shield-ui
ShowcaseDocs
Theme:

Getting Started

@bene-npm/shield-ui is a security-themed React component library. Zero external dependencies, full TypeScript support, and a 3-theme system out of the box.

Installation

bash
npm install @bene-npm/shield-ui

Requires React 18 or 19 as a peer dependency. No CSS imports or Tailwind configuration needed — all components use inline styles.

Quick Start

tsx
import { ShieldProvider, SeverityBadge, ThreatCard, SecurityScore } from "@bene-npm/shield-ui";

export default function Dashboard() {
  return (
    <ShieldProvider theme="dark">
      <SeverityBadge level="CRITICAL" pulse />
      <SecurityScore score={84} label="Overall Posture" />
      <ThreatCard
        id="CVE-2024-38816"
        severity="HIGH"
        title="Path Traversal"
        pkg="spring-webmvc"
        version="6.1.12"
        fixed="6.1.13"
      />
    </ShieldProvider>
  );
}

ShieldProvider is optional. Components fall back to the dark theme when used without a provider.

Theme System

Wrap your app or a section with ShieldProvider to set the active theme. All child components automatically reflect the theme via the React context-based useTheme() hook.

tsx
import { ShieldProvider, useTheme } from "@bene-npm/shield-ui";

// Wrap once at the root of your app or a section:
<ShieldProvider theme="dark">       {/* default */}
<ShieldProvider theme="hacker">     {/* green-on-black terminal */}
<ShieldProvider theme="corporate">  {/* light, professional */}

// Access the full token set anywhere inside the provider:
function MyComponent() {
  const t = useTheme();
  return (
    <div style={{ background: t.surface, color: t.text, border: `1px solid ${t.border}` }}>
      <span style={{ color: t.critical }}>Critical</span>
      <span style={{ color: t.success }}>Healthy</span>
    </div>
  );
}
TokenDarkHackerCorporateDescription
t.bg#06080c#000#f5f7faPage background
t.surface#0c0f18#0a0a0a#fffCard/panel background
t.surfaceAlt#111520#111#f0f2f5Input / alt surface
t.text#e8eaf0#33ff66#111827Primary text
t.textMuted#8892a4#00cc44#374151Secondary text
t.textDim#4a5568#006622#9ca3afDisabled / hint text
t.accent#38bdf8#00ff41#2563ebPrimary accent color
t.critical#ff2d55#ff0000#dc2626Critical / error
t.high#ff6b35#ff6600#ea580cHigh severity
t.medium#f59e0b#ffaa00#d97706Medium severity
t.success#30d158#00ff41#16a34aSuccess / low severity
t.warning#fbbf24#ffcc00#ca8a04Warning
t.monoJetBrains Monomonospaceui-monospaceMonospace font family

Hooks & Utilities

The theme system exports three hooks and one plain function. Use the plain getSevColor() inside .map() callbacks where calling a hook would violate React's rules.

tsx
import { useSev, getSevColor, useAnimVal, useTheme } from "@bene-npm/shield-ui";

// useSev — returns theme-aware color for a severity string (hook, use inside component body)
function Badge({ level }) {
  const color = useSev(level);  // "CRITICAL" → t.critical, "HIGH" → t.high, etc.
  return <span style={{ color }}>{level}</span>;
}

// getSevColor — same result but as a plain function, safe inside .map() callbacks
function List({ items }) {
  const t = useTheme();
  return items.map(item => (
    <div key={item.id} style={{ color: getSevColor(t, item.severity) }}>
      {item.title}
    </div>
  ));
}

// useAnimVal — animates a number from 0 to target over a given duration (ms)
function Counter({ value }) {
  const animated = useAnimVal(value, 800);  // 800ms animation
  return <strong>{animated}</strong>;
}

TypeScript Types

All public types are re-exported from the package root — no deep imports needed.

ts
import type {
  // Theme
  Theme, ThemeName,

  // Severity & status unions
  SeverityLevel,   // "CRITICAL" | "HIGH" | "MEDIUM" | "LOW" | "INFO"
  ScanStatus,      // "scanning" | "complete" | "error" | "warning"
  StatusState,     // "online" | "warning" | "critical" | "offline" | "scanning"
  ShieldStatus,    // "verified" | "warning" | "compromised" | "unknown"
  Size,            // "sm" | "md" | "lg"

  // Component-specific
  TerminalLine,    // string | { text: string; color: string }
  TimelineEvent,   // { time: string; title: string; severity?: SeverityLevel; description?: string }
  RiskItem,        // { label: string; likelihood: number; impact: number }
  ComplianceStandard,  // "SOC2" | "ISO27001" | "GDPR" | "HIPAA" | "PCI" | "NIST"
  ComplianceStatus,    // "compliant" | "in-progress" | "failing" | "not-applicable"
  PortStatus,      // "open" | "filtered" | "closed"
  PortEntry,       // number | { port: number; status: PortStatus }
} from "@bene-npm/shield-ui";

Display & Badges4 components

SeverityBadge

since v1.0.0

Communicates threat severity at a glance. Renders a colored label badge with optional pulse animation and a numeric count bubble. The color is automatically derived from the active theme.

IMPORT
ts
import { SeverityBadge } from "@bene-npm/shield-ui";
PROPS
PropTypeDefaultReq.SinceDescription
level"CRITICAL" | "HIGH" | "MEDIUM" | "LOW" | "INFO""MEDIUM"v1.0.0The severity tier. Controls the badge color and label text.
size"sm" | "md" | "lg""md"v1.0.0Controls padding and font size. sm = compact, lg = prominent.
pulsebooleanfalsev1.0.0Enables a repeating opacity animation to draw attention to the badge.
countnumberv1.0.0Renders a small numeric bubble to the right of the badge, useful for issue counts.
EXAMPLE
tsx
<SeverityBadge level="CRITICAL" />
<SeverityBadge level="HIGH" pulse count={12} />
<SeverityBadge level="MEDIUM" size="lg" />
<SeverityBadge level="LOW" />
<SeverityBadge level="INFO" size="sm" />
NOTES
  • Colors are sourced from the active theme via useTheme(), so they update automatically when ShieldProvider theme changes.
  • The pulse animation references the badgePulse keyframe defined in globals.css. Ensure your app includes this file, or define the keyframe yourself.

ShieldBadge

since v1.0.0

A shield-icon trust/verification badge for packages, endpoints, or system components. Shows a shield SVG with a status icon and optional label.

IMPORT
ts
import { ShieldBadge } from "@bene-npm/shield-ui";
PROPS
PropTypeDefaultReq.SinceDescription
status"verified" | "warning" | "compromised" | "unknown""verified"v1.0.0Determines the shield color and icon. verified = green, warning = amber, compromised = red, unknown = muted.
labelstringv1.0.0Optional text label rendered next to the shield icon.
EXAMPLE
tsx
<ShieldBadge status="verified" />
<ShieldBadge status="warning" label="Outdated deps" />
<ShieldBadge status="compromised" label="npm/lodash" />
<ShieldBadge status="unknown" label="Unscanned" />

CveTag

since v1.0.0

A compact inline CVE identifier tag with a colored severity dot. Designed for use in tables, lists, and inline prose.

IMPORT
ts
import { CveTag } from "@bene-npm/shield-ui";
PROPS
PropTypeDefaultReq.SinceDescription
idstring"CVE-2024-0001"v1.0.0The CVE identifier string to display.
severitySeverityLevel"HIGH"v1.0.0Controls the severity dot color next to the CVE ID.
EXAMPLE
tsx
<CveTag id="CVE-2024-38816" severity="CRITICAL" />
<CveTag id="CVE-2024-29041" severity="HIGH" />
<CveTag id="CVE-2024-28863" severity="MEDIUM" />
NOTES
  • SeverityLevel = "CRITICAL" | "HIGH" | "MEDIUM" | "LOW" | "INFO"

ComplianceBadge

since v2.0.0

Displays a compliance framework badge with an icon, label, and current status. Supports SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS, and NIST.

IMPORT
ts
import { ComplianceBadge } from "@bene-npm/shield-ui";
PROPS
PropTypeDefaultReq.SinceDescription
standard"SOC2" | "ISO27001" | "GDPR" | "HIPAA" | "PCI" | "NIST""SOC2"v2.0.0The compliance framework to display. Each standard has a unique icon and label.
status"compliant" | "in-progress" | "failing" | "not-applicable""compliant"v2.0.0Current compliance status. Controls the status label color and icon.
EXAMPLE
tsx
<ComplianceBadge standard="SOC2" status="compliant" />
<ComplianceBadge standard="GDPR" status="in-progress" />
<ComplianceBadge standard="HIPAA" status="failing" />
<ComplianceBadge standard="NIST" status="not-applicable" />
NOTES
  • Exported types: ComplianceStandard, ComplianceStatus

Scanning & Progress4 components

ScanProgress

since v1.0.0

An animated progress bar for scan operations. Displays a shimmer effect while scanning, and switches to solid color on completion or error. Label text sits above the bar.

IMPORT
ts
import { ScanProgress } from "@bene-npm/shield-ui";
PROPS
PropTypeDefaultReq.SinceDescription
progressnumber0v1.0.0Progress percentage from 0–100.
status"scanning" | "complete" | "error" | "warning""scanning"v1.0.0Controls bar color and shimmer animation. scanning = accent + shimmer, complete = success, error = critical, warning = warning.
labelstring"Scanning dependencies..."v1.0.0Descriptive text shown above the progress bar.
EXAMPLE
tsx
<ScanProgress progress={72} status="scanning" label="Scanning node_modules..." />
<ScanProgress progress={100} status="complete" label="CVE database updated" />
<ScanProgress progress={34} status="error" label="Connection to OSV failed" />
<ScanProgress progress={55} status="warning" label="Rate limit approaching" />
NOTES
  • The shimmer animation references the scanShimmer keyframe from globals.css.
  • progress is clamped to 100 internally — passing values above 100 is safe.

SecurityScore

since v1.0.0

An animated SVG circular gauge that visualizes a security posture score. The arc color shifts from red at low scores to green at high scores. The number animates from 0 to the target value on mount.

IMPORT
ts
import { SecurityScore } from "@bene-npm/shield-ui";
PROPS
PropTypeDefaultReq.SinceDescription
scorenumber72v1.0.0Score from 0–100. Drives both the arc fill percentage and the color.
sizenumber120v1.0.0Diameter of the SVG in pixels.
labelstring"Security Score"v1.0.0Small caption text below the numeric score.
EXAMPLE
tsx
<SecurityScore score={92} label="Overall" />
<SecurityScore score={67} label="Dependencies" />
<SecurityScore score={38} size={90} label="Headers" />
NOTES
  • Color thresholds: ≥80 = success (green), ≥60 = warning (amber), <60 = critical (red).
  • The counter animation uses a setInterval inside a useEffect — it cleans up automatically on unmount.

StatusIndicator

since v1.0.0

A pulsing status dot with optional label. Five semantic states cover the full range of system health monitoring scenarios.

IMPORT
ts
import { StatusIndicator } from "@bene-npm/shield-ui";
PROPS
PropTypeDefaultReq.SinceDescription
status"online" | "warning" | "critical" | "offline" | "scanning""online"v1.0.0Determines dot color and pulse animation. offline = no pulse.
labelstringv1.0.0Optional text label rendered next to the dot.
size"sm" | "md" | "lg""md"v1.0.0Controls dot diameter.
EXAMPLE
tsx
<StatusIndicator status="online" label="API Gateway" />
<StatusIndicator status="warning" label="High latency" />
<StatusIndicator status="critical" label="DB Down" />
<StatusIndicator status="scanning" label="Audit running" />
<StatusIndicator status="offline" label="Backup agent" />

MetricCard

since v2.0.0

A security KPI card with an animated counter, trend indicator, and optional sparkline chart. The numeric value smoothly animates from 0 to the target on mount.

IMPORT
ts
import { MetricCard } from "@bene-npm/shield-ui";
PROPS
PropTypeDefaultReq.SinceDescription
titlestringv2.0.0Card heading. Shown above the value.
valuenumber | stringv2.0.0The primary metric value. Numbers animate on mount; strings are displayed statically.
trendnumberv2.0.0Trend percentage shown below the value. Positive = red (more = worse for security), negative = green (fewer issues = better). 0 = neutral.
trendLabelstringv2.0.0Context label next to the trend indicator, e.g. "vs last scan".
severitySeverityLevelv2.0.0If provided, overrides the value color with the severity color from the active theme.
iconstringv2.0.0Optional emoji or character shown in the top-right corner of the card.
sparkDatanumber[]v2.0.0Array of historical values used to render a sparkline SVG behind the card content.
EXAMPLE
tsx
<MetricCard
  title="CVEs Found"
  value={24}
  trend={-3}
  trendLabel="vs last scan"
  severity="HIGH"
  sparkData={[30, 28, 24, 27, 24]}
/>
<MetricCard title="Shield Score" value={91} trend={5} sparkData={[82, 85, 87, 89, 91]} />
NOTES
  • trend direction is inverted from financial convention: positive trend = bad (red), negative = good (green). This matches security metric semantics where fewer issues is the goal.
  • The animation uses useAnimVal() internally — value changes after mount will re-animate.
  • getSevColor() (not useSev()) is used inside the component to avoid hook-in-callback issues.

Threat & Intelligence5 components

ThreatCard

since v1.0.0

An expandable vulnerability card that presents CVE details in a collapsible format. Shows the CVE ID, severity badge, title, and affected package in the header. Click to expand for full description, version info, and fix version.

IMPORT
ts
import { ThreatCard } from "@bene-npm/shield-ui";
PROPS
PropTypeDefaultReq.SinceDescription
idstring"CVE-2024-38816"v1.0.0The CVE identifier.
severitySeverityLevel"HIGH"v1.0.0Severity level — controls left border color and badge.
titlestring"Path Traversal in Spring Framework"v1.0.0Short vulnerability title.
pkgstring"spring-webmvc"v1.0.0Affected package name.
versionstring"6.1.12"v1.0.0Vulnerable version string.
fixedstringv1.0.0Version in which the issue was patched. Shown with a green fix indicator.
descriptionstringv1.0.0Full vulnerability description, shown on expand.
publishedstringv1.0.0Publication date string, e.g. "2024-09-13".
EXAMPLE
tsx
<ThreatCard
  id="CVE-2024-38816"
  severity="CRITICAL"
  title="Path Traversal in Spring Framework"
  pkg="spring-webmvc"
  version="6.1.12"
  fixed="6.1.13"
  description="Allows path traversal via crafted URL segments."
  published="2024-09-13"
/>

AlertBanner

since v1.0.0

A dismissible notification banner for security events. The left border, background tint, and icon all adapt to the chosen severity level. Renders children as the body text.

IMPORT
ts
import { AlertBanner } from "@bene-npm/shield-ui";
PROPS
PropTypeDefaultReq.SinceDescription
severitySeverityLevel"HIGH"v1.0.0Drives the color scheme of the banner.
titlestringv1.0.0Bold heading text.
childrenReactNodev1.0.0Body content of the banner.
dismissiblebooleantruev1.0.0When true, renders an × button that hides the banner on click.
onDismiss() => voidv1.0.0Optional callback fired when the user dismisses the banner.
EXAMPLE
tsx
<AlertBanner severity="CRITICAL" title="Active Breach Detected">
  Unauthorized access pattern on production API.
</AlertBanner>

<AlertBanner severity="INFO" title="Scan Complete" dismissible={false}>
  847 packages scanned. No new vulnerabilities.
</AlertBanner>
NOTES
  • The dismiss state is managed internally. The component returns null after dismissal — there is no way to re-show it without re-mounting.
  • Hooks (useTheme, useSev) are called before the early-return guard to satisfy React's rules of hooks.

SecurityTimeline

since v2.0.0

A vertical chronological event feed with a connecting line, severity-colored dot indicators, and optional description text. Ideal for audit logs, incident timelines, and CVE patch histories.

IMPORT
ts
import { SecurityTimeline, type TimelineEvent } from "@bene-npm/shield-ui";
PROPS
PropTypeDefaultReq.SinceDescription
eventsTimelineEvent[][]v2.0.0Array of timeline events to display, in order from newest to oldest (or whatever order is meaningful).
EXAMPLE
tsx
<SecurityTimeline events={[
  {
    time: "14:32",
    title: "SSH brute-force detected",
    severity: "HIGH",
    description: "42 failed login attempts in 60 seconds",
  },
  {
    time: "13:55",
    title: "Privilege escalation attempt",
    severity: "CRITICAL",
  },
  {
    time: "13:10",
    title: "CVE-2024-38816 patched",
    severity: "INFO",
  },
]} />
NOTES
  • TimelineEvent = { time: string; title: string; severity?: SeverityLevel; description?: string }
  • Dot and line colors use getSevColor() to avoid hook-in-loop violations.
  • Each event entrance uses the sectionIn animation keyframe (staggered by index * 0.05s).

RiskMatrix

since v2.0.0

A 5×5 likelihood/impact risk matrix grid. Each cell is color-coded from green (low risk) to red (critical risk). Pass risk items with likelihood and impact scores (1–5) and they appear as numbered dots inside the matching cell. Hover a populated cell to see the risk labels.

IMPORT
ts
import { RiskMatrix, type RiskItem } from "@bene-npm/shield-ui";
PROPS
PropTypeDefaultReq.SinceDescription
itemsRiskItem[][]v2.0.0Risk items to plot on the matrix. Each item maps to a cell at (likelihood, impact).
EXAMPLE
tsx
<RiskMatrix items={[
  { label: "SQL Injection",    likelihood: 4, impact: 5 },
  { label: "XSS",              likelihood: 3, impact: 3 },
  { label: "Misconfiguration", likelihood: 5, impact: 3 },
  { label: "SSRF",             likelihood: 2, impact: 4 },
]} />
NOTES
  • RiskItem = { label: string; likelihood: number; impact: number } — likelihood and impact should be integers 1–5.
  • Multiple items with the same cell coordinates are stacked — the cell shows the count and the tooltip lists all labels.
  • Color thresholds: ratio ≥ 0.64 = critical, ≥ 0.36 = high, ≥ 0.16 = medium, < 0.16 = success.

AttackChain

since v2.0.0

A MITRE ATT&CK-style kill chain visualization with 7 fixed phases. Active phases are highlighted; inactive phases are dimmed. Click any active phase to expand its technique tags below the chain.

IMPORT
ts
import { AttackChain } from "@bene-npm/shield-ui";
PROPS
PropTypeDefaultReq.SinceDescription
activePhasesstring[][]v2.0.0IDs of phases that should be highlighted as active/observed.
techniquesRecord<string, string[]>{}v2.0.0Map of phase ID → technique name array. Populated phases show a count badge and expand on click.
EXAMPLE
tsx
<AttackChain
  activePhases={["recon", "weapon", "delivery", "exploit"]}
  techniques={{
    recon:    ["Port scan", "DNS enumeration", "OSINT"],
    exploit:  ["CVE-2024-38816", "Zero-day RCE"],
    delivery: ["Phishing email", "Drive-by download"],
  }}
/>
NOTES
  • Built-in phase IDs: "recon" | "weapon" | "delivery" | "exploit" | "install" | "c2" | "actions"
  • Phases not listed in activePhases are rendered at 35% opacity to show the full kill chain context.
  • Only one phase can be expanded at a time — clicking an already-open phase collapses it.

Terminal & Code2 components

TerminalOutput

since v1.0.0

A macOS-styled terminal window with a traffic-light title bar. Supports static display or an optional character-by-character typing animation. Each line can have an independent color.

IMPORT
ts
import { TerminalOutput, type TerminalLine } from "@bene-npm/shield-ui";
PROPS
PropTypeDefaultReq.SinceDescription
linesTerminalLine[][]v1.0.0Lines to display. Each line is either a plain string or an object with text and color.
titlestring"terminal"v1.0.0Text shown in the terminal title bar.
typingbooleanfalsev1.0.0When true, animates the output character by character at ~18ms per character.
EXAMPLE
tsx
<TerminalOutput
  title="shield-scan"
  typing
  lines={[
    { text: "$ npx shield-ui scan", color: "#fff" },
    { text: "", color: "#fff" },
    { text: "  CRITICAL  CVE-2024-38816", color: "#ff2d55" },
    { text: "  HIGH      CVE-2024-29041", color: "#ff6b35" },
    { text: "", color: "#fff" },
    "  2 vulnerabilities found",
  ]}
/>
NOTES
  • TerminalLine = string | { text: string; color: string }
  • Important: wrap the lines array in useMemo() or define it outside your component. The typing animation restarts whenever the lines prop reference changes.
  • The blink keyframe (cursor blink) and the dark code background (#04060a) adapt to corporate theme automatically.

SecretCodeBlock

since v2.0.0

A code viewer that automatically detects and highlights secrets embedded in source text. Detected patterns are underlined with a colored border and show a tooltip with the secret type on hover. A warning count badge appears in the header when secrets are found.

IMPORT
ts
import { SecretCodeBlock } from "@bene-npm/shield-ui";
PROPS
PropTypeDefaultReq.SinceDescription
codestring""v2.0.0The raw source text to display and scan.
titlestring"source"v2.0.0Filename or label shown in the header bar.
EXAMPLE
tsx
<SecretCodeBlock
  title="config.env"
  code={`DATABASE_URL=postgres://admin:s3cr3t@db.prod:5432/app
AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
API_KEY=sk-live-aBcDeFgHiJkLmNoPqRsTuV
SESSION_TOKEN=eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoiYWRtaW4ifQ.abc`}
/>
NOTES
  • Detected patterns: AWS Access Keys (AKIA…), JWTs (eyJ…), API keys (api_key= / apikey=), passwords (password= / passwd=), connection strings (postgres://, mongodb://, redis://…), Bearer tokens.
  • Detection runs inside useMemo([code]) — no performance impact from re-renders unrelated to code changes.
  • This component is for display/audit purposes only. It does not transmit or store the code content.

Network & Infrastructure3 components

DataFlowLine

since v1.0.0

An animated directional data flow visualization between two labeled nodes. Shows encryption status with a lock icon and TLS label, and a threat indicator for compromised or untrusted flows.

IMPORT
ts
import { DataFlowLine } from "@bene-npm/shield-ui";
PROPS
PropTypeDefaultReq.SinceDescription
fromstring"Client"v1.0.0Label for the source node on the left.
tostring"Server"v1.0.0Label for the destination node on the right.
encryptedbooleantruev1.0.0Shows a green lock icon and TLS label when true. Shows a red unlocked icon when false.
threatbooleanfalsev1.0.0When true, turns the flow line red and adds a ⚠ threat indicator in the center.
EXAMPLE
tsx
<DataFlowLine from="Browser" to="API Gateway" encrypted />
<DataFlowLine from="API" to="Database" encrypted={false} threat />
<DataFlowLine from="Auth Service" to="Redis Cache" encrypted />
NOTES
  • The animated dot uses the flowPulse keyframe from globals.css.

PortScanMap

since v2.0.0

Renders port scan results as a grid of labeled tiles. Each tile shows the port number, well-known service name, and a ⚠ RISK label for inherently dangerous ports. Tile colors reflect port status: open = green/red, filtered = amber, closed = muted.

IMPORT
ts
import { PortScanMap, type PortEntry, type PortStatus } from "@bene-npm/shield-ui";
PROPS
PropTypeDefaultReq.SinceDescription
portsPortEntry[][]v2.0.0Array of ports to display. Can be plain numbers (treated as open) or objects with port + status.
EXAMPLE
tsx
<PortScanMap ports={[
  22, 80, 443,
  { port: 21,   status: "open"     },
  { port: 3389, status: "open"     },
  { port: 6379, status: "filtered" },
  { port: 27017,status: "closed"   },
]} />
NOTES
  • PortEntry = number | { port: number; status: PortStatus }
  • PortStatus = "open" | "filtered" | "closed"
  • Built-in service names: 21=FTP, 22=SSH, 23=Telnet, 25=SMTP, 53=DNS, 80=HTTP, 443=HTTPS, 445=SMB, 3306=MySQL, 3389=RDP, 5432=Postgres, 6379=Redis, 8080=HTTP-Alt, 27017=MongoDB.
  • Ports flagged as dangerous by default: 21 (FTP), 23 (Telnet), 25 (SMTP), 445 (SMB), 3389 (RDP).

HeatmapGrid

since v2.0.0

A 2D grid heatmap for visualizing numeric intensity data across two axes (e.g., vulnerability count by day/hour, or error rate by service/region). Cell color intensity scales from the theme border color (zero) to critical red (maximum).

IMPORT
ts
import { HeatmapGrid } from "@bene-npm/shield-ui";
PROPS
PropTypeDefaultReq.SinceDescription
datanumber[][][]v2.0.02D array of numeric values. Rows are y-axis entries, columns are x-axis entries. Zero cells are rendered as empty.
xLabelsstring[][]v2.0.0Labels for the column axis (shown below the grid).
yLabelsstring[][]v2.0.0Labels for the row axis (shown to the left of each row).
EXAMPLE
tsx
<HeatmapGrid
  yLabels={["Mon", "Tue", "Wed", "Thu"]}
  xLabels={["00", "06", "12", "18"]}
  data={[
    [0, 1, 5, 2],
    [0, 0, 8, 3],
    [1, 2, 4, 6],
    [0, 0, 2, 1],
  ]}
/>
NOTES
  • The max value across all cells determines the color scale — a single very high outlier will make all other cells appear pale. Normalize your data if needed.
  • Cell values are shown as text inside the cell when > 0.

Forms1 component

PasswordStrength

since v2.0.0

A live password strength analyzer. As the user types, it calculates Shannon entropy, maps it to a strength label (Very Weak → Excellent), renders a 5-segment bar, and estimates brute-force crack time at 10 billion guesses/second.

IMPORT
ts
import { PasswordStrength } from "@bene-npm/shield-ui";
PROPS
PropTypeDefaultReq.SinceDescription
valuestring""v2.0.0Controlled input value. If omitted, the component manages its own state internally.
onChange(value: string) => voidv2.0.0Callback fired on every keystroke when the component is used in controlled mode.
EXAMPLE
tsx
// Uncontrolled:
<PasswordStrength />

// Controlled:
const [pw, setPw] = useState("");
<PasswordStrength value={pw} onChange={setPw} />
NOTES
  • Entropy formula: length × log₂(pool size), where pool size is the sum of character-class sizes present (lowercase 26, uppercase 26, digits 10, symbols 32).
  • Strength thresholds: ≥80 bits = Excellent, ≥60 = Strong, ≥40 = Fair, ≥20 = Weak, <20 = Very Weak.
  • The input uses type="password" for security — the value is masked by default.
  • Both entropy and crack time recalculate inside useMemo — no performance overhead.

Live Data1 component

LogStream

since v2.1.0

A live scrolling log viewer for security dashboards. Displays log lines with timestamp, severity level, source, and message. Supports regex/text filtering with match highlighting, pause/resume, and automatic scroll-to-bottom.

IMPORT
ts
import { LogStream, type LogLine } from "@bene-npm/shield-ui";
PROPS
PropTypeDefaultReq.SinceDescription
linesLogLine[][]v2.1.0Array of log line objects to display.
maxLinesnumber100v2.1.0Maximum number of lines retained. Oldest lines are dropped when the limit is exceeded.
filterstring""v2.1.0Plain text or regex filter applied to each line's message, source, and level fields. Matching text is highlighted in accent color.
pausedbooleanfalsev2.1.0Controlled pause state. When true, auto-scroll stops and a PAUSED pill is shown. Omit to use internal state.
onPause(paused: boolean) => voidv2.1.0Callback fired when the user clicks the pause/resume button.
titlestring"Log Stream"v2.1.0Title shown in the header bar.
heightnumber280v2.1.0Pixel height of the scrollable log area.
EXAMPLE
tsx
const lines: LogLine[] = [
  { id: 1, time: "14:32:01", level: "INFO",     source: "scanner",  message: "Scan started" },
  { id: 2, time: "14:32:07", level: "CRITICAL", source: "cve-db",   message: "CVE-2024-38816 matched" },
  { id: 3, time: "14:32:11", level: "INFO",     source: "scanner",  message: "Scan complete" },
];

<LogStream lines={lines} title="scanner" height={200} />
NOTES
  • LogLine.level accepts CRITICAL | HIGH | MEDIUM | LOW | INFO | DEBUG — DEBUG renders in textDim color, others use severity theme colors.
  • If filter throws an invalid regex, LogStream falls back to case-insensitive plain-text matching.
  • Auto-scroll uses scrollIntoView({ behavior: 'smooth' }) on a sentinel div — this only fires when paused is false.

Network & Infrastructure3 components

CertificateCard

since v2.1.0

SSL/TLS certificate information card with live expiry countdown. Color-codes the expiry status: green (>30 days), amber (8–30 days), pulsing red (≤7 days), and red expired. Displays subject, issuer, validity range, key type, SHA-256 fingerprint, SANs, and chain of trust.

IMPORT
ts
import { CertificateCard } from "@bene-npm/shield-ui";
PROPS
PropTypeDefaultReq.SinceDescription
subjectstringv2.1.0Certificate subject, typically the CN (common name) such as 'api.example.com'.
issuerstringv2.1.0Certificate issuer, e.g. "Let's Encrypt R3" or "DigiCert Global CA".
validFromstringv2.1.0ISO date string for when the certificate became valid (YYYY-MM-DD or full ISO 8601).
validTostringv2.1.0ISO date string for expiry. This drives the expiry countdown and color logic.
fingerprintstringv2.1.0SHA-256 fingerprint hex string. Truncated in the UI; click 'Copy' to copy the full value.
keyTypestringv2.1.0Key algorithm and size, e.g. 'RSA 2048' or 'EC P-256'.
sansstring[][]v2.1.0Subject Alternative Names. Each SAN is rendered as a small monospace chip.
chainstring[][]v2.1.0Certificate chain as a list of CA names, root-first.
EXAMPLE
tsx
<CertificateCard
  subject="api.example.com"
  issuer="Let's Encrypt R3"
  validFrom="2024-11-01"
  validTo="2026-08-01"
  keyType="EC P-256"
  fingerprint="3A:9B:4C:12:DE:88:FA:01:CC:45:77:B2:99:E3:22:5F"
  sans={["api.example.com", "*.api.example.com"]}
  chain={["ISRG Root X1", "Let's Encrypt R3"]}
/>
NOTES
  • Expiry is computed client-side on each render using Date.now() — no re-render interval is set, so the countdown refreshes only when the component re-renders.
  • The fingerprint copy button uses navigator.clipboard.writeText — this requires a secure context (HTTPS or localhost).

IPReputationBadge

since v2.1.0

Threat intelligence enrichment badge for IP addresses or domains. Shows a color-coded risk score (0=clean, 100=malicious), threat categories, and optional geo/ASN metadata. Three sizes: sm (inline), md (default card), lg (full detail card).

IMPORT
ts
import { IPReputationBadge, type ThreatCategory } from "@bene-npm/shield-ui";
PROPS
PropTypeDefaultReq.SinceDescription
ipstringv2.1.0IP address or domain to display. Rendered in monospace.
scorenumberv2.1.0Risk score from 0 (clean) to 100 (malicious). 0–29 = success, 30–59 = warning, 60–79 = high, 80–100 = critical.
categoriesThreatCategory[][]v2.1.0Threat categories to display as chips. Each category gets a severity-appropriate color.
countrystringv2.1.02-letter ISO country code (e.g. 'US', 'RU'). Renders a flag emoji if the country is in the built-in map.
asnstringv2.1.0ASN string, e.g. 'AS15169 Google LLC'. Shown in lg size only.
size"sm" | "md" | "lg""md"v2.1.0sm = inline score + IP, md = score ring + IP + category chips, lg = full card.
EXAMPLE
tsx
<IPReputationBadge ip="8.8.8.8" score={2} country="US" size="lg" />
<IPReputationBadge ip="185.220.101.34" score={97} categories={["tor", "malware"]} country="DE" size="lg" />
NOTES
  • ThreatCategory union: 'malware' | 'spam' | 'botnet' | 'phishing' | 'scanner' | 'proxy' | 'tor'.
  • Flag emojis are rendered from a built-in map of 16 common country codes. Unknown codes fall back to 🌐.

FirewallRule

since v2.1.0

Visual display for firewall / ACL policy rules. Shows a table of rules with priority, source, destination, protocol/port, and action badge. Disabled rules are shown at reduced opacity with a strikethrough action. Hover highlights each row.

IMPORT
ts
import { FirewallRule, type FWRule } from "@bene-npm/shield-ui";
PROPS
PropTypeDefaultReq.SinceDescription
rulesFWRule[][]v2.1.0Array of firewall rule objects to display.
titlestring"Firewall Rules"v2.1.0Header title shown above the rule list.
compactbooleanfalsev2.1.0When true, renders a condensed single-line layout hiding comments and labels.
EXAMPLE
tsx
<FirewallRule rules={[
  { priority: 10, src: "10.0.0.0/8", dst: "10.0.1.50", proto: "TCP", port: "443", action: "allow", label: "Internal HTTPS" },
  { priority: 20, src: "0.0.0.0/0", dst: "ANY", proto: "TCP", port: "23", action: "deny", comment: "Telnet is unencrypted" },
  { priority: 99, src: "ANY", dst: "ANY", proto: "ANY", port: "ANY", action: "log", enabled: false },
]} />
NOTES
  • FWRule fields: id?, priority?, src, dst, proto? (TCP|UDP|ICMP|ANY|string), port?, action (allow|deny|drop|log), enabled? (default true), label?, comment?.
  • action colors: allow = success, deny/drop = critical, log = accent.

Analytics2 components

VulnDonutChart

since v2.1.0

Animated SVG donut/ring chart for vulnerability severity breakdown. Arcs sweep from 0 on mount. Each severity level gets its theme color. Shows total count in the center and a legend below. Respects prefers-reduced-motion.

IMPORT
ts
import { VulnDonutChart } from "@bene-npm/shield-ui";
PROPS
PropTypeDefaultReq.SinceDescription
criticalnumber0v2.1.0Count of CRITICAL vulnerabilities.
highnumber0v2.1.0Count of HIGH vulnerabilities.
mediumnumber0v2.1.0Count of MEDIUM vulnerabilities.
lownumber0v2.1.0Count of LOW vulnerabilities.
infonumber0v2.1.0Count of INFO-level findings.
sizenumber160v2.1.0SVG width and height in pixels.
labelstring"Total"v2.1.0Center label shown below the total count number.
animatedbooleantruev2.1.0Enables the arc sweep animation on mount. Automatically disabled when prefers-reduced-motion is set.
EXAMPLE
tsx
<VulnDonutChart critical={3} high={12} medium={27} low={8} info={4} />
<VulnDonutChart critical={0} high={0} medium={0} low={0} info={0} label="Clean" />
NOTES
  • When all counts are 0, a single gray ring is shown with 'No vulnerabilities' as the center text.
  • Arc gaps are 3 degrees. Arc stroke width is 18px. Arcs with 0 count are skipped entirely.
  • The animation uses requestAnimationFrame (same as useAnimVal) — no CSS animation dependency.

ThreatRadar

since v2.1.0

SVG radar/spider chart for visualizing security posture across 3–8 custom dimensions. Renders concentric polygon rings, spoke lines, and a filled polygon for the data. Animated sweep on mount. Respects prefers-reduced-motion.

IMPORT
ts
import { ThreatRadar, type RadarAxis } from "@bene-npm/shield-ui";
PROPS
PropTypeDefaultReq.SinceDescription
axesRadarAxis[]6 default axesv2.1.0Array of axis definitions. Each axis has a label (string), value (0–100), and optional max (default 100). 3–8 axes recommended.
sizenumber200v2.1.0SVG size in pixels.
labelstringv2.1.0Optional title rendered above the chart.
animatedbooleantruev2.1.0Animates polygon vertices from center outward on mount.
showValuesbooleanfalsev2.1.0Appends the numeric value in parentheses to each axis label.
EXAMPLE
tsx
<ThreatRadar
  axes={[
    { label: "Network",    value: 72 },
    { label: "Endpoint",   value: 55 },
    { label: "Identity",   value: 88 },
    { label: "Data",       value: 41 },
    { label: "Cloud",      value: 66 },
    { label: "Compliance", value: 90 },
  ]}
  label="Security Posture"
/>
NOTES
  • Default axes (used when axes prop is omitted): Network 72, Endpoint 55, Identity 88, Data 41, Cloud 66, Compliance 90.
  • The chart uses an eased cubic-out animation for the polygon sweep.
  • Label anchor (start/middle/end) is computed automatically from each label's x position relative to the chart center.

UX1 component

CommandPalette

since v2.1.0

A keyboard-searchable modal command palette, inspired by VS Code's command palette. Renders as a full-screen overlay with a search input and a grouped results list. Supports fuzzy text matching, keyboard navigation (↑↓ Enter Esc), and command groups.

IMPORT
ts
import { CommandPalette, type PaletteCommand } from "@bene-npm/shield-ui";
PROPS
PropTypeDefaultReq.SinceDescription
openbooleanv2.1.0Controls visibility. When true, the modal is mounted and the input auto-focused.
onClose() => voidv2.1.0Called when the user presses Esc, clicks the overlay, or executes a command.
commandsPaletteCommand[][]v2.1.0List of available commands. Each command has id, label, action, and optional description, icon, group, keywords.
placeholderstring"Search commands…"v2.1.0Placeholder text shown in the search input.
EXAMPLE
tsx
const [open, setOpen] = useState(false);

<button onClick={() => setOpen(true)}>⌘ Commands</button>

<CommandPalette
  open={open}
  onClose={() => setOpen(false)}
  commands={[
    { id: "scan", label: "Run Scan", icon: "🔍", group: "Scanner", action: runScan },
    { id: "report", label: "Export Report", icon: "📄", group: "Reports", action: exportReport },
  ]}
/>
NOTES
  • Fuzzy matching checks label, description, and keywords fields case-insensitively. There is no edit-distance fuzzy — it uses String.includes().
  • Keyboard listener is added/removed on document when open changes — the component does not trap focus.
  • The animation references the paletteIn keyframe defined in globals.css. Ensure your app includes this file.
  • PaletteCommand.action is called when the user selects a command — onClose is called immediately after.

Threat Hunting1 component

ThreatHunterQuery

since v2.1.0

A threat hunting query viewer with language badge, MITRE ATT&CK technique mapping, confidence badge, and syntax highlighting for KQL, Sigma, and YARA. Includes a one-click copy button. Fully theme-aware.

IMPORT
ts
import { ThreatHunterQuery, type QueryLanguage } from "@bene-npm/shield-ui";
PROPS
PropTypeDefaultReq.SinceDescription
querystringv2.1.0The raw query string to display. Whitespace and newlines are preserved.
languageQueryLanguage"KQL"v2.1.0Query language badge. One of: KQL | SPL | YARA | Sigma | SQL | EQL | Lucene.
titlestringv2.1.0Optional display title shown in the header bar.
techniquestringv2.1.0MITRE ATT&CK technique ID, e.g. 'T1059.001'. Shown as a chip in the header.
tacticLabelstringv2.1.0Human-readable tactic name, e.g. 'Execution'. Appended in parentheses after the technique ID.
confidence"low" | "medium" | "high"v2.1.0Detection confidence badge shown in the footer. high = success, medium = accent, low = warning.
authorstringv2.1.0Author name shown in the footer right-aligned.
tagsstring[][]v2.1.0Hashtag chips shown in the footer.
EXAMPLE
tsx
<ThreatHunterQuery
  language="KQL"
  title="Lateral Movement via WMI"
  technique="T1021.003"
  tacticLabel="Lateral Movement"
  confidence="high"
  query={`SecurityEvent
| where EventID == 4688
| where ProcessName has "wmiprvse.exe"
| project TimeGenerated, Computer, Account`}
/>
NOTES
  • Syntax highlighting is applied via regex split + span wrapping — no external parser is used.
  • Highlighted keywords: KQL (where, project, summarize, extend, join, let, union…), Sigma (detection:, condition:, title:…), YARA (rule, strings:, condition:…).
  • Copy button uses navigator.clipboard.writeText — requires a secure context (HTTPS or localhost).
  • QueryLanguage union: 'KQL' | 'SPL' | 'YARA' | 'Sigma' | 'SQL' | 'EQL' | 'Lucene'.