uxinspect 0.2.0 → 0.11.0

package/dist/sourcemap-scan.js

@@ -0,0 +1,232 @@
+const DEFAULT_MAX_ASSETS = 30;
+const REQUEST_TIMEOUT_MS = 10_000;
+const TAIL_BYTES = 500;
+const SAMPLE_SOURCES_LIMIT = 5;
+const SAMPLE_SOURCE_TRIM = 80;
+const MAP_FILENAME_SUFFIX = '.map';
+function isFetchableUrl(url) {
+    try {
+        const u = new URL(url);
+        return u.protocol === 'http:' || u.protocol === 'https:';
+    }
+    catch {
+        return false;
+    }
+}
+function classifyAsset(entry, includeCss) {
+    let pathname = '';
+    try {
+        pathname = new URL(entry.name).pathname.toLowerCase();
+    }
+    catch {
+        pathname = entry.name.toLowerCase();
+    }
+    if (pathname.endsWith('.js') || pathname.endsWith('.mjs') || pathname.endsWith('.cjs'))
+        return 'js';
+    if (includeCss && pathname.endsWith('.css'))
+        return 'css';
+    return null;
+}
+function resolveMapUrl(assetUrl, mapRef) {
+    const trimmed = mapRef.trim();
+    if (!trimmed)
+        return null;
+    if (trimmed.toLowerCase().startsWith('data:'))
+        return trimmed;
+    try {
+        return new URL(trimmed, assetUrl).toString();
+    }
+    catch {
+        return null;
+    }
+}
+function extractDirectiveComment(tail) {
+    const jsMatch = tail.match(/\/\/[#@]\s*sourceMappingURL=([^\s'"<>]+)\s*$/m);
+    if (jsMatch && jsMatch[1])
+        return jsMatch[1];
+    const cssMatch = tail.match(/\/\*[#@]\s*sourceMappingURL=([^\s'"<>]+)\s*\*\//m);
+    if (cssMatch && cssMatch[1])
+        return cssMatch[1];
+    return null;
+}
+function extractHeaderMapRef(headers) {
+    const candidate = headers['sourcemap'] ?? headers['x-sourcemap'];
+    if (!candidate)
+        return null;
+    const trimmed = candidate.trim();
+    return trimmed.length > 0 ? trimmed : null;
+}
+function parseSizeHeader(headers) {
+    const raw = headers['content-length'];
+    if (!raw)
+        return undefined;
+    const n = Number.parseInt(raw, 10);
+    return Number.isFinite(n) && n >= 0 ? n : undefined;
+}
+function trimSourcePath(value) {
+    if (value.length <= SAMPLE_SOURCE_TRIM)
+        return value;
+    return value.slice(0, SAMPLE_SOURCE_TRIM);
+}
+function parseMapPayload(body) {
+    let parsed;
+    try {
+        parsed = JSON.parse(body);
+    }
+    catch {
+        return {};
+    }
+    if (!parsed || typeof parsed !== 'object' || !Array.isArray(parsed.sources))
+        return {};
+    const sources = [];
+    for (const raw of parsed.sources) {
+        if (typeof raw === 'string')
+            sources.push(raw);
+    }
+    const sampleSources = sources.slice(0, SAMPLE_SOURCES_LIMIT).map(trimSourcePath);
+    return { fileCount: sources.length, sampleSources };
+}
+async function fetchText(page, url) {
+    try {
+        const res = await page.request.get(url, {
+            timeout: REQUEST_TIMEOUT_MS,
+            failOnStatusCode: false,
+        });
+        const headers = res.headers();
+        if (!res.ok())
+            return { body: '', headers, ok: false };
+        const body = await res.text();
+        return { body, headers, ok: true };
+    }
+    catch {
+        return null;
+    }
+}
+async function headLikeRequest(page, url) {
+    try {
+        const res = await page.request.get(url, {
+            timeout: REQUEST_TIMEOUT_MS,
+            failOnStatusCode: false,
+            headers: { Range: 'bytes=0-0' },
+        });
+        return { headers: res.headers(), ok: res.ok() || res.status() === 206, status: res.status() };
+    }
+    catch {
+        return null;
+    }
+}
+async function inspectMap(page, assetUrl, mapUrl, sourceKind) {
+    if (mapUrl.toLowerCase().startsWith('data:'))
+        return null;
+    const fetched = await fetchText(page, mapUrl);
+    if (!fetched) {
+        return {
+            assetUrl,
+            mapUrl,
+            reachable: false,
+            sourceKind,
+        };
+    }
+    if (!fetched.ok) {
+        return {
+            assetUrl,
+            mapUrl,
+            reachable: false,
+            contentType: fetched.headers['content-type'],
+            sourceKind,
+        };
+    }
+    const contentType = fetched.headers['content-type'];
+    const headerSize = parseSizeHeader(fetched.headers);
+    const sizeBytes = headerSize ?? Buffer.byteLength(fetched.body, 'utf8');
+    const { fileCount, sampleSources } = parseMapPayload(fetched.body);
+    return {
+        assetUrl,
+        mapUrl,
+        reachable: true,
+        contentType,
+        sizeBytes,
+        fileCount,
+        sampleSources,
+        sourceKind,
+    };
+}
+async function discoverForAsset(page, assetUrl) {
+    const found = [];
+    const seen = new Set();
+    const assetRes = await fetchText(page, assetUrl);
+    if (assetRes && assetRes.ok) {
+        const headerRef = extractHeaderMapRef(assetRes.headers);
+        if (headerRef) {
+            const resolved = resolveMapUrl(assetUrl, headerRef);
+            if (resolved && !seen.has(resolved)) {
+                seen.add(resolved);
+                found.push({ mapUrl: resolved, sourceKind: 'http-header' });
+            }
+        }
+        const tail = assetRes.body.slice(Math.max(0, assetRes.body.length - TAIL_BYTES));
+        const directiveRef = extractDirectiveComment(tail);
+        if (directiveRef) {
+            const resolved = resolveMapUrl(assetUrl, directiveRef);
+            if (resolved && !seen.has(resolved)) {
+                seen.add(resolved);
+                found.push({ mapUrl: resolved, sourceKind: 'directive-comment' });
+            }
+        }
+    }
+    const conventionUrl = assetUrl + MAP_FILENAME_SUFFIX;
+    if (!seen.has(conventionUrl)) {
+        const head = await headLikeRequest(page, conventionUrl);
+        if (head && head.ok) {
+            seen.add(conventionUrl);
+            found.push({ mapUrl: conventionUrl, sourceKind: 'filename-convention' });
+        }
+    }
+    return found;
+}
+export async function scanSourceMaps(page, opts) {
+    const maxAssets = opts?.maxAssets ?? DEFAULT_MAX_ASSETS;
+    const includeCss = opts?.includeCss ?? true;
+    const pageUrl = page.url();
+    const entries = await page.evaluate(() => performance.getEntriesByType('resource').map((r) => ({
+        name: r.name,
+        initiatorType: r.initiatorType,
+    })));
+    const assets = [];
+    const seen = new Set();
+    for (const entry of entries) {
+        if (!isFetchableUrl(entry.name))
+            continue;
+        if (seen.has(entry.name))
+            continue;
+        const kind = classifyAsset(entry, includeCss);
+        if (!kind)
+            continue;
+        seen.add(entry.name);
+        assets.push(entry.name);
+        if (assets.length >= maxAssets)
+            break;
+    }
+    const leaks = [];
+    const leakKeys = new Set();
+    for (const assetUrl of assets) {
+        const discovered = await discoverForAsset(page, assetUrl);
+        for (const d of discovered) {
+            const key = `${assetUrl}\u0000${d.mapUrl}`;
+            if (leakKeys.has(key))
+                continue;
+            const leak = await inspectMap(page, assetUrl, d.mapUrl, d.sourceKind);
+            if (!leak)
+                continue;
+            leakKeys.add(key);
+            leaks.push(leak);
+        }
+    }
+    return {
+        page: pageUrl,
+        assetsScanned: assets.length,
+        leaks,
+        passed: leaks.length === 0,
+    };
+}
+//# sourceMappingURL=sourcemap-scan.js.map

package/dist/sourcemap-scan.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sourcemap-scan.js","sourceRoot":"","sources":["../src/sourcemap-scan.ts"],"names":[],"mappings":"AAyCA,MAAM,kBAAkB,GAAG,EAAE,CAAC;AAC9B,MAAM,kBAAkB,GAAG,MAAM,CAAC;AAClC,MAAM,UAAU,GAAG,GAAG,CAAC;AACvB,MAAM,oBAAoB,GAAG,CAAC,CAAC;AAC/B,MAAM,kBAAkB,GAAG,EAAE,CAAC;AAC9B,MAAM,mBAAmB,GAAG,MAAM,CAAC;AAEnC,SAAS,cAAc,CAAC,GAAW;IACjC,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QACvB,OAAO,CAAC,CAAC,QAAQ,KAAK,OAAO,IAAI,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC;IAC3D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,KAAoB,EAAE,UAAmB;IAC9D,IAAI,QAAQ,GAAG,EAAE,CAAC;IAClB,IAAI,CAAC;QACH,QAAQ,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;IACxD,CAAC;IAAC,MAAM,CAAC;QACP,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;IACtC,CAAC;IACD,IAAI,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IACpG,IAAI,UAAU,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,KAAK,CAAC;IAC1D,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,aAAa,CAAC,QAAgB,EAAE,MAAc;IACrD,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;IAC9B,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC1B,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,OAAO,CAAC;IAC9D,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,uBAAuB,CAAC,IAAY;IAC3C,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAC;IAC5E,IAAI,OAAO,IAAI,OAAO,CAAC,CAAC,CAAC;QAAE,OAAO,OAAO,CAAC,CAAC,CAAC,CAAC;IAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;IAChF,IAAI,QAAQ,IAAI,QAAQ,CAAC,CAAC,CAAC;QAAE,OAAO,QAAQ,CAAC,CAAC,CAAC,CAAC;IAChD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,mBAAmB,CAAC,OAA+B;IAC1D,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,aAAa,CAAC,CAAC;IACjE,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAC5B,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC;IACjC,OAAO,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC;AAC7C,CAAC;AAED,SAAS,eAAe,CAAC,OAA+B;IACtD,MAAM,GAAG,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;IACtC,IAAI,CAAC,GAAG;QAAE,OAAO,SAAS,CAAC;IAC3B,MAAM,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IACnC,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AACtD,CAAC;AAED,SAAS,cAAc,CAAC,KAAa;IACnC,IAAI,KAAK,CAAC,MAAM,IAAI,kBAAkB;QAAE,OAAO,KAAK,CAAC;IACrD,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,kBAAkB,CAAC,CAAC;AAC5C,CAAC;AAED,SAAS,eAAe,CAAC,IAAY;IACnC,IAAI,MAAwB,CAAC;IAC7B,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAqB,CAAC;IAChD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC;QAAE,OAAO,EAAE,CAAC;IACvF,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACjC,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACjD,CAAC;IACD,MAAM,aAAa,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,oBAAoB,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IACjF,OAAO,EAAE,SAAS,EAAE,OAAO,CAAC,MAAM,EAAE,aAAa,EAAE,CAAC;AACtD,CAAC;AAED,KAAK,UAAU,SAAS,CACtB,IAAU,EACV,GAAW;IAEX,IAAI,CAAC;QACH,MAAM,GAAG,GAAgB,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE;YACnD,OAAO,EAAE,kBAAkB;YAC3B,gBAAgB,EAAE,KAAK;SACxB,CAAC,CAAC;QACH,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC;QAC9B,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE;YAAE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;QACvD,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACrC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,eAAe,CAC5B,IAAU,EACV,GAAW;IAEX,IAAI,CAAC;QACH,MAAM,GAAG,GAAgB,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE;YACnD,OAAO,EAAE,kBAAkB;YAC3B,gBAAgB,EAAE,KAAK;YACvB,OAAO,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE;SAChC,CAAC,CAAC;QACH,OAAO,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,IAAI,GAAG,CAAC,MAAM,EAAE,KAAK,GAAG,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC;IAChG,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,IAAU,EACV,QAAgB,EAChB,MAAc,EACd,UAA+B;IAE/B,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IAE1D,MAAM,OAAO,GAAG,MAAM,SAAS,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC9C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,QAAQ;YACR,MAAM;YACN,SAAS,EAAE,KAAK;YAChB,UAAU;SACX,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;QAChB,OAAO;YACL,QAAQ;YACR,MAAM;YACN,SAAS,EAAE,KAAK;YAChB,WAAW,EAAE,OAAO,CAAC,OAAO,CAAC,cAAc,CAAC;YAC5C,UAAU;SACX,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IACpD,MAAM,UAAU,GAAG,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IACpD,MAAM,SAAS,GAAG,UAAU,IAAI,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACxE,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,GAAG,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAEnE,OAAO;QACL,QAAQ;QACR,MAAM;QACN,SAAS,EAAE,IAAI;QACf,WAAW;QACX,SAAS;QACT,SAAS;QACT,aAAa;QACb,UAAU;KACX,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,gBAAgB,CAAC,IAAU,EAAE,QAAgB;IAC1D,MAAM,KAAK,GAAoB,EAAE,CAAC;IAClC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAE/B,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IACjD,IAAI,QAAQ,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;QAC5B,MAAM,SAAS,GAAG,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACxD,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,QAAQ,GAAG,aAAa,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;YACpD,IAAI,QAAQ,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACpC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBACnB,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;QACD,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,QAAQ,CAAC,IAAI,CAAC,MAAM,GAAG,UAAU,CAAC,CAAC,CAAC;QACjF,MAAM,YAAY,GAAG,uBAAuB,CAAC,IAAI,CAAC,CAAC;QACnD,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,QAAQ,GAAG,aAAa,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;YACvD,IAAI,QAAQ,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACpC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBACnB,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,mBAAmB,EAAE,CAAC,CAAC;YACpE,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,aAAa,GAAG,QAAQ,GAAG,mBAAmB,CAAC;IACrD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,GAAG,MAAM,eAAe,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QACxD,IAAI,IAAI,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC;YACpB,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YACxB,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,UAAU,EAAE,qBAAqB,EAAE,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,IAAU,EACV,IAA2B;IAE3B,MAAM,SAAS,GAAG,IAAI,EAAE,SAAS,IAAI,kBAAkB,CAAC;IACxD,MAAM,UAAU,GAAG,IAAI,EAAE,UAAU,IAAI,IAAI,CAAC;IAC5C,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE3B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,GAAoB,EAAE,CACvD,WAAW,CAAC,gBAAgB,CAAC,UAAU,CAAiC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACpF,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,aAAa,EAAE,CAAC,CAAC,aAAa;KAC/B,CAAC,CAAC,CACJ,CAAC;IAEF,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,IAAI,CAAC;YAAE,SAAS;QAC1C,IAAI,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;YAAE,SAAS;QACnC,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;QAC9C,IAAI,CAAC,IAAI;YAAE,SAAS;QACpB,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACrB,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACxB,IAAI,MAAM,CAAC,MAAM,IAAI,SAAS;YAAE,MAAM;IACxC,CAAC;IAED,MAAM,KAAK,GAAoB,EAAE,CAAC;IAClC,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;IAEnC,KAAK,MAAM,QAAQ,IAAI,MAAM,EAAE,CAAC;QAC9B,MAAM,UAAU,GAAG,MAAM,gBAAgB,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAC1D,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;YAC3B,MAAM,GAAG,GAAG,GAAG,QAAQ,SAAS,CAAC,CAAC,MAAM,EAAE,CAAC;YAC3C,IAAI,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS;YAChC,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,UAAU,CAAC,CAAC;YACtE,IAAI,CAAC,IAAI;gBAAE,SAAS;YACpB,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAClB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnB,CAAC;IACH,CAAC;IAED,OAAO;QACL,IAAI,EAAE,OAAO;QACb,aAAa,EAAE,MAAM,CAAC,MAAM;QAC5B,KAAK;QACL,MAAM,EAAE,KAAK,CAAC,MAAM,KAAK,CAAC;KAC3B,CAAC;AACJ,CAAC"}

package/dist/sri-audit.d.ts

@@ -0,0 +1,23 @@
+import type { Page } from 'playwright';
+export type SriIssueKind = 'missing-integrity' | 'missing-crossorigin' | 'invalid-algorithm' | 'hash-mismatch' | 'weak-algorithm' | 'unreachable-asset';
+export interface SriEntry {
+    url: string;
+    element: 'script' | 'link';
+    crossOrigin: boolean;
+    integrity?: string;
+    algorithm?: 'sha256' | 'sha384' | 'sha512' | 'unknown';
+    sameOrigin: boolean;
+}
+export interface SriIssue {
+    kind: SriIssueKind;
+    url: string;
+    message: string;
+}
+export interface SriAuditResult {
+    page: string;
+    entries: SriEntry[];
+    issues: SriIssue[];
+    passed: boolean;
+}
+export declare function auditSri(page: Page): Promise<SriAuditResult>;
+//# sourceMappingURL=sri-audit.d.ts.map

package/dist/sri-audit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sri-audit.d.ts","sourceRoot":"","sources":["../src/sri-audit.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAGvC,MAAM,MAAM,YAAY,GACpB,mBAAmB,GACnB,qBAAqB,GACrB,mBAAmB,GACnB,eAAe,GACf,gBAAgB,GAChB,mBAAmB,CAAC;AAExB,MAAM,WAAW,QAAQ;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,QAAQ,GAAG,MAAM,CAAC;IAC3B,WAAW,EAAE,OAAO,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,QAAQ,GAAG,SAAS,CAAC;IACvD,UAAU,EAAE,OAAO,CAAC;CACrB;AAED,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,YAAY,CAAC;IACnB,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,QAAQ,EAAE,CAAC;IACpB,MAAM,EAAE,QAAQ,EAAE,CAAC;IACnB,MAAM,EAAE,OAAO,CAAC;CACjB;AA2MD,wBAAsB,QAAQ,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,cAAc,CAAC,CAwBlE"}

package/dist/sri-audit.js

@@ -0,0 +1,180 @@
+import { createHash } from 'node:crypto';
+const HASH_MISMATCH_CAP = 20;
+function isKnownAlgorithm(value) {
+    return value === 'sha256' || value === 'sha384' || value === 'sha512';
+}
+function parseAlgorithm(integrity) {
+    if (!integrity)
+        return undefined;
+    const firstToken = integrity.trim().split(/\s+/)[0];
+    if (!firstToken)
+        return undefined;
+    const dashIdx = firstToken.indexOf('-');
+    if (dashIdx <= 0)
+        return 'unknown';
+    const prefix = firstToken.slice(0, dashIdx).toLowerCase();
+    if (isKnownAlgorithm(prefix))
+        return prefix;
+    return 'unknown';
+}
+function pickStrongestHash(integrity) {
+    const tokens = integrity.trim().split(/\s+/).filter(Boolean);
+    const rank = { sha256: 1, sha384: 2, sha512: 3 };
+    let best = null;
+    for (const token of tokens) {
+        const dashIdx = token.indexOf('-');
+        if (dashIdx <= 0)
+            continue;
+        const prefix = token.slice(0, dashIdx).toLowerCase();
+        const hash = token.slice(dashIdx + 1);
+        if (!hash)
+            continue;
+        if (!isKnownAlgorithm(prefix))
+            continue;
+        if (!best || rank[prefix] > rank[best.algorithm]) {
+            best = { algorithm: prefix, hash };
+        }
+    }
+    return best;
+}
+function isSameOrigin(assetUrl, pageOrigin) {
+    try {
+        const parsed = new URL(assetUrl, pageOrigin);
+        if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:')
+            return true;
+        return parsed.origin === pageOrigin;
+    }
+    catch {
+        return true;
+    }
+}
+function collectSnapshot(page) {
+    return page.evaluate(() => {
+        const out = [];
+        const scripts = document.querySelectorAll('script[src]');
+        scripts.forEach((el) => {
+            const s = el;
+            const src = s.getAttribute('src');
+            if (!src)
+                return;
+            out.push({
+                url: s.src || src,
+                tag: 'script',
+                integrity: s.getAttribute('integrity'),
+                crossorigin: s.getAttribute('crossorigin'),
+            });
+        });
+        const links = document.querySelectorAll('link[rel~="stylesheet" i][href]');
+        links.forEach((el) => {
+            const l = el;
+            const href = l.getAttribute('href');
+            if (!href)
+                return;
+            out.push({
+                url: l.href || href,
+                tag: 'link',
+                integrity: l.getAttribute('integrity'),
+                crossorigin: l.getAttribute('crossorigin'),
+            });
+        });
+        return { origin: location.origin, assets: out };
+    });
+}
+function buildEntry(raw, pageOrigin) {
+    const integrity = raw.integrity?.trim() || undefined;
+    const entry = {
+        url: raw.url,
+        element: raw.tag,
+        crossOrigin: typeof raw.crossorigin === 'string',
+        sameOrigin: isSameOrigin(raw.url, pageOrigin),
+    };
+    if (integrity)
+        entry.integrity = integrity;
+    const algorithm = parseAlgorithm(integrity);
+    if (algorithm)
+        entry.algorithm = algorithm;
+    return entry;
+}
+function pushIssue(issues, kind, url, message) {
+    issues.push({ kind, url, message });
+}
+function evaluateStaticIssues(entry, issues) {
+    if (entry.sameOrigin)
+        return;
+    if (!entry.integrity) {
+        pushIssue(issues, 'missing-integrity', entry.url, `Third-party ${entry.element} has no integrity attribute`);
+        return;
+    }
+    if (!entry.crossOrigin) {
+        pushIssue(issues, 'missing-crossorigin', entry.url, `Third-party ${entry.element} has integrity but no crossorigin attribute`);
+    }
+    if (entry.algorithm === 'unknown') {
+        pushIssue(issues, 'invalid-algorithm', entry.url, `Integrity algorithm is not a recognised SHA variant`);
+    }
+    else if (entry.algorithm === 'sha256') {
+        pushIssue(issues, 'weak-algorithm', entry.url, `sha256 is weak for SRI; prefer sha384 or sha512`);
+    }
+}
+function normaliseBase64(input) {
+    return input.replace(/=+$/, '');
+}
+async function verifyHash(page, entry, issues) {
+    if (!entry.integrity)
+        return;
+    const strongest = pickStrongestHash(entry.integrity);
+    if (!strongest)
+        return;
+    let status = 0;
+    let body = null;
+    try {
+        const response = await page.request.get(entry.url, { failOnStatusCode: false });
+        status = response.status();
+        if (status >= 400) {
+            pushIssue(issues, 'unreachable-asset', entry.url, `Fetch returned HTTP ${status}`);
+            return;
+        }
+        body = await response.body();
+    }
+    catch (err) {
+        const reason = err instanceof Error ? err.message : String(err);
+        pushIssue(issues, 'unreachable-asset', entry.url, `Fetch failed: ${reason}`);
+        return;
+    }
+    if (!body)
+        return;
+    const digest = createHash(strongest.algorithm).update(body).digest('base64');
+    if (normaliseBase64(digest) !== normaliseBase64(strongest.hash)) {
+        pushIssue(issues, 'hash-mismatch', entry.url, `Computed ${strongest.algorithm} hash does not match integrity attribute`);
+    }
+}
+function computePassed(issues) {
+    for (const issue of issues) {
+        if (issue.kind === 'missing-integrity' ||
+            issue.kind === 'hash-mismatch' ||
+            issue.kind === 'unreachable-asset') {
+            return false;
+        }
+    }
+    return true;
+}
+export async function auditSri(page) {
+    const pageUrl = page.url();
+    const snapshot = await collectSnapshot(page);
+    const entries = snapshot.assets.map((raw) => buildEntry(raw, snapshot.origin));
+    const issues = [];
+    for (const entry of entries) {
+        evaluateStaticIssues(entry, issues);
+    }
+    const verifiable = entries.filter((e) => !e.sameOrigin && e.integrity && e.algorithm && e.algorithm !== 'unknown');
+    const toVerify = verifiable.slice(0, HASH_MISMATCH_CAP);
+    for (const entry of toVerify) {
+        await verifyHash(page, entry, issues);
+    }
+    return {
+        page: pageUrl,
+        entries,
+        issues,
+        passed: computePassed(issues),
+    };
+}
+//# sourceMappingURL=sri-audit.js.map

package/dist/sri-audit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sri-audit.js","sourceRoot":"","sources":["../src/sri-audit.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AA8CzC,MAAM,iBAAiB,GAAG,EAAE,CAAC;AAE7B,SAAS,gBAAgB,CAAC,KAAa;IACrC,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,QAAQ,CAAC;AACxE,CAAC;AAED,SAAS,cAAc,CAAC,SAAoC;IAC1D,IAAI,CAAC,SAAS;QAAE,OAAO,SAAS,CAAC;IACjC,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACpD,IAAI,CAAC,UAAU;QAAE,OAAO,SAAS,CAAC;IAClC,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACxC,IAAI,OAAO,IAAI,CAAC;QAAE,OAAO,SAAS,CAAC;IACnC,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;IAC1D,IAAI,gBAAgB,CAAC,MAAM,CAAC;QAAE,OAAO,MAAM,CAAC;IAC5C,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,iBAAiB,CAAC,SAAiB;IAC1C,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC7D,MAAM,IAAI,GAAmC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;IACjF,IAAI,IAAI,GAAuD,IAAI,CAAC;IACpE,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,OAAO,IAAI,CAAC;YAAE,SAAS;QAC3B,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;QACrD,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI;YAAE,SAAS;QACpB,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC;YAAE,SAAS;QACxC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YACjD,IAAI,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;QACrC,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,YAAY,CAAC,QAAgB,EAAE,UAAkB;IACxD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QAC7C,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC;QAC7E,OAAO,MAAM,CAAC,MAAM,KAAK,UAAU,CAAC;IACtC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,IAAU;IACjC,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAgB,EAAE;QACrC,MAAM,GAAG,GAAe,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAG,QAAQ,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC;QACzD,OAAO,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE;YACrB,MAAM,CAAC,GAAG,EAAuB,CAAC;YAClC,MAAM,GAAG,GAAG,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;YAClC,IAAI,CAAC,GAAG;gBAAE,OAAO;YACjB,GAAG,CAAC,IAAI,CAAC;gBACP,GAAG,EAAE,CAAC,CAAC,GAAG,IAAI,GAAG;gBACjB,GAAG,EAAE,QAAQ;gBACb,SAAS,EAAE,CAAC,CAAC,YAAY,CAAC,WAAW,CAAC;gBACtC,WAAW,EAAE,CAAC,CAAC,YAAY,CAAC,aAAa,CAAC;aAC3C,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,QAAQ,CAAC,gBAAgB,CAAC,iCAAiC,CAAC,CAAC;QAC3E,KAAK,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE;YACnB,MAAM,CAAC,GAAG,EAAqB,CAAC;YAChC,MAAM,IAAI,GAAG,CAAC,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YACpC,IAAI,CAAC,IAAI;gBAAE,OAAO;YAClB,GAAG,CAAC,IAAI,CAAC;gBACP,GAAG,EAAE,CAAC,CAAC,IAAI,IAAI,IAAI;gBACnB,GAAG,EAAE,MAAM;gBACX,SAAS,EAAE,CAAC,CAAC,YAAY,CAAC,WAAW,CAAC;gBACtC,WAAW,EAAE,CAAC,CAAC,YAAY,CAAC,aAAa,CAAC;aAC3C,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QACH,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;IAClD,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,UAAU,CAAC,GAAa,EAAE,UAAkB;IACnD,MAAM,SAAS,GAAG,GAAG,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,SAAS,CAAC;IACrD,MAAM,KAAK,GAAa;QACtB,GAAG,EAAE,GAAG,CAAC,GAAG;QACZ,OAAO,EAAE,GAAG,CAAC,GAAG;QAChB,WAAW,EAAE,OAAO,GAAG,CAAC,WAAW,KAAK,QAAQ;QAChD,UAAU,EAAE,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,UAAU,CAAC;KAC9C,CAAC;IACF,IAAI,SAAS;QAAE,KAAK,CAAC,SAAS,GAAG,SAAS,CAAC;IAC3C,MAAM,SAAS,GAAG,cAAc,CAAC,SAAS,CAAC,CAAC;IAC5C,IAAI,SAAS;QAAE,KAAK,CAAC,SAAS,GAAG,SAAS,CAAC;IAC3C,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,SAAS,CAAC,MAAkB,EAAE,IAAkB,EAAE,GAAW,EAAE,OAAe;IACrF,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;AACtC,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAe,EAAE,MAAkB;IAC/D,IAAI,KAAK,CAAC,UAAU;QAAE,OAAO;IAC7B,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;QACrB,SAAS,CACP,MAAM,EACN,mBAAmB,EACnB,KAAK,CAAC,GAAG,EACT,eAAe,KAAK,CAAC,OAAO,6BAA6B,CAC1D,CAAC;QACF,OAAO;IACT,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;QACvB,SAAS,CACP,MAAM,EACN,qBAAqB,EACrB,KAAK,CAAC,GAAG,EACT,eAAe,KAAK,CAAC,OAAO,6CAA6C,CAC1E,CAAC;IACJ,CAAC;IACD,IAAI,KAAK,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QAClC,SAAS,CACP,MAAM,EACN,mBAAmB,EACnB,KAAK,CAAC,GAAG,EACT,qDAAqD,CACtD,CAAC;IACJ,CAAC;SAAM,IAAI,KAAK,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;QACxC,SAAS,CACP,MAAM,EACN,gBAAgB,EAChB,KAAK,CAAC,GAAG,EACT,iDAAiD,CAClD,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,KAAa;IACpC,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AAClC,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,IAAU,EACV,KAAe,EACf,MAAkB;IAElB,IAAI,CAAC,KAAK,CAAC,SAAS;QAAE,OAAO;IAC7B,MAAM,SAAS,GAAG,iBAAiB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IACrD,IAAI,CAAC,SAAS;QAAE,OAAO;IACvB,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,IAAI,IAAI,GAAkB,IAAI,CAAC;IAC/B,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,gBAAgB,EAAE,KAAK,EAAE,CAAC,CAAC;QAChF,MAAM,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC;QAC3B,IAAI,MAAM,IAAI,GAAG,EAAE,CAAC;YAClB,SAAS,CACP,MAAM,EACN,mBAAmB,EACnB,KAAK,CAAC,GAAG,EACT,uBAAuB,MAAM,EAAE,CAChC,CAAC;YACF,OAAO;QACT,CAAC;QACD,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC/B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,MAAM,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAChE,SAAS,CAAC,MAAM,EAAE,mBAAmB,EAAE,KAAK,CAAC,GAAG,EAAE,iBAAiB,MAAM,EAAE,CAAC,CAAC;QAC7E,OAAO;IACT,CAAC;IACD,IAAI,CAAC,IAAI;QAAE,OAAO;IAClB,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC7E,IAAI,eAAe,CAAC,MAAM,CAAC,KAAK,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;QAChE,SAAS,CACP,MAAM,EACN,eAAe,EACf,KAAK,CAAC,GAAG,EACT,YAAY,SAAS,CAAC,SAAS,0CAA0C,CAC1E,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,MAAkB;IACvC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IACE,KAAK,CAAC,IAAI,KAAK,mBAAmB;YAClC,KAAK,CAAC,IAAI,KAAK,eAAe;YAC9B,KAAK,CAAC,IAAI,KAAK,mBAAmB,EAClC,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,IAAU;IACvC,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC3B,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,IAAI,CAAC,CAAC;IAC7C,MAAM,OAAO,GAAe,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,UAAU,CAAC,GAAG,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;IAC3F,MAAM,MAAM,GAAe,EAAE,CAAC;IAE9B,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,oBAAoB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IACtC,CAAC;IAED,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAC/B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,SAAS,KAAK,SAAS,CAChF,CAAC;IACF,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,iBAAiB,CAAC,CAAC;IACxD,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;QAC7B,MAAM,UAAU,CAAC,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IACxC,CAAC;IAED,OAAO;QACL,IAAI,EAAE,OAAO;QACb,OAAO;QACP,MAAM;QACN,MAAM,EAAE,aAAa,CAAC,MAAM,CAAC;KAC9B,CAAC;AACJ,CAAC"}

package/dist/storage-audit.d.ts

@@ -0,0 +1,28 @@
+import type { Page } from 'playwright';
+export interface StorageEntry {
+    storage: 'localStorage' | 'sessionStorage' | 'indexedDB' | 'cacheStorage';
+    key: string;
+    sizeBytes: number;
+    sample?: string;
+}
+export interface StorageAuditResult {
+    page: string;
+    entries: StorageEntry[];
+    totals: {
+        localStorageBytes: number;
+        sessionStorageBytes: number;
+        indexedDbBytes: number;
+        cacheStorageBytes: number;
+        quotaBytes?: number;
+        usageBytes?: number;
+        percentUsed?: number;
+    };
+    issues: {
+        kind: 'over-quota-warning' | 'large-key' | 'pii-pattern' | 'jwt-in-localstorage' | 'secret-in-storage';
+        key: string;
+        detail: string;
+    }[];
+    passed: boolean;
+}
+export declare function auditStorage(page: Page): Promise<StorageAuditResult>;
+//# sourceMappingURL=storage-audit.d.ts.map

package/dist/storage-audit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"storage-audit.d.ts","sourceRoot":"","sources":["../src/storage-audit.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAEvC,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,cAAc,GAAG,gBAAgB,GAAG,WAAW,GAAG,cAAc,CAAC;IAC1E,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,MAAM,EAAE;QACN,iBAAiB,EAAE,MAAM,CAAC;QAC1B,mBAAmB,EAAE,MAAM,CAAC;QAC5B,cAAc,EAAE,MAAM,CAAC;QACvB,iBAAiB,EAAE,MAAM,CAAC;QAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;IACF,MAAM,EAAE;QACN,IAAI,EACA,oBAAoB,GACpB,WAAW,GACX,aAAa,GACb,qBAAqB,GACrB,mBAAmB,CAAC;QACxB,GAAG,EAAE,MAAM,CAAC;QACZ,MAAM,EAAE,MAAM,CAAC;KAChB,EAAE,CAAC;IACJ,MAAM,EAAE,OAAO,CAAC;CACjB;AAmRD,wBAAsB,YAAY,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,kBAAkB,CAAC,CA2E1E"}