@vigneshreddy/cms-sdk 1.0.13 → 1.0.15

package/dist/src/validation.js

@@ -0,0 +1,196 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SalePayloadSchema = exports.LeadPayloadSchema = exports.CMSConfigSchema = void 0;
+exports.validateLeadPayload = validateLeadPayload;
+exports.validateSalePayload = validateSalePayload;
+exports.validateCMSConfig = validateCMSConfig;
+exports.sanitizeForLogging = sanitizeForLogging;
+exports.redactApiKey = redactApiKey;
+/**
+ * Input validation schemas using Zod
+ * Ensures all incoming data is sanitized and valid
+ */
+const zod_1 = require("zod");
+const constants_1 = require("./constants");
+exports.CMSConfigSchema = zod_1.z.object({
+    apiKey: zod_1.z
+        .string()
+        .min(1, constants_1.ERROR_MESSAGES.API_KEY_REQUIRED)
+        .refine((key) => constants_1.VALIDATION_CONSTRAINTS.API_KEY.PATTERN.test(key), constants_1.ERROR_MESSAGES.API_KEY_INVALID_FORMAT),
+    baseUrl: zod_1.z
+        .string()
+        .url(constants_1.ERROR_MESSAGES.BASE_URL_INVALID)
+        .optional(),
+    timeout: zod_1.z
+        .number()
+        .int()
+        .min(constants_1.VALIDATION_CONSTRAINTS.TIMEOUT.MIN_MS, constants_1.ERROR_MESSAGES.TIMEOUT_TOO_LOW)
+        .max(constants_1.VALIDATION_CONSTRAINTS.TIMEOUT.MAX_MS, constants_1.ERROR_MESSAGES.TIMEOUT_TOO_HIGH)
+        .optional(),
+    maxRetries: zod_1.z
+        .number()
+        .int()
+        .min(constants_1.VALIDATION_CONSTRAINTS.MAX_RETRIES.MIN, constants_1.ERROR_MESSAGES.MAX_RETRIES_NEGATIVE)
+        .max(constants_1.VALIDATION_CONSTRAINTS.MAX_RETRIES.MAX, constants_1.ERROR_MESSAGES.MAX_RETRIES_TOO_HIGH)
+        .optional(),
+    retryDelayMs: zod_1.z
+        .number()
+        .int()
+        .min(constants_1.VALIDATION_CONSTRAINTS.RETRY_DELAY.MIN_MS, constants_1.ERROR_MESSAGES.RETRY_DELAY_TOO_LOW)
+        .max(constants_1.VALIDATION_CONSTRAINTS.RETRY_DELAY.MAX_MS, constants_1.ERROR_MESSAGES.RETRY_DELAY_TOO_HIGH)
+        .optional(),
+    retryMaxDelayMs: zod_1.z
+        .number()
+        .int()
+        .min(constants_1.VALIDATION_CONSTRAINTS.RETRY_MAX_DELAY.MIN_MS, constants_1.ERROR_MESSAGES.RETRY_MAX_DELAY_TOO_LOW)
+        .max(constants_1.VALIDATION_CONSTRAINTS.RETRY_MAX_DELAY.MAX_MS, constants_1.ERROR_MESSAGES.RETRY_MAX_DELAY_TOO_HIGH)
+        .optional(),
+    retryOnStatuses: zod_1.z
+        .array(zod_1.z.number().int().min(100).max(599))
+        .optional(),
+    retryOnNetworkError: zod_1.z.boolean().optional(),
+});
+// Lead payload validation
+exports.LeadPayloadSchema = zod_1.z.object({
+    clickId: zod_1.z
+        .string()
+        .min(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.CLICK_ID.MIN)
+        .max(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.CLICK_ID.MAX)
+        .optional(),
+    eventName: zod_1.z
+        .string()
+        .min(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.EVENT_NAME.MIN, constants_1.ERROR_MESSAGES.EVENT_NAME_REQUIRED)
+        .max(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.EVENT_NAME.MAX, constants_1.ERROR_MESSAGES.EVENT_NAME_TOO_LONG),
+    customerExternalId: zod_1.z
+        .string()
+        .min(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.CUSTOMER_EXTERNAL_ID.MIN, constants_1.ERROR_MESSAGES.CUSTOMER_EXTERNAL_ID_REQUIRED)
+        .max(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.CUSTOMER_EXTERNAL_ID.MAX, constants_1.ERROR_MESSAGES.CUSTOMER_EXTERNAL_ID_TOO_LONG),
+    timestamp: zod_1.z
+        .string()
+        .datetime()
+        .optional(),
+    customerId: zod_1.z
+        .string()
+        .max(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.CUSTOMER_ID.MAX)
+        .optional(),
+    customerName: zod_1.z
+        .string()
+        .max(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.CUSTOMER_NAME.MAX)
+        .optional(),
+    customerEmail: zod_1.z
+        .string()
+        .email(constants_1.ERROR_MESSAGES.CUSTOMER_EMAIL_INVALID)
+        .max(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.CUSTOMER_EMAIL.MAX, constants_1.ERROR_MESSAGES.CUSTOMER_EMAIL_TOO_LONG)
+        .optional(),
+    customerAvatar: zod_1.z
+        .string()
+        .url(constants_1.ERROR_MESSAGES.CUSTOMER_AVATAR_INVALID)
+        .optional(),
+    mode: zod_1.z
+        .enum(["deferred"])
+        .optional(),
+});
+// Sale payload validation
+exports.SalePayloadSchema = zod_1.z.object({
+    clickId: zod_1.z
+        .string()
+        .min(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.CLICK_ID.MIN)
+        .max(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.CLICK_ID.MAX)
+        .optional(),
+    eventName: zod_1.z
+        .string()
+        .optional(),
+    invoiceId: zod_1.z
+        .string()
+        .min(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.INVOICE_ID.MIN, constants_1.ERROR_MESSAGES.INVOICE_ID_REQUIRED)
+        .max(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.INVOICE_ID.MAX, constants_1.ERROR_MESSAGES.INVOICE_ID_TOO_LONG),
+    amount: zod_1.z
+        .number()
+        .int()
+        .min(constants_1.VALIDATION_CONSTRAINTS.AMOUNT.MIN, constants_1.ERROR_MESSAGES.AMOUNT_NEGATIVE),
+    currency: zod_1.z
+        .string()
+        .length(constants_1.VALIDATION_CONSTRAINTS.CURRENCY.LENGTH, constants_1.ERROR_MESSAGES.CURRENCY_INVALID_LENGTH)
+        .regex(constants_1.VALIDATION_CONSTRAINTS.CURRENCY.PATTERN, constants_1.ERROR_MESSAGES.CURRENCY_INVALID_FORMAT)
+        .optional(),
+    timestamp: zod_1.z
+        .string()
+        .datetime()
+        .optional(),
+    customerId: zod_1.z
+        .string()
+        .max(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.CUSTOMER_ID.MAX)
+        .optional(),
+    customerExternalId: zod_1.z
+        .string()
+        .max(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.CUSTOMER_EXTERNAL_ID.MAX)
+        .optional(),
+    customerName: zod_1.z
+        .string()
+        .max(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.CUSTOMER_NAME.MAX)
+        .optional(),
+    customerEmail: zod_1.z
+        .string()
+        .email(constants_1.ERROR_MESSAGES.CUSTOMER_EMAIL_INVALID)
+        .max(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.CUSTOMER_EMAIL.MAX, constants_1.ERROR_MESSAGES.CUSTOMER_EMAIL_TOO_LONG)
+        .optional(),
+    mode: zod_1.z
+        .enum(["deferred"])
+        .optional(),
+});
+/**
+ * Validates input data and throws detailed error if invalid
+ */
+function validateLeadPayload(data) {
+    return exports.LeadPayloadSchema.parse(data);
+}
+function validateSalePayload(data) {
+    return exports.SalePayloadSchema.parse(data);
+}
+function validateCMSConfig(data) {
+    return exports.CMSConfigSchema.parse(data);
+}
+/**
+ * Sanitizes sensitive data for logging/errors
+ * Removes API keys, tokens, and other credentials
+ */
+function sanitizeForLogging(obj) {
+    if (!obj || typeof obj !== "object") {
+        return obj;
+    }
+    if (Array.isArray(obj)) {
+        return obj.map((item) => sanitizeForLogging(item));
+    }
+    const sanitized = {};
+    for (const [key, value] of Object.entries(obj)) {
+        const lowerKey = key.toLowerCase();
+        // Mask sensitive field names
+        if (constants_1.SENSITIVE_FIELDS.PATTERNS.some((field) => lowerKey.includes(field))) {
+            sanitized[key] = typeof value === "string" ? constants_1.SENSITIVE_FIELDS.REDACTION_PLACEHOLDER : value;
+        }
+        else if (typeof value === "object" && value !== null) {
+            sanitized[key] = sanitizeForLogging(value);
+        }
+        else {
+            sanitized[key] = value;
+        }
+    }
+    return sanitized;
+}
+/**
+ * Redacts API key from error messages
+ */
+function redactApiKey(message, apiKey) {
+    if (!apiKey)
+        return message;
+    // Replace the full key and common patterns
+    const patterns = [
+        apiKey,
+        apiKey.substring(0, 3) + "***" + apiKey.substring(apiKey.length - 3),
+    ];
+    let result = message;
+    for (const pattern of patterns) {
+        result = result.replace(new RegExp(pattern, "g"), constants_1.SENSITIVE_FIELDS.API_KEY_REDACTION);
+    }
+    return result;
+}

package/dist/src/validations/validation.d.ts

@@ -0,0 +1,119 @@
+/**
+ * Input validation schemas using Zod
+ * Ensures all incoming data is sanitized and valid
+ */
+import { z } from "zod";
+export declare const CMSConfigSchema: z.ZodObject<{
+    apiKey: z.ZodEffects<z.ZodString, string, string>;
+    baseUrl: z.ZodOptional<z.ZodString>;
+    timeout: z.ZodOptional<z.ZodNumber>;
+    maxRetries: z.ZodOptional<z.ZodNumber>;
+    retryDelayMs: z.ZodOptional<z.ZodNumber>;
+    retryMaxDelayMs: z.ZodOptional<z.ZodNumber>;
+    retryOnStatuses: z.ZodOptional<z.ZodArray<z.ZodNumber, "many">>;
+    retryOnNetworkError: z.ZodOptional<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+    apiKey: string;
+    timeout?: number | undefined;
+    baseUrl?: string | undefined;
+    maxRetries?: number | undefined;
+    retryDelayMs?: number | undefined;
+    retryMaxDelayMs?: number | undefined;
+    retryOnStatuses?: number[] | undefined;
+    retryOnNetworkError?: boolean | undefined;
+}, {
+    apiKey: string;
+    timeout?: number | undefined;
+    baseUrl?: string | undefined;
+    maxRetries?: number | undefined;
+    retryDelayMs?: number | undefined;
+    retryMaxDelayMs?: number | undefined;
+    retryOnStatuses?: number[] | undefined;
+    retryOnNetworkError?: boolean | undefined;
+}>;
+export type CMSConfigInput = z.infer<typeof CMSConfigSchema>;
+export declare const LeadPayloadSchema: z.ZodObject<{
+    clickId: z.ZodOptional<z.ZodString>;
+    eventName: z.ZodString;
+    customerExternalId: z.ZodString;
+    timestamp: z.ZodOptional<z.ZodString>;
+    customerId: z.ZodOptional<z.ZodString>;
+    customerName: z.ZodOptional<z.ZodString>;
+    customerEmail: z.ZodOptional<z.ZodString>;
+    customerAvatar: z.ZodOptional<z.ZodString>;
+    mode: z.ZodOptional<z.ZodEnum<["deferred"]>>;
+}, "strip", z.ZodTypeAny, {
+    eventName: string;
+    customerExternalId: string;
+    clickId?: string | undefined;
+    timestamp?: string | undefined;
+    customerId?: string | undefined;
+    customerName?: string | undefined;
+    customerEmail?: string | undefined;
+    customerAvatar?: string | undefined;
+    mode?: "deferred" | undefined;
+}, {
+    eventName: string;
+    customerExternalId: string;
+    clickId?: string | undefined;
+    timestamp?: string | undefined;
+    customerId?: string | undefined;
+    customerName?: string | undefined;
+    customerEmail?: string | undefined;
+    customerAvatar?: string | undefined;
+    mode?: "deferred" | undefined;
+}>;
+export type LeadPayloadInput = z.infer<typeof LeadPayloadSchema>;
+export declare const SalePayloadSchema: z.ZodObject<{
+    clickId: z.ZodOptional<z.ZodString>;
+    eventName: z.ZodOptional<z.ZodString>;
+    invoiceId: z.ZodString;
+    amount: z.ZodNumber;
+    currency: z.ZodOptional<z.ZodString>;
+    timestamp: z.ZodOptional<z.ZodString>;
+    customerId: z.ZodOptional<z.ZodString>;
+    customerExternalId: z.ZodOptional<z.ZodString>;
+    customerName: z.ZodOptional<z.ZodString>;
+    customerEmail: z.ZodOptional<z.ZodString>;
+    mode: z.ZodOptional<z.ZodEnum<["deferred"]>>;
+}, "strip", z.ZodTypeAny, {
+    invoiceId: string;
+    amount: number;
+    clickId?: string | undefined;
+    eventName?: string | undefined;
+    customerExternalId?: string | undefined;
+    timestamp?: string | undefined;
+    customerId?: string | undefined;
+    customerName?: string | undefined;
+    customerEmail?: string | undefined;
+    mode?: "deferred" | undefined;
+    currency?: string | undefined;
+}, {
+    invoiceId: string;
+    amount: number;
+    clickId?: string | undefined;
+    eventName?: string | undefined;
+    customerExternalId?: string | undefined;
+    timestamp?: string | undefined;
+    customerId?: string | undefined;
+    customerName?: string | undefined;
+    customerEmail?: string | undefined;
+    mode?: "deferred" | undefined;
+    currency?: string | undefined;
+}>;
+export type SalePayloadInput = z.infer<typeof SalePayloadSchema>;
+/**
+ * Validates input data and throws detailed error if invalid
+ */
+export declare function validateLeadPayload(data: unknown): LeadPayloadInput;
+export declare function validateSalePayload(data: unknown): SalePayloadInput;
+export declare function validateCMSConfig(data: unknown): CMSConfigInput;
+/**
+ * Sanitizes sensitive data for logging/errors
+ * Removes API keys, tokens, and other credentials
+ */
+export declare function sanitizeForLogging(obj: any): any;
+/**
+ * Redacts API key from error messages
+ */
+export declare function redactApiKey(message: string, apiKey?: string): string;

package/dist/src/validations/validation.js

@@ -0,0 +1,196 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SalePayloadSchema = exports.LeadPayloadSchema = exports.CMSConfigSchema = void 0;
+exports.validateLeadPayload = validateLeadPayload;
+exports.validateSalePayload = validateSalePayload;
+exports.validateCMSConfig = validateCMSConfig;
+exports.sanitizeForLogging = sanitizeForLogging;
+exports.redactApiKey = redactApiKey;
+/**
+ * Input validation schemas using Zod
+ * Ensures all incoming data is sanitized and valid
+ */
+const zod_1 = require("zod");
+const constants_1 = require("../constants/constants");
+exports.CMSConfigSchema = zod_1.z.object({
+    apiKey: zod_1.z
+        .string()
+        .min(1, constants_1.ERROR_MESSAGES.API_KEY_REQUIRED)
+        .refine((key) => constants_1.VALIDATION_CONSTRAINTS.API_KEY.PATTERN.test(key), constants_1.ERROR_MESSAGES.API_KEY_INVALID_FORMAT),
+    baseUrl: zod_1.z
+        .string()
+        .url(constants_1.ERROR_MESSAGES.BASE_URL_INVALID)
+        .optional(),
+    timeout: zod_1.z
+        .number()
+        .int()
+        .min(constants_1.VALIDATION_CONSTRAINTS.TIMEOUT.MIN_MS, constants_1.ERROR_MESSAGES.TIMEOUT_TOO_LOW)
+        .max(constants_1.VALIDATION_CONSTRAINTS.TIMEOUT.MAX_MS, constants_1.ERROR_MESSAGES.TIMEOUT_TOO_HIGH)
+        .optional(),
+    maxRetries: zod_1.z
+        .number()
+        .int()
+        .min(constants_1.VALIDATION_CONSTRAINTS.MAX_RETRIES.MIN, constants_1.ERROR_MESSAGES.MAX_RETRIES_NEGATIVE)
+        .max(constants_1.VALIDATION_CONSTRAINTS.MAX_RETRIES.MAX, constants_1.ERROR_MESSAGES.MAX_RETRIES_TOO_HIGH)
+        .optional(),
+    retryDelayMs: zod_1.z
+        .number()
+        .int()
+        .min(constants_1.VALIDATION_CONSTRAINTS.RETRY_DELAY.MIN_MS, constants_1.ERROR_MESSAGES.RETRY_DELAY_TOO_LOW)
+        .max(constants_1.VALIDATION_CONSTRAINTS.RETRY_DELAY.MAX_MS, constants_1.ERROR_MESSAGES.RETRY_DELAY_TOO_HIGH)
+        .optional(),
+    retryMaxDelayMs: zod_1.z
+        .number()
+        .int()
+        .min(constants_1.VALIDATION_CONSTRAINTS.RETRY_MAX_DELAY.MIN_MS, constants_1.ERROR_MESSAGES.RETRY_MAX_DELAY_TOO_LOW)
+        .max(constants_1.VALIDATION_CONSTRAINTS.RETRY_MAX_DELAY.MAX_MS, constants_1.ERROR_MESSAGES.RETRY_MAX_DELAY_TOO_HIGH)
+        .optional(),
+    retryOnStatuses: zod_1.z
+        .array(zod_1.z.number().int().min(100).max(599))
+        .optional(),
+    retryOnNetworkError: zod_1.z.boolean().optional(),
+});
+// Lead payload validation
+exports.LeadPayloadSchema = zod_1.z.object({
+    clickId: zod_1.z
+        .string()
+        .min(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.CLICK_ID.MIN)
+        .max(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.CLICK_ID.MAX)
+        .optional(),
+    eventName: zod_1.z
+        .string()
+        .min(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.EVENT_NAME.MIN, constants_1.ERROR_MESSAGES.EVENT_NAME_REQUIRED)
+        .max(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.EVENT_NAME.MAX, constants_1.ERROR_MESSAGES.EVENT_NAME_TOO_LONG),
+    customerExternalId: zod_1.z
+        .string()
+        .min(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.CUSTOMER_EXTERNAL_ID.MIN, constants_1.ERROR_MESSAGES.CUSTOMER_EXTERNAL_ID_REQUIRED)
+        .max(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.CUSTOMER_EXTERNAL_ID.MAX, constants_1.ERROR_MESSAGES.CUSTOMER_EXTERNAL_ID_TOO_LONG),
+    timestamp: zod_1.z
+        .string()
+        .datetime()
+        .optional(),
+    customerId: zod_1.z
+        .string()
+        .max(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.CUSTOMER_ID.MAX)
+        .optional(),
+    customerName: zod_1.z
+        .string()
+        .max(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.CUSTOMER_NAME.MAX)
+        .optional(),
+    customerEmail: zod_1.z
+        .string()
+        .email(constants_1.ERROR_MESSAGES.CUSTOMER_EMAIL_INVALID)
+        .max(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.CUSTOMER_EMAIL.MAX, constants_1.ERROR_MESSAGES.CUSTOMER_EMAIL_TOO_LONG)
+        .optional(),
+    customerAvatar: zod_1.z
+        .string()
+        .url(constants_1.ERROR_MESSAGES.CUSTOMER_AVATAR_INVALID)
+        .optional(),
+    mode: zod_1.z
+        .enum(["deferred"])
+        .optional(),
+});
+// Sale payload validation
+exports.SalePayloadSchema = zod_1.z.object({
+    clickId: zod_1.z
+        .string()
+        .min(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.CLICK_ID.MIN)
+        .max(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.CLICK_ID.MAX)
+        .optional(),
+    eventName: zod_1.z
+        .string()
+        .optional(),
+    invoiceId: zod_1.z
+        .string()
+        .min(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.INVOICE_ID.MIN, constants_1.ERROR_MESSAGES.INVOICE_ID_REQUIRED)
+        .max(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.INVOICE_ID.MAX, constants_1.ERROR_MESSAGES.INVOICE_ID_TOO_LONG),
+    amount: zod_1.z
+        .number()
+        .int()
+        .min(constants_1.VALIDATION_CONSTRAINTS.AMOUNT.MIN, constants_1.ERROR_MESSAGES.AMOUNT_NEGATIVE),
+    currency: zod_1.z
+        .string()
+        .length(constants_1.VALIDATION_CONSTRAINTS.CURRENCY.LENGTH, constants_1.ERROR_MESSAGES.CURRENCY_INVALID_LENGTH)
+        .regex(constants_1.VALIDATION_CONSTRAINTS.CURRENCY.PATTERN, constants_1.ERROR_MESSAGES.CURRENCY_INVALID_FORMAT)
+        .optional(),
+    timestamp: zod_1.z
+        .string()
+        .datetime()
+        .optional(),
+    customerId: zod_1.z
+        .string()
+        .max(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.CUSTOMER_ID.MAX)
+        .optional(),
+    customerExternalId: zod_1.z
+        .string()
+        .max(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.CUSTOMER_EXTERNAL_ID.MAX)
+        .optional(),
+    customerName: zod_1.z
+        .string()
+        .max(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.CUSTOMER_NAME.MAX)
+        .optional(),
+    customerEmail: zod_1.z
+        .string()
+        .email(constants_1.ERROR_MESSAGES.CUSTOMER_EMAIL_INVALID)
+        .max(constants_1.VALIDATION_CONSTRAINTS.STRING_FIELDS.CUSTOMER_EMAIL.MAX, constants_1.ERROR_MESSAGES.CUSTOMER_EMAIL_TOO_LONG)
+        .optional(),
+    mode: zod_1.z
+        .enum(["deferred"])
+        .optional(),
+});
+/**
+ * Validates input data and throws detailed error if invalid
+ */
+function validateLeadPayload(data) {
+    return exports.LeadPayloadSchema.parse(data);
+}
+function validateSalePayload(data) {
+    return exports.SalePayloadSchema.parse(data);
+}
+function validateCMSConfig(data) {
+    return exports.CMSConfigSchema.parse(data);
+}
+/**
+ * Sanitizes sensitive data for logging/errors
+ * Removes API keys, tokens, and other credentials
+ */
+function sanitizeForLogging(obj) {
+    if (!obj || typeof obj !== "object") {
+        return obj;
+    }
+    if (Array.isArray(obj)) {
+        return obj.map((item) => sanitizeForLogging(item));
+    }
+    const sanitized = {};
+    for (const [key, value] of Object.entries(obj)) {
+        const lowerKey = key.toLowerCase();
+        // Mask sensitive field names
+        if (constants_1.SENSITIVE_FIELDS.PATTERNS.some((field) => lowerKey.includes(field))) {
+            sanitized[key] = typeof value === "string" ? constants_1.SENSITIVE_FIELDS.REDACTION_PLACEHOLDER : value;
+        }
+        else if (typeof value === "object" && value !== null) {
+            sanitized[key] = sanitizeForLogging(value);
+        }
+        else {
+            sanitized[key] = value;
+        }
+    }
+    return sanitized;
+}
+/**
+ * Redacts API key from error messages
+ */
+function redactApiKey(message, apiKey) {
+    if (!apiKey)
+        return message;
+    // Replace the full key and common patterns
+    const patterns = [
+        apiKey,
+        apiKey.substring(0, 3) + "***" + apiKey.substring(apiKey.length - 3),
+    ];
+    let result = message;
+    for (const pattern of patterns) {
+        result = result.replace(new RegExp(pattern, "g"), constants_1.SENSITIVE_FIELDS.API_KEY_REDACTION);
+    }
+    return result;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vigneshreddy/cms-sdk",
-  "version": "1.0.13",
+  "version": "1.0.15",
   "description": "Official TypeScript SDK for CutMeShort CMS API",
   "main": "dist/src/index.js",
   "types": "dist/src/index.d.ts",
@@ -17,7 +17,9 @@
   ],
   "scripts": {
     "build": "tsc -p tsconfig.json",
-    "test": "vitest"
+    "test": "vitest",
+    "audit": "npm audit --audit-level=moderate",
+    "security-check": "npm audit && npm ls"
   },
   "keywords": [
     "cutmeshort",
@@ -42,6 +44,9 @@
   },
   "author": "Vignesh Reddy",
   "license": "MIT",
+  "dependencies": {
+    "zod": "^3.22.0"
+  },
   "devDependencies": {
     "typescript": "^5.7.0",
     "vitest": "^4.0.18"