npm - @redsocs/spam-warden - Versions diffs - 1.3.4 → 1.3.6 - Mend

@redsocs/spam-warden 1.3.4 → 1.3.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -109,7 +109,19 @@ Explicit opt-in protection. No data leaves the browser. Simply include the scrip
 Report blocked payloads to a central SOC, SIEM, or custom logging server. Use the `siems` attribute to define your receiving endpoint(s). You can provide a single URL or a comma-separated list of multiple URLs to broadcast the telemetry to several destinations simultaneously.
-Add `data-sd="1"` to enable built-in Data Loss Prevention (DLP), which automatically masks Credit Cards, Phone Numbers, and Emails (`[CARD_MASKED]`) before network transmission.
+#### Data Protection & Privacy (DLP / SD Flag)
+When telemetry is sent to a central SIEM, you might inadvertently transmit Personally Identifiable Information (PII) if the user typed it into the field.
+To ensure compliance with PDPA/GDPR, enable the **Sanitize Data (SD)** flag by adding `data-sd="1"` to the script tag, or setting `reportSD: true` in the programmatic config.
+When activated, SpamWarden's built-in DLP engine intercepts the payload _before_ it leaves the browser and aggressively masks:
+- **Credit Cards:** Replaces 16-digit patterns with `[CARD_MASKED]`
+- **Emails:** Replaces standard email formats with `[EMAIL_MASKED]`
+- **Phone Numbers:** Replaces standard Thai/International formats with `[PHONE_MASKED]`
+This guarantees that PII is scrubbed from the threat intelligence telemetry without requiring any backend processing.
 **Single Endpoint:**
@@ -146,17 +158,65 @@ if (result.isSpam) {
 }
 ```
----
+### 4. Programmatic Configuration (Advanced)
-## Scope & Backend Requirements
+If you are using a modern framework (React, Vue) or Node.js, you can configure SpamWarden programmatically instead of relying on HTML script attributes.
-SpamWarden is designed for **interactive web elements**: Contact Forms, Comment Sections, and Chat Inputs.
+```javascript
+// Example: Customizing behavior
+window.spamwarden.configure({
+  // Telemetry Destinations
+  endpoint: "https://siem.yourdomain.com/logs",
+  siemEndpoint: "https://backup-siem.yourdomain.com/logs",
+  autoReport: true,
+  isTrusted: true,
+  // Data Protection (DLP)
+  reportSD: true, // Same as data-sd="1"
+  payloadLimit: 250, // Max length of the reported payload text
+  // Custom Intercepts
+  onSpam: function (result) {
+    // Override the default alert() trap with your own UI behavior
+    console.warn("Spam detected with confidence: " + result.prob);
+    // showCustomModal("Blocked due to policy violation.");
+  },
+  customReporter: function (payload) {
+    // Override the default HTTP POST and handle the SIEM payload manually
+    // myCustomLogger.send(payload);
+  },
+});
+```
+### 5. Developer Mode & Debugging
+Because SpamWarden utilizes Hostile Active Defense (Phantom Cores, Traps, etc.), debugging it in the console can be difficult by design.
+If you are actively developing your UI and need to bypass the security traps or inspect the engine natively, append `data-sw-dev="true"` to your script tag:
+```html
+<script src="..." data-sw-dev="true"></script>
+```
 > [!WARNING]
-> **Client-Side Limits:** All client-side code is inherently bypassable by a sufficiently motivated, manual human attacker. If you require absolute security, you **must** validate payloads on your backend.
+> **Never deploy to production with `data-sw-dev="true"`.** This completely disables the decoy traps and exposes the global `window.spamwarden` object, making it easier for automated botnets to bypass the system.
+---
+## Scope & Independent Integrity Auditing
+SpamWarden.js is built exclusively to evaluate the live, fully rendered Document Object Model (DOM) right inside the browser.
+> [!IMPORTANT]
+> **Client-Side Compliance & Integrity Testing:**
+> While standard backend firewalls check incoming traffic patterns, they are completely blind to data injected directly into compromised template columns or static database rows. If your server has already been breached, backend validation will fail to detect the hidden output being served to search engine crawlers
+>
+> To audit existing compromise footprints, we use our private **[`badlinks`](https://redsocs.com/badlinks)** engine running within the internal **RedSocs Inspector** tools for our EASM platform. This specialized configuration allows auditors and security teams to:
 >
-> - **For WordPress:** Use our [SpamWarden WP Plugin](https://redsocs.com/spam-warden) to protect your server at the PHP layer.
-> - **For Custom Stacks (Node):** Grab this NPM package directly, bundle it internally, and run the `spamcheck()` function on your backend server before hitting your database.
+> - **Expose Stealth SEO Hijacking:** Automatically unmask hidden tags, hidden layout nodes (`display: none`, `opacity: 0`), and malicious cross-domain tracking assets designed to cheat search engine indices.
+> - **Run Local Compliance Sandboxing:** Evaluate target pages on the fly exactly as an NCSA integrity inspector or external search crawler experiences them, without altering a single line of production code on the target server.
+> - **Generate Deterministic Audit Telemetry:** Stream immediate, non-disruptive compliance indicators back to your secure C2 infrastructure or central SOC to document legal alignment with the [NCSA Web Standard 1.0 framework](https://cdn.redsocs.com/html/ncsa-check.html) - Thailand.
 ---
@@ -187,7 +247,7 @@ Sanitized:    "Win [CARD_MASKED] now! [at]TUNA_FISH"
 ================================================
 ```
-**_And if it no config or attribute script at `endpoint` this tool send nothing to the outside._**
+**And if it no config or attribute script at `siems` endpoint (like `siems="https://siem-log.youdomain.co.th/spam"`) when initial page; this tool send nothing to the outside.**
 ---
@@ -197,14 +257,16 @@ About
 - **License:** MIT
 - **Inquiries & Enterprise Support:** [pichit[at]redsocs.com](https://www.google.com/search?q=mailto%3Apichit%40redsocs.com)
 - **Sponsor:** [Buy Me a Coffee](https://buymeacoffee.com/redsocs?new=1)
----
+  [![Sponsor](https://img.shields.io/badge/Sponsor-Buy%20Me%20a%20Coffee-ffdd00?style=flat&logo=buy-me-a-coffee&logoColor=black)](https://buymeacoffee.com/redsocs?new=1)
 ### Technical Specs
-| Property            | Value                             |
-| ------------------- | --------------------------------- |
-| **Minified Size**   | ~2.0 MB (including model weights) |
-| **Gzipped Size**    | **~341 KB**                       |
-| **Dependencies**    | 0 (Vanilla JS)                    |
-| **Vocabulary**1.3.0 | 28,106 features                   |
+| Property          | Value                             |
+| ----------------- | --------------------------------- |
+| **Minified Size** | ~2.0 MB (including model weights) |
+| **Gzipped Size**  | **~341 KB**                       |
+| **Dependencies**  | 0 (Vanilla JS)                    |
+| **Vocabulary**    | 28,106 features                   |
+---
+**Disclaimer:** This tool is not endorsed by the National Cyber Security Agency (NCSA) or any government security sector unit. You can validate your judgment at the Standard & Action Security Policy Audit at [https://www.ncsa.or.th/standards](https://www.ncsa.or.th/standards).