Security
KronoGraph is a low-risk, highly secure JavaScript library that is unlikely to be affected by common security vulnerabilities:
- No native data transfers with remote servers or server-side dependencies.
- No user data tracking or persistent data on local storage.
- Runs entirely within the browser using standard JavaScript. It has no plug-in or extension requirements.
- Source code is obfuscated and minified before distribution.
- Nothing is added to the global scope, protecting its functions.
- KronoGraph does not pollute prototypes.
- New APIs and features are tested to prevent introduction of vulnerabilities.
KronoGraph Development
KronoGraph is a closed source project, with all code controlled by Cambridge Intelligence staff, reviewed by multiple expert developers and tested thoroughly by our experienced QA team.
KronoGraph source code is developed in TypeScript and built using automated tools including a linter (ESlint) and a suite of security scanners, including:
- Secret scanner - scans the source code for accidental exposure of sensitive security information
- Container scanner - scans the webserver container for vulnerabilities
- Dependency scanner - scans our internal and build-time dependencies for known issues and vulnerabilities
- Static application security testing (SAST) - scans the source code for vulnerabilities, encryption issues and other potentially exploitable holes
If we identify a vulnerability, we review it internally and deal with it before release.
There is no accepted standard scanner for malicious JavaScript code. Our JavaScript files are built using secure processes and hosted on secure web servers. We will never add malicious behaviors to our source code, and we are confident that third parties cannot hijack or compromise our downloads.
Dependencies
The KronoGraph Timeline component requires React. You can install it using yarn:
npm install --save react@^19.0.0 yarn add react@^19.0.0 pnpm add react@^19.0.0 KronoGraph supports React versions ^16.8.0, ^17.0.0, ^18.0.0 and ^19.0.0.
TypeScript
KronoGraph includes full type definitions for TypeScript compatibility. See kronograph.d.tsTimeline.d.ts for the definitions. Types should be automatically available when you import KronoGraph.
Compliance
Cambridge Intelligence has implemented an information security management system that is certified to ISO 27001:2022 for the operations of software development, sale and associated support, all information assets processed and managed and all systems and services where information is processed by Cambridge Intelligence.
This includes:
- Software Development Life Cycle
- Risk management
- Information classification
- Business continuity and backups
- Software development and code security
- Vulnerability management
- Logging and monitoring
- External penetration testing
- Physical security
- Training and awareness
For further information, please contact our security team.