@rankcli/agent-runtime 0.0.8 → 0.0.11

package/dist/chunk-4E4MQOSP.mjs

@@ -0,0 +1,374 @@
+// src/analyzers/core-web-vitals-analyzer.ts
+import * as cheerio from "cheerio";
+function analyzeLCP(html, $) {
+  const issues = [];
+  const recommendations = [];
+  let score = 100;
+  const heroImages = $("img").filter((_, el) => {
+    const parent = $(el).parent();
+    const isHero = parent.is('header, .hero, [class*="hero"], [class*="banner"], section:first-of-type');
+    const isLarge = parseInt($(el).attr("width") || "0") > 400 || ($(el).attr("class")?.includes("full") ?? false);
+    return isHero || isLarge;
+  });
+  heroImages.each((_, img) => {
+    const $img = $(img);
+    const src = $img.attr("src") || "";
+    if ($img.attr("loading") === "lazy") {
+      issues.push('Hero/LCP image has loading="lazy" - delays rendering');
+      score -= 20;
+    }
+    const preloads = $('link[rel="preload"][as="image"]');
+    const isPreloaded = preloads.toArray().some(
+      (p) => $(p).attr("href")?.includes(src.split("/").pop() || "")
+    );
+    if (!isPreloaded && src) {
+      issues.push("Hero image not preloaded");
+      recommendations.push(`Add: <link rel="preload" as="image" href="${src}">`);
+      score -= 15;
+    }
+    if (!$img.attr("width") || !$img.attr("height")) {
+      issues.push("Hero image missing width/height attributes");
+      score -= 10;
+    }
+    const format = src.split(".").pop()?.toLowerCase();
+    if (format && !["webp", "avif"].includes(format)) {
+      recommendations.push("Consider using WebP or AVIF format for hero image");
+      score -= 5;
+    }
+  });
+  const blockingCSS = $('link[rel="stylesheet"]').filter((_, el) => {
+    const media = $(el).attr("media");
+    return !media || media === "all" || media === "screen";
+  });
+  if (blockingCSS.length > 3) {
+    issues.push(`${blockingCSS.length} render-blocking stylesheets`);
+    recommendations.push("Inline critical CSS and defer non-critical stylesheets");
+    score -= 15;
+  }
+  const blockingScripts = $('head script:not([async]):not([defer]):not([type="module"])').filter((_, el) => {
+    return $(el).attr("src") !== void 0;
+  });
+  if (blockingScripts.length > 0) {
+    issues.push(`${blockingScripts.length} render-blocking scripts in <head>`);
+    recommendations.push("Add async or defer attribute to scripts");
+    score -= 20;
+  }
+  const fontLinks = $('link[rel="preload"][as="font"], link[href*="fonts.googleapis.com"], link[href*="fonts.gstatic.com"]');
+  const fontPreconnects = $('link[rel="preconnect"][href*="fonts"]');
+  if (fontLinks.length > 0 && fontPreconnects.length === 0) {
+    issues.push("Web fonts without preconnect");
+    recommendations.push('Add <link rel="preconnect" href="https://fonts.googleapis.com">');
+    score -= 10;
+  }
+  const inlineStyles = $("style").text();
+  if (inlineStyles.length > 5e4) {
+    issues.push("Very large inline CSS (>50KB)");
+    score -= 10;
+  }
+  let estimate = "unknown";
+  if (score >= 80) estimate = "good";
+  else if (score >= 50) estimate = "needs-improvement";
+  else estimate = "poor";
+  return { estimate, issues, recommendations };
+}
+function analyzeFID_INP(html, $) {
+  const issues = [];
+  const recommendations = [];
+  let score = 100;
+  let totalJSIndicators = 0;
+  $("script[src]").each((_, el) => {
+    const src = $(el).attr("src") || "";
+    if (src.includes("bundle") || src.includes("vendor") || src.includes("chunk")) {
+      totalJSIndicators++;
+    }
+  });
+  if (totalJSIndicators > 5) {
+    issues.push("Many JavaScript bundle files detected");
+    recommendations.push("Consider code splitting and lazy loading");
+    score -= 15;
+  }
+  const hasHeavyFramework = html.includes("angular") || html.includes("__NUXT__") || html.includes("react") && !html.includes("preact");
+  const inlineScriptContent = $("script:not([src])").text();
+  if (inlineScriptContent.length > 1e4) {
+    issues.push("Large inline JavaScript (>10KB)");
+    recommendations.push("Move large scripts to external files with async/defer");
+    score -= 15;
+  }
+  const inlineHandlers = $("[onclick], [onchange], [onsubmit], [onload], [onerror]");
+  if (inlineHandlers.length > 10) {
+    issues.push(`${inlineHandlers.length} inline event handlers`);
+    recommendations.push("Use addEventListener instead of inline handlers");
+    score -= 10;
+  }
+  const thirdPartyScripts = $("script[src]").filter((_, el) => {
+    const src = $(el).attr("src") || "";
+    return src.includes("//") && !src.includes("localhost");
+  });
+  const heavyThirdParties = ["analytics", "facebook", "twitter", "linkedin", "hotjar", "intercom", "drift", "hubspot"];
+  let heavyScriptCount = 0;
+  thirdPartyScripts.each((_, el) => {
+    const src = $(el).attr("src") || "";
+    if (heavyThirdParties.some((tp) => src.toLowerCase().includes(tp))) {
+      heavyScriptCount++;
+    }
+  });
+  if (heavyScriptCount > 3) {
+    issues.push(`${heavyScriptCount} heavy third-party scripts`);
+    recommendations.push("Lazy load third-party scripts after page interaction");
+    score -= 20;
+  }
+  if (html.includes("XMLHttpRequest") && !html.includes("async")) {
+    issues.push("Potential synchronous XHR detected");
+    score -= 10;
+  }
+  let estimate = "unknown";
+  if (score >= 80) estimate = "good";
+  else if (score >= 50) estimate = "needs-improvement";
+  else estimate = "poor";
+  return {
+    fidEstimate: estimate,
+    inpEstimate: estimate,
+    // Similar factors affect both
+    issues,
+    recommendations
+  };
+}
+function analyzeCLS(html, $) {
+  const issues = [];
+  const recommendations = [];
+  let score = 100;
+  const imagesWithoutDimensions = $("img").filter((_, el) => {
+    const width = $(el).attr("width");
+    const height = $(el).attr("height");
+    const style = $(el).attr("style") || "";
+    const hasStyleDimensions = style.includes("width") && style.includes("height");
+    return !width || !height || !hasStyleDimensions && width === "auto";
+  });
+  if (imagesWithoutDimensions.length > 0) {
+    issues.push(`${imagesWithoutDimensions.length} images without width/height`);
+    recommendations.push("Add explicit width and height attributes to all images");
+    score -= Math.min(imagesWithoutDimensions.length * 5, 25);
+  }
+  const mediaWithoutDimensions = $("video, iframe").filter((_, el) => {
+    const width = $(el).attr("width");
+    const height = $(el).attr("height");
+    return !width || !height;
+  });
+  if (mediaWithoutDimensions.length > 0) {
+    issues.push(`${mediaWithoutDimensions.length} videos/iframes without dimensions`);
+    recommendations.push("Add explicit width and height to all video and iframe elements");
+    score -= Math.min(mediaWithoutDimensions.length * 10, 20);
+  }
+  const adContainers = $('[class*="ad-"], [class*="ads-"], [id*="ad-"], [data-ad], ins.adsbygoogle');
+  if (adContainers.length > 0) {
+    const hasReservedSpace = adContainers.filter((_, el) => {
+      const style = $(el).attr("style") || "";
+      return style.includes("min-height") || style.includes("height");
+    });
+    if (hasReservedSpace.length < adContainers.length) {
+      issues.push("Ad containers without reserved space");
+      recommendations.push("Reserve space for ads with min-height CSS");
+      score -= 20;
+    }
+  }
+  const dynamicContainers = $('[data-loading], [class*="skeleton"], [class*="placeholder"]');
+  if (dynamicContainers.length > 0) {
+    score += 5;
+  }
+  const webFonts = $('link[href*="fonts"], style').filter((_, el) => {
+    const content = $(el).attr("href") || $(el).text();
+    return content.includes("font-face") || content.includes("fonts.googleapis");
+  });
+  if (webFonts.length > 0) {
+    const hasFontDisplay = html.includes("font-display");
+    if (!hasFontDisplay) {
+      issues.push("Web fonts without font-display property");
+      recommendations.push("Add font-display: swap or optional to prevent FOUT");
+      score -= 10;
+    }
+  }
+  const stickyElements = $('[class*="sticky"], [class*="fixed"], [style*="position: fixed"], [style*="position: sticky"]');
+  const aspectRatioContainers = $('[style*="aspect-ratio"], [class*="aspect-"]');
+  if (aspectRatioContainers.length > 0) {
+    score += 5;
+  }
+  let estimate = "unknown";
+  if (score >= 80) estimate = "good";
+  else if (score >= 50) estimate = "needs-improvement";
+  else estimate = "poor";
+  return { estimate, issues, recommendations };
+}
+function analyzeTTFB($, headers) {
+  const issues = [];
+  const recommendations = [];
+  let score = 100;
+  if (headers) {
+    const cacheControl = headers["cache-control"];
+    if (!cacheControl) {
+      issues.push("No Cache-Control header");
+      recommendations.push("Add Cache-Control header for static assets");
+      score -= 10;
+    }
+    const hasCompression = headers["content-encoding"]?.includes("gzip") || headers["content-encoding"]?.includes("br");
+    if (!hasCompression) {
+      issues.push("Response not compressed (no gzip/brotli)");
+      recommendations.push("Enable Brotli or Gzip compression");
+      score -= 15;
+    }
+  }
+  const hasDynamicIndicators = $("[data-server-rendered], [data-user-id], [data-session]").length > 0;
+  if (hasDynamicIndicators) {
+    recommendations.push("Consider edge caching or CDN for dynamic pages");
+  }
+  const preconnects = $('link[rel="preconnect"], link[rel="dns-prefetch"]');
+  if (preconnects.length === 0) {
+    issues.push("No preconnect hints for external origins");
+    recommendations.push("Add preconnect for critical external origins (fonts, CDN, API)");
+    score -= 10;
+  }
+  const resourceHints = $('link[rel="preload"], link[rel="prefetch"], link[rel="modulepreload"]');
+  if (resourceHints.length === 0) {
+    recommendations.push("Consider adding preload hints for critical resources");
+    score -= 5;
+  }
+  let estimate = "unknown";
+  if (score >= 80) estimate = "good";
+  else if (score >= 50) estimate = "needs-improvement";
+  else estimate = "poor";
+  return { estimate, issues, recommendations };
+}
+function generateCWVIssues(lcp, fidInp, cls, ttfb, url) {
+  const issues = [];
+  if (lcp.estimate === "poor") {
+    issues.push({
+      code: "CWV_LCP_POOR",
+      severity: "critical",
+      category: "performance",
+      title: "Largest Contentful Paint likely poor",
+      description: `LCP issues detected: ${lcp.issues.join("; ")}`,
+      impact: "Poor LCP hurts rankings and user experience. Google uses LCP as a ranking factor.",
+      howToFix: lcp.recommendations.join("\n"),
+      affectedUrls: [url]
+    });
+  } else if (lcp.estimate === "needs-improvement" && lcp.issues.length > 0) {
+    issues.push({
+      code: "CWV_LCP_NEEDS_IMPROVEMENT",
+      severity: "warning",
+      category: "performance",
+      title: "Largest Contentful Paint needs improvement",
+      description: `LCP issues: ${lcp.issues.join("; ")}`,
+      impact: "LCP affects Core Web Vitals score and rankings",
+      howToFix: lcp.recommendations.join("\n"),
+      affectedUrls: [url]
+    });
+  }
+  if (fidInp.fidEstimate === "poor") {
+    issues.push({
+      code: "CWV_INP_POOR",
+      severity: "critical",
+      category: "performance",
+      title: "Interaction to Next Paint likely poor",
+      description: `INP/FID issues detected: ${fidInp.issues.join("; ")}`,
+      impact: "Poor interactivity hurts user experience and rankings",
+      howToFix: fidInp.recommendations.join("\n"),
+      affectedUrls: [url]
+    });
+  } else if (fidInp.fidEstimate === "needs-improvement" && fidInp.issues.length > 0) {
+    issues.push({
+      code: "CWV_INP_NEEDS_IMPROVEMENT",
+      severity: "warning",
+      category: "performance",
+      title: "Interaction responsiveness needs improvement",
+      description: `INP issues: ${fidInp.issues.join("; ")}`,
+      impact: "Affects user experience and Core Web Vitals",
+      howToFix: fidInp.recommendations.join("\n"),
+      affectedUrls: [url]
+    });
+  }
+  if (cls.estimate === "poor") {
+    issues.push({
+      code: "CWV_CLS_POOR",
+      severity: "critical",
+      category: "performance",
+      title: "Cumulative Layout Shift likely poor",
+      description: `CLS issues detected: ${cls.issues.join("; ")}`,
+      impact: "Visual instability frustrates users and hurts rankings",
+      howToFix: cls.recommendations.join("\n"),
+      affectedUrls: [url]
+    });
+  } else if (cls.estimate === "needs-improvement" && cls.issues.length > 0) {
+    issues.push({
+      code: "CWV_CLS_NEEDS_IMPROVEMENT",
+      severity: "warning",
+      category: "performance",
+      title: "Layout stability needs improvement",
+      description: `CLS issues: ${cls.issues.join("; ")}`,
+      impact: "Layout shifts degrade user experience",
+      howToFix: cls.recommendations.join("\n"),
+      affectedUrls: [url]
+    });
+  }
+  if (ttfb.issues.length > 0) {
+    issues.push({
+      code: "CWV_TTFB_ISSUES",
+      severity: "info",
+      category: "performance",
+      title: "Server response optimizations available",
+      description: `TTFB issues: ${ttfb.issues.join("; ")}`,
+      impact: "Slow server response delays all other metrics",
+      howToFix: ttfb.recommendations.join("\n"),
+      affectedUrls: [url]
+    });
+  }
+  return issues;
+}
+function analyzeCoreWebVitals(html, url, headers) {
+  const $ = cheerio.load(html);
+  const lcp = analyzeLCP(html, $);
+  const fidInp = analyzeFID_INP(html, $);
+  const cls = analyzeCLS(html, $);
+  const ttfb = analyzeTTFB($, headers);
+  const issues = generateCWVIssues(lcp, fidInp, cls, ttfb, url);
+  const scores = {
+    lcp: lcp.estimate === "good" ? 100 : lcp.estimate === "needs-improvement" ? 60 : 30,
+    fid: fidInp.fidEstimate === "good" ? 100 : fidInp.fidEstimate === "needs-improvement" ? 60 : 30,
+    cls: cls.estimate === "good" ? 100 : cls.estimate === "needs-improvement" ? 60 : 30,
+    ttfb: ttfb.estimate === "good" ? 100 : ttfb.estimate === "needs-improvement" ? 60 : 30
+  };
+  const overallScore = Math.round(
+    scores.lcp * 0.3 + scores.fid * 0.2 + scores.cls * 0.3 + scores.ttfb * 0.2
+  );
+  return {
+    lcp: {
+      estimate: lcp.estimate,
+      issues: lcp.issues,
+      recommendations: lcp.recommendations
+    },
+    fid: {
+      estimate: fidInp.fidEstimate,
+      issues: fidInp.issues,
+      recommendations: fidInp.recommendations
+    },
+    cls: {
+      estimate: cls.estimate,
+      issues: cls.issues,
+      recommendations: cls.recommendations
+    },
+    inp: {
+      estimate: fidInp.inpEstimate,
+      issues: fidInp.issues,
+      recommendations: fidInp.recommendations
+    },
+    ttfb: {
+      estimate: ttfb.estimate,
+      issues: ttfb.issues,
+      recommendations: ttfb.recommendations
+    },
+    overallScore,
+    issues
+  };
+}
+
+export {
+  analyzeCoreWebVitals
+};

package/dist/chunk-6BWS3CLP.mjs

@@ -0,0 +1,16 @@
+var __defProp = Object.defineProperty;
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+
+export {
+  __require,
+  __export
+};

package/dist/chunk-AK2IC22C.mjs

@@ -0,0 +1,206 @@
+// src/analyzers/security-headers-analyzer.ts
+function analyzeSecurityHeaders(headers, url) {
+  const issues = [];
+  let score = 100;
+  const normalizedHeaders = {};
+  for (const [key, value] of Object.entries(headers)) {
+    normalizedHeaders[key.toLowerCase()] = value;
+  }
+  const isHTTPS = url.startsWith("https://");
+  if (!isHTTPS) {
+    score -= 30;
+    issues.push({
+      code: "SEC_NO_HTTPS",
+      severity: "critical",
+      category: "technical",
+      title: "Site not using HTTPS",
+      description: "HTTPS is required for security and is a confirmed Google ranking factor.",
+      impact: "Major negative ranking impact and browser security warnings",
+      howToFix: "Install SSL certificate and redirect all HTTP traffic to HTTPS",
+      affectedUrls: [url]
+    });
+  }
+  const hsts = normalizedHeaders["strict-transport-security"];
+  let hasHSTS = false;
+  let hstsMaxAge;
+  let includesSubdomains = false;
+  let preload = false;
+  if (hsts) {
+    hasHSTS = true;
+    const maxAgeMatch = hsts.match(/max-age=(\d+)/);
+    if (maxAgeMatch) {
+      hstsMaxAge = parseInt(maxAgeMatch[1]);
+      if (hstsMaxAge < 31536e3) {
+        score -= 5;
+        issues.push({
+          code: "SEC_HSTS_SHORT",
+          severity: "info",
+          category: "technical",
+          title: "HSTS max-age is less than 1 year",
+          description: `Current max-age is ${hstsMaxAge} seconds. Recommended: 31536000 (1 year) or more.`,
+          impact: "Reduced protection window",
+          howToFix: "Set Strict-Transport-Security: max-age=31536000; includeSubDomains; preload",
+          affectedUrls: [url]
+        });
+      }
+    }
+    includesSubdomains = hsts.toLowerCase().includes("includesubdomains");
+    preload = hsts.toLowerCase().includes("preload");
+  } else if (isHTTPS) {
+    score -= 15;
+    issues.push({
+      code: "SEC_NO_HSTS",
+      severity: "warning",
+      category: "technical",
+      title: "Missing HSTS header",
+      description: "HTTP Strict Transport Security (HSTS) header is not set.",
+      impact: "Users may access site over insecure HTTP",
+      howToFix: "Add header: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload",
+      affectedUrls: [url]
+    });
+  }
+  const csp = normalizedHeaders["content-security-policy"];
+  const cspIssues = [];
+  if (csp) {
+    if (csp.includes("'unsafe-inline'")) {
+      cspIssues.push("Contains 'unsafe-inline' - reduces XSS protection");
+      score -= 5;
+    }
+    if (csp.includes("'unsafe-eval'")) {
+      cspIssues.push("Contains 'unsafe-eval' - allows eval()");
+      score -= 5;
+    }
+    if (csp.includes("*") && !csp.includes("*.")) {
+      cspIssues.push("Contains wildcard (*) - too permissive");
+      score -= 3;
+    }
+  } else {
+    score -= 10;
+    issues.push({
+      code: "SEC_NO_CSP",
+      severity: "warning",
+      category: "technical",
+      title: "Missing Content-Security-Policy header",
+      description: "CSP helps prevent XSS attacks and is a security best practice.",
+      impact: "Vulnerable to cross-site scripting attacks",
+      howToFix: "Add Content-Security-Policy header with appropriate directives. Start with: default-src 'self'",
+      affectedUrls: [url]
+    });
+  }
+  const xFrameOptions = normalizedHeaders["x-frame-options"];
+  if (!xFrameOptions) {
+    score -= 5;
+    issues.push({
+      code: "SEC_NO_XFRAME",
+      severity: "info",
+      category: "technical",
+      title: "Missing X-Frame-Options header",
+      description: "X-Frame-Options prevents clickjacking attacks.",
+      impact: "Site can be embedded in malicious iframes",
+      howToFix: "Add header: X-Frame-Options: SAMEORIGIN (or DENY)",
+      affectedUrls: [url]
+    });
+  }
+  const xContentTypeOptions = normalizedHeaders["x-content-type-options"];
+  if (!xContentTypeOptions) {
+    score -= 5;
+    issues.push({
+      code: "SEC_NO_XCONTENT_TYPE",
+      severity: "info",
+      category: "technical",
+      title: "Missing X-Content-Type-Options header",
+      description: "Prevents browsers from MIME-sniffing responses.",
+      impact: "Potential for MIME confusion attacks",
+      howToFix: "Add header: X-Content-Type-Options: nosniff",
+      affectedUrls: [url]
+    });
+  }
+  const referrerPolicy = normalizedHeaders["referrer-policy"];
+  if (!referrerPolicy) {
+    score -= 3;
+    issues.push({
+      code: "SEC_NO_REFERRER_POLICY",
+      severity: "info",
+      category: "technical",
+      title: "Missing Referrer-Policy header",
+      description: "Controls how much referrer information is sent with requests.",
+      impact: "May leak sensitive URL information",
+      howToFix: "Add header: Referrer-Policy: strict-origin-when-cross-origin",
+      affectedUrls: [url]
+    });
+  }
+  const permissionsPolicy = normalizedHeaders["permissions-policy"] || normalizedHeaders["feature-policy"];
+  if (!permissionsPolicy) {
+    score -= 3;
+    issues.push({
+      code: "SEC_NO_PERMISSIONS_POLICY",
+      severity: "info",
+      category: "technical",
+      title: "Missing Permissions-Policy header",
+      description: "Controls which browser features can be used.",
+      impact: "All browser features enabled by default",
+      howToFix: "Add header: Permissions-Policy: geolocation=(), microphone=(), camera=()",
+      affectedUrls: [url]
+    });
+  }
+  let grade;
+  if (score >= 95) grade = "A+";
+  else if (score >= 85) grade = "A";
+  else if (score >= 70) grade = "B";
+  else if (score >= 55) grade = "C";
+  else if (score >= 40) grade = "D";
+  else grade = "F";
+  return {
+    score: Math.max(0, score),
+    https: {
+      enabled: isHTTPS,
+      hasHSTS,
+      hstsMaxAge,
+      includesSubdomains,
+      preload
+    },
+    contentSecurity: {
+      hasCSP: !!csp,
+      policy: csp,
+      issues: cspIssues
+    },
+    frameOptions: {
+      hasXFrameOptions: !!xFrameOptions,
+      value: xFrameOptions
+    },
+    contentTypeOptions: {
+      hasXContentTypeOptions: !!xContentTypeOptions
+    },
+    xssProtection: {
+      hasXXSSProtection: !!normalizedHeaders["x-xss-protection"],
+      value: normalizedHeaders["x-xss-protection"]
+    },
+    referrerPolicy: {
+      hasReferrerPolicy: !!referrerPolicy,
+      value: referrerPolicy
+    },
+    permissionsPolicy: {
+      hasPermissionsPolicy: !!permissionsPolicy,
+      policy: permissionsPolicy
+    },
+    issues,
+    grade
+  };
+}
+function generateSecurityHeaders(siteUrl) {
+  const domain = new URL(siteUrl).hostname;
+  return {
+    "Strict-Transport-Security": "max-age=31536000; includeSubDomains; preload",
+    "Content-Security-Policy": `default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' https://api.${domain}`,
+    "X-Frame-Options": "SAMEORIGIN",
+    "X-Content-Type-Options": "nosniff",
+    "Referrer-Policy": "strict-origin-when-cross-origin",
+    "Permissions-Policy": "geolocation=(), microphone=(), camera=(), payment=()",
+    "X-XSS-Protection": "1; mode=block"
+  };
+}
+
+export {
+  analyzeSecurityHeaders,
+  generateSecurityHeaders
+};