npm - @unireq/config - Versions diffs - 0.0.1 - Mend

@unireq/config 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2025 Olivier Orabona
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,215 @@
+/**
+ * @unireq/config - Centralized configuration for unireq
+ * Externalizes hardcoded defaults for security and maintainability
+ * Values can be overridden via environment variables (UNIREQ_* prefix)
+ */
+/**
+ * HTTP configuration defaults
+ * Can be overridden with UNIREQ_HTTP_TIMEOUT environment variable
+ */
+declare const HTTP_CONFIG: {
+    /** Default timeout for requests (ms) */
+    readonly DEFAULT_TIMEOUT: number;
+    /** Default redirect policy */
+    readonly REDIRECT: {
+        /** Allowed redirect status codes (307/308 only for safety) */
+        readonly ALLOWED_STATUS_CODES: readonly [307, 308];
+        /** Maximum number of redirects to follow */
+        readonly MAX_REDIRECTS: 5;
+        /** Follow 303 See Other redirects (opt-in) */
+        readonly FOLLOW_303: false;
+    };
+    /** Retry policy defaults */
+    readonly RETRY: {
+        /** Number of retry attempts */
+        readonly MAX_TRIES: 3;
+        /** Initial backoff delay (ms) */
+        readonly INITIAL_BACKOFF: 1000;
+        /** Maximum backoff delay (ms) */
+        readonly MAX_BACKOFF: 30000;
+        /** Enable jitter for backoff */
+        readonly JITTER: true;
+        /** HTTP methods eligible for retry */
+        readonly RETRY_METHODS: readonly ["GET", "PUT", "DELETE", "HEAD", "OPTIONS"];
+        /** Status codes that trigger retry */
+        readonly RETRY_STATUS_CODES: readonly [408, 429, 500, 502, 503, 504];
+    };
+    /** Rate limit handling */
+    readonly RATE_LIMIT: {
+        /** Automatically retry on rate limit (429/503) */
+        readonly AUTO_RETRY: true;
+        /** Maximum wait time for rate limit (ms) */
+        readonly MAX_WAIT: 60000;
+    };
+};
+/**
+ * Multipart upload security defaults
+ * Can be overridden with UNIREQ_MULTIPART_MAX_FILE_SIZE and UNIREQ_MULTIPART_SANITIZE_FILENAMES
+ */
+declare const MULTIPART_CONFIG: {
+    /** Maximum file size (bytes) - 100 MB */
+    readonly MAX_FILE_SIZE: number;
+    /** Enable filename sanitization by default */
+    readonly SANITIZE_FILENAMES: boolean;
+    /** Common allowed MIME types by category */
+    readonly MIME_TYPES: {
+        readonly IMAGES: readonly ["image/jpeg", "image/png", "image/gif", "image/webp", "image/svg+xml"];
+        readonly DOCUMENTS: readonly ["application/pdf", "application/msword", "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "application/vnd.ms-excel", "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"];
+        readonly ARCHIVES: readonly ["application/zip", "application/x-tar", "application/gzip"];
+    };
+    /**
+     * Default secure whitelist for multipart uploads (OWASP A01:2021 - Broken Access Control)
+     * Includes common safe file types: images, documents, text, and binary data
+     * @security This whitelist prevents unrestricted file upload attacks
+     */
+    readonly DEFAULT_ALLOWED_MIME_TYPES: readonly ["image/jpeg", "image/png", "image/gif", "image/webp", "image/svg+xml", "application/pdf", "application/msword", "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "application/vnd.ms-excel", "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "application/vnd.ms-powerpoint", "application/vnd.openxmlformats-officedocument.presentationml.presentation", "text/plain", "text/csv", "text/html", "text/markdown", "application/json", "application/xml", "text/xml", "application/octet-stream"];
+};
+/**
+ * OAuth/JWT security defaults
+ * Can be overridden with UNIREQ_JWT_CLOCK_SKEW and UNIREQ_OAUTH_AUTO_REFRESH
+ */
+declare const OAUTH_CONFIG: {
+    /** Clock skew tolerance for JWT expiration (seconds) */
+    readonly JWT_CLOCK_SKEW: number;
+    /** Automatically refresh tokens on 401 */
+    readonly AUTO_REFRESH: boolean;
+};
+/**
+ * Security configuration
+ */
+declare const SECURITY_CONFIG: {
+    /** CRLF injection validation (always enabled, cannot be disabled) */
+    readonly CRLF_VALIDATION: {
+        readonly ENABLED: true;
+        /** Pattern to detect CRLF characters */
+        readonly PATTERN: RegExp;
+    };
+    /** Path traversal prevention patterns */
+    readonly PATH_TRAVERSAL: {
+        /** Patterns to sanitize in filenames */
+        readonly UNSAFE_PATTERNS: readonly [RegExp, RegExp, RegExp];
+    };
+};
+/**
+ * Content negotiation defaults
+ */
+declare const CONTENT_CONFIG: {
+    /** Default Accept header for JSON APIs */
+    readonly JSON_ACCEPT: readonly ["application/json", "application/xml"];
+    /** Default content types */
+    readonly DEFAULT_CONTENT_TYPES: {
+        readonly JSON: "application/json";
+        readonly TEXT: "text/plain";
+        readonly FORM: "application/x-www-form-urlencoded";
+        readonly MULTIPART: "multipart/form-data";
+    };
+};
+/**
+ * Range request configuration
+ */
+declare const RANGE_CONFIG: {
+    /** Default unit for range requests */
+    readonly DEFAULT_UNIT: "bytes";
+    /** Default chunk size for range requests (1 MB) */
+    readonly DEFAULT_CHUNK_SIZE: 1000000;
+};
+/**
+ * Complete configuration object
+ */
+declare const CONFIG: {
+    readonly HTTP: {
+        /** Default timeout for requests (ms) */
+        readonly DEFAULT_TIMEOUT: number;
+        /** Default redirect policy */
+        readonly REDIRECT: {
+            /** Allowed redirect status codes (307/308 only for safety) */
+            readonly ALLOWED_STATUS_CODES: readonly [307, 308];
+            /** Maximum number of redirects to follow */
+            readonly MAX_REDIRECTS: 5;
+            /** Follow 303 See Other redirects (opt-in) */
+            readonly FOLLOW_303: false;
+        };
+        /** Retry policy defaults */
+        readonly RETRY: {
+            /** Number of retry attempts */
+            readonly MAX_TRIES: 3;
+            /** Initial backoff delay (ms) */
+            readonly INITIAL_BACKOFF: 1000;
+            /** Maximum backoff delay (ms) */
+            readonly MAX_BACKOFF: 30000;
+            /** Enable jitter for backoff */
+            readonly JITTER: true;
+            /** HTTP methods eligible for retry */
+            readonly RETRY_METHODS: readonly ["GET", "PUT", "DELETE", "HEAD", "OPTIONS"];
+            /** Status codes that trigger retry */
+            readonly RETRY_STATUS_CODES: readonly [408, 429, 500, 502, 503, 504];
+        };
+        /** Rate limit handling */
+        readonly RATE_LIMIT: {
+            /** Automatically retry on rate limit (429/503) */
+            readonly AUTO_RETRY: true;
+            /** Maximum wait time for rate limit (ms) */
+            readonly MAX_WAIT: 60000;
+        };
+    };
+    readonly MULTIPART: {
+        /** Maximum file size (bytes) - 100 MB */
+        readonly MAX_FILE_SIZE: number;
+        /** Enable filename sanitization by default */
+        readonly SANITIZE_FILENAMES: boolean;
+        /** Common allowed MIME types by category */
+        readonly MIME_TYPES: {
+            readonly IMAGES: readonly ["image/jpeg", "image/png", "image/gif", "image/webp", "image/svg+xml"];
+            readonly DOCUMENTS: readonly ["application/pdf", "application/msword", "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "application/vnd.ms-excel", "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"];
+            readonly ARCHIVES: readonly ["application/zip", "application/x-tar", "application/gzip"];
+        };
+        /**
+         * Default secure whitelist for multipart uploads (OWASP A01:2021 - Broken Access Control)
+         * Includes common safe file types: images, documents, text, and binary data
+         * @security This whitelist prevents unrestricted file upload attacks
+         */
+        readonly DEFAULT_ALLOWED_MIME_TYPES: readonly ["image/jpeg", "image/png", "image/gif", "image/webp", "image/svg+xml", "application/pdf", "application/msword", "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "application/vnd.ms-excel", "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "application/vnd.ms-powerpoint", "application/vnd.openxmlformats-officedocument.presentationml.presentation", "text/plain", "text/csv", "text/html", "text/markdown", "application/json", "application/xml", "text/xml", "application/octet-stream"];
+    };
+    readonly OAUTH: {
+        /** Clock skew tolerance for JWT expiration (seconds) */
+        readonly JWT_CLOCK_SKEW: number;
+        /** Automatically refresh tokens on 401 */
+        readonly AUTO_REFRESH: boolean;
+    };
+    readonly SECURITY: {
+        /** CRLF injection validation (always enabled, cannot be disabled) */
+        readonly CRLF_VALIDATION: {
+            readonly ENABLED: true;
+            /** Pattern to detect CRLF characters */
+            readonly PATTERN: RegExp;
+        };
+        /** Path traversal prevention patterns */
+        readonly PATH_TRAVERSAL: {
+            /** Patterns to sanitize in filenames */
+            readonly UNSAFE_PATTERNS: readonly [RegExp, RegExp, RegExp];
+        };
+    };
+    readonly CONTENT: {
+        /** Default Accept header for JSON APIs */
+        readonly JSON_ACCEPT: readonly ["application/json", "application/xml"];
+        /** Default content types */
+        readonly DEFAULT_CONTENT_TYPES: {
+            readonly JSON: "application/json";
+            readonly TEXT: "text/plain";
+            readonly FORM: "application/x-www-form-urlencoded";
+            readonly MULTIPART: "multipart/form-data";
+        };
+    };
+    readonly RANGE: {
+        /** Default unit for range requests */
+        readonly DEFAULT_UNIT: "bytes";
+        /** Default chunk size for range requests (1 MB) */
+        readonly DEFAULT_CHUNK_SIZE: 1000000;
+    };
+};
+/**
+ * Type-safe configuration access
+ */
+type UnireqConfig = typeof CONFIG;
+export { CONFIG, CONTENT_CONFIG, HTTP_CONFIG, MULTIPART_CONFIG, OAUTH_CONFIG, RANGE_CONFIG, SECURITY_CONFIG, type UnireqConfig, CONFIG as default };

package/dist/index.js ADDED Viewed

@@ -0,0 +1,159 @@
+// src/index.ts
+function getEnvNumber(key, fallback) {
+  const value = typeof process !== "undefined" && process.env ? process.env[key] : void 0;
+  const parsed = value ? Number.parseInt(value, 10) : Number.NaN;
+  return Number.isNaN(parsed) ? fallback : parsed;
+}
+function getEnvBoolean(key, fallback) {
+  const value = typeof process !== "undefined" && process.env ? process.env[key] : void 0;
+  if (value === void 0) return fallback;
+  return value.toLowerCase() === "true" || value === "1";
+}
+var HTTP_CONFIG = {
+  /** Default timeout for requests (ms) */
+  DEFAULT_TIMEOUT: getEnvNumber("UNIREQ_HTTP_TIMEOUT", 3e4),
+  /** Default redirect policy */
+  REDIRECT: {
+    /** Allowed redirect status codes (307/308 only for safety) */
+    ALLOWED_STATUS_CODES: [307, 308],
+    /** Maximum number of redirects to follow */
+    MAX_REDIRECTS: 5,
+    /** Follow 303 See Other redirects (opt-in) */
+    FOLLOW_303: false
+  },
+  /** Retry policy defaults */
+  RETRY: {
+    /** Number of retry attempts */
+    MAX_TRIES: 3,
+    /** Initial backoff delay (ms) */
+    INITIAL_BACKOFF: 1e3,
+    /** Maximum backoff delay (ms) */
+    MAX_BACKOFF: 3e4,
+    /** Enable jitter for backoff */
+    JITTER: true,
+    /** HTTP methods eligible for retry */
+    RETRY_METHODS: ["GET", "PUT", "DELETE", "HEAD", "OPTIONS"],
+    /** Status codes that trigger retry */
+    RETRY_STATUS_CODES: [408, 429, 500, 502, 503, 504]
+  },
+  /** Rate limit handling */
+  RATE_LIMIT: {
+    /** Automatically retry on rate limit (429/503) */
+    AUTO_RETRY: true,
+    /** Maximum wait time for rate limit (ms) */
+    MAX_WAIT: 6e4
+  }
+};
+var MULTIPART_CONFIG = {
+  /** Maximum file size (bytes) - 100 MB */
+  MAX_FILE_SIZE: getEnvNumber("UNIREQ_MULTIPART_MAX_FILE_SIZE", 1e8),
+  /** Enable filename sanitization by default */
+  SANITIZE_FILENAMES: getEnvBoolean("UNIREQ_MULTIPART_SANITIZE_FILENAMES", true),
+  /** Common allowed MIME types by category */
+  MIME_TYPES: {
+    IMAGES: ["image/jpeg", "image/png", "image/gif", "image/webp", "image/svg+xml"],
+    DOCUMENTS: [
+      "application/pdf",
+      "application/msword",
+      "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
+      "application/vnd.ms-excel",
+      "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"
+    ],
+    ARCHIVES: ["application/zip", "application/x-tar", "application/gzip"]
+  },
+  /**
+   * Default secure whitelist for multipart uploads (OWASP A01:2021 - Broken Access Control)
+   * Includes common safe file types: images, documents, text, and binary data
+   * @security This whitelist prevents unrestricted file upload attacks
+   */
+  DEFAULT_ALLOWED_MIME_TYPES: [
+    // Images
+    "image/jpeg",
+    "image/png",
+    "image/gif",
+    "image/webp",
+    "image/svg+xml",
+    // Documents
+    "application/pdf",
+    "application/msword",
+    "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
+    "application/vnd.ms-excel",
+    "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
+    "application/vnd.ms-powerpoint",
+    "application/vnd.openxmlformats-officedocument.presentationml.presentation",
+    // Text
+    "text/plain",
+    "text/csv",
+    "text/html",
+    "text/markdown",
+    // JSON/XML
+    "application/json",
+    "application/xml",
+    "text/xml",
+    // Binary (safe generic types)
+    "application/octet-stream"
+  ]
+};
+var OAUTH_CONFIG = {
+  /** Clock skew tolerance for JWT expiration (seconds) */
+  JWT_CLOCK_SKEW: getEnvNumber("UNIREQ_JWT_CLOCK_SKEW", 60),
+  /** Automatically refresh tokens on 401 */
+  AUTO_REFRESH: getEnvBoolean("UNIREQ_OAUTH_AUTO_REFRESH", true)
+};
+var SECURITY_CONFIG = {
+  /** CRLF injection validation (always enabled, cannot be disabled) */
+  CRLF_VALIDATION: {
+    ENABLED: true,
+    /** Pattern to detect CRLF characters */
+    PATTERN: /[\r\n]/
+  },
+  /** Path traversal prevention patterns */
+  PATH_TRAVERSAL: {
+    /** Patterns to sanitize in filenames */
+    UNSAFE_PATTERNS: [
+      /[/\\]/g,
+      // Path separators
+      /\0/g,
+      // Null bytes
+      /\.\./g
+      // Directory traversal
+    ]
+  }
+};
+var CONTENT_CONFIG = {
+  /** Default Accept header for JSON APIs */
+  JSON_ACCEPT: ["application/json", "application/xml"],
+  /** Default content types */
+  DEFAULT_CONTENT_TYPES: {
+    JSON: "application/json",
+    TEXT: "text/plain",
+    FORM: "application/x-www-form-urlencoded",
+    MULTIPART: "multipart/form-data"
+  }
+};
+var RANGE_CONFIG = {
+  /** Default unit for range requests */
+  DEFAULT_UNIT: "bytes",
+  /** Default chunk size for range requests (1 MB) */
+  DEFAULT_CHUNK_SIZE: 1e6
+};
+var CONFIG = {
+  HTTP: HTTP_CONFIG,
+  MULTIPART: MULTIPART_CONFIG,
+  OAUTH: OAUTH_CONFIG,
+  SECURITY: SECURITY_CONFIG,
+  CONTENT: CONTENT_CONFIG,
+  RANGE: RANGE_CONFIG
+};
+var index_default = CONFIG;
+export {
+  CONFIG,
+  CONTENT_CONFIG,
+  HTTP_CONFIG,
+  MULTIPART_CONFIG,
+  OAUTH_CONFIG,
+  RANGE_CONFIG,
+  SECURITY_CONFIG,
+  index_default as default
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/index.ts"],"sourcesContent":["/**\n * @unireq/config - Centralized configuration for unireq\n * Externalizes hardcoded defaults for security and maintainability\n * Values can be overridden via environment variables (UNIREQ_* prefix)\n */\n\n/**\n * Gets environment variable as number with fallback\n */\nfunction getEnvNumber(key: string, fallback: number): number {\n const value = typeof process !== 'undefined' && process.env ? process.env[key] : undefined;\n const parsed = value ? Number.parseInt(value, 10) : Number.NaN;\n return Number.isNaN(parsed) ? fallback : parsed;\n}\n\n/**\n * Gets environment variable as boolean with fallback\n */\nfunction getEnvBoolean(key: string, fallback: boolean): boolean {\n const value = typeof process !== 'undefined' && process.env ? process.env[key] : undefined;\n if (value === undefined) return fallback;\n return value.toLowerCase() === 'true' || value === '1';\n}\n\n/**\n * HTTP configuration defaults\n * Can be overridden with UNIREQ_HTTP_TIMEOUT environment variable\n */\nexport const HTTP_CONFIG = {\n /** Default timeout for requests (ms) */\n DEFAULT_TIMEOUT: getEnvNumber('UNIREQ_HTTP_TIMEOUT', 30000),\n\n /** Default redirect policy */\n REDIRECT: {\n /** Allowed redirect status codes (307/308 only for safety) */\n ALLOWED_STATUS_CODES: [307, 308] as const,\n /** Maximum number of redirects to follow */\n MAX_REDIRECTS: 5,\n /** Follow 303 See Other redirects (opt-in) */\n FOLLOW_303: false,\n },\n\n /** Retry policy defaults */\n RETRY: {\n /** Number of retry attempts */\n MAX_TRIES: 3,\n /** Initial backoff delay (ms) */\n INITIAL_BACKOFF: 1000,\n /** Maximum backoff delay (ms) */\n MAX_BACKOFF: 30000,\n /** Enable jitter for backoff */\n JITTER: true,\n /** HTTP methods eligible for retry */\n RETRY_METHODS: ['GET', 'PUT', 'DELETE', 'HEAD', 'OPTIONS'] as const,\n /** Status codes that trigger retry */\n RETRY_STATUS_CODES: [408, 429, 500, 502, 503, 504] as const,\n },\n\n /** Rate limit handling */\n RATE_LIMIT: {\n /** Automatically retry on rate limit (429/503) */\n AUTO_RETRY: true,\n /** Maximum wait time for rate limit (ms) */\n MAX_WAIT: 60000,\n },\n} as const;\n\n/**\n * Multipart upload security defaults\n * Can be overridden with UNIREQ_MULTIPART_MAX_FILE_SIZE and UNIREQ_MULTIPART_SANITIZE_FILENAMES\n */\nexport const MULTIPART_CONFIG = {\n /** Maximum file size (bytes) - 100 MB */\n MAX_FILE_SIZE: getEnvNumber('UNIREQ_MULTIPART_MAX_FILE_SIZE', 100_000_000),\n\n /** Enable filename sanitization by default */\n SANITIZE_FILENAMES: getEnvBoolean('UNIREQ_MULTIPART_SANITIZE_FILENAMES', true),\n\n /** Common allowed MIME types by category */\n MIME_TYPES: {\n IMAGES: ['image/jpeg', 'image/png', 'image/gif', 'image/webp', 'image/svg+xml'] as const,\n DOCUMENTS: [\n 'application/pdf',\n 'application/msword',\n 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',\n 'application/vnd.ms-excel',\n 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',\n ] as const,\n ARCHIVES: ['application/zip', 'application/x-tar', 'application/gzip'] as const,\n },\n\n /**\n * Default secure whitelist for multipart uploads (OWASP A01:2021 - Broken Access Control)\n * Includes common safe file types: images, documents, text, and binary data\n * @security This whitelist prevents unrestricted file upload attacks\n */\n DEFAULT_ALLOWED_MIME_TYPES: [\n // Images\n 'image/jpeg',\n 'image/png',\n 'image/gif',\n 'image/webp',\n 'image/svg+xml',\n // Documents\n 'application/pdf',\n 'application/msword',\n 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',\n 'application/vnd.ms-excel',\n 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',\n 'application/vnd.ms-powerpoint',\n 'application/vnd.openxmlformats-officedocument.presentationml.presentation',\n // Text\n 'text/plain',\n 'text/csv',\n 'text/html',\n 'text/markdown',\n // JSON/XML\n 'application/json',\n 'application/xml',\n 'text/xml',\n // Binary (safe generic types)\n 'application/octet-stream',\n ] as const,\n} as const;\n\n/**\n * OAuth/JWT security defaults\n * Can be overridden with UNIREQ_JWT_CLOCK_SKEW and UNIREQ_OAUTH_AUTO_REFRESH\n */\nexport const OAUTH_CONFIG = {\n /** Clock skew tolerance for JWT expiration (seconds) */\n JWT_CLOCK_SKEW: getEnvNumber('UNIREQ_JWT_CLOCK_SKEW', 60),\n\n /** Automatically refresh tokens on 401 */\n AUTO_REFRESH: getEnvBoolean('UNIREQ_OAUTH_AUTO_REFRESH', true),\n} as const;\n\n/**\n * Security configuration\n */\nexport const SECURITY_CONFIG = {\n /** CRLF injection validation (always enabled, cannot be disabled) */\n CRLF_VALIDATION: {\n ENABLED: true,\n /** Pattern to detect CRLF characters */\n PATTERN: /[\\r\\n]/,\n } as const,\n\n /** Path traversal prevention patterns */\n PATH_TRAVERSAL: {\n /** Patterns to sanitize in filenames */\n UNSAFE_PATTERNS: [\n /[/\\\\]/g, // Path separators\n /\\0/g, // Null bytes\n /\\.\\./g, // Directory traversal\n ] as const,\n } as const,\n} as const;\n\n/**\n * Content negotiation defaults\n */\nexport const CONTENT_CONFIG = {\n /** Default Accept header for JSON APIs */\n JSON_ACCEPT: ['application/json', 'application/xml'] as const,\n\n /** Default content types */\n DEFAULT_CONTENT_TYPES: {\n JSON: 'application/json',\n TEXT: 'text/plain',\n FORM: 'application/x-www-form-urlencoded',\n MULTIPART: 'multipart/form-data',\n } as const,\n} as const;\n\n/**\n * Range request configuration\n */\nexport const RANGE_CONFIG = {\n /** Default unit for range requests */\n DEFAULT_UNIT: 'bytes' as const,\n\n /** Default chunk size for range requests (1 MB) */\n DEFAULT_CHUNK_SIZE: 1_000_000,\n} as const;\n\n/**\n * Complete configuration object\n */\nexport const CONFIG = {\n HTTP: HTTP_CONFIG,\n MULTIPART: MULTIPART_CONFIG,\n OAUTH: OAUTH_CONFIG,\n SECURITY: SECURITY_CONFIG,\n CONTENT: CONTENT_CONFIG,\n RANGE: RANGE_CONFIG,\n} as const;\n\n/**\n * Type-safe configuration access\n */\nexport type UnireqConfig = typeof CONFIG;\n\n/**\n * Export individual configs for tree-shaking\n */\nexport default CONFIG;\n"],"mappings":";AASA,SAAS,aAAa,KAAa,UAA0B;AAC3D,QAAM,QAAQ,OAAO,YAAY,eAAe,QAAQ,MAAM,QAAQ,IAAI,GAAG,IAAI;AACjF,QAAM,SAAS,QAAQ,OAAO,SAAS,OAAO,EAAE,IAAI,OAAO;AAC3D,SAAO,OAAO,MAAM,MAAM,IAAI,WAAW;AAC3C;AAKA,SAAS,cAAc,KAAa,UAA4B;AAC9D,QAAM,QAAQ,OAAO,YAAY,eAAe,QAAQ,MAAM,QAAQ,IAAI,GAAG,IAAI;AACjF,MAAI,UAAU,OAAW,QAAO;AAChC,SAAO,MAAM,YAAY,MAAM,UAAU,UAAU;AACrD;AAMO,IAAM,cAAc;AAAA;AAAA,EAEzB,iBAAiB,aAAa,uBAAuB,GAAK;AAAA;AAAA,EAG1D,UAAU;AAAA;AAAA,IAER,sBAAsB,CAAC,KAAK,GAAG;AAAA;AAAA,IAE/B,eAAe;AAAA;AAAA,IAEf,YAAY;AAAA,EACd;AAAA;AAAA,EAGA,OAAO;AAAA;AAAA,IAEL,WAAW;AAAA;AAAA,IAEX,iBAAiB;AAAA;AAAA,IAEjB,aAAa;AAAA;AAAA,IAEb,QAAQ;AAAA;AAAA,IAER,eAAe,CAAC,OAAO,OAAO,UAAU,QAAQ,SAAS;AAAA;AAAA,IAEzD,oBAAoB,CAAC,KAAK,KAAK,KAAK,KAAK,KAAK,GAAG;AAAA,EACnD;AAAA;AAAA,EAGA,YAAY;AAAA;AAAA,IAEV,YAAY;AAAA;AAAA,IAEZ,UAAU;AAAA,EACZ;AACF;AAMO,IAAM,mBAAmB;AAAA;AAAA,EAE9B,eAAe,aAAa,kCAAkC,GAAW;AAAA;AAAA,EAGzE,oBAAoB,cAAc,uCAAuC,IAAI;AAAA;AAAA,EAG7E,YAAY;AAAA,IACV,QAAQ,CAAC,cAAc,aAAa,aAAa,cAAc,eAAe;AAAA,IAC9E,WAAW;AAAA,MACT;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,IACA,UAAU,CAAC,mBAAmB,qBAAqB,kBAAkB;AAAA,EACvE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,4BAA4B;AAAA;AAAA,IAE1B;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA;AAAA,IAEA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA;AAAA,IAEA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA;AAAA,IAEA;AAAA,IACA;AAAA,IACA;AAAA;AAAA,IAEA;AAAA,EACF;AACF;AAMO,IAAM,eAAe;AAAA;AAAA,EAE1B,gBAAgB,aAAa,yBAAyB,EAAE;AAAA;AAAA,EAGxD,cAAc,cAAc,6BAA6B,IAAI;AAC/D;AAKO,IAAM,kBAAkB;AAAA;AAAA,EAE7B,iBAAiB;AAAA,IACf,SAAS;AAAA;AAAA,IAET,SAAS;AAAA,EACX;AAAA;AAAA,EAGA,gBAAgB;AAAA;AAAA,IAEd,iBAAiB;AAAA,MACf;AAAA;AAAA,MACA;AAAA;AAAA,MACA;AAAA;AAAA,IACF;AAAA,EACF;AACF;AAKO,IAAM,iBAAiB;AAAA;AAAA,EAE5B,aAAa,CAAC,oBAAoB,iBAAiB;AAAA;AAAA,EAGnD,uBAAuB;AAAA,IACrB,MAAM;AAAA,IACN,MAAM;AAAA,IACN,MAAM;AAAA,IACN,WAAW;AAAA,EACb;AACF;AAKO,IAAM,eAAe;AAAA;AAAA,EAE1B,cAAc;AAAA;AAAA,EAGd,oBAAoB;AACtB;AAKO,IAAM,SAAS;AAAA,EACpB,MAAM;AAAA,EACN,WAAW;AAAA,EACX,OAAO;AAAA,EACP,UAAU;AAAA,EACV,SAAS;AAAA,EACT,OAAO;AACT;AAUA,IAAO,gBAAQ;","names":[]}

package/package.json ADDED Viewed

@@ -0,0 +1,49 @@
+{
+  "name": "@unireq/config",
+  "version": "0.0.1",
+  "description": "Configuration module for unireq - externalizes defaults and security settings",
+  "type": "module",
+  "main": "./dist/index.js",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "keywords": [
+    "config",
+    "defaults",
+    "security"
+  ],
+  "author": "Olivier Orabona",
+  "license": "MIT",
+  "devDependencies": {
+    "typescript": "^5.9.3",
+    "tsup": "^8.5.1",
+    "vitest": "^4.0.16"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/oorabona/unireq",
+    "directory": "packages/config"
+  },
+  "bugs": {
+    "url": "https://github.com/oorabona/unireq/issues"
+  },
+  "homepage": "https://github.com/oorabona/unireq/tree/main/packages/config",
+  "scripts": {
+    "build": "tsup",
+    "type-check": "tsc --noEmit",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "clean": "rm -rf dist *.tsbuildinfo"
+  }
+}