Architecture

Security

KronoGraph is a low-risk, highly secure JavaScript library that is unlikely to be affected by common security vulnerabilities:

  • No native data transfers with remote servers or server-side dependencies.
  • No user data tracking or persistent data on local storage.
  • Runs entirely within the browser using standard JavaScript. It has no plug-in or extension requirements.
  • Source code is obfuscated and minified before distribution.
  • Nothing is added to the global scope, protecting its functions.
  • KronoGraph does not pollute prototypes.
  • New APIs and features are tested to prevent introduction of vulnerabilities.

KronoGraph Development

KronoGraph is a closed source project, with all code controlled by Cambridge Intelligence staff, reviewed by multiple expert developers and tested thoroughly by our experienced QA team.

KronoGraph source code is developed in TypeScript and built using automated tools including a linter (ESlint) and a suite of security scanners, including:

  • Secret scanner - scans the source code for accidental exposure of sensitive security information
  • Container scanner - scans the webserver container for vulnerabilities
  • Dependency scanner - scans our internal and build-time dependencies for known issues and vulnerabilities
  • Static application security testing (SAST) - scans the source code for vulnerabilities, encryption issues and other potentially exploitable holes

If we identify a vulnerability, we review it internally and deal with it before release.

There is no accepted standard scanner for malicious JavaScript code. Our JavaScript files are built using secure processes and hosted on secure web servers. We will never add malicious behaviors to our source code, and we are confident that third parties cannot hijack or compromise our downloads.

Dependencies

The KronoGraph Timeline component requires React. You can install it using yarn:

npm install --save react@^19.0.0
yarn add react@^19.0.0
pnpm add react@^19.0.0

KronoGraph supports React versions ^16.8.0, ^17.0.0, ^18.0.0 and ^19.0.0.

TypeScript

KronoGraph includes full type definitions for TypeScript compatibility. See kronograph.d.tsTimeline.d.ts for the definitions. Types should be automatically available when you import KronoGraph.

Compliance

Cambridge Intelligence has implemented an information security management system that is certified to ISO 27001:2022 for the operations of software development, sale and associated support, all information assets processed and managed and all systems and services where information is processed by Cambridge Intelligence.

This includes:

  • Software Development Life Cycle
  • Risk management
  • Information classification
  • Business continuity and backups
  • Software development and code security
  • Vulnerability management
  • Logging and monitoring
  • External penetration testing
  • Physical security
  • Training and awareness

For further information, please contact our security team.

Terms of use

These terms do not alter or supersede any existing agreements between you (or your employer) and us.

By accessing or using any Content you agree to be bound by these Terms of Use. Please review these terms carefully before using the website.

The contents of this website, including but not limited to any text, code samples, API references, schemas, interactive tools, and other materials (collectively, the 'Content'), are made available for informational and internal evaluation purposes only. All intellectual property rights in the Content are reserved. No licence is granted to use the Content for any commercial purpose, or to copy, distribute, modify, reverse-engineer, or incorporate any part of the Content into any product or service, without our prior written consent.

This Content is provided “as is” and “as available,” without any representations, warranties, or guarantees of any kind, whether express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, non-infringement, or accuracy. To the fullest extent permitted by applicable law, we expressly exclude and disclaim all implied warranties, conditions, and other terms that might otherwise be implied.

We disclaim all liability for any loss or damage, whether direct, indirect, incidental, consequential, or otherwise, arising from any reliance placed on the Content or from your use of it, to the fullest extent permitted by applicable law. By continuing to access or use the Content, you acknowledge and agree to these terms.