npm - nlcurl - Versions diffs - 0.5.0 → 0.7.0 - Mend

nlcurl 0.5.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (178) hide show

package/README.md +41 -8
package/dist/cache/store.d.ts +89 -0
package/dist/cache/store.d.ts.map +1 -0
package/dist/cache/store.js +402 -0
package/dist/cache/store.js.map +1 -0
package/dist/cache/types.d.ts +101 -0
package/dist/cache/types.d.ts.map +1 -0
package/dist/cache/types.js +2 -0
package/dist/cache/types.js.map +1 -0
package/dist/cookies/jar.d.ts +20 -0
package/dist/cookies/jar.d.ts.map +1 -1
package/dist/cookies/jar.js +64 -10
package/dist/cookies/jar.js.map +1 -1
package/dist/cookies/parser.d.ts +2 -10
package/dist/cookies/parser.d.ts.map +1 -1
package/dist/cookies/parser.js +49 -2
package/dist/cookies/parser.js.map +1 -1
package/dist/cookies/psl-data.d.ts +12 -0
package/dist/cookies/psl-data.d.ts.map +1 -0
package/dist/cookies/psl-data.js +10166 -0
package/dist/cookies/psl-data.js.map +1 -0
package/dist/cookies/public-suffix.d.ts +37 -0
package/dist/cookies/public-suffix.d.ts.map +1 -0
package/dist/cookies/public-suffix.js +140 -0
package/dist/cookies/public-suffix.js.map +1 -0
package/dist/core/client.js +4 -0
package/dist/core/client.js.map +1 -1
package/dist/core/request.d.ts +73 -3
package/dist/core/request.d.ts.map +1 -1
package/dist/core/response.d.ts +22 -0
package/dist/core/response.d.ts.map +1 -1
package/dist/core/response.js +32 -0
package/dist/core/response.js.map +1 -1
package/dist/core/session.d.ts +23 -0
package/dist/core/session.d.ts.map +1 -1
package/dist/core/session.js +108 -4
package/dist/core/session.js.map +1 -1
package/dist/core/validation.d.ts +11 -0
package/dist/core/validation.d.ts.map +1 -1
package/dist/core/validation.js +22 -1
package/dist/core/validation.js.map +1 -1
package/dist/dns/codec.d.ts +37 -0
package/dist/dns/codec.d.ts.map +1 -0
package/dist/dns/codec.js +254 -0
package/dist/dns/codec.js.map +1 -0
package/dist/dns/doh-resolver.d.ts +52 -0
package/dist/dns/doh-resolver.d.ts.map +1 -0
package/dist/dns/doh-resolver.js +192 -0
package/dist/dns/doh-resolver.js.map +1 -0
package/dist/dns/https-rr.d.ts +51 -0
package/dist/dns/https-rr.d.ts.map +1 -0
package/dist/dns/https-rr.js +127 -0
package/dist/dns/https-rr.js.map +1 -0
package/dist/dns/types.d.ts +110 -0
package/dist/dns/types.d.ts.map +1 -0
package/dist/dns/types.js +34 -0
package/dist/dns/types.js.map +1 -0
package/dist/hsts/store.d.ts +41 -0
package/dist/hsts/store.d.ts.map +1 -0
package/dist/hsts/store.js +171 -0
package/dist/hsts/store.js.map +1 -0
package/dist/hsts/types.d.ts +28 -0
package/dist/hsts/types.d.ts.map +1 -0
package/dist/hsts/types.js +2 -0
package/dist/hsts/types.js.map +1 -0
package/dist/http/alt-svc.d.ts +85 -0
package/dist/http/alt-svc.d.ts.map +1 -0
package/dist/http/alt-svc.js +220 -0
package/dist/http/alt-svc.js.map +1 -0
package/dist/http/form-data.d.ts +59 -0
package/dist/http/form-data.d.ts.map +1 -0
package/dist/http/form-data.js +90 -0
package/dist/http/form-data.js.map +1 -0
package/dist/http/h1/client.d.ts.map +1 -1
package/dist/http/h1/client.js +21 -3
package/dist/http/h1/client.js.map +1 -1
package/dist/http/h1/encoder.d.ts +17 -0
package/dist/http/h1/encoder.d.ts.map +1 -1
package/dist/http/h1/encoder.js +53 -5
package/dist/http/h1/encoder.js.map +1 -1
package/dist/http/h1/parser.d.ts.map +1 -1
package/dist/http/h1/parser.js +7 -1
package/dist/http/h1/parser.js.map +1 -1
package/dist/http/h2/client.d.ts.map +1 -1
package/dist/http/h2/client.js +58 -8
package/dist/http/h2/client.js.map +1 -1
package/dist/http/h2/hpack.d.ts +7 -0
package/dist/http/h2/hpack.d.ts.map +1 -1
package/dist/http/h2/hpack.js +13 -0
package/dist/http/h2/hpack.js.map +1 -1
package/dist/http/h3/detection.d.ts +17 -0
package/dist/http/h3/detection.d.ts.map +1 -0
package/dist/http/h3/detection.js +59 -0
package/dist/http/h3/detection.js.map +1 -0
package/dist/http/negotiator.d.ts +26 -1
package/dist/http/negotiator.d.ts.map +1 -1
package/dist/http/negotiator.js +93 -18
package/dist/http/negotiator.js.map +1 -1
package/dist/http/pool.d.ts +2 -2
package/dist/http/pool.d.ts.map +1 -1
package/dist/http/pool.js.map +1 -1
package/dist/index.d.ts +19 -1
package/dist/index.d.ts.map +1 -1
package/dist/index.js +14 -0
package/dist/index.js.map +1 -1
package/dist/middleware/rate-limiter.d.ts.map +1 -1
package/dist/middleware/rate-limiter.js +4 -0
package/dist/middleware/rate-limiter.js.map +1 -1
package/dist/middleware/retry.js +2 -2
package/dist/middleware/retry.js.map +1 -1
package/dist/proxy/env-proxy.d.ts +21 -0
package/dist/proxy/env-proxy.d.ts.map +1 -0
package/dist/proxy/env-proxy.js +74 -0
package/dist/proxy/env-proxy.js.map +1 -0
package/dist/proxy/http-proxy.d.ts +2 -0
package/dist/proxy/http-proxy.d.ts.map +1 -1
package/dist/proxy/http-proxy.js +29 -6
package/dist/proxy/http-proxy.js.map +1 -1
package/dist/proxy/socks.js +10 -1
package/dist/proxy/socks.js.map +1 -1
package/dist/sse/parser.d.ts +70 -0
package/dist/sse/parser.d.ts.map +1 -0
package/dist/sse/parser.js +153 -0
package/dist/sse/parser.js.map +1 -0
package/dist/tls/ech.d.ts +147 -0
package/dist/tls/ech.d.ts.map +1 -0
package/dist/tls/ech.js +401 -0
package/dist/tls/ech.js.map +1 -0
package/dist/tls/node-engine.d.ts +9 -1
package/dist/tls/node-engine.d.ts.map +1 -1
package/dist/tls/node-engine.js +54 -1
package/dist/tls/node-engine.js.map +1 -1
package/dist/tls/pin-verification.d.ts +9 -0
package/dist/tls/pin-verification.d.ts.map +1 -0
package/dist/tls/pin-verification.js +34 -0
package/dist/tls/pin-verification.js.map +1 -0
package/dist/tls/session-cache.d.ts +70 -0
package/dist/tls/session-cache.d.ts.map +1 -0
package/dist/tls/session-cache.js +80 -0
package/dist/tls/session-cache.js.map +1 -0
package/dist/tls/stealth/client-hello.d.ts +21 -0
package/dist/tls/stealth/client-hello.d.ts.map +1 -1
package/dist/tls/stealth/client-hello.js +116 -0
package/dist/tls/stealth/client-hello.js.map +1 -1
package/dist/tls/stealth/engine.d.ts.map +1 -1
package/dist/tls/stealth/engine.js +152 -30
package/dist/tls/stealth/engine.js.map +1 -1
package/dist/tls/stealth/handshake.d.ts +2 -1
package/dist/tls/stealth/handshake.d.ts.map +1 -1
package/dist/tls/stealth/handshake.js +118 -5
package/dist/tls/stealth/handshake.js.map +1 -1
package/dist/tls/stealth/tls12-handshake.d.ts +14 -0
package/dist/tls/stealth/tls12-handshake.d.ts.map +1 -0
package/dist/tls/stealth/tls12-handshake.js +462 -0
package/dist/tls/stealth/tls12-handshake.js.map +1 -0
package/dist/tls/types.d.ts +40 -0
package/dist/tls/types.d.ts.map +1 -1
package/dist/utils/encoding.d.ts +8 -6
package/dist/utils/encoding.d.ts.map +1 -1
package/dist/utils/encoding.js +92 -24
package/dist/utils/encoding.js.map +1 -1
package/dist/utils/happy-eyeballs.d.ts +3 -0
package/dist/utils/happy-eyeballs.d.ts.map +1 -1
package/dist/utils/happy-eyeballs.js +42 -2
package/dist/utils/happy-eyeballs.js.map +1 -1
package/dist/ws/client.d.ts +3 -0
package/dist/ws/client.d.ts.map +1 -1
package/dist/ws/client.js +63 -7
package/dist/ws/client.js.map +1 -1
package/dist/ws/frame.d.ts +4 -2
package/dist/ws/frame.d.ts.map +1 -1
package/dist/ws/frame.js +18 -18
package/dist/ws/frame.js.map +1 -1
package/dist/ws/permessage-deflate.d.ts +58 -0
package/dist/ws/permessage-deflate.d.ts.map +1 -0
package/dist/ws/permessage-deflate.js +148 -0
package/dist/ws/permessage-deflate.js.map +1 -0
package/package.json +3 -2

package/dist/dns/https-rr.js ADDED Viewed

@@ -0,0 +1,127 @@
+/**
+ * HTTPS Resource Record resolver (RFC 9460).
+ *
+ * Queries HTTPS/SVCB DNS records to discover:
+ * - ECH (Encrypted Client Hello) configuration keys
+ * - ALPN protocol hints (e.g. h2, h3)
+ * - IP address hints for faster connection setup
+ * - Port overrides
+ *
+ * Can use either the system DNS resolver (via `node:dns`) or a DoH
+ * resolver for encrypted queries.
+ *
+ * @see https://datatracker.ietf.org/doc/html/rfc9460
+ */
+import { Resolver } from "node:dns/promises";
+import { DoHResolver } from "./doh-resolver.js";
+import { parseSVCBRecord } from "./codec.js";
+import { RTYPE } from "./types.js";
+/**
+ * Resolver for HTTPS/SVCB DNS Resource Records (RFC 9460).
+ *
+ * Supports two modes:
+ * 1. **System DNS** — Uses `node:dns` (resolveAny or raw query).
+ * 2. **DoH** — Uses a DoHResolver for encrypted HTTPS-RR queries.
+ */
+export class HTTPSRRResolver {
+    dohResolver;
+    systemResolver;
+    constructor(dohConfig) {
+        if (dohConfig) {
+            this.dohResolver = new DoHResolver(dohConfig);
+        }
+        this.systemResolver = new Resolver();
+    }
+    /**
+     * Queries HTTPS records for a hostname and parses the results.
+     *
+     * @param hostname The domain to look up HTTPS records for.
+     * @param signal   Optional AbortSignal for cancellation.
+     * @returns Parsed HTTPS-RR result with SVCB params, or null if no records found.
+     */
+    async resolve(hostname, signal) {
+        try {
+            let svcbRecords;
+            if (this.dohResolver) {
+                svcbRecords = await this.resolveViaDoH(hostname, signal);
+            }
+            else {
+                svcbRecords = await this.resolveViaSystem(hostname);
+            }
+            if (svcbRecords.length === 0)
+                return null;
+            svcbRecords.sort((a, b) => a.priority - b.priority);
+            const serviceRecords = svcbRecords.filter((r) => r.priority > 0);
+            if (serviceRecords.length === 0)
+                return null;
+            const best = serviceRecords[0];
+            const addresses = [];
+            for (const rec of serviceRecords) {
+                if (rec.ipv4Hints) {
+                    for (const addr of rec.ipv4Hints) {
+                        addresses.push({ address: addr, family: 4 });
+                    }
+                }
+                if (rec.ipv6Hints) {
+                    for (const addr of rec.ipv6Hints) {
+                        addresses.push({ address: addr, family: 6 });
+                    }
+                }
+            }
+            const echRecord = serviceRecords.find((r) => r.echConfigList);
+            return {
+                svcb: svcbRecords,
+                echConfigList: echRecord?.echConfigList,
+                alpn: best.alpn,
+                addresses,
+                port: best.port,
+            };
+        }
+        catch {
+            return null;
+        }
+    }
+    /**
+     * Resolves HTTPS records via DoH.
+     */
+    async resolveViaDoH(hostname, signal) {
+        const records = await this.dohResolver.query(hostname, "HTTPS", signal);
+        return records.filter((r) => r.type === RTYPE.HTTPS || r.type === RTYPE.SVCB).map((r) => parseSVCBRecord(r.data));
+    }
+    /**
+     * Resolves HTTPS records via the system DNS resolver.
+     * Uses raw DNS query + decode since node:dns doesn't natively support type 65.
+     */
+    async resolveViaSystem(hostname) {
+        try {
+            const results = await this.systemResolver.resolve(hostname, "HTTPS").catch(() => []);
+            if (Array.isArray(results) && results.length > 0) {
+                return results.map((r) => this.parseNativeHTTPSRecord(r));
+            }
+        }
+        catch { }
+        return [];
+    }
+    /**
+     * Parses a native Node.js HTTPS DNS record into our SVCBRecord format.
+     * Node.js 22+ may return HTTPS records with a specific structure.
+     */
+    parseNativeHTTPSRecord(record) {
+        const result = {
+            priority: record.priority ?? 0,
+            target: record.target ?? "",
+        };
+        if (record.alpn)
+            result.alpn = Array.isArray(record.alpn) ? record.alpn : [record.alpn];
+        if (record.port)
+            result.port = record.port;
+        if (record.ipv4hint)
+            result.ipv4Hints = Array.isArray(record.ipv4hint) ? record.ipv4hint : [record.ipv4hint];
+        if (record.ipv6hint)
+            result.ipv6Hints = Array.isArray(record.ipv6hint) ? record.ipv6hint : [record.ipv6hint];
+        if (record.ech)
+            result.echConfigList = Buffer.isBuffer(record.ech) ? record.ech : Buffer.from(record.ech, "base64");
+        return result;
+    }
+}
+//# sourceMappingURL=https-rr.js.map

package/dist/dns/https-rr.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"https-rr.js","sourceRoot":"","sources":["../../src/dns/https-rr.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AACH,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAC7C,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAmC,eAAe,EAAiC,MAAM,YAAY,CAAC;AAC7G,OAAO,EAAE,KAAK,EAAyD,MAAM,YAAY,CAAC;AAkB1F;;;;;;GAMG;AACH,MAAM,OAAO,eAAe;IACT,WAAW,CAAe;IAC1B,cAAc,CAAW;IAE1C,YAAY,SAAqB;QAC/B,IAAI,SAAS,EAAE,CAAC;YACd,IAAI,CAAC,WAAW,GAAG,IAAI,WAAW,CAAC,SAAS,CAAC,CAAC;QAChD,CAAC;QACD,IAAI,CAAC,cAAc,GAAG,IAAI,QAAQ,EAAE,CAAC;IACvC,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,OAAO,CAAC,QAAgB,EAAE,MAAoB;QAClD,IAAI,CAAC;YACH,IAAI,WAAyB,CAAC;YAE9B,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBACrB,WAAW,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;YAC3D,CAAC;iBAAM,CAAC;gBACN,WAAW,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YACtD,CAAC;YAED,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,IAAI,CAAC;YAE1C,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC;YAEpD,MAAM,cAAc,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;YACjE,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,IAAI,CAAC;YAE7C,MAAM,IAAI,GAAG,cAAc,CAAC,CAAC,CAAE,CAAC;YAEhC,MAAM,SAAS,GAAsB,EAAE,CAAC;YACxC,KAAK,MAAM,GAAG,IAAI,cAAc,EAAE,CAAC;gBACjC,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;oBAClB,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;wBACjC,SAAS,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC;oBAC/C,CAAC;gBACH,CAAC;gBACD,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;oBAClB,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;wBACjC,SAAS,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC;oBAC/C,CAAC;gBACH,CAAC;YACH,CAAC;YAED,MAAM,SAAS,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC;YAE9D,OAAO;gBACL,IAAI,EAAE,WAAW;gBACjB,aAAa,EAAE,SAAS,EAAE,aAAa;gBACvC,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,SAAS;gBACT,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,aAAa,CAAC,QAAgB,EAAE,MAAoB;QAChE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;QACzE,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACpH,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,gBAAgB,CAAC,QAAgB;QAC7C,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAO,IAAI,CAAC,cAAsB,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YAC9F,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACjD,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC,CAAC;YACjE,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;QACV,OAAO,EAAE,CAAC;IACZ,CAAC;IAED;;;OAGG;IACK,sBAAsB,CAAC,MAAW;QACxC,MAAM,MAAM,GAAe;YACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,CAAC;YAC9B,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,EAAE;SAC5B,CAAC;QAEF,IAAI,MAAM,CAAC,IAAI;YAAE,MAAM,CAAC,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACxF,IAAI,MAAM,CAAC,IAAI;YAAE,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QAC3C,IAAI,MAAM,CAAC,QAAQ;YAAE,MAAM,CAAC,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC7G,IAAI,MAAM,CAAC,QAAQ;YAAE,MAAM,CAAC,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC7G,IAAI,MAAM,CAAC,GAAG;YAAE,MAAM,CAAC,aAAa,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAEpH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}

package/dist/dns/types.d.ts ADDED Viewed

@@ -0,0 +1,110 @@
+/**
+ * Type definitions for the DNS resolution subsystem, including DNS-over-HTTPS
+ * (RFC 8484), HTTPS/SVCB resource records (RFC 9460), and resolver interfaces.
+ */
+/**
+ * A resolved IP address entry.
+ */
+export interface ResolvedAddress {
+    address: string;
+    family: 4 | 6;
+}
+/**
+ * DNS query types used by the resolver.
+ */
+export type DNSRecordType = "A" | "AAAA" | "HTTPS" | "SVCB";
+/**
+ * A parsed DNS resource record.
+ */
+export interface DNSRecord {
+    name: string;
+    type: number;
+    ttl: number;
+    data: Buffer;
+}
+/**
+ * Wire-format DNS record type numbers.
+ */
+export declare const RTYPE: {
+    readonly A: 1;
+    readonly AAAA: 28;
+    readonly HTTPS: 65;
+    readonly SVCB: 64;
+};
+/**
+ * Wire-format DNS class numbers.
+ */
+export declare const RCLASS: {
+    readonly IN: 1;
+};
+/**
+ * SvcParam keys defined in RFC 9460 §14.3.
+ */
+export declare const SvcParamKey: {
+    readonly MANDATORY: 0;
+    readonly ALPN: 1;
+    readonly NO_DEFAULT_ALPN: 2;
+    readonly PORT: 3;
+    readonly IPV4HINT: 4;
+    readonly ECH: 5;
+    readonly IPV6HINT: 6;
+    /** draft-ietf-dnsop-svcb-https §14 — DNS-over-HTTPS path template */
+    readonly DOHPATH: 7;
+};
+/**
+ * Parsed HTTPS/SVCB record service parameters (RFC 9460).
+ */
+export interface SVCBRecord {
+    /** SvcPriority — 0 = AliasMode, >0 = ServiceMode. */
+    priority: number;
+    /** TargetName — the target domain (empty = use record owner). */
+    target: string;
+    /** ALPN protocol identifiers (e.g. ["h2", "h3"]). */
+    alpn?: string[];
+    /** TCP port override. */
+    port?: number;
+    /** IPv4 address hints. */
+    ipv4Hints?: string[];
+    /** IPv6 address hints. */
+    ipv6Hints?: string[];
+    /** ECH configuration (raw bytes). */
+    echConfigList?: Buffer;
+    /** Whether no-default-alpn is set. */
+    noDefaultAlpn?: boolean;
+}
+/**
+ * Configuration options for the DoH resolver.
+ */
+export interface DoHConfig {
+    /** DoH server URL (e.g. "https://1.1.1.1/dns-query"). */
+    server: string;
+    /**
+     * HTTP method for DoH queries.
+     * - `"GET"`: DNS wire-format base64url-encoded in `?dns=` query parameter.
+     * - `"POST"`: DNS wire-format in request body.
+     * @default "POST"
+     */
+    method?: "GET" | "POST";
+    /** Timeout in ms for each DoH query. @default 5000 */
+    timeout?: number;
+    /**
+     * Whether to bootstrap the DoH server address via system DNS if the
+     * server URL uses a hostname instead of an IP.
+     * @default true
+     */
+    bootstrap?: boolean;
+}
+/**
+ * Combined DNS configuration for the library.
+ */
+export interface DNSConfig {
+    /** DoH resolver configuration. When set, DNS queries use DNS-over-HTTPS. */
+    doh?: DoHConfig;
+    /**
+     * Whether to query HTTPS/SVCB records alongside A/AAAA.
+     * Enables ECH key discovery, ALPN hints, and IP hints.
+     * @default false
+     */
+    httpsRR?: boolean;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/dns/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/dns/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC;CACf;AAED;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,GAAG,GAAG,MAAM,GAAG,OAAO,GAAG,MAAM,CAAC;AAE5D;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;GAEG;AACH,eAAO,MAAM,KAAK;;;;;CAKR,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,MAAM;;CAET,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,WAAW;;;;;;;;IAQtB,qEAAqE;;CAE7D,CAAC;AAEX;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,qDAAqD;IACrD,QAAQ,EAAE,MAAM,CAAC;IACjB,iEAAiE;IACjE,MAAM,EAAE,MAAM,CAAC;IACf,qDAAqD;IACrD,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,yBAAyB;IACzB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,0BAA0B;IAC1B,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,0BAA0B;IAC1B,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,qCAAqC;IACrC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,sCAAsC;IACtC,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,yDAAyD;IACzD,MAAM,EAAE,MAAM,CAAC;IACf;;;;;OAKG;IACH,MAAM,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC;IACxB,sDAAsD;IACtD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;;OAIG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,4EAA4E;IAC5E,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB;;;;OAIG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB"}

package/dist/dns/types.js ADDED Viewed

@@ -0,0 +1,34 @@
+/**
+ * Type definitions for the DNS resolution subsystem, including DNS-over-HTTPS
+ * (RFC 8484), HTTPS/SVCB resource records (RFC 9460), and resolver interfaces.
+ */
+/**
+ * Wire-format DNS record type numbers.
+ */
+export const RTYPE = {
+    A: 1,
+    AAAA: 28,
+    HTTPS: 65,
+    SVCB: 64,
+};
+/**
+ * Wire-format DNS class numbers.
+ */
+export const RCLASS = {
+    IN: 1,
+};
+/**
+ * SvcParam keys defined in RFC 9460 §14.3.
+ */
+export const SvcParamKey = {
+    MANDATORY: 0,
+    ALPN: 1,
+    NO_DEFAULT_ALPN: 2,
+    PORT: 3,
+    IPV4HINT: 4,
+    ECH: 5,
+    IPV6HINT: 6,
+    /** draft-ietf-dnsop-svcb-https §14 — DNS-over-HTTPS path template */
+    DOHPATH: 7,
+};
+//# sourceMappingURL=types.js.map

package/dist/dns/types.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/dns/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAyBH;;GAEG;AACH,MAAM,CAAC,MAAM,KAAK,GAAG;IACnB,CAAC,EAAE,CAAC;IACJ,IAAI,EAAE,EAAE;IACR,KAAK,EAAE,EAAE;IACT,IAAI,EAAE,EAAE;CACA,CAAC;AAEX;;GAEG;AACH,MAAM,CAAC,MAAM,MAAM,GAAG;IACpB,EAAE,EAAE,CAAC;CACG,CAAC;AAEX;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,SAAS,EAAE,CAAC;IACZ,IAAI,EAAE,CAAC;IACP,eAAe,EAAE,CAAC;IAClB,IAAI,EAAE,CAAC;IACP,QAAQ,EAAE,CAAC;IACX,GAAG,EAAE,CAAC;IACN,QAAQ,EAAE,CAAC;IACX,qEAAqE;IACrE,OAAO,EAAE,CAAC;CACF,CAAC"}

package/dist/hsts/store.d.ts ADDED Viewed

@@ -0,0 +1,41 @@
+import type { HSTSConfig } from "./types.js";
+/**
+ * In-memory HSTS policy store implementing RFC 6797.
+ *
+ * Parses `Strict-Transport-Security` response headers, stores per-host policies,
+ * and upgrades `http://` URLs to `https://` when an active policy matches.
+ */
+export declare class HSTSStore {
+    private readonly policies;
+    constructor(config?: HSTSConfig);
+    /**
+     * Seeds a preload entry with a very long max-age (20 years).
+     */
+    private addPreload;
+    /**
+     * Parses a `Strict-Transport-Security` header value and stores the policy.
+     * Only processes headers received over a secure (HTTPS) connection, as
+     * required by RFC 6797 §8.1.
+     *
+     * @param host     - The hostname from the request URL.
+     * @param value    - The raw STS header value (e.g. `"max-age=31536000; includeSubDomains"`).
+     * @param isSecure - Whether the response was received over HTTPS.
+     */
+    parseHeader(host: string, value: string, isSecure: boolean): void;
+    /**
+     * Checks whether the given host has an active HSTS policy, either via
+     * congruent match or superdomain match with `includeSubDomains`.
+     */
+    isSecure(host: string): boolean;
+    /**
+     * If there is an active HSTS policy for the host in the given URL,
+     * upgrades the scheme from `http:` to `https:`. Returns the original
+     * URL string if no upgrade is needed.
+     */
+    upgradeURL(urlString: string): string;
+    /** Returns the number of active policies stored. */
+    get size(): number;
+    /** Clears all stored policies. */
+    clear(): void;
+}
+//# sourceMappingURL=store.d.ts.map

package/dist/hsts/store.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"store.d.ts","sourceRoot":"","sources":["../../src/hsts/store.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAA+B,MAAM,YAAY,CAAC;AAE1E;;;;;GAKG;AACH,qBAAa,SAAS;IACpB,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAgC;gBAE7C,MAAM,CAAC,EAAE,UAAU;IAQ/B;;OAEG;IACH,OAAO,CAAC,UAAU;IAUlB;;;;;;;;OAQG;IACH,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,GAAG,IAAI;IA2BjE;;;OAGG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAwB/B;;;;OAIG;IACH,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM;IAkBrC,oDAAoD;IACpD,IAAI,IAAI,IAAI,MAAM,CAEjB;IAED,kCAAkC;IAClC,KAAK,IAAI,IAAI;CAGd"}

package/dist/hsts/store.js ADDED Viewed

@@ -0,0 +1,171 @@
+/**
+ * In-memory HSTS policy store implementing RFC 6797.
+ *
+ * Parses `Strict-Transport-Security` response headers, stores per-host policies,
+ * and upgrades `http://` URLs to `https://` when an active policy matches.
+ */
+export class HSTSStore {
+    policies = new Map();
+    constructor(config) {
+        if (config?.preload) {
+            for (const entry of config.preload) {
+                this.addPreload(entry);
+            }
+        }
+    }
+    /**
+     * Seeds a preload entry with a very long max-age (20 years).
+     */
+    addPreload(entry) {
+        const host = canonicalizeHost(entry.host);
+        if (!host)
+            return;
+        this.policies.set(host, {
+            host,
+            expires: Date.now() + 20 * 365 * 24 * 60 * 60 * 1000,
+            includeSubDomains: entry.includeSubDomains ?? false,
+        });
+    }
+    /**
+     * Parses a `Strict-Transport-Security` header value and stores the policy.
+     * Only processes headers received over a secure (HTTPS) connection, as
+     * required by RFC 6797 §8.1.
+     *
+     * @param host     - The hostname from the request URL.
+     * @param value    - The raw STS header value (e.g. `"max-age=31536000; includeSubDomains"`).
+     * @param isSecure - Whether the response was received over HTTPS.
+     */
+    parseHeader(host, value, isSecure) {
+        if (!isSecure)
+            return;
+        const canonical = canonicalizeHost(host);
+        if (!canonical)
+            return;
+        if (isIPAddress(canonical))
+            return;
+        const directives = parseDirectives(value);
+        const maxAgeStr = directives.get("max-age");
+        if (maxAgeStr === undefined)
+            return;
+        const maxAge = parseInt(maxAgeStr, 10);
+        if (!Number.isFinite(maxAge) || maxAge < 0)
+            return;
+        if (maxAge === 0) {
+            this.policies.delete(canonical);
+            return;
+        }
+        this.policies.set(canonical, {
+            host: canonical,
+            expires: Date.now() + maxAge * 1000,
+            includeSubDomains: directives.has("includesubdomains"),
+        });
+    }
+    /**
+     * Checks whether the given host has an active HSTS policy, either via
+     * congruent match or superdomain match with `includeSubDomains`.
+     */
+    isSecure(host) {
+        const canonical = canonicalizeHost(host);
+        if (!canonical)
+            return false;
+        if (isIPAddress(canonical))
+            return false;
+        const exact = this.policies.get(canonical);
+        if (exact) {
+            if (Date.now() < exact.expires)
+                return true;
+            this.policies.delete(canonical);
+        }
+        const parts = canonical.split(".");
+        for (let i = 1; i < parts.length; i++) {
+            const parent = parts.slice(i).join(".");
+            const entry = this.policies.get(parent);
+            if (entry && entry.includeSubDomains) {
+                if (Date.now() < entry.expires)
+                    return true;
+                this.policies.delete(parent);
+            }
+        }
+        return false;
+    }
+    /**
+     * If there is an active HSTS policy for the host in the given URL,
+     * upgrades the scheme from `http:` to `https:`. Returns the original
+     * URL string if no upgrade is needed.
+     */
+    upgradeURL(urlString) {
+        let parsed;
+        try {
+            parsed = new URL(urlString);
+        }
+        catch {
+            return urlString;
+        }
+        if (parsed.protocol !== "http:")
+            return urlString;
+        if (this.isSecure(parsed.hostname)) {
+            parsed.protocol = "https:";
+            return parsed.toString();
+        }
+        return urlString;
+    }
+    /** Returns the number of active policies stored. */
+    get size() {
+        return this.policies.size;
+    }
+    /** Clears all stored policies. */
+    clear() {
+        this.policies.clear();
+    }
+}
+/** Lowercases the host and strips a trailing dot. */
+function canonicalizeHost(host) {
+    let h = host.toLowerCase().trim();
+    if (h.endsWith("."))
+        h = h.slice(0, -1);
+    return h;
+}
+/** Returns `true` if the string looks like an IPv4 or IPv6 address. */
+function isIPAddress(host) {
+    if (host.startsWith("["))
+        return true;
+    const parts = host.split(".");
+    if (parts.length === 4 &&
+        parts.every((p) => {
+            if (!/^\d{1,3}$/.test(p))
+                return false;
+            const n = parseInt(p, 10);
+            return n >= 0 && n <= 255;
+        }))
+        return true;
+    if (host.includes(":"))
+        return true;
+    return false;
+}
+/**
+ * Parses the STS header value into a case-insensitive directive map.
+ * Directive names are lowercased; quoted string values are unquoted.
+ */
+function parseDirectives(value) {
+    const directives = new Map();
+    const parts = value.split(";");
+    for (const part of parts) {
+        const trimmed = part.trim();
+        if (!trimmed)
+            continue;
+        const eqIdx = trimmed.indexOf("=");
+        if (eqIdx === -1) {
+            directives.set(trimmed.toLowerCase(), "");
+        }
+        else {
+            const name = trimmed.slice(0, eqIdx).trim().toLowerCase();
+            let val = trimmed.slice(eqIdx + 1).trim();
+            if (val.startsWith('"') && val.endsWith('"')) {
+                val = val.slice(1, -1);
+            }
+            directives.set(name, val);
+        }
+    }
+    return directives;
+}
+//# sourceMappingURL=store.js.map

package/dist/hsts/store.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"store.js","sourceRoot":"","sources":["../../src/hsts/store.ts"],"names":[],"mappings":"AAEA;;;;;GAKG;AACH,MAAM,OAAO,SAAS;IACH,QAAQ,GAAG,IAAI,GAAG,EAAqB,CAAC;IAEzD,YAAY,MAAmB;QAC7B,IAAI,MAAM,EAAE,OAAO,EAAE,CAAC;YACpB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACK,UAAU,CAAC,KAAuB;QACxC,MAAM,IAAI,GAAG,gBAAgB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC1C,IAAI,CAAC,IAAI;YAAE,OAAO;QAClB,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE;YACtB,IAAI;YACJ,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;YACpD,iBAAiB,EAAE,KAAK,CAAC,iBAAiB,IAAI,KAAK;SACpD,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;OAQG;IACH,WAAW,CAAC,IAAY,EAAE,KAAa,EAAE,QAAiB;QACxD,IAAI,CAAC,QAAQ;YAAE,OAAO;QAEtB,MAAM,SAAS,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;QACzC,IAAI,CAAC,SAAS;YAAE,OAAO;QAEvB,IAAI,WAAW,CAAC,SAAS,CAAC;YAAE,OAAO;QAEnC,MAAM,UAAU,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;QAC1C,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC5C,IAAI,SAAS,KAAK,SAAS;YAAE,OAAO;QAEpC,MAAM,MAAM,GAAG,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QACvC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,MAAM,GAAG,CAAC;YAAE,OAAO;QAEnD,IAAI,MAAM,KAAK,CAAC,EAAE,CAAC;YACjB,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAChC,OAAO;QACT,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE;YAC3B,IAAI,EAAE,SAAS;YACf,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,GAAG,IAAI;YACnC,iBAAiB,EAAE,UAAU,CAAC,GAAG,CAAC,mBAAmB,CAAC;SACvD,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACH,QAAQ,CAAC,IAAY;QACnB,MAAM,SAAS,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;QACzC,IAAI,CAAC,SAAS;YAAE,OAAO,KAAK,CAAC;QAC7B,IAAI,WAAW,CAAC,SAAS,CAAC;YAAE,OAAO,KAAK,CAAC;QAEzC,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC3C,IAAI,KAAK,EAAE,CAAC;YACV,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,OAAO;gBAAE,OAAO,IAAI,CAAC;YAC5C,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAClC,CAAC;QAED,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACxC,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YACxC,IAAI,KAAK,IAAI,KAAK,CAAC,iBAAiB,EAAE,CAAC;gBACrC,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,OAAO;oBAAE,OAAO,IAAI,CAAC;gBAC5C,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;OAIG;IACH,UAAU,CAAC,SAAiB;QAC1B,IAAI,MAAW,CAAC;QAChB,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;QAC9B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO;YAAE,OAAO,SAAS,CAAC;QAElD,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YACnC,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAC3B,OAAO,MAAM,CAAC,QAAQ,EAAE,CAAC;QAC3B,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,oDAAoD;IACpD,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC5B,CAAC;IAED,kCAAkC;IAClC,KAAK;QACH,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;IACxB,CAAC;CACF;AAED,qDAAqD;AACrD,SAAS,gBAAgB,CAAC,IAAY;IACpC,IAAI,CAAC,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;IAClC,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IACxC,OAAO,CAAC,CAAC;AACX,CAAC;AAED,uEAAuE;AACvE,SAAS,WAAW,CAAC,IAAY;IAC/B,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACtC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,IACE,KAAK,CAAC,MAAM,KAAK,CAAC;QAClB,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;YAChB,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC;gBAAE,OAAO,KAAK,CAAC;YACvC,MAAM,CAAC,GAAG,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC1B,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC;QAC5B,CAAC,CAAC;QAEF,OAAO,IAAI,CAAC;IACd,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACpC,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,KAAa;IACpC,MAAM,UAAU,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC7C,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO;YAAE,SAAS;QACvB,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,KAAK,KAAK,CAAC,CAAC,EAAE,CAAC;YACjB,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,EAAE,CAAC,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;YAC1D,IAAI,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC1C,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC7C,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YACzB,CAAC;YACD,UAAU,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC"}

package/dist/hsts/types.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+/**
+ * Configuration for HTTP Strict Transport Security (RFC 6797).
+ */
+export interface HSTSConfig {
+    /** Enable HSTS policy enforcement. Defaults to `true` when an HSTSStore is provided. */
+    enabled?: boolean;
+    /** Optional preload entries to seed the store with known HSTS hosts. */
+    preload?: HSTSPreloadEntry[];
+}
+/**
+ * A preload entry for seeding the HSTS store with known-secure hosts.
+ */
+export interface HSTSPreloadEntry {
+    host: string;
+    includeSubDomains?: boolean;
+}
+/**
+ * Internal representation of a stored HSTS policy for a single host.
+ */
+export interface HSTSEntry {
+    /** The canonicalized hostname (lowercase, no trailing dot). */
+    host: string;
+    /** Absolute timestamp (ms since epoch) when this policy expires. */
+    expires: number;
+    /** Whether the policy applies to all subdomains of the host. */
+    includeSubDomains: boolean;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/hsts/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/hsts/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,wFAAwF;IACxF,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,wEAAwE;IACxE,OAAO,CAAC,EAAE,gBAAgB,EAAE,CAAC;CAC9B;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,+DAA+D;IAC/D,IAAI,EAAE,MAAM,CAAC;IACb,oEAAoE;IACpE,OAAO,EAAE,MAAM,CAAC;IAChB,gEAAgE;IAChE,iBAAiB,EAAE,OAAO,CAAC;CAC5B"}

package/dist/hsts/types.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=types.js.map

package/dist/hsts/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/hsts/types.ts"],"names":[],"mappings":""}

package/dist/http/alt-svc.d.ts ADDED Viewed

@@ -0,0 +1,85 @@
+/**
+ * Alt-Svc (Alternative Services) implementation per RFC 7838.
+ *
+ * Parses `Alt-Svc` response headers and maintains a store of alternative
+ * service entries. This is the primary mechanism for HTTP/3 discovery:
+ * servers advertise `h3=":443"` in Alt-Svc to indicate QUIC availability.
+ *
+ * @see https://datatracker.ietf.org/doc/html/rfc7838
+ */
+/**
+ * A single alternative service entry parsed from an Alt-Svc header.
+ */
+export interface AltSvcEntry {
+    /** ALPN protocol identifier (e.g. "h3", "h3-29", "h2"). */
+    alpn: string;
+    /** Authority — host:port of the alternative service. */
+    host: string;
+    port: number;
+    /** Maximum age in seconds before this entry expires. */
+    maxAge: number;
+    /** Whether the entry has been confirmed via a successful connection. */
+    persist: boolean;
+    /** Timestamp (ms) when this entry was stored. */
+    storedAt: number;
+}
+/**
+ * Configuration for the Alt-Svc store.
+ */
+export interface AltSvcConfig {
+    /** Maximum number of entries across all origins. @default 1000 */
+    maxEntries?: number;
+    /** Whether to enable Alt-Svc processing. @default true */
+    enabled?: boolean;
+}
+/**
+ * In-memory store for Alt-Svc (Alternative Services) per RFC 7838.
+ *
+ * Tracks alternative service advertisements from HTTP response headers
+ * and provides lookup for the best alternative to use for a given origin.
+ *
+ * Primary use case: HTTP/3 discovery via `h3=":443"` advertisements.
+ */
+export declare class AltSvcStore {
+    private readonly entries;
+    private readonly maxEntries;
+    private totalEntries;
+    constructor(config?: AltSvcConfig);
+    /**
+     * Parses an `Alt-Svc` response header value and stores the entries
+     * associated with the given origin.
+     *
+     * @param origin   Origin of the response (e.g. "https://example.com:443").
+     * @param headerValue  Raw `Alt-Svc` header value.
+     *
+     * @example
+     * store.parseHeader("https://example.com:443", 'h3=":443"; ma=86400, h2=":443"');
+     */
+    parseHeader(origin: string, headerValue: string): void;
+    /**
+     * Looks up the best available alternative service for a given origin.
+     * Prefers h3 over h2. Expired entries are pruned during lookup.
+     *
+     * @param origin Origin to look up alternatives for.
+     * @returns The best Alt-Svc entry, or undefined if no valid alternative exists.
+     */
+    lookup(origin: string): AltSvcEntry | undefined;
+    /**
+     * Checks if there's an h3 alternative available for an origin.
+     */
+    hasH3(origin: string): boolean;
+    /**
+     * Removes all alternative service entries for a specific origin.
+     */
+    clear(origin: string): void;
+    /**
+     * Removes all entries from the store.
+     */
+    clearAll(): void;
+    /**
+     * Returns the total number of stored entries.
+     */
+    get size(): number;
+    private evictOldest;
+}
+//# sourceMappingURL=alt-svc.d.ts.map

package/dist/http/alt-svc.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"alt-svc.d.ts","sourceRoot":"","sources":["../../src/http/alt-svc.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,2DAA2D;IAC3D,IAAI,EAAE,MAAM,CAAC;IACb,wDAAwD;IACxD,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,wDAAwD;IACxD,MAAM,EAAE,MAAM,CAAC;IACf,wEAAwE;IACxE,OAAO,EAAE,OAAO,CAAC;IACjB,iDAAiD;IACjD,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,kEAAkE;IAClE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,0DAA0D;IAC1D,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAKD;;;;;;;GAOG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAoC;IAC5D,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,YAAY,CAAK;gBAEb,MAAM,CAAC,EAAE,YAAY;IAIjC;;;;;;;;;OASG;IACH,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,IAAI;IAyBtD;;;;;;OAMG;IACH,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,WAAW,GAAG,SAAS;IA2B/C;;OAEG;IACH,KAAK,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAK9B;;OAEG;IACH,KAAK,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAQ3B;;OAEG;IACH,QAAQ,IAAI,IAAI;IAKhB;;OAEG;IACH,IAAI,IAAI,IAAI,MAAM,CAEjB;IAED,OAAO,CAAC,WAAW;CAiBpB"}