Hartmut/CapaKraken
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
main
CapaKraken/apps/web/package.json
T
Hartmut 534945f6e3 security: bound password inputs, configure pino redact, patch deps (#36 #46 #58) 
#36 CRITICAL: add .max(128) to all password Zod schemas to prevent
Argon2-based DoS from unbounded password strings.

#46 HIGH: configure pino redact paths so passwords/tokens/cookies/TOTP
secrets are never serialized in logs.

#58 MEDIUM: upgrade dompurify to ^3.4.0 and add pnpm overrides for
brace-expansion (>=5.0.5) and esbuild (>=0.25.0) to patch known CVEs.
Vite moderate (path traversal, dev-only) remains — requires vitest 3.x
major upgrade, deferred.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-17 08:13:25 +02:00

76 lines
2.4 KiB
JSON
Raw Permalink Blame History

{
"name": "@capakraken/web",
"version": "0.1.0",
"private": true,
"scripts": {
"dev": "next dev -p 3100",
"build": "next build",
"start": "next start -p 3100",
"lint": "eslint src/",
"typecheck": "tsc --project tsconfig.typecheck.json --noEmit",
"test:unit": "vitest run",
"test:e2e": "playwright test",
"test:e2e:email": "playwright test --config playwright.dev.config.ts e2e/dev-system/invite-flow.spec.ts e2e/dev-system/password-reset.spec.ts"
},
"dependencies": {
"@capakraken/api": "workspace:*",
"@capakraken/application": "workspace:*",
"@capakraken/db": "workspace:*",
"@capakraken/engine": "workspace:*",
"@capakraken/shared": "workspace:*",
"@dnd-kit/core": "^6.3.1",
"@dnd-kit/sortable": "^10.0.0",
"@dnd-kit/utilities": "^3.2.2",
"@node-rs/argon2": "^2.0.2",
"@react-pdf/renderer": "^4.3.2",
"@sentry/nextjs": "^10.45.0",
"@tanstack/react-query": "^5.62.16",
"@tanstack/react-virtual": "^3.13.21",
"@trpc/client": "^11.0.0",
"@trpc/react-query": "^11.0.0",
"@trpc/server": "^11.0.0",
"@types/qrcode": "^1.5.6",
"clsx": "^2.1.1",
"dompurify": "^3.4.0",
"exceljs": "^4.4.0",
"framer-motion": "^12.38.0",
"next": "^15.5.15",
"next-auth": "^5.0.0-beta.25",
"otpauth": "^9.5.0",
"qrcode": "^1.5.4",
"react": "^19.0.0",
"react-dom": "^19.0.0",
"react-force-graph-3d": "^1.29.1",
"react-grid-layout": "^2.2.2",
"react-resizable": "^3.0.5",
"recharts": "^3.7.0",
"tailwind-merge": "^2.6.0",
"three": "^0.183.2",
"zod": "^3.23.8"
},
"devDependencies": {
"@next/bundle-analyzer": "^16.2.3",
"@axe-core/playwright": "^4.11.1",
"@capakraken/eslint-config": "workspace:*",
"@capakraken/tsconfig": "workspace:*",
"@playwright/test": "^1.49.1",
"@testing-library/jest-dom": "^6.9.1",
"@testing-library/react": "^16.3.2",
"@testing-library/user-event": "^14.6.1",
"@types/dompurify": "^3.2.0",
"@types/node": "^22.10.2",
"@types/react": "^19.0.6",
"@types/react-dom": "^19.0.3",
"@types/react-grid-layout": "^2.1.0",
"@types/three": "^0.183.1",
"@vitest/coverage-v8": "^2.1.9",
"autoprefixer": "^10.4.20",
"eslint": "^10.2.0",
"jsdom": "^29.0.2",
"postcss": "^8.4.49",
"tailwindcss": "^3.4.17",
"typescript": "^5.6.3",
"vitest": "^2.1.9"
}
}
Reference in New Issue View Git Blame Copy Permalink