@tracetail/js 2.3.10 → 2.3.12

package/README.md

@@ -339,7 +339,7 @@ npm run build
 - **Documentation**: [docs.tracetail.io](https://docs.tracetail.io)
 - **API Reference**: [tracetail.io/api/docs](https://tracetail.io/api/docs)
 - **GitHub Issues**: [github.com/tracetail/tracetail/issues](https://github.com/tracetail/tracetail/issues)
-- **Email**: support@tracetail.com
+- **Email**: support@tracetail.io
 - **Discord**: [discord.gg/tracetail](https://discord.gg/tracetail)
 
 ## 📄 License

package/dist/core.d.ts

@@ -3,45 +3,58 @@
  *
  * Shared fingerprinting primitives used by both the script-tag SDK
  * and the @tracetail/js NPM package, ensuring identical visitor IDs.
+ *
+ * Signal collection, hashing, and stable extraction logic here MUST
+ * match the script-tag SDK (client/src/sdk/tracetail.ts) exactly.
  */
 /**
  * SHA-256 based hash, returning the first 32 hex chars (128 bits).
  */
 export declare function complexHash(str: string): Promise<string>;
+/**
+ * Heuristics to detect incognito / privacy mode.
+ * Returns a score 0-1 where higher = more likely private browsing.
+ */
+export declare function detectPrivacyMode(): Promise<{
+    isPrivate: boolean;
+    score: number;
+    signals: string[];
+}>;
 /**
  * Sort object keys recursively for deterministic JSON.stringify output.
  */
 export declare function sortObjectKeysRecursively(obj: unknown): unknown;
+/**
+ * Signal keys that are known to change in privacy/incognito mode.
+ * When privacy mode is detected, these are excluded from the primary hash.
+ */
+export declare const UNSTABLE_IN_PRIVACY_KEYS: Set<string>;
+/**
+ * Extract stable components for hashing.
+ * Matches extractStableComponents() in the script-tag SDK.
+ * When privacyMode is true, excludes signals known to be noised in incognito.
+ */
+export declare function extractStableComponents(components: Record<string, unknown>, privacyMode?: boolean): Record<string, unknown>;
 export interface CoreComponents {
-    screen?: {
-        width: number;
-        height: number;
-        colorDepth: number;
-        pixelRatio: number;
-    };
-    timezone?: string;
-    language?: string;
-    platform?: string;
-    userAgent?: string;
-    cookiesEnabled?: boolean;
-    localStorage?: boolean;
-    sessionStorage?: boolean;
-    indexedDB?: boolean;
-    canvas?: string;
-    webgl?: string;
-    audio?: string;
-    fonts?: string[];
-    webRTC?: string;
+    basic?: Record<string, unknown>;
+    canvas?: Record<string, unknown>;
+    webgl?: Record<string, unknown>;
+    fonts?: Record<string, unknown>;
+    audio?: Record<string, unknown>;
     [key: string]: unknown;
 }
 /**
  * Collect core fingerprinting signals.
- * Both SDKs use this to guarantee identical inputs to the hash.
+ * Signal collection methods match the script-tag SDK's fast-path collectors.
  */
 export declare function collectCoreComponents(): Promise<CoreComponents>;
 /**
  * Generate a visitor ID from collected components.
- * @param components - Signal map (from collectCoreComponents or full SDK)
- * @param isFree - Whether this is the free (no API key) version
+ * Uses the same extraction → sort → hash → prefix pipeline as the script-tag SDK.
+ *
+ * When privacy mode is detected, canvas/WebGL are excluded from the primary hash
+ * to ensure the visitor ID remains stable across normal and incognito sessions.
+ * A secondary hash incorporating all signals is appended for disambiguation when
+ * the environment is NOT private.
  */
 export declare function generateCoreVisitorId(components: Record<string, unknown>, isFree: boolean): Promise<string>;

package/dist/index.d.ts

@@ -55,6 +55,19 @@ export declare class TraceTail {
     private sendToServer;
     static getVersion(): string;
     static validateApiKey(apiKey: string): boolean;
+    /**
+     * Calculate confidence based on actual signal entropy and environment stability.
+     *
+     * Entropy weights reflect how unique each signal type is across browsers:
+     *   - Canvas: very high entropy (~10+ bits), but unstable in privacy mode
+     *   - WebGL renderer: high entropy (~8 bits)
+     *   - Fonts: medium-high entropy (~6 bits)
+     *   - Audio: medium entropy (~4 bits)
+     *   - Basic (UA, screen, timezone, etc.): low-medium individually (~2-3 bits each)
+     *
+     * Typical result: 0.85-0.95 for most browsers. Lower for privacy/incognito.
+     */
+    private calculateConfidenceAsync;
     private calculateConfidence;
     private isDNTEnabled;
     private log;

package/dist/index.js

@@ -1 +1 @@
-"use strict";function e(t){if(null===t||"object"!=typeof t)return t;if(Array.isArray(t))return t.map(e);const n={},r=Object.keys(t).sort();for(const o of r)n[o]=e(t[o]);return n}async function t(){const e={};try{e.screen={width:screen.width,height:screen.height,colorDepth:screen.colorDepth,pixelRatio:window.devicePixelRatio||1},e.timezone=Intl.DateTimeFormat().resolvedOptions().timeZone,e.language=navigator.language,e.platform=navigator.platform,e.userAgent=navigator.userAgent,e.cookiesEnabled=navigator.cookieEnabled,e.localStorage=r("localStorage"),e.sessionStorage=r("sessionStorage"),e.indexedDB="indexedDB"in window,e.canvas=await async function(){try{const e=document.createElement("canvas"),t=e.getContext("2d");return t?(e.width=200,e.height=50,t.textBaseline="top",t.font="14px Arial",t.fillStyle="#f60",t.fillRect(125,1,62,20),t.fillStyle="#069",t.fillText("TraceTail 🔒",2,15),t.fillStyle="rgba(102, 204, 0, 0.2)",t.fillText("TraceTail 🔒",4,17),e.toDataURL().substring(0,100)):"unsupported"}catch(e){return"error"}}(),e.webgl=function(){try{const e=document.createElement("canvas"),t=e.getContext("webgl")||e.getContext("experimental-webgl");if(!t)return"unsupported";const n=t.getParameter(t.RENDERER);return`${t.getParameter(t.VENDOR)}-${n}`.substring(0,100)}catch(e){return"error"}}(),e.audio=await async function(){try{const e=window.AudioContext||window.webkitAudioContext;if(!e)return"unsupported";const t=new e,n=t.createOscillator(),r=t.createAnalyser(),o=t.createDynamicsCompressor();n.type="triangle",n.frequency.setValueAtTime(1e4,t.currentTime),n.connect(o),o.connect(r),n.start(0),await new Promise(e=>setTimeout(e,100));const i=new Float32Array(r.frequencyBinCount);return r.getFloatFrequencyData(i),n.stop(),await t.close(),Array.from(i.slice(0,30)).map(e=>Math.abs(e)).join(",")}catch(e){return"error"}}(),e.fonts=function(){const e=["Arial","Helvetica","Times","Courier","Verdana","Georgia","Palatino","Garamond","Bookman","Comic Sans MS","Trebuchet MS","Arial Black","Impact"],t=[],n="mmmmmmmmmmlli",r="72px",o=document.createElement("div");o.style.position="absolute",o.style.left="-9999px",document.body.appendChild(o);try{for(const i of e){const e=document.createElement("span");e.style.fontSize=r,e.style.fontFamily=i,e.textContent=n,o.appendChild(e),e.offsetWidth>0&&t.push(i)}}finally{document.body.removeChild(o)}return t}(),e.webRTC=await async function(){try{if(!window.RTCPeerConnection)return"unsupported";const e=new RTCPeerConnection({iceServers:[{urls:"stun:stun.l.google.com:19302"}]});e.createDataChannel("tracetail");const t=new Promise(t=>{const n=setTimeout(()=>t(),1e3);e.onicegatheringstatechange=()=>{"complete"===e.iceGatheringState&&(clearTimeout(n),t())}});await e.createOffer(),await e.setLocalDescription(),await t;const n=e.localDescription;e.close();return((null==n?void 0:n.sdp)||"error").split("\n").filter(e=>!e.includes("a=ice-pwd")&&!e.includes("a=ice-ufrag")).join("").substring(0,100)}catch(e){return"error"}}()}catch(e){}return e}async function n(t,n){const r=e(t),o=JSON.stringify(r);return"fp2_"+(await async function(e){if(!e.length)return"0000000000000000";const t=(new TextEncoder).encode(e),n=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(n)).map(e=>e.toString(16).padStart(2,"0")).join("").substring(0,32)}(o)).substring(0,16)}function r(e){try{const t=window[e],n="__tt_test__";return t.setItem(n,"test"),t.removeItem(n),!0}catch(e){return!1}}Object.defineProperty(exports,"__esModule",{value:!0});class o{constructor(e){if(this.cache=new Map,!e.apiKey)throw new Error("TraceTail: API key is required. Get yours at https://tracetail.io");this.options={apiKey:e.apiKey,endpoint:e.endpoint||"/api",timeout:e.timeout||1e4,debug:e.debug||!1,caching:!1!==e.caching,respectDNT:e.respectDNT||!1,includeIP:!1!==e.includeIP,storeFingerprints:!1!==e.storeFingerprints,enableWorkers:!1!==e.enableWorkers,batchRequests:!1!==e.batchRequests,fallbackMode:e.fallbackMode||"basic"},this.log("TraceTail SDK initialized",{version:"2.3.7",options:this.options})}async generateFingerprint(e){const r=performance.now();try{if(this.options.respectDNT&&this.isDNTEnabled())throw new Error("TraceTail: Do Not Track is enabled");const o=!0===(null==e?void 0:e.verbose),i=o?"fingerprint_verbose":"fingerprint_basic";if(this.options.caching&&this.cache.has(i)){const e=this.cache.get(i);if(e)return this.log("Using cached fingerprint",e),e}const a=await t(),s=Math.round(performance.now()-r);if(this.options.apiKey&&this.options.endpoint)try{const e={...await this.sendToServer(a,o),processingTime:Math.round(performance.now()-r)};return this.options.caching&&this.cache.set(i,e),this.log("Server-enhanced fingerprint generated",e),e}catch(e){this.log("Server processing failed, falling back to client-side",e)}const c=await n(a),l={visitorId:c,confidence:this.calculateConfidence(a),processingTime:s,...o&&{components:a}};return this.options.caching&&this.cache.set(i,l),this.log("Client-side fingerprint generated",l),l}catch(e){throw this.log("Fingerprint generation failed",e),e}}async sendToServer(e,t){const n=new AbortController,r=setTimeout(()=>n.abort(),this.options.timeout);try{const o=await fetch(`${this.options.endpoint}/id`,{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${this.options.apiKey}`,"X-TraceTail-SDK":"js/2.3.7"},body:JSON.stringify({components:e,verbose:t||!1,clientCapabilities:{timestamp:Date.now(),sdkVersion:"2.3.7"}}),signal:n.signal});if(clearTimeout(r),!o.ok){if(401===o.status)throw new Error("Invalid API key");throw new Error(`Server returned ${o.status}`)}const i=await o.json(),a={visitorId:i.visitorId,confidence:i.confidence,processingTime:i.processingTime||0};if(t){if(!i.components)throw new Error("Server did not return components in verbose mode");a.components=i.components}return a}catch(e){throw clearTimeout(r),this.options.debug&&console.error("[TraceTail] Server error:",e),e}}static getVersion(){return"2.3.7"}static validateApiKey(e){return/^tt_(test|prod)_[a-zA-Z0-9]{32,}$/.test(e)}calculateConfidence(e){let t=1;e.canvas||(t-=.03),e.webgl||(t-=.03),e.audio||(t-=.02),e.fonts||(t-=.02),e.webRTC||(t-=.01);const n=Object.values(e).filter(e=>null!=e).length;return n<3?t-=.1:n<5&&(t-=.03),Math.min(.999,Math.max(.5,t))}isDNTEnabled(){return"1"===navigator.doNotTrack||"1"===window.doNotTrack||"1"===navigator.msDoNotTrack}log(e,t){this.options.debug&&console.log(`[TraceTail] ${e}`,t)}}exports.TraceTail=o,exports.default=o;
+"use strict";function e(e){let t=0;const r=e.length;if(0===r)return"0";for(let n=0;n<r;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(36)}async function t(e){if(!e.length)return"0000000000000000";const t=(new TextEncoder).encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(e=>e.toString(16).padStart(2,"0")).join("").substring(0,32)}async function r(){const e=[];let t=0;try{if(navigator.storage&&navigator.storage.estimate){const r=await navigator.storage.estimate();(r.quota||0)/1073741824<.5&&(t+=.4,e.push("low_storage_quota"))}}catch(r){t+=.15,e.push("storage_api_error")}try{!!!window.webkitRequestFileSystem&&/Chrome/.test(navigator.userAgent)&&(t+=.2,e.push("no_filesystem_api"))}catch(r){t+=.1,e.push("filesystem_check_error")}try{/Safari/.test(navigator.userAgent)&&!/Chrome/.test(navigator.userAgent)&&(navigator.serviceWorker||(t+=.3,e.push("no_service_worker_safari")))}catch(e){}try{navigator.brave&&(t+=.15,e.push("brave_browser"))}catch(e){}try{/Firefox/.test(navigator.userAgent)&&screen.width%200==0&&screen.height%100==0&&(t+=.2,e.push("firefox_rfp_screen"))}catch(e){}return{isPrivate:t>=.35,score:Math.min(1,t),signals:e}}function n(e){if(null===e||"object"!=typeof e)return e;if(Array.isArray(e))return e.map(n);const t={},r=Object.keys(e).sort();for(const a of r)t[a]=n(e[a]);return t}Object.defineProperty(exports,"__esModule",{value:!0});const a=new Set(["network","processingTime","timestamp","realUserDetection","storage","battery","webrtc","performance","timing","memoryProfile","advancedAudio"]);function o(e){if(!e||"object"!=typeof e)return!1;if(!(e.error||e.unavailable||e.disabled))return!1;const t=Object.keys(e),r=new Set(["error","unavailable","disabled","id","timestamp"]);return 0===t.filter(e=>!r.has(e)).length}const i=new Set(["canvas","webgl"]),s=new Set(["canvas","webgl","audio","fonts"]),c={unavailable:!0};function l(e,t=!1){const r={};for(const[n,l]of Object.entries(e))if(!(a.has(n)||t&&i.has(n)))if(l&&"object"==typeof l&&!Array.isArray(l)){const e=l;if(o(e)||0===Object.keys(e).length){s.has(n)&&(r[n]=c);continue}r[n]=l}else null!=l?r[n]=l:s.has(n)&&(r[n]=c);return r}const u=["Arial","Arial Black","Arial Narrow","Arial Unicode MS","Calibri","Cambria","Century Gothic","Comic Sans MS","Consolas","Courier","Courier New","Georgia","Helvetica","Impact","Lucida Console","Lucida Grande","Palatino","Tahoma","Times","Times New Roman","Trebuchet MS","Verdana","Monaco","Menlo"];async function f(){const t={};try{t.basic={userAgent:navigator.userAgent,language:navigator.language,platform:navigator.platform,cookieEnabled:navigator.cookieEnabled,screen:{width:screen.width,height:screen.height,colorDepth:screen.colorDepth,pixelRatio:window.devicePixelRatio||1},timezone:Intl.DateTimeFormat().resolvedOptions().timeZone,timezoneOffset:(new Date).getTimezoneOffset(),hardwareConcurrency:navigator.hardwareConcurrency,maxTouchPoints:navigator.maxTouchPoints,deviceMemory:navigator.deviceMemory}}catch(e){}try{t.canvas=await async function(){try{const t=document.createElement("canvas"),r=t.getContext("2d");if(!r)return{unavailable:!0};t.width=256,t.height=256,r.fillStyle="#f60",r.fillRect(0,0,256,256);const n=r.createLinearGradient(0,0,256,256);n.addColorStop(0,"#ff6b6b"),n.addColorStop(.5,"#4ecdc4"),n.addColorStop(1,"#1a1a2e"),r.fillStyle=n,r.fillRect(0,0,128,128);const a=r.createRadialGradient(192,64,10,192,64,60);a.addColorStop(0,"#e74c3c"),a.addColorStop(1,"rgba(46,204,113,0.4)"),r.fillStyle=a,r.fillRect(128,0,128,128),r.fillStyle="#069",r.font="14px Arial",r.fillText("TraceTail",4,150),r.font="italic 12px Georgia",r.fillText("Canvas FP",4,170),r.font="20px serif",r.fillText("😀🌍🚀❤️",4,200),r.beginPath(),r.moveTo(130,140),r.bezierCurveTo(150,200,200,160,240,210),r.strokeStyle="#9b59b6",r.lineWidth=2,r.stroke(),r.beginPath(),r.arc(200,200,30,0,2*Math.PI),r.fillStyle="rgba(52,152,219,0.6)",r.fill(),r.shadowColor="rgba(0,0,0,0.5)",r.shadowBlur=6,r.shadowOffsetX=3,r.shadowOffsetY=3,r.fillStyle="#2ecc71",r.fillRect(60,200,50,40),r.shadowColor="transparent",r.globalCompositeOperation="multiply",r.fillStyle="#e67e22",r.fillRect(80,180,60,60),r.globalCompositeOperation="screen",r.fillStyle="#3498db",r.fillRect(100,190,60,60),r.globalCompositeOperation="source-over",r.font="11px Arial",r.fillStyle="#000",r.fillText("Subpx",10.5,245.5);const o=[r.getImageData(0,0,32,32),r.getImageData(128,0,32,32),r.getImageData(0,128,32,32),r.getImageData(180,180,32,32)].map(e=>Array.from(e.data.slice(0,64)).reduce((e,t)=>e+t,0));return{hash:e(o.join(",")),samples:o}}catch(e){return{error:e instanceof Error?e.message:String(e)}}}()}catch(e){t.canvas={error:"collection failed"}}try{t.webgl=function(){try{const e=document.createElement("canvas"),t=e.getContext("webgl")||e.getContext("experimental-webgl");if(!t)return{unavailable:!0};const r=t.getExtension("WEBGL_debug_renderer_info"),n=r?t.getParameter(r.UNMASKED_VENDOR_WEBGL):t.getParameter(t.VENDOR),a=r?t.getParameter(r.UNMASKED_RENDERER_WEBGL):t.getParameter(t.RENDERER);return{vendor:t.getParameter(t.VENDOR),renderer:t.getParameter(t.RENDERER),version:t.getParameter(t.VERSION),unmaskedVendor:n,unmaskedRenderer:a}}catch(e){return{error:e instanceof Error?e.message:String(e)}}}()}catch(e){t.webgl={error:"collection failed"}}try{t.fonts=function(){try{const t=document.createElement("canvas"),r=t.getContext("2d");if(!r)return{unavailable:!0};t.width=200,t.height=50;const n=[],a=["mmmmmmmmmmlli","ABCDEFGHIJKLMNOPQRSTUVWXYZ","1234567890"];r.font="14px monospace";const o=a.map(e=>r.measureText(e).width);for(const e of u){r.font=`14px "${e}", monospace`;const t=a.map(e=>r.measureText(e).width);t.some((e,t)=>{var r;return Math.abs(e-(null!==(r=o[t])&&void 0!==r?r:0))>.1})&&n.push(e)}return{detected:n,count:n.length,hash:e(n.join(","))}}catch(e){return{error:e instanceof Error?e.message:String(e)}}}()}catch(e){t.fonts={error:"collection failed"}}try{t.audio=function(){try{const e=window.AudioContext||window.webkitAudioContext;if(!e)return{unavailable:!0};const t=new e,r={sampleRate:t.sampleRate,maxChannelCount:t.destination.maxChannelCount,baseLatency:t.baseLatency};return t.close(),r}catch(e){return{error:e instanceof Error?e.message:String(e)}}}()}catch(e){t.audio={error:"collection failed"}}return t}class h{constructor(e){if(this.cache=new Map,!e.apiKey)throw new Error("TraceTail: API key is required. Get yours at https://tracetail.io");this.options={apiKey:e.apiKey,endpoint:e.endpoint||"/api",timeout:e.timeout||1e4,debug:e.debug||!1,caching:!1!==e.caching,respectDNT:e.respectDNT||!1,includeIP:!1!==e.includeIP,storeFingerprints:!1!==e.storeFingerprints,enableWorkers:!1!==e.enableWorkers,batchRequests:!1!==e.batchRequests,fallbackMode:e.fallbackMode||"basic"},this.log("TraceTail SDK initialized",{version:"2.3.7",options:this.options})}async generateFingerprint(e){const a=performance.now();try{if(this.options.respectDNT&&this.isDNTEnabled())throw new Error("TraceTail: Do Not Track is enabled");const o=!0===(null==e?void 0:e.verbose),i=o?"fingerprint_verbose":"fingerprint_basic";if(this.options.caching&&this.cache.has(i)){const e=this.cache.get(i);if(e)return this.log("Using cached fingerprint",e),e}const s=await f(),c=Math.round(performance.now()-a);if(this.options.apiKey&&this.options.endpoint)try{const e={...await this.sendToServer(s,o),processingTime:Math.round(performance.now()-a)};return this.options.caching&&this.cache.set(i,e),this.log("Server-enhanced fingerprint generated",e),e}catch(e){this.log("Server processing failed, falling back to client-side",e)}const u=await async function(e){const a=await r(),o=n(l(e,!0)),i=JSON.stringify(o),s=await t(i);if(a.isPrivate)return"fp2_"+s.substring(0,16);const c=n(l(e,!1)),u=JSON.stringify(c),f=await t(u);return"fp2_"+(s.substring(0,12)+f.substring(0,4))}(s),h={visitorId:u,confidence:await this.calculateConfidenceAsync(s),processingTime:c,...o&&{components:s}};return this.options.caching&&this.cache.set(i,h),this.log("Client-side fingerprint generated",h),h}catch(e){throw this.log("Fingerprint generation failed",e),e}}async sendToServer(e,t){const r=new AbortController,n=setTimeout(()=>r.abort(),this.options.timeout);try{const a=await fetch(`${this.options.endpoint}/id`,{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${this.options.apiKey}`,"X-TraceTail-SDK":"js/2.3.7"},body:JSON.stringify({components:e,verbose:t||!1,clientCapabilities:{timestamp:Date.now(),sdkVersion:"2.3.7"}}),signal:r.signal});if(clearTimeout(n),!a.ok){if(401===a.status)throw new Error("Invalid API key");throw new Error(`Server returned ${a.status}`)}const o=await a.json(),i={visitorId:o.visitorId,confidence:o.confidence,processingTime:o.processingTime||0};if(t){if(!o.components)throw new Error("Server did not return components in verbose mode");i.components=o.components}return i}catch(e){throw clearTimeout(n),this.options.debug&&console.error("[TraceTail] Server error:",e),e}}static getVersion(){return"2.3.7"}static validateApiKey(e){return/^tt_(test|prod)_[a-zA-Z0-9]{32,}$/.test(e)}async calculateConfidenceAsync(e){const t={canvas:.15,webgl:.12,fonts:.1,audio:.08,basic:.05};let n=.5;const a=e=>{if(!e)return!1;if("object"==typeof e){const t=e;return!t.error&&!t.unavailable}return!0};for(const[r,o]of Object.entries(t))a(e[r])&&(n+=o);if(e.basic&&"object"==typeof e.basic){const t=Object.keys(e.basic).filter(t=>void 0!==e.basic[t]);n+=Math.min(.1,.012*t.length)}const o=Object.keys(e).filter(t=>a(e[t]));o.length>=5?n+=.05:o.length>=3&&(n+=.02);try{const e=await r();e.isPrivate&&(n-=.08,n-=.02*e.signals.length)}catch(e){n-=.03}return Math.min(.99,Math.max(.4,Math.round(1e3*n)/1e3))}calculateConfidence(e){const t={canvas:.15,webgl:.12,fonts:.1,audio:.08,basic:.05};let r=.5;const n=e=>{if(!e)return!1;if("object"==typeof e){const t=e;return!t.error&&!t.unavailable}return!0};for(const[a,o]of Object.entries(t))n(e[a])&&(r+=o);if(e.basic&&"object"==typeof e.basic){const t=Object.keys(e.basic).filter(t=>void 0!==e.basic[t]);r+=Math.min(.1,.012*t.length)}const a=Object.keys(e).filter(t=>n(e[t]));return a.length>=5?r+=.05:a.length>=3&&(r+=.02),Math.min(.99,Math.max(.4,Math.round(1e3*r)/1e3))}isDNTEnabled(){return"1"===navigator.doNotTrack||"1"===window.doNotTrack||"1"===navigator.msDoNotTrack}log(e,t){this.options.debug&&console.log(`[TraceTail] ${e}`,t)}}exports.TraceTail=h,exports.default=h;

package/dist/index.mjs

@@ -1 +1 @@
-function e(t){if(null===t||"object"!=typeof t)return t;if(Array.isArray(t))return t.map(e);const n={},r=Object.keys(t).sort();for(const o of r)n[o]=e(t[o]);return n}async function t(){const e={};try{e.screen={width:screen.width,height:screen.height,colorDepth:screen.colorDepth,pixelRatio:window.devicePixelRatio||1},e.timezone=Intl.DateTimeFormat().resolvedOptions().timeZone,e.language=navigator.language,e.platform=navigator.platform,e.userAgent=navigator.userAgent,e.cookiesEnabled=navigator.cookieEnabled,e.localStorage=r("localStorage"),e.sessionStorage=r("sessionStorage"),e.indexedDB="indexedDB"in window,e.canvas=await async function(){try{const e=document.createElement("canvas"),t=e.getContext("2d");return t?(e.width=200,e.height=50,t.textBaseline="top",t.font="14px Arial",t.fillStyle="#f60",t.fillRect(125,1,62,20),t.fillStyle="#069",t.fillText("TraceTail 🔒",2,15),t.fillStyle="rgba(102, 204, 0, 0.2)",t.fillText("TraceTail 🔒",4,17),e.toDataURL().substring(0,100)):"unsupported"}catch(e){return"error"}}(),e.webgl=function(){try{const e=document.createElement("canvas"),t=e.getContext("webgl")||e.getContext("experimental-webgl");if(!t)return"unsupported";const n=t.getParameter(t.RENDERER);return`${t.getParameter(t.VENDOR)}-${n}`.substring(0,100)}catch(e){return"error"}}(),e.audio=await async function(){try{const e=window.AudioContext||window.webkitAudioContext;if(!e)return"unsupported";const t=new e,n=t.createOscillator(),r=t.createAnalyser(),o=t.createDynamicsCompressor();n.type="triangle",n.frequency.setValueAtTime(1e4,t.currentTime),n.connect(o),o.connect(r),n.start(0),await new Promise(e=>setTimeout(e,100));const i=new Float32Array(r.frequencyBinCount);return r.getFloatFrequencyData(i),n.stop(),await t.close(),Array.from(i.slice(0,30)).map(e=>Math.abs(e)).join(",")}catch(e){return"error"}}(),e.fonts=function(){const e=["Arial","Helvetica","Times","Courier","Verdana","Georgia","Palatino","Garamond","Bookman","Comic Sans MS","Trebuchet MS","Arial Black","Impact"],t=[],n="mmmmmmmmmmlli",r="72px",o=document.createElement("div");o.style.position="absolute",o.style.left="-9999px",document.body.appendChild(o);try{for(const i of e){const e=document.createElement("span");e.style.fontSize=r,e.style.fontFamily=i,e.textContent=n,o.appendChild(e),e.offsetWidth>0&&t.push(i)}}finally{document.body.removeChild(o)}return t}(),e.webRTC=await async function(){try{if(!window.RTCPeerConnection)return"unsupported";const e=new RTCPeerConnection({iceServers:[{urls:"stun:stun.l.google.com:19302"}]});e.createDataChannel("tracetail");const t=new Promise(t=>{const n=setTimeout(()=>t(),1e3);e.onicegatheringstatechange=()=>{"complete"===e.iceGatheringState&&(clearTimeout(n),t())}});await e.createOffer(),await e.setLocalDescription(),await t;const n=e.localDescription;e.close();return((null==n?void 0:n.sdp)||"error").split("\n").filter(e=>!e.includes("a=ice-pwd")&&!e.includes("a=ice-ufrag")).join("").substring(0,100)}catch(e){return"error"}}()}catch(e){}return e}async function n(t,n){const r=e(t),o=JSON.stringify(r);return"fp2_"+(await async function(e){if(!e.length)return"0000000000000000";const t=(new TextEncoder).encode(e),n=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(n)).map(e=>e.toString(16).padStart(2,"0")).join("").substring(0,32)}(o)).substring(0,16)}function r(e){try{const t=window[e],n="__tt_test__";return t.setItem(n,"test"),t.removeItem(n),!0}catch(e){return!1}}class o{constructor(e){if(this.cache=new Map,!e.apiKey)throw new Error("TraceTail: API key is required. Get yours at https://tracetail.io");this.options={apiKey:e.apiKey,endpoint:e.endpoint||"/api",timeout:e.timeout||1e4,debug:e.debug||!1,caching:!1!==e.caching,respectDNT:e.respectDNT||!1,includeIP:!1!==e.includeIP,storeFingerprints:!1!==e.storeFingerprints,enableWorkers:!1!==e.enableWorkers,batchRequests:!1!==e.batchRequests,fallbackMode:e.fallbackMode||"basic"},this.log("TraceTail SDK initialized",{version:"2.3.7",options:this.options})}async generateFingerprint(e){const r=performance.now();try{if(this.options.respectDNT&&this.isDNTEnabled())throw new Error("TraceTail: Do Not Track is enabled");const o=!0===(null==e?void 0:e.verbose),i=o?"fingerprint_verbose":"fingerprint_basic";if(this.options.caching&&this.cache.has(i)){const e=this.cache.get(i);if(e)return this.log("Using cached fingerprint",e),e}const a=await t(),s=Math.round(performance.now()-r);if(this.options.apiKey&&this.options.endpoint)try{const e={...await this.sendToServer(a,o),processingTime:Math.round(performance.now()-r)};return this.options.caching&&this.cache.set(i,e),this.log("Server-enhanced fingerprint generated",e),e}catch(e){this.log("Server processing failed, falling back to client-side",e)}const c=await n(a),l={visitorId:c,confidence:this.calculateConfidence(a),processingTime:s,...o&&{components:a}};return this.options.caching&&this.cache.set(i,l),this.log("Client-side fingerprint generated",l),l}catch(e){throw this.log("Fingerprint generation failed",e),e}}async sendToServer(e,t){const n=new AbortController,r=setTimeout(()=>n.abort(),this.options.timeout);try{const o=await fetch(`${this.options.endpoint}/id`,{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${this.options.apiKey}`,"X-TraceTail-SDK":"js/2.3.7"},body:JSON.stringify({components:e,verbose:t||!1,clientCapabilities:{timestamp:Date.now(),sdkVersion:"2.3.7"}}),signal:n.signal});if(clearTimeout(r),!o.ok){if(401===o.status)throw new Error("Invalid API key");throw new Error(`Server returned ${o.status}`)}const i=await o.json(),a={visitorId:i.visitorId,confidence:i.confidence,processingTime:i.processingTime||0};if(t){if(!i.components)throw new Error("Server did not return components in verbose mode");a.components=i.components}return a}catch(e){throw clearTimeout(r),this.options.debug&&console.error("[TraceTail] Server error:",e),e}}static getVersion(){return"2.3.7"}static validateApiKey(e){return/^tt_(test|prod)_[a-zA-Z0-9]{32,}$/.test(e)}calculateConfidence(e){let t=1;e.canvas||(t-=.03),e.webgl||(t-=.03),e.audio||(t-=.02),e.fonts||(t-=.02),e.webRTC||(t-=.01);const n=Object.values(e).filter(e=>null!=e).length;return n<3?t-=.1:n<5&&(t-=.03),Math.min(.999,Math.max(.5,t))}isDNTEnabled(){return"1"===navigator.doNotTrack||"1"===window.doNotTrack||"1"===navigator.msDoNotTrack}log(e,t){this.options.debug&&console.log(`[TraceTail] ${e}`,t)}}export{o as TraceTail,o as default};
+function e(e){let t=0;const r=e.length;if(0===r)return"0";for(let n=0;n<r;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(36)}async function t(e){if(!e.length)return"0000000000000000";const t=(new TextEncoder).encode(e),r=await crypto.subtle.digest("SHA-256",t);return Array.from(new Uint8Array(r)).map(e=>e.toString(16).padStart(2,"0")).join("").substring(0,32)}async function r(){const e=[];let t=0;try{if(navigator.storage&&navigator.storage.estimate){const r=await navigator.storage.estimate();(r.quota||0)/1073741824<.5&&(t+=.4,e.push("low_storage_quota"))}}catch(r){t+=.15,e.push("storage_api_error")}try{!!!window.webkitRequestFileSystem&&/Chrome/.test(navigator.userAgent)&&(t+=.2,e.push("no_filesystem_api"))}catch(r){t+=.1,e.push("filesystem_check_error")}try{/Safari/.test(navigator.userAgent)&&!/Chrome/.test(navigator.userAgent)&&(navigator.serviceWorker||(t+=.3,e.push("no_service_worker_safari")))}catch(e){}try{navigator.brave&&(t+=.15,e.push("brave_browser"))}catch(e){}try{/Firefox/.test(navigator.userAgent)&&screen.width%200==0&&screen.height%100==0&&(t+=.2,e.push("firefox_rfp_screen"))}catch(e){}return{isPrivate:t>=.35,score:Math.min(1,t),signals:e}}function n(e){if(null===e||"object"!=typeof e)return e;if(Array.isArray(e))return e.map(n);const t={},r=Object.keys(e).sort();for(const a of r)t[a]=n(e[a]);return t}const a=new Set(["network","processingTime","timestamp","realUserDetection","storage","battery","webrtc","performance","timing","memoryProfile","advancedAudio"]);function o(e){if(!e||"object"!=typeof e)return!1;if(!(e.error||e.unavailable||e.disabled))return!1;const t=Object.keys(e),r=new Set(["error","unavailable","disabled","id","timestamp"]);return 0===t.filter(e=>!r.has(e)).length}const i=new Set(["canvas","webgl"]),s=new Set(["canvas","webgl","audio","fonts"]),c={unavailable:!0};function l(e,t=!1){const r={};for(const[n,l]of Object.entries(e))if(!(a.has(n)||t&&i.has(n)))if(l&&"object"==typeof l&&!Array.isArray(l)){const e=l;if(o(e)||0===Object.keys(e).length){s.has(n)&&(r[n]=c);continue}r[n]=l}else null!=l?r[n]=l:s.has(n)&&(r[n]=c);return r}const u=["Arial","Arial Black","Arial Narrow","Arial Unicode MS","Calibri","Cambria","Century Gothic","Comic Sans MS","Consolas","Courier","Courier New","Georgia","Helvetica","Impact","Lucida Console","Lucida Grande","Palatino","Tahoma","Times","Times New Roman","Trebuchet MS","Verdana","Monaco","Menlo"];async function f(){const t={};try{t.basic={userAgent:navigator.userAgent,language:navigator.language,platform:navigator.platform,cookieEnabled:navigator.cookieEnabled,screen:{width:screen.width,height:screen.height,colorDepth:screen.colorDepth,pixelRatio:window.devicePixelRatio||1},timezone:Intl.DateTimeFormat().resolvedOptions().timeZone,timezoneOffset:(new Date).getTimezoneOffset(),hardwareConcurrency:navigator.hardwareConcurrency,maxTouchPoints:navigator.maxTouchPoints,deviceMemory:navigator.deviceMemory}}catch(e){}try{t.canvas=await async function(){try{const t=document.createElement("canvas"),r=t.getContext("2d");if(!r)return{unavailable:!0};t.width=256,t.height=256,r.fillStyle="#f60",r.fillRect(0,0,256,256);const n=r.createLinearGradient(0,0,256,256);n.addColorStop(0,"#ff6b6b"),n.addColorStop(.5,"#4ecdc4"),n.addColorStop(1,"#1a1a2e"),r.fillStyle=n,r.fillRect(0,0,128,128);const a=r.createRadialGradient(192,64,10,192,64,60);a.addColorStop(0,"#e74c3c"),a.addColorStop(1,"rgba(46,204,113,0.4)"),r.fillStyle=a,r.fillRect(128,0,128,128),r.fillStyle="#069",r.font="14px Arial",r.fillText("TraceTail",4,150),r.font="italic 12px Georgia",r.fillText("Canvas FP",4,170),r.font="20px serif",r.fillText("😀🌍🚀❤️",4,200),r.beginPath(),r.moveTo(130,140),r.bezierCurveTo(150,200,200,160,240,210),r.strokeStyle="#9b59b6",r.lineWidth=2,r.stroke(),r.beginPath(),r.arc(200,200,30,0,2*Math.PI),r.fillStyle="rgba(52,152,219,0.6)",r.fill(),r.shadowColor="rgba(0,0,0,0.5)",r.shadowBlur=6,r.shadowOffsetX=3,r.shadowOffsetY=3,r.fillStyle="#2ecc71",r.fillRect(60,200,50,40),r.shadowColor="transparent",r.globalCompositeOperation="multiply",r.fillStyle="#e67e22",r.fillRect(80,180,60,60),r.globalCompositeOperation="screen",r.fillStyle="#3498db",r.fillRect(100,190,60,60),r.globalCompositeOperation="source-over",r.font="11px Arial",r.fillStyle="#000",r.fillText("Subpx",10.5,245.5);const o=[r.getImageData(0,0,32,32),r.getImageData(128,0,32,32),r.getImageData(0,128,32,32),r.getImageData(180,180,32,32)].map(e=>Array.from(e.data.slice(0,64)).reduce((e,t)=>e+t,0));return{hash:e(o.join(",")),samples:o}}catch(e){return{error:e instanceof Error?e.message:String(e)}}}()}catch(e){t.canvas={error:"collection failed"}}try{t.webgl=function(){try{const e=document.createElement("canvas"),t=e.getContext("webgl")||e.getContext("experimental-webgl");if(!t)return{unavailable:!0};const r=t.getExtension("WEBGL_debug_renderer_info"),n=r?t.getParameter(r.UNMASKED_VENDOR_WEBGL):t.getParameter(t.VENDOR),a=r?t.getParameter(r.UNMASKED_RENDERER_WEBGL):t.getParameter(t.RENDERER);return{vendor:t.getParameter(t.VENDOR),renderer:t.getParameter(t.RENDERER),version:t.getParameter(t.VERSION),unmaskedVendor:n,unmaskedRenderer:a}}catch(e){return{error:e instanceof Error?e.message:String(e)}}}()}catch(e){t.webgl={error:"collection failed"}}try{t.fonts=function(){try{const t=document.createElement("canvas"),r=t.getContext("2d");if(!r)return{unavailable:!0};t.width=200,t.height=50;const n=[],a=["mmmmmmmmmmlli","ABCDEFGHIJKLMNOPQRSTUVWXYZ","1234567890"];r.font="14px monospace";const o=a.map(e=>r.measureText(e).width);for(const e of u){r.font=`14px "${e}", monospace`;const t=a.map(e=>r.measureText(e).width);t.some((e,t)=>{var r;return Math.abs(e-(null!==(r=o[t])&&void 0!==r?r:0))>.1})&&n.push(e)}return{detected:n,count:n.length,hash:e(n.join(","))}}catch(e){return{error:e instanceof Error?e.message:String(e)}}}()}catch(e){t.fonts={error:"collection failed"}}try{t.audio=function(){try{const e=window.AudioContext||window.webkitAudioContext;if(!e)return{unavailable:!0};const t=new e,r={sampleRate:t.sampleRate,maxChannelCount:t.destination.maxChannelCount,baseLatency:t.baseLatency};return t.close(),r}catch(e){return{error:e instanceof Error?e.message:String(e)}}}()}catch(e){t.audio={error:"collection failed"}}return t}class h{constructor(e){if(this.cache=new Map,!e.apiKey)throw new Error("TraceTail: API key is required. Get yours at https://tracetail.io");this.options={apiKey:e.apiKey,endpoint:e.endpoint||"/api",timeout:e.timeout||1e4,debug:e.debug||!1,caching:!1!==e.caching,respectDNT:e.respectDNT||!1,includeIP:!1!==e.includeIP,storeFingerprints:!1!==e.storeFingerprints,enableWorkers:!1!==e.enableWorkers,batchRequests:!1!==e.batchRequests,fallbackMode:e.fallbackMode||"basic"},this.log("TraceTail SDK initialized",{version:"2.3.7",options:this.options})}async generateFingerprint(e){const a=performance.now();try{if(this.options.respectDNT&&this.isDNTEnabled())throw new Error("TraceTail: Do Not Track is enabled");const o=!0===(null==e?void 0:e.verbose),i=o?"fingerprint_verbose":"fingerprint_basic";if(this.options.caching&&this.cache.has(i)){const e=this.cache.get(i);if(e)return this.log("Using cached fingerprint",e),e}const s=await f(),c=Math.round(performance.now()-a);if(this.options.apiKey&&this.options.endpoint)try{const e={...await this.sendToServer(s,o),processingTime:Math.round(performance.now()-a)};return this.options.caching&&this.cache.set(i,e),this.log("Server-enhanced fingerprint generated",e),e}catch(e){this.log("Server processing failed, falling back to client-side",e)}const u=await async function(e){const a=await r(),o=n(l(e,!0)),i=JSON.stringify(o),s=await t(i);if(a.isPrivate)return"fp2_"+s.substring(0,16);const c=n(l(e,!1)),u=JSON.stringify(c),f=await t(u);return"fp2_"+(s.substring(0,12)+f.substring(0,4))}(s),h={visitorId:u,confidence:await this.calculateConfidenceAsync(s),processingTime:c,...o&&{components:s}};return this.options.caching&&this.cache.set(i,h),this.log("Client-side fingerprint generated",h),h}catch(e){throw this.log("Fingerprint generation failed",e),e}}async sendToServer(e,t){const r=new AbortController,n=setTimeout(()=>r.abort(),this.options.timeout);try{const a=await fetch(`${this.options.endpoint}/id`,{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${this.options.apiKey}`,"X-TraceTail-SDK":"js/2.3.7"},body:JSON.stringify({components:e,verbose:t||!1,clientCapabilities:{timestamp:Date.now(),sdkVersion:"2.3.7"}}),signal:r.signal});if(clearTimeout(n),!a.ok){if(401===a.status)throw new Error("Invalid API key");throw new Error(`Server returned ${a.status}`)}const o=await a.json(),i={visitorId:o.visitorId,confidence:o.confidence,processingTime:o.processingTime||0};if(t){if(!o.components)throw new Error("Server did not return components in verbose mode");i.components=o.components}return i}catch(e){throw clearTimeout(n),this.options.debug&&console.error("[TraceTail] Server error:",e),e}}static getVersion(){return"2.3.7"}static validateApiKey(e){return/^tt_(test|prod)_[a-zA-Z0-9]{32,}$/.test(e)}async calculateConfidenceAsync(e){const t={canvas:.15,webgl:.12,fonts:.1,audio:.08,basic:.05};let n=.5;const a=e=>{if(!e)return!1;if("object"==typeof e){const t=e;return!t.error&&!t.unavailable}return!0};for(const[r,o]of Object.entries(t))a(e[r])&&(n+=o);if(e.basic&&"object"==typeof e.basic){const t=Object.keys(e.basic).filter(t=>void 0!==e.basic[t]);n+=Math.min(.1,.012*t.length)}const o=Object.keys(e).filter(t=>a(e[t]));o.length>=5?n+=.05:o.length>=3&&(n+=.02);try{const e=await r();e.isPrivate&&(n-=.08,n-=.02*e.signals.length)}catch(e){n-=.03}return Math.min(.99,Math.max(.4,Math.round(1e3*n)/1e3))}calculateConfidence(e){const t={canvas:.15,webgl:.12,fonts:.1,audio:.08,basic:.05};let r=.5;const n=e=>{if(!e)return!1;if("object"==typeof e){const t=e;return!t.error&&!t.unavailable}return!0};for(const[a,o]of Object.entries(t))n(e[a])&&(r+=o);if(e.basic&&"object"==typeof e.basic){const t=Object.keys(e.basic).filter(t=>void 0!==e.basic[t]);r+=Math.min(.1,.012*t.length)}const a=Object.keys(e).filter(t=>n(e[t]));return a.length>=5?r+=.05:a.length>=3&&(r+=.02),Math.min(.99,Math.max(.4,Math.round(1e3*r)/1e3))}isDNTEnabled(){return"1"===navigator.doNotTrack||"1"===window.doNotTrack||"1"===navigator.msDoNotTrack}log(e,t){this.options.debug&&console.log(`[TraceTail] ${e}`,t)}}export{h as TraceTail,h as default};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tracetail/js",
-  "version": "2.3.10",
+  "version": "2.3.12",
   "description": "TraceTail JavaScript SDK for browser fingerprinting",
   "type": "module",
   "main": "dist/index.js",
@@ -34,6 +34,9 @@
   ],
   "author": "TraceTail",
   "license": "MIT",
+  "dependencies": {
+    "tslib": "^2.8.1"
+  },
   "devDependencies": {
     "@rollup/plugin-typescript": "^11.1.6",
     "rollup": "^4.9.6",