npm - @quantiya/codevibe-claude-plugin - Versions diffs - 1.0.37 → 1.0.39 - Mend

@quantiya/codevibe-claude-plugin 1.0.37 → 1.0.39

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (255) hide show

package/node_modules/@quantiya/codevibe-core/dist/keychain/keychain-manager.d.ts CHANGED Viewed

@@ -91,14 +91,28 @@ export declare class KeychainManager {
      */
     getSessionKey(sessionId: string, encryptedKeys?: EncryptedSessionKey[]): Promise<string | null>;
     /**
-     * Generate and encrypt a new session key for all devices
+     * Generate and encrypt a new session key for all devices.
+     *
+     * Per-device try/catch (task #331 Bug B): one bad publicKey (corrupted
+     * base64, wrong curve, ECDH derive failure) does NOT abort the whole
+     * call — that device is skipped and reported in `skippedDeviceIds`. The
+     * caller decides what to do (telemetry, partial-success UX). Throw only
+     * if NO device succeeded, preserving the existing "no encryption"
+     * fallback at `prepareSessionEncryption`.
+     *
+     * Optional `onDeviceSkipped` callback fires per-skip for telemetry —
+     * intentionally a callback rather than a direct beacon import so this
+     * module stays free of analytics dependencies.
      */
     createSessionKey(devicePublicKeys: Array<{
         deviceId: string;
         publicKey: string;
-    }>): {
+    }>, options?: {
+        onDeviceSkipped?: (totalSkippedSoFar: number) => void;
+    }): {
         sessionKey: string;
         encryptedKeys: EncryptedSessionKey[];
+        skippedDeviceIds: string[];
     };
     /**
      * Cache a session key

package/node_modules/@quantiya/codevibe-core/dist/session/session-rekey.d.ts CHANGED Viewed

@@ -36,3 +36,43 @@ export interface RekeyOptions {
  * @returns The number of new grants that succeeded.
  */
 export declare function rekeySessionForNewDevices(sessionId: string, sessionKey: string, appSyncClient: AppSyncClient, options?: RekeyOptions): Promise<number>;
+/**
+ * Options for {@link awaitOwnSessionKeyGrant}.
+ */
+export interface AwaitOwnGrantOptions {
+    /** Poll interval in ms. Default 5000. */
+    pollIntervalMs?: number;
+    /** Max poll attempts. Default 6 (30s total at 5s intervals). */
+    maxAttempts?: number;
+    /** Authenticated AppSyncClient. */
+    appSyncClient: AppSyncClient;
+    /** Fired on successful decrypt. Telemetry-only — never thrown. */
+    onSuccess?: (attemptCount: number) => void;
+    /** Fired after maxAttempts exhausted. Telemetry-only — never thrown. */
+    onTimeout?: (attemptCount: number) => void;
+}
+/**
+ * Wait for this device's deviceId to appear in `session.encryptedKeys`.
+ *
+ * Triggered when {@link keychainManager.getSessionKey} returned null on
+ * resume AND at least one other device IS in encryptedKeys (so some other
+ * device can mint a grant for us via grantSessionKey). Caller must have
+ * already invoked {@link registerDeviceEncryptionKey} BEFORE this helper —
+ * that's what causes mobile's DeviceKeyWatcher subscription to fire and
+ * grant the session key to our (possibly rotated) pubKey.
+ *
+ * This helper deliberately bypasses {@link keychainManager.getSessionKey}
+ * (which has a cache short-circuit) and instead:
+ *   1. Calls {@link AppSyncClient.getSession} each poll for fresh
+ *      `encryptedKeys`.
+ *   2. Looks for our `deviceId` in the fresh list.
+ *   3. If found, calls {@link cryptoService.decryptSessionKey} directly.
+ *   4. On success, populates the keychain cache (so subsequent
+ *      `getSessionKey` calls hit the cache). The cache is NEVER populated
+ *      on failure — there's no null sentinel.
+ *
+ * Returns the decrypted session key on success, or `null` after timeout.
+ * Errors are swallowed inside the loop (best-effort polling); telemetry
+ * surfaces success vs timeout via the optional callbacks.
+ */
+export declare function awaitOwnSessionKeyGrant(sessionId: string, options: AwaitOwnGrantOptions): Promise<string | null>;

package/node_modules/@quantiya/codevibe-core/dist/session/session-resume.d.ts CHANGED Viewed

@@ -36,6 +36,7 @@ export interface ResumeOrCreateSessionResult {
 export declare function prepareSessionEncryption(sessionId: string, appSyncClient: AppSyncClient, logger: Logger): Promise<{
     sessionKey: string;
     encryptedKeys: EncryptedSessionKey[];
+    skippedDeviceIds: string[];
 } | null>;
 /**
  * Resume an existing session or create a new one.

package/node_modules/@quantiya/codevibe-core/dist/types/index.d.ts CHANGED Viewed

@@ -2,5 +2,3 @@ export * from './events';
 export * from './session';
 export * from './encryption';
 export * from './auth';
-export * from './reviewer';
-export * from './orchestration';

package/node_modules/@quantiya/codevibe-core/dist/types/session.d.ts CHANGED Viewed

@@ -32,12 +32,6 @@ export interface Session {
     creatorDeviceId?: string;
     encryptionVersion?: number;
     lastHeartbeatAt?: string;
-    /**
-     * Quorum 2.0 opt-in flag (2f.0.a.3). True routes the session to the
-     * 2.0 orchestration flow once 2f.3 Lambda is live; null/false keeps
-     * the 1.0 companion flow.
-     */
-    orchestrationEnabled?: boolean | null;
 }
 /**
  * GraphQL input for creating sessions
@@ -53,11 +47,6 @@ export interface CreateSessionInput {
     creatorDeviceId?: string;
     isEncrypted?: boolean;
     encryptionVersion?: number;
-    /**
-     * Quorum 2.0 (2f.0.a.3). Null/absent = server reads
-     * User.orchestrationEnabledDefault (option 6a auto-populate).
-     */
-    orchestrationEnabled?: boolean;
 }
 /**
  * GraphQL input for updating sessions
@@ -67,9 +56,4 @@ export interface UpdateSessionInput {
     status?: SessionStatus;
     metadata?: Record<string, any>;
     lastHeartbeatAt?: string;
-    /**
-     * Quorum 2.0 (2f.0.a.3). Per-session override for the orchestration
-     * opt-in. Plugin CLI --orchestration/--no-orchestration sets this.
-     */
-    orchestrationEnabled?: boolean;
 }

package/node_modules/@quantiya/codevibe-core/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@quantiya/codevibe-core",
-  "version": "1.0.21",
+  "version": "1.0.23",
   "description": "Core library for CodeVibe plugins - shared keychain, crypto, AppSync, and auth functionality",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/node_modules/body-parser/README.md CHANGED Viewed

@@ -17,18 +17,18 @@ before trusting. For example, `req.body.foo.toString()` may fail in multiple
 ways, for example the `foo` property may not be there or may not be a string,
 and `toString` may not be a function and instead a string or other user input.
-[Learn about the anatomy of an HTTP transaction in Node.js](https://nodejs.org/en/docs/guides/anatomy-of-an-http-transaction/).
+[Learn about the anatomy of an HTTP transaction in Node.js](https://nodejs.org/en/learn/http/anatomy-of-an-http-transaction).
 _This does not handle multipart bodies_, due to their complex and typically
 large nature. For multipart bodies, you may be interested in the following
 modules:
-  * [busboy](https://www.npmjs.org/package/busboy#readme) and
-    [connect-busboy](https://www.npmjs.org/package/connect-busboy#readme)
-  * [multiparty](https://www.npmjs.org/package/multiparty#readme) and
-    [connect-multiparty](https://www.npmjs.org/package/connect-multiparty#readme)
-  * [formidable](https://www.npmjs.org/package/formidable#readme)
-  * [multer](https://www.npmjs.org/package/multer#readme)
+  * [busboy](https://www.npmjs.com/package/busboy#readme) and
+    [connect-busboy](https://www.npmjs.com/package/connect-busboy#readme)
+  * [multiparty](https://www.npmjs.com/package/multiparty#readme) and
+    [connect-multiparty](https://www.npmjs.com/package/connect-multiparty#readme)
+  * [formidable](https://www.npmjs.com/package/formidable#readme)
+  * [multer](https://www.npmjs.com/package/multer#readme)
 This module provides the following parsers:
@@ -39,8 +39,8 @@ This module provides the following parsers:
 Other body parsers you might be interested in:
-- [body](https://www.npmjs.org/package/body#readme)
-- [co-body](https://www.npmjs.org/package/co-body#readme)
+- [body](https://www.npmjs.com/package/body#readme)
+- [co-body](https://www.npmjs.com/package/co-body#readme)
 ## Installation
@@ -109,7 +109,7 @@ accept anything `JSON.parse` accepts. Defaults to `true`.
 The `type` option is used to determine what media type the middleware will
 parse. This option can be a string, array of strings, or a function. If not a
 function, `type` option is passed directly to the
-[type-is](https://www.npmjs.org/package/type-is#readme) library and this can
+[type-is](https://www.npmjs.com/package/type-is#readme) library and this can
 be an extension name (like `json`), a mime type (like `application/json`), or
 a mime type with a wildcard (like `*/*` or `*/json`). If a function, the `type`
 option is called as `fn(req)` and the request is parsed if it returns a truthy
@@ -154,7 +154,7 @@ to `'100kb'`.
 The `type` option is used to determine what media type the middleware will
 parse. This option can be a string, array of strings, or a function.
 If not a function, `type` option is passed directly to the
-[type-is](https://www.npmjs.org/package/type-is#readme) library and this
+[type-is](https://www.npmjs.com/package/type-is#readme) library and this
 can be an extension name (like `bin`), a mime type (like
 `application/octet-stream`), or a mime type with a wildcard (like `*/*` or
 `application/*`). If a function, the `type` option is called as `fn(req)`
@@ -205,7 +205,7 @@ to `'100kb'`.
 The `type` option is used to determine what media type the middleware will
 parse. This option can be a string, array of strings, or a function. If not
 a function, `type` option is passed directly to the
-[type-is](https://www.npmjs.org/package/type-is#readme) library and this can
+[type-is](https://www.npmjs.com/package/type-is#readme) library and this can
 be an extension name (like `txt`), a mime type (like `text/plain`), or a mime
 type with a wildcard (like `*/*` or `text/*`). If a function, the `type`
 option is called as `fn(req)` and the request is parsed if it returns a
@@ -221,8 +221,8 @@ encoding of the request. The parsing can be aborted by throwing an error.
 Returns middleware that only parses `urlencoded` bodies and only looks at
 requests where the `Content-Type` header matches the `type` option. This
-parser accepts only UTF-8 encoding of the body and supports automatic
-inflation of `gzip`, `br` (brotli) and `deflate` encodings.
+parser accepts only UTF-8 and ISO-8859-1 encodings of the body and supports
+automatic inflation of `gzip`, `br` (brotli) and `deflate` encodings.
 A new `body` object containing the parsed data is populated on the `request`
 object after the middleware (i.e. `req.body`). This object will contain
@@ -239,7 +239,7 @@ any of the following keys:
 The "extended" syntax allows for rich objects and arrays to be encoded into the
 URL-encoded format, allowing for a JSON-like experience with URL-encoded. For
 more information, please [see the qs
-library](https://www.npmjs.org/package/qs#readme).
+library](https://www.npmjs.com/package/qs#readme).
 Defaults to `false`.
@@ -266,7 +266,7 @@ than this value, a 413 will be returned to the client. Defaults to `1000`.
 The `type` option is used to determine what media type the middleware will
 parse. This option can be a string, array of strings, or a function. If not
 a function, `type` option is passed directly to the
-[type-is](https://www.npmjs.org/package/type-is#readme) library and this can
+[type-is](https://www.npmjs.com/package/type-is#readme) library and this can
 be an extension name (like `urlencoded`), a mime type (like
 `application/x-www-form-urlencoded`), or a mime type with a wildcard (like
 `*/x-www-form-urlencoded`). If a function, the `type` option is called as
@@ -488,7 +488,7 @@ app.use(bodyParser.text({ type: 'text/html' }))
 [coveralls-image]: https://img.shields.io/coverallsCoverage/github/expressjs/body-parser?branch=master
 [coveralls-url]: https://coveralls.io/r/expressjs/body-parser?branch=master
 [npm-downloads-image]: https://img.shields.io/npm/dm/body-parser
-[npm-url]: https://npmjs.org/package/body-parser
+[npm-url]: https://npmjs.com/package/body-parser
 [npm-version-image]: https://img.shields.io/npm/v/body-parser
 [ossf-scorecard-badge]: https://api.scorecard.dev/projects/github.com/expressjs/body-parser/badge
-[ossf-scorecard-visualizer]: https://ossf.github.io/scorecard-visualizer/#/projects/github.com/expressjs/body-parser
+[ossf-scorecard-visualizer]: https://ossf.github.io/scorecard-visualizer/#/projects/github.com/expressjs/body-parser

package/node_modules/body-parser/index.js CHANGED Viewed

@@ -7,26 +7,23 @@
 'use strict'
 /**
- * @typedef Parsers
- * @type {function}
- * @property {function} json
- * @property {function} raw
- * @property {function} text
- * @property {function} urlencoded
+ * @typedef {Object} Parsers
+ * @property {Function} json JSON parser
+ * @property {Function} raw Raw parser
+ * @property {Function} text Text parser
+ * @property {Function} urlencoded URL-encoded parser
  */
 /**
  * Module exports.
- * @type {Parsers}
+ * @type {Function & Parsers}
  */
 exports = module.exports = bodyParser
 /**
  * JSON parser.
  * @public
  */
 Object.defineProperty(exports, 'json', {
   configurable: true,
   enumerable: true,
@@ -37,7 +34,6 @@ Object.defineProperty(exports, 'json', {
  * Raw parser.
  * @public
  */
 Object.defineProperty(exports, 'raw', {
   configurable: true,
   enumerable: true,
@@ -48,7 +44,6 @@ Object.defineProperty(exports, 'raw', {
  * Text parser.
  * @public
  */
 Object.defineProperty(exports, 'text', {
   configurable: true,
   enumerable: true,
@@ -59,7 +54,6 @@ Object.defineProperty(exports, 'text', {
  * URL-encoded parser.
  * @public
  */
 Object.defineProperty(exports, 'urlencoded', {
   configurable: true,
   enumerable: true,
@@ -69,12 +63,9 @@ Object.defineProperty(exports, 'urlencoded', {
 /**
  * Create a middleware to parse json and urlencoded bodies.
  *
- * @param {object} [options]
- * @return {function}
  * @deprecated
  * @public
  */
 function bodyParser () {
   throw new Error('The bodyParser() generic has been split into individual middleware to use instead.')
 }

package/node_modules/body-parser/lib/read.js CHANGED Viewed

@@ -28,15 +28,14 @@ module.exports = read
 /**
  * Read a request into a buffer and parse.
  *
- * @param {object} req
- * @param {object} res
- * @param {function} next
- * @param {function} parse
- * @param {function} debug
- * @param {object} options
+ * @param {Object} req
+ * @param {Object} res
+ * @param {Function} next
+ * @param {Function} parse
+ * @param {Function} debug
+ * @param {Object} options
  * @private
  */
 function read (req, res, next, parse, debug, options) {
   if (onFinished.isFinished(req)) {
     debug('body already parsed')
@@ -176,13 +175,12 @@ function read (req, res, next, parse, debug, options) {
 /**
  * Get the content stream of the request.
  *
- * @param {object} req
- * @param {function} debug
- * @param {boolean} [inflate=true]
- * @return {object}
- * @api private
+ * @param {Object} req
+ * @param {Function} debug
+ * @param {boolean} inflate
+ * @returns {Object}
+ * @private
  */
 function contentstream (req, debug, inflate) {
   var encoding = (req.headers['content-encoding'] || 'identity').toLowerCase()
   var length = req.headers['content-length']
@@ -209,9 +207,9 @@ function contentstream (req, debug, inflate) {
 /**
  * Create a decompression stream for the given encoding.
  * @param {string} encoding
- * @param {function} debug
- * @return {object}
- * @api private
+ * @param {Function} debug
+ * @returns {Object}
+ * @private
  */
 function createDecompressionStream (encoding, debug) {
   switch (encoding) {
@@ -235,11 +233,10 @@ function createDecompressionStream (encoding, debug) {
 /**
  * Dump the contents of a request.
  *
- * @param {object} req
- * @param {function} callback
- * @api private
+ * @param {Object} req
+ * @param {Function} callback
+ * @private
  */
 function dump (req, callback) {
   if (onFinished.isFinished(req)) {
     callback(null)

package/node_modules/body-parser/lib/types/json.js CHANGED Viewed

@@ -33,7 +33,6 @@ module.exports = json
  *            %x0A /              ; Line feed or New line
  *            %x0D )              ; Carriage return
  */
 var FIRST_CHAR_REGEXP = /^[\x20\x09\x0a\x0d]*([^\x20\x09\x0a\x0d])/ // eslint-disable-line no-control-regex
 var JSON_SYNTAX_CHAR = '#'
@@ -42,11 +41,10 @@ var JSON_SYNTAX_REGEXP = /#+/g
 /**
  * Create a middleware to parse JSON bodies.
  *
- * @param {object} [options]
- * @return {function}
+ * @param {Object} [options]
+ * @returns {Function}
  * @public
  */
 function json (options) {
   const normalizedOptions = normalizeOptions(options, 'application/json')
@@ -96,20 +94,15 @@ function json (options) {
  *
  * @param {string} str
  * @param {string} char
- * @return {Error}
+ * @returns {Error}
  * @private
  */
 function createStrictSyntaxError (str, char) {
   var index = str.indexOf(char)
   var partial = ''
   if (index !== -1) {
-    partial = str.substring(0, index) + JSON_SYNTAX_CHAR
-    for (var i = index + 1; i < str.length; i++) {
-      partial += JSON_SYNTAX_CHAR
-    }
+    partial = str.substring(0, index) + JSON_SYNTAX_CHAR.repeat(str.length - index)
   }
   try {
@@ -128,10 +121,9 @@ function createStrictSyntaxError (str, char) {
  * Get the first non-whitespace character in a string.
  *
  * @param {string} str
- * @return {function}
+ * @returns {string|undefined}
  * @private
  */
 function firstchar (str) {
   var match = FIRST_CHAR_REGEXP.exec(str)
@@ -144,10 +136,10 @@ function firstchar (str) {
  * Normalize a SyntaxError for JSON.parse.
  *
  * @param {SyntaxError} error
- * @param {object} obj
- * @return {SyntaxError}
+ * @param {Object} obj
+ * @returns {SyntaxError}
+ * @private
  */
 function normalizeJsonSyntaxError (error, obj) {
   var keys = Object.getOwnPropertyNames(error)

package/node_modules/body-parser/lib/types/raw.js CHANGED Viewed

@@ -23,11 +23,10 @@ module.exports = raw
 /**
  * Create a middleware to parse raw bodies.
  *
- * @param {object} [options]
- * @return {function}
- * @api public
+ * @param {Object} [options]
+ * @returns {Function}
+ * @public
  */
 function raw (options) {
   const normalizedOptions = normalizeOptions(options, 'application/octet-stream')

package/node_modules/body-parser/lib/types/text.js CHANGED Viewed

@@ -23,11 +23,10 @@ module.exports = text
 /**
  * Create a middleware to parse text bodies.
  *
- * @param {object} [options]
- * @return {function}
- * @api public
+ * @param {Object} [options]
+ * @returns {Function}
+ * @public
  */
 function text (options) {
   const normalizedOptions = normalizeOptions(options, 'text/plain')

package/node_modules/body-parser/lib/types/urlencoded.js CHANGED Viewed

@@ -27,11 +27,10 @@ module.exports = urlencoded
 /**
  * Create a middleware to parse urlencoded bodies.
  *
- * @param {object} [options]
- * @return {function}
+ * @param {Object} [options]
+ * @returns {Function}
  * @public
  */
 function urlencoded (options) {
   const normalizedOptions = normalizeOptions(options, 'application/x-www-form-urlencoded')
@@ -62,9 +61,10 @@ function urlencoded (options) {
 /**
  * Get the extended query parser.
  *
- * @param {object} options
+ * @param {Object} options
+ * @returns {Function}
+ * @private
  */
 function createQueryParser (options) {
   var extended = Boolean(options?.extended)
   var parameterLimit = options?.parameterLimit !== undefined
@@ -96,7 +96,7 @@ function createQueryParser (options) {
       })
     }
-    var arrayLimit = extended ? Math.max(100, paramCount) : 0
+    var arrayLimit = extended ? Math.max(100, paramCount) : paramCount
     debug('parse ' + (extended ? 'extended ' : '') + 'urlencoding')
     try {
@@ -127,8 +127,8 @@ function createQueryParser (options) {
  *
  * @param {string} body
  * @param {number} limit
- * @return {number|undefined} Returns undefined if limit exceeded
- * @api private
+ * @returns {number|undefined} Returns undefined if limit exceeded
+ * @private
  */
 function parameterCount (body, limit) {
   let count = 0

package/node_modules/body-parser/lib/utils.js CHANGED Viewed

@@ -20,10 +20,10 @@ module.exports = {
 /**
  * Get the charset of a request.
  *
- * @param {object} req
- * @api private
+ * @param {Object} req
+ * @returns {string | undefined}
+ * @private
  */
 function getCharset (req) {
   try {
     return (contentType.parse(req).parameters.charset || '').toLowerCase()
@@ -36,9 +36,9 @@ function getCharset (req) {
  * Get the simple type checker.
  *
  * @param {string | string[]} type
- * @return {function}
+ * @returns {Function}
+ * @private
  */
 function typeChecker (type) {
   return function checkType (req) {
     return Boolean(typeis(req, type))
@@ -48,9 +48,10 @@ function typeChecker (type) {
 /**
  * Normalizes the common options for all parsers.
  *
- * @param {object} options options to normalize
- * @param {string | string[] | function} defaultType default content type(s) or a function to determine it
- * @returns {object}
+ * @param {Object} options options to normalize
+ * @param {string | string[] | Function} defaultType default content type(s) or a function to determine it
+ * @returns {Object}
+ * @private
  */
 function normalizeOptions (options, defaultType) {
   if (!defaultType) {
@@ -89,7 +90,8 @@ function normalizeOptions (options, defaultType) {
  * Used by parsers that don't need to transform the data.
  *
  * @param {*} value
- * @return {*}
+ * @returns {*}
+ * @private
  */
 function passthrough (value) {
   return value

package/node_modules/body-parser/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "body-parser",
   "description": "Node.js body parsing middleware",
-  "version": "2.2.1",
+  "version": "2.2.2",
   "contributors": [
     "Douglas Christopher Wilson <doug@somethingdoug.com>",
     "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)"
@@ -19,7 +19,7 @@
     "http-errors": "^2.0.0",
     "iconv-lite": "^0.7.0",
     "on-finished": "^2.4.1",
-    "qs": "^6.14.0",
+    "qs": "^6.14.1",
     "raw-body": "^3.0.1",
     "type-is": "^2.0.1"
   },

package/node_modules/content-disposition/README.md CHANGED Viewed

@@ -87,7 +87,6 @@ are shown for the string `'attachment; filename="EURO rates.txt"; filename*=UTF-
 ```js
 const contentDisposition = require('content-disposition')
-const destroy = require('destroy')
 const fs = require('fs')
 const http = require('http')
 const onFinished = require('on-finished')
@@ -103,7 +102,7 @@ http.createServer(function onRequest (req, res) {
   const stream = fs.createReadStream(filePath)
   stream.pipe(res)
   onFinished(res, function () {
-    destroy(stream)
+    stream.destroy()
   })
 })
 ```
@@ -121,9 +120,9 @@ $ npm test
 - [RFC 6266: Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)][rfc-6266]
 - [Test Cases for HTTP Content-Disposition header field (RFC 6266) and the Encodings defined in RFCs 2047, 2231 and 5987][tc-2231]
-[rfc-2616]: https://tools.ietf.org/html/rfc2616
-[rfc-5987]: https://tools.ietf.org/html/rfc5987
-[rfc-6266]: https://tools.ietf.org/html/rfc6266
+[rfc-2616]: https://datatracker.ietf.org/doc/html/rfc2616
+[rfc-5987]: https://datatracker.ietf.org/doc/html/rfc5987
+[rfc-6266]: https://datatracker.ietf.org/doc/html/rfc6266
 [tc-2231]: http://greenbytes.de/tech/tc2231/
 ## License
@@ -131,12 +130,12 @@ $ npm test
 [MIT](LICENSE)
 [npm-image]: https://img.shields.io/npm/v/content-disposition
-[npm-url]: https://npmjs.org/package/content-disposition
+[npm-url]: https://www.npmjs.com/package/content-disposition
 [node-version-image]: https://img.shields.io/node/v/content-disposition
 [node-version-url]: https://nodejs.org/en/download
 [coveralls-image]: https://img.shields.io/coverallsCoverage/github/jshttp/content-disposition
-[coveralls-url]: https://coveralls.io/r/jshttp/content-disposition?branch=master
+[coveralls-url]: https://coveralls.io/github/jshttp/content-disposition?branch=master
 [downloads-image]: https://img.shields.io/npm/dm/content-disposition
-[downloads-url]: https://npmjs.org/package/content-disposition
+[downloads-url]: https://www.npmjs.com/package/content-disposition
 [github-actions-ci-image]: https://img.shields.io/github/actions/workflow/status/jshttp/content-disposition/ci.yml
 [github-actions-ci-url]: https://github.com/jshttp/content-disposition/actions/workflows/ci.yml