uxinspect 0.2.0 → 0.11.0

package/dist/cross-browser.js

@@ -0,0 +1,300 @@
+import { promises as fs } from 'node:fs';
+import path from 'node:path';
+import { PNG } from 'pngjs';
+import pixelmatch from 'pixelmatch';
+const DEFAULT_ENGINES = ['chromium', 'firefox', 'webkit'];
+const DEFAULT_PIXEL_THRESHOLD = 0.02;
+const PIXELMATCH_THRESHOLD = 0.1;
+const METRIC_LABELS = {
+    perfLcp: 'perfLcp',
+    perfCls: 'perfCls',
+    a11yCriticals: 'a11yCriticals',
+    visualDiffs: 'visualDiffs',
+    consoleErrorCount: 'consoleErrorCount',
+};
+async function fileExists(p) {
+    try {
+        await fs.access(p);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+async function readPng(p) {
+    try {
+        const bytes = await fs.readFile(p);
+        return PNG.sync.read(bytes);
+    }
+    catch {
+        return null;
+    }
+}
+function cloneConfigForEngine(config, engine, engineOutDir) {
+    return {
+        ...config,
+        browser: engine,
+        output: {
+            ...(config.output ?? {}),
+            dir: path.join(engineOutDir, 'report'),
+            baselineDir: path.join(engineOutDir, 'baselines'),
+        },
+    };
+}
+function countA11yCriticals(result) {
+    if (!result.a11y)
+        return 0;
+    let n = 0;
+    for (const page of result.a11y) {
+        for (const v of page.violations) {
+            if (v.impact === 'critical')
+                n++;
+        }
+    }
+    return n;
+}
+function countVisualDiffs(result) {
+    if (!result.visual)
+        return 0;
+    let n = 0;
+    for (const v of result.visual) {
+        if (!v.passed)
+            n++;
+    }
+    return n;
+}
+function countConsoleErrors(result) {
+    if (!result.consoleErrors)
+        return 0;
+    let n = 0;
+    for (const c of result.consoleErrors)
+        n += c.errorCount;
+    return n;
+}
+function avgLcp(result) {
+    if (!result.perf || result.perf.length === 0)
+        return undefined;
+    let sum = 0;
+    for (const p of result.perf)
+        sum += p.metrics.lcp;
+    return Math.round(sum / result.perf.length);
+}
+function avgCls(result) {
+    if (!result.perf || result.perf.length === 0)
+        return undefined;
+    let sum = 0;
+    for (const p of result.perf)
+        sum += p.metrics.cls;
+    return sum / result.perf.length;
+}
+function summarizeResult(engine, result, durationMs) {
+    return {
+        engine,
+        passed: result.passed,
+        durationMs,
+        perfLcp: avgLcp(result),
+        perfCls: avgCls(result),
+        a11yCriticals: countA11yCriticals(result),
+        visualDiffs: countVisualDiffs(result),
+        consoleErrorCount: countConsoleErrors(result),
+    };
+}
+function enumerateFlowViewports(config) {
+    const flows = config.flows ?? [{ name: 'load', steps: [{ goto: config.url }] }];
+    const viewports = config.viewports ?? [{ name: 'desktop', width: 1280, height: 800 }];
+    const pairs = [];
+    for (const f of flows) {
+        for (const v of viewports) {
+            pairs.push({ flow: f.name, viewport: v.name });
+        }
+    }
+    return pairs;
+}
+function screenshotPath(outDir, engine, flow, viewport) {
+    return path.join(outDir, engine, 'report', 'current', `${flow}-${viewport}.png`);
+}
+async function diffPair(outDir, engineA, engineB, flow, viewport) {
+    const pathA = screenshotPath(outDir, engineA, flow, viewport);
+    const pathB = screenshotPath(outDir, engineB, flow, viewport);
+    const existsA = await fileExists(pathA);
+    const existsB = await fileExists(pathB);
+    if (!existsA || !existsB)
+        return null;
+    const pngA = await readPng(pathA);
+    const pngB = await readPng(pathB);
+    if (!pngA || !pngB)
+        return null;
+    const diffDir = path.join(outDir, 'diffs', `${engineA}-vs-${engineB}`);
+    await fs.mkdir(diffDir, { recursive: true });
+    const diffPath = path.join(diffDir, `${flow}-${viewport}.png`);
+    if (pngA.width !== pngB.width || pngA.height !== pngB.height) {
+        const w = Math.max(pngA.width, pngB.width);
+        const h = Math.max(pngA.height, pngB.height);
+        const marker = new PNG({ width: w, height: h });
+        await fs.writeFile(diffPath, PNG.sync.write(marker));
+        return {
+            engineA,
+            engineB,
+            flow,
+            viewport,
+            diffRatio: 1,
+            diffPixels: w * h,
+            diffPath,
+        };
+    }
+    const { width, height } = pngA;
+    const diff = new PNG({ width, height });
+    const diffPixels = pixelmatch(pngA.data, pngB.data, diff.data, width, height, {
+        threshold: PIXELMATCH_THRESHOLD,
+    });
+    await fs.writeFile(diffPath, PNG.sync.write(diff));
+    const diffRatio = width * height > 0 ? diffPixels / (width * height) : 0;
+    return { engineA, engineB, flow, viewport, diffRatio, diffPixels, diffPath };
+}
+function numericOutcomeValue(outcome, key) {
+    const v = outcome[key];
+    return typeof v === 'number' ? v : 0;
+}
+function buildMetricDeltas(outcomes) {
+    const deltas = [];
+    const keys = Object.keys(METRIC_LABELS);
+    for (let i = 0; i < outcomes.length; i++) {
+        for (let j = i + 1; j < outcomes.length; j++) {
+            const a = outcomes[i];
+            const b = outcomes[j];
+            if (!a || !b)
+                continue;
+            for (const key of keys) {
+                const aVal = numericOutcomeValue(a, key);
+                const bVal = numericOutcomeValue(b, key);
+                if (a[key] === undefined && b[key] === undefined)
+                    continue;
+                const delta = Math.abs(aVal - bVal);
+                const denom = Math.max(aVal, bVal, 1);
+                deltas.push({
+                    metric: METRIC_LABELS[key],
+                    engineA: a.engine,
+                    engineB: b.engine,
+                    delta,
+                    ratio: delta / denom,
+                });
+            }
+        }
+    }
+    return deltas;
+}
+function buildDivergenceLines(config, perEngineResults, outcomes) {
+    const lines = [];
+    const outcomeByEngine = new Map();
+    for (const o of outcomes)
+        outcomeByEngine.set(o.engine, o);
+    const statuses = outcomes.map((o) => `${o.engine}:${o.passed ? 'pass' : 'fail'}`);
+    const uniqueStatuses = new Set(outcomes.map((o) => o.passed));
+    if (uniqueStatuses.size > 1) {
+        lines.push(`overall: engines diverge (${statuses.join(', ')})`);
+    }
+    const pairs = enumerateFlowViewports(config);
+    for (const { flow, viewport } of pairs) {
+        const perEngine = [];
+        for (const [engine, result] of perEngineResults.entries()) {
+            if (!result) {
+                perEngine.push({ engine, passed: null });
+                continue;
+            }
+            const flowResult = result.flows.find((f) => f.name === flow);
+            const visualResult = result.visual?.find((v) => v.viewport === viewport && (v.current.includes(`${flow}-${viewport}`) || v.baseline.includes(`${flow}-${viewport}`)));
+            const passed = flowResult === undefined
+                ? null
+                : flowResult.passed && (visualResult ? visualResult.passed : true);
+            perEngine.push({ engine, passed });
+        }
+        const known = perEngine.filter((p) => p.passed !== null);
+        if (known.length < 2)
+            continue;
+        const distinct = new Set(known.map((p) => p.passed));
+        if (distinct.size > 1) {
+            const passes = known.filter((p) => p.passed === true).map((p) => p.engine);
+            const fails = known.filter((p) => p.passed === false).map((p) => p.engine);
+            lines.push(`flow ${flow} @ ${viewport}: passed on ${passes.join('+') || 'none'}, failed on ${fails.join('+') || 'none'}`);
+        }
+    }
+    return lines;
+}
+async function loadInspect() {
+    const mod = (await import('./index.js'));
+    return mod.inspect;
+}
+export async function runCrossBrowser(config, opts) {
+    const engines = opts.engines ?? DEFAULT_ENGINES;
+    const threshold = opts.pixelDiffThreshold ?? DEFAULT_PIXEL_THRESHOLD;
+    const outDir = path.resolve(opts.outDir);
+    await fs.mkdir(outDir, { recursive: true });
+    const inspect = await loadInspect();
+    const outcomes = [];
+    const perEngineResults = new Map();
+    for (const engine of engines) {
+        const engineOutDir = path.join(outDir, engine);
+        await fs.mkdir(engineOutDir, { recursive: true });
+        const engineConfig = cloneConfigForEngine(config, engine, engineOutDir);
+        const started = Date.now();
+        try {
+            const result = await inspect(engineConfig);
+            const durationMs = Date.now() - started;
+            perEngineResults.set(engine, result);
+            outcomes.push(summarizeResult(engine, result, durationMs));
+        }
+        catch (err) {
+            const durationMs = Date.now() - started;
+            const message = err instanceof Error ? err.message : String(err);
+            perEngineResults.set(engine, null);
+            outcomes.push({
+                engine,
+                passed: false,
+                durationMs,
+                a11yCriticals: 0,
+                visualDiffs: 0,
+                consoleErrorCount: 0,
+                error: message,
+            });
+        }
+    }
+    const flowVpPairs = enumerateFlowViewports(config);
+    const pairJobs = [];
+    for (let i = 0; i < engines.length; i++) {
+        for (let j = i + 1; j < engines.length; j++) {
+            const a = engines[i];
+            const b = engines[j];
+            if (!a || !b)
+                continue;
+            const resA = perEngineResults.get(a);
+            const resB = perEngineResults.get(b);
+            if (!resA || !resB)
+                continue;
+            for (const { flow, viewport } of flowVpPairs) {
+                pairJobs.push(diffPair(outDir, a, b, flow, viewport));
+            }
+        }
+    }
+    const diffResults = await Promise.all(pairJobs);
+    const screenshotDiffs = [];
+    for (const d of diffResults) {
+        if (d)
+            screenshotDiffs.push(d);
+    }
+    const metricDeltas = buildMetricDeltas(outcomes);
+    const divergent = buildDivergenceLines(config, perEngineResults, outcomes);
+    const allEnginesPassed = outcomes.every((o) => o.passed);
+    const allDiffsUnderThreshold = screenshotDiffs.every((d) => d.diffRatio <= threshold);
+    const passed = allEnginesPassed && allDiffsUnderThreshold;
+    return {
+        url: config.url,
+        engines,
+        outcomes,
+        screenshotDiffs,
+        metricDeltas,
+        divergent,
+        passed,
+        outDir,
+    };
+}
+//# sourceMappingURL=cross-browser.js.map

package/dist/cross-browser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cross-browser.js","sourceRoot":"","sources":["../src/cross-browser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,GAAG,EAAE,MAAM,OAAO,CAAC;AAC5B,OAAO,UAAU,MAAM,YAAY,CAAC;AAgDpC,MAAM,eAAe,GAAoB,CAAC,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;AAC3E,MAAM,uBAAuB,GAAG,IAAI,CAAC;AACrC,MAAM,oBAAoB,GAAG,GAAG,CAAC;AAEjC,MAAM,aAAa,GAAG;IACpB,OAAO,EAAE,SAAS;IAClB,OAAO,EAAE,SAAS;IAClB,aAAa,EAAE,eAAe;IAC9B,WAAW,EAAE,aAAa;IAC1B,iBAAiB,EAAE,mBAAmB;CAC9B,CAAC;AAIX,KAAK,UAAU,UAAU,CAAC,CAAS;IACjC,IAAI,CAAC;QACH,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,KAAK,UAAU,OAAO,CAAC,CAAS;IAC9B,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QACnC,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAC3B,MAAqB,EACrB,MAAqB,EACrB,YAAoB;IAEpB,OAAO;QACL,GAAG,MAAM;QACT,OAAO,EAAE,MAAM;QACf,MAAM,EAAE;YACN,GAAG,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC;YACxB,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC;YACtC,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,WAAW,CAAC;SAClD;KACF,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,MAAqB;IAC/C,IAAI,CAAC,MAAM,CAAC,IAAI;QAAE,OAAO,CAAC,CAAC;IAC3B,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;QAC/B,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YAChC,IAAI,CAAC,CAAC,MAAM,KAAK,UAAU;gBAAE,CAAC,EAAE,CAAC;QACnC,CAAC;IACH,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,gBAAgB,CAAC,MAAqB;IAC7C,IAAI,CAAC,MAAM,CAAC,MAAM;QAAE,OAAO,CAAC,CAAC;IAC7B,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9B,IAAI,CAAC,CAAC,CAAC,MAAM;YAAE,CAAC,EAAE,CAAC;IACrB,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,kBAAkB,CAAC,MAAqB;IAC/C,IAAI,CAAC,MAAM,CAAC,aAAa;QAAE,OAAO,CAAC,CAAC;IACpC,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,aAAa;QAAE,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC;IACxD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,MAAM,CAAC,MAAqB;IACnC,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IAC/D,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,IAAI;QAAE,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IAClD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC9C,CAAC;AAED,SAAS,MAAM,CAAC,MAAqB;IACnC,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IAC/D,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,IAAI;QAAE,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IAClD,OAAO,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;AAClC,CAAC;AAED,SAAS,eAAe,CACtB,MAAqB,EACrB,MAAqB,EACrB,UAAkB;IAElB,OAAO;QACL,MAAM;QACN,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,UAAU;QACV,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC;QACvB,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC;QACvB,aAAa,EAAE,kBAAkB,CAAC,MAAM,CAAC;QACzC,WAAW,EAAE,gBAAgB,CAAC,MAAM,CAAC;QACrC,iBAAiB,EAAE,kBAAkB,CAAC,MAAM,CAAC;KAC9C,CAAC;AACJ,CAAC;AAED,SAAS,sBAAsB,CAC7B,MAAqB;IAErB,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;IAChF,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IACtF,MAAM,KAAK,GAA8C,EAAE,CAAC;IAC5D,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;YAC1B,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,cAAc,CAAC,MAAc,EAAE,MAAqB,EAAE,IAAY,EAAE,QAAgB;IAC3F,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,IAAI,IAAI,QAAQ,MAAM,CAAC,CAAC;AACnF,CAAC;AAED,KAAK,UAAU,QAAQ,CACrB,MAAc,EACd,OAAsB,EACtB,OAAsB,EACtB,IAAY,EACZ,QAAgB;IAEhB,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC9D,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC9D,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAEtC,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,CAAC;IAClC,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,CAAC;IAClC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAEhC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,OAAO,OAAO,EAAE,CAAC,CAAC;IACvE,MAAM,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,IAAI,IAAI,QAAQ,MAAM,CAAC,CAAC;IAE/D,IAAI,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC;QAC7D,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3C,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QAC7C,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC;QAChD,MAAM,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;QACrD,OAAO;YACL,OAAO;YACP,OAAO;YACP,IAAI;YACJ,QAAQ;YACR,SAAS,EAAE,CAAC;YACZ,UAAU,EAAE,CAAC,GAAG,CAAC;YACjB,QAAQ;SACT,CAAC;IACJ,CAAC;IAED,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAC/B,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;IACxC,MAAM,UAAU,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE;QAC5E,SAAS,EAAE,oBAAoB;KAChC,CAAC,CAAC;IACH,MAAM,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;IACnD,MAAM,SAAS,GAAG,KAAK,GAAG,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,GAAG,CAAC,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACzE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC;AAC/E,CAAC;AAED,SAAS,mBAAmB,CAAC,OAAsB,EAAE,GAAc;IACjE,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;IACvB,OAAO,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACvC,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAyB;IAClD,MAAM,MAAM,GAAuC,EAAE,CAAC;IACtD,MAAM,IAAI,GAAgB,MAAM,CAAC,IAAI,CAAC,aAAa,CAAgB,CAAC;IACpE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC7C,MAAM,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;YACtB,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC;gBAAE,SAAS;YACvB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;gBACvB,MAAM,IAAI,GAAG,mBAAmB,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;gBACzC,MAAM,IAAI,GAAG,mBAAmB,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;gBACzC,IAAI,CAAC,CAAC,GAAG,CAAC,KAAK,SAAS,IAAI,CAAC,CAAC,GAAG,CAAC,KAAK,SAAS;oBAAE,SAAS;gBAC3D,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;gBACpC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;gBACtC,MAAM,CAAC,IAAI,CAAC;oBACV,MAAM,EAAE,aAAa,CAAC,GAAG,CAAC;oBAC1B,OAAO,EAAE,CAAC,CAAC,MAAM;oBACjB,OAAO,EAAE,CAAC,CAAC,MAAM;oBACjB,KAAK;oBACL,KAAK,EAAE,KAAK,GAAG,KAAK;iBACrB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,oBAAoB,CAC3B,MAAqB,EACrB,gBAA0D,EAC1D,QAAyB;IAEzB,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,eAAe,GAAG,IAAI,GAAG,EAAgC,CAAC;IAChE,KAAK,MAAM,CAAC,IAAI,QAAQ;QAAE,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAE3D,MAAM,QAAQ,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAClF,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;IAC9D,IAAI,cAAc,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC,6BAA6B,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAClE,CAAC;IAED,MAAM,KAAK,GAAG,sBAAsB,CAAC,MAAM,CAAC,CAAC;IAC7C,KAAK,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,KAAK,EAAE,CAAC;QACvC,MAAM,SAAS,GAA6D,EAAE,CAAC;QAC/E,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,gBAAgB,CAAC,OAAO,EAAE,EAAE,CAAC;YAC1D,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,SAAS,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;gBACzC,SAAS;YACX,CAAC;YACD,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;YAC7D,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,EAAE,IAAI,CACtC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,IAAI,IAAI,QAAQ,EAAE,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,IAAI,IAAI,QAAQ,EAAE,CAAC,CAAC,CAC5H,CAAC;YACF,MAAM,MAAM,GACV,UAAU,KAAK,SAAS;gBACtB,CAAC,CAAC,IAAI;gBACN,CAAC,CAAC,UAAU,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACvE,SAAS,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;QACrC,CAAC;QAED,MAAM,KAAK,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,IAAI,CAAC,CAAC;QACzD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;YAAE,SAAS;QAC/B,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;QACrD,IAAI,QAAQ,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YACtB,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC3E,MAAM,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC3E,KAAK,CAAC,IAAI,CACR,QAAQ,IAAI,MAAM,QAAQ,eAAe,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,MAAM,eAAe,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,MAAM,EAAE,CAC9G,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,KAAK,UAAU,WAAW;IACxB,MAAM,GAAG,GAAG,CAAC,MAAM,MAAM,CAAC,YAAY,CAAC,CAAkB,CAAC;IAC1D,OAAO,GAAG,CAAC,OAAO,CAAC;AACrB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,MAAqB,EACrB,IAAgF;IAEhF,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,eAAe,CAAC;IAChD,MAAM,SAAS,GAAG,IAAI,CAAC,kBAAkB,IAAI,uBAAuB,CAAC;IACrE,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACzC,MAAM,EAAE,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE5C,MAAM,OAAO,GAAG,MAAM,WAAW,EAAE,CAAC;IACpC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAuC,CAAC;IAExE,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC/C,MAAM,EAAE,CAAC,KAAK,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAClD,MAAM,YAAY,GAAG,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;QACxE,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC3B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC,CAAC;YAC3C,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC;YACxC,gBAAgB,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YACrC,QAAQ,CAAC,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC;QAC7D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC;YACxC,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,gBAAgB,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YACnC,QAAQ,CAAC,IAAI,CAAC;gBACZ,MAAM;gBACN,MAAM,EAAE,KAAK;gBACb,UAAU;gBACV,aAAa,EAAE,CAAC;gBAChB,WAAW,EAAE,CAAC;gBACd,iBAAiB,EAAE,CAAC;gBACpB,KAAK,EAAE,OAAO;aACf,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,WAAW,GAAG,sBAAsB,CAAC,MAAM,CAAC,CAAC;IACnD,MAAM,QAAQ,GAA0C,EAAE,CAAC;IAC3D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACxC,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5C,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YACrB,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YACrB,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC;gBAAE,SAAS;YACvB,MAAM,IAAI,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACrC,MAAM,IAAI,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACrC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI;gBAAE,SAAS;YAC7B,KAAK,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,WAAW,EAAE,CAAC;gBAC7C,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;YACxD,CAAC;QACH,CAAC;IACH,CAAC;IACD,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAChD,MAAM,eAAe,GAAqB,EAAE,CAAC;IAC7C,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;QAC5B,IAAI,CAAC;YAAE,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACjC,CAAC;IAED,MAAM,YAAY,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IACjD,MAAM,SAAS,GAAG,oBAAoB,CAAC,MAAM,EAAE,gBAAgB,EAAE,QAAQ,CAAC,CAAC;IAE3E,MAAM,gBAAgB,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;IACzD,MAAM,sBAAsB,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,SAAS,CAAC,CAAC;IACtF,MAAM,MAAM,GAAG,gBAAgB,IAAI,sBAAsB,CAAC;IAE1D,OAAO;QACL,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,OAAO;QACP,QAAQ;QACR,eAAe;QACf,YAAY;QACZ,SAAS;QACT,MAAM;QACN,MAAM;KACP,CAAC;AACJ,CAAC"}

package/dist/csrf-audit.d.ts

@@ -0,0 +1,33 @@
+import type { Page, BrowserContext } from 'playwright';
+export interface FormCsrfState {
+    selector: string;
+    action: string;
+    method: string;
+    hasCsrfField: boolean;
+    csrfFieldName?: string;
+    csrfFieldValue?: string;
+    metaCsrfPresent: boolean;
+    cookieSameSite: 'Strict' | 'Lax' | 'None' | 'missing';
+    isIdempotent: boolean;
+    isCrossOrigin: boolean;
+    passed: boolean;
+}
+export interface CsrfIssue {
+    kind: 'form-missing-csrf' | 'csrf-header-missing' | 'samesite-none-no-csrf' | 'weak-csrf-entropy' | 'csrf-in-url';
+    selector?: string;
+    detail: string;
+}
+export interface CsrfAuditResult {
+    page: string;
+    forms: FormCsrfState[];
+    metaCsrfToken: string | null;
+    cookieDefenses: {
+        sameSiteStrict: number;
+        sameSiteLax: number;
+        sameSiteNone: number;
+    };
+    issues: CsrfIssue[];
+    passed: boolean;
+}
+export declare function auditCsrf(page: Page, ctx: BrowserContext): Promise<CsrfAuditResult>;
+//# sourceMappingURL=csrf-audit.d.ts.map

package/dist/csrf-audit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"csrf-audit.d.ts","sourceRoot":"","sources":["../src/csrf-audit.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,cAAc,EAAU,MAAM,YAAY,CAAC;AAE/D,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,OAAO,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,OAAO,CAAC;IACzB,cAAc,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,GAAG,SAAS,CAAC;IACtD,YAAY,EAAE,OAAO,CAAC;IACtB,aAAa,EAAE,OAAO,CAAC;IACvB,MAAM,EAAE,OAAO,CAAC;CACjB;AAED,MAAM,WAAW,SAAS;IACxB,IAAI,EACA,mBAAmB,GACnB,qBAAqB,GACrB,uBAAuB,GACvB,mBAAmB,GACnB,aAAa,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,aAAa,EAAE,CAAC;IACvB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,cAAc,EAAE;QAAE,cAAc,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAA;KAAE,CAAC;IACtF,MAAM,EAAE,SAAS,EAAE,CAAC;IACpB,MAAM,EAAE,OAAO,CAAC;CACjB;AAyPD,wBAAsB,SAAS,CAC7B,IAAI,EAAE,IAAI,EACV,GAAG,EAAE,cAAc,GAClB,OAAO,CAAC,eAAe,CAAC,CA0D1B"}

package/dist/csrf-audit.js

@@ -0,0 +1,276 @@
+const CSRF_COOKIE_NAMES = new Set(['csrftoken', '_csrf', 'XSRF-TOKEN']);
+function redactValue(raw) {
+    if (raw.length <= 8)
+        return '***';
+    return `${raw.slice(0, 4)}...${raw.slice(-4)}`;
+}
+function shannonEntropy(value) {
+    if (value.length === 0)
+        return 0;
+    const counts = new Map();
+    for (const ch of value)
+        counts.set(ch, (counts.get(ch) ?? 0) + 1);
+    const total = value.length;
+    let entropy = 0;
+    for (const count of counts.values()) {
+        const p = count / total;
+        entropy -= p * Math.log2(p);
+    }
+    return entropy;
+}
+function normalizeSameSite(v) {
+    return v === 'Strict' || v === 'Lax' || v === 'None' ? v : undefined;
+}
+function originOf(url) {
+    try {
+        return new URL(url).origin;
+    }
+    catch {
+        return null;
+    }
+}
+function urlHasCsrfParam(url) {
+    try {
+        const parsed = new URL(url);
+        for (const key of parsed.searchParams.keys()) {
+            if (/csrf|_token|authenticity_token|xsrf/i.test(key))
+                return true;
+        }
+        return false;
+    }
+    catch {
+        return false;
+    }
+}
+async function probePage(page) {
+    return page.evaluate(() => {
+        const namePattern = /csrf|_token|authenticity_token|xsrf/i;
+        const headerPattern = /['"]x-csrf-token['"]|['"]x-xsrf-token['"]|['"]csrf-token['"]/i;
+        const fetchUsagePattern = /\bfetch\s*\(|XMLHttpRequest|axios/;
+        function buildSelector(form, index) {
+            if (form.id)
+                return `form#${form.id}`;
+            const name = form.getAttribute('name');
+            if (name)
+                return `form[name="${name}"]`;
+            const action = form.getAttribute('action');
+            if (action)
+                return `form[action="${action}"]`;
+            return `form:nth-of-type(${index + 1})`;
+        }
+        function paramHasCsrf(raw) {
+            try {
+                const parsed = new URL(raw, document.baseURI);
+                for (const k of parsed.searchParams.keys()) {
+                    if (namePattern.test(k))
+                        return true;
+                }
+                return false;
+            }
+            catch {
+                return false;
+            }
+        }
+        const formEls = Array.from(document.querySelectorAll('form'));
+        const forms = formEls.map((form, index) => {
+            const fe = form;
+            const actionRaw = fe.getAttribute('action') ?? '';
+            let action = actionRaw;
+            try {
+                action = new URL(actionRaw || document.URL, document.baseURI).href;
+            }
+            catch {
+                action = actionRaw;
+            }
+            const method = (fe.getAttribute('method') ?? 'get').toLowerCase();
+            const inputs = Array.from(fe.querySelectorAll('input[name]'));
+            let csrfFieldName = null;
+            let csrfFieldValue = null;
+            for (const input of inputs) {
+                const n = input.getAttribute('name') ?? '';
+                if (namePattern.test(n)) {
+                    csrfFieldName = n;
+                    csrfFieldValue = input.value ?? '';
+                    break;
+                }
+            }
+            return {
+                selector: buildSelector(fe, index),
+                action,
+                method,
+                csrfFieldName,
+                csrfFieldValue,
+                actionQueryCsrf: paramHasCsrf(actionRaw || document.URL),
+            };
+        });
+        const metaEl = document.querySelector('meta[name="csrf-token"], meta[name="_csrf"], meta[name="x-csrf-token"]');
+        const metaCsrfToken = metaEl?.getAttribute('content') ?? null;
+        const scriptEls = Array.from(document.querySelectorAll('script:not([src])'));
+        let inlineScriptHasCsrfHeader = false;
+        let inlineScriptUsesFetch = false;
+        for (const script of scriptEls) {
+            const text = script.textContent ?? '';
+            if (headerPattern.test(text))
+                inlineScriptHasCsrfHeader = true;
+            if (fetchUsagePattern.test(text))
+                inlineScriptUsesFetch = true;
+        }
+        return {
+            forms,
+            metaCsrfToken,
+            inlineScriptHasCsrfHeader,
+            inlineScriptUsesFetch,
+            pageUrlHasCsrf: paramHasCsrf(document.URL),
+        };
+    });
+}
+function countSameSite(cookies) {
+    let sameSiteStrict = 0;
+    let sameSiteLax = 0;
+    let sameSiteNone = 0;
+    for (const c of cookies) {
+        const ss = normalizeSameSite(c.sameSite);
+        if (ss === 'Strict')
+            sameSiteStrict += 1;
+        else if (ss === 'Lax')
+            sameSiteLax += 1;
+        else if (ss === 'None')
+            sameSiteNone += 1;
+    }
+    return { sameSiteStrict, sameSiteLax, sameSiteNone };
+}
+function dominantSameSite(cookies) {
+    let strict = 0;
+    let lax = 0;
+    let none = 0;
+    let explicit = 0;
+    for (const c of cookies) {
+        const ss = normalizeSameSite(c.sameSite);
+        if (ss === undefined)
+            continue;
+        explicit += 1;
+        if (ss === 'Strict')
+            strict += 1;
+        else if (ss === 'Lax')
+            lax += 1;
+        else if (ss === 'None')
+            none += 1;
+    }
+    if (explicit === 0)
+        return 'missing';
+    if (strict >= lax && strict >= none)
+        return 'Strict';
+    if (lax >= none)
+        return 'Lax';
+    return 'None';
+}
+function hasCsrfCookie(cookies) {
+    for (const c of cookies)
+        if (CSRF_COOKIE_NAMES.has(c.name))
+            return true;
+    return false;
+}
+function buildFormState(raw, pageOrigin, metaPresent, cookieSameSite) {
+    const isIdempotent = raw.method === 'get' || raw.method === 'head';
+    const actionOrigin = originOf(raw.action);
+    const isCrossOrigin = actionOrigin !== null && pageOrigin !== null && actionOrigin !== pageOrigin;
+    const hasCsrfField = raw.csrfFieldName !== null;
+    const protectedForm = isIdempotent || hasCsrfField || metaPresent || cookieSameSite === 'Strict';
+    const state = {
+        selector: raw.selector,
+        action: raw.action,
+        method: raw.method,
+        hasCsrfField,
+        metaCsrfPresent: metaPresent,
+        cookieSameSite,
+        isIdempotent,
+        isCrossOrigin,
+        passed: protectedForm,
+    };
+    if (raw.csrfFieldName !== null)
+        state.csrfFieldName = raw.csrfFieldName;
+    if (raw.csrfFieldValue !== null && raw.csrfFieldValue.length > 0) {
+        state.csrfFieldValue = redactValue(raw.csrfFieldValue);
+    }
+    return state;
+}
+function collectFormIssues(raw, state) {
+    const issues = [];
+    if (!state.isIdempotent &&
+        !state.hasCsrfField &&
+        !state.metaCsrfPresent &&
+        state.cookieSameSite !== 'Strict') {
+        issues.push({
+            kind: 'form-missing-csrf',
+            selector: state.selector,
+            detail: `${state.method.toUpperCase()} form has no CSRF token, meta token, or SameSite=Strict cookie`,
+        });
+    }
+    if (raw.csrfFieldValue !== null &&
+        raw.csrfFieldValue.length > 0 &&
+        shannonEntropy(raw.csrfFieldValue) < 3) {
+        issues.push({
+            kind: 'weak-csrf-entropy',
+            selector: state.selector,
+            detail: `CSRF field "${raw.csrfFieldName ?? '?'}" has low Shannon entropy (<3 bits/char)`,
+        });
+    }
+    if (raw.actionQueryCsrf) {
+        issues.push({
+            kind: 'csrf-in-url',
+            selector: state.selector,
+            detail: 'CSRF-like parameter found in form action query string (leaks via Referer)',
+        });
+    }
+    return issues;
+}
+export async function auditCsrf(page, ctx) {
+    const pageUrl = page.url();
+    const pageOrigin = originOf(pageUrl);
+    const probe = await probePage(page);
+    const cookies = await ctx.cookies(pageUrl);
+    const cookieDefenses = countSameSite(cookies);
+    const cookieSameSite = dominantSameSite(cookies);
+    const csrfCookiePresent = hasCsrfCookie(cookies);
+    const metaPresent = probe.metaCsrfToken !== null;
+    const forms = probe.forms.map((raw) => buildFormState(raw, pageOrigin, metaPresent, cookieSameSite));
+    const issues = [];
+    probe.forms.forEach((raw, index) => {
+        const state = forms[index];
+        if (!state)
+            return;
+        for (const issue of collectFormIssues(raw, state))
+            issues.push(issue);
+    });
+    if (probe.inlineScriptUsesFetch &&
+        !probe.inlineScriptHasCsrfHeader &&
+        !metaPresent &&
+        !csrfCookiePresent) {
+        issues.push({
+            kind: 'csrf-header-missing',
+            detail: 'Inline scripts issue fetch/XHR without X-CSRF-Token header and no meta or cookie token is visible',
+        });
+    }
+    if (cookieDefenses.sameSiteNone > 0 && !csrfCookiePresent && !metaPresent) {
+        issues.push({
+            kind: 'samesite-none-no-csrf',
+            detail: `${cookieDefenses.sameSiteNone} cookie(s) use SameSite=None with no CSRF token visible`,
+        });
+    }
+    if (probe.pageUrlHasCsrf || urlHasCsrfParam(pageUrl)) {
+        issues.push({
+            kind: 'csrf-in-url',
+            detail: 'CSRF-like parameter visible in current page URL (leaks via Referer)',
+        });
+    }
+    const passed = issues.length === 0 && forms.every((f) => f.passed);
+    return {
+        page: pageUrl,
+        forms,
+        metaCsrfToken: probe.metaCsrfToken,
+        cookieDefenses,
+        issues,
+        passed,
+    };
+}
+//# sourceMappingURL=csrf-audit.js.map

package/dist/csrf-audit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"csrf-audit.js","sourceRoot":"","sources":["../src/csrf-audit.ts"],"names":[],"mappings":"AAqDA,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC,CAAC;AAExE,SAAS,WAAW,CAAC,GAAW;IAC9B,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IAClC,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;AACjD,CAAC;AAED,SAAS,cAAc,CAAC,KAAa;IACnC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;IACzC,KAAK,MAAM,EAAE,IAAI,KAAK;QAAE,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAClE,MAAM,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC;IAC3B,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC;QACpC,MAAM,CAAC,GAAG,KAAK,GAAG,KAAK,CAAC;QACxB,OAAO,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC9B,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,iBAAiB,CAAC,CAAqB;IAC9C,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AACvE,CAAC;AAED,SAAS,QAAQ,CAAC,GAAW;IAC3B,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,GAAW;IAClC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,EAAE,CAAC;YAC7C,IAAI,sCAAsC,CAAC,IAAI,CAAC,GAAG,CAAC;gBAAE,OAAO,IAAI,CAAC;QACpE,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,IAAU;IACjC,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE;QACxB,MAAM,WAAW,GAAG,sCAAsC,CAAC;QAC3D,MAAM,aAAa,GAAG,+DAA+D,CAAC;QACtF,MAAM,iBAAiB,GAAG,mCAAmC,CAAC;QAE9D,SAAS,aAAa,CAAC,IAAqB,EAAE,KAAa;YACzD,IAAI,IAAI,CAAC,EAAE;gBAAE,OAAO,QAAQ,IAAI,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YACvC,IAAI,IAAI;gBAAE,OAAO,cAAc,IAAI,IAAI,CAAC;YACxC,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;YAC3C,IAAI,MAAM;gBAAE,OAAO,gBAAgB,MAAM,IAAI,CAAC;YAC9C,OAAO,oBAAoB,KAAK,GAAG,CAAC,GAAG,CAAC;QAC1C,CAAC;QAED,SAAS,YAAY,CAAC,GAAW;YAC/B,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC;gBAC9C,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,EAAE,CAAC;oBAC3C,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC;wBAAE,OAAO,IAAI,CAAC;gBACvC,CAAC;gBACD,OAAO,KAAK,CAAC;YACf,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC;QAC9D,MAAM,KAAK,GAAkB,OAAO,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;YACvD,MAAM,EAAE,GAAG,IAAuB,CAAC;YACnC,MAAM,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;YAClD,IAAI,MAAM,GAAG,SAAS,CAAC;YACvB,IAAI,CAAC;gBACH,MAAM,GAAG,IAAI,GAAG,CAAC,SAAS,IAAI,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC;YACrE,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,GAAG,SAAS,CAAC;YACrB,CAAC;YACD,MAAM,MAAM,GAAG,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;YAClE,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAmB,aAAa,CAAC,CAAC,CAAC;YAChF,IAAI,aAAa,GAAkB,IAAI,CAAC;YACxC,IAAI,cAAc,GAAkB,IAAI,CAAC;YACzC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;gBAC3B,MAAM,CAAC,GAAG,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;gBAC3C,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;oBACxB,aAAa,GAAG,CAAC,CAAC;oBAClB,cAAc,GAAG,KAAK,CAAC,KAAK,IAAI,EAAE,CAAC;oBACnC,MAAM;gBACR,CAAC;YACH,CAAC;YACD,OAAO;gBACL,QAAQ,EAAE,aAAa,CAAC,EAAE,EAAE,KAAK,CAAC;gBAClC,MAAM;gBACN,MAAM;gBACN,aAAa;gBACb,cAAc;gBACd,eAAe,EAAE,YAAY,CAAC,SAAS,IAAI,QAAQ,CAAC,GAAG,CAAC;aACzD,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,QAAQ,CAAC,aAAa,CACnC,wEAAwE,CACzE,CAAC;QACF,MAAM,aAAa,GAAG,MAAM,EAAE,YAAY,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC;QAE9D,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,mBAAmB,CAAC,CAAC,CAAC;QAC7E,IAAI,yBAAyB,GAAG,KAAK,CAAC;QACtC,IAAI,qBAAqB,GAAG,KAAK,CAAC;QAClC,KAAK,MAAM,MAAM,IAAI,SAAS,EAAE,CAAC;YAC/B,MAAM,IAAI,GAAG,MAAM,CAAC,WAAW,IAAI,EAAE,CAAC;YACtC,IAAI,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,yBAAyB,GAAG,IAAI,CAAC;YAC/D,IAAI,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,qBAAqB,GAAG,IAAI,CAAC;QACjE,CAAC;QAED,OAAO;YACL,KAAK;YACL,aAAa;YACb,yBAAyB;YACzB,qBAAqB;YACrB,cAAc,EAAE,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC;SAC3C,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,aAAa,CAAC,OAAiB;IACtC,IAAI,cAAc,GAAG,CAAC,CAAC;IACvB,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,EAAE,GAAG,iBAAiB,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QACzC,IAAI,EAAE,KAAK,QAAQ;YAAE,cAAc,IAAI,CAAC,CAAC;aACpC,IAAI,EAAE,KAAK,KAAK;YAAE,WAAW,IAAI,CAAC,CAAC;aACnC,IAAI,EAAE,KAAK,MAAM;YAAE,YAAY,IAAI,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,YAAY,EAAE,CAAC;AACvD,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAiB;IACzC,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,EAAE,GAAG,iBAAiB,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QACzC,IAAI,EAAE,KAAK,SAAS;YAAE,SAAS;QAC/B,QAAQ,IAAI,CAAC,CAAC;QACd,IAAI,EAAE,KAAK,QAAQ;YAAE,MAAM,IAAI,CAAC,CAAC;aAC5B,IAAI,EAAE,KAAK,KAAK;YAAE,GAAG,IAAI,CAAC,CAAC;aAC3B,IAAI,EAAE,KAAK,MAAM;YAAE,IAAI,IAAI,CAAC,CAAC;IACpC,CAAC;IACD,IAAI,QAAQ,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IACrC,IAAI,MAAM,IAAI,GAAG,IAAI,MAAM,IAAI,IAAI;QAAE,OAAO,QAAQ,CAAC;IACrD,IAAI,GAAG,IAAI,IAAI;QAAE,OAAO,KAAK,CAAC;IAC9B,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,aAAa,CAAC,OAAiB;IACtC,KAAK,MAAM,CAAC,IAAI,OAAO;QAAE,IAAI,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;IACxE,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,cAAc,CACrB,GAAgB,EAChB,UAAyB,EACzB,WAAoB,EACpB,cAAqD;IAErD,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,KAAK,KAAK,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,CAAC;IACnE,MAAM,YAAY,GAAG,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC1C,MAAM,aAAa,GACjB,YAAY,KAAK,IAAI,IAAI,UAAU,KAAK,IAAI,IAAI,YAAY,KAAK,UAAU,CAAC;IAC9E,MAAM,YAAY,GAAG,GAAG,CAAC,aAAa,KAAK,IAAI,CAAC;IAChD,MAAM,aAAa,GACjB,YAAY,IAAI,YAAY,IAAI,WAAW,IAAI,cAAc,KAAK,QAAQ,CAAC;IAC7E,MAAM,KAAK,GAAkB;QAC3B,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,MAAM,EAAE,GAAG,CAAC,MAAM;QAClB,MAAM,EAAE,GAAG,CAAC,MAAM;QAClB,YAAY;QACZ,eAAe,EAAE,WAAW;QAC5B,cAAc;QACd,YAAY;QACZ,aAAa;QACb,MAAM,EAAE,aAAa;KACtB,CAAC;IACF,IAAI,GAAG,CAAC,aAAa,KAAK,IAAI;QAAE,KAAK,CAAC,aAAa,GAAG,GAAG,CAAC,aAAa,CAAC;IACxE,IAAI,GAAG,CAAC,cAAc,KAAK,IAAI,IAAI,GAAG,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjE,KAAK,CAAC,cAAc,GAAG,WAAW,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IACzD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAgB,EAAE,KAAoB;IAC/D,MAAM,MAAM,GAAgB,EAAE,CAAC;IAC/B,IACE,CAAC,KAAK,CAAC,YAAY;QACnB,CAAC,KAAK,CAAC,YAAY;QACnB,CAAC,KAAK,CAAC,eAAe;QACtB,KAAK,CAAC,cAAc,KAAK,QAAQ,EACjC,CAAC;QACD,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,mBAAmB;YACzB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,MAAM,EAAE,GAAG,KAAK,CAAC,MAAM,CAAC,WAAW,EAAE,gEAAgE;SACtG,CAAC,CAAC;IACL,CAAC;IACD,IACE,GAAG,CAAC,cAAc,KAAK,IAAI;QAC3B,GAAG,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC;QAC7B,cAAc,CAAC,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,EACtC,CAAC;QACD,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,mBAAmB;YACzB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,MAAM,EAAE,eAAe,GAAG,CAAC,aAAa,IAAI,GAAG,0CAA0C;SAC1F,CAAC,CAAC;IACL,CAAC;IACD,IAAI,GAAG,CAAC,eAAe,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,aAAa;YACnB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,MAAM,EAAE,2EAA2E;SACpF,CAAC,CAAC;IACL,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,IAAU,EACV,GAAmB;IAEnB,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC3B,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;IACrC,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,CAAC;IACpC,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC3C,MAAM,cAAc,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,cAAc,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACjD,MAAM,iBAAiB,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;IACjD,MAAM,WAAW,GAAG,KAAK,CAAC,aAAa,KAAK,IAAI,CAAC;IAEjD,MAAM,KAAK,GAAoB,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CACrD,cAAc,CAAC,GAAG,EAAE,UAAU,EAAE,WAAW,EAAE,cAAc,CAAC,CAC7D,CAAC;IAEF,MAAM,MAAM,GAAgB,EAAE,CAAC;IAC/B,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;QACjC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC;QAC3B,IAAI,CAAC,KAAK;YAAE,OAAO;QACnB,KAAK,MAAM,KAAK,IAAI,iBAAiB,CAAC,GAAG,EAAE,KAAK,CAAC;YAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACxE,CAAC,CAAC,CAAC;IAEH,IACE,KAAK,CAAC,qBAAqB;QAC3B,CAAC,KAAK,CAAC,yBAAyB;QAChC,CAAC,WAAW;QACZ,CAAC,iBAAiB,EAClB,CAAC;QACD,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,qBAAqB;YAC3B,MAAM,EACJ,mGAAmG;SACtG,CAAC,CAAC;IACL,CAAC;IAED,IAAI,cAAc,CAAC,YAAY,GAAG,CAAC,IAAI,CAAC,iBAAiB,IAAI,CAAC,WAAW,EAAE,CAAC;QAC1E,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,uBAAuB;YAC7B,MAAM,EAAE,GAAG,cAAc,CAAC,YAAY,yDAAyD;SAChG,CAAC,CAAC;IACL,CAAC;IAED,IAAI,KAAK,CAAC,cAAc,IAAI,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;QACrD,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,aAAa;YACnB,MAAM,EAAE,qEAAqE;SAC9E,CAAC,CAAC;IACL,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;IAEnE,OAAO;QACL,IAAI,EAAE,OAAO;QACb,KAAK;QACL,aAAa,EAAE,KAAK,CAAC,aAAa;QAClC,cAAc;QACd,MAAM;QACN,MAAM;KACP,CAAC;AACJ,CAAC"}

package/dist/css-coverage.d.ts

@@ -0,0 +1,20 @@
+import type { Page } from 'playwright';
+export interface CssCoverageFile {
+    url: string;
+    total: number;
+    used: number;
+    unusedRatio: number;
+}
+export interface CssCoverageResult {
+    page: string;
+    totalBytes: number;
+    usedBytes: number;
+    unusedBytes: number;
+    unusedRatio: number;
+    byFile: CssCoverageFile[];
+    passed: boolean;
+}
+export declare function auditCssCoverage(page: Page, opts?: {
+    threshold?: number;
+}): Promise<CssCoverageResult>;
+//# sourceMappingURL=css-coverage.d.ts.map

package/dist/css-coverage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"css-coverage.d.ts","sourceRoot":"","sources":["../src/css-coverage.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAEvC,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,eAAe,EAAE,CAAC;IAC1B,MAAM,EAAE,OAAO,CAAC;CACjB;AAmCD,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,IAAI,EACV,IAAI,CAAC,EAAE;IAAE,SAAS,CAAC,EAAE,MAAM,CAAA;CAAE,GAC5B,OAAO,CAAC,iBAAiB,CAAC,CA8E5B"}