client-side are ignored by browsers for security reasons\n *\n * **Use server-side instead**:\n * - Next.js: Use middleware or API routes with `@repo/security/server/next`\n * - Express: Use middleware with `@repo/security/server`\n * - Other frameworks: Set headers in response handlers\n *\n * @returns Empty object (security headers must be set server-side)\n *\n * @example\n * ```typescript\n * import { getSecurityHeaders } from '@repo/security/client';\n *\n * // Returns empty object - headers must be set server-side\n * const headers = getSecurityHeaders();\n * ```\n *\n * @see Use '@repo/security/server' for actual security headers\n */\nexport function getSecurityHeaders() {\n // This is a client-side placeholder\n // Real security headers must be set server-side\n // Use @repo/security/server instead for actual security headers\n return {};\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAyCA,SAAgB,qBAAqB;AAInC,QAAO,EAAE"}

package/dist/env-DvTVXAjh.d.mts ADDED Viewed

@@ -0,0 +1,163 @@
+import "server-only";
+import * as _integrations_upstash_redis_client0 from "@integrations/upstash/redis-client";
+import { Ratelimit, RatelimitConfig } from "@integrations/upstash/redis-client";
+import * as _upstash_redis0 from "@upstash/redis";
+//#region rate-limit.d.ts
+declare const slidingWindow: typeof Ratelimit.slidingWindow;
+declare const fixedWindow: typeof Ratelimit.fixedWindow;
+declare const tokenBucket: typeof Ratelimit.tokenBucket;
+type RateLimiterInstance = {
+  limit: Ratelimit['limit'];
+  getRemaining: Ratelimit['getRemaining'];
+  resetUsedTokens: Ratelimit['resetUsedTokens'];
+};
+declare function hashIdentifier(identifier: string): string;
+declare const createRateLimiter: (props: Omit<RatelimitConfig, "redis">) => RateLimiterInstance;
+declare const rateLimitConfigs: {
+  readonly api: {
+    readonly limiter: _integrations_upstash_redis_client0.Algorithm<{
+      redis: _upstash_redis0.Redis;
+      cache?: {
+        isBlocked: (identifier: string) => {
+          blocked: boolean;
+          reset: number;
+        };
+        blockUntil: (identifier: string, reset: number) => void;
+        set: (key: string, value: number) => void;
+        get: (key: string) => number | null;
+        incr: (key: string, incrementAmount?: number) => number;
+        pop: (key: string) => void;
+        empty: () => void;
+        size: () => number;
+      };
+      dynamicLimits?: boolean;
+      prefix: string;
+    }>;
+    readonly prefix: "ratelimit:api";
+  };
+  readonly auth: {
+    readonly limiter: _integrations_upstash_redis_client0.Algorithm<{
+      redis: _upstash_redis0.Redis;
+      cache?: {
+        isBlocked: (identifier: string) => {
+          blocked: boolean;
+          reset: number;
+        };
+        blockUntil: (identifier: string, reset: number) => void;
+        set: (key: string, value: number) => void;
+        get: (key: string) => number | null;
+        incr: (key: string, incrementAmount?: number) => number;
+        pop: (key: string) => void;
+        empty: () => void;
+        size: () => number;
+      };
+      dynamicLimits?: boolean;
+      prefix: string;
+    }>;
+    readonly prefix: "ratelimit:auth";
+  };
+  readonly upload: {
+    readonly limiter: _integrations_upstash_redis_client0.Algorithm<{
+      redis: _upstash_redis0.Redis;
+      cache?: {
+        isBlocked: (identifier: string) => {
+          blocked: boolean;
+          reset: number;
+        };
+        blockUntil: (identifier: string, reset: number) => void;
+        set: (key: string, value: number) => void;
+        get: (key: string) => number | null;
+        incr: (key: string, incrementAmount?: number) => number;
+        pop: (key: string) => void;
+        empty: () => void;
+        size: () => number;
+      };
+      dynamicLimits?: boolean;
+      prefix: string;
+    }>;
+    readonly prefix: "ratelimit:upload";
+  };
+  readonly webhook: {
+    readonly limiter: _integrations_upstash_redis_client0.Algorithm<{
+      redis: _upstash_redis0.Redis;
+      cache?: {
+        isBlocked: (identifier: string) => {
+          blocked: boolean;
+          reset: number;
+        };
+        blockUntil: (identifier: string, reset: number) => void;
+        set: (key: string, value: number) => void;
+        get: (key: string) => number | null;
+        incr: (key: string, incrementAmount?: number) => number;
+        pop: (key: string) => void;
+        empty: () => void;
+        size: () => number;
+      };
+      dynamicLimits?: boolean;
+      prefix: string;
+    }>;
+    readonly prefix: "ratelimit:webhook";
+  };
+  readonly search: {
+    readonly limiter: _integrations_upstash_redis_client0.Algorithm<{
+      redis: _upstash_redis0.Redis;
+      cache?: {
+        isBlocked: (identifier: string) => {
+          blocked: boolean;
+          reset: number;
+        };
+        blockUntil: (identifier: string, reset: number) => void;
+        set: (key: string, value: number) => void;
+        get: (key: string) => number | null;
+        incr: (key: string, incrementAmount?: number) => number;
+        pop: (key: string) => void;
+        empty: () => void;
+        size: () => number;
+      };
+      dynamicLimits?: boolean;
+      prefix: string;
+    }>;
+    readonly prefix: "ratelimit:search";
+  };
+};
+declare const rateLimiters: {
+  api: RateLimiterInstance;
+  auth: RateLimiterInstance;
+  upload: RateLimiterInstance;
+  webhook: RateLimiterInstance;
+  search: RateLimiterInstance;
+};
+type RateLimitResult = {
+  success: boolean;
+  limit: number;
+  remaining: number;
+  reset: number;
+  retryAfter?: number;
+  disabled?: boolean;
+};
+declare const applyRateLimit: (identifier: string, type?: keyof typeof rateLimiters) => Promise<RateLimitResult>;
+declare const isRateLimited: (identifier: string, type?: keyof typeof rateLimiters) => Promise<boolean>;
+declare const getRateLimitInfo: (identifier: string, type?: keyof typeof rateLimiters) => Promise<Omit<RateLimitResult, "success">>;
+//#endregion
+//#region env.d.ts
+interface Logger {
+  warn(message: string, context?: Record<string, unknown>): void;
+  error(message: string, context?: Record<string, unknown>): void;
+}
+declare function setLogger(customLogger: Logger): void;
+declare function getLogger(): Logger;
+declare const env: {
+  ARCJET_KEY?: string;
+  UPSTASH_REDIS_REST_TOKEN?: string;
+  UPSTASH_REDIS_REST_URL?: string;
+  NODE_ENV: 'development' | 'test' | 'production';
+};
+declare function safeEnv(): SecurityEnv;
+declare function isProduction(): boolean;
+declare function hasArcjetConfig(): boolean;
+declare function hasUpstashConfig(): boolean;
+type SecurityEnv = typeof env;
+//#endregion
+export { slidingWindow as _, isProduction as a, RateLimitResult as c, fixedWindow as d, getRateLimitInfo as f, rateLimiters as g, rateLimitConfigs as h, hasUpstashConfig as i, applyRateLimit as l, isRateLimited as m, getLogger as n, safeEnv as o, hashIdentifier as p, hasArcjetConfig as r, setLogger as s, env as t, createRateLimiter as u, tokenBucket as v };
+//# sourceMappingURL=env-DvTVXAjh.d.mts.map

package/dist/env-DvTVXAjh.d.mts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"env-DvTVXAjh.d.mts","names":[],"sources":["../rate-limit.ts","../env.ts"],"mappings":";;;;;;cAkCe,aAAA,SAAa,SAAA,CAAA,aAAA;AAAA,cAmBb,WAAA,SAAW,SAAA,CAAA,WAAA;AAAA,cAmBX,WAAA,SAAW,SAAA,CAAA,WAAA;AAAA,KAOrB,mBAAA;EACH,KAAA,EAAO,SAAA;EACP,YAAA,EAAc,SAAA;EACd,eAAA,EAAiB,SAAA;AAAA;AAAA,iBA2EH,cAAA,CAAe,UAAA;AAAA,cAiHlB,iBAAA,GAAqB,KAAA,EAAO,IAAA,CAAK,eAAA,eAA4B,mBAAA;AAAA,cAwD7D,gBAAA;EAAA;;aA8B4D,eAAA,CAAA,KAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAwB5D,YAAA;OAcI,mBAAA;QAMC,mBAAA;UAME,mBAAA;WAMC,mBAAA;UAMD,mBAAA;AAAA;AAAA,KAqBR,eAAA;EACV,OAAA;EACA,KAAA;EACA,SAAA;EACA,KAAA;EACA,UAAA;EAEA,QAAA;AAAA;AAAA,cA6EW,cAAA,GACX,UAAA,UACA,IAAA,gBAAmB,YAAA,KAClB,OAAA,CAAQ,eAAA;AAAA,cA+DE,aAAA,GACX,UAAA,UACA,IAAA,gBAAmB,YAAA,KAClB,OAAA;AAAA,cA8BU,gBAAA,GACX,UAAA,UACA,IAAA,gBAAmB,YAAA,KAClB,OAAA,CAAQ,IAAA,CAAK,eAAA;;;UCzlBC,MAAA;EACf,IAAA,CAAK,OAAA,UAAiB,OAAA,GAAU,MAAA;EAChC,KAAA,CAAM,OAAA,UAAiB,OAAA,GAAU,MAAA;AAAA;AAAA,iBA4DnB,SAAA,CAAU,YAAA,EAAc,MAAA;AAAA,iBAqBxB,SAAA,CAAA,GAAa,MAAA;AAAA,cAsBhB,GAAA;EACX,UAAA;EACA,wBAAA;EACA,sBAAA;EACA,QAAA;AAAA;AAAA,iBA2Ec,OAAA,CAAA,GAAW,WAAA;AAAA,iBAyBX,YAAA,CAAA;AAAA,iBA2BA,eAAA,CAAA;AAAA,iBAkCA,gBAAA,CAAA;AAAA,KAsBJ,WAAA,UAAqB,GAAA"}