secure-ui-components 0.2.3 → 0.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/dist/components/secure-card/secure-card.js +1 -766
  2. package/dist/components/secure-datetime/secure-datetime.js +1 -570
  3. package/dist/components/secure-file-upload/secure-file-upload.js +1 -868
  4. package/dist/components/secure-form/secure-form.js +1 -797
  5. package/dist/components/secure-input/secure-input.js +1 -867
  6. package/dist/components/secure-password-confirm/secure-password-confirm.js +1 -329
  7. package/dist/components/secure-select/secure-select.js +1 -589
  8. package/dist/components/secure-submit-button/secure-submit-button.js +1 -378
  9. package/dist/components/secure-table/secure-table.js +33 -528
  10. package/dist/components/secure-telemetry-provider/secure-telemetry-provider.js +1 -201
  11. package/dist/components/secure-textarea/secure-textarea.js +1 -491
  12. package/dist/core/base-component.js +1 -500
  13. package/dist/core/security-config.js +1 -242
  14. package/dist/core/types.js +0 -2
  15. package/dist/index.js +1 -17
  16. package/dist/package.json +4 -2
  17. package/package.json +4 -2
package/dist/core/security-config.js CHANGED
@@ -13,245 +13,4 @@
13
13
  *
14
14
  * @module security-config
15
15
  * @license MIT
16
- */
17
- /**
18
- * Security tier enumeration
19
- * These constants should be used throughout the library to reference security levels
20
- */
21
- export const SecurityTier = Object.freeze({
22
- /** PUBLIC: Non-sensitive data (e.g., search queries, public comments) */
23
- PUBLIC: 'public',
24
- /** AUTHENTICATED: User-specific but non-sensitive data (e.g., display names, preferences) */
25
- AUTHENTICATED: 'authenticated',
26
- /** SENSITIVE: Personally identifiable information (e.g., email, phone, address) */
27
- SENSITIVE: 'sensitive',
28
- /** CRITICAL: High-risk data (e.g., passwords, SSN, payment info) */
29
- CRITICAL: 'critical'
30
- });
31
- /**
32
- * Default configuration for each security tier
33
- *
34
- * Security Note: These defaults implement defense-in-depth by progressively
35
- * adding security controls at each tier. When in doubt, components should
36
- * default to CRITICAL tier behavior.
37
- */
38
- export const TIER_CONFIG = Object.freeze({
39
- [SecurityTier.PUBLIC]: Object.freeze({
40
- name: 'Public',
41
- level: 1,
42
- validation: Object.freeze({
43
- required: false,
44
- strict: false,
45
- maxLength: 5000,
46
- pattern: null,
47
- sanitizeHtml: true
48
- }),
49
- masking: Object.freeze({
50
- enabled: false,
51
- character: '•',
52
- partial: false
53
- }),
54
- storage: Object.freeze({
55
- allowAutocomplete: true,
56
- allowCache: true,
57
- allowHistory: true
58
- }),
59
- audit: Object.freeze({
60
- logAccess: false,
61
- logChanges: false,
62
- logSubmission: false,
63
- includeMetadata: false
64
- }),
65
- rateLimit: Object.freeze({
66
- enabled: false,
67
- maxAttempts: 0,
68
- windowMs: 0
69
- })
70
- }),
71
- [SecurityTier.AUTHENTICATED]: Object.freeze({
72
- name: 'Authenticated',
73
- level: 2,
74
- validation: Object.freeze({
75
- required: true,
76
- strict: false,
77
- maxLength: 1000,
78
- pattern: null,
79
- sanitizeHtml: true
80
- }),
81
- masking: Object.freeze({
82
- enabled: false,
83
- character: '•',
84
- partial: false
85
- }),
86
- storage: Object.freeze({
87
- allowAutocomplete: true,
88
- allowCache: false,
89
- allowHistory: false
90
- }),
91
- audit: Object.freeze({
92
- logAccess: false,
93
- logChanges: true,
94
- logSubmission: true,
95
- includeMetadata: true
96
- }),
97
- rateLimit: Object.freeze({
98
- enabled: false,
99
- maxAttempts: 0,
100
- windowMs: 0
101
- })
102
- }),
103
- [SecurityTier.SENSITIVE]: Object.freeze({
104
- name: 'Sensitive',
105
- level: 3,
106
- validation: Object.freeze({
107
- required: true,
108
- strict: true,
109
- maxLength: 500,
110
- pattern: null,
111
- sanitizeHtml: true
112
- }),
113
- masking: Object.freeze({
114
- enabled: true,
115
- character: '•',
116
- partial: true
117
- }),
118
- storage: Object.freeze({
119
- allowAutocomplete: false,
120
- allowCache: false,
121
- allowHistory: false
122
- }),
123
- audit: Object.freeze({
124
- logAccess: true,
125
- logChanges: true,
126
- logSubmission: true,
127
- includeMetadata: true
128
- }),
129
- rateLimit: Object.freeze({
130
- enabled: true,
131
- maxAttempts: 10,
132
- windowMs: 60000
133
- })
134
- }),
135
- [SecurityTier.CRITICAL]: Object.freeze({
136
- name: 'Critical',
137
- level: 4,
138
- validation: Object.freeze({
139
- required: true,
140
- strict: true,
141
- maxLength: 256,
142
- pattern: null,
143
- sanitizeHtml: true
144
- }),
145
- masking: Object.freeze({
146
- enabled: true,
147
- character: '•',
148
- partial: false
149
- }),
150
- storage: Object.freeze({
151
- allowAutocomplete: false,
152
- allowCache: false,
153
- allowHistory: false
154
- }),
155
- audit: Object.freeze({
156
- logAccess: true,
157
- logChanges: true,
158
- logSubmission: true,
159
- includeMetadata: true
160
- }),
161
- rateLimit: Object.freeze({
162
- enabled: true,
163
- maxAttempts: 5,
164
- windowMs: 60000
165
- })
166
- })
167
- });
168
- /**
169
- * Get configuration for a specific security tier
170
- *
171
- * Security Note: If an invalid tier is provided, this function fails secure
172
- * by returning the CRITICAL tier configuration.
173
- */
174
- export function getTierConfig(tier) {
175
- if (!tier || !TIER_CONFIG[tier]) {
176
- console.warn(`Invalid security tier "${tier}", defaulting to CRITICAL`);
177
- return TIER_CONFIG[SecurityTier.CRITICAL];
178
- }
179
- return TIER_CONFIG[tier];
180
- }
181
- /**
182
- * Validate that a tier value is valid
183
- */
184
- export function isValidTier(tier) {
185
- return Object.values(SecurityTier).includes(tier);
186
- }
187
- /**
188
- * Compare two security tiers
189
- *
190
- * @returns -1 if tier1 < tier2, 0 if equal, 1 if tier1 > tier2
191
- */
192
- export function compareTiers(tier1, tier2) {
193
- const config1 = getTierConfig(tier1);
194
- const config2 = getTierConfig(tier2);
195
- return Math.sign(config1.level - config2.level);
196
- }
197
- /**
198
- * Get the more secure of two tiers
199
- */
200
- export function getMoreSecureTier(tier1, tier2) {
201
- return compareTiers(tier1, tier2) >= 0 ? tier1 : tier2;
202
- }
203
- /**
204
- * Content Security Policy recommendations for each tier
205
- */
206
- export const CSP_RECOMMENDATIONS = Object.freeze({
207
- [SecurityTier.PUBLIC]: Object.freeze({
208
- 'default-src': ["'self'"],
209
- 'script-src': ["'self'"],
210
- 'style-src': ["'self'"]
211
- }),
212
- [SecurityTier.AUTHENTICATED]: Object.freeze({
213
- 'default-src': ["'self'"],
214
- 'script-src': ["'self'"],
215
- 'style-src': ["'self'"],
216
- 'form-action': ["'self'"]
217
- }),
218
- [SecurityTier.SENSITIVE]: Object.freeze({
219
- 'default-src': ["'self'"],
220
- 'script-src': ["'self'"],
221
- 'style-src': ["'self'"],
222
- 'form-action': ["'self'"],
223
- 'frame-ancestors': ["'none'"],
224
- 'upgrade-insecure-requests': []
225
- }),
226
- [SecurityTier.CRITICAL]: Object.freeze({
227
- 'default-src': ["'self'"],
228
- 'script-src': ["'self'"],
229
- 'style-src': ["'self'"],
230
- 'form-action': ["'self'"],
231
- 'frame-ancestors': ["'none'"],
232
- 'upgrade-insecure-requests': [],
233
- 'block-all-mixed-content': [],
234
- 'base-uri': ["'none'"]
235
- })
236
- });
237
- /**
238
- * Default security headers recommendations
239
- */
240
- export const SECURITY_HEADERS = Object.freeze({
241
- 'X-Content-Type-Options': 'nosniff',
242
- 'X-Frame-Options': 'DENY',
243
- 'X-XSS-Protection': '1; mode=block',
244
- 'Referrer-Policy': 'strict-origin-when-cross-origin',
245
- 'Permissions-Policy': 'geolocation=(), microphone=(), camera=()'
246
- });
247
- export default {
248
- SecurityTier,
249
- TIER_CONFIG,
250
- getTierConfig,
251
- isValidTier,
252
- compareTiers,
253
- getMoreSecureTier,
254
- CSP_RECOMMENDATIONS,
255
- SECURITY_HEADERS
256
- };
257
- //# sourceMappingURL=security-config.js.map
16
+ */const t=Object.freeze({PUBLIC:"public",AUTHENTICATED:"authenticated",SENSITIVE:"sensitive",CRITICAL:"critical"}),a=Object.freeze({[t.PUBLIC]:Object.freeze({name:"Public",level:1,validation:Object.freeze({required:!1,strict:!1,maxLength:5e3,pattern:null,sanitizeHtml:!0}),masking:Object.freeze({enabled:!1,character:"\u2022",partial:!1}),storage:Object.freeze({allowAutocomplete:!0,allowCache:!0,allowHistory:!0}),audit:Object.freeze({logAccess:!1,logChanges:!1,logSubmission:!1,includeMetadata:!1}),rateLimit:Object.freeze({enabled:!1,maxAttempts:0,windowMs:0})}),[t.AUTHENTICATED]:Object.freeze({name:"Authenticated",level:2,validation:Object.freeze({required:!0,strict:!1,maxLength:1e3,pattern:null,sanitizeHtml:!0}),masking:Object.freeze({enabled:!1,character:"\u2022",partial:!1}),storage:Object.freeze({allowAutocomplete:!0,allowCache:!1,allowHistory:!1}),audit:Object.freeze({logAccess:!1,logChanges:!0,logSubmission:!0,includeMetadata:!0}),rateLimit:Object.freeze({enabled:!1,maxAttempts:0,windowMs:0})}),[t.SENSITIVE]:Object.freeze({name:"Sensitive",level:3,validation:Object.freeze({required:!0,strict:!0,maxLength:500,pattern:null,sanitizeHtml:!0}),masking:Object.freeze({enabled:!0,character:"\u2022",partial:!0}),storage:Object.freeze({allowAutocomplete:!1,allowCache:!1,allowHistory:!1}),audit:Object.freeze({logAccess:!0,logChanges:!0,logSubmission:!0,includeMetadata:!0}),rateLimit:Object.freeze({enabled:!0,maxAttempts:10,windowMs:6e4})}),[t.CRITICAL]:Object.freeze({name:"Critical",level:4,validation:Object.freeze({required:!0,strict:!0,maxLength:256,pattern:null,sanitizeHtml:!0}),masking:Object.freeze({enabled:!0,character:"\u2022",partial:!1}),storage:Object.freeze({allowAutocomplete:!1,allowCache:!1,allowHistory:!1}),audit:Object.freeze({logAccess:!0,logChanges:!0,logSubmission:!0,includeMetadata:!0}),rateLimit:Object.freeze({enabled:!0,maxAttempts:5,windowMs:6e4})})});function l(e){return!e||!a[e]?(console.warn(`Invalid security tier "${e}", defaulting to CRITICAL`),a[t.CRITICAL]):a[e]}function n(e){return Object.values(t).includes(e)}function s(e,r){const c=l(e),i=l(r);return Math.sign(c.level-i.level)}function o(e,r){return s(e,r)>=0?e:r}const f=Object.freeze({[t.PUBLIC]:Object.freeze({"default-src":["'self'"],"script-src":["'self'"],"style-src":["'self'"]}),[t.AUTHENTICATED]:Object.freeze({"default-src":["'self'"],"script-src":["'self'"],"style-src":["'self'"],"form-action":["'self'"]}),[t.SENSITIVE]:Object.freeze({"default-src":["'self'"],"script-src":["'self'"],"style-src":["'self'"],"form-action":["'self'"],"frame-ancestors":["'none'"],"upgrade-insecure-requests":[]}),[t.CRITICAL]:Object.freeze({"default-src":["'self'"],"script-src":["'self'"],"style-src":["'self'"],"form-action":["'self'"],"frame-ancestors":["'none'"],"upgrade-insecure-requests":[],"block-all-mixed-content":[],"base-uri":["'none'"]})}),u=Object.freeze({"X-Content-Type-Options":"nosniff","X-Frame-Options":"DENY","X-XSS-Protection":"1; mode=block","Referrer-Policy":"strict-origin-when-cross-origin","Permissions-Policy":"geolocation=(), microphone=(), camera=()"});var b={SecurityTier:t,TIER_CONFIG:a,getTierConfig:l,isValidTier:n,compareTiers:s,getMoreSecureTier:o,CSP_RECOMMENDATIONS:f,SECURITY_HEADERS:u};export{f as CSP_RECOMMENDATIONS,u as SECURITY_HEADERS,t as SecurityTier,a as TIER_CONFIG,s as compareTiers,b as default,o as getMoreSecureTier,l as getTierConfig,n as isValidTier};
package/dist/core/types.js CHANGED
@@ -3,5 +3,3 @@
3
3
  * @module types
4
4
  * @license MIT
5
5
  */
6
- export {};
7
- //# sourceMappingURL=types.js.map
package/dist/index.js CHANGED
@@ -3,20 +3,4 @@
3
3
  *
4
4
  * @module @anthropic/secure-ui-components
5
5
  * @license MIT
6
- */
7
- // Core
8
- export { SecureBaseComponent } from './core/base-component.js';
9
- export { SecurityTier, TIER_CONFIG, getTierConfig, isValidTier, compareTiers, getMoreSecureTier, CSP_RECOMMENDATIONS, SECURITY_HEADERS } from './core/security-config.js';
10
- // Components
11
- export { SecureInput } from './components/secure-input/secure-input.js';
12
- export { SecureTextarea } from './components/secure-textarea/secure-textarea.js';
13
- export { SecureSelect } from './components/secure-select/secure-select.js';
14
- export { SecureForm } from './components/secure-form/secure-form.js';
15
- export { SecureFileUpload } from './components/secure-file-upload/secure-file-upload.js';
16
- export { SecureDateTime } from './components/secure-datetime/secure-datetime.js';
17
- export { SecureTable } from './components/secure-table/secure-table.js';
18
- export { SecureSubmitButton } from './components/secure-submit-button/secure-submit-button.js';
19
- export { SecureCard } from './components/secure-card/secure-card.js';
20
- export { SecureTelemetryProvider } from './components/secure-telemetry-provider/secure-telemetry-provider.js';
21
- export { SecurePasswordConfirm } from './components/secure-password-confirm/secure-password-confirm.js';
22
- //# sourceMappingURL=index.js.map
6
+ */import{SecureBaseComponent as o}from"./core/base-component.js";import{SecurityTier as m,TIER_CONFIG as S,getTierConfig as p,isValidTier as u,compareTiers as c,getMoreSecureTier as f,CSP_RECOMMENDATIONS as i,SECURITY_HEADERS as x}from"./core/security-config.js";import{SecureInput as a}from"./components/secure-input/secure-input.js";import{SecureTextarea as l}from"./components/secure-textarea/secure-textarea.js";import{SecureSelect as E}from"./components/secure-select/secure-select.js";import{SecureForm as s}from"./components/secure-form/secure-form.js";import{SecureFileUpload as R}from"./components/secure-file-upload/secure-file-upload.js";import{SecureDateTime as D}from"./components/secure-datetime/secure-datetime.js";import{SecureTable as M}from"./components/secure-table/secure-table.js";import{SecureSubmitButton as O}from"./components/secure-submit-button/secure-submit-button.js";import{SecureCard as _}from"./components/secure-card/secure-card.js";import{SecureTelemetryProvider as y}from"./components/secure-telemetry-provider/secure-telemetry-provider.js";import{SecurePasswordConfirm as B}from"./components/secure-password-confirm/secure-password-confirm.js";export{i as CSP_RECOMMENDATIONS,x as SECURITY_HEADERS,o as SecureBaseComponent,_ as SecureCard,D as SecureDateTime,R as SecureFileUpload,s as SecureForm,a as SecureInput,B as SecurePasswordConfirm,E as SecureSelect,O as SecureSubmitButton,M as SecureTable,y as SecureTelemetryProvider,l as SecureTextarea,m as SecurityTier,S as TIER_CONFIG,c as compareTiers,f as getMoreSecureTier,p as getTierConfig,u as isValidTier};
package/dist/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "secure-ui-components",
3
- "version": "0.2.3",
3
+ "version": "0.2.5",
4
4
  "description": "Security-first web component library with zero dependencies",
5
5
  "type": "module",
6
6
  "main": "./index.js",
@@ -33,7 +33,8 @@
33
33
  "typecheck": "tsc --noEmit",
34
34
  "build:ts": "tsc",
35
35
  "build:css": "node build/css-inliner.js",
36
- "build": "npm run clean && npm run build:ts && npm run build:css",
36
+ "build:minify": "node build/js-minifier.js",
37
+ "build": "npm run clean && npm run build:ts && npm run build:css && npm run build:minify",
37
38
  "build:dev": "npm run build:ts && node build/dev-build.js",
38
39
  "serve": "node server.js",
39
40
  "serve:dev": "node --watch server.js",
@@ -81,6 +82,7 @@
81
82
  "@vitest/coverage-v8": "^4.0.18",
82
83
  "axe-core": "^4.11.1",
83
84
  "cors": "^2.8.5",
85
+ "esbuild": "^0.28.0",
84
86
  "eslint-plugin-security": "^4.0.0",
85
87
  "express": "^4.18.2",
86
88
  "happy-dom": "^20.4.0",
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "secure-ui-components",
3
- "version": "0.2.3",
3
+ "version": "0.2.5",
4
4
  "description": "Security-first web component library with zero dependencies",
5
5
  "type": "module",
6
6
  "main": "./dist/index.js",
@@ -75,7 +75,8 @@
75
75
  "typecheck": "tsc --noEmit",
76
76
  "build:ts": "tsc",
77
77
  "build:css": "node build/css-inliner.js",
78
- "build": "npm run clean && npm run build:ts && npm run build:css",
78
+ "build:minify": "node build/js-minifier.js",
79
+ "build": "npm run clean && npm run build:ts && npm run build:css && npm run build:minify",
79
80
  "build:dev": "npm run build:ts && node build/dev-build.js",
80
81
  "serve": "node server.js",
81
82
  "serve:dev": "node --watch server.js",
@@ -123,6 +124,7 @@
123
124
  "@vitest/coverage-v8": "^4.0.18",
124
125
  "axe-core": "^4.11.1",
125
126
  "cors": "^2.8.5",
127
+ "esbuild": "^0.28.0",
126
128
  "eslint-plugin-security": "^4.0.0",
127
129
  "express": "^4.18.2",
128
130
  "happy-dom": "^20.4.0",