UNPKG

@headwall/trusted-network-providers

Version:

Trusted network hosts and address ranges.

github.com/headwalluk/trusted-network-providers

headwalluk/trusted-network-providers

153 lines (93 loc) 5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
# Changelog for @headwall/trusted-network-providers ## 1.9.0 :: 2025-11-21 ### 🔒 Security Enhancements - **HTTPS Certificate Validation**: All HTTP requests now enforce TLS 1.2+ with strict certificate validation - **Checksum Verification**: SHA-256 checksums for all bundled assets (Googlebot, BunnyNet) - **Structure Validation**: Runtime validation for API responses (Stripe) - **Enhanced update-assets.sh**: Secure wget options, JSON validation, automatic checksum calculation - **DNS Security Documentation**: Comprehensive guide for DNSSEC limitations and mitigations ### 🛠️ Code Quality Improvements - **ESLint Integration**: Full ESLint v9 setup with flat config, 0 warnings - **Prettier Formatting**: Consistent code formatting across all files - **JSDoc Documentation**: Complete API documentation for all public functions with examples - **Code Cleanup**: Removed debug statements, commented code, replaced inefficient array operations - **Constants**: Magic strings replaced with named constants (IP_VERSION_V4, IP_VERSION_V6) ### 🐛 Bug Fixes - **Critical**: Fixed array clearing bug in spf-analyser.js (addresses were not being cleared correctly) - **Critical**: Fixed build.sh typo `[ $? -ne -0 ]``[ $? -ne 0 ]` - **Logic Error**: Fixed ipv4/ipv6 mismatch in spf-analyser.js - **Strict Equality**: Replaced all `==` with `===` for type-safe comparisons ### 📚 Documentation - **New Files**: CONTRIBUTING.md, docs/security.md, docs/dns-security-guide.md, docs/issues.md, docs/implementation.md, docs/requirements.md - **Enhanced README**: Added badges (Node.js version, test status, security), improved examples - **Security Best Practices**: Comprehensive guide for DNS security and HTTPS validation ### 🔧 Development Tools - **npm Scripts**: Added `format`, `format:check`, `lint`, `lint:fix` - **Updated .gitignore**: Added IDE files, OS-specific files, Prettier cache - **Dependencies Updated**: fast-xml-parser 4.x → 5.x, all packages on latest versions - **Dev Dependencies**: Added ESLint 9.x and Prettier 3.x ### 📦 Package Improvements - **Keywords**: Expanded for better npm discoverability - **Engines**: Specified Node.js >=18.0.0 requirement - **Files**: Optimized package contents ### ⚙️ Internal Changes - Improved error handling and removed unused variables - Optimized array clearing operations (`array.length = 0`) - Better Promise patterns with unused parameter handling ## 1.8.1 :: 2025-08-13 * Updated the ShipHero provider. * Updated assets with scripts/update-assets.sh ## 1.8.0 :: 2025-07-13 * Added Labrika provider * Updated assets with scripts/update-assets.sh ## 1.7.0 :: 2025-06-02 * Added GetTerms provider * Updated assets with scripts/update-assets.sh ## 1.6.0 :: 2024-12-15 * Added Brevo provider * Updated assets with scripts/update-assets.sh ## 1.5.1 :: 2024-12-06 * Tidy up ## 1.5.0 :: 2024-12-06 * Added SemrushBot provider * Added AHrefsBot provider * Added FacebookBot provider ## 1.4.5 :: 2024-10-15 * Version bump to push the new readme to npm ## 1.4.4 :: 2024-10-14 * Tidied up assets. * Moved the repos to Github. * Updated deps. ## 1.4.3 :: 2024-08-03 * Removed GTmetrix from the list of trusted servers because of a Cloudflare issue. ## 1.4.2 :: 2023-11-12 * Version bump, update changelog and republish to npm. ## 1.4.1 :: 2023-11-12 * Updated bundled IP address list assets. ## 1.4.0 :: 2023-07-28 * Added new function deleteProvider(providerName) * In index.js, moved the providers array into self ## 1.3.7 :: 2023-07-10 * Minor : Updated bundled assets and version-bumped the package. ## 1.3.6 :: 2023-05-26 * New provider : BunnyNet IPs. Currently supplied as static files that can be updated by the update-assets.sh script, but we might rejig this as an auto-updater. ## 1.3.5 :: 2023-05-22 * Added a small bash script to fetch/udpate src/assets/googlebot-ips.json ## 1.3.4 :: 2023-05-19 * Ship a built-in set of GoogleBot IPs so we don't need to keep hitting Google for the JSON download at regular intervals. ## 1.3.2 & 1.3.3 :: 2023-05-15 * New provider : Seobility web crawlers * Fixed a bug where some providers "self" wasn't set to const. ## 1.3.1 :: 2023-04-26 * New provider : GTmetrix test locations ## 1.3.0 :: 2023-04-25 * New provider : Mailgun * Added a new helper, "spf-analyser" to make it easier to create trusted providers that store their IP addresses in (potentially dynamic) DNS/TXT (SPF) records, such as Google and Mailgun. NOTE: We need to move Outlook over to this new methodology too. * Fixed some promise-based logic issues when moving the Google Workspace code over to the spf-analyser code. ## 1.2.0 :: 2023-04-21 * New provider : ShipHero ## 1.1.1 :: 2023-04-11 * Improved "README.md" with more info on how to create your own trusted network provider, complete with dynamic update. ## 1.1.0 :: 2023-04-11 * Added a new provider called "Google Services", with their DNS resolvers. * Tidied up the tests a little bit.