From 9a20c9f2b393f06eafbf657641107f0e0d0825dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Muhammed=20Tanr=C4=B1kulu?= <md.tanrikulu@gmail.com>
Date: Tue, 24 Sep 2024 01:40:24 +0200
Subject: [PATCH] increase coverage, add header test, allow octet-stream as a
 mimetype

---
 package.json            |   4 +-
 src/utils/isImageURI.ts |  28 ++--
 src/utils/resolveURI.ts |  64 +++++++-
 test/resolver.test.ts   | 126 +++++++++++++++-
 test/utils.test.ts      | 324 ++++++++++++++++++++++++++++++++++++++++
 tsconfig.json           |   1 +
 yarn.lock               |  31 ++++
 7 files changed, 560 insertions(+), 18 deletions(-)

diff --git a/package.json b/package.json
index 183d0ce..75269db 100644
--- a/package.json
+++ b/package.json
@@ -1,5 +1,5 @@
 {
-  "version": "1.0.0",
+  "version": "1.0.1",
   "license": "MIT",
   "main": "dist/index.js",
   "module": "dist/index.esm.js",
@@ -57,9 +57,11 @@
     "@size-limit/preset-small-lib": "^11.0.1",
     "@types/dompurify": "^3.0.5",
     "@types/jsdom": "^21.1.6",
+    "@types/moxios": "^0.4.17",
     "@types/url-join": "^4.0.1",
     "dotenv": "^16.3.1",
     "esbuild": "^0.14.21",
+    "moxios": "^0.4.0",
     "nock": "^13.2.2",
     "rollup": "^4.9.1",
     "size-limit": "^11.0.1",
diff --git a/src/utils/isImageURI.ts b/src/utils/isImageURI.ts
index 1302129..98a8eca 100644
--- a/src/utils/isImageURI.ts
+++ b/src/utils/isImageURI.ts
@@ -4,6 +4,7 @@ import { Buffer } from 'buffer/';
 import { fetch } from './fetch';
 
 export const ALLOWED_IMAGE_MIMETYPES = [
+  'application/octet-stream',
   'image/jpeg',
   'image/png',
   'image/gif',
@@ -16,6 +17,14 @@ export const ALLOWED_IMAGE_MIMETYPES = [
   'image/jxl',
 ];
 
+export const IMAGE_SIGNATURES = {
+  'FFD8FF': 'image/jpeg',
+  '89504E47': 'image/png',
+  '47494638': 'image/gif',
+  '424D': 'image/bmp',
+  'FF0A': 'image/jxl',
+};
+
 const MAX_FILE_SIZE = 300 * 1024 * 1024; // 300 MB
 
 function isURIEncoded(uri: string): boolean {
@@ -56,19 +65,18 @@ async function isStreamAnImage(url: string): Promise<boolean> {
     if (response.data instanceof ArrayBuffer) {
       magicNumbers = new DataView(response.data).getUint32(0).toString(16);
     } else {
+      if (
+        !response.data ||
+        typeof response.data === 'string' ||
+        !('readUInt32BE' in response.data)
+      ) {
+        throw 'isStreamAnImage: unsupported data, instance is not BufferLike';
+      }
       magicNumbers = response.data.readUInt32BE(0).toString(16);
     }
 
-    const imageSignatures = [
-      'ffd8ff', // JPEG
-      '89504e47', // PNG
-      '47494638', // GIF
-      '424d', // BMP
-      'ff0a', // JPEG XL
-    ];
-
-    const isBinaryImage = imageSignatures.some(signature =>
-      magicNumbers.startsWith(signature)
+    const isBinaryImage = Object.keys(IMAGE_SIGNATURES).some(signature =>
+      magicNumbers.toUpperCase().startsWith(signature)
     );
 
     // Check for SVG image
diff --git a/src/utils/resolveURI.ts b/src/utils/resolveURI.ts
index 5d5c9d2..0cec0ec 100644
--- a/src/utils/resolveURI.ts
+++ b/src/utils/resolveURI.ts
@@ -2,6 +2,7 @@ import urlJoin from 'url-join';
 
 import { Gateways } from '../types';
 import { isCID } from './isCID';
+import { IMAGE_SIGNATURES } from './isImageURI';
 
 const IPFS_SUBPATH = '/ipfs/';
 const IPNS_SUBPATH = '/ipns/';
@@ -9,6 +10,67 @@ const networkRegex = /(?<protocol>ipfs:\/|ipns:\/|ar:\/)?(?<root>\/)?(?<subpath>
 const base64Regex = /^data:([a-zA-Z\-/+]*);base64,([^"].*)/;
 const dataURIRegex = /^data:([a-zA-Z\-/+]*)?(;[a-zA-Z0-9].*?)?(,)/;
 
+function _getImageMimeType(uri: string) {
+  const base64Data = uri.replace(base64Regex, '$2');
+  const buffer = Buffer.from(base64Data, 'base64');
+
+  if (buffer.length < 12) {
+    return null; // not enough data to determine the type
+  }
+
+  // get the hex representation of the first 12 bytes
+  const hex = buffer.toString('hex', 0, 12).toUpperCase();
+
+  // check against magic number mapping
+  for (const [magicNumber, mimeType] of Object.entries({
+    ...IMAGE_SIGNATURES,
+    '52494646': 'special_webp_check',
+    '3C737667': 'image/svg+xml',
+  })) {
+    if (hex.startsWith(magicNumber.toUpperCase())) {
+      if (mimeType === 'special_webp_check') {
+        return hex.slice(8, 12) === '5745' ? 'image/webp' : null;
+      }
+      return mimeType;
+    }
+  }
+
+  return null;
+}
+
+function _isValidBase64(uri: string) {
+  if (typeof uri !== 'string') {
+    return false;
+  }
+
+  // check if the string matches the Base64 pattern
+  if (!base64Regex.test(uri)) {
+    return false;
+  }
+
+  const [header, str] = uri.split('base64,');
+
+  const mimeType = _getImageMimeType(uri);
+
+  if (!mimeType || !header.includes(mimeType)) {
+    return false;
+  }
+
+  // length must be multiple of 4
+  if (str.length % 4 !== 0) {
+    return false;
+  }
+
+  try {
+    // try to encode/decode the string, to see if matches
+    const buffer = Buffer.from(str, 'base64');
+    const encoded = buffer.toString('base64');
+    return encoded === str;
+  } catch (e) {
+    return false;
+  }
+}
+
 function _replaceGateway(uri: string, source: string, target?: string) {
   if (uri.startsWith(source) && target) {
     try {
@@ -28,7 +90,7 @@ export function resolveURI(
   customGateway?: string
 ): { uri: string; isOnChain: boolean; isEncoded: boolean } {
   // resolves uri based on its' protocol
-  const isEncoded = base64Regex.test(uri);
+  const isEncoded = _isValidBase64(uri);
   if (isEncoded || uri.startsWith('http')) {
     uri = _replaceGateway(uri, 'https://ipfs.io/', gateways?.ipfs);
     uri = _replaceGateway(uri, 'https://arweave.net/', gateways?.arweave);
diff --git a/test/resolver.test.ts b/test/resolver.test.ts
index 78f8744..ca5bdde 100644
--- a/test/resolver.test.ts
+++ b/test/resolver.test.ts
@@ -92,13 +92,14 @@ function jsonRpcResult(result: string): JsonRpcResult {
   };
 }
 
+const provider = new JsonRpcProvider(INFURA_URL.toString(), 'mainnet');
+const avt = new AvatarResolver(provider, {
+  apiKey: {
+    opensea: 'api-key',
+  },
+});
+
 describe('get avatar', () => {
-  const provider = new JsonRpcProvider(INFURA_URL.toString(), 'mainnet');
-  const avt = new AvatarResolver(provider, {
-    apiKey: {
-      opensea: 'a2b184238ee8460d9d2f58b0d3177c23',
-    },
-  });
   it('retrieves image uri with erc721 spec', async () => {
     mockInfuraChainId();
 
@@ -518,3 +519,116 @@ describe('get avatar', () => {
   //   expect(await avt.getAvatar({ ens: 'testname.eth' })).toMatch(/^(data:image\/svg\+xml;base64,).*$/);
   // });
 });
+
+describe('get banner/header', () => {
+  it('retrieves image uri with custom spec', async () => {
+    mockInfuraChainId();
+
+    nockInfuraBatch(
+      [
+        ethCallParams(
+          ENSRegistryWithFallback.toString(),
+          '0x0178b8bfb47a0edaf3c702800c923ca4c44a113d0d718cb1f42ecdce70c5fd05fa36a63f'
+        ),
+        chainIdParams(),
+        ethCallParams(
+          ENSRegistryWithFallback.toString(),
+          '0x0178b8bfb47a0edaf3c702800c923ca4c44a113d0d718cb1f42ecdce70c5fd05fa36a63f'
+        ),
+      ],
+      [
+        jsonRpcResult(
+          '0x0000000000000000000000004976fb03c32e5b8cfe2b6ccb31c09ba78ebaba41'
+        ),
+        jsonRpcResult('0x1'),
+        jsonRpcResult(
+          '0x0000000000000000000000004976fb03c32e5b8cfe2b6ccb31c09ba78ebaba41'
+        ),
+      ]
+    );
+    nockInfuraBatch(
+      [
+        ethCallParams(
+          PublicResolver.toLowerCase(),
+          '0x01ffc9a79061b92300000000000000000000000000000000000000000000000000000000'
+        ),
+        chainIdParams(),
+      ],
+      [
+        jsonRpcResult(
+          '0x0000000000000000000000000000000000000000000000000000000000000000'
+        ),
+        jsonRpcResult('0x1'),
+      ]
+    );
+    nockInfuraBatch(
+      [
+        ethCallParams(
+          PublicResolver.toLowerCase(),
+          '0x3b3b57deb47a0edaf3c702800c923ca4c44a113d0d718cb1f42ecdce70c5fd05fa36a63f'
+        ),
+        chainIdParams(),
+      ],
+      [
+        jsonRpcResult(
+          '0x0000000000000000000000000d59d0f7dcc0fbf0a3305ce0261863aaf7ab685c'
+        ),
+        jsonRpcResult('0x1'),
+      ]
+    );
+    nockInfuraBatch(
+      [
+        ethCallParams(
+          PublicResolver.toLowerCase(),
+          '0x01ffc9a79061b92300000000000000000000000000000000000000000000000000000000'
+        ),
+        chainIdParams(),
+      ],
+      [
+        jsonRpcResult(
+          '0x0000000000000000000000000000000000000000000000000000000000000000'
+        ),
+        jsonRpcResult('0x1'),
+      ]
+    );
+
+    nockInfuraBatch(
+      [
+        ethCallParams(
+          PublicResolver.toLowerCase(),
+          '0x59d1d43cb47a0edaf3c702800c923ca4c44a113d0d718cb1f42ecdce70c5fd05fa36a63f000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000066865616465720000000000000000000000000000000000000000000000000000'
+        ),
+        chainIdParams(),
+      ],
+      [
+        jsonRpcResult(
+          '0x0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000004368747470733a2f2f697066732e696f2f697066732f516d55536867666f5a5153484b3354517975546655707363385566654e6644384b77505576444255645a346e6d520000000000000000000000000000000000000000000000000000000000'
+        ), // Encoded HEADER URI
+        jsonRpcResult('0x1'),
+      ]
+    );
+
+
+    const HEADER_URI_TANRIKULU = new URL(
+      'https://ipfs.io/ipfs/QmUShgfoZQSHK3TQyuTfUpsc8UfeNfD8KwPUvDBUdZ4nmR'
+    );
+
+    /* mock head call */
+    nock(HEADER_URI_TANRIKULU.origin)
+      .head(HEADER_URI_TANRIKULU.pathname)
+      .reply(200, {}, {
+        ...CORS_HEADERS,
+        'content-type': 'image/png',
+      } as any);
+    /* mock get call */
+    nock(HEADER_URI_TANRIKULU.origin)
+      .get(HEADER_URI_TANRIKULU.pathname)
+      .reply(200, {}, {
+        ...CORS_HEADERS,
+        'content-type': 'image/png',
+      } as any);
+    expect(await avt.getHeader('tanrikulu.eth')).toEqual(
+      'https://ipfs.io/ipfs/QmUShgfoZQSHK3TQyuTfUpsc8UfeNfD8KwPUvDBUdZ4nmR'
+    );
+  });
+});
diff --git a/test/utils.test.ts b/test/utils.test.ts
index bbc79c5..7cd92b4 100644
--- a/test/utils.test.ts
+++ b/test/utils.test.ts
@@ -1,8 +1,13 @@
+import { JSDOM } from 'jsdom';
+import moxios from 'moxios';
+import { fetch } from '../src/utils';
 import { CID } from 'multiformats/cid';
 import {
+  ALLOWED_IMAGE_MIMETYPES,
   assert,
   BaseError,
   isCID,
+  isImageURI,
   parseNFT,
   resolveURI,
   getImageURI,
@@ -24,6 +29,7 @@ describe('resolve ipfs', () => {
     'ipns/QmZHKZDavkvNfA9gSAg7HALv8jF7BJaKjUc9U2LSuvUySB/1.json',
     'ipns/ipns.com',
     '/ipns/github.com',
+    'https://ipfs.io/ipfs/QmZHKZDavkvNfA9gSAg7HALv8jF7BJaKjUc9U2LSuvUySB',
   ];
 
   const arweaveCases = [
@@ -53,6 +59,13 @@ describe('resolve ipfs', () => {
     }
   });
 
+  it('resolve different ipfs uri cases with custom gateway', () => {
+    for (let uri of ipfsCases) {
+      const { uri: resolvedURI } = resolveURI(uri, { ipfs: 'https://custom-ipfs.io' });
+      expect(resolvedURI).toMatch(/^https:\/\/custom-ipfs.io\/?/);
+    }
+  });
+
   it('resolve http and base64 cases', () => {
     for (let uri of httpOrDataCases) {
       const { uri: resolvedURI } = resolveURI(uri);
@@ -195,3 +208,314 @@ describe('remove refresh meta tags', () => {
     expect(result).toBe(sanitizedBase64svg);
   });
 });
+
+describe('getImageURI', () => {
+  const jsdomWindow = new JSDOM().window;
+
+  it('should throw an error when image is not available', () => {
+    expect(() => getImageURI({ metadata: {}, jsdomWindow })).toThrow(
+      'Image is not available'
+    );
+  });
+
+  it('should handle image_url', () => {
+    const result = getImageURI({
+      metadata: { image_url: 'https://example.com/image.png' },
+      jsdomWindow,
+    });
+    expect(result).toBe('https://example.com/image.png');
+  });
+
+  it('should handle image_data', () => {
+    const svgData =
+      '<svg xmlns="http://www.w3.org/2000/svg"><rect width="100" height="100"/></svg>';
+    const result = getImageURI({
+      metadata: { image_data: svgData },
+      jsdomWindow,
+    });
+    expect(result).toMatch(/^data:image\/svg\+xml;base64,/);
+  });
+
+  it('should sanitize SVG content', () => {
+    const maliciousSVG =
+      '<svg xmlns="http://www.w3.org/2000/svg"><script>alert("XSS")</script></svg>';
+    const result = getImageURI({
+      metadata: { image: maliciousSVG },
+      jsdomWindow,
+    });
+    expect(result).not.toContain('<script>');
+  });
+
+  it('should handle base64 encoded SVG', () => {
+    const base64SVG =
+      'data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxyZWN0IGhlaWdodD0iMTAwIiB3aWR0aD0iMTAwIj48L3JlY3Q+PC9zdmc+';
+    const result = getImageURI({ metadata: { image: base64SVG }, jsdomWindow });
+    if (!result) throw 'No result';
+    expect(result).toMatch(/^data:image\/svg\+xml;base64,/);
+    expect(compareSVGs(base64SVG, result)).toBe(true);
+  });
+
+  it('should handle non-SVG data URIs', () => {
+    const pngDataURI =
+      'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAACklEQVR4nGMAAQAABQABDQottAAAAABJRU5ErkJggg==';
+    const result = getImageURI({
+      metadata: { image: pngDataURI },
+      jsdomWindow,
+    });
+    expect(result).toBe(pngDataURI);
+  });
+
+  it('should return null for URL encoded SVG', () => {
+    const urlEncodedSVG =
+      'data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Crect%20width%3D%22100%22%20height%3D%22100%22%2F%3E%3C%2Fsvg%3E';
+    const result = getImageURI({
+      metadata: { image: urlEncodedSVG },
+      jsdomWindow,
+    });
+    expect(result).toBeNull();
+  });
+
+  it('should return null for invalid data URIs', () => {
+    const invalidDataURI = 'data:image/invalid,somedata';
+    const result = getImageURI({
+      metadata: { image: invalidDataURI },
+      jsdomWindow,
+    });
+    expect(result).toBeNull();
+  });
+
+  it('should handle HTTP URLs', () => {
+    const httpURL = 'http://example.com/image.jpg';
+    const result = getImageURI({ metadata: { image: httpURL }, jsdomWindow });
+    expect(result).toBe(httpURL);
+  });
+
+  it('should return null for URLs in denyList', () => {
+    const deniedURL = 'https://malicious.com/image.jpg';
+    const result = getImageURI({
+      metadata: { image: deniedURL },
+      jsdomWindow,
+      urlDenyList: ['malicious.com'],
+    });
+    expect(result).toBeNull();
+  });
+
+  it('should handle custom gateways', () => {
+    const ipfsHash = 'ipfs://QmUShgfoZQSHK3TQyuTfUpsc8UfeNfD8KwPUvDBUdZ4nmR';
+    const customGateway = 'https://custom-gateway.com/';
+    const result = getImageURI({
+      metadata: { image: ipfsHash },
+      jsdomWindow,
+      customGateway,
+    });
+    expect(result).toBe(
+      'https://custom-gateway.com/ipfs/QmUShgfoZQSHK3TQyuTfUpsc8UfeNfD8KwPUvDBUdZ4nmR'
+    );
+  });
+
+  it('should return null for unsupported protocols', () => {
+    const ftpURL = 'ftp://example.com/image.jpg';
+    const result = getImageURI({ metadata: { image: ftpURL }, jsdomWindow });
+    expect(result).toBeNull();
+  });
+
+  it('should handle errors in base64 decoding', () => {
+    const invalidBase64 = 'data:image/svg+xml;base64,Invalid Base64!!!';
+    const result = getImageURI({ metadata: { image: invalidBase64 }, jsdomWindow });
+    expect(result).toBeNull();
+  });
+
+  it('should handle errors in URL decoding', () => {
+    const invalidURLEncoded = 'data:image/svg+xml,%Invalid URL encoding!!!';
+    const result = getImageURI({
+      metadata: { image: invalidURLEncoded },
+      jsdomWindow,
+    });
+    expect(result).toBeNull();
+  });
+});
+
+describe('isImageURI', () => {
+  beforeEach(() => {
+    moxios.install(fetch as any);
+  });
+
+  afterEach(() => {
+    moxios.uninstall(fetch as any);
+  });
+
+  ALLOWED_IMAGE_MIMETYPES.forEach(mimeType => {
+    it(`should return true for ${mimeType}`, async () => {
+      moxios.stubRequest(/.*/, {
+        status: 200,
+        headers: {
+          'Content-Type': mimeType,
+          'Content-Length': '1000',
+        },
+        ...(mimeType === ALLOWED_IMAGE_MIMETYPES[0] && {
+          // application/octet-stream
+          // JPEG magic numbers
+          response: Buffer.from([0xff, 0xd8, 0xff, 0xe0]),
+        }),
+      });
+
+      const result = await isImageURI('https://example.com/image');
+      expect(result).toBe(true);
+    });
+  });
+
+  it('should return false for non-image content types', async () => {
+    moxios.stubRequest(/.*/, {
+      status: 200,
+      headers: {
+        'Content-Type': 'text/html',
+        'Content-Length': '1000',
+      },
+    });
+
+    const result = await isImageURI('https://example.com/not-an-image');
+    expect(result).toBe(false);
+  });
+
+  it('should return false for files larger than MAX_FILE_SIZE', async () => {
+    moxios.stubRequest(/.*/, {
+      status: 200,
+      headers: {
+        'Content-Type': 'image/jpeg',
+        'Content-Length': (300 * 1024 * 1024 + 1).toString(),
+      },
+    });
+
+    const result = await isImageURI('https://example.com/large-image');
+    expect(result).toBe(false);
+  });
+
+  it('should handle URI encoded URLs', async () => {
+    moxios.stubRequest(/.*/, {
+      status: 200,
+      headers: {
+        'Content-Type': 'image/jpeg',
+        'Content-Length': '1000',
+      },
+    });
+
+    const result = await isImageURI(
+      'https://example.com/image%20with%20spaces'
+    );
+    expect(result).toBe(true);
+  });
+
+  it('should check stream for application/octet-stream content type', async () => {
+    moxios.stubRequest(/.*/, {
+      status: 200,
+      headers: {
+        'Content-Type': 'application/octet-stream',
+        'Content-Length': '1000',
+      },
+      response: Buffer.from([0xff, 0xd8, 0xff, 0xe0, ...Buffer.alloc(8)]), // JPEG magic numbers
+    });
+
+    const result = await isImageURI(
+      'https://example.com/image-as-octet-stream'
+    );
+    expect(result).toBe(true);
+  });
+
+  it('should return false for non-image streams', async () => {
+    moxios.stubRequest(/.*/, {
+      status: 200,
+      headers: {
+        'Content-Type': 'application/octet-stream',
+        'Content-Length': '1000',
+      },
+      response: Buffer.from([0x00, 0x00, 0x00, 0x00, ...Buffer.alloc(8)]), // Non-image magic numbers
+    });
+
+    const result = await isImageURI('https://example.com/not-an-image-stream');
+    expect(result).toBe(false);
+  });
+
+  it('should handle network errors', async () => {
+    moxios.stubRequest(/.*/, {
+      status: 500,
+      response: 'Network error',
+    });
+
+    const result = await isImageURI('https://example.com/network-error');
+    expect(result).toBe(false);
+  });
+
+  it('should return false when content-type header is missing', async () => {
+    moxios.stubRequest(/.*/, {
+      status: 200,
+      response: '',
+      headers: {
+        'Content-Length': '1000',
+      },
+    });
+
+    const result = await isImageURI('https://example.com/no-content-type');
+    expect(result).toBe(false);
+  });
+
+  it('should return false for non-200 status codes', async () => {
+    moxios.stubRequest(/.*/, {
+      status: 404,
+      response: 'Not Found',
+    });
+
+    const result = await isImageURI('https://example.com/not-found');
+    expect(result).toBe(false);
+  });
+
+  it('should handle errors in isStreamAnImage', async () => {
+    moxios.stubRequest(/.*/, {
+      status: 200,
+      response: 'Invalid image data',
+      headers: {
+        'Content-Type': 'application/octet-stream',
+        'Content-Length': '1000',
+      },
+    });
+
+    const result = await isImageURI('https://example.com/invalid-image-stream');
+    expect(result).toBe(false);
+  });
+
+  it('should return false when SVG content under application/octet-stream', async () => {
+    const svgContent =
+      '<svg xmlns="http://www.w3.org/2000/svg"><rect width="100" height="100"/></svg>';
+    moxios.stubRequest(/.*/, {
+      status: 200,
+      response: svgContent,
+      headers: {
+        'Content-Type': 'application/octet-stream',
+        'Content-Length': svgContent.length.toString(),
+      },
+    });
+
+    const result = await isImageURI('https://example.com/svg-image');
+    expect(result).toBe(false);
+  });
+});
+
+function compareSVGs(svg1: string, svg2: string) {
+  const parser = new DOMParser();
+  const parseSVG = (svg: string) => {
+    const doc = parser.parseFromString(svg, 'image/svg+xml');
+    const rect = doc.getElementsByTagName('rect')[0];
+    return {
+      width: rect.getAttribute('width'),
+      height: rect.getAttribute('height'),
+    };
+  };
+
+  const parsed1 = parseSVG(
+    Buffer.from(svg1.split(',')[1], 'base64').toString()
+  );
+  const parsed2 = parseSVG(
+    Buffer.from(svg2.split(',')[1], 'base64').toString()
+  );
+
+  return JSON.stringify(parsed1) === JSON.stringify(parsed2);
+}
diff --git a/tsconfig.json b/tsconfig.json
index cda0ef2..f9bc5b9 100644
--- a/tsconfig.json
+++ b/tsconfig.json
@@ -4,6 +4,7 @@
   "compilerOptions": {
     "module": "esnext",
     "lib": ["dom", "esnext"],
+    "target": "ES2018",
     "importHelpers": true,
     // output .d.ts declaration files for consumers
     "declaration": true,
diff --git a/yarn.lock b/yarn.lock
index b281d76..97b1c05 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1800,6 +1800,13 @@
   resolved "https://registry.npmjs.org/@types/json5/-/json5-0.0.29.tgz"
   integrity sha1-7ihweulOEdK4J7y+UnC86n8+ce4=
 
+"@types/moxios@^0.4.17":
+  version "0.4.17"
+  resolved "https://registry.yarnpkg.com/@types/moxios/-/moxios-0.4.17.tgz#3a2084b9b11713dde0da8c681db642936d3edf40"
+  integrity sha512-Ef7VE+vfISBbxWMOl40doJpHGpy5lTYJQwWHAy9ah1lrRnsVd+eNt6NjJ2QTAotHpQ7krVrZ3lp8hnxUxvdGuw==
+  dependencies:
+    axios ">=0.13.0"
+
 "@types/node@*":
   version "17.0.10"
   resolved "https://registry.npmjs.org/@types/node/-/node-17.0.10.tgz"
@@ -2173,6 +2180,15 @@ axios-cache-interceptor@^0.9.3:
     fast-defer "^1.1.5"
     object-code "^1.2.0"
 
+axios@>=0.13.0:
+  version "1.7.7"
+  resolved "https://registry.yarnpkg.com/axios/-/axios-1.7.7.tgz#2f554296f9892a72ac8d8e4c5b79c14a91d0a47f"
+  integrity sha512-S4kL7XrjgBmvdGut0sN3yJxqYzrDOnivkBiN0OFs6hLiUam3UPvswUo0kqGyhqUZGEOytHyumEdXsAkgCOUf3Q==
+  dependencies:
+    follow-redirects "^1.15.6"
+    form-data "^4.0.0"
+    proxy-from-env "^1.1.0"
+
 axios@^0.27.2:
   version "0.27.2"
   resolved "https://registry.yarnpkg.com/axios/-/axios-0.27.2.tgz#207658cc8621606e586c85db4b41a750e756d972"
@@ -3725,6 +3741,11 @@ follow-redirects@^1.14.9:
   resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.3.tgz#fe2f3ef2690afce7e82ed0b44db08165b207123a"
   integrity sha512-1VzOtuEM8pC9SFU1E+8KfTjZyMztRsgEfwQl44z8A25uy13jSzTj6dyK2Df52iV0vgHCfBwLhDWevLn95w5v6Q==
 
+follow-redirects@^1.15.6:
+  version "1.15.9"
+  resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.9.tgz#a604fa10e443bf98ca94228d9eebcc2e8a2c8ee1"
+  integrity sha512-gew4GsXizNgdoRyqmyfMHyAmXsZDk6mHkSxZFCzW9gwlbtOW44CDtYavM+y+72qD/Vq2l550kMF52DT8fOLJqQ==
+
 for-in@^1.0.2:
   version "1.0.2"
   resolved "https://registry.npmjs.org/for-in/-/for-in-1.0.2.tgz"
@@ -5402,6 +5423,11 @@ mkdirp@^0.5.1:
   dependencies:
     minimist "^1.2.5"
 
+moxios@^0.4.0:
+  version "0.4.0"
+  resolved "https://registry.yarnpkg.com/moxios/-/moxios-0.4.0.tgz#fc0da2c65477d725ca6b9679d58370ed0c52f53b"
+  integrity sha512-r+7DOsTcoTAwY6TGIDtjeTEBXMW8aGgk74MfASOC1tgYXD8Kq+cnqQHUdMnvfjf/CK7Pg/Wo52ohqy5zlyv9XQ==
+
 mri@^1.1.0:
   version "1.2.0"
   resolved "https://registry.npmjs.org/mri/-/mri-1.2.0.tgz"
@@ -5944,6 +5970,11 @@ propagate@^2.0.0:
   resolved "https://registry.npmjs.org/propagate/-/propagate-2.0.1.tgz"
   integrity sha512-vGrhOavPSTz4QVNuBNdcNXePNdNMaO1xj9yBeH1ScQPjk/rhg9sSlCXPhMkFuaNNW/syTvYqsnbIJxMBfRbbag==
 
+proxy-from-env@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/proxy-from-env/-/proxy-from-env-1.1.0.tgz#e102f16ca355424865755d2c9e8ea4f24d58c3e2"
+  integrity sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==
+
 psl@^1.1.28:
   version "1.8.0"
   resolved "https://registry.npmjs.org/psl/-/psl-1.8.0.tgz"