@redsocs/spam-warden 1.1.3 → 1.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +14 -1
- package/dist/spamwarden.min.js +2 -2
- package/package.json +2 -1
package/README.md
CHANGED
|
@@ -85,6 +85,19 @@ Traditional spam filters (like Akismet or ReCaptcha) often:
|
|
|
85
85
|
|
|
86
86
|
**SpamWarden** exists to provide a **local, fast, and Thai-centric** alternative that stops spam at the source: the user's input field.
|
|
87
87
|
|
|
88
|
+
# Security & "Brutal" Obfuscation
|
|
89
|
+
|
|
90
|
+
> [!WARNING]
|
|
91
|
+
> **Honesty First:** All client-side code is inherently bypassable. If a human can run it, a human can reverse-engineer it.
|
|
92
|
+
|
|
93
|
+
We use **JavaScript Obfuscator** with high-entropy settings (Control Flow Flattening, Dead Code Injection, String Array Transformations) for the `min.js` distribution. Here is why we do it "brutally":
|
|
94
|
+
|
|
95
|
+
1. **Anti-Hijacking:** Without obfuscation, a malicious actor can simply type `window.spamwarden.spamcheck = () => ({ isSpam: false })` in the console to bypass your entire defense. Obfuscation hides these entry points and variables, making it significantly harder to find and override the core logic.
|
|
96
|
+
2. **Model Protection:** The Bernoulli Naive Bayes weights and vocabulary are embedded in the file. Obfuscation protects this data from easy scraping and extraction by competitors or spam-bot developers.
|
|
97
|
+
3. **Defense-in-Depth:** While it isn't "encryption," it raises the **Cost of Attack**. It turns a 5-second bypass into a 5-hour reverse-engineering task. For most spammers, this friction is enough to make them move on to an easier target.
|
|
98
|
+
|
|
99
|
+
If you require absolute, unbreakable security, you **must** use our telemetry to double-check results on your backend.
|
|
100
|
+
|
|
88
101
|
# Local Simulation & Testing
|
|
89
102
|
|
|
90
103
|
You can spin up a local simulation server to test the DOM auto-blocking behavior and inspect the SIEM telemetry payloads in real time:
|
|
@@ -115,7 +128,7 @@ You can spin up a local simulation server to test the DOM auto-blocking behavior
|
|
|
115
128
|
|
|
116
129
|
# About
|
|
117
130
|
|
|
118
|
-
- **Version:** 1.1.
|
|
131
|
+
- **Version:** 1.1.5 (Engine v11.06)
|
|
119
132
|
- **Author:** [RedSocs](https://github.com/RedSocs)
|
|
120
133
|
- **License:** MIT
|
|
121
134
|
- **Model Origin:** Trained via [RedSocs/spam-labeler](https://github.com/RedSocs/spam-labeler)
|