feat(security,ui): self-host React deps, Tailwind, fonts; strict CSP; local QR; better selection state

Replace CDN React/ReactDOM/Babel with local libs; remove Babel and inline scripts Build Tailwind locally, add safelist; switch to assets/tailwind.css Self-host Font Awesome and Inter (CSS + woff2); remove external font CDNs Implement strict CSP (no unsafe-inline/eval; scripts/styles/fonts from self) Extract inline handlers; move PWA scripts to external files Add local QR code generation (qrcode lib) and remove api.qrserver.com Improve SessionTypeSelector visual selection (highlighted background and ring) Keep PWA working with service worker and offline assets Refs: CSP hardening, offline-first, no external dependencies
2025-09-08 16:04:58 -04:00
parent 3458270477
commit 0f8399ec88
352 changed files with 84907 additions and 4257 deletions
--- a/node_modules/string-width/index.d.ts
+++ b/node_modules/string-width/index.d.ts
@@ -0,0 +1,29 @@
+declare const stringWidth: {
+	/**
+	Get the visual width of a string - the number of columns required to display it.
+
+	Some Unicode characters are [fullwidth](https://en.wikipedia.org/wiki/Halfwidth_and_fullwidth_forms) and use double the normal width. [ANSI escape codes](https://en.wikipedia.org/wiki/ANSI_escape_code) are stripped and doesn't affect the width.
+
+	@example
+	```
+	import stringWidth = require('string-width');
+
+	stringWidth('a');
+	//=> 1
+
+	stringWidth('古');
+	//=> 2
+
+	stringWidth('\u001B[1m古\u001B[22m');
+	//=> 2
+	```
+	*/
+	(string: string): number;
+
+	// TODO: remove this in the next major version, refactor the whole definition to:
+	// declare function stringWidth(string: string): number;
+	// export = stringWidth;
+	default: typeof stringWidth;
+}
+
+export = stringWidth;
--- a/node_modules/string-width/index.js
+++ b/node_modules/string-width/index.js
@@ -0,0 +1,47 @@
+'use strict';
+const stripAnsi = require('strip-ansi');
+const isFullwidthCodePoint = require('is-fullwidth-code-point');
+const emojiRegex = require('emoji-regex');
+
+const stringWidth = string => {
+	if (typeof string !== 'string' || string.length === 0) {
+		return 0;
+	}
+
+	string = stripAnsi(string);
+
+	if (string.length === 0) {
+		return 0;
+	}
+
+	string = string.replace(emojiRegex(), '  ');
+
+	let width = 0;
+
+	for (let i = 0; i < string.length; i++) {
+		const code = string.codePointAt(i);
+
+		// Ignore control characters
+		if (code <= 0x1F || (code >= 0x7F && code <= 0x9F)) {
+			continue;
+		}
+
+		// Ignore combining characters
+		if (code >= 0x300 && code <= 0x36F) {
+			continue;
+		}
+
+		// Surrogates
+		if (code > 0xFFFF) {
+			i++;
+		}
+
+		width += isFullwidthCodePoint(code) ? 2 : 1;
+	}
+
+	return width;
+};
+
+module.exports = stringWidth;
+// TODO: remove this in the next major version
+module.exports.default = stringWidth;
--- a/node_modules/string-width/license
+++ b/node_modules/string-width/license
@@ -0,0 +1,9 @@
+MIT License
+
+Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
--- a/node_modules/string-width/package.json
+++ b/node_modules/string-width/package.json
@@ -0,0 +1,56 @@
+{
+	"name": "string-width",
+	"version": "4.2.3",
+	"description": "Get the visual width of a string - the number of columns required to display it",
+	"license": "MIT",
+	"repository": "sindresorhus/string-width",
+	"author": {
+		"name": "Sindre Sorhus",
+		"email": "sindresorhus@gmail.com",
+		"url": "sindresorhus.com"
+	},
+	"engines": {
+		"node": ">=8"
+	},
+	"scripts": {
+		"test": "xo && ava && tsd"
+	},
+	"files": [
+		"index.js",
+		"index.d.ts"
+	],
+	"keywords": [
+		"string",
+		"character",
+		"unicode",
+		"width",
+		"visual",
+		"column",
+		"columns",
+		"fullwidth",
+		"full-width",
+		"full",
+		"ansi",
+		"escape",
+		"codes",
+		"cli",
+		"command-line",
+		"terminal",
+		"console",
+		"cjk",
+		"chinese",
+		"japanese",
+		"korean",
+		"fixed-width"
+	],
+	"dependencies": {
+		"emoji-regex": "^8.0.0",
+		"is-fullwidth-code-point": "^3.0.0",
+		"strip-ansi": "^6.0.1"
+	},
+	"devDependencies": {
+		"ava": "^1.4.1",
+		"tsd": "^0.7.1",
+		"xo": "^0.24.0"
+	}
+}
--- a/node_modules/string-width/readme.md
+++ b/node_modules/string-width/readme.md
@@ -0,0 +1,50 @@
+# string-width
+
+> Get the visual width of a string - the number of columns required to display it
+
+Some Unicode characters are [fullwidth](https://en.wikipedia.org/wiki/Halfwidth_and_fullwidth_forms) and use double the normal width. [ANSI escape codes](https://en.wikipedia.org/wiki/ANSI_escape_code) are stripped and doesn't affect the width.
+
+Useful to be able to measure the actual width of command-line output.
+
+
+## Install
+
+```
+$ npm install string-width
+```
+
+
+## Usage
+
+```js
+const stringWidth = require('string-width');
+
+stringWidth('a');
+//=> 1
+
+stringWidth('古');
+//=> 2
+
+stringWidth('\u001B[1m古\u001B[22m');
+//=> 2
+```
+
+
+## Related
+
+- [string-width-cli](https://github.com/sindresorhus/string-width-cli) - CLI for this module
+- [string-length](https://github.com/sindresorhus/string-length) - Get the real length of a string
+- [widest-line](https://github.com/sindresorhus/widest-line) - Get the visual width of the widest line in a string
+
+
+---
+
+<div align="center">
+	<b>
+		<a href="https://tidelift.com/subscription/pkg/npm-string-width?utm_source=npm-string-width&utm_medium=referral&utm_campaign=readme">Get professional support for this package with a Tidelift subscription</a>
+	</b>
+	<br>
+	<sub>
+		Tidelift helps make open source sustainable for maintainers while giving companies<br>assurances about security, maintenance, and licensing for their dependencies.
+	</sub>
+</div>