@rankcli/agent-runtime 0.0.9 → 0.0.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +90 -196
- package/dist/analyzer-GMURJADU.mjs +7 -0
- package/dist/chunk-2JADKV3Z.mjs +244 -0
- package/dist/chunk-3ZSCLNTW.mjs +557 -0
- package/dist/chunk-4E4MQOSP.mjs +374 -0
- package/dist/chunk-6BWS3CLP.mjs +16 -0
- package/dist/chunk-AK2IC22C.mjs +206 -0
- package/dist/chunk-K6VSXDD6.mjs +293 -0
- package/dist/chunk-M27NQCWW.mjs +303 -0
- package/dist/{chunk-YNZYHEYM.mjs → chunk-PJLNXOLN.mjs} +0 -14
- package/dist/chunk-VSQD74I7.mjs +474 -0
- package/dist/core-web-vitals-analyzer-TE6LQJMS.mjs +7 -0
- package/dist/geo-analyzer-D47LTMMA.mjs +25 -0
- package/dist/image-optimization-analyzer-XP4OQGRP.mjs +9 -0
- package/dist/index.d.mts +612 -17
- package/dist/index.d.ts +612 -17
- package/dist/index.js +9020 -2686
- package/dist/index.mjs +4177 -328
- package/dist/internal-linking-analyzer-MRMBV7NM.mjs +9 -0
- package/dist/mobile-seo-analyzer-67HNQ7IO.mjs +7 -0
- package/dist/security-headers-analyzer-3ZUQARS5.mjs +9 -0
- package/dist/structured-data-analyzer-2I4NQAUP.mjs +9 -0
- package/package.json +2 -2
- package/src/analyzers/core-web-vitals-analyzer.test.ts +236 -0
- package/src/analyzers/core-web-vitals-analyzer.ts +557 -0
- package/src/analyzers/geo-analyzer.test.ts +310 -0
- package/src/analyzers/geo-analyzer.ts +814 -0
- package/src/analyzers/image-optimization-analyzer.test.ts +145 -0
- package/src/analyzers/image-optimization-analyzer.ts +348 -0
- package/src/analyzers/index.ts +233 -0
- package/src/analyzers/internal-linking-analyzer.test.ts +141 -0
- package/src/analyzers/internal-linking-analyzer.ts +419 -0
- package/src/analyzers/mobile-seo-analyzer.test.ts +140 -0
- package/src/analyzers/mobile-seo-analyzer.ts +455 -0
- package/src/analyzers/security-headers-analyzer.test.ts +115 -0
- package/src/analyzers/security-headers-analyzer.ts +318 -0
- package/src/analyzers/structured-data-analyzer.test.ts +210 -0
- package/src/analyzers/structured-data-analyzer.ts +590 -0
- package/src/audit/engine.ts +3 -3
- package/src/audit/types.ts +3 -2
- package/src/fixer/framework-fixes.test.ts +489 -0
- package/src/fixer/framework-fixes.ts +3418 -0
- package/src/frameworks/detector.ts +642 -114
- package/src/frameworks/suggestion-engine.ts +38 -1
- package/src/index.ts +3 -0
- package/src/types.ts +15 -1
- package/dist/analyzer-2CSWIQGD.mjs +0 -6
|
@@ -0,0 +1,455 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Mobile SEO Analyzer
|
|
3
|
+
*
|
|
4
|
+
* Analyzes mobile-friendliness and mobile SEO best practices.
|
|
5
|
+
* Critical for Google's mobile-first indexing.
|
|
6
|
+
*/
|
|
7
|
+
|
|
8
|
+
import * as cheerio from 'cheerio';
|
|
9
|
+
import type { AuditIssue } from '../audit/types.js';
|
|
10
|
+
|
|
11
|
+
export interface MobileSEOResult {
|
|
12
|
+
score: number;
|
|
13
|
+
viewport: ViewportAnalysis;
|
|
14
|
+
touchTargets: TouchTargetAnalysis;
|
|
15
|
+
fontSizes: FontSizeAnalysis;
|
|
16
|
+
contentWidth: ContentWidthAnalysis;
|
|
17
|
+
mobileSpecific: MobileSpecificAnalysis;
|
|
18
|
+
issues: AuditIssue[];
|
|
19
|
+
recommendations: string[];
|
|
20
|
+
}
|
|
21
|
+
|
|
22
|
+
export interface ViewportAnalysis {
|
|
23
|
+
hasViewport: boolean;
|
|
24
|
+
isResponsive: boolean;
|
|
25
|
+
viewportContent?: string;
|
|
26
|
+
issues: string[];
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
export interface TouchTargetAnalysis {
|
|
30
|
+
smallTargets: number;
|
|
31
|
+
properTargets: number;
|
|
32
|
+
issues: string[];
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
export interface FontSizeAnalysis {
|
|
36
|
+
hasResponsiveFonts: boolean;
|
|
37
|
+
smallFontIndicators: number;
|
|
38
|
+
issues: string[];
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
export interface ContentWidthAnalysis {
|
|
42
|
+
hasHorizontalScroll: boolean;
|
|
43
|
+
fixedWidthElements: number;
|
|
44
|
+
issues: string[];
|
|
45
|
+
}
|
|
46
|
+
|
|
47
|
+
export interface MobileSpecificAnalysis {
|
|
48
|
+
hasAppleTouchIcon: boolean;
|
|
49
|
+
hasThemeColor: boolean;
|
|
50
|
+
hasManifest: boolean;
|
|
51
|
+
hasMobileOptimizedImages: boolean;
|
|
52
|
+
avoidsMobilePopups: boolean;
|
|
53
|
+
issues: string[];
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
/**
|
|
57
|
+
* Analyze viewport meta tag
|
|
58
|
+
*/
|
|
59
|
+
function analyzeViewport($: cheerio.CheerioAPI): ViewportAnalysis {
|
|
60
|
+
const viewport = $('meta[name="viewport"]');
|
|
61
|
+
const issues: string[] = [];
|
|
62
|
+
|
|
63
|
+
if (viewport.length === 0) {
|
|
64
|
+
return {
|
|
65
|
+
hasViewport: false,
|
|
66
|
+
isResponsive: false,
|
|
67
|
+
issues: ['No viewport meta tag'],
|
|
68
|
+
};
|
|
69
|
+
}
|
|
70
|
+
|
|
71
|
+
const content = viewport.attr('content') || '';
|
|
72
|
+
|
|
73
|
+
// Check for responsive viewport
|
|
74
|
+
const hasWidth = content.includes('width=');
|
|
75
|
+
const hasDeviceWidth = content.includes('width=device-width');
|
|
76
|
+
const hasInitialScale = content.includes('initial-scale=');
|
|
77
|
+
const hasMaximumScale = content.includes('maximum-scale=1');
|
|
78
|
+
const hasUserScalable = content.includes('user-scalable=no') || content.includes('user-scalable=0');
|
|
79
|
+
|
|
80
|
+
let isResponsive = hasDeviceWidth;
|
|
81
|
+
|
|
82
|
+
if (!hasDeviceWidth) {
|
|
83
|
+
if (content.includes('width=') && !content.includes('width=device-width')) {
|
|
84
|
+
issues.push('Fixed viewport width instead of device-width');
|
|
85
|
+
isResponsive = false;
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
|
|
89
|
+
if (hasUserScalable || hasMaximumScale) {
|
|
90
|
+
issues.push('Viewport disables zooming - accessibility issue');
|
|
91
|
+
}
|
|
92
|
+
|
|
93
|
+
if (!hasInitialScale) {
|
|
94
|
+
issues.push('Missing initial-scale=1');
|
|
95
|
+
}
|
|
96
|
+
|
|
97
|
+
return {
|
|
98
|
+
hasViewport: true,
|
|
99
|
+
isResponsive,
|
|
100
|
+
viewportContent: content,
|
|
101
|
+
issues,
|
|
102
|
+
};
|
|
103
|
+
}
|
|
104
|
+
|
|
105
|
+
/**
|
|
106
|
+
* Analyze touch targets
|
|
107
|
+
*/
|
|
108
|
+
function analyzeTouchTargets($: cheerio.CheerioAPI): TouchTargetAnalysis {
|
|
109
|
+
const issues: string[] = [];
|
|
110
|
+
let smallTargets = 0;
|
|
111
|
+
let properTargets = 0;
|
|
112
|
+
|
|
113
|
+
// Check interactive elements
|
|
114
|
+
const interactiveElements = $('a, button, input, select, textarea, [role="button"], [onclick]');
|
|
115
|
+
|
|
116
|
+
interactiveElements.each((_, el) => {
|
|
117
|
+
const $el = $(el);
|
|
118
|
+
const style = $el.attr('style') || '';
|
|
119
|
+
const className = $el.attr('class') || '';
|
|
120
|
+
|
|
121
|
+
// Look for small sizing indicators
|
|
122
|
+
const hasSmallClass = /\b(xs|tiny|small|mini)\b/i.test(className);
|
|
123
|
+
const hasSmallInlineStyle = /(?:width|height)\s*:\s*(?:\d{1,2}(?:px|rem|em)|1\d{2}px)/i.test(style);
|
|
124
|
+
|
|
125
|
+
// Check for proper padding (indicates larger touch target)
|
|
126
|
+
const hasPadding = /padding/i.test(style) || /\bp-\d|\bpy-\d|\bpx-\d/i.test(className);
|
|
127
|
+
|
|
128
|
+
if (hasSmallClass || hasSmallInlineStyle) {
|
|
129
|
+
smallTargets++;
|
|
130
|
+
} else if (hasPadding) {
|
|
131
|
+
properTargets++;
|
|
132
|
+
} else {
|
|
133
|
+
// Default assumption: could be either
|
|
134
|
+
properTargets++;
|
|
135
|
+
}
|
|
136
|
+
});
|
|
137
|
+
|
|
138
|
+
if (smallTargets > 5) {
|
|
139
|
+
issues.push(`${smallTargets} potentially small touch targets`);
|
|
140
|
+
}
|
|
141
|
+
|
|
142
|
+
return {
|
|
143
|
+
smallTargets,
|
|
144
|
+
properTargets,
|
|
145
|
+
issues,
|
|
146
|
+
};
|
|
147
|
+
}
|
|
148
|
+
|
|
149
|
+
/**
|
|
150
|
+
* Analyze font sizes
|
|
151
|
+
*/
|
|
152
|
+
function analyzeFontSizes($: cheerio.CheerioAPI, html: string): FontSizeAnalysis {
|
|
153
|
+
const issues: string[] = [];
|
|
154
|
+
let smallFontIndicators = 0;
|
|
155
|
+
|
|
156
|
+
// Check for responsive font indicators
|
|
157
|
+
const hasResponsiveFonts =
|
|
158
|
+
html.includes('@media') && html.includes('font-size') ||
|
|
159
|
+
html.includes('clamp(') ||
|
|
160
|
+
html.includes('vw') ||
|
|
161
|
+
/text-(?:xs|sm|base|lg|xl)/i.test(html); // Tailwind
|
|
162
|
+
|
|
163
|
+
// Look for small fixed font sizes in inline styles
|
|
164
|
+
$('[style*="font-size"]').each((_, el) => {
|
|
165
|
+
const style = $(el).attr('style') || '';
|
|
166
|
+
const match = style.match(/font-size\s*:\s*(\d+)(px|pt)?/i);
|
|
167
|
+
if (match) {
|
|
168
|
+
const size = parseInt(match[1]);
|
|
169
|
+
const unit = match[2]?.toLowerCase() || 'px';
|
|
170
|
+
|
|
171
|
+
// Check for too-small fonts
|
|
172
|
+
if ((unit === 'px' && size < 12) || (unit === 'pt' && size < 9)) {
|
|
173
|
+
smallFontIndicators++;
|
|
174
|
+
}
|
|
175
|
+
}
|
|
176
|
+
});
|
|
177
|
+
|
|
178
|
+
// Check CSS for small font declarations
|
|
179
|
+
const smallFontPatterns = /font-size\s*:\s*(?:[0-9]|1[01])px/gi;
|
|
180
|
+
const matches = html.match(smallFontPatterns);
|
|
181
|
+
if (matches) {
|
|
182
|
+
smallFontIndicators += matches.length;
|
|
183
|
+
}
|
|
184
|
+
|
|
185
|
+
if (smallFontIndicators > 3) {
|
|
186
|
+
issues.push(`${smallFontIndicators} instances of small font sizes (<12px)`);
|
|
187
|
+
}
|
|
188
|
+
|
|
189
|
+
return {
|
|
190
|
+
hasResponsiveFonts,
|
|
191
|
+
smallFontIndicators,
|
|
192
|
+
issues,
|
|
193
|
+
};
|
|
194
|
+
}
|
|
195
|
+
|
|
196
|
+
/**
|
|
197
|
+
* Analyze content width
|
|
198
|
+
*/
|
|
199
|
+
function analyzeContentWidth($: cheerio.CheerioAPI, html: string): ContentWidthAnalysis {
|
|
200
|
+
const issues: string[] = [];
|
|
201
|
+
let fixedWidthElements = 0;
|
|
202
|
+
|
|
203
|
+
// Check for horizontal scroll indicators
|
|
204
|
+
const hasOverflowHidden = html.includes('overflow-x: hidden') || html.includes('overflow-x:hidden');
|
|
205
|
+
|
|
206
|
+
// Look for fixed width elements
|
|
207
|
+
$('[style*="width"]').each((_, el) => {
|
|
208
|
+
const style = $(el).attr('style') || '';
|
|
209
|
+
const widthMatch = style.match(/width\s*:\s*(\d+)(px)?/i);
|
|
210
|
+
|
|
211
|
+
if (widthMatch) {
|
|
212
|
+
const width = parseInt(widthMatch[1]);
|
|
213
|
+
// Fixed width > 500px could cause issues on mobile
|
|
214
|
+
if (width > 500 && !style.includes('max-width')) {
|
|
215
|
+
fixedWidthElements++;
|
|
216
|
+
}
|
|
217
|
+
}
|
|
218
|
+
});
|
|
219
|
+
|
|
220
|
+
// Check for tables without responsive wrapper
|
|
221
|
+
const tables = $('table');
|
|
222
|
+
const responsiveTables = $('table').filter((_, el) => {
|
|
223
|
+
const parent = $(el).parent();
|
|
224
|
+
const parentClass = parent.attr('class') || '';
|
|
225
|
+
const parentStyle = parent.attr('style') || '';
|
|
226
|
+
return parentClass.includes('overflow') ||
|
|
227
|
+
parentStyle.includes('overflow') ||
|
|
228
|
+
parentClass.includes('responsive');
|
|
229
|
+
});
|
|
230
|
+
|
|
231
|
+
if (tables.length > responsiveTables.length) {
|
|
232
|
+
issues.push(`${tables.length - responsiveTables.length} tables without responsive wrapper`);
|
|
233
|
+
fixedWidthElements += tables.length - responsiveTables.length;
|
|
234
|
+
}
|
|
235
|
+
|
|
236
|
+
// Check for iframes without responsive handling
|
|
237
|
+
const iframes = $('iframe:not([style*="max-width"])');
|
|
238
|
+
if (iframes.length > 0) {
|
|
239
|
+
issues.push(`${iframes.length} iframes may cause horizontal scroll`);
|
|
240
|
+
fixedWidthElements += iframes.length;
|
|
241
|
+
}
|
|
242
|
+
|
|
243
|
+
return {
|
|
244
|
+
hasHorizontalScroll: !hasOverflowHidden && fixedWidthElements > 0,
|
|
245
|
+
fixedWidthElements,
|
|
246
|
+
issues,
|
|
247
|
+
};
|
|
248
|
+
}
|
|
249
|
+
|
|
250
|
+
/**
|
|
251
|
+
* Analyze mobile-specific optimizations
|
|
252
|
+
*/
|
|
253
|
+
function analyzeMobileSpecific($: cheerio.CheerioAPI): MobileSpecificAnalysis {
|
|
254
|
+
const issues: string[] = [];
|
|
255
|
+
|
|
256
|
+
// Apple touch icon
|
|
257
|
+
const hasAppleTouchIcon = $('link[rel="apple-touch-icon"], link[rel="apple-touch-icon-precomposed"]').length > 0;
|
|
258
|
+
if (!hasAppleTouchIcon) {
|
|
259
|
+
issues.push('Missing apple-touch-icon');
|
|
260
|
+
}
|
|
261
|
+
|
|
262
|
+
// Theme color
|
|
263
|
+
const hasThemeColor = $('meta[name="theme-color"]').length > 0;
|
|
264
|
+
if (!hasThemeColor) {
|
|
265
|
+
issues.push('Missing theme-color meta tag');
|
|
266
|
+
}
|
|
267
|
+
|
|
268
|
+
// Web app manifest
|
|
269
|
+
const hasManifest = $('link[rel="manifest"]').length > 0;
|
|
270
|
+
if (!hasManifest) {
|
|
271
|
+
issues.push('Missing web app manifest');
|
|
272
|
+
}
|
|
273
|
+
|
|
274
|
+
// Check for mobile-optimized images (srcset, picture)
|
|
275
|
+
const responsiveImages = $('img[srcset], picture source[srcset]').length;
|
|
276
|
+
const totalImages = $('img').length;
|
|
277
|
+
const hasMobileOptimizedImages = responsiveImages > 0 || totalImages === 0;
|
|
278
|
+
|
|
279
|
+
if (totalImages > 0 && responsiveImages === 0) {
|
|
280
|
+
issues.push('No responsive images (srcset)');
|
|
281
|
+
}
|
|
282
|
+
|
|
283
|
+
// Check for intrusive interstitials (popups)
|
|
284
|
+
const popupIndicators = $('[class*="popup"], [class*="modal"], [class*="overlay"], [id*="popup"], [id*="modal"]');
|
|
285
|
+
const hasPopupTriggers = $('[data-popup], [data-modal], .popup-trigger, .modal-trigger').length > 0;
|
|
286
|
+
|
|
287
|
+
// Having modals is okay, auto-showing them on mobile is the issue
|
|
288
|
+
const avoidsMobilePopups = popupIndicators.filter((_, el) => {
|
|
289
|
+
const style = $(el).attr('style') || '';
|
|
290
|
+
return style.includes('display: block') || style.includes('display:block');
|
|
291
|
+
}).length === 0;
|
|
292
|
+
|
|
293
|
+
return {
|
|
294
|
+
hasAppleTouchIcon,
|
|
295
|
+
hasThemeColor,
|
|
296
|
+
hasManifest,
|
|
297
|
+
hasMobileOptimizedImages,
|
|
298
|
+
avoidsMobilePopups,
|
|
299
|
+
issues,
|
|
300
|
+
};
|
|
301
|
+
}
|
|
302
|
+
|
|
303
|
+
/**
|
|
304
|
+
* Main mobile SEO analysis
|
|
305
|
+
*/
|
|
306
|
+
export function analyzeMobileSEO(html: string, url: string): MobileSEOResult {
|
|
307
|
+
const $ = cheerio.load(html);
|
|
308
|
+
const issues: AuditIssue[] = [];
|
|
309
|
+
const recommendations: string[] = [];
|
|
310
|
+
let score = 100;
|
|
311
|
+
|
|
312
|
+
// Run all analyses
|
|
313
|
+
const viewport = analyzeViewport($);
|
|
314
|
+
const touchTargets = analyzeTouchTargets($);
|
|
315
|
+
const fontSizes = analyzeFontSizes($, html);
|
|
316
|
+
const contentWidth = analyzeContentWidth($, html);
|
|
317
|
+
const mobileSpecific = analyzeMobileSpecific($);
|
|
318
|
+
|
|
319
|
+
// Generate issues
|
|
320
|
+
if (!viewport.hasViewport) {
|
|
321
|
+
issues.push({
|
|
322
|
+
code: 'MOBILE_NO_VIEWPORT',
|
|
323
|
+
severity: 'critical',
|
|
324
|
+
category: 'technical',
|
|
325
|
+
title: 'Missing viewport meta tag',
|
|
326
|
+
description: 'The page lacks a viewport meta tag, critical for mobile rendering.',
|
|
327
|
+
impact: 'Page will not render properly on mobile devices',
|
|
328
|
+
howToFix: 'Add <meta name="viewport" content="width=device-width, initial-scale=1">',
|
|
329
|
+
affectedUrls: [url],
|
|
330
|
+
});
|
|
331
|
+
score -= 30;
|
|
332
|
+
} else if (!viewport.isResponsive) {
|
|
333
|
+
issues.push({
|
|
334
|
+
code: 'MOBILE_FIXED_VIEWPORT',
|
|
335
|
+
severity: 'warning',
|
|
336
|
+
category: 'technical',
|
|
337
|
+
title: 'Non-responsive viewport',
|
|
338
|
+
description: viewport.issues.join('. '),
|
|
339
|
+
impact: 'Page may not scale properly on all devices',
|
|
340
|
+
howToFix: 'Use width=device-width instead of fixed width',
|
|
341
|
+
affectedUrls: [url],
|
|
342
|
+
});
|
|
343
|
+
score -= 15;
|
|
344
|
+
}
|
|
345
|
+
|
|
346
|
+
if (viewport.issues.includes('Viewport disables zooming - accessibility issue')) {
|
|
347
|
+
issues.push({
|
|
348
|
+
code: 'MOBILE_ZOOM_DISABLED',
|
|
349
|
+
severity: 'warning',
|
|
350
|
+
category: 'technical',
|
|
351
|
+
title: 'Pinch-to-zoom disabled',
|
|
352
|
+
description: 'The viewport prevents users from zooming, which is an accessibility violation.',
|
|
353
|
+
impact: 'Fails WCAG accessibility guidelines',
|
|
354
|
+
howToFix: 'Remove maximum-scale=1 and user-scalable=no from viewport',
|
|
355
|
+
affectedUrls: [url],
|
|
356
|
+
});
|
|
357
|
+
score -= 10;
|
|
358
|
+
}
|
|
359
|
+
|
|
360
|
+
if (touchTargets.smallTargets > 5) {
|
|
361
|
+
issues.push({
|
|
362
|
+
code: 'MOBILE_SMALL_TOUCH_TARGETS',
|
|
363
|
+
severity: 'warning',
|
|
364
|
+
category: 'technical',
|
|
365
|
+
title: `${touchTargets.smallTargets} small touch targets`,
|
|
366
|
+
description: 'Interactive elements may be too small to tap easily on mobile.',
|
|
367
|
+
impact: 'Poor mobile usability, user frustration',
|
|
368
|
+
howToFix: 'Ensure touch targets are at least 48x48px with adequate spacing',
|
|
369
|
+
affectedUrls: [url],
|
|
370
|
+
});
|
|
371
|
+
score -= Math.min(touchTargets.smallTargets * 2, 15);
|
|
372
|
+
}
|
|
373
|
+
|
|
374
|
+
if (fontSizes.smallFontIndicators > 3) {
|
|
375
|
+
issues.push({
|
|
376
|
+
code: 'MOBILE_SMALL_FONTS',
|
|
377
|
+
severity: 'warning',
|
|
378
|
+
category: 'technical',
|
|
379
|
+
title: 'Small font sizes detected',
|
|
380
|
+
description: `${fontSizes.smallFontIndicators} instances of fonts smaller than 12px.`,
|
|
381
|
+
impact: 'Text difficult to read on mobile without zooming',
|
|
382
|
+
howToFix: 'Use minimum 16px for body text, 12px absolute minimum',
|
|
383
|
+
affectedUrls: [url],
|
|
384
|
+
});
|
|
385
|
+
score -= 10;
|
|
386
|
+
}
|
|
387
|
+
|
|
388
|
+
if (contentWidth.fixedWidthElements > 2) {
|
|
389
|
+
issues.push({
|
|
390
|
+
code: 'MOBILE_HORIZONTAL_SCROLL',
|
|
391
|
+
severity: 'warning',
|
|
392
|
+
category: 'technical',
|
|
393
|
+
title: 'Content wider than screen',
|
|
394
|
+
description: `${contentWidth.fixedWidthElements} elements may cause horizontal scrolling.`,
|
|
395
|
+
impact: 'Horizontal scrolling is frustrating on mobile',
|
|
396
|
+
howToFix: 'Use max-width: 100% and avoid fixed widths >320px',
|
|
397
|
+
affectedUrls: [url],
|
|
398
|
+
});
|
|
399
|
+
score -= Math.min(contentWidth.fixedWidthElements * 3, 15);
|
|
400
|
+
}
|
|
401
|
+
|
|
402
|
+
// Mobile-specific issues
|
|
403
|
+
if (!mobileSpecific.hasManifest) {
|
|
404
|
+
issues.push({
|
|
405
|
+
code: 'MOBILE_NO_MANIFEST',
|
|
406
|
+
severity: 'info',
|
|
407
|
+
category: 'technical',
|
|
408
|
+
title: 'Missing web app manifest',
|
|
409
|
+
description: 'No manifest.json linked for PWA capabilities.',
|
|
410
|
+
impact: 'Cannot be installed as PWA',
|
|
411
|
+
howToFix: 'Add <link rel="manifest" href="/manifest.json">',
|
|
412
|
+
affectedUrls: [url],
|
|
413
|
+
});
|
|
414
|
+
score -= 5;
|
|
415
|
+
}
|
|
416
|
+
|
|
417
|
+
if (!mobileSpecific.hasThemeColor) {
|
|
418
|
+
recommendations.push('Add theme-color meta tag for mobile browser UI customization');
|
|
419
|
+
score -= 2;
|
|
420
|
+
}
|
|
421
|
+
|
|
422
|
+
if (!mobileSpecific.hasAppleTouchIcon) {
|
|
423
|
+
recommendations.push('Add apple-touch-icon for iOS home screen');
|
|
424
|
+
score -= 2;
|
|
425
|
+
}
|
|
426
|
+
|
|
427
|
+
if (!mobileSpecific.hasMobileOptimizedImages) {
|
|
428
|
+
recommendations.push('Use srcset for responsive images');
|
|
429
|
+
score -= 5;
|
|
430
|
+
}
|
|
431
|
+
|
|
432
|
+
// Positive recommendations
|
|
433
|
+
if (viewport.hasViewport && viewport.isResponsive && viewport.issues.length === 0) {
|
|
434
|
+
recommendations.push('✓ Proper responsive viewport configuration');
|
|
435
|
+
}
|
|
436
|
+
|
|
437
|
+
if (fontSizes.hasResponsiveFonts) {
|
|
438
|
+
recommendations.push('✓ Responsive font sizing detected');
|
|
439
|
+
}
|
|
440
|
+
|
|
441
|
+
if (mobileSpecific.hasManifest && mobileSpecific.hasAppleTouchIcon && mobileSpecific.hasThemeColor) {
|
|
442
|
+
recommendations.push('✓ Good PWA/mobile app configuration');
|
|
443
|
+
}
|
|
444
|
+
|
|
445
|
+
return {
|
|
446
|
+
score: Math.max(0, Math.min(100, score)),
|
|
447
|
+
viewport,
|
|
448
|
+
touchTargets,
|
|
449
|
+
fontSizes,
|
|
450
|
+
contentWidth,
|
|
451
|
+
mobileSpecific,
|
|
452
|
+
issues,
|
|
453
|
+
recommendations,
|
|
454
|
+
};
|
|
455
|
+
}
|
|
@@ -0,0 +1,115 @@
|
|
|
1
|
+
import { describe, it, expect } from 'vitest';
|
|
2
|
+
import { analyzeSecurityHeaders, generateSecurityHeaders } from './security-headers-analyzer.js';
|
|
3
|
+
|
|
4
|
+
describe('Security Headers Analyzer', () => {
|
|
5
|
+
describe('analyzeSecurityHeaders', () => {
|
|
6
|
+
it('detects HTTPS', () => {
|
|
7
|
+
const result = analyzeSecurityHeaders({}, 'https://example.com');
|
|
8
|
+
expect(result.https.enabled).toBe(true);
|
|
9
|
+
});
|
|
10
|
+
|
|
11
|
+
it('detects missing HTTPS', () => {
|
|
12
|
+
const result = analyzeSecurityHeaders({}, 'http://example.com');
|
|
13
|
+
expect(result.https.enabled).toBe(false);
|
|
14
|
+
expect(result.issues.some(i => i.code === 'SEC_NO_HTTPS')).toBe(true);
|
|
15
|
+
});
|
|
16
|
+
|
|
17
|
+
it('detects HSTS', () => {
|
|
18
|
+
const result = analyzeSecurityHeaders({
|
|
19
|
+
'strict-transport-security': 'max-age=31536000; includeSubDomains; preload',
|
|
20
|
+
}, 'https://example.com');
|
|
21
|
+
expect(result.https.hasHSTS).toBe(true);
|
|
22
|
+
expect(result.https.hstsMaxAge).toBe(31536000);
|
|
23
|
+
expect(result.https.includesSubdomains).toBe(true);
|
|
24
|
+
expect(result.https.preload).toBe(true);
|
|
25
|
+
});
|
|
26
|
+
|
|
27
|
+
it('warns about short HSTS max-age', () => {
|
|
28
|
+
const result = analyzeSecurityHeaders({
|
|
29
|
+
'strict-transport-security': 'max-age=86400',
|
|
30
|
+
}, 'https://example.com');
|
|
31
|
+
expect(result.issues.some(i => i.code === 'SEC_HSTS_SHORT')).toBe(true);
|
|
32
|
+
});
|
|
33
|
+
|
|
34
|
+
it('detects CSP', () => {
|
|
35
|
+
const result = analyzeSecurityHeaders({
|
|
36
|
+
'content-security-policy': "default-src 'self'",
|
|
37
|
+
}, 'https://example.com');
|
|
38
|
+
expect(result.contentSecurity.hasCSP).toBe(true);
|
|
39
|
+
});
|
|
40
|
+
|
|
41
|
+
it('warns about missing CSP', () => {
|
|
42
|
+
const result = analyzeSecurityHeaders({}, 'https://example.com');
|
|
43
|
+
expect(result.issues.some(i => i.code === 'SEC_NO_CSP')).toBe(true);
|
|
44
|
+
});
|
|
45
|
+
|
|
46
|
+
it('detects X-Frame-Options', () => {
|
|
47
|
+
const result = analyzeSecurityHeaders({
|
|
48
|
+
'x-frame-options': 'SAMEORIGIN',
|
|
49
|
+
}, 'https://example.com');
|
|
50
|
+
expect(result.frameOptions.hasXFrameOptions).toBe(true);
|
|
51
|
+
expect(result.frameOptions.value).toBe('SAMEORIGIN');
|
|
52
|
+
});
|
|
53
|
+
|
|
54
|
+
it('detects X-Content-Type-Options', () => {
|
|
55
|
+
const result = analyzeSecurityHeaders({
|
|
56
|
+
'x-content-type-options': 'nosniff',
|
|
57
|
+
}, 'https://example.com');
|
|
58
|
+
expect(result.contentTypeOptions.hasXContentTypeOptions).toBe(true);
|
|
59
|
+
});
|
|
60
|
+
|
|
61
|
+
it('detects Referrer-Policy', () => {
|
|
62
|
+
const result = analyzeSecurityHeaders({
|
|
63
|
+
'referrer-policy': 'strict-origin-when-cross-origin',
|
|
64
|
+
}, 'https://example.com');
|
|
65
|
+
expect(result.referrerPolicy.hasReferrerPolicy).toBe(true);
|
|
66
|
+
});
|
|
67
|
+
|
|
68
|
+
it('detects Permissions-Policy', () => {
|
|
69
|
+
const result = analyzeSecurityHeaders({
|
|
70
|
+
'permissions-policy': 'geolocation=(), microphone=()',
|
|
71
|
+
}, 'https://example.com');
|
|
72
|
+
expect(result.permissionsPolicy.hasPermissionsPolicy).toBe(true);
|
|
73
|
+
});
|
|
74
|
+
|
|
75
|
+
it('grades A+ for complete headers', () => {
|
|
76
|
+
const result = analyzeSecurityHeaders({
|
|
77
|
+
'strict-transport-security': 'max-age=31536000; includeSubDomains; preload',
|
|
78
|
+
'content-security-policy': "default-src 'self'",
|
|
79
|
+
'x-frame-options': 'SAMEORIGIN',
|
|
80
|
+
'x-content-type-options': 'nosniff',
|
|
81
|
+
'referrer-policy': 'strict-origin-when-cross-origin',
|
|
82
|
+
'permissions-policy': 'geolocation=()',
|
|
83
|
+
}, 'https://example.com');
|
|
84
|
+
expect(result.grade).toBe('A+');
|
|
85
|
+
});
|
|
86
|
+
|
|
87
|
+
it('grades D for no headers on HTTP', () => {
|
|
88
|
+
// HTTP without headers still gets 44/100 (no HSTS penalty since not HTTPS)
|
|
89
|
+
// Score: 100 - 30 (no HTTPS) - 10 (no CSP) - 5 (no X-Frame) - 5 (no X-Content-Type) - 3 (no Referrer) - 3 (no Permissions) = 44
|
|
90
|
+
const result = analyzeSecurityHeaders({}, 'http://example.com');
|
|
91
|
+
expect(result.grade).toBe('D');
|
|
92
|
+
});
|
|
93
|
+
|
|
94
|
+
it('normalizes header names to lowercase', () => {
|
|
95
|
+
const result = analyzeSecurityHeaders({
|
|
96
|
+
'Strict-Transport-Security': 'max-age=31536000',
|
|
97
|
+
'Content-Security-Policy': "default-src 'self'",
|
|
98
|
+
}, 'https://example.com');
|
|
99
|
+
expect(result.https.hasHSTS).toBe(true);
|
|
100
|
+
expect(result.contentSecurity.hasCSP).toBe(true);
|
|
101
|
+
});
|
|
102
|
+
});
|
|
103
|
+
|
|
104
|
+
describe('generateSecurityHeaders', () => {
|
|
105
|
+
it('generates recommended headers', () => {
|
|
106
|
+
const headers = generateSecurityHeaders('https://example.com');
|
|
107
|
+
expect(headers['Strict-Transport-Security']).toContain('max-age=31536000');
|
|
108
|
+
expect(headers['Content-Security-Policy']).toBeDefined();
|
|
109
|
+
expect(headers['X-Frame-Options']).toBe('SAMEORIGIN');
|
|
110
|
+
expect(headers['X-Content-Type-Options']).toBe('nosniff');
|
|
111
|
+
expect(headers['Referrer-Policy']).toBeDefined();
|
|
112
|
+
expect(headers['Permissions-Policy']).toBeDefined();
|
|
113
|
+
});
|
|
114
|
+
});
|
|
115
|
+
});
|