dphelper 3.3.10 → 3.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +37 -0
- package/index.cjs +1 -1
- package/index.js +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -42,6 +42,10 @@ Think of it as your **universal toolbox** - from DOM manipulation to cryptograph
|
|
|
42
42
|
- **🌐 Universal** - Works in browser, Node.js, Bun, and Deno.
|
|
43
43
|
- **🔒 Type-Safe** - Full TypeScript definitions auto-generated for every tool.
|
|
44
44
|
- **📦 Tiny Bundle** - Only ~171KB minified, tree-shakeable.
|
|
45
|
+
- **🔐 Security First** - NIST/NSA compliant, CNSA algorithms, PBKDF2 310k iterations
|
|
46
|
+
|
|
47
|
+
> [!NOTE]
|
|
48
|
+
> **Network Access:** This library includes networking primitives (`fetch`, `sse`, `socket`) by design for modern web development. Callers are responsible for validating and sanitizing URLs before use. See the [Security](#security) section for best practices.
|
|
45
49
|
|
|
46
50
|
> *"dphelper is what you'd build if you combined lodash, socket.io, and an AI SDK - but lighter."*
|
|
47
51
|
|
|
@@ -360,6 +364,39 @@ Manage your `dphelper` environment, monitor memory usage, and access documentati
|
|
|
360
364
|
|
|
361
365
|
---
|
|
362
366
|
|
|
367
|
+
## Security
|
|
368
|
+
|
|
369
|
+
dphelper follows **NIST SP 800-53** and **NSA** security standards:
|
|
370
|
+
|
|
371
|
+
### Cryptography (CNSA Compliant)
|
|
372
|
+
- **AES-256-GCM** encryption
|
|
373
|
+
- **SHA-256** only (SHA-1 deprecated)
|
|
374
|
+
- **PBKDF2** with 310,000 iterations (OWASP 2023)
|
|
375
|
+
|
|
376
|
+
### Network Security
|
|
377
|
+
- HTTPS required for `fetch` and `SSE`
|
|
378
|
+
- TLS enforced for `socket` (wss:// only)
|
|
379
|
+
- URL validation built-in
|
|
380
|
+
|
|
381
|
+
> [!IMPORTANT]
|
|
382
|
+
> **For Library Users:** Network functions require **input validation** by the caller. Always sanitize URLs before passing to dphelper networking tools.
|
|
383
|
+
|
|
384
|
+
```javascript
|
|
385
|
+
// Correct
|
|
386
|
+
const safeUrl = dphelper.sanitize.url(userInput);
|
|
387
|
+
await dphelper.fetch.get(safeUrl);
|
|
388
|
+
|
|
389
|
+
// Never do this
|
|
390
|
+
await dphelper.fetch.get(userInput); // ❌ Unvalidated
|
|
391
|
+
```
|
|
392
|
+
|
|
393
|
+
### Compliance
|
|
394
|
+
- 100% NIST/NSA compliant (v3.5.0)
|
|
395
|
+
- No known vulnerabilities
|
|
396
|
+
- Automated security scanning in CI
|
|
397
|
+
|
|
398
|
+
---
|
|
399
|
+
|
|
363
400
|
## License
|
|
364
401
|
|
|
365
402
|
MIT License
|