{"id":26328602,"url":"https://github.com/codesplinta/zhorn","last_synced_at":"2025-03-15T21:17:52.140Z","repository":{"id":190200616,"uuid":"682146372","full_name":"codesplinta/zhorn","owner":"codesplinta","description":"realtime page bot detection, XSS detection and performance analytics tracker for the web","archived":false,"fork":false,"pushed_at":"2024-04-12T23:48:23.000Z","size":116,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-04-14T10:25:08.930Z","etag":null,"topics":["bot-detection","instrumentation","monkey-patching","performance-analytics","xss-prevention","xxs-detection"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/codesplinta.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2023-08-23T14:38:37.000Z","updated_at":"2024-04-16T21:26:40.203Z","dependencies_parsed_at":null,"dependency_job_id":"fe005a86-5ed4-4699-80aa-05065cd2739a","html_url":"https://github.com/codesplinta/zhorn","commit_stats":null,"previous_names":["codesplinta/zhorn"],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codesplinta%2Fzhorn","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codesplinta%2Fzhorn/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codesplinta%2Fzhorn/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codesplinta%2Fzhorn/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/codesplinta","download_url":"https://codeload.github.com/codesplinta/zhorn/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243790997,"owners_count":20348386,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bot-detection","instrumentation","monkey-patching","performance-analytics","xss-prevention","xxs-detection"],"created_at":"2025-03-15T21:17:51.709Z","updated_at":"2025-03-15T21:17:52.130Z","avatar_url":"https://github.com/codesplinta.png","language":"JavaScript","readme":"[![Generic badge](https://img.shields.io/badge/PrefumeJS-yes-gold.svg)](https://shields.io/) [![Generic badge](https://img.shields.io/badge/URISanity-yes-brown.svg)](https://shields.io/) ![@isocroft](https://img.shields.io/badge/@isocroft-CodeSplinta-blue) [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](http://makeapullrequest.com)  [![JavaScript Style Guide](https://img.shields.io/badge/code_style-standard-brightgreen.svg)](https://standardjs.com) [![Made in Nigeria](https://img.shields.io/badge/made%20in-nigeria-008751.svg?style=flat-square)](https://github.com/acekyd/made-in-nigeria)\n\n# zhorn\nrealtime page bot detection, XSS detection and performance analytics tracker for the web\n\n## Installation\n\u003eInstall using `npm`\n\n```bash\n   npm install zhorn\n```\n\n\u003eOr install using `yarn`\n\n```bash\n   yarn add zhorn\n```\n\n### Browser\n\n\u003e Using a `script` tag directly inside a web page\n\n```html\n\u003cscript type=\"text/javascript\" src=\"https://unpkg.com/browse/zhorn@0.0.3/dist/zhorn.umd.js\" crossorigin=\"anonymous\"\u003e\u003c/script\u003e\n```\n\n### CommonJS\n\n```js\nconst { initializeBotDetector } = require('zhorn')\n```\n\n## Getting Started\nYou need to add the `\u003cmeta\u003e` tag (as specified below) to enable **Trusted Types** from the frontend or enable from the backend using [CSP Response Headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP).\n\n```html\n\u003c!-- CSP Whitelist ONLY --\u003e\n\u003cmeta http-equiv=\"Content-Security-Policy\" content=\"default-src 'self' blob:; script-src https://code.tidio.co http://code.tidio.co https://widget-v4.tidiochat.com 'self' 'sha256-BvzNrSckoP+jHUq6lGFL71O00yDzkfzBQFCqOQH3Tuo=' 'strict-dynamic'; style-src 'self' https://fonts.googleapis.com https://maxst.icons8.com; img-src 'self' https://cdnjs.cloudflare.com https://tidio-images-messenger.s3.amazonaws.com data:; media-src https://widget-v4.tidiochat.com; font-src 'self' https://widget-v4.tidiochat.com https://fonts.gstatic.com https://maxst.icons8.com; connect-src 'self' https://gatedapi.mysaasapp.com; worker-src 'self';\" /\u003e\n\n\u003c!-- OR: CSP Trusted Types Config ONLY --\u003e\n\n\u003cmeta http-equiv=\"Content-Security-Policy\" content=\"require-trusted-types-for 'script'; trusted-types dompurify zhornpuritan\"\u003e\n\n\u003c!-- OR: Both --\u003e\n\n\u003cmeta http-equiv=\"Content-Security-Policy\" content=\"default-src 'self' blob:; script-src https://code.tidio.co http://code.tidio.co https://widget-v4.tidiochat.com 'self' 'sha256-BvzNrSckoP+jHUq6lGFL71O00yDzkfzBQFCqOQH3Tuo=' 'strict-dynamic'; style-src 'self' https://fonts.googleapis.com https://maxst.icons8.com; img-src 'self' https://cdnjs.cloudflare.com https://tidio-images-messenger.s3.amazonaws.com data:; media-src https://widget-v4.tidiochat.com; font-src 'self' https://widget-v4.tidiochat.com https://fonts.gstatic.com https://maxst.icons8.com; connect-src 'self' https://gatedapi.mysaasapp.com; worker-src 'self'; require-trusted-types-for 'script'; trusted-types dompurify zhornpuritan\" /\u003e\n```\n\nAfterwards, you can import the project and begin the further setup\n\n```javascript\nimport {\n  initializeBotDetector,\n  initializeXSSDetector,\n  initializeNavigatorMetricsTracker\n} from \"zhorn\";\n\nconst { destroy: destroyBotDetector } = initializeBotDetector(\n  1500 /* :botCheckTimeout: */\n)\n\nconst { destroy: destroyXSSDetector } = initializeXSSDetector(\n  /* @HINT: You need to extract the whilelisted URLs from CSP white list */\n  /* @HINT: The CSP whitelist from the `\u003cmeta\u003e` tag or the CSP Response Headers */\n  [\n    \"https://code.tidio.co\",\n    \"http://code.tidio.co\",\n    \"https://widget-v4.tidiochat.com\",\n    \"https://fonts.googleapis.com\",\n    \"https://maxst.icons8.com\",\n    \"https://cdnjs.cloudflare.com\",\n    \"https://tidio-images-messenger.s3.amazonaws.com\",\n    \"https://fonts.gstatic.com\",\n    \"https://gatedapi.mysaasapp.com\",\n    \"https://apis.google-analytics.com\"\n  ],\n  (URISanity, payload) =\u003e {\n    const { origin } = new URL(payload.endpoint);\n\n    /* @HINT: Check that only the request params we need are attached */\n    /* @HINT: Any other extra params should not be allowed */\n    if (origin.includes('.google-analytics.')) {\n      if (URISanity.checkParamsOverWhiteList(\n        payload.endpoint,\n        ['tid', 'cid'],\n        payload.data\n      )) {\n        return;\n      }\n      throw new Error(\"URL query string not valid\")\n    }\n  }\n);\n\nconst { getInstance, destroy: destroyTracker } =  initializeNavigatorMetricsTracker(\n  10000 /* :maxMeasureTime: */\n)\n\nconst tracker = getInstance();\n\nwindow.addEventListener('beforeunload', function onBeforeUnLoad (event) {\n  /* @HINT: Free up memory */\n  destroyBotDetector()\n  destroyXSSDetector()\n  destroyTracker()\n\n  /* @HINT: Preserve the BF Cache */\n  /* @CHECK: https://web.dev/articles/bfcache */\n  window.removeEventListener('beforeunload', onBeforeUnLoad);\n\n  event.preventDefault();\n  event.returnValue = undefined;\n  return;\n});\n```\n\nOr you could create a ReactJS hook: **useZhornTracker()**\n\n```javascript\nimport { useState, useMemo } from \"react\";\nimport { useBeforePageUnload } from \"react-busser\";\nimport {\n  initializeBotDetector,\n  initializeXSSDetector,\n  initializeNavigatorMetricsTracker\n} from \"zhorn\";\n\nexport const useZhornTracker = (botCheckTimeout = 1500, maxMetricsMeasureTime = 10000, cspWhiteList = []) =\u003e {\n   const [{ destroy: destroyBotDetector }] = useState(() =\u003e initializeBotDetector(\n     botCheckTimeout /* :botCheckTimeout: */\n   ));\n   const [{ getInstance, destroy: destroyTracker }] = useState(() =\u003e initializeNavigatorMetricsTracker(\n     maxMetricsMeasureTime /* :maxMeasureTime: */\n   ));\n   const [{ destroy: destroyXSSDetector }] = useState(() =\u003e initializeXSSDetector(\n     /* @HINT: You need to extract the whilelisted URLs from CSP white list */\n     /* @HINT: The CSP whitelist from the `\u003cmeta\u003e` tag or the CSP Response Headers */\n     cspWhiteList,\n     (URISanity, payload) =\u003e {\n       const { origin } = new URL(payload.endpoint);\n   \n       /* @HINT: Check that only the request params we need are attached */\n       /* @HINT: Any other extra params should not be allowed */\n       if (origin.includes('.google-analytics.')) {\n         if (URISanity.checkParamsOverWhiteList(\n           payload.endpoint,\n           ['tid', 'cid'],\n           payload.data\n         )) {\n           return;\n         }\n         throw new Error(\"URL query string not valid\")\n       }\n     }\n   ));\n\n   useBeforePageUnload(() =\u003e {\n      const isClosed = window.closed;\n\n      setTimeout(() =\u003e {\n        if (isClosed || !window || window.closed) {\n          destroyBotDetector();\n          destroyTracker();\n          destroyXSSDetector();\n        }\n      }, 0);\n\n      return undefined;\n   }, { when: true });\n\n   return useMemo(() =\u003e getInstance(), []);\n};\n```\n\n## License\n\nApache 2.0 License\n\n## Browser Support\n\n- IE 11.0+\n- Edge 16.0+\n- Chrome 44.0+\n- Firefox 45.0+\n- Safari 12.0+\n- Opera 28.0+\n- Samsung Internet 4.0+\n\n## Contributing\n\nIf you wish to contribute to this project, you are very much welcome. Please, create an issue first before you proceed to create a PR (either to propose a feature or fix a bug). Make sure to clone the repo, checkout to a contribution branch and build the project before making modifications to the codebase.\n\nRun all the following command (in order they appear) below:\n\n```bash\n\n$ npm run lint\n\n$ npm run build\n\n$ npm run test\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodesplinta%2Fzhorn","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcodesplinta%2Fzhorn","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodesplinta%2Fzhorn/lists"}