zilla-util 1.2.27

package/lib/esm/url.js

@@ -0,0 +1,80 @@
+const tracking = new Set([
+    "ref",
+    "ref_src",
+    "gclsrc",
+    "fbp",
+    "fbc",
+    "irclickid",
+    "hsCtaTracking",
+    "pi_opt_in",
+    "visitor_id",
+    "mc_cid",
+    "mc_eid",
+]);
+const trackingRegexes = [
+    /^[a-z_]+clid$/,
+    /^[a-z_]+clkid$/,
+    /^[a-z_]+click_?id$/,
+    /^utm_[a-z_]+$/,
+    /^__utm(?:a|b|c|z|v)$/,
+    /^_hs(?:enc|mi)$/,
+    /^mkt_[a-z_]+$/,
+    /^pk_[a-z]+$/,
+];
+export const normalizeUrl = (input) => {
+    try {
+        return new URL(input).toString();
+    }
+    catch {
+        return input;
+    }
+};
+export const canonicalizeUrl = async (url) => {
+    const original = url.trim();
+    const u = new URL(original);
+    u.protocol = u.protocol.toLowerCase();
+    u.hostname = u.hostname.toLowerCase();
+    if ((u.protocol === "http:" && u.port === "80") || (u.protocol === "https:" && u.port === "443"))
+        u.port = "";
+    u.pathname = u.pathname.replace(/\/{2,}/g, "/").replace(/%7E/gi, "~");
+    const kept = Array.from(u.searchParams.entries()).filter(([k]) => !tracking.has(k.toLowerCase()) && !trackingRegexes.find((r) => r.test(k.toLowerCase())));
+    kept.sort(([a], [b]) => (a < b ? -1 : a > b ? 1 : 0));
+    u.search = kept.length ? `?${new URLSearchParams(kept).toString()}` : "";
+    const normalized = u.toString();
+    const redirectChain = [];
+    const maxRedirects = 5;
+    let landing = normalized;
+    try {
+        let cur = normalized;
+        for (let n = 0; n < maxRedirects; n += 1) {
+            const r = await fetch(cur, { method: "HEAD", redirect: "manual" });
+            const loc = r.status >= 300 && r.status < 400 ? r.headers.get("location") : null;
+            if (!loc)
+                break;
+            cur = new URL(loc, cur).toString();
+            redirectChain.push(cur);
+        }
+        if (redirectChain.length)
+            landing = redirectChain[redirectChain.length - 1];
+    }
+    catch {
+        landing = normalized;
+    }
+    let canonical = landing;
+    try {
+        const res = await fetch(landing, { method: "GET", redirect: "follow" });
+        if (res.headers.get("content-type")?.includes("text/html")) {
+            const html = await res.text();
+            const found = html.match(/<link[^>]*rel=["']canonical["'][^>]*href=["']([^"']+)["']/i)?.[1] ??
+                html.match(/<meta[^>]*property=["']og:url["'][^>]*content=["']([^"']+)["']/i)?.[1] ??
+                html.match(/<meta[^>]*property=["']twitter:url["'][^>]*content=["']([^"']+)["']/i)?.[1];
+            if (found)
+                canonical = new URL(found, landing).toString();
+        }
+    }
+    catch {
+        /* ignore */
+    }
+    return { original, normalized, redirectChain, landing, canonical };
+};
+//# sourceMappingURL=url.js.map

package/lib/esm/url.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"url.js","sourceRoot":"","sources":["../../src/url.ts"],"names":[],"mappings":"AAQA,MAAM,QAAQ,GAAgB,IAAI,GAAG,CAAC;IAClC,KAAK;IACL,SAAS;IACT,QAAQ;IACR,KAAK;IACL,KAAK;IACL,WAAW;IACX,eAAe;IACf,WAAW;IACX,YAAY;IACZ,QAAQ;IACR,QAAQ;CACX,CAAC,CAAC;AAEH,MAAM,eAAe,GAAa;IAC9B,eAAe;IACf,gBAAgB;IAChB,oBAAoB;IACpB,eAAe;IACf,sBAAsB;IACtB,iBAAiB;IACjB,eAAe;IACf,aAAa;CAChB,CAAC;AAEF,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,KAAa,EAAU,EAAE;IAClD,IAAI,CAAC;QACD,OAAO,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,QAAQ,EAAE,CAAC;IACrC,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,KAAK,CAAC;IACjB,CAAC;AACL,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAAG,KAAK,EAAE,GAAW,EAA6B,EAAE;IAC5E,MAAM,QAAQ,GAAW,GAAG,CAAC,IAAI,EAAE,CAAC;IAEpC,MAAM,CAAC,GAAQ,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC;IACjC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;IACtC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;IACtC,IAAI,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,IAAI,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,KAAK,KAAK,CAAC;QAAE,CAAC,CAAC,IAAI,GAAG,EAAE,CAAC;IAC9G,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IAEtE,MAAM,IAAI,GAAuB,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC,CAAC,MAAM,CACxE,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CACnG,CAAC;IACF,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACtD,CAAC,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAEzE,MAAM,UAAU,GAAW,CAAC,CAAC,QAAQ,EAAE,CAAC;IAExC,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,MAAM,YAAY,GAAW,CAAC,CAAC;IAC/B,IAAI,OAAO,GAAW,UAAU,CAAC;IACjC,IAAI,CAAC;QACD,IAAI,GAAG,GAAW,UAAU,CAAC;QAC7B,KAAK,IAAI,CAAC,GAAW,CAAC,EAAE,CAAC,GAAG,YAAY,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/C,MAAM,CAAC,GAAa,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;YAC7E,MAAM,GAAG,GAAkB,CAAC,CAAC,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YAChG,IAAI,CAAC,GAAG;gBAAE,MAAM;YAChB,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC;YACnC,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC5B,CAAC;QACD,IAAI,aAAa,CAAC,MAAM;YAAE,OAAO,GAAG,aAAa,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAChF,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,GAAG,UAAU,CAAC;IACzB,CAAC;IAED,IAAI,SAAS,GAAW,OAAO,CAAC;IAChC,IAAI,CAAC;QACD,MAAM,GAAG,GAAa,MAAM,KAAK,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;QAClF,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACzD,MAAM,IAAI,GAAW,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;YACtC,MAAM,KAAK,GACP,IAAI,CAAC,KAAK,CAAC,4DAA4D,CAAC,EAAE,CAAC,CAAC,CAAC;gBAC7E,IAAI,CAAC,KAAK,CAAC,iEAAiE,CAAC,EAAE,CAAC,CAAC,CAAC;gBAClF,IAAI,CAAC,KAAK,CAAC,sEAAsE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YAC5F,IAAI,KAAK;gBAAE,SAAS,GAAG,IAAI,GAAG,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC9D,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACL,YAAY;IAChB,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,aAAa,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;AACvE,CAAC,CAAC"}

package/package.json

@@ -0,0 +1,72 @@
+{
+  "name": "zilla-util",
+  "version": "1.2.27",
+  "type": "module",
+  "description": "Simple zero-dependency utility library",
+  "keywords": [
+    "cobbzilla",
+    "util",
+    "utils",
+    "utility",
+    "typescript"
+  ],
+  "homepage": "https://github.com/cobbzilla/zilla-util",
+  "author": "Jonathan Cobb <bqppl0m2@duck.com> (https://github.com/cobbzilla)",
+  "funding": {
+    "type": "patreon",
+    "url": "https://www.patreon.com/cobbzilla"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/cobbzilla/zilla-util.git"
+  },
+  "license": "Apache-2.0",
+  "scripts": {
+    "tsc": "tsc",
+    "build": "tsc",
+    "lint": "npx eslint src",
+    "lint:fix": "npm run lint -- --fix",
+    "prettier": "npx prettier src --check",
+    "prettier:fix": "npm run prettier -- --write",
+    "test": "if [[ -z \"$SKIP_TESTS\" ]] ; then mocha --timeout 5000 ./test/*.spec.ts; else echo 'Skipping tests due to SKIP_TESTS env variable'; fi",
+    "release": "pnpm tsc && pnpm lint && pnpm test"
+  },
+  "main": "./lib/esm/index.js",
+  "module": "./lib/esm/index.js",
+  "exports": {
+    ".": "./lib/esm/index.js"
+  },
+  "files": [
+    "lib/",
+    "src/**/*.ts"
+  ],
+  "devDependencies": {
+    "@eslint/eslintrc": "^3.2.0",
+    "@eslint/js": "^9.20.0",
+    "@types/chai": "^4.3.5",
+    "@types/mocha": "^10.0.1",
+    "@types/node": "^22.15.29",
+    "@typescript-eslint/eslint-plugin": "^8.24.0",
+    "@typescript-eslint/parser": "^8.24.0",
+    "chai": "^4.3.6",
+    "eslint": "^9.20.0",
+    "eslint-config-prettier": "^10.0.1",
+    "eslint-plugin-import": "^2.31.0",
+    "globals": "^15.14.0",
+    "h3": "^1.15.3",
+    "mocha": "^10.2.0",
+    "prettier": "^2.8.8",
+    "shasum": "^1.0.2",
+    "tslint-config-prettier": "^1.18.0",
+    "tsx": "^4.15.4",
+    "typescript": "^5.7.3"
+  },
+  "pnpm": {
+    "onlyBuiltDependencies": [
+      "esbuild"
+    ]
+  },
+  "dependencies": {
+    "grapheme-splitter": "^1.0.4"
+  }
+}

package/src/array.ts

@@ -0,0 +1,134 @@
+export const setsEqual = <T>(a: T[], b: T[]): boolean => {
+    if (a.length !== b.length) return false;
+    return a.every((val) => b.includes(val)) && b.every((val) => a.includes(val));
+};
+
+export const containsAll = <T>(source: T[], required: T[]): boolean =>
+    required.every((item: T): boolean => source.includes(item));
+
+const _cartesianProduct = <T>(arr: T[][], index: number, sentence: T[], result: T[][]) => {
+    for (let i = 0; i < arr[index].length; i++) {
+        const newSentence = sentence.slice(); // To not mutate the original array
+        newSentence.push(arr[index][i]);
+        if (index < arr.length - 1) {
+            _cartesianProduct(arr, index + 1, newSentence, result);
+        } else {
+            result.push(newSentence);
+        }
+    }
+};
+
+export const cartesianProduct = <T>(arr: T[][]): T[][] => {
+    const result: T[][] = [];
+    _cartesianProduct(arr, 0, [], result);
+    return result;
+};
+
+export const isAnyTrue = <T extends boolean[]>(arr: T): boolean => arr.some(Boolean);
+
+export const insertAfterElement = <T>(sourceArray: T[], targetArray: T[], element: T): T[] => {
+    const index: number = targetArray.findIndex((item) => item === element);
+
+    if (index !== -1) {
+        targetArray.splice(index + 1, 0, ...sourceArray);
+    } else {
+        targetArray.push(...sourceArray);
+    }
+
+    return targetArray;
+};
+
+export const asyncFilter = async <T>(arr: T[], predicate: (item: T) => Promise<boolean>): Promise<T[]> => {
+    const results = await Promise.all(arr.map(predicate));
+    return arr.filter((_v, index) => results[index]);
+};
+
+export const shuffleArray = <T>(array: T[]): T[] => {
+    const result = [...array];
+    for (let i = result.length - 1, j: number; i > 0; i--) {
+        j = Math.floor(Math.random() * (i + 1));
+        [result[i], result[j]] = [result[j], result[i]];
+    }
+    return result;
+};
+
+export const shuffleNumbers = (n: number): number[] => shuffleArray([...Array(n).keys()]);
+
+export const deduplicateArrayByName = (entries: Record<string, unknown>[]): Record<string, unknown>[] =>
+    deduplicateArray(entries, "name");
+
+export const deduplicateArray = (entries: Record<string, unknown>[], field: string): Record<string, unknown>[] => [
+    ...new Map(entries.map((entry) => [entry[field], entry])).values(),
+];
+
+export class SortedSet<T> {
+    private items = new Set<T>();
+    private comparator: (a: T, b: T) => number;
+
+    constructor(comparator: (a: T, b: T) => number) {
+        this.comparator = comparator;
+    }
+
+    add(value: T): void {
+        this.items.add(value);
+    }
+
+    delete(value: T): boolean {
+        return this.items.delete(value);
+    }
+
+    has(value: T): boolean {
+        return this.items.has(value);
+    }
+
+    size(): number {
+        return this.items.size;
+    }
+
+    toArray(): T[] {
+        return Array.from(this.items).sort(this.comparator);
+    }
+}
+
+export class SortedIdSet<T, ID> extends SortedSet<T> {
+    private ids = new Set<ID>();
+    private id: (a: T) => ID;
+
+    constructor(comparator: (a: T, b: T) => number, id: (a: T) => ID) {
+        super(comparator);
+        this.id = id;
+    }
+
+    add(value: T): void {
+        if (!this.ids.has(this.id(value))) {
+            super.add(value);
+            this.ids.add(this.id(value));
+        }
+    }
+
+    delete(value: T): boolean {
+        const deleted = super.delete(value);
+        if (deleted) {
+            this.ids.delete(this.id(value));
+        }
+        return deleted;
+    }
+
+    has(value: T): boolean {
+        return this.ids.has(this.id(value));
+    }
+
+    size(): number {
+        return this.ids.size;
+    }
+}
+
+export const firstByProperty = <T extends Record<string, unknown>>(items: T[], prop: keyof T): T[] => {
+    const seen: Set<unknown> = new Set();
+    return items.filter((item) => {
+        const val = item[prop];
+        if (seen.has(val)) return false;
+        seen.add(val);
+        return true;
+    });
+};

package/src/base64.ts

@@ -0,0 +1,53 @@
+export const base64Encode = (str: string): string => {
+    let utf8str = "";
+    for (let i = 0; i < str.length; i++) {
+        const code = str.charCodeAt(i);
+        if (code < 0x80) {
+            utf8str += String.fromCharCode(code);
+        } else if (code < 0x800) {
+            utf8str += String.fromCharCode(0xc0 | (code >> 6), 0x80 | (code & 0x3f));
+        } else if (code < 0xd800 || code >= 0xe000) {
+            utf8str += String.fromCharCode(0xe0 | (code >> 12), 0x80 | ((code >> 6) & 0x3f), 0x80 | (code & 0x3f));
+        } else {
+            i++;
+            const surrogatePair = 0x10000 + ((code & 0x3ff) << 10) + (str.charCodeAt(i) & 0x3ff);
+            utf8str += String.fromCharCode(
+                0xf0 | (surrogatePair >> 18),
+                0x80 | ((surrogatePair >> 12) & 0x3f),
+                0x80 | ((surrogatePair >> 6) & 0x3f),
+                0x80 | (surrogatePair & 0x3f)
+            );
+        }
+    }
+    const base64 = btoa(utf8str);
+    return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+};
+
+export const base64Decode = (base64: string): string => {
+    const base64Str = base64.replace(/-/g, "+").replace(/_/g, "/");
+    const paddedBase64Str = base64Str.padEnd(base64Str.length + ((4 - (base64Str.length % 4)) % 4), "=");
+    const utf8Str = atob(paddedBase64Str);
+    let result = "";
+    let i = 0;
+    while (i < utf8Str.length) {
+        const byte1 = utf8Str.charCodeAt(i++);
+        if (byte1 < 0x80) {
+            result += String.fromCharCode(byte1);
+            continue;
+        }
+        const byte2 = utf8Str.charCodeAt(i++) & 0x3f;
+        if (byte1 < 0xe0) {
+            result += String.fromCharCode(((byte1 & 0x1f) << 6) | byte2);
+            continue;
+        }
+        const byte3 = utf8Str.charCodeAt(i++) & 0x3f;
+        if (byte1 < 0xf0) {
+            result += String.fromCharCode(((byte1 & 0x0f) << 12) | (byte2 << 6) | byte3);
+            continue;
+        }
+        const byte4 = utf8Str.charCodeAt(i++) & 0x3f;
+        const codePoint = (((byte1 & 0x07) << 18) | (byte2 << 12) | (byte3 << 6) | byte4) - 0x10000;
+        result += String.fromCharCode(0xd800 + (codePoint >> 10), 0xdc00 + (codePoint & 0x3ff));
+    }
+    return result;
+};

package/src/crypto.ts

@@ -0,0 +1,281 @@
+// crypto-util.ts (browser-only, no Node APIs)
+import { LRUCache } from "zilla-util";
+
+export enum CryptoParam {
+    RSA_MODULUS_LENGTH = "RSA_MODULUS_LENGTH",
+    RSA_PUBLIC_EXPONENT = "RSA_PUBLIC_EXPONENT",
+    OAEP_HASH = "OAEP_HASH",
+}
+
+export type CryptoKeyPair = {
+    publicKey: string; // base64-encoded SPKI
+    privateKey: string; // base64-encoded PKCS#8
+};
+
+type SafeHash = "sha256" | "sha384" | "sha512";
+type WebHash = "SHA-256" | "SHA-384" | "SHA-512";
+type WebCryptoKeyPair = globalThis.CryptoKeyPair;
+
+const DEFAULTS: Readonly<{
+    modulusLength: number;
+    publicExponent: number;
+    oaepHash: SafeHash;
+}> = {
+    modulusLength: 3072,
+    publicExponent: 65537,
+    oaepHash: "sha256",
+};
+
+const ALLOWED_MODULUS: ReadonlySet<number> = new Set([2048, 3072, 4096]);
+const ALLOWED_EXPONENTS: ReadonlySet<number> = new Set([65537]);
+const ALLOWED_HASHES: ReadonlySet<SafeHash> = new Set(["sha256", "sha384", "sha512"]);
+
+const SIX_HOURS_MS: number = 6 * 60 * 60 * 1000;
+
+const subtle: SubtleCrypto = (() => {
+    const c: Crypto | undefined = globalThis.crypto as Crypto | undefined;
+    if (!c?.subtle) {
+        throw new Error("WebCrypto SubtleCrypto is not available in this environment");
+    }
+    return c.subtle;
+})();
+
+const toB64 = (input: ArrayBuffer | ArrayBufferView): string => {
+    const bytes: Uint8Array =
+        input instanceof ArrayBuffer
+            ? new Uint8Array(input)
+            : new Uint8Array(input.buffer, input.byteOffset, input.byteLength);
+    let binary: string = "";
+    for (let i = 0; i < bytes.length; i++) {
+        binary += String.fromCharCode(bytes[i]);
+    }
+    return btoa(binary);
+};
+
+const fromB64 = (b64: string): Uint8Array => {
+    const binary: string = atob(b64);
+    const len: number = binary.length;
+    const bytes: Uint8Array = new Uint8Array(len);
+    for (let i = 0; i < len; i++) {
+        bytes[i] = binary.charCodeAt(i);
+    }
+    return bytes;
+};
+
+const toWebHash = (h: SafeHash): WebHash => (h === "sha256" ? "SHA-256" : h === "sha384" ? "SHA-384" : "SHA-512");
+
+// Add these utilities (kept local to signature ops)
+const cacheKeySig = (hash: WebHash, keyB64: string): string => `sig|${hash}|${keyB64}`;
+
+const importPublicKeyForVerify = async (publicKeyB64: string, webHash: WebHash): Promise<CryptoKey> => {
+    const k: string = cacheKeySig(webHash, publicKeyB64);
+    const cached: CryptoKey | undefined = pkCache().get(k);
+    if (cached !== undefined) return cached;
+
+    const key: CryptoKey = await subtle.importKey(
+        "spki",
+        fromB64(publicKeyB64),
+        { name: "RSASSA-PKCS1-v1_5", hash: webHash },
+        false,
+        ["verify"]
+    );
+    pkCache().set(k, key);
+    return key;
+};
+
+const importPrivateKeyForSign = async (privateKeyB64: string, webHash: WebHash): Promise<CryptoKey> => {
+    const k: string = cacheKeySig(webHash, privateKeyB64);
+    const cached: CryptoKey | undefined = pvCache().get(k);
+    if (cached !== undefined) return cached;
+
+    const key: CryptoKey = await subtle.importKey(
+        "pkcs8",
+        fromB64(privateKeyB64),
+        { name: "RSASSA-PKCS1-v1_5", hash: webHash },
+        false,
+        ["sign"]
+    );
+    pvCache().set(k, key);
+    return key;
+};
+
+const resolveParams = (
+    parameters?: Partial<Record<CryptoParam, string>>
+): {
+    modulusLength: number;
+    publicExponent: number;
+    oaepHash: SafeHash;
+    webHash: WebHash;
+} => {
+    const modulusLength: number =
+        parameters?.[CryptoParam.RSA_MODULUS_LENGTH] !== undefined
+            ? Number.parseInt(parameters[CryptoParam.RSA_MODULUS_LENGTH], 10)
+            : DEFAULTS.modulusLength;
+
+    const publicExponent: number =
+        parameters?.[CryptoParam.RSA_PUBLIC_EXPONENT] !== undefined
+            ? Number.parseInt(parameters[CryptoParam.RSA_PUBLIC_EXPONENT], 10)
+            : DEFAULTS.publicExponent;
+
+    const oaepHashStr: string | undefined = parameters?.[CryptoParam.OAEP_HASH];
+    const oaepHash: SafeHash = (oaepHashStr?.toLowerCase() as SafeHash | undefined) ?? DEFAULTS.oaepHash;
+
+    if (!ALLOWED_MODULUS.has(modulusLength)) {
+        throw new Error(`Invalid RSA modulus length. Allowed: ${Array.from(ALLOWED_MODULUS).join(", ")}`);
+    }
+    if (!ALLOWED_EXPONENTS.has(publicExponent)) {
+        throw new Error(`Invalid RSA public exponent. Allowed: ${Array.from(ALLOWED_EXPONENTS).join(", ")}`);
+    }
+    if (!ALLOWED_HASHES.has(oaepHash)) {
+        throw new Error(`Invalid OAEP hash. Allowed: ${Array.from(ALLOWED_HASHES).join(", ")}`);
+    }
+
+    return { modulusLength, publicExponent, oaepHash, webHash: toWebHash(oaepHash) };
+};
+
+// LRU caches for imported CryptoKey objects (avoid re-importing keys)
+let publicKeyCache: LRUCache<string, CryptoKey>;
+const pkCache = () => {
+    if (!publicKeyCache) {
+        publicKeyCache = new LRUCache<string, CryptoKey>({
+            maxSize: 2048,
+            maxAge: SIX_HOURS_MS,
+            touchOnGet: true,
+        });
+    }
+    return publicKeyCache;
+};
+
+let privateKeyCache: LRUCache<string, CryptoKey>;
+const pvCache = () => {
+    if (!privateKeyCache) {
+        privateKeyCache = new LRUCache<string, CryptoKey>({
+            maxSize: 2048,
+            maxAge: SIX_HOURS_MS,
+            touchOnGet: true,
+        });
+    }
+    return privateKeyCache;
+};
+
+const cacheKey = (hash: WebHash, keyB64: string): string => `${hash}|${keyB64}`;
+
+const importPublicKey = async (publicKeyB64: string, webHash: WebHash): Promise<CryptoKey> => {
+    const k: string = cacheKey(webHash, publicKeyB64);
+    const cached: CryptoKey | undefined = pkCache().get(k);
+    if (cached !== undefined) return cached;
+
+    const key: CryptoKey = await subtle.importKey(
+        "spki",
+        fromB64(publicKeyB64), // BufferSource
+        { name: "RSA-OAEP", hash: webHash },
+        false,
+        ["encrypt"]
+    );
+    pkCache().set(k, key);
+    return key;
+};
+
+const importPrivateKey = async (privateKeyB64: string, webHash: WebHash): Promise<CryptoKey> => {
+    const k: string = cacheKey(webHash, privateKeyB64);
+    const cached: CryptoKey | undefined = pvCache().get(k);
+    if (cached !== undefined) return cached;
+
+    const key: CryptoKey = await subtle.importKey(
+        "pkcs8",
+        fromB64(privateKeyB64), // BufferSource
+        { name: "RSA-OAEP", hash: webHash },
+        false,
+        ["decrypt"]
+    );
+    pvCache().set(k, key);
+    return key;
+};
+
+const resolvePublicKeyB64 = (key: string | CryptoKeyPair): string => (typeof key === "string" ? key : key.publicKey);
+const resolvePrivateKeyB64 = (key: string | CryptoKeyPair): string => (typeof key === "string" ? key : key.privateKey);
+
+export const CryptoUtil = {
+    generateKeyPair: async (parameters?: Partial<Record<CryptoParam, string>>): Promise<CryptoKeyPair> => {
+        const { modulusLength, publicExponent, webHash } = resolveParams(parameters);
+
+        if (publicExponent !== 65537) {
+            throw new Error("Only RSA public exponent 65537 is supported");
+        }
+
+        const expBytes: Uint8Array = new Uint8Array([0x01, 0x00, 0x01]); // 65537
+
+        const webPair: WebCryptoKeyPair = await subtle.generateKey(
+            { name: "RSA-OAEP", modulusLength, publicExponent: expBytes, hash: webHash },
+            true, // extractable (so we can export to SPKI/PKCS8)
+            ["encrypt", "decrypt"]
+        );
+
+        const spki: ArrayBuffer = await subtle.exportKey("spki", webPair.publicKey);
+        const pkcs8: ArrayBuffer = await subtle.exportKey("pkcs8", webPair.privateKey);
+
+        const result: CryptoKeyPair = {
+            publicKey: toB64(spki),
+            privateKey: toB64(pkcs8),
+        };
+        return result;
+    },
+
+    encrypt: async (
+        publicKey: string | CryptoKeyPair,
+        plaintext: string,
+        parameters?: Partial<Record<CryptoParam, string>>
+    ): Promise<string> => {
+        const { webHash } = resolveParams(parameters);
+        const pubB64: string = resolvePublicKeyB64(publicKey);
+        const keyObj: CryptoKey = await importPublicKey(pubB64, webHash);
+
+        const data: Uint8Array = new TextEncoder().encode(plaintext);
+        const ciphertext: ArrayBuffer = await subtle.encrypt({ name: "RSA-OAEP" }, keyObj, data);
+        return toB64(ciphertext);
+    },
+
+    decrypt: async (
+        privateKey: string | CryptoKeyPair,
+        ciphertext: string,
+        parameters?: Partial<Record<CryptoParam, string>>
+    ): Promise<string> => {
+        const { webHash } = resolveParams(parameters);
+        const privB64: string = resolvePrivateKeyB64(privateKey);
+        const keyObj: CryptoKey = await importPrivateKey(privB64, webHash);
+
+        const ptBuf: ArrayBuffer = await subtle.decrypt({ name: "RSA-OAEP" }, keyObj, fromB64(ciphertext));
+        const plaintext: string = new TextDecoder().decode(new Uint8Array(ptBuf));
+        return plaintext;
+    },
+
+    sign: async (
+        privateKey: string | CryptoKeyPair,
+        data: string,
+        parameters?: Partial<Record<CryptoParam, string>>
+    ): Promise<string> => {
+        const { webHash } = resolveParams(parameters);
+        const privB64: string = resolvePrivateKeyB64(privateKey);
+        const keyObj: CryptoKey = await importPrivateKeyForSign(privB64, webHash);
+
+        const bytes: Uint8Array = new TextEncoder().encode(data);
+        const sigBuf: ArrayBuffer = await subtle.sign({ name: "RSASSA-PKCS1-v1_5" }, keyObj, bytes);
+        return toB64(sigBuf);
+    },
+
+    verifySignature: async (
+        publicKey: string | CryptoKeyPair,
+        data: string,
+        signatureB64: string,
+        parameters?: Partial<Record<CryptoParam, string>>
+    ): Promise<boolean> => {
+        const { webHash } = resolveParams(parameters);
+        const pubB64: string = resolvePublicKeyB64(publicKey);
+        const keyObj: CryptoKey = await importPublicKeyForVerify(pubB64, webHash);
+
+        const bytes: Uint8Array = new TextEncoder().encode(data);
+        const sigBytes: Uint8Array = fromB64(signatureB64);
+        const ok: boolean = await subtle.verify({ name: "RSASSA-PKCS1-v1_5" }, keyObj, sigBytes, bytes);
+        return ok;
+    },
+};

package/src/date.ts

@@ -0,0 +1,48 @@
+import { DEFAULT_CLOCK, ZillaClock } from "./time.js";
+
+export const formatDate = (template: string, clockOrMoment?: ZillaClock | number): string => {
+    const d =
+        typeof clockOrMoment === "number"
+            ? new Date(clockOrMoment)
+            : new Date(clockOrMoment ? clockOrMoment.now() : DEFAULT_CLOCK.now());
+    const year = d.getUTCFullYear();
+    const month = d.getUTCMonth() + 1;
+    const day = d.getUTCDate();
+    const hour = d.getUTCHours();
+    const minute = d.getUTCMinutes();
+    const second = d.getUTCSeconds();
+
+    return (template.match(/(YYYY|YY|MM|DD|HH|mm|ss|M|D|H|m|s|'[^']*'|[^YMDHms']+)/g) || [])
+        .map((token) => {
+            if (token.startsWith("'")) return token.slice(1, -1);
+            switch (token) {
+                case "YYYY":
+                    return String(year);
+                case "YY":
+                    return String(year).slice(-2);
+                case "MM":
+                    return String(month).padStart(2, "0");
+                case "M":
+                    return String(month);
+                case "DD":
+                    return String(day).padStart(2, "0");
+                case "D":
+                    return String(day);
+                case "HH":
+                    return String(hour).padStart(2, "0");
+                case "H":
+                    return String(hour);
+                case "mm":
+                    return String(minute).padStart(2, "0");
+                case "m":
+                    return String(minute);
+                case "ss":
+                    return String(second).padStart(2, "0");
+                case "s":
+                    return String(second);
+                default:
+                    return token;
+            }
+        })
+        .join("");
+};