@prosopo/provider 3.12.3 → 3.13.0

package/dist/tasks/detection/getBotScore.js

@@ -1,8 +1,9 @@
-import GGaYiU from "./decodePayload.js";
+import fYWyhW from "./decodePayload.js";
 const DEFAULT_ENTROPY = 13837;
-const getBotScore = async (payload, privateKeyString) => {
-  const result = await GGaYiU(
+const getBotScore = async (payload, headHash, privateKeyString) => {
+  const result = await fYWyhW(
     payload,
+    headHash,
     privateKeyString
   );
   const baseBotScore = result.score;
@@ -10,6 +11,9 @@ const getBotScore = async (payload, privateKeyString) => {
   const providerSelectEntropy = result.providerSelectEntropy;
   const userId = result.userId;
   const userAgent = result.userAgent;
+  const isWebView = result.isWebView ?? false;
+  const isIframe = result.isIframe ?? false;
+  const decryptedHeadHash = result.decryptedHeadHash;
   if (baseBotScore === void 0) {
     return {
       baseBotScore: 1,
@@ -17,7 +21,16 @@ const getBotScore = async (payload, privateKeyString) => {
       providerSelectEntropy: DEFAULT_ENTROPY
     };
   }
-  return { baseBotScore, timestamp, providerSelectEntropy, userId, userAgent };
+  return {
+    baseBotScore,
+    timestamp,
+    providerSelectEntropy,
+    userId,
+    userAgent,
+    isWebView,
+    isIframe,
+    decryptedHeadHash
+  };
 };
 export {
   getBotScore

package/dist/tasks/frictionless/frictionlessTasks.js

@@ -15,22 +15,60 @@ const getDefaultEntropy = () => {
 };
 const DEFAULT_MAX_TIMESTAMP_AGE = 60 * 10 * 1e3;
 const DEFAULT_ENTROPY = getDefaultEntropy();
+var FrictionlessReason = /* @__PURE__ */ ((FrictionlessReason2) => {
+  FrictionlessReason2["CONTEXT_AWARE_VALIDATION_FAILED"] = "CONTEXT_AWARE_VALIDATION_FAILED";
+  FrictionlessReason2["USER_ACCESS_POLICY"] = "USER_ACCESS_POLICY";
+  FrictionlessReason2["USER_AGENT_MISMATCH"] = "USER_AGENT_MISMATCH";
+  FrictionlessReason2["OLD_TIMESTAMP"] = "OLD_TIMESTAMP";
+  FrictionlessReason2["BOT_SCORE_ABOVE_THRESHOLD"] = "BOT_SCORE_ABOVE_THRESHOLD";
+  FrictionlessReason2["WEBVIEW_DETECTED"] = "WEBVIEW_DETECTED";
+  return FrictionlessReason2;
+})(FrictionlessReason || {});
 class FrictionlessManager extends CaptchaManager {
   constructor(db, pair, config, logger) {
-    super(db, pair, logger);
+    super(db, pair, config, logger);
     this.config = config;
   }
+  setSessionParams(params) {
+    this.sessionParams = {
+      token: params.token,
+      score: params.score,
+      threshold: params.threshold,
+      scoreComponents: params.scoreComponents,
+      providerSelectEntropy: params.providerSelectEntropy,
+      ipAddress: params.ipAddress,
+      webView: params.webView ?? false,
+      iFrame: params.iFrame ?? false,
+      decryptedHeadHash: params.decryptedHeadHash
+    };
+  }
+  updateScore(score, scoreComponents) {
+    if (this.sessionParams) {
+      this.sessionParams.score = score;
+      this.sessionParams.scoreComponents = scoreComponents;
+    }
+  }
   checkLangRules(acceptLanguage) {
     return checkLangRules(this.config, acceptLanguage);
   }
-  async createSession(tokenId, captchaType, solvedImagesCount, powDifficulty) {
+  async createSession(token, score, threshold, scoreComponents, providerSelectEntropy, ipAddress, captchaType, solvedImagesCount, powDifficulty, userSitekeyIpHash, webView = false, iFrame = false, decryptedHeadHash = "", reason) {
     const sessionRecord = {
       sessionId: v4(),
       createdAt: /* @__PURE__ */ new Date(),
-      tokenId,
+      token,
+      score,
+      threshold,
+      scoreComponents,
+      providerSelectEntropy,
+      ipAddress,
       captchaType,
       solvedImagesCount,
-      powDifficulty
+      powDifficulty,
+      userSitekeyIpHash,
+      webView,
+      iFrame,
+      decryptedHeadHash,
+      reason
     };
     await this.db.storeSessionRecord(sessionRecord);
     return sessionRecord;
@@ -53,11 +91,28 @@ class FrictionlessManager extends CaptchaManager {
     }
     return { verified: true, domain };
   }
-  async sendImageCaptcha(tokenId, solvedImagesCount) {
+  async sendImageCaptcha(params) {
+    const effectiveParams = { ...this.sessionParams, ...params };
+    if (!effectiveParams.token || effectiveParams.score === void 0 || effectiveParams.threshold === void 0 || !effectiveParams.scoreComponents || effectiveParams.providerSelectEntropy === void 0 || !effectiveParams.ipAddress) {
+      throw new Error(
+        "Session parameters must be set before calling sendImageCaptcha"
+      );
+    }
     const sessionRecord = await this.createSession(
-      tokenId,
+      effectiveParams.token,
+      effectiveParams.score,
+      effectiveParams.threshold,
+      effectiveParams.scoreComponents,
+      effectiveParams.providerSelectEntropy,
+      effectiveParams.ipAddress,
       CaptchaType.image,
-      solvedImagesCount
+      effectiveParams.solvedImagesCount,
+      void 0,
+      effectiveParams.userSitekeyIpHash,
+      effectiveParams.webView ?? false,
+      effectiveParams.iFrame ?? false,
+      effectiveParams.decryptedHeadHash,
+      effectiveParams.reason
     );
     return {
       [ApiParams.captchaType]: CaptchaType.image,
@@ -65,11 +120,28 @@ class FrictionlessManager extends CaptchaManager {
       [ApiParams.status]: "ok"
     };
   }
-  async sendPowCaptcha(tokenId, powDifficulty) {
+  async sendPowCaptcha(params) {
+    const effectiveParams = { ...this.sessionParams, ...params };
+    if (!effectiveParams.token || effectiveParams.score === void 0 || effectiveParams.threshold === void 0 || !effectiveParams.scoreComponents || effectiveParams.providerSelectEntropy === void 0 || !effectiveParams.ipAddress) {
+      throw new Error(
+        "Session parameters must be set before calling sendPowCaptcha"
+      );
+    }
     const sessionRecord = await this.createSession(
-      tokenId,
+      effectiveParams.token,
+      effectiveParams.score,
+      effectiveParams.threshold,
+      effectiveParams.scoreComponents,
+      effectiveParams.providerSelectEntropy,
+      effectiveParams.ipAddress,
       CaptchaType.pow,
-      powDifficulty
+      void 0,
+      effectiveParams.powDifficulty,
+      effectiveParams.userSitekeyIpHash,
+      effectiveParams.webView ?? false,
+      effectiveParams.iFrame ?? false,
+      effectiveParams.decryptedHeadHash,
+      effectiveParams.reason
     );
     return {
       [ApiParams.captchaType]: CaptchaType.pow,
@@ -77,47 +149,57 @@ class FrictionlessManager extends CaptchaManager {
       [ApiParams.status]: "ok"
     };
   }
-  async scoreIncreaseAccessPolicy(accessPolicy, baseBotScore, botScore, tokenId) {
+  scoreIncreaseAccessPolicy(accessPolicy, baseBotScore, botScore, scoreComponents) {
     const accessPolicyPenalty = accessPolicy?.frictionlessScore || this.config.penalties.PENALTY_ACCESS_RULE;
     botScore += accessPolicyPenalty;
-    await this.db.updateFrictionlessTokenRecord(tokenId, {
+    return {
       score: botScore,
       scoreComponents: {
-        baseScore: baseBotScore,
+        ...scoreComponents,
         accessPolicy: accessPolicyPenalty
       }
-    });
-    return botScore;
+    };
   }
-  async scoreIncreaseUnverifiedHost(host, baseBotScore, botScore, tokenId) {
+  scoreIncreaseUnverifiedHost(host, baseBotScore, botScore, scoreComponents) {
     this.logger.info(() => ({
       msg: "Host not verified",
       data: { requested: this.config.host, selected: host }
     }));
     botScore += this.config.penalties.PENALTY_UNVERIFIED_HOST;
-    await this.db.updateFrictionlessTokenRecord(tokenId, {
+    return {
       score: botScore,
       scoreComponents: {
-        baseScore: baseBotScore,
+        ...scoreComponents,
         unverifiedHost: this.config.penalties.PENALTY_UNVERIFIED_HOST
       }
-    });
-    return botScore;
+    };
+  }
+  scoreIncreaseWebView(baseBotScore, botScore, scoreComponents) {
+    this.logger.debug(() => ({
+      msg: "WebView detected"
+    }));
+    botScore += this.config.penalties.PENALTY_WEBVIEW;
+    return {
+      score: botScore,
+      scoreComponents: {
+        ...scoreComponents,
+        webView: this.config.penalties.PENALTY_WEBVIEW
+      }
+    };
   }
-  async scoreIncreaseTimestamp(timestamp, baseBotScore, botScore, tokenId) {
+  scoreIncreaseTimestamp(timestamp, baseBotScore, botScore, scoreComponents) {
     this.logger.info(() => ({
       msg: "Timestamp is older than 10 minutes",
       data: { timestamp: new Date(timestamp) }
     }));
     botScore += this.config.penalties.PENALTY_OLD_TIMESTAMP;
-    await this.db.updateFrictionlessTokenRecord(tokenId, {
+    return {
       score: botScore,
       scoreComponents: {
-        baseScore: baseBotScore,
+        ...scoreComponents,
         timeout: this.config.penalties.PENALTY_OLD_TIMESTAMP
       }
-    });
-    return botScore;
+    };
   }
   static timestampTooOld(timestamp) {
     const now = Date.now();
@@ -139,7 +221,7 @@ class FrictionlessManager extends CaptchaManager {
     const end = key.slice(-5);
     return `${start}...${middle}...${end}`;
   }
-  async decryptPayload(token) {
+  async decryptPayload(token, headHash) {
     const decryptKeys = [
       // Process DB keys first, then env var key last as env key will likely be invalid
       ...await this.getDetectorKeys(),
@@ -162,6 +244,9 @@ class FrictionlessManager extends CaptchaManager {
     let providerSelectEntropy;
     let userId;
     let userAgent;
+    let webView;
+    let iFrame;
+    let decryptedHeadHash = "";
     for (const [keyIndex, key] of decryptKeys.entries()) {
       try {
         this.logger.info(() => ({
@@ -170,12 +255,15 @@ class FrictionlessManager extends CaptchaManager {
             key: this.redactKeyForLogging(key)
           }
         }));
-        const decrypted = await getBotScore(token, key);
+        const decrypted = await getBotScore(token, headHash, key);
+        decryptedHeadHash = decrypted.decryptedHeadHash || "";
         const s = decrypted.baseBotScore;
         const t = decrypted.timestamp;
         const p = decrypted.providerSelectEntropy;
         const a = decrypted.userId;
         const u = decrypted.userAgent;
+        const w = decrypted.isWebView;
+        const i = decrypted.isIframe;
         this.logger.debug(() => ({
           msg: "Successfully decrypted score",
           data: {
@@ -184,7 +272,9 @@ class FrictionlessManager extends CaptchaManager {
             timestamp: t,
             entropy: p,
             userId: a,
-            userAgent: u
+            userAgent: u,
+            webView: w,
+            iFrame: i
           }
         }));
         baseBotScore = s;
@@ -192,6 +282,8 @@ class FrictionlessManager extends CaptchaManager {
         providerSelectEntropy = p;
         userId = a;
         userAgent = u;
+        webView = w;
+        iFrame = i;
         break;
       } catch (err) {
         if (keyIndex === decryptKeys.length - 1) {
@@ -201,6 +293,7 @@ class FrictionlessManager extends CaptchaManager {
           baseBotScore = 1;
           timestamp = 0;
           providerSelectEntropy = DEFAULT_ENTROPY + 1;
+          decryptedHeadHash = "";
         }
       }
     }
@@ -215,13 +308,19 @@ class FrictionlessManager extends CaptchaManager {
       baseBotScore = 1;
       timestamp = 0;
       providerSelectEntropy = DEFAULT_ENTROPY - undefinedCount;
+      decryptedHeadHash = "";
     }
     this.logger.info(() => ({
       msg: "decryptPayload result",
       data: {
         baseBotScore,
         timestamp,
-        entropy: providerSelectEntropy
+        entropy: providerSelectEntropy,
+        userId,
+        userAgent,
+        webView,
+        iFrame,
+        decryptedHeadHash
       }
     }));
     return {
@@ -229,11 +328,18 @@ class FrictionlessManager extends CaptchaManager {
       timestamp: Number(timestamp),
       providerSelectEntropy: Number(providerSelectEntropy),
       userId,
-      userAgent
+      userAgent,
+      webView: webView || false,
+      iFrame: iFrame || false,
+      decryptedHeadHash
     };
   }
+  async getClientEntropy(siteKey) {
+    return this.db.getClientEntropy(siteKey);
+  }
 }
 export {
   DEFAULT_ENTROPY,
-  FrictionlessManager
+  FrictionlessManager,
+  FrictionlessReason
 };

package/dist/tasks/imgCaptcha/imgCaptchaTasks.js

@@ -9,11 +9,12 @@ import { constructPairList, containsIdenticalPairs } from "../../pairs.js";
 import { checkLangRules } from "../../rules/lang.js";
 import { shuffleArray, deepValidateIpAddress } from "../../util.js";
 import { CaptchaManager } from "../captchaManager.js";
+import { FrictionlessReason } from "../frictionless/frictionlessTasks.js";
 import { computeFrictionlessScore } from "../frictionless/frictionlessTasksUtils.js";
 import { buildTreeAndGetCommitmentId } from "./imgCaptchaTasksUtils.js";
 class ImgCaptchaManager extends CaptchaManager {
   constructor(db, pair, config, logger) {
-    super(db, pair, logger);
+    super(db, pair, config, logger);
     this.config = config;
   }
   async getCaptchaWithProof(datasetId, solved, size) {
@@ -30,7 +31,7 @@ class ImgCaptchaManager extends CaptchaManager {
     }
     return captchaDocs;
   }
-  async getRandomCaptchasAndRequestHash(datasetId, userAccount, ipAddress, captchaConfig, threshold, frictionlessTokenId) {
+  async getRandomCaptchasAndRequestHash(datasetId, userAccount, ipAddress, captchaConfig, threshold, sessionId) {
     const dataset = await this.db.getDatasetDetails(datasetId);
     if (!dataset) {
       throw new ProsopoEnvError("DATABASE.DATASET_GET_FAILED", {
@@ -80,7 +81,7 @@ class ImgCaptchaManager extends CaptchaManager {
       currentTime,
       getCompositeIpAddress(ipAddress),
       threshold,
-      frictionlessTokenId
+      sessionId
     );
     return {
       captchas,
@@ -172,10 +173,10 @@ class ImgCaptchaManager extends CaptchaManager {
         userSignature: userTimestampSignature,
         userSubmitted: true,
         serverChecked: false,
-        requestedAtTimestamp: timestamp,
+        requestedAtTimestamp: new Date(timestamp),
         ipAddress: getCompositeIpAddress(ipAddress),
         headers,
-        frictionlessTokenId: pendingRecord.frictionlessTokenId,
+        sessionId: pendingRecord.sessionId,
         ja4
       };
       await this.db.storeUserImageCaptchaSolution(receivedCaptchas, commit);
@@ -332,7 +333,7 @@ class ImgCaptchaManager extends CaptchaManager {
     }
     return void 0;
   }
-  async verifyImageCaptchaSolution(user, dapp, commitmentId, env, maxVerifiedTime, ip) {
+  async verifyImageCaptchaSolution(user, dapp, commitmentId, env, maxVerifiedTime, ip, disallowWebView, contextAwareEnabled = false) {
     const solution = await (commitmentId ? this.getDappUserCommitmentById(commitmentId) : this.getDappUserCommitmentByAccount(user, dapp));
     if (!solution) {
       this.logger.debug(() => ({
@@ -349,7 +350,7 @@ class ImgCaptchaManager extends CaptchaManager {
     }
     maxVerifiedTime = maxVerifiedTime || 60 * 1e3;
     const currentTime = Date.now();
-    const timeSinceCompletion = currentTime - solution.requestedAtTimestamp;
+    const timeSinceCompletion = currentTime - solution.requestedAtTimestamp.getTime();
     if (timeSinceCompletion > maxVerifiedTime) {
       this.logger.debug(() => ({
         msg: "Not verified - timed out"
@@ -389,18 +390,29 @@ class ImgCaptchaManager extends CaptchaManager {
     }
     const isApproved = solution.result.status === CaptchaStatus.approved;
     let score;
-    if (solution.frictionlessTokenId) {
-      const tokenRecord = await this.db.getFrictionlessTokenRecordByTokenId(
-        solution.frictionlessTokenId
+    if (solution.sessionId) {
+      const sessionRecord = await this.db.getSessionRecordBySessionId(
+        solution.sessionId
       );
-      if (tokenRecord) {
-        score = computeFrictionlessScore(tokenRecord?.scoreComponents);
+      if (sessionRecord) {
+        score = computeFrictionlessScore(sessionRecord?.scoreComponents);
         this.logger.info(() => ({
           data: {
-            tscoreComponents: tokenRecord?.scoreComponents,
+            scoreComponents: sessionRecord?.scoreComponents,
             score
           }
         }));
+        if (disallowWebView === true && (sessionRecord.scoreComponents.webView || 0) > 0) {
+          this.logger.info(() => ({
+            msg: "Disallowing webview access - user not verified"
+          }));
+          return { status: "API.USER_NOT_VERIFIED", verified: false };
+        }
+        if (contextAwareEnabled && sessionRecord.reason === FrictionlessReason.CONTEXT_AWARE_VALIDATION_FAILED) {
+          this.logger.info(() => ({
+            msg: "Context aware validation failed"
+          }));
+        }
       }
     }
     return {

package/dist/tasks/powCaptcha/powTasks.js

@@ -9,8 +9,8 @@ import { computeFrictionlessScore } from "../frictionless/frictionlessTasksUtils
 import { checkPowSignature, validateSolution } from "./powTasksUtils.js";
 const DEFAULT_POW_DIFFICULTY = 4;
 class PowCaptchaManager extends CaptchaManager {
-  constructor(db, pair, logger) {
-    super(db, pair, logger);
+  constructor(db, pair, config, logger) {
+    super(db, pair, config, logger);
     this.POW_SEPARATOR = POW_SEPARATOR;
   }
   /**
@@ -177,15 +177,15 @@ class PowCaptchaManager extends CaptchaManager {
       }
     }
     let score;
-    if (challengeRecord.frictionlessTokenId) {
-      const tokenRecord = await this.db.getFrictionlessTokenRecordByTokenId(
-        challengeRecord.frictionlessTokenId
+    if (challengeRecord.sessionId) {
+      const sessionRecord = await this.db.getSessionRecordBySessionId(
+        challengeRecord.sessionId
       );
-      if (tokenRecord) {
-        score = computeFrictionlessScore(tokenRecord?.scoreComponents);
+      if (sessionRecord) {
+        score = computeFrictionlessScore(sessionRecord?.scoreComponents);
         this.logger.info(() => ({
           data: {
-            tscoreComponents: { ...tokenRecord?.scoreComponents || {} },
+            scoreComponents: { ...sessionRecord?.scoreComponents || {} },
             score
           }
         }));

package/dist/tasks/tasks.js

@@ -19,6 +19,7 @@ class Tasks {
     this.powCaptchaManager = new PowCaptchaManager(
       this.db,
       this.pair,
+      this.config,
       this.logger
     );
     this.datasetManager = new DatasetManager(

package/dist/util.js

@@ -32,7 +32,7 @@ async function checkIfTaskIsRunning(taskName, db) {
     ScheduledTaskStatus.Running
   );
   const twoMinutesAgo = (/* @__PURE__ */ new Date()).getTime() - 1e3 * 60 * 2;
-  if (runningTask && runningTask.datetime > twoMinutesAgo) {
+  if (runningTask && runningTask.datetime.getTime() > twoMinutesAgo) {
     const completedTask = await db.getScheduledTaskStatus(
       runningTask._id,
       ScheduledTaskStatus.Completed
@@ -229,6 +229,19 @@ const deepValidateIpAddress = async (ip, challengeIpAddress, logger, apiKey, api
     if (standardValidation.errorMessage?.includes("Invalid IP address")) {
       return standardValidation;
     }
+    if (ipValidationRules?.forceConsistentIp === true) {
+      logger.info(() => ({
+        msg: "IP validation failed - forceConsistentIp is true",
+        data: {
+          challengeIp: challengeIpAddress.address,
+          providedIp: ip
+        }
+      }));
+      return {
+        isValid: false,
+        errorMessage: standardValidation.errorMessage
+      };
+    }
   } else {
     return { isValid: true };
   }

package/dist/utils/hashUserIp.js

@@ -0,0 +1,9 @@
+import { createHash } from "node:crypto";
+function hashUserIp(user, ip, sitekey) {
+  const hash = createHash("sha256");
+  hash.update(`${user}:${ip}:${sitekey}`, "utf8");
+  return hash.digest("hex");
+}
+export {
+  hashUserIp
+};

package/package.json

@@ -1,12 +1,12 @@
 {
 	"name": "@prosopo/provider",
-	"version": "3.12.3",
+	"version": "3.13.0",
 	"author": "PROSOPO LIMITED <info@prosopo.io>",
 	"license": "Apache-2.0",
 	"type": "module",
 	"engines": {
-		"node": "20",
-		"npm": "10.8.2"
+		"node": ">=v20.0.0",
+		"npm": ">=10.6.0"
 	},
 	"scripts": {
 		"clean": "del-cli --verbose dist tsconfig.tsbuildinfo",
@@ -21,30 +21,29 @@
 	},
 	"dependencies": {
 		"@noble/hashes": "1.8.0",
-		"@polkadot/util": "12.6.2",
-		"@prosopo/api": "3.1.24",
-		"@prosopo/api-express-router": "3.0.25",
-		"@prosopo/api-route": "2.6.28",
-		"@prosopo/common": "3.1.20",
-		"@prosopo/config": "3.1.20",
-		"@prosopo/database": "3.4.5",
-		"@prosopo/datasets": "3.0.34",
-		"@prosopo/env": "3.2.13",
-		"@prosopo/keyring": "2.8.27",
-		"@prosopo/load-balancer": "2.8.0",
-		"@prosopo/locale": "3.1.20",
-		"@prosopo/types": "3.5.3",
-		"@prosopo/types-database": "3.3.5",
-		"@prosopo/types-env": "2.7.38",
-		"@prosopo/user-access-policy": "3.5.19",
-		"@prosopo/util": "3.1.5",
-		"@prosopo/util-crypto": "13.5.22",
+		"@polkadot/util": "13.5.7",
+		"@prosopo/api": "3.1.33",
+		"@prosopo/api-express-router": "3.0.34",
+		"@prosopo/api-route": "2.6.30",
+		"@prosopo/common": "3.1.22",
+		"@prosopo/config": "3.1.22",
+		"@prosopo/database": "3.5.0",
+		"@prosopo/datasets": "3.0.43",
+		"@prosopo/env": "3.2.22",
+		"@prosopo/keyring": "2.8.36",
+		"@prosopo/load-balancer": "2.8.9",
+		"@prosopo/locale": "3.1.22",
+		"@prosopo/types": "3.6.0",
+		"@prosopo/types-database": "4.0.0",
+		"@prosopo/types-env": "2.7.47",
+		"@prosopo/user-access-policy": "3.5.28",
+		"@prosopo/util": "3.2.0",
+		"@prosopo/util-crypto": "13.5.24",
 		"cron": "3.1.7",
 		"express": "4.21.2",
 		"geolib": "3.3.4",
 		"i18next": "24.1.0",
 		"ip-address": "10.0.1",
-		"mongodb": "6.15.0",
 		"mongoose": "8.13.0",
 		"read-tls-client-hello": "1.1.0",
 		"uuid": "11.1.0",
@@ -53,7 +52,7 @@
 	"devDependencies": {
 		"@types/node": "22.5.5",
 		"@types/uuid": "10.0.0",
-		"@vitest/coverage-v8": "3.0.9",
+		"@vitest/coverage-v8": "3.2.4",
 		"concurrently": "9.0.1",
 		"del-cli": "6.0.0",
 		"dotenv": "16.4.5",
@@ -61,8 +60,8 @@
 		"tslib": "2.7.0",
 		"tsx": "4.20.3",
 		"typescript": "5.6.2",
-		"vite": "6.3.5",
-		"vitest": "3.0.9"
+		"vite": "6.4.1",
+		"vitest": "3.2.4"
 	},
 	"repository": {
 		"type": "git",