npm - @shadow-corp/nearconnect - Versions diffs - 1.0.0 - Mend

@shadow-corp/nearconnect 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (179) hide show

package/README.md +546 -0
package/build/InjectedWallet.d.ts +22 -0
package/build/InjectedWallet.js +58 -0
package/build/InjectedWallet.js.map +1 -0
package/build/NearConnector.d.ts +151 -0
package/build/NearConnector.js +536 -0
package/build/NearConnector.js.map +1 -0
package/build/ParentFrameWallet.d.ts +22 -0
package/build/ParentFrameWallet.js +66 -0
package/build/ParentFrameWallet.js.map +1 -0
package/build/SandboxedWallet/code.d.ts +7 -0
package/build/SandboxedWallet/code.js +324 -0
package/build/SandboxedWallet/code.js.map +1 -0
package/build/SandboxedWallet/executor.d.ts +23 -0
package/build/SandboxedWallet/executor.js +338 -0
package/build/SandboxedWallet/executor.js.map +1 -0
package/build/SandboxedWallet/iframe.d.ts +18 -0
package/build/SandboxedWallet/iframe.js +78 -0
package/build/SandboxedWallet/iframe.js.map +1 -0
package/build/SandboxedWallet/index.d.ts +24 -0
package/build/SandboxedWallet/index.js +54 -0
package/build/SandboxedWallet/index.js.map +1 -0
package/build/actions/index.d.ts +3 -0
package/build/actions/index.js +105 -0
package/build/actions/index.js.map +1 -0
package/build/actions/types.d.ts +76 -0
package/build/actions/types.js +3 -0
package/build/actions/types.js.map +1 -0
package/build/connection/health.d.ts +213 -0
package/build/connection/health.js +391 -0
package/build/connection/health.js.map +1 -0
package/build/connection/index.d.ts +4 -0
package/build/connection/index.js +48 -0
package/build/connection/index.js.map +1 -0
package/build/connection/reconnect.d.ts +261 -0
package/build/connection/reconnect.js +454 -0
package/build/connection/reconnect.js.map +1 -0
package/build/connection/retry.d.ts +187 -0
package/build/connection/retry.js +427 -0
package/build/connection/retry.js.map +1 -0
package/build/connection/state.d.ts +222 -0
package/build/connection/state.js +431 -0
package/build/connection/state.js.map +1 -0
package/build/errors.d.ts +177 -0
package/build/errors.js +546 -0
package/build/errors.js.map +1 -0
package/build/hardware/errors.d.ts +36 -0
package/build/hardware/errors.js +127 -0
package/build/hardware/errors.js.map +1 -0
package/build/hardware/index.d.ts +7 -0
package/build/hardware/index.js +39 -0
package/build/hardware/index.js.map +1 -0
package/build/hardware/near-app.d.ts +95 -0
package/build/hardware/near-app.js +291 -0
package/build/hardware/near-app.js.map +1 -0
package/build/hardware/transport.d.ts +94 -0
package/build/hardware/transport.js +267 -0
package/build/hardware/transport.js.map +1 -0
package/build/hardware/types.d.ts +98 -0
package/build/hardware/types.js +72 -0
package/build/hardware/types.js.map +1 -0
package/build/helpers/analytics.d.ts +191 -0
package/build/helpers/analytics.js +304 -0
package/build/helpers/analytics.js.map +1 -0
package/build/helpers/base58.d.ts +6 -0
package/build/helpers/base58.js +47 -0
package/build/helpers/base58.js.map +1 -0
package/build/helpers/events.d.ts +42 -0
package/build/helpers/events.js +68 -0
package/build/helpers/events.js.map +1 -0
package/build/helpers/html.d.ts +8 -0
package/build/helpers/html.js +30 -0
package/build/helpers/html.js.map +1 -0
package/build/helpers/indexdb.d.ts +14 -0
package/build/helpers/indexdb.js +166 -0
package/build/helpers/indexdb.js.map +1 -0
package/build/helpers/manifest.d.ts +147 -0
package/build/helpers/manifest.js +329 -0
package/build/helpers/manifest.js.map +1 -0
package/build/helpers/queue.d.ts +11 -0
package/build/helpers/queue.js +48 -0
package/build/helpers/queue.js.map +1 -0
package/build/helpers/session.d.ts +119 -0
package/build/helpers/session.js +289 -0
package/build/helpers/session.js.map +1 -0
package/build/helpers/simulation.d.ts +128 -0
package/build/helpers/simulation.js +441 -0
package/build/helpers/simulation.js.map +1 -0
package/build/helpers/storage.d.ts +58 -0
package/build/helpers/storage.js +190 -0
package/build/helpers/storage.js.map +1 -0
package/build/helpers/trust.d.ts +157 -0
package/build/helpers/trust.js +340 -0
package/build/helpers/trust.js.map +1 -0
package/build/helpers/url.d.ts +1 -0
package/build/helpers/url.js +13 -0
package/build/helpers/url.js.map +1 -0
package/build/helpers/uuid.d.ts +1 -0
package/build/helpers/uuid.js +14 -0
package/build/helpers/uuid.js.map +1 -0
package/build/index.d.ts +21 -0
package/build/index.js +167 -0
package/build/index.js.map +1 -0
package/build/popups/IframeWalletPopup.d.ts +16 -0
package/build/popups/IframeWalletPopup.js +38 -0
package/build/popups/IframeWalletPopup.js.map +1 -0
package/build/popups/NearWalletsPopup.d.ts +25 -0
package/build/popups/NearWalletsPopup.js +153 -0
package/build/popups/NearWalletsPopup.js.map +1 -0
package/build/popups/Popup.d.ts +22 -0
package/build/popups/Popup.js +94 -0
package/build/popups/Popup.js.map +1 -0
package/build/popups/styles.d.ts +1 -0
package/build/popups/styles.js +257 -0
package/build/popups/styles.js.map +1 -0
package/build/security/audit-log.d.ts +123 -0
package/build/security/audit-log.js +268 -0
package/build/security/audit-log.js.map +1 -0
package/build/security/csp.d.ts +68 -0
package/build/security/csp.js +328 -0
package/build/security/csp.js.map +1 -0
package/build/security/index.d.ts +10 -0
package/build/security/index.js +42 -0
package/build/security/index.js.map +1 -0
package/build/security/origin-guard.d.ts +90 -0
package/build/security/origin-guard.js +244 -0
package/build/security/origin-guard.js.map +1 -0
package/build/security/rate-limiter.d.ts +84 -0
package/build/security/rate-limiter.js +212 -0
package/build/security/rate-limiter.js.map +1 -0
package/build/security/secure-storage.d.ts +77 -0
package/build/security/secure-storage.js +242 -0
package/build/security/secure-storage.js.map +1 -0
package/build/security/transaction-guard.d.ts +71 -0
package/build/security/transaction-guard.js +239 -0
package/build/security/transaction-guard.js.map +1 -0
package/build/types.d.ts +508 -0
package/build/types.js +3 -0
package/build/types.js.map +1 -0
package/build/ui/AccountSwitcherModal.d.ts +53 -0
package/build/ui/AccountSwitcherModal.js +239 -0
package/build/ui/AccountSwitcherModal.js.map +1 -0
package/build/ui/Modal.d.ts +84 -0
package/build/ui/Modal.js +278 -0
package/build/ui/Modal.js.map +1 -0
package/build/ui/TransactionModal.d.ts +84 -0
package/build/ui/TransactionModal.js +406 -0
package/build/ui/TransactionModal.js.map +1 -0
package/build/ui/WalletSelectorModal.d.ts +97 -0
package/build/ui/WalletSelectorModal.js +481 -0
package/build/ui/WalletSelectorModal.js.map +1 -0
package/build/ui/icons.d.ts +19 -0
package/build/ui/icons.js +65 -0
package/build/ui/icons.js.map +1 -0
package/build/ui/index.d.ts +10 -0
package/build/ui/index.js +31 -0
package/build/ui/index.js.map +1 -0
package/build/ui/styles.d.ts +5 -0
package/build/ui/styles.js +973 -0
package/build/ui/styles.js.map +1 -0
package/build/ui/theme.d.ts +133 -0
package/build/ui/theme.js +204 -0
package/build/ui/theme.js.map +1 -0
package/build/wallets/external/index.d.ts +4 -0
package/build/wallets/external/index.js +9 -0
package/build/wallets/external/index.js.map +1 -0
package/build/wallets/external/manager.d.ts +152 -0
package/build/wallets/external/manager.js +586 -0
package/build/wallets/external/manager.js.map +1 -0
package/build/wallets/privileged/index.d.ts +5 -0
package/build/wallets/privileged/index.js +12 -0
package/build/wallets/privileged/index.js.map +1 -0
package/build/wallets/privileged/ledger.d.ts +132 -0
package/build/wallets/privileged/ledger.js +563 -0
package/build/wallets/privileged/ledger.js.map +1 -0
package/build/wallets/privileged/manager.d.ts +54 -0
package/build/wallets/privileged/manager.js +174 -0
package/build/wallets/privileged/manager.js.map +1 -0
package/package.json +33 -0

package/build/security/audit-log.js ADDED Viewed

@@ -0,0 +1,268 @@
+"use strict";
+/**
+ * Audit Logging Layer
+ * Tracks all wallet actions for investigation and compliance
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuditLog = void 0;
+exports.createAuditLog = createAuditLog;
+class AuditLog {
+    events = [];
+    config;
+    sessionId;
+    remoteQueue = [];
+    flushTimeout = null;
+    constructor(config = { enabled: true }) {
+        this.config = {
+            maxEvents: 1000,
+            consoleLog: false,
+            persist: false,
+            ...config,
+        };
+        this.sessionId = crypto.randomUUID();
+        // Load persisted events
+        if (this.config.persist) {
+            this.loadPersistedEvents();
+        }
+    }
+    /**
+     * Log an audit event
+     */
+    log(type, data) {
+        if (!this.config.enabled)
+            return null;
+        // Filter by event types if configured
+        if (this.config.eventTypes && !this.config.eventTypes.includes(type)) {
+            return null;
+        }
+        const event = {
+            id: crypto.randomUUID(),
+            timestamp: Date.now(),
+            type,
+            sessionId: this.sessionId,
+            userAgent: typeof navigator !== 'undefined' ? navigator.userAgent : undefined,
+            ...data,
+        };
+        // Add to memory
+        this.events.push(event);
+        // Trim old events
+        if (this.events.length > (this.config.maxEvents || 1000)) {
+            this.events = this.events.slice(-(this.config.maxEvents || 1000) / 2);
+        }
+        // Callback
+        this.config.onEvent?.(event);
+        // Console log security events
+        if (this.config.consoleLog || this.isSecurityEvent(type)) {
+            this.consoleLogEvent(event);
+        }
+        // Persist if enabled
+        if (this.config.persist) {
+            this.persistEvents();
+        }
+        // Queue for remote if configured
+        if (this.config.remoteEndpoint) {
+            this.queueRemote(event);
+        }
+        return event;
+    }
+    /**
+     * Log a security violation
+     */
+    logSecurityViolation(message, data, risk = 'high') {
+        return this.log('security:violation', {
+            data: { message, ...data },
+            risk,
+        });
+    }
+    /**
+     * Log a security warning
+     */
+    logSecurityWarning(message, data) {
+        return this.log('security:warning', {
+            data: { message, ...data },
+            risk: 'medium',
+        });
+    }
+    /**
+     * Log a transaction
+     */
+    logTransaction(type, txData) {
+        return this.log(type, {
+            walletId: txData.walletId,
+            accountId: txData.accountId,
+            data: {
+                receiverId: txData.receiverId,
+                hash: txData.hash,
+                error: txData.error,
+            },
+            risk: txData.risk,
+        });
+    }
+    /**
+     * Get events with optional filtering
+     */
+    getEvents(filter) {
+        let events = [...this.events];
+        if (filter?.type) {
+            const types = Array.isArray(filter.type) ? filter.type : [filter.type];
+            events = events.filter(e => types.includes(e.type));
+        }
+        if (filter?.since) {
+            events = events.filter(e => e.timestamp >= filter.since);
+        }
+        if (filter?.until) {
+            events = events.filter(e => e.timestamp <= filter.until);
+        }
+        if (filter?.walletId) {
+            events = events.filter(e => e.walletId === filter.walletId);
+        }
+        if (filter?.accountId) {
+            events = events.filter(e => e.accountId === filter.accountId);
+        }
+        if (filter?.risk) {
+            const risks = Array.isArray(filter.risk) ? filter.risk : [filter.risk];
+            events = events.filter(e => e.risk && risks.includes(e.risk));
+        }
+        if (filter?.limit) {
+            events = events.slice(-filter.limit);
+        }
+        return events;
+    }
+    /**
+     * Get security-related events
+     */
+    getSecurityEvents() {
+        return this.getEvents({
+            type: ['security:violation', 'security:warning', 'tx:blocked', 'rate:limited'],
+        });
+    }
+    /**
+     * Get events for a specific session
+     */
+    getSessionEvents(sessionId) {
+        const sid = sessionId || this.sessionId;
+        return this.events.filter(e => e.sessionId === sid);
+    }
+    /**
+     * Export events as JSON
+     */
+    export(filter) {
+        const events = filter ? this.getEvents(filter) : this.events;
+        return JSON.stringify(events, null, 2);
+    }
+    /**
+     * Export events as CSV
+     */
+    exportCsv(filter) {
+        const events = filter ? this.getEvents(filter) : this.events;
+        const headers = ['id', 'timestamp', 'type', 'walletId', 'accountId', 'risk', 'data'];
+        const rows = events.map(e => [
+            e.id,
+            new Date(e.timestamp).toISOString(),
+            e.type,
+            e.walletId || '',
+            e.accountId || '',
+            e.risk || '',
+            JSON.stringify(e.data || {}),
+        ]);
+        return [headers.join(','), ...rows.map(r => r.map(c => `"${c}"`).join(','))].join('\n');
+    }
+    /**
+     * Clear all events
+     */
+    clear() {
+        this.events = [];
+        if (this.config.persist) {
+            localStorage.removeItem('near-connect:audit-log');
+        }
+    }
+    /**
+     * Get current session ID
+     */
+    getSessionId() {
+        return this.sessionId;
+    }
+    /**
+     * Flush remote queue immediately
+     */
+    async flushRemote() {
+        if (!this.config.remoteEndpoint || this.remoteQueue.length === 0)
+            return;
+        const events = [...this.remoteQueue];
+        this.remoteQueue = [];
+        try {
+            await fetch(this.config.remoteEndpoint, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                    ...this.config.remoteHeaders,
+                },
+                body: JSON.stringify({ events }),
+            });
+        }
+        catch (error) {
+            // Re-queue on failure
+            this.remoteQueue = [...events, ...this.remoteQueue];
+            console.warn('[AuditLog] Failed to send events to remote', error);
+        }
+    }
+    isSecurityEvent(type) {
+        return type.startsWith('security:') ||
+            type === 'tx:blocked' ||
+            type === 'rate:limited';
+    }
+    consoleLogEvent(event) {
+        const prefix = this.isSecurityEvent(event.type) ? '🚨' : '📋';
+        const level = this.isSecurityEvent(event.type) ? 'warn' : 'info';
+        console[level](`${prefix} [Audit] ${event.type}`, {
+            walletId: event.walletId,
+            accountId: event.accountId,
+            risk: event.risk,
+            data: event.data,
+        });
+    }
+    queueRemote(event) {
+        this.remoteQueue.push(event);
+        // Debounce flush
+        if (this.flushTimeout) {
+            clearTimeout(this.flushTimeout);
+        }
+        this.flushTimeout = setTimeout(() => {
+            this.flushRemote().catch(console.error);
+        }, 5000);
+    }
+    persistEvents() {
+        try {
+            // Only persist last 100 events
+            const toStore = this.events.slice(-100);
+            localStorage.setItem('near-connect:audit-log', JSON.stringify(toStore));
+        }
+        catch {
+            // Ignore storage errors
+        }
+    }
+    loadPersistedEvents() {
+        try {
+            const stored = localStorage.getItem('near-connect:audit-log');
+            if (stored) {
+                this.events = JSON.parse(stored);
+            }
+        }
+        catch {
+            // Ignore parse errors
+        }
+    }
+}
+exports.AuditLog = AuditLog;
+/**
+ * Create an audit log with default configuration
+ */
+function createAuditLog(config) {
+    return new AuditLog({
+        enabled: true,
+        maxEvents: 1000,
+        consoleLog: false, // Set to true for development debugging
+        ...config,
+    });
+}
+//# sourceMappingURL=audit-log.js.map

package/build/security/audit-log.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"audit-log.js","sourceRoot":"","sources":["../../src/security/audit-log.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AA0XH,wCAOC;AApUD,MAAa,QAAQ;IACX,MAAM,GAAiB,EAAE,CAAC;IAC1B,MAAM,CAAiB;IACvB,SAAS,CAAS;IAClB,WAAW,GAAiB,EAAE,CAAC;IAC/B,YAAY,GAAyC,IAAI,CAAC;IAElE,YAAY,SAAyB,EAAE,OAAO,EAAE,IAAI,EAAE;QACpD,IAAI,CAAC,MAAM,GAAG;YACZ,SAAS,EAAE,IAAI;YACf,UAAU,EAAE,KAAK;YACjB,OAAO,EAAE,KAAK;YACd,GAAG,MAAM;SACV,CAAC;QAEF,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAErC,wBAAwB;QACxB,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACxB,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAC7B,CAAC;IACH,CAAC;IAED;;OAEG;IACH,GAAG,CAAC,IAAoB,EAAE,IAA6D;QACrF,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC;QAEtC,sCAAsC;QACtC,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACrE,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,KAAK,GAAe;YACxB,EAAE,EAAE,MAAM,CAAC,UAAU,EAAE;YACvB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,IAAI;YACJ,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,SAAS,EAAE,OAAO,SAAS,KAAK,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;YAC7E,GAAG,IAAI;SACR,CAAC;QAEF,gBAAgB;QAChB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAExB,kBAAkB;QAClB,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC,EAAE,CAAC;YACzD,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QACxE,CAAC;QAED,WAAW;QACX,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC;QAE7B,8BAA8B;QAC9B,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC;YACzD,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;QAC9B,CAAC;QAED,qBAAqB;QACrB,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACxB,IAAI,CAAC,aAAa,EAAE,CAAC;QACvB,CAAC;QAED,iCAAiC;QACjC,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;YAC/B,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAC1B,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,oBAAoB,CAClB,OAAe,EACf,IAA8B,EAC9B,OAA2B,MAAM;QAEjC,OAAO,IAAI,CAAC,GAAG,CAAC,oBAAoB,EAAE;YACpC,IAAI,EAAE,EAAE,OAAO,EAAE,GAAG,IAAI,EAAE;YAC1B,IAAI;SACL,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,kBAAkB,CAChB,OAAe,EACf,IAA8B;QAE9B,OAAO,IAAI,CAAC,GAAG,CAAC,kBAAkB,EAAE;YAClC,IAAI,EAAE,EAAE,OAAO,EAAE,GAAG,IAAI,EAAE;YAC1B,IAAI,EAAE,QAAQ;SACf,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,cAAc,CACZ,IAA6D,EAC7D,MAOC;QAED,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE;YACpB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,IAAI,EAAE;gBACJ,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,KAAK,EAAE,MAAM,CAAC,KAAK;aACpB;YACD,IAAI,EAAE,MAAM,CAAC,IAAI;SAClB,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,MAQT;QACC,IAAI,MAAM,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;QAE9B,IAAI,MAAM,EAAE,IAAI,EAAE,CAAC;YACjB,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACvE,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QACtD,CAAC;QAED,IAAI,MAAM,EAAE,KAAK,EAAE,CAAC;YAClB,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,MAAM,CAAC,KAAM,CAAC,CAAC;QAC5D,CAAC;QAED,IAAI,MAAM,EAAE,KAAK,EAAE,CAAC;YAClB,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,MAAM,CAAC,KAAM,CAAC,CAAC;QAC5D,CAAC;QAED,IAAI,MAAM,EAAE,QAAQ,EAAE,CAAC;YACrB,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC9D,CAAC;QAED,IAAI,MAAM,EAAE,SAAS,EAAE,CAAC;YACtB,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,MAAM,CAAC,SAAS,CAAC,CAAC;QAChE,CAAC;QAED,IAAI,MAAM,EAAE,IAAI,EAAE,CAAC;YACjB,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACvE,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QAChE,CAAC;QAED,IAAI,MAAM,EAAE,KAAK,EAAE,CAAC;YAClB,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvC,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,iBAAiB;QACf,OAAO,IAAI,CAAC,SAAS,CAAC;YACpB,IAAI,EAAE,CAAC,oBAAoB,EAAE,kBAAkB,EAAE,YAAY,EAAE,cAAc,CAAC;SAC/E,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,SAAkB;QACjC,MAAM,GAAG,GAAG,SAAS,IAAI,IAAI,CAAC,SAAS,CAAC;QACxC,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,GAAG,CAAC,CAAC;IACtD,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,MAA6C;QAClD,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC;QAC7D,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACzC,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,MAA6C;QACrD,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC;QAC7D,MAAM,OAAO,GAAG,CAAC,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACrF,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3B,CAAC,CAAC,EAAE;YACJ,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE;YACnC,CAAC,CAAC,IAAI;YACN,CAAC,CAAC,QAAQ,IAAI,EAAE;YAChB,CAAC,CAAC,SAAS,IAAI,EAAE;YACjB,CAAC,CAAC,IAAI,IAAI,EAAE;YACZ,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;SAC7B,CAAC,CAAC;QAEH,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1F,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC;QACjB,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACxB,YAAY,CAAC,UAAU,CAAC,wBAAwB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAED;;OAEG;IACH,YAAY;QACV,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW;QACf,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO;QAEzE,MAAM,MAAM,GAAG,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC;QACrC,IAAI,CAAC,WAAW,GAAG,EAAE,CAAC;QAEtB,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE;gBACtC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;oBAClC,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa;iBAC7B;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;aACjC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,sBAAsB;YACtB,IAAI,CAAC,WAAW,GAAG,CAAC,GAAG,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC;YACpD,OAAO,CAAC,IAAI,CAAC,4CAA4C,EAAE,KAAK,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;IAEO,eAAe,CAAC,IAAoB;QAC1C,OAAO,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC;YAC5B,IAAI,KAAK,YAAY;YACrB,IAAI,KAAK,cAAc,CAAC;IACjC,CAAC;IAEO,eAAe,CAAC,KAAiB;QACvC,MAAM,MAAM,GAAG,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;QAC9D,MAAM,KAAK,GAAG,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;QAEjE,OAAO,CAAC,KAAK,CAAC,CACZ,GAAG,MAAM,YAAY,KAAK,CAAC,IAAI,EAAE,EACjC;YACE,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,IAAI,EAAE,KAAK,CAAC,IAAI;SACjB,CACF,CAAC;IACJ,CAAC;IAEO,WAAW,CAAC,KAAiB;QACnC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAE7B,iBAAiB;QACjB,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAClC,CAAC;QAED,IAAI,CAAC,YAAY,GAAG,UAAU,CAAC,GAAG,EAAE;YAClC,IAAI,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAC1C,CAAC,EAAE,IAAI,CAAC,CAAC;IACX,CAAC;IAEO,aAAa;QACnB,IAAI,CAAC;YACH,+BAA+B;YAC/B,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC;YACxC,YAAY,CAAC,OAAO,CAAC,wBAAwB,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;QAC1E,CAAC;QAAC,MAAM,CAAC;YACP,wBAAwB;QAC1B,CAAC;IACH,CAAC;IAEO,mBAAmB;QACzB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,YAAY,CAAC,OAAO,CAAC,wBAAwB,CAAC,CAAC;YAC9D,IAAI,MAAM,EAAE,CAAC;gBACX,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YACnC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,sBAAsB;QACxB,CAAC;IACH,CAAC;CACF;AAxTD,4BAwTC;AAED;;GAEG;AACH,SAAgB,cAAc,CAAC,MAAgC;IAC7D,OAAO,IAAI,QAAQ,CAAC;QAClB,OAAO,EAAE,IAAI;QACb,SAAS,EAAE,IAAI;QACf,UAAU,EAAE,KAAK,EAAE,wCAAwC;QAC3D,GAAG,MAAM;KACV,CAAC,CAAC;AACL,CAAC"}

package/build/security/csp.d.ts ADDED Viewed

@@ -0,0 +1,68 @@
+/**
+ * Content Security Policy Helper & Security Checklist
+ * Hardens browser security against XSS and injection attacks
+ */
+export interface CSPDirectives {
+    'default-src'?: string[];
+    'script-src'?: string[];
+    'style-src'?: string[];
+    'connect-src'?: string[];
+    'frame-src'?: string[];
+    'img-src'?: string[];
+    'font-src'?: string[];
+    'object-src'?: string[];
+    'base-uri'?: string[];
+    'form-action'?: string[];
+    'frame-ancestors'?: string[];
+    'worker-src'?: string[];
+    'child-src'?: string[];
+}
+/**
+ * Default CSP directives for apps using NearConnect
+ */
+export declare const DEFAULT_CSP_DIRECTIVES: CSPDirectives;
+/**
+ * Generate CSP header string from directives
+ */
+export declare function generateCSP(directives?: CSPDirectives): string;
+/**
+ * Get recommended CSP for apps using NearConnect
+ */
+export declare function getRecommendedCSP(): string;
+/**
+ * Merge custom CSP directives with defaults
+ */
+export declare function mergeCSP(custom: Partial<CSPDirectives>): CSPDirectives;
+/**
+ * Apply CSP via meta tag (for SPAs that can't set headers)
+ */
+export declare function applyCSPMetaTag(directives?: CSPDirectives): void;
+export interface SecurityCheck {
+    name: string;
+    passed: boolean;
+    severity: 'critical' | 'high' | 'medium' | 'low' | 'info';
+    message: string;
+    recommendation?: string;
+}
+/**
+ * Run comprehensive security checklist
+ */
+export declare function runSecurityChecklist(): SecurityCheck[];
+/**
+ * Get summary of security checklist
+ */
+export declare function getSecuritySummary(checks?: SecurityCheck[]): {
+    passed: number;
+    failed: number;
+    total: number;
+    critical: number;
+    score: number;
+    grade: 'A' | 'B' | 'C' | 'D' | 'F';
+};
+/**
+ * Verify current page has secure context for wallet operations
+ */
+export declare function verifySecureContext(): {
+    secure: boolean;
+    issues: string[];
+};

package/build/security/csp.js ADDED Viewed

@@ -0,0 +1,328 @@
+"use strict";
+/**
+ * Content Security Policy Helper & Security Checklist
+ * Hardens browser security against XSS and injection attacks
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_CSP_DIRECTIVES = void 0;
+exports.generateCSP = generateCSP;
+exports.getRecommendedCSP = getRecommendedCSP;
+exports.mergeCSP = mergeCSP;
+exports.applyCSPMetaTag = applyCSPMetaTag;
+exports.runSecurityChecklist = runSecurityChecklist;
+exports.getSecuritySummary = getSecuritySummary;
+exports.verifySecureContext = verifySecureContext;
+/**
+ * Default CSP directives for apps using NearConnect
+ */
+exports.DEFAULT_CSP_DIRECTIVES = {
+    // Default fallback
+    'default-src': ["'self'"],
+    // Scripts - no inline, no eval for security
+    'script-src': ["'self'"],
+    // Styles - allow inline for wallet UIs (required for dynamic styling)
+    'style-src': ["'self'", "'unsafe-inline'"],
+    // Connect - RPC endpoints, WalletConnect, verification
+    'connect-src': [
+        "'self'",
+        'https://rpc.mainnet.near.org',
+        'https://rpc.testnet.near.org',
+        'https://archival-rpc.mainnet.near.org',
+        'https://archival-rpc.testnet.near.org',
+        'wss://relay.walletconnect.com',
+        'https://verify.walletconnect.com',
+        'https://explorer-api.mainnet.near.org',
+        'https://explorer-api.testnet.near.org',
+    ],
+    // Frames - wallet iframes
+    'frame-src': [
+        "'self'",
+        'https://wallet.nicklatkovich.dev',
+        'https://hot-labs.org',
+        'https://app.mynearwallet.com',
+        'https://wallet.meteorwallet.app',
+        'https://my.herewallet.app',
+        'https://sender.org',
+        'https://wallet.nightly.app',
+        'https://wallet.mintbase.xyz',
+    ],
+    // Images
+    'img-src': ["'self'", 'data:', 'https:'],
+    // Fonts
+    'font-src': ["'self'"],
+    // No object/embed (Flash, etc.)
+    'object-src': ["'none'"],
+    // Base URI restriction
+    'base-uri': ["'self'"],
+    // Form submissions
+    'form-action': ["'self'"],
+    // Prevent clickjacking
+    'frame-ancestors': ["'self'"],
+    // Web workers
+    'worker-src': ["'self'", 'blob:'],
+};
+/**
+ * Generate CSP header string from directives
+ */
+function generateCSP(directives = exports.DEFAULT_CSP_DIRECTIVES) {
+    return Object.entries(directives)
+        .map(([key, values]) => `${key} ${values.join(' ')}`)
+        .join('; ');
+}
+/**
+ * Get recommended CSP for apps using NearConnect
+ */
+function getRecommendedCSP() {
+    return generateCSP(exports.DEFAULT_CSP_DIRECTIVES);
+}
+/**
+ * Merge custom CSP directives with defaults
+ */
+function mergeCSP(custom) {
+    const merged = { ...exports.DEFAULT_CSP_DIRECTIVES };
+    for (const [key, values] of Object.entries(custom)) {
+        const directive = key;
+        merged[directive] = [
+            ...(merged[directive] || []),
+            ...values,
+        ];
+    }
+    return merged;
+}
+/**
+ * Apply CSP via meta tag (for SPAs that can't set headers)
+ */
+function applyCSPMetaTag(directives) {
+    if (typeof document === 'undefined')
+        return;
+    const csp = generateCSP(directives);
+    // Remove existing CSP meta tag
+    const existing = document.querySelector('meta[http-equiv="Content-Security-Policy"]');
+    if (existing) {
+        existing.remove();
+    }
+    // Add new CSP meta tag
+    const meta = document.createElement('meta');
+    meta.httpEquiv = 'Content-Security-Policy';
+    meta.content = csp;
+    document.head.appendChild(meta);
+}
+/**
+ * Run comprehensive security checklist
+ */
+function runSecurityChecklist() {
+    const checks = [];
+    // Browser environment check
+    if (typeof window === 'undefined') {
+        return [{
+                name: 'Environment',
+                passed: true,
+                severity: 'info',
+                message: 'Running in non-browser environment',
+            }];
+    }
+    // 1. Secure context (HTTPS)
+    checks.push({
+        name: 'Secure Context',
+        passed: window.isSecureContext,
+        severity: 'critical',
+        message: window.isSecureContext
+            ? 'Running in secure context (HTTPS)'
+            : 'Not running in secure context',
+        recommendation: window.isSecureContext
+            ? undefined
+            : 'Deploy application over HTTPS for production use',
+    });
+    // 2. Frame protection (clickjacking)
+    const isFramed = window.self !== window.top;
+    checks.push({
+        name: 'Frame Protection',
+        passed: !isFramed,
+        severity: 'high',
+        message: isFramed
+            ? 'Page is embedded in an iframe - potential clickjacking risk'
+            : 'Page is not embedded in iframe',
+        recommendation: isFramed
+            ? 'Ensure the parent frame is trusted or add frame-ancestors CSP directive'
+            : undefined,
+    });
+    // 3. Web Crypto API
+    const hasCrypto = !!(crypto?.subtle);
+    checks.push({
+        name: 'Web Crypto API',
+        passed: hasCrypto,
+        severity: 'critical',
+        message: hasCrypto
+            ? 'Web Crypto API available for secure operations'
+            : 'Web Crypto API not available',
+        recommendation: hasCrypto
+            ? undefined
+            : 'Ensure browser supports Web Crypto API (requires HTTPS)',
+    });
+    // 4. Storage availability
+    const hasStorage = !!localStorage && !!sessionStorage;
+    checks.push({
+        name: 'Storage',
+        passed: hasStorage,
+        severity: 'medium',
+        message: hasStorage
+            ? 'Local and session storage available'
+            : 'Storage APIs not available',
+        recommendation: hasStorage
+            ? undefined
+            : 'Enable storage in browser settings for session persistence',
+    });
+    // 5. WebHID for hardware wallets
+    const hasWebHID = 'hid' in navigator;
+    checks.push({
+        name: 'WebHID Support',
+        passed: hasWebHID,
+        severity: 'low',
+        message: hasWebHID
+            ? 'Hardware wallet support available (WebHID)'
+            : 'Hardware wallet support not available',
+        recommendation: hasWebHID
+            ? undefined
+            : 'Use Chrome/Edge for hardware wallet (Ledger) support',
+    });
+    // 6. Cross-origin isolation
+    checks.push({
+        name: 'Cross-Origin Isolation',
+        passed: crossOriginIsolated,
+        severity: 'low',
+        message: crossOriginIsolated
+            ? 'Cross-origin isolated for enhanced security'
+            : 'Not cross-origin isolated',
+        recommendation: crossOriginIsolated
+            ? undefined
+            : 'Add COOP/COEP headers for enhanced isolation (optional)',
+    });
+    // 7. Check for common vulnerabilities
+    const hasEval = testEvalAvailable();
+    checks.push({
+        name: 'Eval Disabled',
+        passed: !hasEval,
+        severity: 'medium',
+        message: hasEval
+            ? 'eval() is available - potential code injection risk'
+            : 'eval() is properly restricted',
+        recommendation: hasEval
+            ? 'Add script-src CSP without unsafe-eval'
+            : undefined,
+    });
+    // 8. Service Worker scope
+    const hasSW = 'serviceWorker' in navigator;
+    checks.push({
+        name: 'Service Worker',
+        passed: true,
+        severity: 'info',
+        message: hasSW
+            ? 'Service Worker API available'
+            : 'Service Worker not available',
+    });
+    // 9. Permissions API
+    const hasPermissions = 'permissions' in navigator;
+    checks.push({
+        name: 'Permissions API',
+        passed: hasPermissions,
+        severity: 'info',
+        message: hasPermissions
+            ? 'Permissions API available for feature detection'
+            : 'Permissions API not available',
+    });
+    // 10. Referrer policy
+    const referrerMeta = document.querySelector('meta[name="referrer"]');
+    const hasStrictReferrer = referrerMeta?.getAttribute('content')?.includes('strict') ||
+        referrerMeta?.getAttribute('content') === 'no-referrer';
+    checks.push({
+        name: 'Referrer Policy',
+        passed: hasStrictReferrer,
+        severity: 'low',
+        message: hasStrictReferrer
+            ? 'Strict referrer policy configured'
+            : 'Consider adding strict referrer policy',
+        recommendation: hasStrictReferrer
+            ? undefined
+            : 'Add <meta name="referrer" content="strict-origin-when-cross-origin">',
+    });
+    return checks;
+}
+/**
+ * Get summary of security checklist
+ */
+function getSecuritySummary(checks) {
+    const results = checks || runSecurityChecklist();
+    const passed = results.filter(c => c.passed).length;
+    const failed = results.filter(c => !c.passed).length;
+    const critical = results.filter(c => !c.passed && c.severity === 'critical').length;
+    const total = results.length;
+    // Calculate weighted score
+    const weights = { critical: 30, high: 20, medium: 10, low: 5, info: 0 };
+    let maxScore = 0;
+    let actualScore = 0;
+    for (const check of results) {
+        const weight = weights[check.severity];
+        maxScore += weight;
+        if (check.passed) {
+            actualScore += weight;
+        }
+    }
+    const score = maxScore > 0 ? Math.round((actualScore / maxScore) * 100) : 100;
+    // Grade based on score and critical failures
+    let grade;
+    if (critical > 0) {
+        grade = 'F';
+    }
+    else if (score >= 90) {
+        grade = 'A';
+    }
+    else if (score >= 80) {
+        grade = 'B';
+    }
+    else if (score >= 70) {
+        grade = 'C';
+    }
+    else if (score >= 60) {
+        grade = 'D';
+    }
+    else {
+        grade = 'F';
+    }
+    return { passed, failed, total, critical, score, grade };
+}
+/**
+ * Test if eval is available (should be blocked by CSP)
+ */
+function testEvalAvailable() {
+    try {
+        // eslint-disable-next-line no-eval
+        eval('1');
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Verify current page has secure context for wallet operations
+ */
+function verifySecureContext() {
+    const issues = [];
+    if (typeof window === 'undefined') {
+        return { secure: true, issues: [] };
+    }
+    if (!window.isSecureContext) {
+        issues.push('Page is not in a secure context (HTTPS required)');
+    }
+    if (window.self !== window.top) {
+        issues.push('Page is embedded in an iframe');
+    }
+    if (!crypto?.subtle) {
+        issues.push('Web Crypto API not available');
+    }
+    return {
+        secure: issues.length === 0,
+        issues,
+    };
+}
+//# sourceMappingURL=csp.js.map