mirror of
https://github.com/koala73/worldmonitor.git
synced 2026-04-25 17:14:57 +02:00
408d5d3374
* security: harden IPC commands, gate DevTools, and isolate external windows - Remove devtools from default Tauri features; gate behind opt-in Cargo feature so production builds never expose DevTools - Add IPC origin validation (require_trusted_window) to 9 sensitive commands: get_secret, get_all_secrets, set_secret, delete_secret, get_local_api_token, read/write/delete_cache_entry, fetch_polymarket - Isolate youtube-login window into restricted capability (core:window only) — prevents external-origin webview from invoking app commands - Add 5-minute TTL to cached sidecar auth token in fetch patch closure - Document renderer trust boundary threat model in runtime.ts * docs: add contributors, security acknowledgments, and desktop security policy - Add Contributors section to README with all 16 GitHub contributors - Add Security Acknowledgments crediting Cody Richard for 3 disclosures - Update SECURITY.md with desktop runtime security model (Tauri IPC origin validation, DevTools gating, sidecar auth, capability isolation, fetch patch trust boundary) - Add Tauri-specific items to security report scope - Correct API key storage description to cover both web and desktop * fix: exempt /api/version from bot-blocking middleware The desktop update check and sidecar requests were getting 403'd by the middleware's bot UA filter (curl/) and short UA check.
96 lines
5.0 KiB
JSON
96 lines
5.0 KiB
JSON
{
|
|
"name": "world-monitor",
|
|
"private": true,
|
|
"version": "2.5.7",
|
|
"license": "AGPL-3.0-only",
|
|
"type": "module",
|
|
"scripts": {
|
|
"lint:md": "markdownlint-cli2 '**/*.md'",
|
|
"version:sync": "node scripts/sync-desktop-version.mjs",
|
|
"version:check": "node scripts/sync-desktop-version.mjs --check",
|
|
"dev": "vite",
|
|
"dev:tech": "VITE_VARIANT=tech vite",
|
|
"dev:finance": "VITE_VARIANT=finance vite",
|
|
"dev:happy": "VITE_VARIANT=happy vite",
|
|
"build": "tsc && vite build",
|
|
"build:sidecar-sebuf": "node scripts/build-sidecar-sebuf.mjs",
|
|
"build:desktop": "node scripts/build-sidecar-sebuf.mjs && tsc && vite build",
|
|
"build:full": "VITE_VARIANT=full tsc && VITE_VARIANT=full vite build",
|
|
"build:tech": "VITE_VARIANT=tech tsc && VITE_VARIANT=tech vite build",
|
|
"build:finance": "VITE_VARIANT=finance tsc && VITE_VARIANT=finance vite build",
|
|
"build:happy": "VITE_VARIANT=happy tsc && VITE_VARIANT=happy vite build",
|
|
"typecheck": "tsc --noEmit",
|
|
"tauri": "tauri",
|
|
"preview": "vite preview",
|
|
"test:e2e:full": "VITE_VARIANT=full playwright test",
|
|
"test:e2e:tech": "VITE_VARIANT=tech playwright test",
|
|
"test:e2e:finance": "VITE_VARIANT=finance playwright test",
|
|
"test:e2e:runtime": "VITE_VARIANT=full playwright test e2e/runtime-fetch.spec.ts",
|
|
"test:e2e": "npm run test:e2e:runtime && npm run test:e2e:full && npm run test:e2e:tech && npm run test:e2e:finance",
|
|
"test:data": "node --test tests/*.test.mjs",
|
|
"test:sidecar": "node --test src-tauri/sidecar/local-api-server.test.mjs api/_cors.test.mjs api/youtube/embed.test.mjs api/cyber-threats.test.mjs api/usni-fleet.test.mjs scripts/ais-relay-rss.test.cjs api/loaders-xml-wms-regression.test.mjs",
|
|
"test:e2e:visual:full": "VITE_VARIANT=full playwright test -g \"matches golden screenshots per layer and zoom\"",
|
|
"test:e2e:visual:tech": "VITE_VARIANT=tech playwright test -g \"matches golden screenshots per layer and zoom\"",
|
|
"test:e2e:visual": "npm run test:e2e:visual:full && npm run test:e2e:visual:tech",
|
|
"test:e2e:visual:update:full": "VITE_VARIANT=full playwright test -g \"matches golden screenshots per layer and zoom\" --update-snapshots",
|
|
"test:e2e:visual:update:tech": "VITE_VARIANT=tech playwright test -g \"matches golden screenshots per layer and zoom\" --update-snapshots",
|
|
"test:e2e:visual:update": "npm run test:e2e:visual:update:full && npm run test:e2e:visual:update:tech",
|
|
"desktop:dev": "npm run version:sync && VITE_DESKTOP_RUNTIME=1 tauri dev -f devtools",
|
|
"desktop:build:full": "npm run version:sync && VITE_VARIANT=full VITE_DESKTOP_RUNTIME=1 tauri build",
|
|
"desktop:build:tech": "npm run version:sync && VITE_VARIANT=tech VITE_DESKTOP_RUNTIME=1 tauri build --config src-tauri/tauri.tech.conf.json",
|
|
"desktop:build:finance": "npm run version:sync && VITE_VARIANT=finance VITE_DESKTOP_RUNTIME=1 tauri build --config src-tauri/tauri.finance.conf.json",
|
|
"desktop:package:macos:full": "node scripts/desktop-package.mjs --os macos --variant full",
|
|
"desktop:package:macos:tech": "node scripts/desktop-package.mjs --os macos --variant tech",
|
|
"desktop:package:windows:full": "node scripts/desktop-package.mjs --os windows --variant full",
|
|
"desktop:package:windows:tech": "node scripts/desktop-package.mjs --os windows --variant tech",
|
|
"desktop:package:macos:full:sign": "node scripts/desktop-package.mjs --os macos --variant full --sign",
|
|
"desktop:package:macos:tech:sign": "node scripts/desktop-package.mjs --os macos --variant tech --sign",
|
|
"desktop:package:windows:full:sign": "node scripts/desktop-package.mjs --os windows --variant full --sign",
|
|
"desktop:package:windows:tech:sign": "node scripts/desktop-package.mjs --os windows --variant tech --sign",
|
|
"desktop:package": "node scripts/desktop-package.mjs"
|
|
},
|
|
"devDependencies": {
|
|
"@playwright/test": "^1.52.0",
|
|
"@tauri-apps/cli": "^2.10.0",
|
|
"@types/canvas-confetti": "^1.9.0",
|
|
"@types/d3": "^7.4.3",
|
|
"@types/maplibre-gl": "^1.13.2",
|
|
"@types/papaparse": "^5.5.2",
|
|
"@types/topojson-client": "^3.1.5",
|
|
"@types/topojson-specification": "^1.0.5",
|
|
"esbuild": "^0.27.3",
|
|
"markdownlint-cli2": "^0.20.0",
|
|
"typescript": "^5.7.2",
|
|
"vite": "^6.0.7",
|
|
"vite-plugin-pwa": "^1.2.0",
|
|
"ws": "^8.19.0"
|
|
},
|
|
"dependencies": {
|
|
"@deck.gl/aggregation-layers": "^9.2.6",
|
|
"@deck.gl/core": "^9.2.6",
|
|
"@deck.gl/geo-layers": "^9.2.6",
|
|
"@deck.gl/layers": "^9.2.6",
|
|
"@deck.gl/mapbox": "^9.2.6",
|
|
"@sentry/browser": "^10.39.0",
|
|
"@upstash/redis": "^1.36.1",
|
|
"@vercel/analytics": "^1.6.1",
|
|
"@xenova/transformers": "^2.17.2",
|
|
"canvas-confetti": "^1.9.4",
|
|
"convex": "^1.32.0",
|
|
"d3": "^7.9.0",
|
|
"deck.gl": "^9.2.6",
|
|
"fast-xml-parser": "^5.3.7",
|
|
"i18next": "^25.8.10",
|
|
"i18next-browser-languagedetector": "^8.2.1",
|
|
"maplibre-gl": "^5.16.0",
|
|
"onnxruntime-web": "^1.23.2",
|
|
"papaparse": "^5.5.3",
|
|
"posthog-js": "^1.352.0",
|
|
"topojson-client": "^3.1.0",
|
|
"youtubei.js": "^16.0.1"
|
|
},
|
|
"overrides": {
|
|
"fast-xml-parser": "^5.3.7"
|
|
}
|
|
}
|