@rayselfs/cf-rule-engine 1.5.0

package/dist/chunk-UKB5JAX4.js

@@ -0,0 +1,32 @@
+import {
+  ipCidr
+} from "./chunk-KW5YBTSD.js";
+import {
+  pathMatches
+} from "./chunk-LO2BO3RU.js";
+import {
+  userAgentMatches
+} from "./chunk-S2AAATFN.js";
+import {
+  all,
+  not,
+  rule
+} from "./chunk-Q4NP4C3B.js";
+import {
+  redirect
+} from "./chunk-DSSFFJWL.js";
+
+// src/helpers/staging-whitelist.ts
+function stagingWhitelist(options) {
+  const userAgents = options.userAgents ?? [];
+  const bypassPaths = options.bypassPaths ?? [];
+  const criteria = [not(ipCidr(options.cidrs)), not(userAgentMatches(userAgents))];
+  if (bypassPaths.length > 0) {
+    criteria.push(not(pathMatches(bypassPaths)));
+  }
+  return rule(all(criteria), redirect(302, options.redirectUrl));
+}
+
+export {
+  stagingWhitelist
+};

package/dist/chunk-VEEOQ7TS.cjs

@@ -0,0 +1,8 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});// src/criteria/path-equals.ts
+function pathEquals(paths) {
+  return (req) => paths.some((p) => req.uri === p);
+}
+
+
+
+exports.pathEquals = pathEquals;

package/dist/chunk-VQCRSBWL.js

@@ -0,0 +1,19 @@
+// src/behaviors/set-security-headers.ts
+function setSecurityHeaders(options) {
+  const hsts = options?.hsts ?? "max-age=31536000; includeSubDomains";
+  const xFrameOptions = options?.xFrameOptions ?? "SAMEORIGIN";
+  const xContentTypeOptions = options?.xContentTypeOptions ?? "nosniff";
+  return (_request, response) => {
+    return Object.assign({}, response, {
+      headers: Object.assign({}, response.headers, {
+        "strict-transport-security": { value: hsts },
+        "x-frame-options": { value: xFrameOptions },
+        "x-content-type-options": { value: xContentTypeOptions }
+      })
+    });
+  };
+}
+
+export {
+  setSecurityHeaders
+};

package/dist/chunk-WEBU4R5C.js

@@ -0,0 +1,132 @@
+import {
+  runRules
+} from "./chunk-Q4NP4C3B.js";
+import {
+  __export
+} from "./chunk-MLKGABMK.js";
+
+// src/adapters/lambda-edge.ts
+var lambda_edge_exports = {};
+__export(lambda_edge_exports, {
+  defineViewerRequest: () => defineViewerRequest,
+  defineViewerResponse: () => defineViewerResponse
+});
+function normalizeHeaders(headers) {
+  const result = {};
+  const entries = Object.entries(headers ?? {});
+  for (let i = 0; i < entries.length; i++) {
+    const entry = entries[i];
+    const key = entry[0];
+    const arr = entry[1];
+    if (arr.length > 0) result[key.toLowerCase()] = { value: arr[0].value };
+  }
+  return result;
+}
+function denormalizeHeaders(headers) {
+  const result = {};
+  const entries = Object.entries(headers);
+  for (let i = 0; i < entries.length; i++) {
+    const entry = entries[i];
+    const key = entry[0];
+    const value = entry[1].value;
+    result[key] = [{ key, value }];
+  }
+  return result;
+}
+function parseQuerystring(qs) {
+  if (!qs) return {};
+  return Object.fromEntries(
+    qs.split("&").map((p) => {
+      const parts = p.split("=");
+      const k = parts[0];
+      const v = parts[1] || "";
+      return [k, { value: v }];
+    })
+  );
+}
+function serializeQuerystring(qs) {
+  const qsEntries = Object.entries(qs);
+  const parts = [];
+  for (let i = 0; i < qsEntries.length; i++) {
+    parts.push(qsEntries[i][0] + "=" + qsEntries[i][1].value);
+  }
+  return parts.join("&");
+}
+function defineViewerRequest(rules) {
+  return async (event) => {
+    const ev = event;
+    const records = ev.Records;
+    const cf = records[0].cf;
+    const lambdaReq = cf.request;
+    const req = {
+      uri: lambdaReq.uri,
+      method: lambdaReq.method,
+      protocol: "https",
+      querystring: parseQuerystring(lambdaReq.querystring ?? ""),
+      headers: normalizeHeaders(
+        lambdaReq.headers ?? {}
+      ),
+      clientIp: lambdaReq.clientIp ?? ""
+    };
+    const result = runRules(rules, req);
+    if (result.action === "respond") {
+      return {
+        status: String(result.response.statusCode),
+        statusDescription: result.response.statusDescription,
+        headers: denormalizeHeaders(result.response.headers),
+        body: result.response.body ?? ""
+      };
+    }
+    return Object.assign({}, lambdaReq, {
+      uri: result.request.uri,
+      querystring: serializeQuerystring(result.request.querystring),
+      headers: denormalizeHeaders(result.request.headers)
+    });
+  };
+}
+function defineViewerResponse(responseBehaviors) {
+  return async (event) => {
+    const ev = event;
+    const records = ev.Records;
+    const cf = records[0].cf;
+    const lambdaReq = cf.request;
+    const lambdaRes = cf.response;
+    const req = {
+      uri: lambdaReq.uri,
+      method: lambdaReq.method,
+      protocol: "https",
+      querystring: parseQuerystring(lambdaReq.querystring ?? ""),
+      headers: normalizeHeaders(
+        lambdaReq.headers ?? {}
+      ),
+      clientIp: lambdaReq.clientIp ?? ""
+    };
+    let response = {
+      statusCode: parseInt(lambdaRes.status, 10),
+      statusDescription: lambdaRes.statusDescription,
+      headers: normalizeHeaders(
+        lambdaRes.headers ?? {}
+      ),
+      body: lambdaRes.body
+    };
+    for (let i = 0; i < responseBehaviors.length; i++) {
+      const entry = responseBehaviors[i];
+      if (typeof entry === "function") {
+        response = entry(req, response);
+      } else if (!entry.criteria || entry.criteria(req)) {
+        response = entry.behavior(req, response);
+      }
+    }
+    return Object.assign({}, lambdaRes, {
+      status: String(response.statusCode),
+      statusDescription: response.statusDescription,
+      headers: denormalizeHeaders(response.headers)
+    });
+  };
+}
+
+export {
+  defineViewerRequest,
+  defineViewerResponse,
+  lambda_edge_exports
+};

package/dist/chunk-WKYMSRCD.cjs

@@ -0,0 +1,47 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});// src/core/rule.ts
+function rule(criteriaOrBehavior, behavior) {
+  if (behavior === void 0) {
+    return { behavior: criteriaOrBehavior };
+  }
+  return { criteria: criteriaOrBehavior, behavior };
+}
+function all(fns) {
+  return (req) => fns.every((fn) => fn(req));
+}
+function any(fns) {
+  return (req) => fns.some((fn) => fn(req));
+}
+function not(fn) {
+  return (req) => !fn(req);
+}
+function chain(behaviors) {
+  return (request) => {
+    let current = request;
+    for (let i = 0; i < behaviors.length; i++) {
+      const result = behaviors[i](current);
+      if (result.action === "respond") return result;
+      current = result.request;
+    }
+    return { action: "continue", request: current };
+  };
+}
+function runRules(rules, request) {
+  for (let i = 0; i < rules.length; i++) {
+    const r = rules[i];
+    if (!r.criteria || r.criteria(request)) {
+      const result = r.behavior(request);
+      if (result.action === "respond") return result;
+      request = result.request;
+    }
+  }
+  return { action: "continue", request };
+}
+
+
+
+
+
+
+
+
+exports.rule = rule; exports.all = all; exports.any = any; exports.not = not; exports.chain = chain; exports.runRules = runRules;

package/dist/chunk-WW7YVRAI.cjs

@@ -0,0 +1,32 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _nullishCoalesce(lhs, rhsFn) { if (lhs != null) { return lhs; } else { return rhsFn(); } }
+
+var _chunkD47P7HVZcjs = require('./chunk-D47P7HVZ.cjs');
+
+
+var _chunkCF5PWWTFcjs = require('./chunk-CF5PWWTF.cjs');
+
+
+var _chunkMVGYPBYBcjs = require('./chunk-MVGYPBYB.cjs');
+
+
+
+
+var _chunkWKYMSRCDcjs = require('./chunk-WKYMSRCD.cjs');
+
+
+var _chunkWWSRNCUPcjs = require('./chunk-WWSRNCUP.cjs');
+
+// src/helpers/staging-whitelist.ts
+function stagingWhitelist(options) {
+  const userAgents = _nullishCoalesce(options.userAgents, () => ( []));
+  const bypassPaths = _nullishCoalesce(options.bypassPaths, () => ( []));
+  const criteria = [_chunkWKYMSRCDcjs.not.call(void 0, _chunkD47P7HVZcjs.ipCidr.call(void 0, options.cidrs)), _chunkWKYMSRCDcjs.not.call(void 0, _chunkMVGYPBYBcjs.userAgentMatches.call(void 0, userAgents))];
+  if (bypassPaths.length > 0) {
+    criteria.push(_chunkWKYMSRCDcjs.not.call(void 0, _chunkCF5PWWTFcjs.pathMatches.call(void 0, bypassPaths)));
+  }
+  return _chunkWKYMSRCDcjs.rule.call(void 0, _chunkWKYMSRCDcjs.all.call(void 0, criteria), _chunkWWSRNCUPcjs.redirect.call(void 0, 302, options.redirectUrl));
+}
+
+
+
+exports.stagingWhitelist = stagingWhitelist;

package/dist/chunk-WWSRNCUP.cjs

@@ -0,0 +1,38 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; }// src/behaviors/redirect.ts
+var statusDescriptions = {
+  301: "Moved Permanently",
+  302: "Found",
+  307: "Temporary Redirect"
+};
+function redirect(statusCode, location, options) {
+  return (request) => {
+    let finalLocation = location;
+    if (_optionalChain([options, 'optionalAccess', _ => _.preserveQuerystring])) {
+      const qsEntries = Object.entries(request.querystring);
+      const qsParts = [];
+      for (let i = 0; i < qsEntries.length; i++) {
+        const entry = qsEntries[i];
+        qsParts.push(entry[0] + "=" + entry[1].value);
+      }
+      const qs = qsParts.join("&");
+      if (qs) {
+        finalLocation = `${location}?${qs}`;
+      }
+    }
+    return {
+      action: "respond",
+      response: {
+        statusCode,
+        statusDescription: statusDescriptions[statusCode],
+        headers: {
+          location: { value: finalLocation },
+          "cache-control": { value: "no-store" }
+        }
+      }
+    };
+  };
+}
+
+
+
+exports.redirect = redirect;

package/dist/chunk-XLSZ5RB7.js

@@ -0,0 +1,8 @@
+// src/criteria/path-prefix.ts
+function pathPrefix(prefixes) {
+  return (req) => prefixes.some((p) => req.uri.startsWith(p));
+}
+
+export {
+  pathPrefix
+};

package/dist/chunk-XPQG5IML.js

@@ -0,0 +1,14 @@
+// src/behaviors/strip-query-params.ts
+function stripQueryParams(params) {
+  return (request) => {
+    const querystring = Object.assign({}, request.querystring);
+    for (let i = 0; i < params.length; i++) {
+      delete querystring[params[i]];
+    }
+    return { action: "continue", request: Object.assign({}, request, { querystring }) };
+  };
+}
+
+export {
+  stripQueryParams
+};

package/dist/chunk-XUI4Y22M.js

@@ -0,0 +1,20 @@
+// src/behaviors/set-csp.ts
+function setCsp(options) {
+  const dirEntries = Object.entries(options.directives);
+  const dirParts = [];
+  for (let i = 0; i < dirEntries.length; i++) {
+    dirParts.push(dirEntries[i][0] + " " + dirEntries[i][1]);
+  }
+  const cspValue = dirParts.join("; ");
+  return (_request, response) => {
+    return Object.assign({}, response, {
+      headers: Object.assign({}, response.headers, {
+        "content-security-policy": { value: cspValue }
+      })
+    });
+  };
+}
+
+export {
+  setCsp
+};

package/dist/chunk-YVUR35RN.cjs

@@ -0,0 +1,20 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});// src/shared/cidr.ts
+function ipToInt(ip) {
+  return ip.split(".").reduce((acc, octet) => (acc << 8) + parseInt(octet, 10) >>> 0, 0);
+}
+function inCidr(ip, cidr) {
+  const parts = cidr.split("/");
+  const range = parts[0];
+  const bits = parts[1] || "32";
+  const mask = bits === "0" ? 0 : ~0 << 32 - parseInt(bits, 10) >>> 0;
+  return (ipToInt(ip) & mask) === (ipToInt(range) & mask);
+}
+function matchesAnyCidr(ip, cidrs) {
+  return cidrs.some((cidr) => inCidr(ip, cidr));
+}
+
+
+
+
+
+exports.ipToInt = ipToInt; exports.inCidr = inCidr; exports.matchesAnyCidr = matchesAnyCidr;

package/dist/chunk-ZTMSH34E.js

@@ -0,0 +1,14 @@
+// src/behaviors/set-cache-control.ts
+function setCacheControl(value) {
+  return (_request, response) => {
+    return Object.assign({}, response, {
+      headers: Object.assign({}, response.headers, {
+        "cache-control": { value }
+      })
+    });
+  };
+}
+
+export {
+  setCacheControl
+};

package/dist/chunk-ZXS23HXA.cjs

@@ -0,0 +1,20 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});// src/behaviors/set-csp.ts
+function setCsp(options) {
+  const dirEntries = Object.entries(options.directives);
+  const dirParts = [];
+  for (let i = 0; i < dirEntries.length; i++) {
+    dirParts.push(dirEntries[i][0] + " " + dirEntries[i][1]);
+  }
+  const cspValue = dirParts.join("; ");
+  return (_request, response) => {
+    return Object.assign({}, response, {
+      headers: Object.assign({}, response.headers, {
+        "content-security-policy": { value: cspValue }
+      })
+    });
+  };
+}
+
+
+
+exports.setCsp = setCsp;

package/dist/core/rule.cjs

@@ -0,0 +1,17 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});
+
+
+
+
+
+
+var _chunkWKYMSRCDcjs = require('../chunk-WKYMSRCD.cjs');
+require('../chunk-75ZPJI57.cjs');
+
+
+
+
+
+
+
+exports.all = _chunkWKYMSRCDcjs.all; exports.any = _chunkWKYMSRCDcjs.any; exports.chain = _chunkWKYMSRCDcjs.chain; exports.not = _chunkWKYMSRCDcjs.not; exports.rule = _chunkWKYMSRCDcjs.rule; exports.runRules = _chunkWKYMSRCDcjs.runRules;

package/dist/core/rule.d.cts

@@ -0,0 +1,101 @@
+import { CriteriaFn, BehaviorFn, Rule, HttpRequest, BehaviorResult } from './types.cjs';
+
+/**
+ * Creates a rule that always runs the given behavior (no criteria guard).
+ *
+ * @param behavior - The behavior function to execute for every request.
+ * @returns A `Rule` object to pass to `defineViewerRequest`.
+ *
+ * @example
+ * ```ts
+ * // Always set security headers, regardless of path
+ * rule(setSecurityHeaders())
+ * ```
+ */
+declare function rule(behavior: BehaviorFn): Rule;
+/**
+ * Creates a rule that runs the behavior only when the criteria returns `true`.
+ *
+ * @param criteria - Guard function; the behavior runs only when this returns `true`.
+ * @param behavior - The behavior function to execute when criteria matches.
+ * @returns A `Rule` object to pass to `defineViewerRequest`.
+ *
+ * @example
+ * ```ts
+ * // Redirect /old-path to /new-path
+ * rule(pathPrefix(['/old-path']), redirect(301, '/new-path'))
+ * ```
+ */
+declare function rule(criteria: CriteriaFn, behavior: BehaviorFn): Rule;
+/**
+ * Combines multiple criteria with AND logic — all must return `true`.
+ *
+ * @param fns - Array of criteria functions to evaluate.
+ * @returns A `CriteriaFn` that returns `true` only when every function in `fns` returns `true`.
+ *
+ * @example
+ * ```ts
+ * rule(all([pathPrefix(['/api/']), methodIs(['POST'])]), constructResponse({ statusCode: 403 }))
+ * ```
+ */
+declare function all(fns: CriteriaFn[]): CriteriaFn;
+/**
+ * Combines multiple criteria with OR logic — at least one must return `true`.
+ *
+ * @param fns - Array of criteria functions to evaluate.
+ * @returns A `CriteriaFn` that returns `true` when any function in `fns` returns `true`.
+ *
+ * @example
+ * ```ts
+ * rule(any([pathPrefix(['/admin/']), ipCidr(['10.0.0.0/8'])]), redirect(302, '/blocked'))
+ * ```
+ */
+declare function any(fns: CriteriaFn[]): CriteriaFn;
+/**
+ * Negates a criteria function — returns `true` when the wrapped function returns `false`.
+ *
+ * @param fn - The criteria function to negate.
+ * @returns A `CriteriaFn` that returns the logical inverse of `fn`.
+ *
+ * @example
+ * ```ts
+ * // Block all non-internal IPs
+ * rule(not(ipCidr(['10.0.0.0/8', '192.168.0.0/16'])), redirect(302, '/blocked'))
+ * ```
+ */
+declare function not(fn: CriteriaFn): CriteriaFn;
+/**
+ * Chains multiple behavior functions sequentially, passing the mutated request
+ * from each behavior to the next. Stops immediately if any behavior returns
+ * `{ action: 'respond' }`.
+ *
+ * Use this when a single Akamai rule has multiple behaviors that must operate
+ * on the same (possibly mutated) request. Without chaining, splitting behaviors
+ * into separate `rule()` calls causes each to re-evaluate criteria against
+ * the original request — breaking cases where behavior 1 rewrites the URI
+ * and behavior 2 must see the rewritten path.
+ *
+ * @param behaviors - Ordered array of behavior functions to execute in sequence.
+ * @returns A single `BehaviorFn` that runs all behaviors in order.
+ *
+ * @example
+ * ```ts
+ * rule(pathPrefix(['/api/']), chain([rewriteUri('replace', '/v2', '/api'), setRequestHeader('x-api-version', '2')]))
+ * ```
+ */
+declare function chain(behaviors: BehaviorFn[]): BehaviorFn;
+/**
+ * Executes an ordered list of rules against a request, stopping at the first
+ * rule whose behavior returns `{ action: 'respond' }`.
+ *
+ * This is called internally by `defineViewerRequest`; you rarely need to call
+ * it directly unless building a custom adapter.
+ *
+ * @param rules - Ordered array of rules to evaluate.
+ * @param request - The normalized `HttpRequest` to process.
+ * @returns A `BehaviorResult` — either `{ action: 'respond', response }` or
+ *   `{ action: 'continue', request }` with the final mutated request.
+ */
+declare function runRules(rules: Rule[], request: HttpRequest): BehaviorResult;
+
+export { all, any, chain, not, rule, runRules };

package/dist/core/rule.d.ts

@@ -0,0 +1,101 @@
+import { CriteriaFn, BehaviorFn, Rule, HttpRequest, BehaviorResult } from './types.js';
+
+/**
+ * Creates a rule that always runs the given behavior (no criteria guard).
+ *
+ * @param behavior - The behavior function to execute for every request.
+ * @returns A `Rule` object to pass to `defineViewerRequest`.
+ *
+ * @example
+ * ```ts
+ * // Always set security headers, regardless of path
+ * rule(setSecurityHeaders())
+ * ```
+ */
+declare function rule(behavior: BehaviorFn): Rule;
+/**
+ * Creates a rule that runs the behavior only when the criteria returns `true`.
+ *
+ * @param criteria - Guard function; the behavior runs only when this returns `true`.
+ * @param behavior - The behavior function to execute when criteria matches.
+ * @returns A `Rule` object to pass to `defineViewerRequest`.
+ *
+ * @example
+ * ```ts
+ * // Redirect /old-path to /new-path
+ * rule(pathPrefix(['/old-path']), redirect(301, '/new-path'))
+ * ```
+ */
+declare function rule(criteria: CriteriaFn, behavior: BehaviorFn): Rule;
+/**
+ * Combines multiple criteria with AND logic — all must return `true`.
+ *
+ * @param fns - Array of criteria functions to evaluate.
+ * @returns A `CriteriaFn` that returns `true` only when every function in `fns` returns `true`.
+ *
+ * @example
+ * ```ts
+ * rule(all([pathPrefix(['/api/']), methodIs(['POST'])]), constructResponse({ statusCode: 403 }))
+ * ```
+ */
+declare function all(fns: CriteriaFn[]): CriteriaFn;
+/**
+ * Combines multiple criteria with OR logic — at least one must return `true`.
+ *
+ * @param fns - Array of criteria functions to evaluate.
+ * @returns A `CriteriaFn` that returns `true` when any function in `fns` returns `true`.
+ *
+ * @example
+ * ```ts
+ * rule(any([pathPrefix(['/admin/']), ipCidr(['10.0.0.0/8'])]), redirect(302, '/blocked'))
+ * ```
+ */
+declare function any(fns: CriteriaFn[]): CriteriaFn;
+/**
+ * Negates a criteria function — returns `true` when the wrapped function returns `false`.
+ *
+ * @param fn - The criteria function to negate.
+ * @returns A `CriteriaFn` that returns the logical inverse of `fn`.
+ *
+ * @example
+ * ```ts
+ * // Block all non-internal IPs
+ * rule(not(ipCidr(['10.0.0.0/8', '192.168.0.0/16'])), redirect(302, '/blocked'))
+ * ```
+ */
+declare function not(fn: CriteriaFn): CriteriaFn;
+/**
+ * Chains multiple behavior functions sequentially, passing the mutated request
+ * from each behavior to the next. Stops immediately if any behavior returns
+ * `{ action: 'respond' }`.
+ *
+ * Use this when a single Akamai rule has multiple behaviors that must operate
+ * on the same (possibly mutated) request. Without chaining, splitting behaviors
+ * into separate `rule()` calls causes each to re-evaluate criteria against
+ * the original request — breaking cases where behavior 1 rewrites the URI
+ * and behavior 2 must see the rewritten path.
+ *
+ * @param behaviors - Ordered array of behavior functions to execute in sequence.
+ * @returns A single `BehaviorFn` that runs all behaviors in order.
+ *
+ * @example
+ * ```ts
+ * rule(pathPrefix(['/api/']), chain([rewriteUri('replace', '/v2', '/api'), setRequestHeader('x-api-version', '2')]))
+ * ```
+ */
+declare function chain(behaviors: BehaviorFn[]): BehaviorFn;
+/**
+ * Executes an ordered list of rules against a request, stopping at the first
+ * rule whose behavior returns `{ action: 'respond' }`.
+ *
+ * This is called internally by `defineViewerRequest`; you rarely need to call
+ * it directly unless building a custom adapter.
+ *
+ * @param rules - Ordered array of rules to evaluate.
+ * @param request - The normalized `HttpRequest` to process.
+ * @returns A `BehaviorResult` — either `{ action: 'respond', response }` or
+ *   `{ action: 'continue', request }` with the final mutated request.
+ */
+declare function runRules(rules: Rule[], request: HttpRequest): BehaviorResult;
+
+export { all, any, chain, not, rule, runRules };

package/dist/core/rule.js

@@ -0,0 +1,17 @@
+import {
+  all,
+  any,
+  chain,
+  not,
+  rule,
+  runRules
+} from "../chunk-Q4NP4C3B.js";
+import "../chunk-MLKGABMK.js";
+export {
+  all,
+  any,
+  chain,
+  not,
+  rule,
+  runRules
+};

package/dist/core/types.cjs

@@ -0,0 +1 @@
+"use strict";require('../chunk-MEHWLQLR.cjs');