samlify 2.11.0 → 2.13.0

package/build/src/utility.js

@@ -37,18 +37,25 @@ exports.readPrivateKey = readPrivateKey;
 exports.isNonEmptyArray = isNonEmptyArray;
 exports.castArrayOpt = castArrayOpt;
 exports.notEmpty = notEmpty;
+exports.escapeXPathValue = escapeXPathValue;
+exports.camelCase = camelCase;
 /**
-* @file utility.ts
-* @author tngan
-* @desc  Library for some common functions (e.g. de/inflation, en/decoding)
-*/
+ * @file utility.ts
+ * @author tngan
+ * @desc Common helpers (encoding, compression, certificate / key handling).
+ */
 var crypto_1 = require("crypto");
 var zlib_1 = require("zlib");
 var BASE64_STR = 'base64';
 /**
- * @desc Mimic lodash.zipObject
- * @param arr1 {string[]}
- * @param arr2 {[]}
+ * Build an object by zipping two parallel arrays of keys and values.
+ * When `skipDuplicated` is false, colliding keys are aggregated into arrays
+ * so duplicate keys do not clobber earlier values.
+ *
+ * @param arr1 key array
+ * @param arr2 value array (same index as keys)
+ * @param skipDuplicated when true (default) later writes overwrite earlier ones
+ * @returns object composed from key/value pairs
  */
 function zipObject(arr1, arr2, skipDuplicated) {
     if (skipDuplicated === void 0) { skipDuplicated = true; }
@@ -57,7 +64,6 @@ function zipObject(arr1, arr2, skipDuplicated) {
             res[l] = arr2[i];
             return res;
         }
-        // if key exists, aggregate with array in order to get rid of duplicate key
         if (res[l] !== undefined) {
             res[l] = Array.isArray(res[l])
                 ? res[l].concat(arr2[i])
@@ -69,9 +75,10 @@ function zipObject(arr1, arr2, skipDuplicated) {
     }, {});
 }
 /**
- * @desc Alternative to lodash.flattenDeep
- * @reference https://github.com/you-dont-need/You-Dont-Need-Lodash-Underscore#_flattendeep
- * @param input {[]}
+ * Recursively flatten a nested array into a single-level array.
+ *
+ * @param input nested array input
+ * @returns flattened array
  */
 function flattenDeep(input) {
     return Array.isArray(input)
@@ -79,144 +86,168 @@ function flattenDeep(input) {
         : [input];
 }
 /**
- * @desc Alternative to lodash.last
- * @reference https://github.com/you-dont-need/You-Dont-Need-Lodash-Underscore#_last
- * @param input {[]}
+ * Return the last element of an array.
+ *
+ * @param input source array
+ * @returns the final element, or undefined when the array is empty
  */
 function last(input) {
     return input.slice(-1)[0];
 }
 /**
- * @desc Alternative to lodash.uniq
- * @reference https://github.com/you-dont-need/You-Dont-Need-Lodash-Underscore#_uniq
- * @param input {string[]}
+ * Return a copy of a string array with duplicates removed.
+ *
+ * @param input array with possible duplicates
+ * @returns array in original order without duplicates
  */
 function uniq(input) {
     var set = new Set(input);
     return __spreadArray([], __read(set), false);
 }
 /**
- * @desc Alternative to lodash.get
- * @reference https://github.com/you-dont-need/You-Dont-Need-Lodash-Underscore#_get
- * @param obj
- * @param path
- * @param defaultValue
+ * Safely read a dotted path from an object, returning `defaultValue` when
+ * any segment is missing.
+ *
+ * @param obj source object
+ * @param path dotted path expression (e.g. "a.b.c")
+ * @param defaultValue fallback when the path does not resolve
+ * @returns resolved value or the default
  */
 function get(obj, path, defaultValue) {
-    return path.split('.')
-        .reduce(function (a, c) { return (a && a[c] ? a[c] : (defaultValue || null)); }, obj);
+    if (defaultValue === void 0) { defaultValue = null; }
+    return path
+        .split('.')
+        .reduce(function (a, c) {
+        if (a && typeof a === 'object' && c in a) {
+            var next = a[c];
+            return next !== null && next !== void 0 ? next : defaultValue;
+        }
+        return defaultValue;
+    }, obj);
 }
 /**
- * @desc Check if the input is string
- * @param {any} input
+ * Type guard for strings.
+ *
+ * @param input value to test
+ * @returns true when the input is a string primitive
  */
 function isString(input) {
     return typeof input === 'string';
 }
 /**
-* @desc Encode string with base64 format
-* @param  {string} message                       plain-text message
-* @return {string} base64 encoded string
-*/
+ * Encode a string or byte array as base64.
+ *
+ * @param message plain text or raw bytes
+ * @returns base64 encoded string
+ */
 function base64Encode(message) {
     return Buffer.from(message).toString(BASE64_STR);
 }
 /**
-* @desc Decode string from base64 format
-* @param  {string} base64Message                 encoded string
-* @param  {boolean} isBytes                      determine the return value type (True: bytes False: string)
-* @return {bytes/string}  decoded bytes/string depends on isBytes, default is {string}
-*/
+ * Decode a base64 message. Returns either the decoded string or the raw
+ * Buffer depending on `isBytes`.
+ *
+ * @param base64Message base64 encoded payload
+ * @param isBytes when true, return a Buffer instead of a string
+ * @returns decoded string or Buffer
+ */
 function base64Decode(base64Message, isBytes) {
     var bytes = Buffer.from(base64Message, BASE64_STR);
     return Boolean(isBytes) ? bytes : bytes.toString();
 }
 /**
-* @desc Compress the string
-* @param  {string} message
-* @return {string} compressed string
-*/
+ * Raw-deflate a UTF-8 string and return the compressed bytes.
+ *
+ * @param message plain text
+ * @returns compressed bytes as a number array
+ */
 function deflateString(message) {
     var input = Buffer.from(message, 'utf8');
     return Array.from((0, zlib_1.deflateRawSync)(input));
 }
 /**
-* @desc Decompress the compressed string
-* @param  {string} compressedString
-* @return {string} decompressed string
-*/
+ * Raw-inflate a base64 string that was produced by {@link deflateString}.
+ *
+ * @param compressedString base64-encoded raw-deflate payload
+ * @returns decompressed UTF-8 string
+ */
 function inflateString(compressedString) {
     var inputBuffer = Buffer.from(compressedString, BASE64_STR);
     return (0, zlib_1.inflateRawSync)(inputBuffer).toString('utf8');
 }
 /**
-* @desc Abstract the normalizeCerString and normalizePemString
-* @param {buffer} File stream or string
-* @param {string} String for header and tail
-* @return {string} A formatted certificate string
-*/
+ * Strip PEM header/footer, whitespace and newlines from a PEM payload.
+ */
 function _normalizeCerString(bin, format) {
-    return bin.toString().replace(/\n/g, '').replace(/\r/g, '').replace("-----BEGIN ".concat(format, "-----"), '').replace("-----END ".concat(format, "-----"), '').replace(/ /g, '').replace(/\t/g, '');
+    return bin
+        .toString()
+        .replace(/\n/g, '')
+        .replace(/\r/g, '')
+        .replace("-----BEGIN ".concat(format, "-----"), '')
+        .replace("-----END ".concat(format, "-----"), '')
+        .replace(/ /g, '')
+        .replace(/\t/g, '');
 }
 /**
-* @desc Parse the .cer to string format without line break, header and footer
-* @param  {string} certString     declares the certificate contents
-* @return {string} certificiate in string format
-*/
+ * Normalise a PEM certificate string to its base64 body.
+ *
+ * @param certString PEM-encoded X.509 certificate
+ * @returns certificate body without headers/whitespace
+ */
 function normalizeCerString(certString) {
     return _normalizeCerString(certString, 'CERTIFICATE');
 }
 /**
-* @desc Normalize the string in .pem format without line break, header and footer
-* @param  {string} pemString
-* @return {string} private key in string format
-*/
+ * Normalise a PEM RSA private key string to its base64 body.
+ *
+ * @param pemString PEM-encoded RSA private key
+ * @returns key body without headers/whitespace
+ */
 function normalizePemString(pemString) {
     return _normalizeCerString(pemString.toString(), 'RSA PRIVATE KEY');
 }
 /**
-* @desc Return the complete URL
-* @param  {object} req                   HTTP request
-* @return {string} URL
-*/
+ * Reconstruct the full URL (protocol + host + path) from an Express-style
+ * HTTP request.
+ *
+ * @param req Express-compatible request object
+ * @returns absolute URL string
+ */
 function getFullURL(req) {
     return "".concat(req.protocol, "://").concat(req.get('host')).concat(req.originalUrl);
 }
 /**
-* @desc Parse input string, return default value if it is undefined
-* @param  {string/boolean}
-* @return {boolean}
-*/
+ * Return `str` when it is truthy, otherwise the provided default.
+ */
 function parseString(str, defaultValue) {
     if (defaultValue === void 0) { defaultValue = ''; }
     return str || defaultValue;
 }
 /**
-* @desc Override the object by another object (rtl)
-* @param  {object} default object
-* @param  {object} object applied to the default object
-* @return {object} result object
-*/
+ * Shallow-merge `obj2` on top of `obj1`, returning a new object.
+ */
 function applyDefault(obj1, obj2) {
     return Object.assign({}, obj1, obj2);
 }
 /**
-* @desc Get public key in pem format from the certificate included in the metadata
-* @param {string} x509 certificate
-* @return {string} public key fetched from the certificate
-*/
+ * Extract the SPKI PEM public key from a base64 X.509 certificate body.
+ *
+ * @param x509Certificate normalised certificate body (no PEM wrappers)
+ * @returns PEM-encoded public key
+ */
 function getPublicKeyPemFromCertificate(x509Certificate) {
     var der = Buffer.from(x509Certificate, 'base64');
     var cert = new crypto_1.X509Certificate(der);
     return cert.publicKey.export({ type: 'spki', format: 'pem' });
 }
 /**
-* @desc Read private key from pem-formatted string
-* @param {string | Buffer} keyString pem-formatted string
-* @param {string} protected passphrase of the key
-* @return {string} string in pem format
-* If passphrase is used to protect the .pem content (recommend)
-*/
+ * Read a PEM private key, optionally decrypting it with a passphrase.
+ *
+ * @param keyString PEM key contents
+ * @param passphrase optional passphrase protecting the key
+ * @param isOutputString when true, always return a string
+ * @returns PEM key as string or Buffer
+ */
 function readPrivateKey(keyString, passphrase, isOutputString) {
     if (isString(passphrase)) {
         var key = (0, crypto_1.createPrivateKey)({ key: keyString, format: 'pem', passphrase: passphrase });
@@ -226,25 +257,76 @@ function readPrivateKey(keyString, passphrase, isOutputString) {
     return keyString;
 }
 /**
-* @desc Inline syntax sugar
-*/
+ * Coerce a value to a string when `isOutputString` is true, otherwise pass
+ * it through untouched.
+ */
 function convertToString(input, isOutputString) {
     return Boolean(isOutputString) ? String(input) : input;
 }
 /**
- * @desc Check if the input is an array with non-zero size
+ * Check that the input is an array with at least one element.
+ *
+ * @param a candidate value
+ * @returns true when the argument is a non-empty array
  */
 function isNonEmptyArray(a) {
     return Array.isArray(a) && a.length > 0;
 }
+/**
+ * Wrap a single value in an array, or return the array unchanged.
+ * An undefined input returns an empty array.
+ *
+ * @param a scalar, array, or undefined
+ * @returns array form of the input
+ */
 function castArrayOpt(a) {
     if (a === undefined)
         return [];
     return Array.isArray(a) ? a : [a];
 }
+/**
+ * Type guard removing `null` and `undefined` from a union.
+ *
+ * @param value value to narrow
+ * @returns true when the value is neither null nor undefined
+ */
 function notEmpty(value) {
     return value !== null && value !== undefined;
 }
+/**
+ * Escape a string for safe use inside an XPath single-quoted string literal.
+ * Prevents XPath injection by splitting on single quotes and using concat().
+ *
+ * @param value raw string that may contain quotes
+ * @returns XPath-safe string expression
+ */
+function escapeXPathValue(value) {
+    if (!value.includes("'")) {
+        return "'" + value + "'";
+    }
+    var parts = value.split("'").map(function (part) { return "'" + part + "'"; });
+    return 'concat(' + parts.join(",\"'\",") + ')';
+}
+/**
+ * Convert a string to camelCase, splitting on whitespace, `-`, `_`, `.`,
+ * and inferred case boundaries.
+ *
+ * @param input source string
+ * @returns camelCased output
+ */
+function camelCase(input) {
+    var words = input
+        .replace(/([a-z\d])([A-Z])/g, '$1\0$2')
+        .replace(/([A-Z]+)([A-Z][a-z])/g, '$1\0$2')
+        .split(/[\0\s\-_\.]+/)
+        .filter(function (w) { return w.length > 0; });
+    return words
+        .map(function (word, i) {
+        var lower = word.toLocaleLowerCase('en-US');
+        return i === 0 ? lower : lower.charAt(0).toLocaleUpperCase('en-US') + lower.slice(1);
+    })
+        .join('');
+}
 var utility = {
     isString: isString,
     base64Encode: base64Encode,

package/build/src/utility.js.map

@@ -1 +1 @@
-{"version":3,"file":"utility.js","sourceRoot":"","sources":["../../src/utility.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AAeA,8BAmBC;AAMD,kCAIC;AAMD,oBAEC;AAMD,oBAGC;AAQD,kBAGC;AAKD,4BAEC;AAeD,oCAGC;AAeD,sCAGC;AAoED,wCAOC;AAUD,0CAEC;AAED,oCAGC;AAED,4BAEC;AAnND;;;;EAIE;AACF,iCAA2D;AAC3D,6BAAsD;AAEtD,IAAM,UAAU,GAAG,QAAQ,CAAC;AAE5B;;;;GAIG;AACH,SAAgB,SAAS,CAAC,IAAc,EAAE,IAAW,EAAE,cAAqB;IAArB,+BAAA,EAAA,qBAAqB;IAC1E,OAAO,IAAI,CAAC,MAAM,CAAC,UAAC,GAAG,EAAE,CAAC,EAAE,CAAC;QAE3B,IAAI,cAAc,EAAE,CAAC;YACnB,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YACjB,OAAO,GAAG,CAAC;QACb,CAAC;QACD,2EAA2E;QAC3E,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;YACzB,GAAG,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAC5B,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBACxB,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;YAC7B,OAAO,GAAG,CAAC;QACb,CAAC;QAED,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACjB,OAAO,GAAG,CAAC;IAEb,CAAC,EAAE,EAAE,CAAC,CAAC;AACT,CAAC;AACD;;;;GAIG;AACH,SAAgB,WAAW,CAAC,KAAY;IACtC,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAC3B,CAAC,CAAC,KAAK,CAAC,MAAM,CAAE,UAAC,CAAC,EAAE,CAAC,IAAK,OAAA,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAxB,CAAwB,EAAG,EAAE,CAAC;QACxD,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;AACZ,CAAC;AACD;;;;GAIG;AACH,SAAgB,IAAI,CAAC,KAAY;IAC/B,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC5B,CAAC;AACD;;;;GAIG;AACH,SAAgB,IAAI,CAAC,KAAe;IAClC,IAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;IAC3B,gCAAY,GAAG,UAAE;AACnB,CAAC;AACD;;;;;;GAMG;AACH,SAAgB,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,YAAY;IACzC,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC;SACrB,MAAM,CAAC,UAAC,CAAC,EAAE,CAAC,IAAK,OAAA,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,IAAI,IAAI,CAAC,CAAC,EAA3C,CAA2C,EAAE,GAAG,CAAC,CAAC;AACtE,CAAC;AACD;;;GAGG;AACH,SAAgB,QAAQ,CAAC,KAAU;IACjC,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC;AACnC,CAAC;AACD;;;;EAIE;AACF,SAAS,YAAY,CAAC,OAA0B;IAC9C,OAAO,MAAM,CAAC,IAAI,CAAC,OAAiB,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;AAC7D,CAAC;AACD;;;;;EAKE;AACF,SAAgB,YAAY,CAAC,aAAqB,EAAE,OAAiB;IACnE,IAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC;IACrD,OAAO,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;AACrD,CAAC;AACD;;;;EAIE;AACF,SAAS,aAAa,CAAC,OAAe;IACpC,IAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC3C,OAAO,KAAK,CAAC,IAAI,CAAC,IAAA,qBAAc,EAAC,KAAK,CAAC,CAAC,CAAC;AAC3C,CAAC;AACD;;;;EAIE;AACF,SAAgB,aAAa,CAAC,gBAAwB;IACpD,IAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,UAAU,CAAC,CAAC;IAC9D,OAAO,IAAA,qBAAc,EAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AACtD,CAAC;AACD;;;;;EAKE;AACF,SAAS,mBAAmB,CAAC,GAAoB,EAAE,MAAc;IAC/D,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,qBAAc,MAAM,UAAO,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,mBAAY,MAAM,UAAO,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACnL,CAAC;AACD;;;;EAIE;AACF,SAAS,kBAAkB,CAAC,UAA2B;IACrD,OAAO,mBAAmB,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;AACxD,CAAC;AACD;;;;EAIE;AACF,SAAS,kBAAkB,CAAC,SAA0B;IACpD,OAAO,mBAAmB,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,iBAAiB,CAAC,CAAC;AACtE,CAAC;AACD;;;;EAIE;AACF,SAAS,UAAU,CAAC,GAAG;IACrB,OAAO,UAAG,GAAG,CAAC,QAAQ,gBAAM,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,SAAG,GAAG,CAAC,WAAW,CAAE,CAAC;AAClE,CAAC;AACD;;;;EAIE;AACF,SAAS,WAAW,CAAC,GAAG,EAAE,YAAiB;IAAjB,6BAAA,EAAA,iBAAiB;IACzC,OAAO,GAAG,IAAI,YAAY,CAAC;AAC7B,CAAC;AACD;;;;;EAKE;AACF,SAAS,YAAY,CAAC,IAAI,EAAE,IAAI;IAC9B,OAAO,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;AACvC,CAAC;AACD;;;;EAIE;AACF,SAAS,8BAA8B,CAAC,eAAuB;IAC7D,IAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;IACnD,IAAM,IAAI,GAAG,IAAI,wBAAe,CAAC,GAAG,CAAC,CAAC;IACtC,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;AAChE,CAAC;AACD;;;;;;EAME;AACF,SAAgB,cAAc,CAAC,SAA0B,EAAE,UAA8B,EAAE,cAAwB;IACjH,IAAI,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QACzB,IAAM,GAAG,GAAG,IAAA,yBAAgB,EAAC,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,YAAA,EAAE,CAAC,CAAC;QAC5E,IAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QACzD,OAAO,eAAe,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC;IAC9C,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AACD;;EAEE;AACF,SAAS,eAAe,CAAC,KAAK,EAAE,cAAc;IAC5C,OAAO,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;AACzD,CAAC;AACD;;GAEG;AACH,SAAgB,eAAe,CAAC,CAAC;IAC/B,OAAO,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;AAC1C,CAAC;AAED,SAAgB,YAAY,CAAI,CAAW;IACzC,IAAI,CAAC,KAAK,SAAS;QAAE,OAAO,EAAE,CAAA;IAC9B,OAAO,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;AACnC,CAAC;AAED,SAAgB,QAAQ,CAAS,KAAgC;IAC/D,OAAO,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,CAAC;AAC/C,CAAC;AAED,IAAM,OAAO,GAAG;IACd,QAAQ,UAAA;IACR,YAAY,cAAA;IACZ,YAAY,cAAA;IACZ,aAAa,eAAA;IACb,aAAa,eAAA;IACb,kBAAkB,oBAAA;IAClB,kBAAkB,oBAAA;IAClB,UAAU,YAAA;IACV,WAAW,aAAA;IACX,YAAY,cAAA;IACZ,8BAA8B,gCAAA;IAC9B,cAAc,gBAAA;IACd,eAAe,iBAAA;IACf,eAAe,iBAAA;CAChB,CAAC;AAEF,kBAAe,OAAO,CAAC"}
+{"version":3,"file":"utility.js","sourceRoot":"","sources":["../../src/utility.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AAoBA,8BAmBC;AAQD,kCAIC;AAQD,oBAEC;AAQD,oBAGC;AAWD,kBAcC;AAQD,4BAEC;AAoBD,oCAGC;AAmBD,sCAGC;AAqFD,wCAWC;AAgBD,0CAEC;AASD,oCAGC;AAQD,4BAEC;AASD,4CAMC;AASD,8BAaC;AArUD;;;;GAIG;AACH,iCAA2D;AAC3D,6BAAsD;AAEtD,IAAM,UAAU,GAAG,QAAQ,CAAC;AAE5B;;;;;;;;;GASG;AACH,SAAgB,SAAS,CACvB,IAAc,EACd,IAAS,EACT,cAAqB;IAArB,+BAAA,EAAA,qBAAqB;IAErB,OAAO,IAAI,CAAC,MAAM,CAA0B,UAAC,GAAG,EAAE,CAAC,EAAE,CAAC;QACpD,IAAI,cAAc,EAAE,CAAC;YACnB,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YACjB,OAAO,GAAG,CAAC;QACb,CAAC;QACD,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;YACzB,GAAG,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAC5B,CAAC,CAAE,GAAG,CAAC,CAAC,CAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBACjC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAM,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;YAClC,OAAO,GAAG,CAAC;QACb,CAAC;QACD,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACjB,OAAO,GAAG,CAAC;IACb,CAAC,EAAE,EAAE,CAAC,CAAC;AACT,CAAC;AAED;;;;;GAKG;AACH,SAAgB,WAAW,CAAI,KAAc;IAC3C,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QACzB,CAAC,CAAC,KAAK,CAAC,MAAM,CAAM,UAAC,CAAC,EAAE,CAAC,IAAK,OAAA,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAxB,CAAwB,EAAE,EAAE,CAAC;QAC3D,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;AACd,CAAC;AAED;;;;;GAKG;AACH,SAAgB,IAAI,CAAI,KAAU;IAChC,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC5B,CAAC;AAED;;;;;GAKG;AACH,SAAgB,IAAI,CAAC,KAAe;IAClC,IAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;IAC3B,gCAAW,GAAG,UAAE;AAClB,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,GAAG,CACjB,GAA+C,EAC/C,IAAY,EACZ,YAA6B;IAA7B,6BAAA,EAAA,mBAA6B;IAE7B,OAAO,IAAI;SACR,KAAK,CAAC,GAAG,CAAC;SACV,MAAM,CAAU,UAAC,CAAC,EAAE,CAAC;QACpB,IAAI,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,IAAK,CAA6B,EAAE,CAAC;YACtE,IAAM,IAAI,GAAI,CAA6B,CAAC,CAAC,CAAC,CAAC;YAC/C,OAAO,IAAI,aAAJ,IAAI,cAAJ,IAAI,GAAI,YAAY,CAAC;QAC9B,CAAC;QACD,OAAO,YAAY,CAAC;IACtB,CAAC,EAAE,GAAG,CAAa,CAAC;AACxB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,QAAQ,CAAC,KAAc;IACrC,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC;AACnC,CAAC;AAED;;;;;GAKG;AACH,SAAS,YAAY,CAAC,OAA0B;IAC9C,OAAO,MAAM,CAAC,IAAI,CAAC,OAAiB,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;AAC7D,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,YAAY,CAAC,aAAqB,EAAE,OAAiB;IACnE,IAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC;IACrD,OAAO,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;AACrD,CAAC;AAED;;;;;GAKG;AACH,SAAS,aAAa,CAAC,OAAe;IACpC,IAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC3C,OAAO,KAAK,CAAC,IAAI,CAAC,IAAA,qBAAc,EAAC,KAAK,CAAC,CAAC,CAAC;AAC3C,CAAC;AAED;;;;;GAKG;AACH,SAAgB,aAAa,CAAC,gBAAwB;IACpD,IAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,UAAU,CAAC,CAAC;IAC9D,OAAO,IAAA,qBAAc,EAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AACtD,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,GAAoB,EAAE,MAAc;IAC/D,OAAO,GAAG;SACP,QAAQ,EAAE;SACV,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;SAClB,OAAO,CAAC,qBAAc,MAAM,UAAO,EAAE,EAAE,CAAC;SACxC,OAAO,CAAC,mBAAY,MAAM,UAAO,EAAE,EAAE,CAAC;SACtC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;SACjB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxB,CAAC;AAED;;;;;GAKG;AACH,SAAS,kBAAkB,CAAC,UAA2B;IACrD,OAAO,mBAAmB,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;AACxD,CAAC;AAED;;;;;GAKG;AACH,SAAS,kBAAkB,CAAC,SAA0B;IACpD,OAAO,mBAAmB,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,iBAAiB,CAAC,CAAC;AACtE,CAAC;AAED;;;;;;GAMG;AACH,SAAS,UAAU,CAAC,GAInB;IACC,OAAO,UAAG,GAAG,CAAC,QAAQ,gBAAM,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,SAAG,GAAG,CAAC,WAAW,CAAE,CAAC;AAClE,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,GAA8B,EAAE,YAAiB;IAAjB,6BAAA,EAAA,iBAAiB;IACpE,OAAO,GAAG,IAAI,YAAY,CAAC;AAC7B,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAqC,IAAO,EAAE,IAAO;IACxE,OAAO,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,IAAI,EAAE,IAAI,CAAU,CAAC;AAChD,CAAC;AAED;;;;;GAKG;AACH,SAAS,8BAA8B,CAAC,eAAuB;IAC7D,IAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;IACnD,IAAM,IAAI,GAAG,IAAI,wBAAe,CAAC,GAAG,CAAC,CAAC;IACtC,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;AAChE,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,cAAc,CAC5B,SAA0B,EAC1B,UAA8B,EAC9B,cAAwB;IAExB,IAAI,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QACzB,IAAM,GAAG,GAAG,IAAA,yBAAgB,EAAC,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,YAAA,EAAE,CAAC,CAAC;QAC5E,IAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QACzD,OAAO,eAAe,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC;IAC9C,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,KAAsB,EAAE,cAAwB;IACvE,OAAO,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;AACzD,CAAC;AAED;;;;;GAKG;AACH,SAAgB,eAAe,CAAI,CAAU;IAC3C,OAAO,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;AAC1C,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,YAAY,CAAI,CAAW;IACzC,IAAI,CAAC,KAAK,SAAS;QAAE,OAAO,EAAE,CAAC;IAC/B,OAAO,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACpC,CAAC;AAED;;;;;GAKG;AACH,SAAgB,QAAQ,CAAS,KAAgC;IAC/D,OAAO,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,CAAC;AAC/C,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,gBAAgB,CAAC,KAAa;IAC5C,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO,GAAG,GAAG,KAAK,GAAG,GAAG,CAAC;IAC3B,CAAC;IACD,IAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,UAAA,IAAI,IAAI,OAAA,GAAG,GAAG,IAAI,GAAG,GAAG,EAAhB,CAAgB,CAAC,CAAC;IAC7D,OAAO,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,SAAO,CAAC,GAAG,GAAG,CAAC;AAC/C,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,SAAS,CAAC,KAAa;IACrC,IAAM,KAAK,GAAG,KAAK;SAChB,OAAO,CAAC,mBAAmB,EAAE,QAAQ,CAAC;SACtC,OAAO,CAAC,uBAAuB,EAAE,QAAQ,CAAC;SAC1C,KAAK,CAAC,cAAc,CAAC;SACrB,MAAM,CAAC,UAAA,CAAC,IAAI,OAAA,CAAC,CAAC,MAAM,GAAG,CAAC,EAAZ,CAAY,CAAC,CAAC;IAE7B,OAAO,KAAK;SACT,GAAG,CAAC,UAAC,IAAI,EAAE,CAAC;QACX,IAAM,KAAK,GAAG,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAC9C,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,iBAAiB,CAAC,OAAO,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACvF,CAAC,CAAC;SACD,IAAI,CAAC,EAAE,CAAC,CAAC;AACd,CAAC;AAED,IAAM,OAAO,GAAG;IACd,QAAQ,UAAA;IACR,YAAY,cAAA;IACZ,YAAY,cAAA;IACZ,aAAa,eAAA;IACb,aAAa,eAAA;IACb,kBAAkB,oBAAA;IAClB,kBAAkB,oBAAA;IAClB,UAAU,YAAA;IACV,WAAW,aAAA;IACX,YAAY,cAAA;IACZ,8BAA8B,gCAAA;IAC9B,cAAc,gBAAA;IACd,eAAe,iBAAA;IACf,eAAe,iBAAA;CAChB,CAAC;AAEF,kBAAe,OAAO,CAAC"}

package/build/src/validator.js

@@ -1,4 +1,9 @@
 "use strict";
+/**
+ * @file validator.ts
+ * @author tngan
+ * @desc Time-window validators for SAML `NotBefore` / `NotOnOrAfter` conditions.
+ */
 var __read = (this && this.__read) || function (o, n) {
     var m = typeof Symbol === "function" && o[Symbol.iterator];
     if (!m) return o;
@@ -17,27 +22,39 @@ var __read = (this && this.__read) || function (o, n) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.verifyTime = verifyTime;
+/**
+ * Check whether the current clock falls within the provided SAML time
+ * window, applying a symmetric drift tolerance to both ends.
+ *
+ * Behaviour:
+ *   - Both bounds missing: logs a warning and returns `true`.
+ *   - Only `utcNotBefore` given: returns true when now is at or after it.
+ *   - Only `utcNotOnOrAfter` given: returns true when now is strictly before it.
+ *   - Both given: returns true only when both individual checks pass.
+ *
+ * @param utcNotBefore ISO-8601 lower bound (inclusive) or undefined
+ * @param utcNotOnOrAfter ISO-8601 upper bound (exclusive) or undefined
+ * @param drift tolerance applied to each bound, defaults to `[0, 0]`
+ * @returns whether the current time is within the configured window
+ */
 function verifyTime(utcNotBefore, utcNotOnOrAfter, drift) {
     if (drift === void 0) { drift = [0, 0]; }
     var now = new Date();
     if (!utcNotBefore && !utcNotOnOrAfter) {
-        // show warning because user intends to have time check but the document doesn't include corresponding information
-        console.warn('You intend to have time validation however the document doesn\'t include the valid range.');
+        console.warn("You intend to have time validation however the document doesn't include the valid range.");
         return true;
     }
-    var notBeforeLocal = null;
-    var notOnOrAfterLocal = null;
     var _a = __read(drift, 2), notBeforeDrift = _a[0], notOnOrAfterDrift = _a[1];
     if (utcNotBefore && !utcNotOnOrAfter) {
-        notBeforeLocal = new Date(utcNotBefore);
-        return +notBeforeLocal + notBeforeDrift <= +now;
+        var notBeforeLocal_1 = new Date(utcNotBefore);
+        return +notBeforeLocal_1 + notBeforeDrift <= +now;
     }
     if (!utcNotBefore && utcNotOnOrAfter) {
-        notOnOrAfterLocal = new Date(utcNotOnOrAfter);
-        return +now < +notOnOrAfterLocal + notOnOrAfterDrift;
+        var notOnOrAfterLocal_1 = new Date(utcNotOnOrAfter);
+        return +now < +notOnOrAfterLocal_1 + notOnOrAfterDrift;
     }
-    notBeforeLocal = new Date(utcNotBefore);
-    notOnOrAfterLocal = new Date(utcNotOnOrAfter);
+    var notBeforeLocal = new Date(utcNotBefore);
+    var notOnOrAfterLocal = new Date(utcNotOnOrAfter);
     return (+notBeforeLocal + notBeforeDrift <= +now &&
         +now < +notOnOrAfterLocal + notOnOrAfterDrift);
 }

package/build/src/validator.js.map

@@ -1 +1 @@
-{"version":3,"file":"validator.js","sourceRoot":"","sources":["../../src/validator.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;AA0CE,gCAAU;AAvCZ,SAAS,UAAU,CACjB,YAAgC,EAChC,eAAmC,EACnC,KAA8B;IAA9B,sBAAA,EAAA,SAAyB,CAAC,EAAE,CAAC,CAAC;IAG9B,IAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IAEvB,IAAI,CAAC,YAAY,IAAI,CAAC,eAAe,EAAE,CAAC;QACtC,kHAAkH;QAClH,OAAO,CAAC,IAAI,CAAC,2FAA2F,CAAC,CAAC;QAC1G,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,cAAc,GAAgB,IAAI,CAAC;IACvC,IAAI,iBAAiB,GAAgB,IAAI,CAAC;IAEpC,IAAA,KAAA,OAAsC,KAAK,IAAA,EAA1C,cAAc,QAAA,EAAE,iBAAiB,QAAS,CAAC;IAElD,IAAI,YAAY,IAAI,CAAC,eAAe,EAAE,CAAC;QACrC,cAAc,GAAG,IAAI,IAAI,CAAC,YAAY,CAAC,CAAC;QACxC,OAAO,CAAC,cAAc,GAAG,cAAc,IAAI,CAAC,GAAG,CAAC;IAClD,CAAC;IACD,IAAI,CAAC,YAAY,IAAI,eAAe,EAAE,CAAC;QACrC,iBAAiB,GAAG,IAAI,IAAI,CAAC,eAAe,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,GAAG,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;IACvD,CAAC;IAED,cAAc,GAAG,IAAI,IAAI,CAAC,YAAa,CAAC,CAAC;IACzC,iBAAiB,GAAG,IAAI,IAAI,CAAC,eAAgB,CAAC,CAAC;IAE/C,OAAO,CACL,CAAC,cAAc,GAAG,cAAc,IAAI,CAAC,GAAG;QACxC,CAAC,GAAG,GAAG,CAAC,iBAAiB,GAAG,iBAAiB,CAC9C,CAAC;AAEJ,CAAC"}
+{"version":3,"file":"validator.js","sourceRoot":"","sources":["../../src/validator.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;AAoDM,gCAAU;AA/CnB;;;;;;;;;;;;;;GAcG;AACH,SAAS,UAAU,CACjB,YAAgC,EAChC,eAAmC,EACnC,KAA8B;IAA9B,sBAAA,EAAA,SAAyB,CAAC,EAAE,CAAC,CAAC;IAE9B,IAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IAEvB,IAAI,CAAC,YAAY,IAAI,CAAC,eAAe,EAAE,CAAC;QACtC,OAAO,CAAC,IAAI,CAAC,0FAA0F,CAAC,CAAC;QACzG,OAAO,IAAI,CAAC;IACd,CAAC;IAEK,IAAA,KAAA,OAAsC,KAAK,IAAA,EAA1C,cAAc,QAAA,EAAE,iBAAiB,QAAS,CAAC;IAElD,IAAI,YAAY,IAAI,CAAC,eAAe,EAAE,CAAC;QACrC,IAAM,gBAAc,GAAG,IAAI,IAAI,CAAC,YAAY,CAAC,CAAC;QAC9C,OAAO,CAAC,gBAAc,GAAG,cAAc,IAAI,CAAC,GAAG,CAAC;IAClD,CAAC;IACD,IAAI,CAAC,YAAY,IAAI,eAAe,EAAE,CAAC;QACrC,IAAM,mBAAiB,GAAG,IAAI,IAAI,CAAC,eAAe,CAAC,CAAC;QACpD,OAAO,CAAC,GAAG,GAAG,CAAC,mBAAiB,GAAG,iBAAiB,CAAC;IACvD,CAAC;IAED,IAAM,cAAc,GAAG,IAAI,IAAI,CAAC,YAAa,CAAC,CAAC;IAC/C,IAAM,iBAAiB,GAAG,IAAI,IAAI,CAAC,eAAgB,CAAC,CAAC;IAErD,OAAO,CACL,CAAC,cAAc,GAAG,cAAc,IAAI,CAAC,GAAG;QACxC,CAAC,GAAG,GAAG,CAAC,iBAAiB,GAAG,iBAAiB,CAC9C,CAAC;AACJ,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "samlify",
-  "version": "2.11.0",
+  "version": "2.13.0",
   "description": "Node.js library for SAML SSO",
   "main": "build/index.js",
   "keywords": [
@@ -11,14 +11,21 @@
     "metadata"
   ],
   "typings": "types/index.d.ts",
+  "files": [
+    "build",
+    "types",
+    "LICENSE",
+    "README.md"
+  ],
   "scripts": {
-    "build": "yarn audit;make rebuild",
+    "clean": "rm -rf build types",
+    "build": "yarn audit && rm -rf build && tsc",
     "docs:dev": "vitepress dev docs",
     "docs:build": "vitepress build docs",
     "docs:preview": "vitepress preview docs",
     "lint": "tslint -p .",
     "lint:fix": "tslint -p . --fix",
-    "pretest": "make pretest",
+    "pretest": "mkdir -p build/test && cp -a test/key test/misc build/test",
     "test": "NODE_ENV=test vitest run",
     "test:watch": "NODE_ENV=test vitest",
     "coverage": "vitest run --coverage",
@@ -36,7 +43,6 @@
   "dependencies": {
     "@authenio/xml-encryption": "^2.0.2",
     "@xmldom/xmldom": "^0.8.11",
-    "camelcase": "^9.0.0",
     "node-rsa": "^1.1.1",
     "xml": "^1.0.1",
     "xml-crypto": "^6.1.2",
@@ -44,20 +50,24 @@
     "xpath": "^0.0.34"
   },
   "resolutions": {
-    "brace-expansion": ">=1.1.12",
     "diff": ">=4.0.4",
-    "esbuild": ">=0.25.0"
+    "esbuild": ">=0.25.0",
+    "vitest/vite": "^6.4.2",
+    "vitest/vite-node/vite": "^6.4.2",
+    "vitepress/vite": "^6.4.2",
+    "vitepress/@vitejs/plugin-vue/vite": "^6.4.2"
   },
   "devDependencies": {
     "@authenio/samlify-xsd-schema-validator": "^1.0.5",
     "@types/node": "^25.4.0",
     "@types/node-rsa": "^1.1.4",
     "@types/xmldom": "^0.1.34",
+    "@vitest/coverage-v8": "^3.2.0",
     "timekeeper": "^2.3.1",
     "ts-node": "^10.9.2",
     "tslint": "^6.1.3",
     "typescript": "^5.9.3",
     "vitepress": "^1.6.4",
-    "vitest": "^4.0.18"
+    "vitest": "^3.2.4"
   }
 }

package/types/src/api.d.ts

@@ -1,13 +1,43 @@
-import { DOMParser as dom, Options as DOMParserOptions } from '@xmldom/xmldom';
+/**
+ * @file api.ts
+ * @author tngan
+ * @desc Global module configuration: XML schema validator and DOM parser.
+ */
+import { DOMParser as Dom, Options as DOMParserOptions } from '@xmldom/xmldom';
+/** Module-wide runtime configuration. */
 interface Context extends ValidatorContext, DOMParserContext {
 }
+/** Caller-supplied SAML XML schema validator. */
 interface ValidatorContext {
-    validate?: (xml: string) => Promise<any>;
+    validate?: (xml: string) => Promise<unknown>;
 }
+/** DOM parser used to decode SAML messages. */
 interface DOMParserContext {
-    dom: dom;
+    dom: Dom;
 }
+/**
+ * Return the module-wide runtime context (DOM parser and validator).
+ *
+ * @returns shared context object
+ */
 export declare function getContext(): Context;
+/**
+ * Register the caller-supplied SAML schema validator. Throws when the
+ * supplied value does not expose a `validate` callback.
+ *
+ * @param params object with a `validate(xml)` callback
+ */
 export declare function setSchemaValidator(params: ValidatorContext): void;
+/**
+ * Replace the module-wide DOM parser with one configured by the caller.
+ *
+ * The XXE-safe error handlers are merged into the supplied options as a
+ * baseline so callers can override unrelated settings without
+ * accidentally disabling XXE protection (`saml-core §6.4`,
+ * `saml-sec-consider §6.3.1`). A caller can still opt out by passing
+ * its own `errorHandler`, but it must do so explicitly.
+ *
+ * @param options xmldom parser options
+ */
 export declare function setDOMParserOptions(options?: DOMParserOptions): void;
 export {};