tekivex-ui 3.18.0 → 3.18.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +19 -14
- package/dist/agent.d.ts +3 -0
- package/dist/charts.d.ts +3 -0
- package/dist/experimental.d.ts +3 -0
- package/dist/headless.d.ts +3 -0
- package/dist/i18n.d.ts +3 -0
- package/dist/index.cjs +1 -1
- package/dist/index.d.ts +2 -0
- package/dist/index.js +285 -268
- package/dist/quantum.d.ts +3 -0
- package/dist/realtime.d.ts +3 -0
- package/dist/src/components/TkxMessageThread.d.ts +57 -0
- package/dist/src/components/index.d.ts +1 -0
- package/dist/themes.d.ts +3 -0
- package/package.json +3 -3
package/README.md
CHANGED
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
|
|
5
5
|
**The React component library that ships with a threat model.**
|
|
6
6
|
|
|
7
|
-
WCAG 2.1 AAA (
|
|
7
|
+
WCAG 2.1 AAA target (third-party audit on roadmap, not yet completed) · WAI-ARIA 1.2 · **SecurityCore** (XSS · clickjacking · Trojan Source · CSP · PII · magic-byte MIME · Trusted Types) · **116 production components** (+ 4 experimental, opt-in) · Zero runtime dependencies in core
|
|
8
8
|
|
|
9
9
|
📄 **[Security Threat Model](./docs/SECURITY-THREAT-MODEL.md)** — the only mainstream React UI library that publishes one. 15 STRIDE-mapped threats with CWE references.
|
|
10
10
|
|
|
@@ -14,7 +14,7 @@ WCAG 2.1 AAA (audit-firm engagement open) · WAI-ARIA 1.2 · **SecurityCore** (X
|
|
|
14
14
|
[](https://www.typescriptlang.org/)
|
|
15
15
|
[](https://react.dev/)
|
|
16
16
|
[](https://www.w3.org/TR/WCAG21/)
|
|
17
|
-
[](#testing)
|
|
18
18
|
[](./docs/SECURITY-THREAT-MODEL.md)
|
|
19
19
|
[](https://socket.dev/npm/package/tekivex-ui)
|
|
20
20
|
[](https://ui.tekivex.com/security/sbom.json)
|
|
@@ -35,13 +35,18 @@ npm install tekivex-ui
|
|
|
35
35
|
|
|
36
36
|
TekiVex UI is **pre-1.0** and currently maintained by a single developer
|
|
37
37
|
([007krcs](https://github.com/007krcs)) on `novaai0401@gmail.com`. We
|
|
38
|
-
publish to npm with [provenance attestations](https://docs.npmjs.com/generating-provenance-statements),
|
|
39
38
|
ship a public [CycloneDX SBOM](https://ui.tekivex.com/security/sbom.json),
|
|
40
39
|
a [security threat model](./docs/SECURITY-THREAT-MODEL.md) (15 STRIDE
|
|
41
|
-
threats with CWE refs), and 1,
|
|
40
|
+
threats with CWE refs), and 1,798 tests at the published version — but
|
|
42
41
|
none of that substitutes for the human-scale risk of any pre-1.0,
|
|
43
42
|
single-maintainer library.
|
|
44
43
|
|
|
44
|
+
When published from CI, releases carry npm
|
|
45
|
+
[provenance attestations](https://docs.npmjs.com/generating-provenance-statements).
|
|
46
|
+
Local releases (currently the norm during pre-1.0) do not — verify
|
|
47
|
+
provenance status with `npm view tekivex-ui --json | jq '.dist.attestations'`
|
|
48
|
+
if it matters to your supply-chain policy.
|
|
49
|
+
|
|
45
50
|
**Honest guidance:**
|
|
46
51
|
|
|
47
52
|
- **Pin your version** (`"tekivex-ui": "3.18.0"`, not `"^3.18.0"`) until v4.0
|
|
@@ -49,7 +54,7 @@ single-maintainer library.
|
|
|
49
54
|
- **Audit the SBOM** at [`ui.tekivex.com/security/sbom.json`](https://ui.tekivex.com/security/sbom.json) — verifies zero runtime deps
|
|
50
55
|
- **Verify the package** with `npm view tekivex-ui` before installing if you're concerned about typosquats (the legitimate name is exactly `tekivex-ui`)
|
|
51
56
|
- **Check Socket.dev** [](https://socket.dev/npm/package/tekivex-ui) for supply-chain risk score
|
|
52
|
-
- **For regulated-industry teams**:
|
|
57
|
+
- **For regulated-industry teams**: we're open to design-partner collaborations with regulated-industry teams — see [`docs/design-partners/README.md`](./docs/design-partners/README.md) for the playbook. No reserved slots, no formal program in place yet; reach out if it fits your situation.
|
|
53
58
|
|
|
54
59
|
**Expect breaking changes at v4.0** — see [docs/ROADMAP.md](./docs/ROADMAP.md).
|
|
55
60
|
Until then, the API surface marked stable will not break in minor or
|
|
@@ -106,7 +111,7 @@ Portal3D, Avatar3D — 14 primitives at source v0.7).
|
|
|
106
111
|
|
|
107
112
|
| Feature | TekiVex UI | MUI | Ant Design | Mantine | shadcn/ui |
|
|
108
113
|
|---|:---:|:---:|:---:|:---:|:---:|
|
|
109
|
-
| WCAG **AAA** target (third-party audit
|
|
114
|
+
| WCAG **AAA** target (third-party audit on roadmap, not yet completed) | ✅ | ❌ | ❌ | ❌ | ❌ |
|
|
110
115
|
| **XSS** — string props sanitised by default across all text components | ✅ | ❌ | ❌ | ❌ | ❌ |
|
|
111
116
|
| **Clickjacking** — `isFramed()` detection + `frame-ancestors` CSP | ✅ | ❌ | ❌ | ❌ | ❌ |
|
|
112
117
|
| **Trojan Source** — bidi/zero-width stripped from text inputs | ✅ | ❌ | ❌ | ❌ | ❌ |
|
|
@@ -119,7 +124,7 @@ Portal3D, Avatar3D — 14 primitives at source v0.7).
|
|
|
119
124
|
| Tamper-evident SHA-256 hash-chained audit trail | ✅ | ❌ | ❌ | ❌ | ❌ |
|
|
120
125
|
| Published threat model | ✅ | ❌ | ❌ | ❌ | ❌ |
|
|
121
126
|
| Full-featured DataGrid — **free** | ✅ | 💰 Pro | Partial | Partial | ❌ |
|
|
122
|
-
|
|
|
127
|
+
| 116 production components — **free** | ✅ | ✅ | ✅ | ✅ | 30 |
|
|
123
128
|
| Hooks layer (a11y, theme, i18n) | ✅ | ❌ | ❌ | ✅ | ✅ |
|
|
124
129
|
| i18n — 44 locales incl. RTL | ✅ | ✅ | ✅ | Partial | ❌ |
|
|
125
130
|
| Plugin-extensible CSS engine | ✅ | ❌ | ❌ | ❌ | ❌ |
|
|
@@ -518,17 +523,17 @@ const aaa = meetsAAA('#00f5d4', '#0a0a1a'); // → true (≥ 7:1)
|
|
|
518
523
|
```
|
|
519
524
|
|
|
520
525
|
**What's unique:**
|
|
521
|
-
- 🛡️ **
|
|
522
|
-
- 📋 **
|
|
526
|
+
- 🛡️ **String-prop sanitisation by default** — `sanitizeString` runs on string props across components without opt-in
|
|
527
|
+
- 📋 **Tamper-evident audit trail** — SHA-256 hash-chained append-only log for compliance / SIEM
|
|
523
528
|
- 🎨 **Built-in WCAG checker** — `contrastRatio()`, `meetsAA()`, `meetsAAA()` available anywhere
|
|
524
529
|
|
|
525
530
|
---
|
|
526
531
|
|
|
527
532
|
## Accessibility
|
|
528
533
|
|
|
529
|
-
|
|
534
|
+
We target **WCAG 2.1 AAA** — the highest accessibility standard. Self-tested against the criteria below; **a third-party audit is on the roadmap and has not been completed.** Treat this section as our internal compliance target, not a certification.
|
|
530
535
|
|
|
531
|
-
- ✅ Contrast ratio ≥ **7:1** for all text (AAA, not just AA's 4.5:1)
|
|
536
|
+
- ✅ Contrast ratio ≥ **7:1** for all text (AAA, not just AA's 4.5:1) — verified via internal `meetsAAA()` helper
|
|
532
537
|
- ✅ Full **keyboard navigation** — Tab, Enter, Space, Arrow keys, Escape
|
|
533
538
|
- ✅ Correct **ARIA roles, states & properties** (WAI-ARIA 1.2)
|
|
534
539
|
- ✅ **Focus management** — focus trap in modals, visible focus rings
|
|
@@ -599,7 +604,7 @@ npm install
|
|
|
599
604
|
# Build the library
|
|
600
605
|
npm run build
|
|
601
606
|
|
|
602
|
-
# Run all
|
|
607
|
+
# Run all 1798 tests
|
|
603
608
|
npm test
|
|
604
609
|
|
|
605
610
|
# Run tests with coverage report
|
|
@@ -629,11 +634,11 @@ npm run security:audit
|
|
|
629
634
|
## Testing
|
|
630
635
|
|
|
631
636
|
```
|
|
632
|
-
90 dedicated component test files ·
|
|
637
|
+
90 dedicated component test files · 1798 tests · 0 failures · 1 todo
|
|
633
638
|
Coverage: 64.84% lines · 51.10% functions · 56.77% branches · 61.41% statements (ratchet enforced in CI)
|
|
634
639
|
```
|
|
635
640
|
|
|
636
|
-
Coverage includes dedicated unit tests for 88 of
|
|
641
|
+
Coverage includes dedicated unit tests for 88 of 116 production components plus smoke coverage for the rest, 7 chart types, headless hooks (incl. useWebSocket / useSSE / useMediaQuery), the TKX CSS engine, the WCAG engine, the security (Shield) engine, the i18n provider, and Indian KYC validators (Aadhaar Verhoeff, PAN, Voter ID, DL).
|
|
637
642
|
|
|
638
643
|
Coverage thresholds are enforced as a CI ratchet in `vitest.config.ts` — the floor never drops between releases. Path to 90/90/85 is documented in [`docs/test-coverage-roadmap.md`](./docs/test-coverage-roadmap.md).
|
|
639
644
|
|
package/dist/agent.d.ts
ADDED
package/dist/charts.d.ts
ADDED
package/dist/i18n.d.ts
ADDED