mailauth 2.3.1 → 2.3.4

package/.gitattributes

@@ -0,0 +1 @@
+*.js text eol=lf

package/README.md

@@ -261,7 +261,7 @@ process.stdout.write(message);
 If you want to modify the message before sealing, you have to authenticate the message first and then use authentication results as input for the sealing step.
 
 ```js
-const { authenticate, sealMessage } = require('@postalsys/mailauth');
+const { authenticate, sealMessage } = require('mailauth');
 
 // 1. authenticate the message
 const { arc, headers } = await authenticate(

package/lib/dkim/body/relaxed.js

@@ -1,9 +1,14 @@
-'use strict';
+/* eslint no-control-regex: 0 */
 
-// Calculates relaxed body hash for a message body stream
+'use strict';
 
 const crypto = require('crypto');
 
+const CHAR_CR = 0x0d;
+const CHAR_LF = 0x0a;
+const CHAR_SPACE = 0x20;
+const CHAR_TAB = 0x09;
+
 /**
  * Class for calculating body hash of an email message body stream
  * using the "relaxed" canonicalization
@@ -16,139 +21,244 @@ class RelaxedHash {
      * @param {Number} [maxBodyLength] Allowed body length count, the value from the l= parameter
      */
     constructor(algorithm, maxBodyLength) {
-        algorithm = (algorithm || 'sha256').split('-').pop();
+        algorithm = (algorithm || 'sha256').split('-').pop().toLowerCase();
+
         this.bodyHash = crypto.createHash(algorithm);
 
-        this.remainder = '';
+        this.remainder = false;
         this.byteLength = 0;
 
         this.bodyHashedBytes = 0;
         this.maxBodyLength = maxBodyLength;
+
+        this.maxSizeReached = false;
+
+        this.emptyLinesQueue = [];
     }
 
     _updateBodyHash(chunk) {
-        // the following is needed for l= option
+        if (this.maxSizeReached) {
+            return;
+        }
+
+        // the following is needed for the l= option
         if (
             typeof this.maxBodyLength === 'number' &&
             !isNaN(this.maxBodyLength) &&
             this.maxBodyLength >= 0 &&
             this.bodyHashedBytes + chunk.length > this.maxBodyLength
         ) {
+            this.maxSizeReached = true;
             if (this.bodyHashedBytes >= this.maxBodyLength) {
                 // nothing to do here, skip entire chunk
                 return;
             }
+
             // only use allowed size of bytes
-            chunk = chunk.slice(0, this.maxBodyLength - this.bodyHashedBytes);
+            chunk = chunk.subarray(0, this.maxBodyLength - this.bodyHashedBytes);
         }
 
         this.bodyHashedBytes += chunk.length;
         this.bodyHash.update(chunk);
+
+        //process.stdout.write(chunk);
     }
 
-    update(chunk) {
-        this.byteLength += chunk.length;
+    _drainPendingEmptyLines() {
+        if (this.emptyLinesQueue.length) {
+            for (let emptyLine of this.emptyLinesQueue) {
+                this._updateBodyHash(emptyLine);
+            }
+            this.emptyLinesQueue = [];
+        }
+    }
 
-        let bodyStr;
+    _pushBodyHash(chunk) {
+        if (!chunk || !chunk.length) {
+            return;
+        }
 
-        // find next remainder
-        let nextRemainder = '';
+        // remove line endings
+        let foundNonLn = false;
 
-        // This crux finds and removes the spaces from the last line and the newline characters after the last non-empty line
-        // If we get another chunk that does not match this description then we can restore the previously processed data
-        let state = 'file';
+        // buffer line endings and empty lines
         for (let i = chunk.length - 1; i >= 0; i--) {
-            let c = chunk[i];
-
-            if (state === 'file' && (c === 0x0a || c === 0x0d)) {
-                // do nothing, found \n or \r at the end of chunk, stil end of file
-            } else if (state === 'file' && (c === 0x09 || c === 0x20)) {
-                // switch to line ending mode, this is the last non-empty line
-                state = 'line';
-            } else if (state === 'line' && (c === 0x09 || c === 0x20)) {
-                // do nothing, found ' ' or \t at the end of line, keep processing the last non-empty line
-            } else if (state === 'file' || state === 'line') {
-                // non line/file ending character found, switch to body mode
-                state = 'body';
-                if (i === chunk.length - 1) {
-                    // final char is not part of line end or file end, so do nothing
-                    break;
+            if (chunk[i] !== CHAR_LF && chunk[i] !== CHAR_CR) {
+                this._drainPendingEmptyLines();
+                if (i < chunk.length - 1) {
+                    this.emptyLinesQueue.push(chunk.subarray(i + 1));
+                    chunk = chunk.subarray(0, i + 1);
                 }
+                foundNonLn = true;
+                break;
             }
+        }
+
+        if (!foundNonLn) {
+            this.emptyLinesQueue.push(chunk);
+            return;
+        }
 
-            if (i === 0) {
-                // reached to the beginning of the chunk, check if it is still about the ending
-                // and if the remainder also matches
-                if (
-                    (state === 'file' && (!this.remainder || /[\r\n]$/.test(this.remainder))) ||
-                    (state === 'line' && (!this.remainder || /[ \t]$/.test(this.remainder)))
-                ) {
-                    // keep everything
-                    this.remainder += chunk.toString('binary');
-                    return;
-                } else if (state === 'line' || state === 'file') {
-                    // process existing remainder as normal line but store the current chunk
-                    nextRemainder = chunk.toString('binary');
-                    chunk = false;
-                    break;
+        this._updateBodyHash(chunk);
+    }
+
+    fixLineBuffer(line) {
+        let resultLine = [];
+
+        let nonWspFound = false;
+        let prevWsp = false;
+
+        for (let i = line.length - 1; i >= 0; i--) {
+            if (line[i] === CHAR_LF) {
+                resultLine.unshift(line[i]);
+                if (i === 0 || line[i - 1] !== CHAR_CR) {
+                    // add missing carriage return
+                    resultLine.unshift(CHAR_CR);
                 }
+                continue;
             }
 
-            if (state !== 'body') {
+            if (line[i] === CHAR_CR) {
+                resultLine.unshift(line[i]);
+                continue;
+            }
+
+            if (line[i] === CHAR_SPACE || line[i] === CHAR_TAB) {
+                if (nonWspFound) {
+                    prevWsp = true;
+                }
                 continue;
             }
 
-            // reached first non ending byte
-            nextRemainder = chunk.slice(i + 1).toString('binary');
-            chunk = chunk.slice(0, i + 1);
-            break;
+            if (prevWsp) {
+                resultLine.unshift(CHAR_SPACE);
+                prevWsp = false;
+            }
+
+            nonWspFound = true;
+            resultLine.unshift(line[i]);
+        }
+
+        if (prevWsp && nonWspFound) {
+            resultLine.unshift(CHAR_SPACE);
+        }
+
+        return Buffer.from(resultLine);
+    }
+
+    update(chunk, final) {
+        this.byteLength += (chunk && chunk.length) || 0;
+        if (this.maxSizeReached) {
+            return;
         }
 
-        let needsFixing = !!this.remainder;
-        if (chunk && !needsFixing) {
-            // check if we even need to change anything
-            for (let i = 0, len = chunk.length; i < len; i++) {
-                if (i && chunk[i] === 0x0a && chunk[i - 1] !== 0x0d) {
-                    // missing \r before \n
-                    needsFixing = true;
-                    break;
-                } else if (i && chunk[i] === 0x0d && chunk[i - 1] === 0x20) {
-                    // trailing WSP found
-                    needsFixing = true;
-                    break;
-                } else if (i && chunk[i] === 0x20 && chunk[i - 1] === 0x20) {
-                    // multiple spaces found, needs to be replaced with just one
-                    needsFixing = true;
-                    break;
-                } else if (chunk[i] === 0x09) {
-                    // TAB found, needs to be replaced with a space
-                    needsFixing = true;
-                    break;
+        // Canonicalize content by applying a and b in order:
+        // a.1. Ignore all whitespace at the end of lines.
+        // a.2. Reduce all sequences of WSP within a line to a single SP character.
+
+        // b.1. Ignore all empty lines at the end of the message body.
+        // b.2. If the body is non-empty but does not end with a CRLF, a CRLF is added.
+
+        let lineEndPos = -1;
+        let lineNeedsFixing = false;
+        let cursorPos = 0;
+
+        if (this.remainder && this.remainder.length) {
+            if (chunk) {
+                // concatting chunks might be bad for performance :S
+                chunk = Buffer.concat([this.remainder, chunk]);
+            } else {
+                chunk = this.remainder;
+            }
+            this.remainder = false;
+        }
+
+        if (chunk && chunk.length) {
+            for (let pos = 0; pos < chunk.length; pos++) {
+                switch (chunk[pos]) {
+                    case CHAR_LF:
+                        if (
+                            !lineNeedsFixing &&
+                            // previous character is not <CR>
+                            ((pos >= 1 && chunk[pos - 1] !== CHAR_CR) ||
+                                // LF is the first byte on the line
+                                pos === 0 ||
+                                // there's a space before line break
+                                (pos >= 2 && chunk[pos - 1] === CHAR_CR && chunk[pos - 2] === CHAR_SPACE))
+                        ) {
+                            lineNeedsFixing = true;
+                        }
+
+                        // line break
+                        if (lineNeedsFixing) {
+                            // emit pending bytes up to the last line break before current line
+                            if (lineEndPos >= 0 && lineEndPos >= cursorPos) {
+                                let chunkPart = chunk.subarray(cursorPos, lineEndPos + 1);
+                                this._pushBodyHash(chunkPart);
+                            }
+
+                            let line = chunk.subarray(lineEndPos + 1, pos + 1);
+                            this._pushBodyHash(this.fixLineBuffer(line));
+
+                            lineNeedsFixing = false;
+
+                            // move cursor to the start of next line
+                            cursorPos = pos + 1;
+                        }
+
+                        lineEndPos = pos;
+
+                        break;
+
+                    case CHAR_SPACE:
+                        if (!lineNeedsFixing && pos && chunk[pos - 1] === CHAR_SPACE) {
+                            lineNeedsFixing = true;
+                        }
+                        break;
+
+                    case CHAR_TAB:
+                        // non-space WSP always needs replacing
+                        lineNeedsFixing = true;
+                        break;
+
+                    default:
                 }
             }
         }
 
-        if (needsFixing) {
-            bodyStr = this.remainder + (chunk ? chunk.toString('binary') : '');
-            this.remainder = nextRemainder;
-            bodyStr = bodyStr
-                .replace(/\r?\n/g, '\n') // use js line endings
-                .replace(/[ \t]*$/gm, '') // remove line endings, rtrim
-                .replace(/[ \t]+/gm, ' ') // single spaces
-                .replace(/\n/g, '\r\n'); // restore rfc822 line endings
-            chunk = Buffer.from(bodyStr, 'binary');
-        } else if (nextRemainder) {
-            this.remainder = nextRemainder;
+        if (chunk && cursorPos < chunk.length && cursorPos !== lineEndPos) {
+            // emit data from chunk
+
+            let chunkPart = chunk.subarray(cursorPos, lineEndPos + 1);
+
+            if (chunkPart.length) {
+                this._pushBodyHash(lineNeedsFixing ? this.fixLineBuffer(chunkPart) : chunkPart);
+                lineNeedsFixing = false;
+            }
+
+            cursorPos = lineEndPos + 1;
         }
 
-        this._updateBodyHash(chunk);
+        if (chunk && !final && cursorPos < chunk.length) {
+            this.remainder = chunk.subarray(cursorPos);
+        }
+
+        if (final) {
+            let chunkPart = (cursorPos && chunk && chunk.subarray(cursorPos)) || chunk;
+            if (chunkPart && chunkPart.length) {
+                this._pushBodyHash(lineNeedsFixing ? this.fixLineBuffer(chunkPart) : chunkPart);
+                lineNeedsFixing = false;
+            }
+
+            if (this.bodyHashedBytes) {
+                // terminating line break for non-empty messages
+                this._updateBodyHash(Buffer.from([CHAR_CR, CHAR_LF]));
+            }
+        }
     }
 
     digest(encoding) {
-        if (/[\r\n]$/.test(this.remainder) && this.bodyHashedBytes > 0) {
-            // add terminating line end
-            this._updateBodyHash(Buffer.from('\r\n'));
-        }
+        this.update(null, true);
 
         // finalize
         return this.bodyHash.digest(encoding);
@@ -156,3 +266,27 @@ class RelaxedHash {
 }
 
 module.exports = { RelaxedHash };
+
+/*
+let fs = require('fs');
+
+const getBody = message => {
+    message = message.toString('binary');
+    let match = message.match(/\r?\n\r?\n/);
+    if (match) {
+        message = message.substr(match.index + match[0].length);
+    }
+    return Buffer.from(message, 'binary');
+};
+
+let s = fs.readFileSync(process.argv[2]);
+
+let k = new RelaxedHash('rsa-sha256', -1);
+
+for (let byte of getBody(s)) {
+    k.update(Buffer.from([byte]));
+}
+
+console.error(k.digest('base64'));
+console.error(k.byteLength, k.bodyHashedBytes);
+*/

package/lib/dkim/body/simple.js

@@ -22,6 +22,8 @@ class SimpleHash {
 
         this.bodyHashedBytes = 0;
         this.maxBodyLength = maxBodyLength;
+
+        this.lastNewline = false;
     }
 
     _updateBodyHash(chunk) {
@@ -42,6 +44,8 @@ class SimpleHash {
 
         this.bodyHashedBytes += chunk.length;
         this.bodyHash.update(chunk);
+
+        //process.stdout.write(chunk);
     }
 
     update(chunk) {
@@ -81,10 +85,11 @@ class SimpleHash {
         }
 
         this._updateBodyHash(chunk);
+        this.lastNewline = chunk[chunk.length - 1] === 0x0a;
     }
 
     digest(encoding) {
-        if (this.remainder.length || !this.bodyHashedBytes) {
+        if (!this.lastNewline || !this.bodyHashedBytes) {
             // emit empty line buffer to keep the stream flowing
             this._updateBodyHash(Buffer.from('\r\n'));
         }

package/lib/dkim/dkim-verifier.js

@@ -1,6 +1,6 @@
 'use strict';
 
-const { getSigningHeaderLines, getPublicKey, parseDkimHeaders, formatAuthHeaderRow, getAligment } = require('../../lib/tools');
+const { getSigningHeaderLines, getPublicKey, parseDkimHeaders, formatAuthHeaderRow, getAlignment } = require('../../lib/tools');
 const { MessageParser } = require('./message-parser');
 const { dkimBody } = require('./body');
 const { generateCanonicalizedHeader } = require('./header');
@@ -195,7 +195,7 @@ class DkimVerifier extends MessageParser {
                 };
 
                 if (signatureHeader.type === 'DKIM' && this.headerFrom?.length) {
-                    status.aligned = this.headerFrom?.length ? getAligment(this.headerFrom[0].split('@').pop(), [signatureHeader.signingDomain]) : false;
+                    status.aligned = this.headerFrom?.length ? getAlignment(this.headerFrom[0].split('@').pop(), [signatureHeader.signingDomain]) : false;
                 }
 
                 let bodyHash = this.bodyHashes.get(signatureHeader.bodyHashKey)?.hash;

package/lib/dmarc/verify.js

@@ -3,7 +3,7 @@
 const dns = require('dns').promises;
 const punycode = require('punycode/');
 const psl = require('psl');
-const { formatAuthHeaderRow, getAligment } = require('../tools');
+const { formatAuthHeaderRow, getAlignment } = require('../tools');
 
 const resolveTxt = async (domain, resolver) => {
     try {
@@ -146,8 +146,8 @@ const verifyDmarc = async opts => {
     // use "sp" if this is a subdomain of an org domain and "sp" is set, otherwise use "p"
     const policy = dmarcRecord.isOrgRecord && dmarcRecord.sp ? dmarcRecord.sp : dmarcRecord.p;
 
-    const dkimAlignment = getAligment(domain, dkimDomains, { strict: dmarcRecord.adkim === 's' });
-    const spfAlignment = getAligment(domain, spfDomains, { strict: dmarcRecord.aspf === 's' });
+    const dkimAlignment = getAlignment(domain, dkimDomains, { strict: dmarcRecord.adkim === 's' });
+    const spfAlignment = getAlignment(domain, spfDomains, { strict: dmarcRecord.aspf === 's' });
 
     if (dkimAlignment || spfAlignment) {
         // pass
@@ -164,7 +164,12 @@ const verifyDmarc = async opts => {
         p: dmarcRecord.p,
         sp: dmarcRecord.sp || dmarcRecord.p,
         pct: dmarcRecord.pct,
-        rr: dmarcRecord.rr
+        rr: dmarcRecord.rr,
+
+        alignment: {
+            spf: { result: spfAlignment, strict: dmarcRecord.aspf === 's' },
+            dkim: { result: dkimAlignment, strict: dmarcRecord.adkim === 's' }
+        }
     });
 };
 

package/lib/mailauth.js

@@ -6,6 +6,7 @@ const { dmarc } = require('./dmarc');
 const { arc, createSeal } = require('./arc');
 const { bimi } = require('./bimi');
 const { parseReceived } = require('./parse-received');
+const { sealMessage } = require('./arc');
 const libmime = require('libmime');
 const os = require('os');
 const { isIP } = require('net');
@@ -179,4 +180,4 @@ const authenticate = async (input, opts) => {
     };
 };
 
-module.exports = { authenticate };
+module.exports = { authenticate, sealMessage };

package/lib/spf/spf-verify.js

@@ -15,7 +15,7 @@ const matchIp = (addr, range) => {
     }
 };
 
-const parseCidrValue = (val, defaultValue) => {
+const parseCidrValue = (val, defaultValue, type) => {
     val = val || '';
     let domain = '';
     let cidr4 = '';
@@ -29,8 +29,15 @@ const parseCidrValue = (val, defaultValue) => {
             throw err;
         }
         domain = cidrMatch[1] || '';
+
         cidr4 = cidrMatch[2] ? Number(cidrMatch[2].substr(1)) : '';
         cidr6 = cidrMatch[3] ? Number(cidrMatch[3].substr(2)) : '';
+
+        if (type === 'ip6' && cidr4 && !cidr6) {
+            // there is no dual cidr for IP addresses
+            cidr6 = cidr4;
+            cidr4 = '';
+        }
     }
 
     domain = domain.toLowerCase().trim() || defaultValue;
@@ -270,7 +277,7 @@ const spfVerify = async (domain, opts) => {
                 case 'ip4':
                 case 'ip6':
                     {
-                        let { domain: range, cidr4, cidr6 } = parseCidrValue(val);
+                        let { domain: range, cidr4, cidr6 } = parseCidrValue(val, false, type);
                         if (!range) {
                             let err = new Error('SPF failure');
                             err.spfResult = { error: 'permerror', text: `bare IP address` };
@@ -315,7 +322,7 @@ const spfVerify = async (domain, opts) => {
 
                 case 'a':
                     {
-                        let { domain: a, cidr4, cidr6 } = parseCidrValue(val, domain);
+                        let { domain: a, cidr4, cidr6 } = parseCidrValue(val, domain, type);
                         let cidr = net.isIPv6(opts.ip) ? cidr6 : cidr4;
 
                         a = macro(a, opts);
@@ -339,7 +346,7 @@ const spfVerify = async (domain, opts) => {
 
                 case 'mx':
                     {
-                        let { domain: mxDomain, cidr4, cidr6 } = parseCidrValue(val, domain);
+                        let { domain: mxDomain, cidr4, cidr6 } = parseCidrValue(val, domain, type);
                         let cidr = net.isIPv6(opts.ip) ? cidr6 : cidr4;
 
                         try {

package/lib/tools.js

@@ -429,7 +429,7 @@ const formatDomain = domain => {
     return domain;
 };
 
-const getAligment = (fromDomain, domainList, strict) => {
+const getAlignment = (fromDomain, domainList, strict) => {
     domainList = [].concat(domainList || []);
     if (strict) {
         fromDomain = formatDomain(fromDomain);
@@ -530,7 +530,7 @@ module.exports = {
 
     validateAlgorithm,
 
-    getAligment,
+    getAlignment,
 
     formatRelaxedLine,
 

package/licenses.txt

@@ -1,11 +1,11 @@
 name        license type               link                                              installed version  author
 ----        ------------               ----                                              -----------------  ------
-@fidm/x509  MIT                        git+ssh://git@github.com/fidm/x509.git            1.2.1              n/a
-ipaddr.js   MIT                        git://github.com/whitequark/ipaddr.js.git         2.0.1              whitequark
-joi         BSD-3-Clause               git://github.com/sideway/joi.git                  17.5.0             n/a
-libmime     MIT                        git://github.com/andris9/libmime.git              5.0.0              Andris Reinman
-node-forge  (BSD-3-Clause OR GPL-2.0)  git+https://github.com/digitalbazaar/forge.git    1.2.1              Digital Bazaar, Inc.
-nodemailer  MIT                        git+https://github.com/nodemailer/nodemailer.git  6.7.2              Andris Reinman
-psl         MIT                        git+ssh://git@github.com/lupomontero/psl.git      1.8.0              Lupo Montero
-punycode    MIT                        git+https://github.com/bestiejs/punycode.js.git   2.1.1              Mathias Bynens
-yargs       MIT                        git+https://github.com/yargs/yargs.git            17.3.1             n/a
+@fidm/x509  MIT                        git+ssh://git@github.com/fidm/x509.git            1.2.1
+ipaddr.js   MIT                        git://github.com/whitequark/ipaddr.js.git         2.0.1              whitequark whitequark@whitequark.org
+joi         BSD-3-Clause               git://github.com/sideway/joi.git                  17.6.0
+libmime     MIT                        git://github.com/andris9/libmime.git              5.1.0              Andris Reinman andris@kreata.ee
+node-forge  (BSD-3-Clause OR GPL-2.0)  git+https://github.com/digitalbazaar/forge.git    1.3.1              Digital Bazaar, Inc. support@digitalbazaar.com http://digitalbazaar.com/
+nodemailer  MIT                        git+https://github.com/nodemailer/nodemailer.git  6.7.5              Andris Reinman
+psl         MIT                        git+ssh://git@github.com/lupomontero/psl.git      1.8.0              Lupo Montero lupomontero@gmail.com https://lupomontero.com/
+punycode    MIT                        git+https://github.com/bestiejs/punycode.js.git   2.1.1              Mathias Bynens https://mathiasbynens.be/
+yargs       MIT                        git+https://github.com/yargs/yargs.git            17.5.0

package/man/mailauth.1

@@ -1,4 +1,4 @@
-.TH "MAILAUTH" "1" "January 2022" "v2.3.0" "Mailauth Help"
+.TH "MAILAUTH" "1" "June 2022" "v2.3.3" "Mailauth Help"
 .SH "NAME"
 \fBmailauth\fR
 .QP

package/package.json

@@ -1,13 +1,14 @@
 {
     "name": "mailauth",
-    "version": "2.3.1",
+    "version": "2.3.4",
     "description": "Email authentication library for Node.js",
     "main": "lib/mailauth.js",
     "scripts": {
         "test": "eslint \"lib/**/*.js\" \"test/**/*.js\" && mocha --recursive \"./test/**/*.js\" --reporter spec",
         "prepublish": "npm run man || true",
         "man": "cd man && marked-man --version `node -e \"console.log('v'+require('../package.json').version)\"` --manual 'Mailauth Help' --section 1 man.md > mailauth.1",
-        "build-dist": "npm run man && npm run licenses && pkg --compress Brotli package.json",
+        "build-source": "rm -rf node_modules package-lock.json && npm install && npm run man && npm run licenses && rm -rf node_modules package-lock.json && npm install --production && rm -rf package-lock.json",
+        "build-dist": "npx pkg --compress Brotli package.json && rm -rf package-lock.json && npm install",
         "licenses": "license-report --only=prod --output=table --config license-report-config.json > licenses.txt"
     },
     "repository": {
@@ -31,28 +32,28 @@
     },
     "homepage": "https://github.com/postalsys/mailauth",
     "devDependencies": {
-        "chai": "4.3.4",
-        "eslint": "8.7.0",
+        "chai": "4.3.6",
+        "eslint": "8.17.0",
         "eslint-config-nodemailer": "1.2.0",
-        "eslint-config-prettier": "8.3.0",
+        "eslint-config-prettier": "8.5.0",
         "js-yaml": "4.1.0",
-        "license-report": "4.5.0",
+        "license-report": "5.0.2",
         "marked": "0.7.0",
         "marked-man": "0.7.0",
         "mbox-reader": "1.1.5",
-        "mocha": "9.1.4",
-        "pkg": "5.5.2"
+        "mocha": "10.0.0",
+        "pkg": "5.7.0"
     },
     "dependencies": {
         "@fidm/x509": "1.2.1",
         "ipaddr.js": "2.0.1",
-        "joi": "17.5.0",
-        "libmime": "5.0.0",
-        "node-forge": "1.2.1",
-        "nodemailer": "6.7.2",
+        "joi": "17.6.0",
+        "libmime": "5.1.0",
+        "node-forge": "1.3.1",
+        "nodemailer": "6.7.5",
         "psl": "1.8.0",
         "punycode": "2.1.1",
-        "yargs": "17.3.1"
+        "yargs": "17.5.1"
     },
     "engines": {
         "node": ">=14.0.0"
@@ -64,17 +65,16 @@
         "man/mailauth.1"
     ],
     "pkg": {
-        "scripts": [
-            "workers/**/*.js"
-        ],
         "assets": [
             "man/**/*",
             "licenses.txt",
             "LICENSE.txt"
         ],
-        "_targets": [
-            "node16-macos-x64"
+        "targets": [
+            "node16-linux-x64",
+            "node16-macos-x64",
+            "node16-win-x64"
         ],
-        "outputPath": "dist"
+        "outputPath": "ee-dist"
     }
 }