feat(security,ui): self-host React deps, Tailwind, fonts; strict CSP; local QR; better selection state

Replace CDN React/ReactDOM/Babel with local libs; remove Babel and inline scripts Build Tailwind locally, add safelist; switch to assets/tailwind.css Self-host Font Awesome and Inter (CSS + woff2); remove external font CDNs Implement strict CSP (no unsafe-inline/eval; scripts/styles/fonts from self) Extract inline handlers; move PWA scripts to external files Add local QR code generation (qrcode lib) and remove api.qrserver.com Improve SessionTypeSelector visual selection (highlighted background and ring) Keep PWA working with service worker and offline assets Refs: CSP hardening, offline-first, no external dependencies
2025-09-08 16:04:58 -04:00
parent 3458270477
commit 0f8399ec88
352 changed files with 84907 additions and 4257 deletions
--- a/node_modules/which-module/LICENSE
+++ b/node_modules/which-module/LICENSE
@@ -0,0 +1,13 @@
+Copyright (c) 2016, Contributors
+
+Permission to use, copy, modify, and/or distribute this software for any purpose
+with or without fee is hereby granted, provided that the above copyright notice
+and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
+REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
+FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
+INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
+TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF
+THIS SOFTWARE.
--- a/node_modules/which-module/README.md
+++ b/node_modules/which-module/README.md
@@ -0,0 +1,58 @@
+# which-module
+
+> Find the module object for something that was require()d
+
+[![Build Status](https://travis-ci.org/nexdrew/which-module.svg?branch=master)](https://travis-ci.org/nexdrew/which-module)
+[![Coverage Status](https://coveralls.io/repos/github/nexdrew/which-module/badge.svg?branch=master)](https://coveralls.io/github/nexdrew/which-module?branch=master)
+[![Standard Version](https://img.shields.io/badge/release-standard%20version-brightgreen.svg)](https://github.com/conventional-changelog/standard-version)
+[![Greenkeeper badge](https://badges.greenkeeper.io/nexdrew/which-module.svg)](https://greenkeeper.io/)
+
+Find the `module` object in `require.cache` for something that was `require()`d
+or `import`ed - essentially a reverse `require()` lookup.
+
+Useful for libs that want to e.g. lookup a filename for a module or submodule
+that it did not `require()` itself.
+
+## Install and Usage
+
+```
+npm install --save which-module
+```
+
+```js
+const whichModule = require('which-module')
+
+console.log(whichModule(require('something')))
+// Module {
+//   id: '/path/to/project/node_modules/something/index.js',
+//   exports: [Function],
+//   parent: ...,
+//   filename: '/path/to/project/node_modules/something/index.js',
+//   loaded: true,
+//   children: [],
+//   paths: [ '/path/to/project/node_modules/something/node_modules',
+//            '/path/to/project/node_modules',
+//            '/path/to/node_modules',
+//            '/path/node_modules',
+//            '/node_modules' ] }
+```
+
+## API
+
+### `whichModule(exported)`
+
+Return the [`module` object](https://nodejs.org/api/modules.html#modules_the_module_object),
+if any, that represents the given argument in the `require.cache`.
+
+`exported` can be anything that was previously `require()`d or `import`ed as a
+module, submodule, or dependency - which means `exported` is identical to the
+`module.exports` returned by this method.
+
+If `exported` did not come from the `exports` of a `module` in `require.cache`,
+then this method returns `null`.
+
+## License
+
+ISC © Contributors
+
+[opensourceregistry_package_id]: # (458260416784685e5ef3091fee54001785dd4360406aa3000315ff256eef6878)
--- a/node_modules/which-module/index.js
+++ b/node_modules/which-module/index.js
@@ -0,0 +1,9 @@
+'use strict'
+
+module.exports = function whichModule (exported) {
+  for (var i = 0, files = Object.keys(require.cache), mod; i < files.length; i++) {
+    mod = require.cache[files[i]]
+    if (mod.exports === exported) return mod
+  }
+  return null
+}
--- a/node_modules/which-module/package.json
+++ b/node_modules/which-module/package.json
@@ -0,0 +1,41 @@
+{
+  "name": "which-module",
+  "version": "2.0.1",
+  "description": "Find the module object for something that was require()d",
+  "main": "index.js",
+  "scripts": {
+    "pretest": "standard",
+    "test": "nyc ava",
+    "coverage": "nyc report --reporter=text-lcov | coveralls",
+    "release": "standard-version"
+  },
+  "files": [
+    "index.js"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/nexdrew/which-module.git"
+  },
+  "keywords": [
+    "which",
+    "module",
+    "exports",
+    "filename",
+    "require",
+    "reverse",
+    "lookup"
+  ],
+  "author": "nexdrew",
+  "license": "ISC",
+  "bugs": {
+    "url": "https://github.com/nexdrew/which-module/issues"
+  },
+  "homepage": "https://github.com/nexdrew/which-module#readme",
+  "devDependencies": {
+    "ava": "^2.0.0",
+    "coveralls": "^3.0.3",
+    "nyc": "^14.0.0",
+    "standard": "^14.0.0",
+    "standard-version": "^7.0.0"
+  }
+}