@multisystemsuite/timezone-engine-security

Timezone security validation — block invalid IANA input, ambiguous abbreviations, JWT clock skew, and date injection.

What it is used for

• Validate timezone headers/query params before use
• Protect APIs from IST, Asia/India, US/NewYork injection
• Detect client clock manipulation affecting JWT expiry
• Sanitize date + timezone pairs from CSV/Excel imports

Install

npm install @multisystemsuite/timezone-engine-security

Usage

import {
  validateTimezoneInput,
  detectJwtClockSkew,
  sanitizeDateInput,
  blockUnsafeTimezoneAbbreviation,
} from "@multisystemsuite/timezone-engine-security";

// API input validation
const tz = validateTimezoneInput(req.headers["x-timezone"]);
if (!tz.valid) return res.status(400).json({ error: tz.reason });

// JWT skew (client clock tampering)
const skew = detectJwtClockSkew(token.exp, new Date());
if (skew.skewed) return res.status(401).json({ error: "clock_skew" });

// Import row validation
const row = sanitizeDateInput("2026-05-26", "Asia/Kolkata");

// Middleware fallback
const safe = blockUnsafeTimezoneAbbreviation("IST"); // → UTC

Key exports

| Export | Purpose | | ----------------------------------- | --------------------------------- | | validateTimezoneInput() | Strict IANA + alias validation | | detectJwtClockSkew() | Client vs server clock drift | | sanitizeDateInput() | Validate date + optional timezone | | blockUnsafeTimezoneAbbreviation() | Safe fallback for headers |

Related packages

• @multisystemsuite/timezone-engine-core — validateTimezone(), aliasTimezoneResolver()
• @multisystemsuite/timezone-engine-node — Express middleware

Keywords

timezone, security, validation, jwt, injection, iana, enterprise

License

MIT