🌐 Network Pro™ — Web Presence

Locking Down Networks, Unlocking Confidence™
Security, Networking, Privacy — Network Pro™

Table of Contents

• Changelog
• Repository Structure
• Getting Started
• Configuration
• Service Worker Utilities
• Debug Mode
• CSP Report Handler
• Testing
• Development Reference
• License
• Questions

  .
  ├── .github/
  │   └── workflows/                # CI workflows (e.g. test, deploy)
  ├── .vscode/
  │   ├── customData.json           # Custom CSS IntelliSense (e.g. FontAwesome)
  │   ├── extensions.json           # Recommended VS Code / VSCodium extensions
  │   ├── extensions.jsonc          # Commented version of extensions.json
  │   └── settings.json             # Workspace settings
  ├── netlify/
  │   ├── edge-functions/
  │   │   └── csp-report.js         # Receives CSP violation reports
  ├── scripts/                      # General-purpose utility scripts
  ├── src/
  │   ├── lib/                      # Components, utilities, types, styles
  │   │   ├── components/           # Svelte components
  │   │   ├── data/                 # Custom data (e.g. JSON, metadata, constants)
  │   │   └── utils/                # Helper utilities
  │   ├── routes/                   # SvelteKit pages (+page.svelte, +server.js)
  │   ├── app.html                  # Entry HTML (CSP meta, bootstrapping)
  │   ├── hooks.client.ts           # Client-side error handling
  │   ├── hooks.server.js           # Injects CSP headers and permissions policy
  │   └── service-worker.js         # Custom PWA service worker
  ├── static/                       # Public assets served at site root
  │   ├── pgp/                      # PGP keys and QR code images
  │   ├── disableSw.js              # Service worker bypass (via ?nosw param)
  │   ├── manifest.json             # PWA metadata
  │   ├── robots.txt                # SEO: allow/disallow crawlers
  │   └── sitemap.xml               # SEO: full site map
  ├── tests/
  │   ├── e2e/                      # Playwright end-to-end tests
  │   ├── internal/                 # Internal audit/test helpers
  │   │   └── auditCoverage.test.js # Warns about untested source modules
  │   └── unit/                     # Vitest unit tests
  ├── _redirects                    # Netlify redirect rules
  ├── CHANGELOG.md                  # Chronological record of notable project changes
  ├── netlify.toml                  # Netlify configuration
  ├── package.json                  # Project manifest (scripts, deps, etc.)
  └── ...

static/
├── pgp/
│   ├── contact@s.neteng.pro.asc       # Public key for secure email
│   ├── pgp-contact.png                # QR code (PNG) for secure email key
│   ├── pgp-contact.webp               # Optimized WebP version of the QR code
│   ├── pgp-security.png               # QR code (PNG) for security contact key
│   ├── pgp-security.webp              # WebP version of the security QR code
│   ├── pgp-support.png                # QR code (PNG) for support key
│   ├── pgp-support.webp               # WebP version of the support QR code
│   ├── security@s.neteng.pro.asc      # Public key for security contact
│   ├── support@neteng.pro.asc         # Public key for general support
└── ...

tests/
├── e2e/
│   ├── app.spec.js       # Desktop and mobile route tests
│   ├── mobile.spec.js    # Mobile-specific assertions
│   └── shared/
│       └── helpers.js    # Shared test utilities (e.g., getFooter, setDesktopView, setMobileView)
└── ...

_{Back to top}

git clone https://github.com/netwk-pro/netwk-pro.github.io.git
cd netwk-pro.github.io
cp .env.template .env
npm install
npx playwright install

_{Back to top}

_{Back to top}

if (location.search.includes('nosw')) {
  window.__DISABLE_SW__ = true;
}

https://netwk.pro/?nosw

import { registerServiceWorker } from '$lib/registerServiceWorker.js';

registerServiceWorker();

_{Back to top}

https://netwk.pro/?debug=true

netlify/edge-functions/csp-report.js

Content-Security-Policy: ...; report-uri /api/csp-report;

_{Back to top}

npm install

npx playwright install

npm run test:client     # Run client-side unit tests with Vitest
npm run test:server     # Run server-side unit tests with Vitest
npm run test:all        # Run full test suite
npm run test:watch      # Watch mode for client tests
npm run test:coverage   # Collect code coverage reports
npm run test:e2e        # Runs Playwright E2E tests (with one retry on failure)

# Run Lighthouse CI (via @lhci/cli) using the current build
npm run lhci:run

# Install globally (if not already installed)
npm install -g lighthouse

# Run Lighthouse manually against a deployed site
lighthouse https://netwk.pro --view

_{Back to top}

_{Back to top}

_{Back to top}

_{Back to top}

Designed for professionals. Hardened for privacy. Built with intent.
— Network Pro Strategies

Changelog

All notable changes to this project will be documented in this file.

This project attempts to follow Keep a Changelog, though versioning and formatting may vary.

Unreleased

1.14.1 - 2025-06-16

Changed

• Updated Node.js engine to 24 to match the specified engine constraints in package.json.
• Reordered npm ci step to follow Node.js and npm setup to prevent version mismatches during simulation steps.
• Refactored build-and-publish.yml to use git archive for artifact preparation and aligned it with a tested publishing flow.
• Removed .npmrc token-based authentication in favor of environment secrets to avoid credential conflicts.

Added

• Introduced .github/workflows/publish-test.yml, a standalone workflow to safely simulate npm publish without publishing.
• Added commands to display Node.js and npm versions for visibility and troubleshooting in all relevant jobs.

1.14.0 - 2025-06-16

Changed

• Commented out registry and auth lines in .npmrc, retaining only engine-strict=true to streamline CI token handling and prevent conflicts

Reverted

• Temporarily reverted build-and-publish.yml to prior, working workflow to confirm publish capability before attempting archive-based improvements

1.13.8 - 2025-06-16

Added

• Added cryptomator.png and cryptomator.webp images for use in the FOSS Spotlight route
• Imported assets via image utility (src/lib/images.js) as cryptomPng and cryptomWbp
• Introduced cryptomator entry to fossData.js
• Added COMMIT_GUIDE.md to help standardize commit message formatting across contributions

Changed

• Updated build-and-publish.yml to use an allowlist-based upload approach, explicitly including root-level files and directories (.github/, .vscode/, netlify/, scripts/, src/, static/, and tests/)
• Updated meta author field in app.html to Scott Lopez
• Version bumped to v1.13.8
• Upgraded dependencies:
  • postcss updated from ^8.5.5 → ^8.5.6
  • posthog-js updated from ^1.252.1 → ^1.253.4

1.13.7 - 2025-06-15

Changed

• Added pre-publish steps in build-and-publish.yml to recursively list all files and top-level directory contents for auditing
• Version bumped to v1.13.7

1.13.6 - 2025-06-15

Added

• Introduced .github/workflows/check-codeql.yml reusable workflow to validate successful CodeQL analysis during CI
• Added .github/workflows/templates/check-codeql.template.yml for documentation and workflow templating purposes

Changed

• Replaced inline check-codeql job in .github/workflows/build-and-publish.yml with call to reusable workflow
• Updated .node-version and .nvmrc from 24.1.0 → 24.2.0 to reflect upgraded Node.js binary
• Replaced ℹ️ symbol with 🛈 in bootstrap.local.sh to improve clarity in terminals
• Version bumped to v1.13.6
• Upgraded dependencies:
  • posthog-js updated from 1.252.0 → 1.252.1

1.13.5 - 2025-06-14

Added

• Introduced links/ and posts/ redirect routes for improved navigation and backward compatibility
• Added proton-img and qrcode-img utility classes to global stylesheet to eliminate inline styles in PGPContent.svelte
• Set decoding="sync" and loading="eager" on the first QR code image and the Proton Mail badge to improve perceived load performance and visual smoothness
• Added rel="noopener noreferrer" support to RedirectPage.svelte, now used by the new /links and /posts routes
• Revised obtainium-img class in stylesheets to improve Obtainium image rendering on mobile and enhance overall clarity
• Added a new scripts/bootstrap.local.sh script to streamline local development setup, including OS detection and Playwright dependencies
• Added a new “Environment Requirements” Wiki page to consolidate Node version constraints, setup instructions, and local dev tooling guidance
• Replaced the detailed "Getting Started" section in README.md with a concise reference to the Wiki and a minimal quickstart snippet

Changed

• Promoted Node.js and npm version enforcement details from README to the Wiki for centralized documentation
• Removed low-priority CSP report filtering in csp-report.js to allow all violations to be logged and reviewed
• Reordered CSS rules to resolve no-descending-specificity warnings triggered by focus selectors
• Updated HeaderHome.svelte and HeaderDefault.svelte to use PAGE.SELF and PAGE.BLANK constants for target behavior
• Updated AboutContent.svelte to use application constant instead of hardcoded value
• Removed unused COMPANY_INFO destructured constant from PGPContent.svelte
• Upgraded dependencies:
  • svelte updated from 5.34.1 → 5.34.3
• Fixed schema warning in GitHub issue template by replacing assignees: [] with assignees: SunDevil311
• Version bumped to v1.13.5

Fixed

• Restored consistent :visited link color by forcing color: #cba557 !important across all visited interaction states
• Prevented gold-on-gold text issue when focusing visited links
• Rolled back enhanced :focus-visible styles to resolve flicker and override conflicts during fast navigation

Removed

• Removed unneeded demo unit test (demo.test.js) from tests/unit

1.13.4 - 2025-06-13

Changed

• Version bumped to v1.13.4
• Replaced legacy detached signature file security.txt.asc with a new security.txt.sig format for consistency and clarity

1.13.3 - 2025-06-13

Changed

• Upgraded dependencies:
  • @eslint/js updated from ^9.28.0 → ^9.29.0
  • @sveltejs/kit updated from 2.21.4 → 2.21.5
  • eslint updated from ^9.28.0 → ^9.29.0
• Updated generator meta tag in app.html to reflect SvelteKit 2.21.5
• Added note to .well-known/security.txt clarifying detached signature availability
• Replaced "Recommended Toolchain," "Tooling Configuration," and "Available Scripts" sections in README.md with a new “Development Reference” section linking to the Wiki
• Removed static/styles/ directory, as the stylesheets are now dynamically imported
• Removed stylesheets from static/styles from the Service Worker cache configuration
• Removed scripts/flattenHeaders.js and scripts/validateHeader.js, which were originally designed for the deprecated _headers file
• Version bumped to v1.13.3

1.13.2 - 2025-06-12

Changed

• Version bumped to v1.13.2
• Updated a:visited color to #cba557 for improved contrast and aesthetics
• Refined a:active color to #e0b000 for clearer interaction feedback
• Confirmed all link colors meet WCAG AA contrast standards against #191919 background

1.13.1 - 2025-06-12

Added

• Modularized ObtainiumBlock.svelte component for cleaner integration in FossItemContent.svelte
• heliboard.json Obtainium configuration file for download
• Dark mode-compatible styling for Obtainium blocks in the main stylesheet

Changed

• Version bumped to v1.13.1
• Removed unnecessary PostHog preload script from app.html
• Removed script-src-elem 'self' 'unsafe-inline' from CSP policy
• Replaced existing Obtainium images with optimized versions
• Revised <title> metadata for the root route
• Commented out debugging console.log statements in the following files:
  • Badges.svelte
  • LegalNav.svelte
  • MetaTags.svelte
  • Footer.svelte
  • FossItemContent.svelte
  • FossContent.svelte
  • HomeContent.svelte
  • LicenseContent.svelte
  • TermsConditionsContent.svelte
• Revised type definitions in src/lib/types/fossTypes.js
  • Added optional obtainium property to FossItem
  • Removed unused hideLabels property
• Refactored FossItemContent.svelte to better support and display Obtainium download links and metadata
• Updated README.md to reflect the correct location of the static/pgp/ directory
• Revised the hooks.server.js section in README.md to improve accuracy and reflect current CSP behavior
• Updated tests/e2e/app.spec.js to assert the correct title for the root route
• Upgraded dependencies:
  • posthog-js ^1.250.2 → ^1.252.0
  • eslint-plugin-jsdoc ^50.8.0 → ^51.0.1

1.13.0 - 2025-06-11

Added

• Introduced /pgp route to publish OpenPGP contact information, download links, and QR codes
• Added .well-known/humans.txt to document project authorship
• Added .well-known/security.txt to define the official security contact and vulnerability disclosure policy
• Linked OpenPGP keys to external directories for validation (e.g. keys.openpgp.org)
• Added new GitHub Actions workflow: check-security-txt-expiry.yml to monitor security.txt expiration

Changed

• Enforced "singleQuote": true in .prettierrc and formatted the codebase using Prettier
• Updated src/service-worker.js to exclude security.txt.asc from caching
• CSP policy updated to allow clipboard-write for improved UX on PGP fingerprint buttons
• Clarified that addresses under the s.neteng.pro domain are powered by Proton Mail and support native E2EE
• Revised SECURITY.md and security.txt with accurate Proton Mail usage notes and PGP policy references

Removed

• Legacy reference to a "coming soon" PGP section in SECURITY.md (now live and linked)

1.12.9 - 2025-06-11

Added

• Added check-security-txt-expiry.yml workflow to check .well-known/security.txt expiration and warn if close to expiring
• Added humans.txt and security.txt to .well-known/ directory
• Added src/lib/components/CodeBlock.svelte component for improved inline formatting control
• Updated sitemap.xml to include .well-known/ routes and the /pgp route
• Added link to OpenPGP results for `security@s.neteng.proon the/pgp` route
• Added support for copy-to-clipboard feedback on PGP fingerprint buttons
• Added detached signature (security.txt.asc) for .well-known/security.txt, signed with the `security@s.neteng.pro` PGP key

Changed

• Version bump to v1.12.9 in package.json
• Corrected the name of dnt-policy.txt from dnt-policy-1.0.txt
• Updated src/service-worker.js to:
  • Reflect correct .well-known/dnt-policy.txt reference
  • Exclude .well-known/security.txt.asc from caching
• Applied line breaks to comment header in jsconfig.template.jsonc to fix formatting
• Minor revision to spreadsheet display and fingerprint formatting for improved mobile responsiveness
• Revised .github/SECURITY.md:
  • Removed note about “PGP section coming soon to the wiki” (now live)
  • Clarified Proton Mail use for s.neteng.pro addresses, while preserving support guidance for others
  • Streamlined vulnerability reporting section for clarity and correctness
• Updated Content Security Policy (CSP) header to allow clipboard-write permission
• Added Proton Mail usage note to /pgp route UI for s.neteng.pro domain only
• Added equivalent Proton Mail usage comment to .well-known/security.txt
• Upgraded dependencies:
  • @eslint/compat ^1.2.9 → ^1.3.0
  • eslint-plugin-jsdoc ^50.7.1 → ^50.8.0
  • postcss ^8.5.4 → ^8.5.5
  • posthog-js ^1.250.1 → ^1.250.2
  • svelte 5.33.19 → 5.34.1

1.12.8 - 2025-06-11

Added

• Created /pgp route with +page.svelte, +page.server.js, and supporting structure.
• Added src/lib/pages/PGPContent.svelte for rendering PGP key information.
• Dynamic routing with src/routes/pgp/[key]/+server.js for serving .asc files with correct MIME type (application/pgp-keys).
• Support for serving QR code images statically in /pgp and dynamically in /about.
• Added WebP versions of QR code images in static/pgp/ and src/lib/img/qr/.
• Set up dynamic import for QR images in /about route via src/lib/images.js.
• Enhanced accessibility styles for focus-visible states on links.
• Improved copy-to-clipboard buttons for PGP fingerprints.
• Defined ContactAssets typedef and expanded pgpKeys data structure for strict typing.
• README updated with new section: static/pgp/ Directory Structure.

Changed

• Modified /about route to reference /pgp and use dynamic WebP images for PGP keys.
• Adjusted src/lib/meta.js to include metadata for the /pgp route.
• Canonical links in static/bin/CC-BY-4.0.html and static/bin/COPYING.html updated to reflect new paths.
• Service worker updated to exclude .asc files in /pgp, while continuing to cache QR image assets.
• Moved license and binary files from static/assets to static/bin.
• File paths updated on the /license route to reflect the new /bin/license location.
• Updated sitemap.xml.
• Updated .prettierignore to ignore static/bin/license.
• Updated LinkSheet download in FossItemContent.svelte to reference bin/linksheet.json.
• Added dynamic lsheetDl constant in fossData.js.
• Updated TermsConditionsContent.svelte to point to bin/consulting-terms.pdf.
• Updated LicenseContent.svelte to:
  • View HTML license file.
  • Use download attribute for all other formats.
• Updated generator meta tag to reflect SvelteKit 2.21.4
• Upgraded dependencies:
  • @playwright/test updated from ^1.52.0 → ^1.53.0
  • @sveltejs/kit updated from 2.21.3 → 2.21.4
  • eslint-plugin-svelte updated from ^3.9.1 → ^3.9.2
  • playwright updated from ^1.52.0 → ^1.53.0
  • posthog-js updated from ^1.249.5 → ^1.250.1
  • svelte updated from 5.33.18 → 5.33.19

Fixed

• Resolved TypeScript and JSDoc typing errors in AboutContent.svelte and PGPContent.svelte.
• Verified fallback behavior on /pgp/[key] for unknown files:
  • .asc files return "File not found".
  • All others fall through to 404.
• Adjusted function copy(text) with explicit JSDoc type for parameter.
• Removed stale references to deleted assets in service worker config.

1.12.7 - 2025-06-09

Changed

• Permissions in playwright.yml reduced to contents: read to align with least-privilege practices.
• Renamed "Upload Playwright Report" step for clarity and naming consistency.
• Patch version bumped to v1.12.7 to reflect post-tag changes.

Security

• Explicit GITHUB_TOKEN permissions added to .github/workflows/build-and-publish.yml to satisfy GitHub policy while preserving least-privilege.
• Reviewed and reduced permissions in playwright.yml to contents: read as no elevated scopes are currently required.
• Confirmed auto-assign.yml uses appropriate scopes for issue/PR auto-assignment (issues: write, pull-requests: write, contents: read).
• Validated that dependency-review.yml and backup-branch.yml are properly scoped; no changes required.

1.12.6 - 2025-06-09

Added

• Enabled non-blocking Lighthouse CI budget assertions to track performance/resource regressions without blocking the build.
• Added GitHub Actions step to annotate PRs with budget-related audit failures and post a markdown summary comment.
• Introduced a dedicated Authenticate GitHub CLI step in the Lighthouse workflow to ensure proper auth for comment posting.
• Added /legal, /legal/, and /legal/* redirects to Netlify _redirects file, pointing to /license.
• Added /privacy-policy/ and /privacy-policy/* redirects to match existing /privacy-policy route.
• Created scripts/openReport.js, a cross-platform Node.js utility for opening HTML coverage reports for client and server test runs. Executed via coverage:client and coverage:server scripts in package.json.
• Added coverage:client, coverage:server, and coverage:open scripts to package.json to simplify access to generated test coverage reports from the CLI.

Changed

• Bumped patch version to v1.12.6.
• Updated Lighthouse CI workflow to upload the entire .lighthouseci/ directory as a single artifact instead of renaming individual files.
• Updated ESLint config (eslint.config.mjs) to ignore **/playwright-report/** and **/test-results/**.
• Updated lint:md script in package.json to exclude playwright-report/ and test-results/ from markdownlint.
• Added playwright-report/ and test-results/ to .stylelintignore to suppress stylelint noise on generated reports.
• Upgraded @lhci/cli from v0.14.0 to v0.15.0.
• Upgraded @vitest/coverage-v8 from v3.2.2 to v3.2.3.
• Upgraded posthog-js from v1.249.4 to v1.249.5.
• Upgraded vitest from v3.2.2 to v3.2.3.

Fixed

• Updated Lighthouse CI annotation step to explicitly select only valid Lighthouse report files (e.g., *.report.json, lhr-*.json) and ignore assertion-results.json, which caused jq parsing errors during CI runs.
• Scoped Lighthouse assertions in .lighthouserc.cjs to resource-summary only, preventing unwanted failures from default performance audits.
• Resolved malformed PR comment formatting in the Lighthouse GitHub Actions workflow by replacing Markdown tables with plain-text bullet lists.

Docs

• Updated README.md with improved context and phrasing around the CHANGELOG reference.

• Added CHANGELOG.md to the documented project structure with a descriptive label:

  ├── CHANGELOG.md # Chronological record of notable project changes

Misc

• Confirmed that Authenticate GitHub CLI is not needed in build-and-publish.yml, as only the check-codeql job uses the GitHub CLI and is already authenticated.
• Verified that scripts/openReport.js does not require unit testing, as it performs side-effect-only CLI actions. Linting and manual testing are sufficient.

1.12.5 - 2025-06-08

Added

• Added squircle section to src/lib/data/fossData.js.
• Added Squircle CE images to src/lib/img/ and imported them via the image utility (src/lib/images.js).

Changed

• Quoted name and steps.name fields in auto-assign.yml and dependency-review.yml to prevent potential YAML parsing issues.
• Replaced GITHUB_TOKEN with NWPRO_GPR in the build-and-publish.yml workflow.
• Upgraded svelte to v5.33.18 and @sveltejs/kit to v2.21.3.
• Updated the generator meta tag in app.html to reflect the new @sveltejs/kit version.
• Updated "Last Updated" date in FossContent.svelte to reflect the Squircle CE post addition.
• Revised page modification dates in sitemap.xml for FOSS Spotlight, Privacy Policy, and Legal, Licensing, and Copyright.

Removed

• Removed unused GITHUB_TOKEN permissions from build-and-publish.yml.
• Removed the unnecessary "Authenticate GitHub CLI" step from build-and-publish.yml.

1.12.4 - 2025-06-05

Added

• Introduced .md-smart-quotes.js script for use with markdownlint to flag "smart quotes" in Markdown files.

Changed

• Cleaned up IGNORE_PATHS in src/service-worker.js: removed the static/docs/ entry, as the directory no longer exists.
• Upgraded development dependencies:
  • @vitest/coverage-v8
  • posthog-js
  • vitest
• Corrected the "Effective Date" in LICENSE.md.
• Refactored .markdownlint.jsonc into .markdownlint.mjs to support the custom linting script.

Removed

• Removed the entire static/docs/ directory; its contents have been migrated to the Wiki.

1.12.3 - 2025-06-04

Added

• static/docs/pgp.md, pgp-win.md, and pgp-email.md added for reference.
  These files have been temporarily stored until they can be migrated to the wiki.

Changed

• Added the new Markdown files in static/docs to the service-worker.js cache ignore list.

1.12.2 – 2025-06-04

Changed

• LicenseContent component updated to reflect the correct "Effective Date."

1.12.1 – 2025-06-04

Added

• Standardized issue templates and contact links in .github/ISSUE_TEMPLATE/config.yml for consistent triage experience across repositories.
• Shared health files (SUPPORT.md, CONTRIBUTING.md, SECURITY.md) retained in .github for fallback visibility.
• Centralized issue submission and triage via main repository (netwk-pro.github.io) for all public projects.

Changed

• Updated .github structure to delegate issue creation to the main repository only, simplifying user flow and internal tracking.
• Reorganized public repositories to override the default .github issue config selectively as needed.

Removed

• Removed unused local issue templates from .github to prevent template duplication in dependent repositories.

1.12.0 – 2025-06-04

Added

• Initial scaffolding for tracking preferences store using SvelteKit writable stores.
• PrivacyDashboard and PrivacyContent components updated to bind to the reactive tracking store.
• Derived store for automatic re-consent prompts (remindUserToReconsent).
• Consent cookie logic added for first-time and returning users.
• First iteration of PostHog integration.
• sr-only utility class added to global.min.css for accessibility improvements.
• Support disclaimer added to Legal, Copyright, and Licensing section.
• Privacy dashboard UI elements and opt-in interface.

Changed

• Migrated tracking preference logic from utils/privacy.js and utils/trackingCookies.js to a store-based architecture.
• Updated posthog.js to consume new trackingPreferences store.
• Improved inline documentation for Netlify adapter-edge settings.

Removed

• Deprecated shouldTrackUser() logic and legacy cookie checks.