npm - fieldshield - Versions diffs - 1.0.1 → 1.1.0 - Mend

fieldshield 1.0.1 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/CHANGELOG.md +27 -0
package/README.md +5 -43
package/dist/assets/fieldshield.css +1 -1
package/dist/fieldshield.js +254 -239
package/dist/fieldshield.umd.cjs +4 -4
package/package.json +1 -1
package/dist/assets/fieldshield.worker.js +0 -1

package/CHANGELOG.md CHANGED Viewed

@@ -11,6 +11,33 @@ Pattern updates are **minor releases**, not patches. A new pattern could start f
 ---
+## [1.1.0] — 2026-04-08
+### Fixed
+- **Worker instantiation** (`useFieldShield.ts`) — replaced `new URL("../workers/fieldshield.worker.ts", import.meta.url)` with a blob URL via Vite's `?worker&inline` import. The previous approach referenced the TypeScript source file which does not exist in the published npm package, causing a runtime worker failure for all npm consumers. The worker is now compiled and inlined into `fieldshield.js` at build time; no separate worker file, no bundler configuration required.
+- **CSS cursor drift** (`fieldshield.css`) — added `letter-spacing: 0`, `word-spacing: 0`, and `font-weight: inherit` to `.fieldshield-mask-layer`, `.fieldshield-real-input`, and `.fieldshield-grow`. Without these, consumer stylesheets that set non-zero letter or word spacing on a parent element would cascade unevenly into both overlay layers, causing the cursor to appear offset from the displayed masked text.
+### Changed
+- **`CREDIT_CARD` pattern** — broadened Mastercard prefix from `5[1-5]` to `5\d` to cover all IIN ranges; added `6\d{3}` variant for Discover and UnionPay cards. Luhn validation is still recommended post-match in production.
+### Documentation
+- Updated **Framework compatibility** section — the worker is now bundled inline; no per-bundler configuration (worker-loader, publicPath) is needed for any framework.
+- Updated **CSP section** — `worker-src 'self' blob:` is now **required** (not optional). The `blob:` source is mandatory for the inlined worker to load.
+---
+## [1.0.1] — 2026-04-07
+### Fixed
+- Corrected repository URL, homepage, and bugs URL in `package.json` — links now point to the correct GitHub repository.
+- Updated `author` field in `package.json`.
+---
 ## [1.0.0] — 2026
 Initial public release.

package/README.md CHANGED Viewed

@@ -67,53 +67,15 @@ import "fieldshield/dist/assets/fieldshield.css";
 ## Framework compatibility
-FieldShield uses the `new URL('./fieldshield.worker.ts', import.meta.url)` pattern to instantiate its Web Worker. This is supported natively in Vite and in Webpack 5+ with no additional configuration.
+FieldShield's Web Worker is compiled and inlined into the bundle at build time. **No bundler configuration is required** — the worker loads via a blob URL embedded in `fieldshield.js`, so there is no separate worker file to serve or configure.
-### Vite
+### Vite, Webpack 5, Parcel, esbuild, Rollup
 Works out of the box. No configuration required.
-### Webpack 5
-Works out of the box with Webpack 5's built-in Web Worker support.
-### Webpack 4
-Requires `worker-loader`:
-```bash
-npm install --save-dev worker-loader
-```
-```js
-// webpack.config.js
-module.exports = {
-  module: {
-    rules: [
-      {
-        test: /\.worker\.ts$/,
-        use: { loader: "worker-loader" },
-      },
-    ],
-  },
-};
-```
 ### Next.js
-Next.js requires explicit worker configuration. Add the following to `next.config.js`:
-```js
-// next.config.js
-module.exports = {
-  webpack(config) {
-    config.output.publicPath = "/_next/";
-    return config;
-  },
-};
-```
-If you encounter issues with the worker URL resolution in Next.js, use the `NEXT_PUBLIC_` environment variable pattern to set the base URL explicitly, or open an issue — Next.js worker support is an active area of improvement.
+No webpack configuration needed. The blob URL approach works in Next.js without any changes to `next.config.js`.
 ### Server-Side Rendering (SSR)
@@ -828,11 +790,11 @@ FieldShield's worker isolation guarantee can be enforced at the infrastructure l
 ```
 Content-Security-Policy:
-  worker-src 'self';
+  worker-src 'self' blob:;
   script-src 'self';
 ```
-**`worker-src 'self' blob:`** — restricts Web Workers to same-origin scripts and blob URLs. The `blob:` source is required if you use the pre-compiled worker option (v1.1 roadmap). If you are certain you will only ever use the default source-file worker, `worker-src 'self'` without `blob:` is stricter.
+**`worker-src 'self' blob:`** — the `blob:` source is **required**. FieldShield's worker loads via a blob URL embedded in the bundle; without it the worker will be blocked by CSP and the field will fall back to `a11yMode`.
 **`script-src 'self'`** — restricts all script execution to same-origin. Combined with `worker-src`, this ensures neither the main thread nor the worker can load or execute scripts from external origins.

package/dist/assets/fieldshield.css CHANGED Viewed

	@@ -1 +1 @@
1	- :root{--fieldshield-font-family: inherit;--fieldshield-font-size: .9375rem;--fieldshield-line-height: 1.5;--fieldshield-padding-y: .5rem;--fieldshield-padding-x: .75rem;--fieldshield-gap: .375rem;--fieldshield-findings-gap: .375rem;--fieldshield-min-height: 2.5rem;--fieldshield-border-radius: .375rem;--fieldshield-tag-border-radius: .25rem;--fieldshield-bg: #ffffff;--fieldshield-border-color: #d1d5db;--fieldshield-border-color-focus: #3b82f6;--fieldshield-text-color: #111827;--fieldshield-placeholder-color: #9ca3af;--fieldshield-label-color: #374151;--fieldshield-caret-color: #111827;--fieldshield-unsafe-border-color: #f59e0b;--fieldshield-unsafe-bg: #fffbeb;--fieldshield-unsafe-focus-ring: #f59e0b;--fieldshield-warning-color: #92400e;--fieldshield-tag-bg: #fde68a;--fieldshield-tag-color: #78350f;--fieldshield-mask-color: #111827;--fieldshield-mask-blocked-color: #b45309;--fieldshield-focus-ring-width: 3px;--fieldshield-focus-ring-offset: 2px;--fieldshield-transition-duration: .15s;--fieldshield-transition-easing: ease-in-out}.fieldshield-container{position:relative;display:flex;flex-direction:column;gap:var(--fieldshield-gap);width:100%;font-family:var(--fieldshield-font-family);font-size:var(--fieldshield-font-size);line-height:var(--fieldshield-line-height)}.fieldshield-label{display:block;color:var(--fieldshield-label-color);font-weight:500;cursor:default;-webkit-user-select:none;user-select:none}.fieldshield-field-wrapper{position:relative;min-height:var(--fieldshield-min-height);border:1px solid var(--fieldshield-border-color);border-radius:var(--fieldshield-border-radius);background-color:var(--fieldshield-bg);transition:border-color var(--fieldshield-transition-duration) var(--fieldshield-transition-easing),background-color var(--fieldshield-transition-duration) var(--fieldshield-transition-easing),box-shadow var(--fieldshield-transition-duration) var(--fieldshield-transition-easing)}.fieldshield-mask-layer{position:absolute;inset:0;display:flex;align-items:center;padding:var(--fieldshield-padding-y) var(--fieldshield-padding-x);color:var(--fieldshield-mask-color);font-family:var(--fieldshield-font-family);font-size:var(--fieldshield-font-size);line-height:var(--fieldshield-line-height);white-space:pre-wrap;word-break:break-all;pointer-events:none;-webkit-user-select:none;user-select:none;overflow:hidden}.fieldshield-field-wrapper:has(textarea) .fieldshield-mask-layer{display:block;align-items:normal}.fieldshield-mask-layer .fieldshield-blocked{color:var(--fieldshield-mask-blocked-color)}.fieldshield-placeholder{color:var(--fieldshield-placeholder-color);font-style:normal}.fieldshield-mask-unsafe{background-color:var(--fieldshield-unsafe-bg)}.fieldshield-grow{visibility:hidden;display:block;width:100%;min-height:var(--fieldshield-min-height);padding:var(--fieldshield-padding-y) var(--fieldshield-padding-x);font-family:var(--fieldshield-font-family);font-size:var(--fieldshield-font-size);line-height:var(--fieldshield-line-height);white-space:pre-wrap;word-break:break-all;pointer-events:none;-webkit-user-select:none;user-select:none;box-sizing:border-box}.fieldshield-field-wrapper:has(textarea){overflow:visible}.fieldshield-real-input{position:absolute;inset:0;width:100%;height:100%;padding:var(--fieldshield-padding-y) var(--fieldshield-padding-x);font-family:var(--fieldshield-font-family);font-size:var(--fieldshield-font-size);line-height:var(--fieldshield-line-height);color:transparent;caret-color:var(--fieldshield-caret-color);background:transparent;border:none;border-radius:var(--fieldshield-border-radius);outline:none;resize:none;cursor:text}.fieldshield-real-input::selection{color:transparent;background-color:color-mix(in srgb,var(--fieldshield-border-color-focus) 30%,transparent)}.fieldshield-a11y-input{display:block;width:100%;min-height:var(--fieldshield-min-height);padding:var(--fieldshield-padding-y) var(--fieldshield-padding-x);font-family:var(--fieldshield-font-family);font-size:var(--fieldshield-font-size);line-height:var(--fieldshield-line-height);color:var(--fieldshield-text-color);background-color:var(--fieldshield-bg);border:1px solid var(--fieldshield-border-color);border-radius:var(--fieldshield-border-radius);outline:none;box-sizing:border-box;transition:border-color var(--fieldshield-transition-duration) var(--fieldshield-transition-easing),box-shadow var(--fieldshield-transition-duration) var(--fieldshield-transition-easing)}.fieldshield-a11y-input::placeholder{color:var(--fieldshield-placeholder-color)}.fieldshield-findings{display:flex;flex-wrap:wrap;align-items:center;gap:var(--fieldshield-findings-gap);min-height:0;font-size:.8125rem;line-height:1.4}.fieldshield-warning-icon{color:var(--fieldshield-warning-color);flex-shrink:0}.fieldshield-warning-text{color:var(--fieldshield-warning-color);font-weight:500}.fieldshield-tag{display:inline-flex;align-items:center;padding:.125rem .4375rem;background-color:var(--fieldshield-tag-bg);color:var(--fieldshield-tag-color);border-radius:var(--fieldshield-tag-border-radius);font-size:.75rem;font-weight:600;letter-spacing:.02em;white-space:nowrap}.fieldshield-sr-only:not(:focus):not(:active){position:absolute;width:1px;height:1px;margin:-1px;padding:0;overflow:hidden;clip:rect(0,0,0,0);clip-path:inset(50%);white-space:nowrap;border-width:0}.fieldshield-field-wrapper:has(input[aria-invalid=true]),.fieldshield-a11y-input[aria-invalid=true]{border-color:var(--fieldshield-unsafe-border-color);background-color:var(--fieldshield-unsafe-bg)}.fieldshield-field-wrapper:focus-within{border-color:var(--fieldshield-border-color-focus);box-shadow:0 0 0 var(--fieldshield-focus-ring-width) color-mix(in srgb,var(--fieldshield-border-color-focus) 25%,transparent);outline:none}.fieldshield-field-wrapper:has(input[aria-invalid=true]):focus-within{border-color:var(--fieldshield-unsafe-focus-ring);box-shadow:0 0 0 var(--fieldshield-focus-ring-width) color-mix(in srgb,var(--fieldshield-unsafe-focus-ring) 25%,transparent)}.fieldshield-a11y-input:focus{border-color:var(--fieldshield-border-color-focus);box-shadow:0 0 0 var(--fieldshield-focus-ring-width) color-mix(in srgb,var(--fieldshield-border-color-focus) 25%,transparent);outline:none}.fieldshield-a11y-input[aria-invalid=true]:focus{border-color:var(--fieldshield-unsafe-focus-ring);box-shadow:0 0 0 var(--fieldshield-focus-ring-width) color-mix(in srgb,var(--fieldshield-unsafe-focus-ring) 25%,transparent)}@media(prefers-color-scheme:dark){:root{--fieldshield-bg: #1f2937;--fieldshield-border-color: #4b5563;--fieldshield-border-color-focus: #60a5fa;--fieldshield-text-color: #f9fafb;--fieldshield-placeholder-color: #6b7280;--fieldshield-label-color: #d1d5db;--fieldshield-caret-color: #f9fafb;--fieldshield-mask-color: #f9fafb;--fieldshield-unsafe-border-color: #d97706;--fieldshield-unsafe-bg: #1c1508;--fieldshield-unsafe-focus-ring: #d97706;--fieldshield-warning-color: #fbbf24;--fieldshield-tag-bg: #451a03;--fieldshield-tag-color: #fde68a;--fieldshield-mask-blocked-color: #d97706}}@media(forced-colors:active){.fieldshield-field-wrapper,.fieldshield-a11y-input{border:2px solid ButtonText;forced-color-adjust:auto}.fieldshield-field-wrapper:focus-within,.fieldshield-a11y-input:focus{outline:3px solid Highlight;outline-offset:var(--fieldshield-focus-ring-offset);box-shadow:none}.fieldshield-real-input{caret-color:ButtonText}.fieldshield-tag{border:1px solid ButtonText;background-color:Canvas;color:ButtonText}.fieldshield-warning-icon,.fieldshield-warning-text{color:ButtonText}}@media(prefers-reduced-motion:reduce){.fieldshield-field-wrapper,.fieldshield-a11y-input{transition:none}}[data-disabled] .fieldshield-field-wrapper,[data-disabled] .fieldshield-a11y-input{opacity:.5;cursor:not-allowed;pointer-events:none}[data-disabled] .fieldshield-label{opacity:.5;cursor:not-allowed}[data-disabled] .fieldshield-mask-layer{cursor:not-allowed}
1	+ :root{--fieldshield-font-family: inherit;--fieldshield-font-size: .9375rem;--fieldshield-line-height: 1.5;--fieldshield-padding-y: .5rem;--fieldshield-padding-x: .75rem;--fieldshield-gap: .375rem;--fieldshield-findings-gap: .375rem;--fieldshield-min-height: 2.5rem;--fieldshield-border-radius: .375rem;--fieldshield-tag-border-radius: .25rem;--fieldshield-bg: #ffffff;--fieldshield-border-color: #d1d5db;--fieldshield-border-color-focus: #3b82f6;--fieldshield-text-color: #111827;--fieldshield-placeholder-color: #9ca3af;--fieldshield-label-color: #374151;--fieldshield-caret-color: #111827;--fieldshield-unsafe-border-color: #f59e0b;--fieldshield-unsafe-bg: #fffbeb;--fieldshield-unsafe-focus-ring: #f59e0b;--fieldshield-warning-color: #92400e;--fieldshield-tag-bg: #fde68a;--fieldshield-tag-color: #78350f;--fieldshield-mask-color: #111827;--fieldshield-mask-blocked-color: #b45309;--fieldshield-focus-ring-width: 3px;--fieldshield-focus-ring-offset: 2px;--fieldshield-transition-duration: .15s;--fieldshield-transition-easing: ease-in-out}.fieldshield-container{position:relative;display:flex;flex-direction:column;gap:var(--fieldshield-gap);width:100%;font-family:var(--fieldshield-font-family);font-size:var(--fieldshield-font-size);line-height:var(--fieldshield-line-height)}.fieldshield-label{display:block;color:var(--fieldshield-label-color);font-weight:500;cursor:default;-webkit-user-select:none;user-select:none}.fieldshield-field-wrapper{position:relative;min-height:var(--fieldshield-min-height);border:1px solid var(--fieldshield-border-color);border-radius:var(--fieldshield-border-radius);background-color:var(--fieldshield-bg);transition:border-color var(--fieldshield-transition-duration) var(--fieldshield-transition-easing),background-color var(--fieldshield-transition-duration) var(--fieldshield-transition-easing),box-shadow var(--fieldshield-transition-duration) var(--fieldshield-transition-easing)}.fieldshield-mask-layer{position:absolute;inset:0;display:flex;align-items:center;padding:var(--fieldshield-padding-y) var(--fieldshield-padding-x);color:var(--fieldshield-mask-color);font-family:var(--fieldshield-font-family);font-size:var(--fieldshield-font-size);font-weight:inherit;line-height:var(--fieldshield-line-height);letter-spacing:0;word-spacing:0;white-space:pre-wrap;word-break:break-all;pointer-events:none;-webkit-user-select:none;user-select:none;overflow:hidden}.fieldshield-field-wrapper:has(textarea) .fieldshield-mask-layer{display:block;align-items:normal}.fieldshield-mask-layer .fieldshield-blocked{color:var(--fieldshield-mask-blocked-color)}.fieldshield-placeholder{color:var(--fieldshield-placeholder-color);font-style:normal}.fieldshield-mask-unsafe{background-color:var(--fieldshield-unsafe-bg)}.fieldshield-grow{visibility:hidden;display:block;width:100%;min-height:var(--fieldshield-min-height);padding:var(--fieldshield-padding-y) var(--fieldshield-padding-x);font-family:var(--fieldshield-font-family);font-size:var(--fieldshield-font-size);font-weight:inherit;line-height:var(--fieldshield-line-height);letter-spacing:0;word-spacing:0;white-space:pre-wrap;word-break:break-all;pointer-events:none;-webkit-user-select:none;user-select:none;box-sizing:border-box}.fieldshield-field-wrapper:has(textarea){overflow:visible}.fieldshield-real-input{position:absolute;inset:0;width:100%;height:100%;padding:var(--fieldshield-padding-y) var(--fieldshield-padding-x);font-family:var(--fieldshield-font-family);font-size:var(--fieldshield-font-size);font-weight:inherit;line-height:var(--fieldshield-line-height);letter-spacing:0;word-spacing:0;color:transparent;caret-color:var(--fieldshield-caret-color);background:transparent;border:none;border-radius:var(--fieldshield-border-radius);outline:none;resize:none;cursor:text}.fieldshield-real-input::selection{color:transparent;background-color:color-mix(in srgb,var(--fieldshield-border-color-focus) 30%,transparent)}.fieldshield-a11y-input{display:block;width:100%;min-height:var(--fieldshield-min-height);padding:var(--fieldshield-padding-y) var(--fieldshield-padding-x);font-family:var(--fieldshield-font-family);font-size:var(--fieldshield-font-size);line-height:var(--fieldshield-line-height);color:var(--fieldshield-text-color);background-color:var(--fieldshield-bg);border:1px solid var(--fieldshield-border-color);border-radius:var(--fieldshield-border-radius);outline:none;box-sizing:border-box;transition:border-color var(--fieldshield-transition-duration) var(--fieldshield-transition-easing),box-shadow var(--fieldshield-transition-duration) var(--fieldshield-transition-easing)}.fieldshield-a11y-input::placeholder{color:var(--fieldshield-placeholder-color)}.fieldshield-findings{display:flex;flex-wrap:wrap;align-items:center;gap:var(--fieldshield-findings-gap);min-height:0;font-size:.8125rem;line-height:1.4}.fieldshield-warning-icon{color:var(--fieldshield-warning-color);flex-shrink:0}.fieldshield-warning-text{color:var(--fieldshield-warning-color);font-weight:500}.fieldshield-tag{display:inline-flex;align-items:center;padding:.125rem .4375rem;background-color:var(--fieldshield-tag-bg);color:var(--fieldshield-tag-color);border-radius:var(--fieldshield-tag-border-radius);font-size:.75rem;font-weight:600;letter-spacing:.02em;white-space:nowrap}.fieldshield-sr-only:not(:focus):not(:active){position:absolute;width:1px;height:1px;margin:-1px;padding:0;overflow:hidden;clip:rect(0,0,0,0);clip-path:inset(50%);white-space:nowrap;border-width:0}.fieldshield-field-wrapper:has(input[aria-invalid=true]),.fieldshield-a11y-input[aria-invalid=true]{border-color:var(--fieldshield-unsafe-border-color);background-color:var(--fieldshield-unsafe-bg)}.fieldshield-field-wrapper:focus-within{border-color:var(--fieldshield-border-color-focus);box-shadow:0 0 0 var(--fieldshield-focus-ring-width) color-mix(in srgb,var(--fieldshield-border-color-focus) 25%,transparent);outline:none}.fieldshield-field-wrapper:has(input[aria-invalid=true]):focus-within{border-color:var(--fieldshield-unsafe-focus-ring);box-shadow:0 0 0 var(--fieldshield-focus-ring-width) color-mix(in srgb,var(--fieldshield-unsafe-focus-ring) 25%,transparent)}.fieldshield-a11y-input:focus{border-color:var(--fieldshield-border-color-focus);box-shadow:0 0 0 var(--fieldshield-focus-ring-width) color-mix(in srgb,var(--fieldshield-border-color-focus) 25%,transparent);outline:none}.fieldshield-a11y-input[aria-invalid=true]:focus{border-color:var(--fieldshield-unsafe-focus-ring);box-shadow:0 0 0 var(--fieldshield-focus-ring-width) color-mix(in srgb,var(--fieldshield-unsafe-focus-ring) 25%,transparent)}@media(prefers-color-scheme:dark){:root{--fieldshield-bg: #1f2937;--fieldshield-border-color: #4b5563;--fieldshield-border-color-focus: #60a5fa;--fieldshield-text-color: #f9fafb;--fieldshield-placeholder-color: #6b7280;--fieldshield-label-color: #d1d5db;--fieldshield-caret-color: #f9fafb;--fieldshield-mask-color: #f9fafb;--fieldshield-unsafe-border-color: #d97706;--fieldshield-unsafe-bg: #1c1508;--fieldshield-unsafe-focus-ring: #d97706;--fieldshield-warning-color: #fbbf24;--fieldshield-tag-bg: #451a03;--fieldshield-tag-color: #fde68a;--fieldshield-mask-blocked-color: #d97706}}@media(forced-colors:active){.fieldshield-field-wrapper,.fieldshield-a11y-input{border:2px solid ButtonText;forced-color-adjust:auto}.fieldshield-field-wrapper:focus-within,.fieldshield-a11y-input:focus{outline:3px solid Highlight;outline-offset:var(--fieldshield-focus-ring-offset);box-shadow:none}.fieldshield-real-input{caret-color:ButtonText}.fieldshield-tag{border:1px solid ButtonText;background-color:Canvas;color:ButtonText}.fieldshield-warning-icon,.fieldshield-warning-text{color:ButtonText}}@media(prefers-reduced-motion:reduce){.fieldshield-field-wrapper,.fieldshield-a11y-input{transition:none}}[data-disabled] .fieldshield-field-wrapper,[data-disabled] .fieldshield-a11y-input{opacity:.5;cursor:not-allowed;pointer-events:none}[data-disabled] .fieldshield-label{opacity:.5;cursor:not-allowed}[data-disabled] .fieldshield-mask-layer{cursor:not-allowed}

package/dist/fieldshield.js CHANGED Viewed

@@ -1,5 +1,5 @@
-import { jsxs as D, jsx as d, Fragment as le } from "react/jsx-runtime";
-import { useState as G, useRef as M, useEffect as ee, useCallback as z, forwardRef as he, useId as ge, useImperativeHandle as me } from "react";
+import { jsxs as O, jsx as o, Fragment as le } from "react/jsx-runtime";
+import { useState as K, useRef as Z, useEffect as ee, useCallback as M, forwardRef as be, useId as me, useImperativeHandle as Se } from "react";
 const te = Object.freeze({
   // ── AI / Cloud credentials ────────────────────────────────────────────────
   /**
@@ -79,7 +79,7 @@ const te = Object.freeze({
   //
   // IBAN was moved to OPT_IN_PATTERNS — see that export for the rationale.
   /**
-   * Visa, Mastercard, and American Express — with optional space or hyphen
+   * Visa, Mastercard, Discover and American Express — with optional space or hyphen
    * separators between digit groups.
    *
    * Previous pattern required consecutive digits, missing the most common
@@ -87,7 +87,8 @@ const te = Object.freeze({
    *
    * Matches:
    *   Visa 16-digit:   `4111111111111111` / `4111 1111 1111 1111` / `4111-1111-1111-1111`
-   *   Mastercard:      `5500005555555559` / `5500 0055 5555 5559`
+   *   Mastercard 16-digit:    `5500005555555559` / `5500 0055 5555 5559`
+   *   Discover 16-digit:    `6500005555555559` / `6500 0055 5555 5559`
    *   Amex 15-digit:   `378282246310005`  / `3782 822463 10005`
    *
    * Does not run a Luhn checksum — add post-match validation in production
@@ -95,7 +96,8 @@ const te = Object.freeze({
    */
   CREDIT_CARD: [
     "\\b4\\d{3}[-\\s]?\\d{4}[-\\s]?\\d{4}[-\\s]?\\d{4}\\b",
-    "\\b5[1-5]\\d{2}[-\\s]?\\d{4}[-\\s]?\\d{4}[-\\s]?\\d{4}\\b",
+    "\\b5\\d{3}[-\\s]?\\d{4}[-\\s]?\\d{4}[-\\s]?\\d{4}\\b",
+    "\\b6\\d{3}[-\\s]?\\d{4}[-\\s]?\\d{4}[-\\s]?\\d{4}\\b",
     "\\b3[47]\\d{2}[-\\s]?\\d{6}[-\\s]?\\d{5}\\b"
   ].join("|"),
   /**
@@ -223,7 +225,7 @@ const te = Object.freeze({
    *   `QQ 12 34 56 A`   valid prefix
    */
   UK_NIN: "\\b[A-CEGHJ-PR-TW-Z][A-CEGHJ-NPR-TW-Z]\\s?\\d{2}\\s?\\d{2}\\s?\\d{2}\\s?[A-D]\\b"
-}), ye = Object.freeze({
+}), we = Object.freeze({
   /**
    * International Bank Account Number (IBAN) — with or without spaces.
    *
@@ -343,33 +345,46 @@ const te = Object.freeze({
    *   IN:  1 letter + 7 digits   e.g. `A1234567`
    */
   PASSPORT_NUMBER: "\\b[A-Z]{1,2}[0-9]{6,9}\\b"
-}), ce = 3e3, be = 1e5, de = (i) => Object.fromEntries(i.map((n) => [n.name, n.regex])), Se = (i = [], n = be, v, h) => {
-  const [A, g] = G(""), [$, O] = G([]), [N, S] = G(!1), s = M(null), I = JSON.stringify(i);
+}), ue = '(function(){"use strict";let l={},c={},n="";const i=(s,e)=>{const t={};for(const[a,o]of Object.entries(s))try{t[a]=new RegExp(o,"gi")}catch{console.warn(`[FieldShield] Skipping invalid ${e} pattern "${a}".`)}return t},d=s=>{let e=s;const t=[],a={...l,...c};for(const[o,r]of Object.entries(a))r.lastIndex=0,r.test(s)&&(t.push(o),r.lastIndex=0,e=e.replace(r,p=>"█".repeat(p.length)));return{masked:e,findings:[...new Set(t)]}};self.onmessage=s=>{const e=s.data;switch(e.type){case"CONFIG":{l=i(e.payload.defaultPatterns,"default"),c=i(e.payload.customPatterns,"custom");break}case"PROCESS":{n=e.payload.text;const{masked:t,findings:a}=d(n);self.postMessage({type:"UPDATE",masked:t,findings:a});break}case"GET_TRUTH":{const t=s.ports[0];t?t.postMessage({text:n}):console.warn("[FieldShield] GET_TRUTH received with no MessagePort — caller will time out. Pass port2 via the transfer array.");break}case"PURGE":{n="",self.postMessage({type:"PURGED"});break}default:{console.warn(`[FieldShield] Worker received unknown message type: "${e.type}"`);break}}}})();\n', ce = typeof self < "u" && self.Blob && new Blob(["(self.URL || self.webkitURL).revokeObjectURL(self.location.href);", ue], { type: "text/javascript;charset=utf-8" });
+function ve(n) {
+  let t;
+  try {
+    if (t = ce && (self.URL || self.webkitURL).createObjectURL(ce), !t) throw "";
+    const d = new Worker(t, {
+      name: n?.name
+    });
+    return d.addEventListener("error", () => {
+      (self.URL || self.webkitURL).revokeObjectURL(t);
+    }), d;
+  } catch {
+    return new Worker(
+      "data:text/javascript;charset=utf-8," + encodeURIComponent(ue),
+      {
+        name: n?.name
+      }
+    );
+  }
+}
+const oe = 3e3, Ee = 1e5, de = (n) => Object.fromEntries(n.map((t) => [t.name, t.regex])), ke = (n = [], t = Ee, d, g) => {
+  const [E, b] = K(""), [$, D] = K([]), [C, v] = K(!1), r = Z(null), I = JSON.stringify(n);
   ee(() => {
     let m = !1;
     try {
-      s.current = new Worker(
-        new URL(
-          /* @vite-ignore */
-          "/assets/fieldshield.worker.js",
-          import.meta.url
-        ),
-        { type: "module" }
-      );
+      r.current = new ve();
     } catch (l) {
       console.error(
         "[FieldShield] Worker failed to initialize — falling back to a11yMode.",
         l
-      ), queueMicrotask(() => S(!0));
+      ), queueMicrotask(() => v(!0));
       return;
     }
-    return s.current.onmessage = (l) => {
-      m || l.data?.type === "UPDATE" && typeof l.data.masked == "string" && Array.isArray(l.data.findings) && (g(l.data.masked), O(l.data.findings));
-    }, s.current.onerror = (l) => {
+    return r.current.onmessage = (l) => {
+      m || l.data?.type === "UPDATE" && typeof l.data.masked == "string" && Array.isArray(l.data.findings) && (b(l.data.masked), D(l.data.findings));
+    }, r.current.onerror = (l) => {
       m || (console.error(
         `[FieldShield] Worker runtime error: ${l.message ?? "unknown error"}`
-      ), g(""), O([]), h?.(l));
-    }, s.current.postMessage({
+      ), b(""), D([]), g?.(l));
+    }, r.current.postMessage({
       type: "CONFIG",
       payload: {
         defaultPatterns: te,
@@ -377,239 +392,239 @@ const te = Object.freeze({
         // Effect 2 delivers custom patterns after mount
       }
     }), () => {
-      m = !0, s.current?.terminate(), s.current = null;
+      m = !0, r.current?.terminate(), r.current = null;
     };
   }, []), ee(() => {
-    s.current && s.current.postMessage({
+    r.current && r.current.postMessage({
       type: "CONFIG",
       payload: {
         defaultPatterns: te,
-        customPatterns: de(i)
+        customPatterns: de(n)
       }
     });
   }, [I]);
-  const R = z(
-    (m) => m.length > n ? (console.warn(
-      `[FieldShield] Input length ${m.length} exceeds maxProcessLength (${n}). Keystroke blocked to prevent unprotected data beyond the limit. Raise maxProcessLength if this field requires longer input.`
-    ), v?.(m.length, n), !1) : (s.current?.postMessage({
+  const _ = M(
+    (m) => m.length > t ? (console.warn(
+      `[FieldShield] Input length ${m.length} exceeds maxProcessLength (${t}). Keystroke blocked to prevent unprotected data beyond the limit. Raise maxProcessLength if this field requires longer input.`
+    ), d?.(m.length, t), !1) : (r.current?.postMessage({
       type: "PROCESS",
       payload: { text: m }
     }), !0),
-    [n, v]
-  ), T = z(() => new Promise((m, l) => {
-    if (!s.current) {
+    [t, d]
+  ), R = M(() => new Promise((m, l) => {
+    if (!r.current) {
       m("");
       return;
     }
-    const { port1: k, port2: B } = new MessageChannel(), L = setTimeout(() => {
-      k.close(), l(
+    const { port1: w, port2: H } = new MessageChannel(), W = setTimeout(() => {
+      w.close(), l(
         new Error(
-          `[FieldShield] getSecureValue timed out after ${ce}ms.`
+          `[FieldShield] getSecureValue timed out after ${oe}ms.`
         )
       );
-    }, ce);
-    k.onmessage = (W) => {
-      clearTimeout(L), k.close(), m(W.data.text);
-    }, s.current.postMessage({ type: "GET_TRUTH" }, [B]);
-  }), []), U = z(() => {
-    s.current?.postMessage({ type: "PURGE" });
+    }, oe);
+    w.onmessage = (V) => {
+      clearTimeout(W), w.close(), m(V.data.text);
+    }, r.current.postMessage({ type: "GET_TRUTH" }, [H]);
+  }), []), L = M(() => {
+    r.current?.postMessage({ type: "PURGE" });
   }, []);
-  return { masked: A, findings: $, processText: R, getSecureValue: T, purge: U, workerFailed: N };
-}, ve = he(
+  return { masked: E, findings: $, processText: _, getSecureValue: R, purge: L, workerFailed: C };
+}, ye = be(
   ({
-    label: i,
-    type: n = "text",
-    placeholder: v,
-    customPatterns: h = [],
-    className: A,
-    style: g,
+    label: n,
+    type: t = "text",
+    placeholder: d,
+    customPatterns: g = [],
+    className: E,
+    style: b,
     onChange: $,
-    a11yMode: O = !1,
-    onSensitiveCopyAttempt: N,
-    onSensitivePaste: S,
-    onFocus: s,
+    a11yMode: D = !1,
+    onSensitiveCopyAttempt: C,
+    onSensitivePaste: v,
+    onFocus: r,
     onBlur: I,
-    disabled: R = !1,
-    required: T = !1,
-    maxLength: U,
+    disabled: _ = !1,
+    required: R = !1,
+    maxLength: L,
     rows: m = 3,
     inputMode: l = "text",
-    maxProcessLength: k = 1e5,
-    onMaxLengthExceeded: B,
-    onWorkerError: L
-  }, W) => {
+    maxProcessLength: w = 1e5,
+    onMaxLengthExceeded: H,
+    onWorkerError: W
+  }, V) => {
     const {
-      masked: V,
-      findings: Z,
-      processText: H,
-      getSecureValue: ae,
-      purge: se,
-      workerFailed: oe
-    } = Se(
-      h,
-      k,
-      B,
-      L
-    ), ue = O || oe, o = Z.length > 0, w = i ?? "Protected field", J = M(null), ne = M(null), K = M(null), u = M(""), C = ge(), _ = `${C}-warning`, j = `${C}-desc`;
-    me(
-      W,
+      masked: B,
+      findings: U,
+      processText: j,
+      getSecureValue: se,
+      purge: ae,
+      workerFailed: fe
+    } = ke(
+      g,
+      w,
+      H,
+      W
+    ), pe = D || fe, u = U.length > 0, P = n ?? "Protected field", J = Z(null), ne = Z(null), z = Z(null), f = Z(""), A = me(), T = `${A}-warning`, G = `${A}-desc`;
+    Se(
+      V,
       () => ({
-        getSecureValue: ae,
+        getSecureValue: se,
         purge: () => {
-          se(), H(""), u.current = "";
+          ae(), j(""), f.current = "";
           const e = J.current ?? ne.current;
-          e && (e.value = "", K.current && (K.current.textContent = `
+          e && (e.value = "", z.current && (z.current.textContent = `
 `));
         }
       }),
-      [ae, se, H]
+      [se, ae, j]
     ), ee(() => {
-      $?.(V, Z);
-    }, [V, Z, $]);
-    const Y = (e, t, a) => {
-      if (!H(t)) {
-        const b = u.current.replace(/[^\n]/g, "x");
-        e.value = b;
-        const f = Math.min(a, u.current.length);
-        e.setSelectionRange(f, f);
+      $?.(B, U);
+    }, [B, U, $]);
+    const Y = (e, s, a) => {
+      if (!j(s)) {
+        const S = f.current.replace(/[^\n]/g, "x");
+        e.value = S;
+        const h = Math.min(a, f.current.length);
+        e.setSelectionRange(h, h);
         return;
       }
-      u.current = t;
-      const r = t.replace(/[^\n]/g, "x");
-      e.value = r, e.setSelectionRange(a, a), K.current && (K.current.textContent = r + `
+      f.current = s;
+      const i = s.replace(/[^\n]/g, "x");
+      e.value = i, e.setSelectionRange(a, a), z.current && (z.current.textContent = i + `
 `);
     }, re = (e) => {
-      const t = e.target, a = t.value, p = t.selectionStart ?? a.length, r = u.current, b = a.length - r.length;
-      let f;
-      if (b > 0) {
-        const c = Math.max(0, p - b), E = a.slice(c, p);
-        f = r.slice(0, c) + E + r.slice(c);
-      } else if (b < 0) {
-        const c = p, E = c - b;
-        f = r.slice(0, c) + r.slice(E);
+      const s = e.target, a = s.value, p = s.selectionStart ?? a.length, i = f.current, S = a.length - i.length;
+      let h;
+      if (S > 0) {
+        const c = Math.max(0, p - S), k = a.slice(c, p);
+        h = i.slice(0, c) + k + i.slice(c);
+      } else if (S < 0) {
+        const c = p, k = c - S;
+        h = i.slice(0, c) + i.slice(k);
       } else {
-        let c = -1, E = -1;
+        let c = -1, k = -1;
         for (let y = 0; y < a.length; y++)
           a[y] !== "x" && a[y] !== `
-` && (c === -1 && (c = y), E = y + 1);
+` && (c === -1 && (c = y), k = y + 1);
         if (c !== -1) {
-          const y = a.slice(c, E);
-          f = r.slice(0, c) + y + r.slice(E);
+          const y = a.slice(c, k);
+          h = i.slice(0, c) + y + i.slice(k);
         } else
-          f = r;
+          h = i;
       }
-      Y(t, f, p);
-    }, pe = (e) => {
-      const t = e.target.value;
-      u.current = t, H(t);
+      Y(s, h, p);
+    }, he = (e) => {
+      const s = e.target.value;
+      f.current = s, j(s);
     }, X = (e) => {
       e.preventDefault();
-      const t = e.clipboardData.getData("text/plain"), a = e.target, p = a.selectionStart ?? 0, r = a.selectionEnd ?? 0, b = u.current, f = b.length - (r - p) + t.length;
-      if (f > k) {
+      const s = e.clipboardData.getData("text/plain"), a = e.target, p = a.selectionStart ?? 0, i = a.selectionEnd ?? 0, S = f.current, h = S.length - (i - p) + s.length;
+      if (h > w) {
         console.warn(
-          `[FieldShield] Paste blocked — result length ${f} would exceed maxProcessLength (${k}). DOM unchanged.`
-        ), B?.(f, k);
+          `[FieldShield] Paste blocked — result length ${h} would exceed maxProcessLength (${w}). DOM unchanged.`
+        ), H?.(h, w);
         return;
       }
-      const c = b.slice(0, p) + t + b.slice(r), E = p + t.length;
-      if (Y(a, c, E), S && t) {
+      const c = S.slice(0, p) + s + S.slice(i), k = p + s.length;
+      if (Y(a, c, k), v && s) {
         const y = [
           ...Object.entries(te),
-          ...h.map((P) => [P.name, P.regex])
+          ...g.map((N) => [N.name, N.regex])
         ], ie = [];
-        for (const [P, F] of y)
+        for (const [N, F] of y)
           try {
-            ie.push([P, new RegExp(F, "gi")]);
+            ie.push([N, new RegExp(F, "gi")]);
           } catch {
           }
         const q = [];
-        let Q = t;
-        for (const [P, F] of ie)
-          F.lastIndex = 0, F.test(t) && (q.push(P), F.lastIndex = 0, Q = Q.replace(
+        let Q = s;
+        for (const [N, F] of ie)
+          F.lastIndex = 0, F.test(s) && (q.push(N), F.lastIndex = 0, Q = Q.replace(
             F,
-            (fe) => "█".repeat(fe.length)
+            (ge) => "█".repeat(ge.length)
           ));
-        q.length > 0 && S({
+        q.length > 0 && v({
           timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-          fieldLabel: w,
+          fieldLabel: P,
           findings: [...new Set(q)],
           masked: Q,
           eventType: "paste"
-        }) === !1 && Y(a, b, p);
+        }) === !1 && Y(a, S, p);
       }
     }, x = (e) => {
       e.preventDefault();
-      const t = e.target, a = t.selectionStart ?? 0, p = t.selectionEnd ?? u.current.length, r = V.slice(a, p), b = r.includes("█");
-      if (o && b ? (e.clipboardData.setData("text/plain", r), N?.({
+      const s = e.target, a = s.selectionStart ?? 0, p = s.selectionEnd ?? f.current.length, i = B.slice(a, p), S = i.includes("█");
+      if (u && S ? (e.clipboardData.setData("text/plain", i), C?.({
         timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-        fieldLabel: w,
-        findings: [...Z],
+        fieldLabel: P,
+        findings: [...U],
         // snapshot — receiver must not hold a reference to internal state
-        masked: r,
+        masked: i,
         eventType: e.type === "cut" ? "cut" : "copy"
       })) : e.clipboardData.setData(
         "text/plain",
-        u.current.slice(a, p)
+        f.current.slice(a, p)
       ), e.type === "cut") {
-        const f = u.current.slice(0, a), c = u.current.slice(p);
-        u.current = f + c, H(u.current);
-        const E = "x".repeat(u.current.length);
-        t.value = E, t.setSelectionRange(a, a);
+        const h = f.current.slice(0, a), c = f.current.slice(p);
+        f.current = h + c, j(f.current);
+        const k = "x".repeat(f.current.length);
+        s.value = k, s.setSelectionRange(a, a);
       }
     };
-    return ue ? /* @__PURE__ */ D(
+    return pe ? /* @__PURE__ */ O(
       "div",
       {
-        className: `fieldshield-container${A ? ` ${A}` : ""}`,
-        style: g,
+        className: `fieldshield-container${E ? ` ${E}` : ""}`,
+        style: b,
         role: "group",
-        "aria-labelledby": C,
-        "data-disabled": R || void 0,
+        "aria-labelledby": A,
+        "data-disabled": _ || void 0,
         children: [
-          i && /* @__PURE__ */ d("label", { htmlFor: C, className: "fieldshield-label", children: i }),
-          /* @__PURE__ */ d("span", { id: j, className: "fieldshield-sr-only", children: "This field is protected. Sensitive data patterns will be detected and blocked from copying." }),
-          /* @__PURE__ */ d(
+          n && /* @__PURE__ */ o("label", { htmlFor: A, className: "fieldshield-label", children: n }),
+          /* @__PURE__ */ o("span", { id: G, className: "fieldshield-sr-only", children: "This field is protected. Sensitive data patterns will be detected and blocked from copying." }),
+          /* @__PURE__ */ o(
             "input",
             {
-              id: C,
+              id: A,
               ref: J,
               type: "password",
               className: "fieldshield-a11y-input",
-              placeholder: v,
-              onChange: pe,
+              placeholder: d,
+              onChange: he,
               onCopy: x,
               onCut: x,
               onPaste: X,
-              onFocus: s,
+              onFocus: r,
               onBlur: I,
-              disabled: R,
-              required: T,
-              maxLength: U,
+              disabled: _,
+              required: R,
+              maxLength: L,
               inputMode: l,
               spellCheck: !1,
               autoComplete: "off",
-              "aria-required": T,
-              "aria-label": i ? void 0 : w,
-              "aria-describedby": `${j} ${o ? _ : ""}`.trim(),
-              "aria-invalid": o ? "true" : "false",
-              "aria-errormessage": o ? _ : void 0
+              "aria-required": R,
+              "aria-label": n ? void 0 : P,
+              "aria-describedby": `${G} ${u ? T : ""}`.trim(),
+              "aria-invalid": u ? "true" : "false",
+              "aria-errormessage": u ? T : void 0
             }
           ),
-          /* @__PURE__ */ d(
+          /* @__PURE__ */ o(
             "div",
             {
-              id: _,
+              id: T,
               role: "status",
               "aria-live": "polite",
               "aria-atomic": "true",
               className: "fieldshield-findings",
-              children: o && /* @__PURE__ */ D(le, { children: [
-                /* @__PURE__ */ d("span", { className: "fieldshield-warning-icon", "aria-hidden": "true", children: "⚠" }),
-                /* @__PURE__ */ D("span", { className: "fieldshield-warning-text", children: [
+              children: u && /* @__PURE__ */ O(le, { children: [
+                /* @__PURE__ */ o("span", { className: "fieldshield-warning-icon", "aria-hidden": "true", children: "⚠" }),
+                /* @__PURE__ */ O("span", { className: "fieldshield-warning-text", children: [
                   "Sensitive data detected. Clipboard blocked for:",
                   " "
                 ] }),
-                Z.map((e) => /* @__PURE__ */ d(
+                U.map((e) => /* @__PURE__ */ o(
                   "span",
                   {
                     className: "fieldshield-tag",
@@ -623,103 +638,103 @@ const te = Object.freeze({
           )
         ]
       }
-    ) : /* @__PURE__ */ D(
+    ) : /* @__PURE__ */ O(
       "div",
       {
-        className: `fieldshield-container${A ? ` ${A}` : ""}`,
-        style: g,
+        className: `fieldshield-container${E ? ` ${E}` : ""}`,
+        style: b,
         role: "group",
-        "aria-labelledby": C,
-        "data-disabled": R || void 0,
+        "aria-labelledby": A,
+        "data-disabled": _ || void 0,
         children: [
-          i && /* @__PURE__ */ d("label", { htmlFor: C, className: "fieldshield-label", children: i }),
-          /* @__PURE__ */ d("span", { id: j, className: "fieldshield-sr-only", children: "Sensitive field. Input is protected. Sensitive data patterns will be detected and blocked from copying." }),
-          /* @__PURE__ */ D("div", { className: "fieldshield-field-wrapper", children: [
-            /* @__PURE__ */ d(
+          n && /* @__PURE__ */ o("label", { htmlFor: A, className: "fieldshield-label", children: n }),
+          /* @__PURE__ */ o("span", { id: G, className: "fieldshield-sr-only", children: "Sensitive field. Input is protected. Sensitive data patterns will be detected and blocked from copying." }),
+          /* @__PURE__ */ O("div", { className: "fieldshield-field-wrapper", children: [
+            /* @__PURE__ */ o(
               "div",
               {
-                className: `fieldshield-mask-layer${o ? " fieldshield-mask-unsafe" : ""}`,
+                className: `fieldshield-mask-layer${u ? " fieldshield-mask-unsafe" : ""}`,
                 "aria-hidden": "true",
-                children: V || /* @__PURE__ */ d("span", { className: "fieldshield-placeholder", children: v })
+                children: B || /* @__PURE__ */ o("span", { className: "fieldshield-placeholder", children: d })
               }
             ),
-            n === "textarea" && /* @__PURE__ */ d(
+            t === "textarea" && /* @__PURE__ */ o(
               "div",
               {
-                ref: K,
+                ref: z,
                 className: "fieldshield-grow",
                 "aria-hidden": "true"
               }
             ),
-            n === "textarea" ? /* @__PURE__ */ d(
+            t === "textarea" ? /* @__PURE__ */ o(
               "textarea",
               {
                 ref: ne,
-                id: C,
+                id: A,
                 className: "fieldshield-real-input",
-                placeholder: v,
+                placeholder: d,
                 onChange: re,
                 onPaste: X,
                 onCopy: x,
                 onCut: x,
-                onFocus: s,
+                onFocus: r,
                 onBlur: I,
-                disabled: R,
-                required: T,
-                maxLength: U,
+                disabled: _,
+                required: R,
+                maxLength: L,
                 rows: m,
                 inputMode: l,
                 spellCheck: !1,
                 autoComplete: "off",
-                "aria-required": T,
-                "aria-label": o ? `${w} — sensitive data detected` : `${w} — protected input`,
-                "aria-describedby": `${j} ${o ? _ : ""}`.trim(),
-                "aria-invalid": o ? "true" : "false",
-                "aria-errormessage": o ? _ : void 0
+                "aria-required": R,
+                "aria-label": u ? `${P} — sensitive data detected` : `${P} — protected input`,
+                "aria-describedby": `${G} ${u ? T : ""}`.trim(),
+                "aria-invalid": u ? "true" : "false",
+                "aria-errormessage": u ? T : void 0
               }
-            ) : /* @__PURE__ */ d(
+            ) : /* @__PURE__ */ o(
               "input",
               {
                 ref: J,
-                id: C,
+                id: A,
                 type: "text",
                 className: "fieldshield-real-input",
-                placeholder: v,
+                placeholder: d,
                 onChange: re,
                 onPaste: X,
                 onCopy: x,
                 onCut: x,
-                onFocus: s,
+                onFocus: r,
                 onBlur: I,
-                disabled: R,
-                required: T,
-                maxLength: U,
+                disabled: _,
+                required: R,
+                maxLength: L,
                 inputMode: l,
                 spellCheck: !1,
                 autoComplete: "off",
-                "aria-required": T,
-                "aria-label": o ? `${w} — sensitive data detected` : `${w} — protected input`,
-                "aria-describedby": `${j} ${o ? _ : ""}`.trim(),
-                "aria-invalid": o ? "true" : "false",
-                "aria-errormessage": o ? _ : void 0
+                "aria-required": R,
+                "aria-label": u ? `${P} — sensitive data detected` : `${P} — protected input`,
+                "aria-describedby": `${G} ${u ? T : ""}`.trim(),
+                "aria-invalid": u ? "true" : "false",
+                "aria-errormessage": u ? T : void 0
               }
             )
           ] }),
-          /* @__PURE__ */ d(
+          /* @__PURE__ */ o(
             "div",
             {
-              id: _,
+              id: T,
               role: "status",
               "aria-live": "polite",
               "aria-atomic": "true",
               className: "fieldshield-findings",
-              children: o && /* @__PURE__ */ D(le, { children: [
-                /* @__PURE__ */ d("span", { className: "fieldshield-warning-icon", "aria-hidden": "true", children: "⚠" }),
-                /* @__PURE__ */ D("span", { className: "fieldshield-warning-text", children: [
+              children: u && /* @__PURE__ */ O(le, { children: [
+                /* @__PURE__ */ o("span", { className: "fieldshield-warning-icon", "aria-hidden": "true", children: "⚠" }),
+                /* @__PURE__ */ O("span", { className: "fieldshield-warning-text", children: [
                   "Sensitive data detected. Clipboard blocked for:",
                   " "
                 ] }),
-                Z.map((e) => /* @__PURE__ */ d(
+                U.map((e) => /* @__PURE__ */ o(
                   "span",
                   {
                     className: "fieldshield-tag",
@@ -736,55 +751,55 @@ const te = Object.freeze({
     );
   }
 );
-ve.displayName = "FieldShieldInput";
-const Ce = (i = {}) => {
-  const { maxEvents: n = 20 } = i, [v, h] = G([]), A = M(0), g = z(
-    (N) => {
-      const S = ++A.current, s = (/* @__PURE__ */ new Date()).toLocaleTimeString();
-      h(
-        (I) => [{ ...N, id: S, timestamp: s }, ...I].slice(0, n)
+ye.displayName = "FieldShieldInput";
+const Te = (n = {}) => {
+  const { maxEvents: t = 20 } = n, [d, g] = K([]), E = Z(0), b = M(
+    (C) => {
+      const v = ++E.current, r = (/* @__PURE__ */ new Date()).toLocaleTimeString();
+      g(
+        (I) => [{ ...C, id: v, timestamp: r }, ...I].slice(0, t)
       );
     },
-    [n]
-  ), $ = z(
-    (N) => (S) => {
-      const s = N === "paste" ? "PASTE_DETECTED" : S.eventType === "cut" ? "CUT_BLOCKED" : "COPY_BLOCKED";
-      g({
-        field: S.fieldLabel,
-        type: s,
-        findings: S.findings,
-        detail: `${S.masked.slice(0, 32)}${S.masked.length > 32 ? "…" : ""}`
+    [t]
+  ), $ = M(
+    (C) => (v) => {
+      const r = C === "paste" ? "PASTE_DETECTED" : v.eventType === "cut" ? "CUT_BLOCKED" : "COPY_BLOCKED";
+      b({
+        field: v.fieldLabel,
+        type: r,
+        findings: v.findings,
+        detail: `${v.masked.slice(0, 32)}${v.masked.length > 32 ? "…" : ""}`
       });
     },
-    [g]
-  ), O = z(() => {
-    h([]), A.current = 0;
+    [b]
+  ), D = M(() => {
+    g([]), E.current = 0;
   }, []);
-  return { events: v, pushEvent: g, makeClipboardHandler: $, clearLog: O };
-}, Te = async (i) => {
-  const n = Object.entries(i), v = await Promise.allSettled(
-    n.map(
-      ([, h]) => h.current?.getSecureValue() ?? Promise.resolve("")
+  return { events: d, pushEvent: b, makeClipboardHandler: $, clearLog: D };
+}, Ce = async (n) => {
+  const t = Object.entries(n), d = await Promise.allSettled(
+    t.map(
+      ([, g]) => g.current?.getSecureValue() ?? Promise.resolve("")
     )
   );
   return Object.fromEntries(
-    n.map(([h], A) => {
-      const g = v[A];
-      return g.status === "rejected" ? (console.warn(
-        `[FieldShield] collectSecureValues: field "${String(h)}" failed to retrieve value.`,
-        g.reason
-      ), [h, ""]) : [h, g.value];
+    t.map(([g], E) => {
+      const b = d[E];
+      return b.status === "rejected" ? (console.warn(
+        `[FieldShield] collectSecureValues: field "${String(g)}" failed to retrieve value.`,
+        b.reason
+      ), [g, ""]) : [g, b.value];
     })
   );
-}, ke = (i) => {
-  Object.values(i).forEach((n) => n.current?.purge());
+}, Ie = (n) => {
+  Object.values(n).forEach((t) => t.current?.purge());
 };
 export {
   te as FIELDSHIELD_PATTERNS,
-  ve as FieldShieldInput,
-  ye as OPT_IN_PATTERNS,
-  Te as collectSecureValues,
-  ke as purgeSecureValues,
-  Se as useFieldShield,
-  Ce as useSecurityLog
+  ye as FieldShieldInput,
+  we as OPT_IN_PATTERNS,
+  Ce as collectSecureValues,
+  Ie as purgeSecureValues,
+  ke as useFieldShield,
+  Te as useSecurityLog
 };

package/dist/fieldshield.umd.cjs CHANGED Viewed

@@ -1,4 +1,4 @@
-(function(f,t){typeof exports=="object"&&typeof module<"u"?t(exports,require("react/jsx-runtime"),require("react")):typeof define=="function"&&define.amd?define(["exports","react/jsx-runtime","react"],t):(f=typeof globalThis<"u"?globalThis:f||self,t(f.FieldShield={},f.ReactJSXRuntime,f.React))})(this,(function(f,t,s){"use strict";var B=typeof document<"u"?document.currentScript:null;const j=Object.freeze({AI_API_KEY:"(sk-[a-zA-Z0-9][a-zA-Z0-9-]{19,}|ant-api-[a-z0-9-]{20,}|AIza[0-9A-Za-z_-]{35})",AWS_ACCESS_KEY:"\\b(AKIA|ASIA)[0-9A-Z]{16}\\b",SSN:"\\b\\d{3}[-\\s.]?\\d{2}[-\\s.]?\\d{4}\\b",EMAIL:"[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}",PHONE:"\\b(?:\\+?1[-. ]?)?\\(?[2-9]\\d{2}\\)?[-. ]?\\d{3}[-. ]?\\d{4}\\b|\\+[1-9][\\s.-]?(?:\\d[\\s.-]?){6,14}\\d\\b",CREDIT_CARD:["\\b4\\d{3}[-\\s]?\\d{4}[-\\s]?\\d{4}[-\\s]?\\d{4}\\b","\\b5[1-5]\\d{2}[-\\s]?\\d{4}[-\\s]?\\d{4}[-\\s]?\\d{4}\\b","\\b3[47]\\d{2}[-\\s]?\\d{6}[-\\s]?\\d{5}\\b"].join("|"),DATE_OF_BIRTH:"\\b(?:0?[1-9]|1[0-2])[-/.](?:0?[1-9]|[12]\\d|3[01])[-/.](?:19|20)\\d{2}\\b|\\b(?:19|20)\\d{2}[-/.](?:0?[1-9]|1[0-2])[-/.](?:0?[1-9]|[12]\\d|3[01])\\b",TAX_ID:"\\b\\d{2}-\\d{7}\\b|\\b\\d{9}\\b",GITHUB_TOKEN:"\\b(ghp|gho|ghs|ghu|github_pat)_[a-zA-Z0-9_]{20,}\\b",STRIPE_KEY:"\\b(sk|pk|rk)_(live|test)_[a-zA-Z0-9]{20,}\\b",JWT:"\\beyJ[a-zA-Z0-9_-]+\\.[a-zA-Z0-9_-]+\\.[a-zA-Z0-9_-]+\\b",PRIVATE_KEY_BLOCK:"-----BEGIN (?:RSA |EC |OPENSSH )?PRIVATE KEY-----",UK_NIN:"\\b[A-CEGHJ-PR-TW-Z][A-CEGHJ-NPR-TW-Z]\\s?\\d{2}\\s?\\d{2}\\s?\\d{2}\\s?[A-D]\\b"}),ce=Object.freeze({IBAN:"\\b[A-Z]{2}\\d{2}[-\\s]?(?:[A-Z0-9]{1,4}[-\\s]?){3,}[A-Z0-9]{1,4}\\b",DEA_NUMBER:"\\b[ABCDEFGHJKLMPRSTUX][A-Z]\\d{7}\\b",SWIFT_BIC:"\\b[A-Z]{4}[A-Z]{2}[A-Z0-9]{2}([A-Z0-9]{3})?\\b",NPI_NUMBER:"\\b[12]\\d{9}\\b",PASSPORT_NUMBER:"\\b[A-Z]{1,2}[0-9]{6,9}\\b"}),ee=3e3,oe=1e5,te=d=>Object.fromEntries(d.map(l=>[l.name,l.regex])),se=(d=[],l=oe,A,b)=>{const[y,S]=s.useState(""),[R,$]=s.useState([]),[P,v]=s.useState(!1),r=s.useRef(null),w=JSON.stringify(d);s.useEffect(()=>{let m=!1;try{r.current=new Worker(new URL("/assets/fieldshield.worker.js",typeof document>"u"&&typeof location>"u"?require("url").pathToFileURL(__filename).href:typeof document>"u"?location.href:B&&B.tagName.toUpperCase()==="SCRIPT"&&B.src||new URL("fieldshield.umd.cjs",document.baseURI).href),{type:"module"})}catch(c){console.error("[FieldShield] Worker failed to initialize — falling back to a11yMode.",c),queueMicrotask(()=>v(!0));return}return r.current.onmessage=c=>{m||c.data?.type==="UPDATE"&&typeof c.data.masked=="string"&&Array.isArray(c.data.findings)&&(S(c.data.masked),$(c.data.findings))},r.current.onerror=c=>{m||(console.error(`[FieldShield] Worker runtime error: ${c.message??"unknown error"}`),S(""),$([]),b?.(c))},r.current.postMessage({type:"CONFIG",payload:{defaultPatterns:j,customPatterns:te([])}}),()=>{m=!0,r.current?.terminate(),r.current=null}},[]),s.useEffect(()=>{r.current&&r.current.postMessage({type:"CONFIG",payload:{defaultPatterns:j,customPatterns:te(d)}})},[w]);const D=s.useCallback(m=>m.length>l?(console.warn(`[FieldShield] Input length ${m.length} exceeds maxProcessLength (${l}). Keystroke blocked to prevent unprotected data beyond the limit. Raise maxProcessLength if this field requires longer input.`),A?.(m.length,l),!1):(r.current?.postMessage({type:"PROCESS",payload:{text:m}}),!0),[l,A]),k=s.useCallback(()=>new Promise((m,c)=>{if(!r.current){m("");return}const{port1:I,port2:V}=new MessageChannel,G=setTimeout(()=>{I.close(),c(new Error(`[FieldShield] getSecureValue timed out after ${ee}ms.`))},ee);I.onmessage=W=>{clearTimeout(G),I.close(),m(W.data.text)},r.current.postMessage({type:"GET_TRUTH"},[V])}),[]),x=s.useCallback(()=>{r.current?.postMessage({type:"PURGE"})},[]);return{masked:y,findings:R,processText:D,getSecureValue:k,purge:x,workerFailed:P}},ae=s.forwardRef(({label:d,type:l="text",placeholder:A,customPatterns:b=[],className:y,style:S,onChange:R,a11yMode:$=!1,onSensitiveCopyAttempt:P,onSensitivePaste:v,onFocus:r,onBlur:w,disabled:D=!1,required:k=!1,maxLength:x,rows:m=3,inputMode:c="text",maxProcessLength:I=1e5,onMaxLengthExceeded:V,onWorkerError:G},W)=>{const{masked:K,findings:Z,processText:z,getSecureValue:ne,purge:re,workerFailed:he}=se(b,I,V,G),ge=$||he,u=Z.length>0,F=d??"Protected field",J=s.useRef(null),le=s.useRef(null),L=s.useRef(null),p=s.useRef(""),_=s.useId(),N=`${_}-warning`,H=`${_}-desc`;s.useImperativeHandle(W,()=>({getSecureValue:ne,purge:()=>{re(),z(""),p.current="";const e=J.current??le.current;e&&(e.value="",L.current&&(L.current.textContent=`
-`))}}),[ne,re,z]),s.useEffect(()=>{R?.(K,Z)},[K,Z,R]);const Y=(e,a,n)=>{if(!z(a)){const E=p.current.replace(/[^\n]/g,"x");e.value=E;const g=Math.min(n,p.current.length);e.setSelectionRange(g,g);return}p.current=a;const i=a.replace(/[^\n]/g,"x");e.value=i,e.setSelectionRange(n,n),L.current&&(L.current.textContent=i+`
-`)},ie=e=>{const a=e.target,n=a.value,h=a.selectionStart??n.length,i=p.current,E=n.length-i.length;let g;if(E>0){const o=Math.max(0,h-E),T=n.slice(o,h);g=i.slice(0,o)+T+i.slice(o)}else if(E<0){const o=h,T=o-E;g=i.slice(0,o)+i.slice(T)}else{let o=-1,T=-1;for(let C=0;C<n.length;C++)n[C]!=="x"&&n[C]!==`
-`&&(o===-1&&(o=C),T=C+1);if(o!==-1){const C=n.slice(o,T);g=i.slice(0,o)+C+i.slice(T)}else g=i}Y(a,g,h)},be=e=>{const a=e.target.value;p.current=a,z(a)},X=e=>{e.preventDefault();const a=e.clipboardData.getData("text/plain"),n=e.target,h=n.selectionStart??0,i=n.selectionEnd??0,E=p.current,g=E.length-(i-h)+a.length;if(g>I){console.warn(`[FieldShield] Paste blocked — result length ${g} would exceed maxProcessLength (${I}). DOM unchanged.`),V?.(g,I);return}const o=E.slice(0,h)+a+E.slice(i),T=h+a.length;if(Y(n,o,T),v&&a){const C=[...Object.entries(j),...b.map(O=>[O.name,O.regex])],de=[];for(const[O,U]of C)try{de.push([O,new RegExp(U,"gi")])}catch{}const q=[];let Q=a;for(const[O,U]of de)U.lastIndex=0,U.test(a)&&(q.push(O),U.lastIndex=0,Q=Q.replace(U,Se=>"█".repeat(Se.length)));q.length>0&&v({timestamp:new Date().toISOString(),fieldLabel:F,findings:[...new Set(q)],masked:Q,eventType:"paste"})===!1&&Y(n,E,h)}},M=e=>{e.preventDefault();const a=e.target,n=a.selectionStart??0,h=a.selectionEnd??p.current.length,i=K.slice(n,h),E=i.includes("█");if(u&&E?(e.clipboardData.setData("text/plain",i),P?.({timestamp:new Date().toISOString(),fieldLabel:F,findings:[...Z],masked:i,eventType:e.type==="cut"?"cut":"copy"})):e.clipboardData.setData("text/plain",p.current.slice(n,h)),e.type==="cut"){const g=p.current.slice(0,n),o=p.current.slice(h);p.current=g+o,z(p.current);const T="x".repeat(p.current.length);a.value=T,a.setSelectionRange(n,n)}};return ge?t.jsxs("div",{className:`fieldshield-container${y?` ${y}`:""}`,style:S,role:"group","aria-labelledby":_,"data-disabled":D||void 0,children:[d&&t.jsx("label",{htmlFor:_,className:"fieldshield-label",children:d}),t.jsx("span",{id:H,className:"fieldshield-sr-only",children:"This field is protected. Sensitive data patterns will be detected and blocked from copying."}),t.jsx("input",{id:_,ref:J,type:"password",className:"fieldshield-a11y-input",placeholder:A,onChange:be,onCopy:M,onCut:M,onPaste:X,onFocus:r,onBlur:w,disabled:D,required:k,maxLength:x,inputMode:c,spellCheck:!1,autoComplete:"off","aria-required":k,"aria-label":d?void 0:F,"aria-describedby":`${H} ${u?N:""}`.trim(),"aria-invalid":u?"true":"false","aria-errormessage":u?N:void 0}),t.jsx("div",{id:N,role:"status","aria-live":"polite","aria-atomic":"true",className:"fieldshield-findings",children:u&&t.jsxs(t.Fragment,{children:[t.jsx("span",{className:"fieldshield-warning-icon","aria-hidden":"true",children:"⚠"}),t.jsxs("span",{className:"fieldshield-warning-text",children:["Sensitive data detected. Clipboard blocked for:"," "]}),Z.map(e=>t.jsx("span",{className:"fieldshield-tag","aria-label":`pattern: ${e}`,children:e},e))]})})]}):t.jsxs("div",{className:`fieldshield-container${y?` ${y}`:""}`,style:S,role:"group","aria-labelledby":_,"data-disabled":D||void 0,children:[d&&t.jsx("label",{htmlFor:_,className:"fieldshield-label",children:d}),t.jsx("span",{id:H,className:"fieldshield-sr-only",children:"Sensitive field. Input is protected. Sensitive data patterns will be detected and blocked from copying."}),t.jsxs("div",{className:"fieldshield-field-wrapper",children:[t.jsx("div",{className:`fieldshield-mask-layer${u?" fieldshield-mask-unsafe":""}`,"aria-hidden":"true",children:K||t.jsx("span",{className:"fieldshield-placeholder",children:A})}),l==="textarea"&&t.jsx("div",{ref:L,className:"fieldshield-grow","aria-hidden":"true"}),l==="textarea"?t.jsx("textarea",{ref:le,id:_,className:"fieldshield-real-input",placeholder:A,onChange:ie,onPaste:X,onCopy:M,onCut:M,onFocus:r,onBlur:w,disabled:D,required:k,maxLength:x,rows:m,inputMode:c,spellCheck:!1,autoComplete:"off","aria-required":k,"aria-label":u?`${F} — sensitive data detected`:`${F} — protected input`,"aria-describedby":`${H} ${u?N:""}`.trim(),"aria-invalid":u?"true":"false","aria-errormessage":u?N:void 0}):t.jsx("input",{ref:J,id:_,type:"text",className:"fieldshield-real-input",placeholder:A,onChange:ie,onPaste:X,onCopy:M,onCut:M,onFocus:r,onBlur:w,disabled:D,required:k,maxLength:x,inputMode:c,spellCheck:!1,autoComplete:"off","aria-required":k,"aria-label":u?`${F} — sensitive data detected`:`${F} — protected input`,"aria-describedby":`${H} ${u?N:""}`.trim(),"aria-invalid":u?"true":"false","aria-errormessage":u?N:void 0})]}),t.jsx("div",{id:N,role:"status","aria-live":"polite","aria-atomic":"true",className:"fieldshield-findings",children:u&&t.jsxs(t.Fragment,{children:[t.jsx("span",{className:"fieldshield-warning-icon","aria-hidden":"true",children:"⚠"}),t.jsxs("span",{className:"fieldshield-warning-text",children:["Sensitive data detected. Clipboard blocked for:"," "]}),Z.map(e=>t.jsx("span",{className:"fieldshield-tag","aria-label":`pattern: ${e}`,children:e},e))]})})]})});ae.displayName="FieldShieldInput";const ue=(d={})=>{const{maxEvents:l=20}=d,[A,b]=s.useState([]),y=s.useRef(0),S=s.useCallback(P=>{const v=++y.current,r=new Date().toLocaleTimeString();b(w=>[{...P,id:v,timestamp:r},...w].slice(0,l))},[l]),R=s.useCallback(P=>v=>{const r=P==="paste"?"PASTE_DETECTED":v.eventType==="cut"?"CUT_BLOCKED":"COPY_BLOCKED";S({field:v.fieldLabel,type:r,findings:v.findings,detail:`${v.masked.slice(0,32)}${v.masked.length>32?"…":""}`})},[S]),$=s.useCallback(()=>{b([]),y.current=0},[]);return{events:A,pushEvent:S,makeClipboardHandler:R,clearLog:$}},fe=async d=>{const l=Object.entries(d),A=await Promise.allSettled(l.map(([,b])=>b.current?.getSecureValue()??Promise.resolve("")));return Object.fromEntries(l.map(([b],y)=>{const S=A[y];return S.status==="rejected"?(console.warn(`[FieldShield] collectSecureValues: field "${String(b)}" failed to retrieve value.`,S.reason),[b,""]):[b,S.value]}))},pe=d=>{Object.values(d).forEach(l=>l.current?.purge())};f.FIELDSHIELD_PATTERNS=j,f.FieldShieldInput=ae,f.OPT_IN_PATTERNS=ce,f.collectSecureValues=fe,f.purgeSecureValues=pe,f.useFieldShield=se,f.useSecurityLog=ue,Object.defineProperty(f,Symbol.toStringTag,{value:"Module"})}));
+(function(p,t){typeof exports=="object"&&typeof module<"u"?t(exports,require("react/jsx-runtime"),require("react")):typeof define=="function"&&define.amd?define(["exports","react/jsx-runtime","react"],t):(p=typeof globalThis<"u"?globalThis:p||self,t(p.FieldShield={},p.ReactJSXRuntime,p.React))})(this,(function(p,t,a){"use strict";const z=Object.freeze({AI_API_KEY:"(sk-[a-zA-Z0-9][a-zA-Z0-9-]{19,}|ant-api-[a-z0-9-]{20,}|AIza[0-9A-Za-z_-]{35})",AWS_ACCESS_KEY:"\\b(AKIA|ASIA)[0-9A-Z]{16}\\b",SSN:"\\b\\d{3}[-\\s.]?\\d{2}[-\\s.]?\\d{4}\\b",EMAIL:"[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}",PHONE:"\\b(?:\\+?1[-. ]?)?\\(?[2-9]\\d{2}\\)?[-. ]?\\d{3}[-. ]?\\d{4}\\b|\\+[1-9][\\s.-]?(?:\\d[\\s.-]?){6,14}\\d\\b",CREDIT_CARD:["\\b4\\d{3}[-\\s]?\\d{4}[-\\s]?\\d{4}[-\\s]?\\d{4}\\b","\\b5\\d{3}[-\\s]?\\d{4}[-\\s]?\\d{4}[-\\s]?\\d{4}\\b","\\b6\\d{3}[-\\s]?\\d{4}[-\\s]?\\d{4}[-\\s]?\\d{4}\\b","\\b3[47]\\d{2}[-\\s]?\\d{6}[-\\s]?\\d{5}\\b"].join("|"),DATE_OF_BIRTH:"\\b(?:0?[1-9]|1[0-2])[-/.](?:0?[1-9]|[12]\\d|3[01])[-/.](?:19|20)\\d{2}\\b|\\b(?:19|20)\\d{2}[-/.](?:0?[1-9]|1[0-2])[-/.](?:0?[1-9]|[12]\\d|3[01])\\b",TAX_ID:"\\b\\d{2}-\\d{7}\\b|\\b\\d{9}\\b",GITHUB_TOKEN:"\\b(ghp|gho|ghs|ghu|github_pat)_[a-zA-Z0-9_]{20,}\\b",STRIPE_KEY:"\\b(sk|pk|rk)_(live|test)_[a-zA-Z0-9]{20,}\\b",JWT:"\\beyJ[a-zA-Z0-9_-]+\\.[a-zA-Z0-9_-]+\\.[a-zA-Z0-9_-]+\\b",PRIVATE_KEY_BLOCK:"-----BEGIN (?:RSA |EC |OPENSSH )?PRIVATE KEY-----",UK_NIN:"\\b[A-CEGHJ-PR-TW-Z][A-CEGHJ-NPR-TW-Z]\\s?\\d{2}\\s?\\d{2}\\s?\\d{2}\\s?[A-D]\\b"}),oe=Object.freeze({IBAN:"\\b[A-Z]{2}\\d{2}[-\\s]?(?:[A-Z0-9]{1,4}[-\\s]?){3,}[A-Z0-9]{1,4}\\b",DEA_NUMBER:"\\b[ABCDEFGHJKLMPRSTUX][A-Z]\\d{7}\\b",SWIFT_BIC:"\\b[A-Z]{4}[A-Z]{2}[A-Z0-9]{2}([A-Z0-9]{3})?\\b",NPI_NUMBER:"\\b[12]\\d{9}\\b",PASSPORT_NUMBER:"\\b[A-Z]{1,2}[0-9]{6,9}\\b"}),Q='(function(){"use strict";let l={},c={},n="";const i=(s,e)=>{const t={};for(const[a,o]of Object.entries(s))try{t[a]=new RegExp(o,"gi")}catch{console.warn(`[FieldShield] Skipping invalid ${e} pattern "${a}".`)}return t},d=s=>{let e=s;const t=[],a={...l,...c};for(const[o,r]of Object.entries(a))r.lastIndex=0,r.test(s)&&(t.push(o),r.lastIndex=0,e=e.replace(r,p=>"█".repeat(p.length)));return{masked:e,findings:[...new Set(t)]}};self.onmessage=s=>{const e=s.data;switch(e.type){case"CONFIG":{l=i(e.payload.defaultPatterns,"default"),c=i(e.payload.customPatterns,"custom");break}case"PROCESS":{n=e.payload.text;const{masked:t,findings:a}=d(n);self.postMessage({type:"UPDATE",masked:t,findings:a});break}case"GET_TRUTH":{const t=s.ports[0];t?t.postMessage({text:n}):console.warn("[FieldShield] GET_TRUTH received with no MessagePort — caller will time out. Pass port2 via the transfer array.");break}case"PURGE":{n="",self.postMessage({type:"PURGED"});break}default:{console.warn(`[FieldShield] Worker received unknown message type: "${e.type}"`);break}}}})();\n',ee=typeof self<"u"&&self.Blob&&new Blob(["(self.URL || self.webkitURL).revokeObjectURL(self.location.href);",Q],{type:"text/javascript;charset=utf-8"});function ue(l){let s;try{if(s=ee&&(self.URL||self.webkitURL).createObjectURL(ee),!s)throw"";const u=new Worker(s,{name:l?.name});return u.addEventListener("error",()=>{(self.URL||self.webkitURL).revokeObjectURL(s)}),u}catch{return new Worker("data:text/javascript;charset=utf-8,"+encodeURIComponent(Q),{name:l?.name})}}const te=3e3,fe=1e5,se=l=>Object.fromEntries(l.map(s=>[s.name,s.regex])),ae=(l=[],s=fe,u,S)=>{const[y,m]=a.useState(""),[F,$]=a.useState([]),[_,k]=a.useState(!1),i=a.useRef(null),N=JSON.stringify(l);a.useEffect(()=>{let E=!1;try{i.current=new ue}catch(d){console.error("[FieldShield] Worker failed to initialize — falling back to a11yMode.",d),queueMicrotask(()=>k(!0));return}return i.current.onmessage=d=>{E||d.data?.type==="UPDATE"&&typeof d.data.masked=="string"&&Array.isArray(d.data.findings)&&(m(d.data.masked),$(d.data.findings))},i.current.onerror=d=>{E||(console.error(`[FieldShield] Worker runtime error: ${d.message??"unknown error"}`),m(""),$([]),S?.(d))},i.current.postMessage({type:"CONFIG",payload:{defaultPatterns:z,customPatterns:se([])}}),()=>{E=!0,i.current?.terminate(),i.current=null}},[]),a.useEffect(()=>{i.current&&i.current.postMessage({type:"CONFIG",payload:{defaultPatterns:z,customPatterns:se(l)}})},[N]);const R=a.useCallback(E=>E.length>s?(console.warn(`[FieldShield] Input length ${E.length} exceeds maxProcessLength (${s}). Keystroke blocked to prevent unprotected data beyond the limit. Raise maxProcessLength if this field requires longer input.`),u?.(E.length,s),!1):(i.current?.postMessage({type:"PROCESS",payload:{text:E}}),!0),[s,u]),w=a.useCallback(()=>new Promise((E,d)=>{if(!i.current){E("");return}const{port1:I,port2:G}=new MessageChannel,V=setTimeout(()=>{I.close(),d(new Error(`[FieldShield] getSecureValue timed out after ${te}ms.`))},te);I.onmessage=K=>{clearTimeout(V),I.close(),E(K.data.text)},i.current.postMessage({type:"GET_TRUTH"},[G])}),[]),M=a.useCallback(()=>{i.current?.postMessage({type:"PURGE"})},[]);return{masked:y,findings:F,processText:R,getSecureValue:w,purge:M,workerFailed:_}},ne=a.forwardRef(({label:l,type:s="text",placeholder:u,customPatterns:S=[],className:y,style:m,onChange:F,a11yMode:$=!1,onSensitiveCopyAttempt:_,onSensitivePaste:k,onFocus:i,onBlur:N,disabled:R=!1,required:w=!1,maxLength:M,rows:E=3,inputMode:d="text",maxProcessLength:I=1e5,onMaxLengthExceeded:G,onWorkerError:V},K)=>{const{masked:B,findings:U,processText:Z,getSecureValue:re,purge:le,workerFailed:be}=ae(S,I,G,V),Se=$||be,f=U.length>0,O=l??"Protected field",W=a.useRef(null),ie=a.useRef(null),j=a.useRef(null),h=a.useRef(""),C=a.useId(),P=`${C}-warning`,H=`${C}-desc`;a.useImperativeHandle(K,()=>({getSecureValue:re,purge:()=>{le(),Z(""),h.current="";const e=W.current??ie.current;e&&(e.value="",j.current&&(j.current.textContent=`
+`))}}),[re,le,Z]),a.useEffect(()=>{F?.(B,U)},[B,U,F]);const J=(e,n,r)=>{if(!Z(n)){const v=h.current.replace(/[^\n]/g,"x");e.value=v;const b=Math.min(r,h.current.length);e.setSelectionRange(b,b);return}h.current=n;const c=n.replace(/[^\n]/g,"x");e.value=c,e.setSelectionRange(r,r),j.current&&(j.current.textContent=c+`
+`)},ce=e=>{const n=e.target,r=n.value,g=n.selectionStart??r.length,c=h.current,v=r.length-c.length;let b;if(v>0){const o=Math.max(0,g-v),T=r.slice(o,g);b=c.slice(0,o)+T+c.slice(o)}else if(v<0){const o=g,T=o-v;b=c.slice(0,o)+c.slice(T)}else{let o=-1,T=-1;for(let A=0;A<r.length;A++)r[A]!=="x"&&r[A]!==`
+`&&(o===-1&&(o=A),T=A+1);if(o!==-1){const A=r.slice(o,T);b=c.slice(0,o)+A+c.slice(T)}else b=c}J(n,b,g)},me=e=>{const n=e.target.value;h.current=n,Z(n)},Y=e=>{e.preventDefault();const n=e.clipboardData.getData("text/plain"),r=e.target,g=r.selectionStart??0,c=r.selectionEnd??0,v=h.current,b=v.length-(c-g)+n.length;if(b>I){console.warn(`[FieldShield] Paste blocked — result length ${b} would exceed maxProcessLength (${I}). DOM unchanged.`),G?.(b,I);return}const o=v.slice(0,g)+n+v.slice(c),T=g+n.length;if(J(r,o,T),k&&n){const A=[...Object.entries(z),...S.map(D=>[D.name,D.regex])],de=[];for(const[D,x]of A)try{de.push([D,new RegExp(x,"gi")])}catch{}const X=[];let q=n;for(const[D,x]of de)x.lastIndex=0,x.test(n)&&(X.push(D),x.lastIndex=0,q=q.replace(x,Ee=>"█".repeat(Ee.length)));X.length>0&&k({timestamp:new Date().toISOString(),fieldLabel:O,findings:[...new Set(X)],masked:q,eventType:"paste"})===!1&&J(r,v,g)}},L=e=>{e.preventDefault();const n=e.target,r=n.selectionStart??0,g=n.selectionEnd??h.current.length,c=B.slice(r,g),v=c.includes("█");if(f&&v?(e.clipboardData.setData("text/plain",c),_?.({timestamp:new Date().toISOString(),fieldLabel:O,findings:[...U],masked:c,eventType:e.type==="cut"?"cut":"copy"})):e.clipboardData.setData("text/plain",h.current.slice(r,g)),e.type==="cut"){const b=h.current.slice(0,r),o=h.current.slice(g);h.current=b+o,Z(h.current);const T="x".repeat(h.current.length);n.value=T,n.setSelectionRange(r,r)}};return Se?t.jsxs("div",{className:`fieldshield-container${y?` ${y}`:""}`,style:m,role:"group","aria-labelledby":C,"data-disabled":R||void 0,children:[l&&t.jsx("label",{htmlFor:C,className:"fieldshield-label",children:l}),t.jsx("span",{id:H,className:"fieldshield-sr-only",children:"This field is protected. Sensitive data patterns will be detected and blocked from copying."}),t.jsx("input",{id:C,ref:W,type:"password",className:"fieldshield-a11y-input",placeholder:u,onChange:me,onCopy:L,onCut:L,onPaste:Y,onFocus:i,onBlur:N,disabled:R,required:w,maxLength:M,inputMode:d,spellCheck:!1,autoComplete:"off","aria-required":w,"aria-label":l?void 0:O,"aria-describedby":`${H} ${f?P:""}`.trim(),"aria-invalid":f?"true":"false","aria-errormessage":f?P:void 0}),t.jsx("div",{id:P,role:"status","aria-live":"polite","aria-atomic":"true",className:"fieldshield-findings",children:f&&t.jsxs(t.Fragment,{children:[t.jsx("span",{className:"fieldshield-warning-icon","aria-hidden":"true",children:"⚠"}),t.jsxs("span",{className:"fieldshield-warning-text",children:["Sensitive data detected. Clipboard blocked for:"," "]}),U.map(e=>t.jsx("span",{className:"fieldshield-tag","aria-label":`pattern: ${e}`,children:e},e))]})})]}):t.jsxs("div",{className:`fieldshield-container${y?` ${y}`:""}`,style:m,role:"group","aria-labelledby":C,"data-disabled":R||void 0,children:[l&&t.jsx("label",{htmlFor:C,className:"fieldshield-label",children:l}),t.jsx("span",{id:H,className:"fieldshield-sr-only",children:"Sensitive field. Input is protected. Sensitive data patterns will be detected and blocked from copying."}),t.jsxs("div",{className:"fieldshield-field-wrapper",children:[t.jsx("div",{className:`fieldshield-mask-layer${f?" fieldshield-mask-unsafe":""}`,"aria-hidden":"true",children:B||t.jsx("span",{className:"fieldshield-placeholder",children:u})}),s==="textarea"&&t.jsx("div",{ref:j,className:"fieldshield-grow","aria-hidden":"true"}),s==="textarea"?t.jsx("textarea",{ref:ie,id:C,className:"fieldshield-real-input",placeholder:u,onChange:ce,onPaste:Y,onCopy:L,onCut:L,onFocus:i,onBlur:N,disabled:R,required:w,maxLength:M,rows:E,inputMode:d,spellCheck:!1,autoComplete:"off","aria-required":w,"aria-label":f?`${O} — sensitive data detected`:`${O} — protected input`,"aria-describedby":`${H} ${f?P:""}`.trim(),"aria-invalid":f?"true":"false","aria-errormessage":f?P:void 0}):t.jsx("input",{ref:W,id:C,type:"text",className:"fieldshield-real-input",placeholder:u,onChange:ce,onPaste:Y,onCopy:L,onCut:L,onFocus:i,onBlur:N,disabled:R,required:w,maxLength:M,inputMode:d,spellCheck:!1,autoComplete:"off","aria-required":w,"aria-label":f?`${O} — sensitive data detected`:`${O} — protected input`,"aria-describedby":`${H} ${f?P:""}`.trim(),"aria-invalid":f?"true":"false","aria-errormessage":f?P:void 0})]}),t.jsx("div",{id:P,role:"status","aria-live":"polite","aria-atomic":"true",className:"fieldshield-findings",children:f&&t.jsxs(t.Fragment,{children:[t.jsx("span",{className:"fieldshield-warning-icon","aria-hidden":"true",children:"⚠"}),t.jsxs("span",{className:"fieldshield-warning-text",children:["Sensitive data detected. Clipboard blocked for:"," "]}),U.map(e=>t.jsx("span",{className:"fieldshield-tag","aria-label":`pattern: ${e}`,children:e},e))]})})]})});ne.displayName="FieldShieldInput";const pe=(l={})=>{const{maxEvents:s=20}=l,[u,S]=a.useState([]),y=a.useRef(0),m=a.useCallback(_=>{const k=++y.current,i=new Date().toLocaleTimeString();S(N=>[{..._,id:k,timestamp:i},...N].slice(0,s))},[s]),F=a.useCallback(_=>k=>{const i=_==="paste"?"PASTE_DETECTED":k.eventType==="cut"?"CUT_BLOCKED":"COPY_BLOCKED";m({field:k.fieldLabel,type:i,findings:k.findings,detail:`${k.masked.slice(0,32)}${k.masked.length>32?"…":""}`})},[m]),$=a.useCallback(()=>{S([]),y.current=0},[]);return{events:u,pushEvent:m,makeClipboardHandler:F,clearLog:$}},he=async l=>{const s=Object.entries(l),u=await Promise.allSettled(s.map(([,S])=>S.current?.getSecureValue()??Promise.resolve("")));return Object.fromEntries(s.map(([S],y)=>{const m=u[y];return m.status==="rejected"?(console.warn(`[FieldShield] collectSecureValues: field "${String(S)}" failed to retrieve value.`,m.reason),[S,""]):[S,m.value]}))},ge=l=>{Object.values(l).forEach(s=>s.current?.purge())};p.FIELDSHIELD_PATTERNS=z,p.FieldShieldInput=ne,p.OPT_IN_PATTERNS=oe,p.collectSecureValues=he,p.purgeSecureValues=ge,p.useFieldShield=ae,p.useSecurityLog=pe,Object.defineProperty(p,Symbol.toStringTag,{value:"Module"})}));

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "fieldshield",
-  "version": "1.0.1",
+  "version": "1.1.0",
   "description": "Sensitive input protection for React — prevents DOM scraping, clipboard exfiltration, and accidental PHI exposure in healthcare and fintech applications.",
   "type": "module",
   "license": "MIT",

package/dist/assets/fieldshield.worker.js DELETED Viewed

@@ -1 +0,0 @@

- (function(){"use strict";let l={},c={},n="";const i=(s,e)=>{const t={};for(const[a,o]of Object.entries(s))try{t[a]=new RegExp(o,"gi")}catch{console.warn(`[FieldShield] Skipping invalid ${e} pattern "${a}".`)}return t},d=s=>{let e=s;const t=[],a={...l,...c};for(const[o,r]of Object.entries(a))r.lastIndex=0,r.test(s)&&(t.push(o),r.lastIndex=0,e=e.replace(r,p=>"█".repeat(p.length)));return{masked:e,findings:[...new Set(t)]}};self.onmessage=s=>{const e=s.data;switch(e.type){case"CONFIG":{l=i(e.payload.defaultPatterns,"default"),c=i(e.payload.customPatterns,"custom");break}case"PROCESS":{n=e.payload.text;const{masked:t,findings:a}=d(n);self.postMessage({type:"UPDATE",masked:t,findings:a});break}case"GET_TRUTH":{const t=s.ports[0];t?t.postMessage({text:n}):console.warn("[FieldShield] GET_TRUTH received with no MessagePort — caller will time out. Pass port2 via the transfer array.");break}case"PURGE":{n="",self.postMessage({type:"PURGED"});break}default:{console.warn(`[FieldShield] Worker received unknown message type: "${e.type}"`);break}}}})();