@logto/core-kit - npm Package Compare versions

Comparing version 2.3.0 to 2.4.0

lib/openid.d.ts

@@ -15,3 +15,3 @@ /** Scopes that reserved by Logto, which will be added to the auth request automatically. */
 }
-export type UserClaim = 'name' | 'picture' | 'username' | 'email' | 'email_verified' | 'phone_number' | 'phone_number_verified' | 'roles' | 'organizations' | 'organization_data' | 'organization_roles' | 'custom_data' | 'identities';
+export type UserClaim = 'name' | 'given_name' | 'family_name' | 'middle_name' | 'nickname' | 'preferred_username' | 'profile' | 'picture' | 'website' | 'email' | 'email_verified' | 'gender' | 'birthdate' | 'zoneinfo' | 'locale' | 'phone_number' | 'phone_number_verified' | 'address' | 'updated_at' | 'username' | 'roles' | 'organizations' | 'organization_data' | 'organization_roles' | 'custom_data' | 'identities' | 'created_at';
 /**
@@ -40,2 +40,8 @@ * Scopes for ID Token and Userinfo Endpoint.
     /**
+     * Scope for user address.
+     *
+     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
+     */
+    Address = "address",
+    /**
      * Scope for user's custom data.
@@ -73,2 +79,4 @@ *
  * Mapped claims that ID Token includes.
+ *
+ * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims | OpenID Connect Core 1.0} for standard scope - claim mapping.
  */
@@ -75,0 +83,0 @@ export declare const idTokenClaims: Readonly<Record<UserScope, UserClaim[]>>;

lib/openid.js

@@ -41,2 +41,8 @@ /** Scopes that reserved by Logto, which will be added to the auth request automatically. */
     /**
+     * Scope for user address.
+     *
+     * See {@link idTokenClaims} for mapped claims in ID Token and {@link userinfoClaims} for additional claims in Userinfo Endpoint.
+     */
+    UserScope["Address"] = "address";
+    /**
      * Scope for user's custom data.
@@ -74,7 +80,29 @@ *
  * Mapped claims that ID Token includes.
+ *
+ * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims | OpenID Connect Core 1.0} for standard scope - claim mapping.
  */
 export const idTokenClaims = Object.freeze({
-    [UserScope.Profile]: ['name', 'picture', 'username'],
+    [UserScope.Profile]: [
+        // Standard claims
+        'name',
+        'family_name',
+        'given_name',
+        'middle_name',
+        'nickname',
+        'preferred_username',
+        'profile',
+        'picture',
+        'website',
+        'gender',
+        'birthdate',
+        'zoneinfo',
+        'locale',
+        'updated_at',
+        // Custom claims
+        'username',
+        'created_at',
+    ],
     [UserScope.Email]: ['email', 'email_verified'],
     [UserScope.Phone]: ['phone_number', 'phone_number_verified'],
+    [UserScope.Address]: ['address'],
     [UserScope.Roles]: ['roles'],
@@ -93,2 +121,3 @@ [UserScope.Organizations]: ['organizations'],
     [UserScope.Phone]: [],
+    [UserScope.Address]: [],
     [UserScope.Roles]: [],
@@ -95,0 +124,0 @@ [UserScope.Organizations]: ['organization_data'],

lib/password-policy.js

 import { z } from 'zod';
+import { getPwnPasswordsForTest, isIntegrationTest } from './utils/integration-test.js';
 /** Password policy configuration guard. */
@@ -216,2 +217,5 @@ export const passwordPolicyGuard = z.object({
     async hasBeenPwned(password) {
+        if (isIntegrationTest()) {
+            return getPwnPasswordsForTest().includes(password);
+        }
         const hash = await this.subtle.digest('SHA-1', new TextEncoder().encode(password));
@@ -218,0 +222,0 @@ const hashHex = Array.from(new Uint8Array(hash))

lib/regex.d.ts

@@ -10,3 +10,3 @@ export declare const emailRegEx: RegExp;
 export declare const noSpaceRegEx: RegExp;
-/** Full domain that consists of at least 3 parts, e.g. foo.bar.com */
+/** Full domain that consists of at least 3 parts, e.g. foo.bar.com or example-foo.bar.com */
 export declare const domainRegEx: RegExp;

lib/regex.js

@@ -10,3 +10,3 @@ export const emailRegEx = /^\S+@\S+\.\S+$/;
 export const noSpaceRegEx = /^\S+$/;
-/** Full domain that consists of at least 3 parts, e.g. foo.bar.com */
-export const domainRegEx = /^[\dA-Za-z]+(\.[\dA-Za-z]+){2,}$/;
+/** Full domain that consists of at least 3 parts, e.g. foo.bar.com or example-foo.bar.com */
+export const domainRegEx = /^[\dA-Za-z](?:[\dA-Za-z-]*[\dA-Za-z])?(?:\.[\dA-Za-z](?:[\dA-Za-z-]*[\dA-Za-z])?){2,}$/;

lib/utils/url.d.ts

 export declare const validateRedirectUrl: (url: string, type: 'web' | 'mobile') => boolean;
 export declare const validateUriOrigin: (url: string) => boolean;
 export declare const isValidUrl: (url?: string) => boolean;
+/**
+ * Check if the given URL is localhost
+ */
+export declare const isLocalhost: (url: string) => boolean;

lib/utils/url.js

@@ -28,1 +28,8 @@ import { mobileUriSchemeProtocolRegEx, webRedirectUriProtocolRegEx } from '../regex.js';
 };
+/**
+ * Check if the given URL is localhost
+ */
+export const isLocalhost = (url) => {
+    const parsedUrl = new URL(url);
+    return ['localhost', '127.0.0.1', '::1'].includes(parsedUrl.hostname);
+};

package.json

 {
   "name": "@logto/core-kit",
-  "version": "2.3.0",
+  "version": "2.4.0",
   "author": "Silverhand Inc. <contact@silverhand.io>",
@@ -34,2 +34,3 @@ "homepage": "https://github.com/logto-io/toolkit#readme",
     "@logto/shared": "^3.1.0",
+    "@silverhand/essentials": "^2.9.0",
     "color": "^4.2.3"
@@ -41,13 +42,10 @@ },
   "devDependencies": {
-    "@jest/types": "^29.0.3",
     "@silverhand/eslint-config": "5.0.0",
-    "@silverhand/essentials": "^2.9.0",
     "@silverhand/ts-config": "5.0.0",
     "@silverhand/ts-config-react": "5.0.0",
     "@types/color": "^3.0.3",
-    "@types/jest": "^29.4.0",
     "@types/node": "^20.9.5",
     "@types/react": "^18.0.31",
+    "@vitest/coverage-v8": "^1.4.0",
     "eslint": "^8.44.0",
-    "jest": "^29.7.0",
     "lint-staged": "^15.0.0",
@@ -57,4 +55,4 @@ "postcss": "^8.4.31",
     "stylelint": "^15.0.0",
-    "tslib": "^2.4.1",
-    "typescript": "^5.3.3"
+    "typescript": "^5.3.3",
+    "vitest": "^1.4.0"
   },
@@ -75,11 +73,9 @@ "eslintConfig": {
     "build": "rm -rf lib/ && tsc -p tsconfig.build.json",
-    "build:test": "pnpm build -p tsconfig.test.json --sourcemap",
+    "build:test": "pnpm build",
     "lint": "eslint --ext .ts src",
     "lint:report": "pnpm lint --format json --output-file report.json",
     "stylelint": "stylelint \"scss/**/*.scss\"",
-    "test:only": "NODE_OPTIONS=--experimental-vm-modules jest",
-    "test": "pnpm build:test && pnpm test:only",
-    "test:ci": "pnpm test:only",
-    "test:coverage": "pnpm test:only --silent --coverage"
+    "test": "vitest src",
+    "test:ci": "pnpm run test --silent --coverage"
   }
 }

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

82795

increased by5.42%

Dev dependency count

14

decreased by-17.65%

Number of package files

31

increased by6.9%

Lines of code

1192

increased by5.58%

Worsened metrics

Dependency count

5

increased by25%

Number of low supply chain risk alerts

1

increased byInfinity%

Dependency changes

• + Added@silverhand/essentials@^2.9.0