perimeterx-js-core 0.26.2 → 0.28.0

package/lib/cjs/sensitive_request/SensitiveRequestUtils.js

@@ -9,8 +9,8 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 var __generator = (this && this.__generator) || function (thisArg, body) {
-    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
-    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
+    return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
     function verb(n) { return function (v) { return step([n, v]); }; }
     function step(op) {
         if (f) throw new TypeError("Generator is already executing.");

package/lib/cjs/snippet_injection/snippet_retriever/DefaultSnippetRetriever.js

@@ -9,8 +9,8 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 var __generator = (this && this.__generator) || function (thisArg, body) {
-    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
-    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
+    return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
     function verb(n) { return function (v) { return step([n, v]); }; }
     function step(op) {
         if (f) throw new TypeError("Generator is already executing.");

package/lib/cjs/telemetry/DefaultTelemetry.js

@@ -9,8 +9,8 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 var __generator = (this && this.__generator) || function (thisArg, body) {
-    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
-    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
+    return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
     function verb(n) { return function (v) { return step([n, v]); }; }
     function step(op) {
         if (f) throw new TypeError("Generator is already executing.");

package/lib/cjs/utils/WaitsUntil.js

@@ -9,8 +9,8 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 var __generator = (this && this.__generator) || function (thisArg, body) {
-    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
-    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
+    return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
     function verb(n) { return function (v) { return step([n, v]); }; }
     function step(op) {
         if (f) throw new TypeError("Generator is already executing.");

package/lib/cjs/utils/constants.js

@@ -14,4 +14,4 @@ exports.PUSH_DATA_FEATURE_HEADER_NAME = 'x-px-feature';
 exports.EMAIL_ADDRESS_REGEX = /^[a-zA-Z0-9_+&*-]+(?:\.[a-zA-Z0-9_+&*-]+)*@(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,7}$/;
 exports.URL_REGEX = /^(https?:)\/\/(([^@\s:\/]+):?([^@\s\/]*)@)?(([^:\/?#]*)(?:\:([0-9]+))?)(\/?[^?#]*)(\?[^#]*|)(#.*|)$/;
 exports.REGEX_STRUCTURE = /^\/(.+?)\/([gimsuyvd]*)$/;
-exports.CORE_MODULE_VERSION = 'JS Core 0.26.2';
+exports.CORE_MODULE_VERSION = 'JS Core 0.28.0';

package/lib/cjs/utils/timestamp_hmac_header_validator/DefaultTimestampHmacHeaderValidator.js

@@ -9,8 +9,8 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 var __generator = (this && this.__generator) || function (thisArg, body) {
-    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
-    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
+    return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
     function verb(n) { return function (v) { return step([n, v]); }; }
     function step(op) {
         if (f) throw new TypeError("Generator is already executing.");

package/lib/cjs/utils/utils.js

@@ -9,8 +9,8 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 var __generator = (this && this.__generator) || function (thisArg, body) {
-    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
-    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
+    return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
     function verb(n) { return function (v) { return step([n, v]); }; }
     function step(op) {
         if (f) throw new TypeError("Generator is already executing.");

package/lib/esm/activities/utils.js

@@ -70,7 +70,7 @@ export const createCommonActivityDetails = (config, context) => {
     addProductDataToDetails(details, context.productData);
     addServerDataToDetails(details, context.serverData);
     addTlsDataToDetails(details, context.tlsData);
-    addCustomParametersToDetails(details, context.customParameters ?? null);
+    addCustomParametersToDetails(details, context.customParameters ?? null, context.responseCustomParameters ?? null);
     return details;
 };
 export const addRootContextDataToDetails = (details, context) => {
@@ -104,10 +104,13 @@ export const addConfigDataToDetails = (details, config) => {
         details.remote_config_version = config.remoteConfigVersion;
     }
 };
-export const addCustomParametersToDetails = (details, customParameters) => {
+export const addCustomParametersToDetails = (details, customParameters, responseCustomParameters) => {
     if (customParameters) {
         Object.assign(details, customParameters);
     }
+    if (responseCustomParameters) {
+        Object.assign(details, responseCustomParameters);
+    }
 };
 export const addProductDataToDetails = (details, productData) => {
     if (productData.ad) {

package/lib/esm/config/ConfigurationBase.js

@@ -1,6 +1,6 @@
 import { defaultConfigurationParams } from './defaults/index.js';
 import { DefaultLogger, LoggerSeverity } from '../logger/index.js';
-import { CORE_MODULE_VERSION, EnforcerConfigurationError, getCollectorDomain, getScoreApiDomain, isNullOrUndefined, isValidEnumValue, ModuleMode, } from '../utils/index.js';
+import { convertRegexStringToRegex, CORE_MODULE_VERSION, EnforcerConfigurationError, getCollectorDomain, getScoreApiDomain, isNullOrUndefined, isValidEnumValue, ModuleMode, } from '../utils/index.js';
 import { RemoteConfigUtils } from './remote_config/index.js';
 import { TokenVersion } from '../risk_token/index.js';
 /**
@@ -46,9 +46,8 @@ export class ConfigurationBase {
         });
     }
     getValidConfigValue(params, defaultParams, key) {
-        const paramsValue = params[key];
-        if (!isNullOrUndefined(paramsValue) && this.isValidConfigValue(params, defaultParams, key)) {
-            return paramsValue;
+        if (!isNullOrUndefined(params[key]) && this.isValidConfigValue(params, defaultParams, key)) {
+            return this.normalizeConfigurationValue(params, key);
         }
         else {
             return this.getDefaultConfigurationValue(params, defaultParams, key);
@@ -84,6 +83,23 @@ export class ConfigurationBase {
                 return defaultParams[key];
         }
     }
+    normalizeConfigurationValue(params, key) {
+        switch (key) {
+            case 'px_filter_by_extension':
+                return params[key].map((ext) => (ext.startsWith('.') ? ext : `.${ext}`));
+            case 'px_sensitive_routes':
+            case 'px_monitored_routes':
+            case 'px_enforced_routes':
+            case 'px_graphql_routes':
+            case 'px_filter_by_route':
+            case 'px_filter_by_user_agent':
+            case 'px_graphql_keywords':
+            case 'px_sensitive_graphql_operation_names':
+                return params[key].map((pattern) => typeof pattern === 'string' ? (convertRegexStringToRegex(pattern) ?? pattern) : pattern);
+            default:
+                return params[key];
+        }
+    }
     createInternalLogger(params) {
         return new DefaultLogger(params.px_logger_severity, false, this.logger?.getLogs());
     }
@@ -148,7 +164,7 @@ export class ConfigurationBase {
         return this.configParams.px_custom_is_enforced_request;
     }
     get filteredExtensions() {
-        return this.configParams.px_filter_by_extension?.map((ext) => (ext.startsWith('.') ? ext : `.${ext}`));
+        return this.configParams.px_filter_by_extension;
     }
     get filteredHttpMethods() {
         return this.configParams.px_filter_by_http_method;
@@ -273,6 +289,9 @@ export class ConfigurationBase {
     get enrichCustomParameters() {
         return this.configParams.px_enrich_custom_parameters;
     }
+    get enrichResponseCustomParameters() {
+        return this.configParams.px_enrich_response_custom_parameters;
+    }
     get additionalActivityHandler() {
         return this.configParams.px_additional_activity_handler;
     }

package/lib/esm/config/defaults/DefaultConfigurationParams.js

@@ -113,6 +113,7 @@ export const defaultConfigurationParams = () => ({
     px_sensitive_graphql_operation_names: [],
     px_sensitive_graphql_operation_types: [],
     px_enrich_custom_parameters: null,
+    px_enrich_response_custom_parameters: null,
     px_jwt_cookie_name: '',
     px_jwt_cookie_user_id_field_name: '',
     px_jwt_cookie_additional_field_names: [],

package/lib/esm/custom_parameters/CustomParametersUtils.js

@@ -13,6 +13,22 @@ export var CustomParametersUtils;
         }
         return null;
     };
+    CustomParametersUtils.createResponseCustomParameters = async (config, context) => {
+        if (config.enrichResponseCustomParameters && typeof config.enrichResponseCustomParameters === 'function') {
+            try {
+                if (!context.response) {
+                    context.logger.debug('no response available for response custom parameters');
+                    return null;
+                }
+                const parameters = await config.enrichResponseCustomParameters(config.getActiveConfig(), context.response.getUnderlyingResponse());
+                return CustomParametersUtils.normalizeResponseCustomParams(parameters);
+            }
+            catch (e) {
+                context.logger.error(`unable to enrich response custom params: ${e}`);
+            }
+        }
+        return null;
+    };
     CustomParametersUtils.normalizeCustomParams = (customParameters) => {
         const normalizedParams = {};
         if (customParameters && typeof customParameters === 'object') {
@@ -29,4 +45,16 @@ export var CustomParametersUtils;
         }
         return Object.keys(normalizedParams).length === 0 ? null : normalizedParams;
     };
+    CustomParametersUtils.normalizeResponseCustomParams = (customParameters) => {
+        const normalizedParams = {};
+        if (customParameters && typeof customParameters === 'object') {
+            const paramKeyRegex = /^custom_param(1[1-9]|20)$/;
+            Object.entries(customParameters).forEach(([param, value]) => {
+                if (param.match(paramKeyRegex) && value !== '') {
+                    normalizedParams[param] = value;
+                }
+            });
+        }
+        return Object.keys(normalizedParams).length === 0 ? null : normalizedParams;
+    };
 })(CustomParametersUtils || (CustomParametersUtils = {}));

package/lib/esm/flow/Flow.js

@@ -7,45 +7,49 @@ export class Flow {
     insert(phase, options) {
         if (!options) {
             this.phases.push(phase);
-            return;
+            return this;
         }
         if (options.before) {
             const index = this.getIndexOfPhase(options.before);
             if (index === -1) {
-                return;
+                return this;
             }
             this.phases.splice(index, 0, phase);
         }
         if (options.after) {
             const index = this.getIndexOfPhase(options.after);
             if (index === -1) {
-                return;
+                return this;
             }
             this.phases.splice(index + 1, 0, phase);
         }
+        return this;
     }
     remove(name) {
         const index = this.getIndexOfPhase(name);
         if (index === -1) {
-            return;
+            return this;
         }
         this.phases.splice(index, 1);
+        return this;
     }
     replace(name, phase) {
         const index = this.getIndexOfPhase(name);
         if (index === -1) {
-            return;
+            return this;
         }
         this.phases.splice(index, 1, phase);
+        return this;
     }
     move(name, to) {
         const index = this.getIndexOfPhase(name);
         if (index === -1) {
-            return;
+            return this;
         }
         const phase = this.phases[index];
         this.phases.splice(index, 1);
         this.insert(phase, to);
+        return this;
     }
     getIndexOfPhase(name) {
         return this.phases.findIndex((existingPhase) => existingPhase.constructor.name === name);

package/lib/esm/graphql/DefaultGraphQLParser.js

@@ -147,11 +147,15 @@ export class DefaultGraphQLParser {
         }
     }
     getQueryKeywordsFromArray(query, context) {
+        if (!query) {
+            context.logger.debug(`empty query, unable to extract graphql keywords`);
+            return [];
+        }
         let keywords = [];
         try {
             this.config.graphqlKeywords.forEach((keyword) => {
                 const pattern = this.toGlobalRegExp(keyword);
-                let matchGroup = query?.match(pattern);
+                let matchGroup = query.match(pattern);
                 if (!matchGroup) {
                     return;
                 }

package/lib/esm/phase/impl/EnrichContextFromResponsePhase.js

@@ -1,4 +1,5 @@
 import { isNullOrUndefined } from '../../utils/index.js';
+import { CustomParametersUtils } from '../../custom_parameters/index.js';
 /**
  * `EnrichContextFromResponsePhase` enriches the context with response data. Each product's `enrichContextFromResponse`
  * method is called since every product may use the response data differently.
@@ -13,6 +14,7 @@ export class EnrichContextFromResponsePhase {
     async execute(context) {
         context.logger.debug('enrich context from response phase');
         await this.addProductDataToContext(context);
+        await this.addResponseCustomParametersToContext(context);
         return { done: false };
     }
     async addProductDataToContext(context) {
@@ -23,4 +25,7 @@ export class EnrichContextFromResponsePhase {
             }
         }));
     }
+    async addResponseCustomParametersToContext(context) {
+        context.responseCustomParameters = await CustomParametersUtils.createResponseCustomParameters(this.config, context);
+    }
 }

package/lib/esm/utils/constants.js

@@ -11,4 +11,4 @@ export const PUSH_DATA_FEATURE_HEADER_NAME = 'x-px-feature';
 export const EMAIL_ADDRESS_REGEX = /^[a-zA-Z0-9_+&*-]+(?:\.[a-zA-Z0-9_+&*-]+)*@(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,7}$/;
 export const URL_REGEX = /^(https?:)\/\/(([^@\s:\/]+):?([^@\s\/]*)@)?(([^:\/?#]*)(?:\:([0-9]+))?)(\/?[^?#]*)(\?[^#]*|)(#.*|)$/;
 export const REGEX_STRUCTURE = /^\/(.+?)\/([gimsuyvd]*)$/;
-export const CORE_MODULE_VERSION = 'JS Core 0.26.2';
+export const CORE_MODULE_VERSION = 'JS Core 0.28.0';

package/lib/types/activities/utils.d.ts

@@ -4,7 +4,7 @@ import { IConfiguration } from '../config';
 import { ProductData } from '../products';
 import { ActivityType } from './ActivityType';
 import { AdditionalS2SActivityDetails, AsyncActivity, AsyncActivityCommonDetails, AsyncActivityDetails, BlockActivityDetails, CommonActivityDetails, HeaderEntry, PageRequestedActivityDetails } from './model';
-import { CustomParameters } from '../custom_parameters';
+import { CustomParameters, ResponseCustomParameters } from '../custom_parameters';
 /**
  * Creates an async activity object based on the provided parameters.
  * @param activityType - The activity type to create.
@@ -26,7 +26,7 @@ export declare const createCommonActivityDetails: <Req, Res, Added, Removed>(con
 export declare const addRootContextDataToDetails: <Req, Res>(details: CommonActivityDetails, context: ReadonlyContext<Req, Res>) => void;
 export declare function redactCookieSecret(secret: string): string;
 export declare const addConfigDataToDetails: <Req, Res, Added, Removed>(details: CommonActivityDetails, config: IConfiguration<Req, Res, Added, Removed>) => void;
-export declare const addCustomParametersToDetails: (details: CommonActivityDetails, customParameters: CustomParameters | null) => void;
+export declare const addCustomParametersToDetails: (details: CommonActivityDetails, customParameters: CustomParameters | null, responseCustomParameters: ResponseCustomParameters | null) => void;
 export declare const addProductDataToDetails: (details: CommonActivityDetails, productData: DeepReadonly<ProductData>) => void;
 export declare const addTlsDataToDetails: (details: CommonActivityDetails, tlsData: DeepReadonly<TlsData>) => void;
 export declare const addServerDataToDetails: (details: CommonActivityDetails, serverData: DeepReadonly<ServerData>) => void;

package/lib/types/config/ConfigurationBase.d.ts

@@ -1,6 +1,6 @@
 import { IConfiguration } from './IConfiguration';
 import { RemoteConfigurationParams, StaticConfigurationParams, AllConfigurationParams, RequiredAllConfigurationParams, ActiveConfigurationParams, CoreConfigurationParams } from './params';
-import { CustomParametersFunction } from '../custom_parameters';
+import { CustomParametersFunction, ResponseCustomParametersFunction } from '../custom_parameters';
 import { AdditionalActivityHandler } from '../additional_activity_handler';
 import { ILogger, LoggerSeverity } from '../logger';
 import { CustomBlockResponseHeadersHandler, CustomPreflightHandler } from '../cors';
@@ -46,6 +46,7 @@ export declare abstract class ConfigurationBase<Req, Res, Added, Removed extends
     protected getValidConfigValue<K extends keyof RequiredAllConfigurationParams<Req, Res, Added, Removed>, V extends RequiredAllConfigurationParams<Req, Res, Added, Removed>[K]>(params: AllConfigurationParams<Req, Res, Added, Removed>, defaultParams: RequiredAllConfigurationParams<Req, Res, Added, Removed>, key: K): V;
     protected isValidConfigValue(params: AllConfigurationParams<Req, Res, Added, Removed>, defaultParams: RequiredAllConfigurationParams<Req, Res, Added, Removed>, key: keyof RequiredAllConfigurationParams<Req, Res, Added, Removed>): boolean;
     protected getDefaultConfigurationValue<K extends keyof RequiredAllConfigurationParams<Req, Res, Added, Removed>, V extends RequiredAllConfigurationParams<Req, Res, Added, Removed>[K]>(params: AllConfigurationParams<Req, Res, Added, Removed>, defaultParams: RequiredAllConfigurationParams<Req, Res, Added, Removed>, key: K): V;
+    protected normalizeConfigurationValue<K extends keyof RequiredAllConfigurationParams<Req, Res, Added, Removed>, V extends RequiredAllConfigurationParams<Req, Res, Added, Removed>[K]>(params: AllConfigurationParams<Req, Res, Added, Removed>, key: K): V;
     protected createInternalLogger(params: RequiredAllConfigurationParams<Req, Res, Added, Removed>): ILogger;
     setRemoteConfigData(remoteConfigData: RemoteConfigData<Req, Res, Added, Removed>): void;
     getActiveConfig(): ActiveConfigurationParams<Req, Res, Added, Removed>;
@@ -104,6 +105,7 @@ export declare abstract class ConfigurationBase<Req, Res, Added, Removed extends
     get sensitiveGraphqlOperationNames(): Array<string | RegExp>;
     get sensitiveGraphqlOperationTypes(): string[];
     get enrichCustomParameters(): CustomParametersFunction<Req, Res, Added, Removed> | null;
+    get enrichResponseCustomParameters(): ResponseCustomParametersFunction<Req, Res, Added, Removed> | null;
     get additionalActivityHandler(): AdditionalActivityHandler<Req, Res, Added, Removed> | null;
     get altBackendCaptchaUrl(): string;
     get corsSupportEnabled(): boolean;

package/lib/types/config/IConfiguration.d.ts

@@ -1,6 +1,6 @@
 import { ModuleMode } from '../utils';
 import { ILogger, LoggerSeverity } from '../logger';
-import { CustomParametersFunction } from '../custom_parameters';
+import { CustomParametersFunction, ResponseCustomParametersFunction } from '../custom_parameters';
 import { AdditionalActivityHandler } from '../additional_activity_handler';
 import { ActiveConfigurationParams, RemoteConfigurationParams, StaticConfigurationParams } from './params';
 import { CustomBlockResponseHeadersHandler, CustomPreflightHandler } from '../cors';
@@ -243,6 +243,10 @@ export interface IConfiguration<Req, Res, Added, Removed> {
      * A function returning CustomParameters that will be added to the enforcer activities.
      */
     readonly enrichCustomParameters: CustomParametersFunction<Req, Res, Added, Removed> | null;
+    /**
+     * A function returning ResponseCustomParameters that will be added to the enforcer activities.
+     */
+    readonly enrichResponseCustomParameters: ResponseCustomParametersFunction<Req, Res, Added, Removed> | null;
     /**
      * A function that will be called after the asynchronous activities are sent to the backend.
      */

package/lib/types/config/params/CoreConfigurationParams.d.ts

@@ -3,13 +3,13 @@ import { ModuleMode } from '../../utils';
 import { CredentialEndpointConfiguration, CredentialIntelligenceVersion, CustomLoginSuccessfulCallback, LoginSuccessfulReportingMethod } from '../../products';
 import { GraphQLOperationType, ExtractGraphQLKeywordsFunction } from '../../graphql';
 import { AdditionalActivityHandler } from '../../additional_activity_handler';
-import { CustomParametersFunction } from '../../custom_parameters';
+import { CustomParametersFunction, ResponseCustomParametersFunction } from '../../custom_parameters';
 import { CustomBlockResponseHeadersHandler, CustomPreflightHandler } from '../../cors';
 import { CustomRequestFunction } from '../CustomRequestFunction';
 import { TokenVersion } from '../../risk_token';
 import { CustomSnippetFunction } from '../../snippet_injection';
 /**
- * The configuration parameters that can be set only via the static configuration..
+ * The configuration parameters that can be set only via the static configuration.
  */
 export type StaticConfigurationParamsOnly = {
     px_app_id: string;
@@ -121,6 +121,7 @@ export type CommonConfigurationParams<Req, Res, Added, Removed> = TokenV3Configu
     px_secured_pxhd_enabled?: boolean;
     px_additional_activity_handler?: AdditionalActivityHandler<Req, Res, Added, Removed> | null;
     px_enrich_custom_parameters?: CustomParametersFunction<Req, Res, Added, Removed> | null;
+    px_enrich_response_custom_parameters?: ResponseCustomParametersFunction<Req, Res, Added, Removed> | null;
     px_login_successful_custom_callback?: CustomLoginSuccessfulCallback<Res> | null;
     px_cors_custom_preflight_handler?: CustomPreflightHandler<Req> | null;
     px_cors_create_custom_block_response_headers?: CustomBlockResponseHeadersHandler<Req> | null;

package/lib/types/context/interfaces/IContext.d.ts

@@ -1,6 +1,6 @@
 import { VidSource } from '../../utils';
 import { BlockAction } from '../../blocker';
-import { CustomParameters } from '../../custom_parameters';
+import { CustomParameters, ResponseCustomParameters } from '../../custom_parameters';
 import { PXDE } from '../../pxde';
 import { TokenOrigin } from '../../risk_token';
 import { RequestData } from './RequestData';
@@ -109,6 +109,13 @@ export interface IContext<Req, Res> {
      * custom parameters will be added to the activities sent to the collector.
      */
     customParameters?: CustomParameters | null;
+    /**
+     * An object with 10 additional custom parameters (11-20) that the customer can set and define
+     * based on the response from the origin. These custom parameters will be added to all async
+     * activities sent to the collector, including page_requested, (simulated) block,
+     * and additional_s2s activities.
+     */
+    responseCustomParameters?: ResponseCustomParameters | null;
     /**
      * An array of objects with information about the different GraphQL operations
      * parsed from the request.

package/lib/types/custom_parameters/CustomParameters.d.ts

@@ -1,6 +1,8 @@
 import { IS_HYPESALE_PARAM_NAME } from '../products';
 /**
- * Custom parameters defined by the user and included on all HUMAN backend requests.
+ * Custom parameters (1-10) defined by the user that will be added to all activities sent to HUMAN backend,
+ * including page_requested, block (and simulated block), and additional_s2s activities.
+ * These parameters are extracted from the incoming request.
  */
 export type CustomParameters = {
     custom_param1?: any;
@@ -15,3 +17,20 @@ export type CustomParameters = {
     custom_param10?: any;
     [IS_HYPESALE_PARAM_NAME]?: boolean;
 };
+/**
+ * Response-based custom parameters (11-20) defined by the user that will be added to all async activities sent to HUMAN backend,
+ * including page_requested, simulated block, and additional_s2s activities.
+ * These parameters are extracted from the origin response after it has been received.
+ */
+export type ResponseCustomParameters = {
+    custom_param11?: any;
+    custom_param12?: any;
+    custom_param13?: any;
+    custom_param14?: any;
+    custom_param15?: any;
+    custom_param16?: any;
+    custom_param17?: any;
+    custom_param18?: any;
+    custom_param19?: any;
+    custom_param20?: any;
+};

package/lib/types/custom_parameters/CustomParametersFunction.d.ts

@@ -1,3 +1,4 @@
-import { CustomParameters } from './CustomParameters';
+import { CustomParameters, ResponseCustomParameters } from './CustomParameters';
 import { ActiveConfigurationParams } from '../config';
 export type CustomParametersFunction<Req, Res, Added, Removed> = (config: ActiveConfigurationParams<Req, Res, Added, Removed>, request: Req) => CustomParameters | Promise<CustomParameters>;
+export type ResponseCustomParametersFunction<Req, Res, Added, Removed> = (config: ActiveConfigurationParams<Req, Res, Added, Removed>, response: Res) => ResponseCustomParameters | Promise<ResponseCustomParameters>;

package/lib/types/custom_parameters/CustomParametersUtils.d.ts

@@ -1,7 +1,9 @@
 import { IConfiguration } from '../config';
 import { ReadonlyContext } from '../context';
-import { CustomParameters } from './CustomParameters';
+import { CustomParameters, ResponseCustomParameters } from './CustomParameters';
 export declare namespace CustomParametersUtils {
     const createCustomParameters: <Req, Res, Added, Removed>(config: IConfiguration<Req, Res, Added, Removed>, context: ReadonlyContext<Req, Res>) => Promise<CustomParameters | null>;
+    const createResponseCustomParameters: <Req, Res, Added, Removed>(config: IConfiguration<Req, Res, Added, Removed>, context: ReadonlyContext<Req, Res>) => Promise<ResponseCustomParameters | null>;
     const normalizeCustomParams: (customParameters: Record<string, any>) => CustomParameters | null;
+    const normalizeResponseCustomParams: (customParameters: Record<string, any>) => ResponseCustomParameters | null;
 }

package/lib/types/custom_parameters/index.d.ts

@@ -1,3 +1,3 @@
-export { CustomParameters } from './CustomParameters';
+export { CustomParameters, ResponseCustomParameters } from './CustomParameters';
+export { CustomParametersFunction, ResponseCustomParametersFunction } from './CustomParametersFunction';
 export { CustomParametersUtils } from './CustomParametersUtils';
-export { CustomParametersFunction } from './CustomParametersFunction';

package/lib/types/flow/Flow.d.ts

@@ -4,10 +4,10 @@ import { IFlow, InsertPhaseOptions } from './IFlow';
 export declare class Flow<Req, Res> implements IFlow<Req, Res> {
     readonly phases: IPhase<Req, Res>[];
     constructor(phases: IPhase<Req, Res>[]);
-    insert(phase: IPhase<Req, Res>, options?: InsertPhaseOptions): void;
-    remove(name: string): void;
-    replace(name: string, phase: IPhase<Req, Res>): void;
-    move(name: string, to: InsertPhaseOptions): void;
+    insert(phase: IPhase<Req, Res>, options?: InsertPhaseOptions): IFlow<Req, Res>;
+    remove(name: string): IFlow<Req, Res>;
+    replace(name: string, phase: IPhase<Req, Res>): IFlow<Req, Res>;
+    move(name: string, to: InsertPhaseOptions): IFlow<Req, Res>;
     protected getIndexOfPhase(name: string): number;
     execute(context: IContext<Req, Res>): Promise<PhaseResult>;
 }

package/lib/types/flow/IFlow.d.ts

@@ -34,24 +34,28 @@ export interface IFlow<Req, Res> extends IPhase<Req, Res> {
      * Replaces the named phase in the flow with the provided phase. If the named phase is not found, nothing happens.
      * @param name - The name of the phase to replace. A phase with this name should exist in the flow already.
      * @param phase - The phase that should replace the named phase.
+     * @returns The flow instance itself for chaining.
      */
-    replace(name: string, phase: IPhase<Req, Res>): void;
+    replace(name: string, phase: IPhase<Req, Res>): IFlow<Req, Res>;
     /**
      * Removes the named phase from the flow. If the named phase is not found, does nothing.
      * @param name - The name of the phase to remove. A phase with this name should exist in the flow already.
+     * @returns The flow instance itself for chaining.
      */
-    remove(name: string): void;
+    remove(name: string): IFlow<Req, Res>;
     /**
      * Inserts the provided phase into the flow at the specified position. If no position is specified,
      * the phase will be added to the very end of the flow.
      * @param phase - The phase to insert into the flow.
      * @param options - The options for inserting the phase. If no options are provided, the phase will be added to the end of the flow.
+     * @returns The flow instance itself for chaining.
      */
-    insert(phase: IPhase<Req, Res>, options?: InsertPhaseOptions): void;
+    insert(phase: IPhase<Req, Res>, options?: InsertPhaseOptions): IFlow<Req, Res>;
     /**
      * Moves the named phase to the specified position in the flow. If the named phase is not found, nothing happens.
      * @param name - The name of the phase to move. A phase with this name should exist in the flow already.
      * @param to - The options for moving the phase. The phase will be moved to the specified position in the flow.
+     * @returns The flow instance itself for chaining.
      */
-    move(name: string, to: InsertPhaseOptions): void;
+    move(name: string, to: InsertPhaseOptions): IFlow<Req, Res>;
 }

package/lib/types/phase/impl/EnrichContextFromResponsePhase.d.ts

@@ -13,4 +13,5 @@ export declare class EnrichContextFromResponsePhase<Req, Res, Added, Removed> im
     constructor(config: IConfiguration<Req, Res, Added, Removed>, products: Products<Req, Res>);
     execute(context: IContext<Req, Res>): Promise<PhaseResult>;
     protected addProductDataToContext(context: IContext<Req, Res>): Promise<void>;
+    protected addResponseCustomParametersToContext(context: IContext<Req, Res>): Promise<void>;
 }

package/lib/types/utils/constants.d.ts

@@ -11,4 +11,4 @@ export declare const PUSH_DATA_FEATURE_HEADER_NAME = "x-px-feature";
 export declare const EMAIL_ADDRESS_REGEX: RegExp;
 export declare const URL_REGEX: RegExp;
 export declare const REGEX_STRUCTURE: RegExp;
-export declare const CORE_MODULE_VERSION = "JS Core 0.26.2";
+export declare const CORE_MODULE_VERSION = "JS Core 0.28.0";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "perimeterx-js-core",
-  "version": "0.26.2",
+  "version": "0.28.0",
   "description": "",
   "type": "module",
   "typesVersions": {
@@ -55,6 +55,7 @@
     "@types/chai-as-promised": "^8.0.2",
     "@types/crypto-js": "^4.1.1",
     "@types/mocha": "^10.0.0",
+    "@types/node": "^18.19.50 || ^20.6.0 || ^22.0.0",
     "@types/sinon": "^17.0.1",
     "@types/uuid": "^10.0.0",
     "@typescript-eslint/eslint-plugin": "^8.26.0",
@@ -66,11 +67,11 @@
     "eslint-config-prettier": "^10.0.2",
     "eslint-plugin-prettier": "^5.2.3",
     "husky": "^9.1.7",
-    "lint-staged": "^15.4.3",
+    "lint-staged": "^16.0.0",
     "mocha": "^10.0.0",
     "nyc": "^17.0.0",
     "prettier": "^3.5.3",
-    "sinon": "^18.0.0",
+    "sinon": "^20.0.0",
     "ts-loader": "^9.4.1",
     "ts-node": "^10.9.1",
     "tsc-alias": "^1.8.11",