npm - @svrnsec/pulse - Versions diffs - 0.6.0 → 0.7.0 - Mend

@svrnsec/pulse 0.6.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (33) hide show

package/README.md +242 -82
package/SECURITY.md +1 -1
package/dist/pulse.cjs.js +25 -25
package/dist/pulse.cjs.js.map +1 -1
package/dist/pulse.esm.js +25 -25
package/dist/pulse.esm.js.map +1 -1
package/index.d.ts +3 -3
package/package.json +22 -3
package/src/analysis/audio.js +1 -1
package/src/analysis/authenticityAudit.js +13 -10
package/src/analysis/coherence.js +1 -1
package/src/analysis/coordinatedBehavior.js +804 -0
package/src/analysis/heuristic.js +1 -1
package/src/analysis/jitter.js +1 -1
package/src/analysis/llm.js +1 -1
package/src/analysis/provider.js +1 -1
package/src/analysis/refraction.js +391 -0
package/src/collector/adaptive.js +1 -1
package/src/collector/bio.js +1 -1
package/src/collector/canvas.js +1 -1
package/src/collector/dram.js +1 -1
package/src/collector/enf.js +1 -1
package/src/collector/entropy.js +1 -1
package/src/collector/gpu.js +1 -1
package/src/collector/sabTimer.js +2 -2
package/src/fingerprint.js +2 -2
package/src/index.js +6 -6
package/src/integrations/react.js +2 -2
package/src/middleware/express.js +2 -2
package/src/middleware/next.js +3 -3
package/src/proof/fingerprint.js +1 -1
package/src/proof/validator.js +1 -1
package/src/registry/serializer.js +4 -4

package/dist/pulse.esm.js CHANGED Viewed

@@ -2,7 +2,7 @@ import { createRequire } from 'module';
 import { randomFillSync } from 'node:crypto';
 /**
- * @sovereign/pulse — Statistical Jitter Analysis
+ * @svrnsec/pulse — Statistical Jitter Analysis
  *
  * Analyses the timing distribution from the entropy probe to classify
  * the host as a real consumer device or a sanitised datacenter VM.
@@ -458,7 +458,7 @@ var jitter = /*#__PURE__*/Object.freeze({
 });
 /**
- * @sovereign/pulse — Adaptive Entropy Probe
+ * @svrnsec/pulse — Adaptive Entropy Probe
  *
  * Runs the WASM probe in batches and stops early once the signal is decisive.
  *
@@ -658,7 +658,7 @@ async function collectEntropyAdaptive(wasmModule, opts = {}) {
  */
 /**
- * @sovereign/pulse — Entropy Collector
+ * @svrnsec/pulse — Entropy Collector
  *
  * Bridges the Rust/WASM matrix-multiply probe into JavaScript.
  * The WASM module is lazily initialised once and cached for subsequent calls.
@@ -853,7 +853,7 @@ function _mean$4(arr) {
  */
 /**
- * @sovereign/pulse — Bio-Binding Layer
+ * @svrnsec/pulse — Bio-Binding Layer
  *
  * Captures mouse-movement micro-stutters and keystroke-cadence dynamics
  * WHILE the hardware entropy probe is running.  Computes the
@@ -1691,7 +1691,7 @@ class BLAKE3 extends BLAKE2 {
 const blake3 = /* @__PURE__ */ createXOFer((opts) => new BLAKE3(opts));
 /**
- * @sovereign/pulse — Hardware Fingerprint & Proof Builder
+ * @svrnsec/pulse — Hardware Fingerprint & Proof Builder
  *
  * Assembles all collected signals into a canonical ProofPayload, then
  * produces a BLAKE3 commitment: BLAKE3(canonicalJSON(payload)).
@@ -1958,7 +1958,7 @@ function _round$1(v, decimals) {
 }
 /**
- * @sovereign/pulse — GPU Canvas Fingerprint
+ * @svrnsec/pulse — GPU Canvas Fingerprint
  *
  * Collects device-class signals from WebGL and 2D Canvas rendering.
  * The exact pixel values of GPU-rendered scenes are vendor/driver-specific
@@ -2197,7 +2197,7 @@ function _compileShader(gl, type, source) {
 }
 /**
- * @sovereign/pulse — AudioContext Oscillator Jitter
+ * @svrnsec/pulse — AudioContext Oscillator Jitter
  *
  * Measures the scheduling jitter of the browser's audio pipeline.
  * Real audio hardware callbacks are driven by a hardware interrupt (IRQ)
@@ -2411,7 +2411,7 @@ function _percentile(arr, p) {
 }
 /**
- * @sovereign/pulse — WebGPU Thermal Variance Probe
+ * @svrnsec/pulse — WebGPU Thermal Variance Probe
  *
  * Runs a compute shader on the GPU and measures dispatch timing variance.
  *
@@ -2657,7 +2657,7 @@ function _timeout(ms, msg) {
  */
 /**
- * @sovereign/pulse — DRAM Refresh Cycle Detector
+ * @svrnsec/pulse — DRAM Refresh Cycle Detector
  *
  * DDR4 DRAM refreshes every 7.8 ms (tREFI per JEDEC JESD79-4). During a
  * refresh, the memory controller stalls all access requests for ~350 ns.
@@ -2861,7 +2861,7 @@ function _autocorr(data, maxLag) {
 }
 /**
- * @sovereign/pulse — SharedArrayBuffer Microsecond Timer
+ * @svrnsec/pulse — SharedArrayBuffer Microsecond Timer
  *
  * Bypasses browser timer clamping (Brave 100µs cap, Firefox 20µs cap, Safari
  * 1ms cap) using Atomics.wait() which is exempt from clamping because it maps
@@ -2900,7 +2900,7 @@ function isSabAvailable() {
     typeof SharedArrayBuffer !== 'undefined' &&
     typeof Atomics            !== 'undefined' &&
     typeof Atomics.wait       === 'function'  &&
-    crossOriginIsolated === true              // window flag set by COOP+COEP headers
+    typeof crossOriginIsolated !== 'undefined' && crossOriginIsolated === true  // COOP+COEP headers
   );
 }
@@ -3053,7 +3053,7 @@ function _getAtomicsTs() {
 }
 /**
- * @sovereign/pulse — Electrical Network Frequency (ENF) Detection
+ * @svrnsec/pulse — Electrical Network Frequency (ENF) Detection
  *
  * ┌─────────────────────────────────────────────────────────────────────────┐
  * │  WHAT THIS IS                                                           │
@@ -3364,7 +3364,7 @@ function _noEnf(reason) {
  */
 /**
- * @sovereign/pulse — LLM / AI Agent Behavioral Fingerprint
+ * @svrnsec/pulse — LLM / AI Agent Behavioral Fingerprint
  *
  * Detects automation driven by large language models, headless browsers
  * controlled by AI agents (AutoGPT, CrewAI, browser-use, Playwright+LLM,
@@ -3992,7 +3992,7 @@ function _stripAnsi(s) {
 }
 /**
- * @sovereign/pulse — Cross-Metric Heuristic Engine
+ * @svrnsec/pulse — Cross-Metric Heuristic Engine
  *
  * Instead of checking individual thresholds in isolation, this module looks
  * at the *relationships* between metrics. A sophisticated adversary can spoof
@@ -4420,7 +4420,7 @@ function _empty$1() {
 }
 /**
- * @sovereign/pulse — Zero-Latency Second-Stage Coherence Analysis
+ * @svrnsec/pulse — Zero-Latency Second-Stage Coherence Analysis
  *
  * Runs entirely on data already collected by the entropy probe, bio
  * collector, canvas fingerprinter, and audio analyser.
@@ -4923,7 +4923,7 @@ function _empty(threshold) {
  */
 /**
- * @sovereign/pulse — Hypervisor & Cloud Provider Fingerprinter
+ * @svrnsec/pulse — Hypervisor & Cloud Provider Fingerprinter
  *
  * Each hypervisor has a distinct "steal-time rhythm" — a characteristic
  * pattern in how it schedules guest vCPUs on host physical cores.
@@ -5172,7 +5172,7 @@ function _estimateQuantum({ lag1, lag25, lag50, qe }) {
 }
 /**
- * @sovereign/pulse — High-Level Fingerprint Class
+ * @svrnsec/pulse — High-Level Fingerprint Class
  *
  * The developer-facing API.  Instead of forcing devs to understand Hurst
  * Exponents and Quantization Entropy, they get a Fingerprint object with
@@ -5180,7 +5180,7 @@ function _estimateQuantum({ lag1, lag25, lag50, qe }) {
  *
  * Usage:
  *
- *   import { Fingerprint } from '@sovereign/pulse';
+ *   import { Fingerprint } from '@svrnsec/pulse';
  *
  *   const fp = await Fingerprint.collect({ nonce });
  *
@@ -5639,7 +5639,7 @@ function _round(v, d) {
 }
 /**
- * @sovereign/pulse — Server-Side Validator
+ * @svrnsec/pulse — Server-Side Validator
  *
  * Verifies a ProofPayload + BLAKE3 commitment received from the client.
  * This module is for NODE.JS / SERVER use only.  It should NOT be bundled
@@ -6353,14 +6353,14 @@ function renderInlineUpdateHint(latest) {
 }
 /**
- * @sovereign/pulse
+ * @svrnsec/pulse
  *
  * Physical Turing Test — distinguishes a real consumer device with a human
  * operator from a sanitised Datacenter VM / AI Instance.
  *
  * Usage (client-side):
  *
- *   import { pulse } from '@sovereign/pulse';
+ *   import { pulse } from '@svrnsec/pulse';
  *
  *   // 1. Get a server-issued nonce (prevents replay attacks)
  *   const { nonce } = await fetch('/api/pulse-challenge').then(r => r.json());
@@ -6376,7 +6376,7 @@ function renderInlineUpdateHint(latest) {
  *
  * Usage (server-side):
  *
- *   import { validateProof, generateNonce } from '@sovereign/pulse/validator';
+ *   import { validateProof, generateNonce } from '@svrnsec/pulse/validator';
  *
  *   // Challenge endpoint
  *   app.get('/api/pulse-challenge', (req, res) => {
@@ -6473,7 +6473,7 @@ async function _pulseHosted(opts) {
 // ---------------------------------------------------------------------------
 /**
- * Run the full @sovereign/pulse probe and return a signed commitment.
+ * Run the full @svrnsec/pulse probe and return a signed commitment.
  *
  * Two modes:
  *   - pulse({ nonce })     — self-hosted (you manage the nonce server)
@@ -6492,7 +6492,7 @@ async function pulse(opts = {}) {
   const { nonce } = opts;
   if (!nonce || typeof nonce !== 'string') {
     throw new Error(
-      '@sovereign/pulse: opts.nonce is required (self-hosted), or pass opts.apiKey for zero-config hosted mode.'
+      '@svrnsec/pulse: opts.nonce is required (self-hosted), or pass opts.apiKey for zero-config hosted mode.'
     );
   }
@@ -6571,7 +6571,7 @@ async function _runProbe(opts) {
   const [enfResult, gpuResult, dramResult, llmResult] = await Promise.all([
     collectEnfTimings().catch(() => null),
     collectGpuEntropy().catch(() => null),
-    collectDramTimings().catch(() => null),
+    Promise.resolve(collectDramTimings()).catch(() => null),
     Promise.resolve(detectLlmAgent(bioSnapshot)).catch(() => null),
   ]);