tekivex-ui 3.18.0 → 3.18.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -4,7 +4,7 @@
4
4
 
5
5
  **The React component library that ships with a threat model.**
6
6
 
7
- WCAG 2.1 AAA (audit-firm engagement open) · WAI-ARIA 1.2 · **SecurityCore** (XSS · clickjacking · Trojan Source · CSP · PII · magic-byte MIME · Trusted Types) · **115 production components** (+ 4 experimental, opt-in) · Zero runtime dependencies in core
7
+ WCAG 2.1 AAA target (third-party audit on roadmap, not yet completed) · WAI-ARIA 1.2 · **SecurityCore** (XSS · clickjacking · Trojan Source · CSP · PII · magic-byte MIME · Trusted Types) · **115 production components** (+ 4 experimental, opt-in) · Zero runtime dependencies in core
8
8
 
9
9
  📄 **[Security Threat Model](./docs/SECURITY-THREAT-MODEL.md)** — the only mainstream React UI library that publishes one. 15 STRIDE-mapped threats with CWE references.
10
10
 
@@ -35,13 +35,18 @@ npm install tekivex-ui
35
35
 
36
36
  TekiVex UI is **pre-1.0** and currently maintained by a single developer
37
37
  ([007krcs](https://github.com/007krcs)) on `novaai0401@gmail.com`. We
38
- publish to npm with [provenance attestations](https://docs.npmjs.com/generating-provenance-statements),
39
38
  ship a public [CycloneDX SBOM](https://ui.tekivex.com/security/sbom.json),
40
39
  a [security threat model](./docs/SECURITY-THREAT-MODEL.md) (15 STRIDE
41
40
  threats with CWE refs), and 1,777 tests at the published version — but
42
41
  none of that substitutes for the human-scale risk of any pre-1.0,
43
42
  single-maintainer library.
44
43
 
44
+ When published from CI, releases carry npm
45
+ [provenance attestations](https://docs.npmjs.com/generating-provenance-statements).
46
+ Local releases (currently the norm during pre-1.0) do not — verify
47
+ provenance status with `npm view tekivex-ui --json | jq '.dist.attestations'`
48
+ if it matters to your supply-chain policy.
49
+
45
50
  **Honest guidance:**
46
51
 
47
52
  - **Pin your version** (`"tekivex-ui": "3.18.0"`, not `"^3.18.0"`) until v4.0
@@ -49,7 +54,7 @@ single-maintainer library.
49
54
  - **Audit the SBOM** at [`ui.tekivex.com/security/sbom.json`](https://ui.tekivex.com/security/sbom.json) — verifies zero runtime deps
50
55
  - **Verify the package** with `npm view tekivex-ui` before installing if you're concerned about typosquats (the legitimate name is exactly `tekivex-ui`)
51
56
  - **Check Socket.dev** [![Socket.dev](https://socket.dev/api/badge/npm/package/tekivex-ui)](https://socket.dev/npm/package/tekivex-ui) for supply-chain risk score
52
- - **For regulated-industry teams**: the [design-partner program](./docs/design-partners/README.md) gets a direct Slack channel + priority response + custom-components on demand. Free.
57
+ - **For regulated-industry teams**: we're open to design-partner collaborations with regulated-industry teams — see [`docs/design-partners/README.md`](./docs/design-partners/README.md) for the playbook. No reserved slots, no formal program in place yet; reach out if it fits your situation.
53
58
 
54
59
  **Expect breaking changes at v4.0** — see [docs/ROADMAP.md](./docs/ROADMAP.md).
55
60
  Until then, the API surface marked stable will not break in minor or
@@ -106,7 +111,7 @@ Portal3D, Avatar3D — 14 primitives at source v0.7).
106
111
 
107
112
  | Feature | TekiVex UI | MUI | Ant Design | Mantine | shadcn/ui |
108
113
  |---|:---:|:---:|:---:|:---:|:---:|
109
- | WCAG **AAA** target (third-party audit-firm engagement open) | ✅ | ❌ | ❌ | ❌ | ❌ |
114
+ | WCAG **AAA** target (third-party audit on roadmap, not yet completed) | ✅ | ❌ | ❌ | ❌ | ❌ |
110
115
  | **XSS** — string props sanitised by default across all text components | ✅ | ❌ | ❌ | ❌ | ❌ |
111
116
  | **Clickjacking** — `isFramed()` detection + `frame-ancestors` CSP | ✅ | ❌ | ❌ | ❌ | ❌ |
112
117
  | **Trojan Source** — bidi/zero-width stripped from text inputs | ✅ | ❌ | ❌ | ❌ | ❌ |
@@ -518,17 +523,17 @@ const aaa = meetsAAA('#00f5d4', '#0a0a1a'); // → true (≥ 7:1)
518
523
  ```
519
524
 
520
525
  **What's unique:**
521
- - 🛡️ **Automatic sanitisation** — no opt-in needed, every prop is safe by default
522
- - 📋 **Immutable audit trail** — append-only log of all security events for compliance / SIEM
526
+ - 🛡️ **String-prop sanitisation by default** — `sanitizeString` runs on string props across components without opt-in
527
+ - 📋 **Tamper-evident audit trail** — SHA-256 hash-chained append-only log for compliance / SIEM
523
528
  - 🎨 **Built-in WCAG checker** — `contrastRatio()`, `meetsAA()`, `meetsAAA()` available anywhere
524
529
 
525
530
  ---
526
531
 
527
532
  ## Accessibility
528
533
 
529
- Every component meets **WCAG 2.1 AAA** — the highest accessibility standard:
534
+ We target **WCAG 2.1 AAA** — the highest accessibility standard. Self-tested against the criteria below; **a third-party audit is on the roadmap and has not been completed.** Treat this section as our internal compliance target, not a certification.
530
535
 
531
- - ✅ Contrast ratio ≥ **7:1** for all text (AAA, not just AA's 4.5:1)
536
+ - ✅ Contrast ratio ≥ **7:1** for all text (AAA, not just AA's 4.5:1) — verified via internal `meetsAAA()` helper
532
537
  - ✅ Full **keyboard navigation** — Tab, Enter, Space, Arrow keys, Escape
533
538
  - ✅ Correct **ARIA roles, states & properties** (WAI-ARIA 1.2)
534
539
  - ✅ **Focus management** — focus trap in modals, visible focus rings
@@ -0,0 +1,3 @@
1
+ // Auto-generated by scripts/emit-dts-shims.mjs — re-exports the per-entry
2
+ // declarations that tsc emits under dist/src/. See package.json exports.
3
+ export * from './src/agent/index';
@@ -0,0 +1,3 @@
1
+ // Auto-generated by scripts/emit-dts-shims.mjs — re-exports the per-entry
2
+ // declarations that tsc emits under dist/src/. See package.json exports.
3
+ export * from './src/charts/index';
@@ -0,0 +1,3 @@
1
+ // Auto-generated by scripts/emit-dts-shims.mjs — re-exports the per-entry
2
+ // declarations that tsc emits under dist/src/. See package.json exports.
3
+ export * from './src/experimental/index';
@@ -0,0 +1,3 @@
1
+ // Auto-generated by scripts/emit-dts-shims.mjs — re-exports the per-entry
2
+ // declarations that tsc emits under dist/src/. See package.json exports.
3
+ export * from './src/headless/index';
package/dist/i18n.d.ts ADDED
@@ -0,0 +1,3 @@
1
+ // Auto-generated by scripts/emit-dts-shims.mjs — re-exports the per-entry
2
+ // declarations that tsc emits under dist/src/. See package.json exports.
3
+ export * from './src/i18n/index';
@@ -0,0 +1,3 @@
1
+ // Auto-generated by scripts/emit-dts-shims.mjs — re-exports the per-entry
2
+ // declarations that tsc emits under dist/src/. See package.json exports.
3
+ export * from './src/quantum/index';
@@ -0,0 +1,3 @@
1
+ // Auto-generated by scripts/emit-dts-shims.mjs — re-exports the per-entry
2
+ // declarations that tsc emits under dist/src/. See package.json exports.
3
+ export * from './src/realtime/index';
@@ -0,0 +1,3 @@
1
+ // Auto-generated by scripts/emit-dts-shims.mjs — re-exports the per-entry
2
+ // declarations that tsc emits under dist/src/. See package.json exports.
3
+ export * from './src/themes/index';
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "tekivex-ui",
3
- "version": "3.18.0",
3
+ "version": "3.18.1",
4
4
  "description": "Production-grade React component library — 115 components (plus 4 experimental, opt-in), WCAG 2.1 AAA, WAI-ARIA 1.2, built-in security kernel with published threat model, built-in charts, headless primitives, zero-runtime CSS engine, 44-locale i18n, Indian KYC pack, agent runtime (Anthropic/OpenAI/Gemini/Ollama/MCP/A2A), TypeScript-first.",
5
5
  "type": "module",
6
6
  "main": "./dist/index.cjs",
@@ -64,7 +64,7 @@
64
64
  "LICENSE"
65
65
  ],
66
66
  "scripts": {
67
- "build": "node scripts/build-all-entries.mjs && tsc --emitDeclarationOnly",
67
+ "build": "node scripts/build-all-entries.mjs && tsc --emitDeclarationOnly && node scripts/emit-dts-shims.mjs",
68
68
  "dev": "vite",
69
69
  "test": "vitest run",
70
70
  "test:watch": "vitest",