tekivex-ui 3.18.0 → 3.18.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +13 -8
- package/dist/agent.d.ts +3 -0
- package/dist/charts.d.ts +3 -0
- package/dist/experimental.d.ts +3 -0
- package/dist/headless.d.ts +3 -0
- package/dist/i18n.d.ts +3 -0
- package/dist/quantum.d.ts +3 -0
- package/dist/realtime.d.ts +3 -0
- package/dist/themes.d.ts +3 -0
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
|
|
5
5
|
**The React component library that ships with a threat model.**
|
|
6
6
|
|
|
7
|
-
WCAG 2.1 AAA (
|
|
7
|
+
WCAG 2.1 AAA target (third-party audit on roadmap, not yet completed) · WAI-ARIA 1.2 · **SecurityCore** (XSS · clickjacking · Trojan Source · CSP · PII · magic-byte MIME · Trusted Types) · **115 production components** (+ 4 experimental, opt-in) · Zero runtime dependencies in core
|
|
8
8
|
|
|
9
9
|
📄 **[Security Threat Model](./docs/SECURITY-THREAT-MODEL.md)** — the only mainstream React UI library that publishes one. 15 STRIDE-mapped threats with CWE references.
|
|
10
10
|
|
|
@@ -35,13 +35,18 @@ npm install tekivex-ui
|
|
|
35
35
|
|
|
36
36
|
TekiVex UI is **pre-1.0** and currently maintained by a single developer
|
|
37
37
|
([007krcs](https://github.com/007krcs)) on `novaai0401@gmail.com`. We
|
|
38
|
-
publish to npm with [provenance attestations](https://docs.npmjs.com/generating-provenance-statements),
|
|
39
38
|
ship a public [CycloneDX SBOM](https://ui.tekivex.com/security/sbom.json),
|
|
40
39
|
a [security threat model](./docs/SECURITY-THREAT-MODEL.md) (15 STRIDE
|
|
41
40
|
threats with CWE refs), and 1,777 tests at the published version — but
|
|
42
41
|
none of that substitutes for the human-scale risk of any pre-1.0,
|
|
43
42
|
single-maintainer library.
|
|
44
43
|
|
|
44
|
+
When published from CI, releases carry npm
|
|
45
|
+
[provenance attestations](https://docs.npmjs.com/generating-provenance-statements).
|
|
46
|
+
Local releases (currently the norm during pre-1.0) do not — verify
|
|
47
|
+
provenance status with `npm view tekivex-ui --json | jq '.dist.attestations'`
|
|
48
|
+
if it matters to your supply-chain policy.
|
|
49
|
+
|
|
45
50
|
**Honest guidance:**
|
|
46
51
|
|
|
47
52
|
- **Pin your version** (`"tekivex-ui": "3.18.0"`, not `"^3.18.0"`) until v4.0
|
|
@@ -49,7 +54,7 @@ single-maintainer library.
|
|
|
49
54
|
- **Audit the SBOM** at [`ui.tekivex.com/security/sbom.json`](https://ui.tekivex.com/security/sbom.json) — verifies zero runtime deps
|
|
50
55
|
- **Verify the package** with `npm view tekivex-ui` before installing if you're concerned about typosquats (the legitimate name is exactly `tekivex-ui`)
|
|
51
56
|
- **Check Socket.dev** [](https://socket.dev/npm/package/tekivex-ui) for supply-chain risk score
|
|
52
|
-
- **For regulated-industry teams**:
|
|
57
|
+
- **For regulated-industry teams**: we're open to design-partner collaborations with regulated-industry teams — see [`docs/design-partners/README.md`](./docs/design-partners/README.md) for the playbook. No reserved slots, no formal program in place yet; reach out if it fits your situation.
|
|
53
58
|
|
|
54
59
|
**Expect breaking changes at v4.0** — see [docs/ROADMAP.md](./docs/ROADMAP.md).
|
|
55
60
|
Until then, the API surface marked stable will not break in minor or
|
|
@@ -106,7 +111,7 @@ Portal3D, Avatar3D — 14 primitives at source v0.7).
|
|
|
106
111
|
|
|
107
112
|
| Feature | TekiVex UI | MUI | Ant Design | Mantine | shadcn/ui |
|
|
108
113
|
|---|:---:|:---:|:---:|:---:|:---:|
|
|
109
|
-
| WCAG **AAA** target (third-party audit
|
|
114
|
+
| WCAG **AAA** target (third-party audit on roadmap, not yet completed) | ✅ | ❌ | ❌ | ❌ | ❌ |
|
|
110
115
|
| **XSS** — string props sanitised by default across all text components | ✅ | ❌ | ❌ | ❌ | ❌ |
|
|
111
116
|
| **Clickjacking** — `isFramed()` detection + `frame-ancestors` CSP | ✅ | ❌ | ❌ | ❌ | ❌ |
|
|
112
117
|
| **Trojan Source** — bidi/zero-width stripped from text inputs | ✅ | ❌ | ❌ | ❌ | ❌ |
|
|
@@ -518,17 +523,17 @@ const aaa = meetsAAA('#00f5d4', '#0a0a1a'); // → true (≥ 7:1)
|
|
|
518
523
|
```
|
|
519
524
|
|
|
520
525
|
**What's unique:**
|
|
521
|
-
- 🛡️ **
|
|
522
|
-
- 📋 **
|
|
526
|
+
- 🛡️ **String-prop sanitisation by default** — `sanitizeString` runs on string props across components without opt-in
|
|
527
|
+
- 📋 **Tamper-evident audit trail** — SHA-256 hash-chained append-only log for compliance / SIEM
|
|
523
528
|
- 🎨 **Built-in WCAG checker** — `contrastRatio()`, `meetsAA()`, `meetsAAA()` available anywhere
|
|
524
529
|
|
|
525
530
|
---
|
|
526
531
|
|
|
527
532
|
## Accessibility
|
|
528
533
|
|
|
529
|
-
|
|
534
|
+
We target **WCAG 2.1 AAA** — the highest accessibility standard. Self-tested against the criteria below; **a third-party audit is on the roadmap and has not been completed.** Treat this section as our internal compliance target, not a certification.
|
|
530
535
|
|
|
531
|
-
- ✅ Contrast ratio ≥ **7:1** for all text (AAA, not just AA's 4.5:1)
|
|
536
|
+
- ✅ Contrast ratio ≥ **7:1** for all text (AAA, not just AA's 4.5:1) — verified via internal `meetsAAA()` helper
|
|
532
537
|
- ✅ Full **keyboard navigation** — Tab, Enter, Space, Arrow keys, Escape
|
|
533
538
|
- ✅ Correct **ARIA roles, states & properties** (WAI-ARIA 1.2)
|
|
534
539
|
- ✅ **Focus management** — focus trap in modals, visible focus rings
|
package/dist/agent.d.ts
ADDED
package/dist/charts.d.ts
ADDED
package/dist/i18n.d.ts
ADDED
package/dist/themes.d.ts
ADDED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "tekivex-ui",
|
|
3
|
-
"version": "3.18.
|
|
3
|
+
"version": "3.18.1",
|
|
4
4
|
"description": "Production-grade React component library — 115 components (plus 4 experimental, opt-in), WCAG 2.1 AAA, WAI-ARIA 1.2, built-in security kernel with published threat model, built-in charts, headless primitives, zero-runtime CSS engine, 44-locale i18n, Indian KYC pack, agent runtime (Anthropic/OpenAI/Gemini/Ollama/MCP/A2A), TypeScript-first.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.cjs",
|
|
@@ -64,7 +64,7 @@
|
|
|
64
64
|
"LICENSE"
|
|
65
65
|
],
|
|
66
66
|
"scripts": {
|
|
67
|
-
"build": "node scripts/build-all-entries.mjs && tsc --emitDeclarationOnly",
|
|
67
|
+
"build": "node scripts/build-all-entries.mjs && tsc --emitDeclarationOnly && node scripts/emit-dts-shims.mjs",
|
|
68
68
|
"dev": "vite",
|
|
69
69
|
"test": "vitest run",
|
|
70
70
|
"test:watch": "vitest",
|