SDKS-3941: Migrate Protect from Legacy to new Ping SDK

[ancheetah]

JIRA Ticket

https://pingidentity.atlassian.net/browse/SDKS-3941

Description

Moves Ping Protect module from legacy SDK using functional pattern. Improves JS Doc annotations and unit tests.

No changeset.

[changeset-bot]

⚠️ No Changeset found

Latest commit: f3ecb6c

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[nx-cloud]

View your CI Pipeline Execution ↗ for commit f3ecb6c.

Command	Status	Duration	Result
nx affected -t build typecheck lint test e2e-ci	✅ Succeeded	1m 43s	View ↗
nx-cloud record -- nx format:check	✅ Succeeded	2s	View ↗

---

☁️ Nx Cloud last updated this comment at 2025-05-21 19:49:00 UTC

[github-actions]

Deployed f34d851 to https://ForgeRock.github.io/ping-javascript-sdk/pr-274/f34d851c0e15e3adfffb2d7e51203b615c130c46 branch gh-pages in ForgeRock/ping-javascript-sdk

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 50.26%. Comparing base (b9867d1) to head (f3ecb6c).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #274   +/-   ##
=======================================
  Coverage   50.26%   50.26%           
=======================================
  Files          29       29           
  Lines        1711     1711           
  Branches      196      195    -1     
=======================================
  Hits          860      860           
  Misses        851      851           

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[cerebrl]

Looks good to me. I'll let @ryanbas21 be the final arbiter as most of this has to do with the usual scaffolding/infrastructure implementation.

[ancheetah]

moved loading signals sdk out of protect api. added test for failed signals sdk load.

[ryanbas21]

I may have misled you. What I meant was something like this:

https://github.com/ForgeRock/forgerock-javascript-sdk/blob/develop/packages/ping-protect/package.json#L14

This is my reasoning/thought process so let me know if this tracks with you.

Tree shaking is the process of dead code removal. This is a static process, so bundlers are doing this based on the static code available during the uglification/minify process.

The signals SDK is not a module. It's just like an iiffe that is executed when the script loads. Additionally, it modifies the window with new functions that it uses. These modify the global scope (window) which are side effects.

So we need to tell bundlers that this file is effectful. It can't be removed. We rely on the effects produced by this in other code that.

So here we can use an array to say the files we are asking not be removed.

Another common input in sideEffect arrays would be CSS files (in a glob syntax) because CSS also changes the dom.

Another one would be a polyfill that extends the Array prototype.

Now - truth be told, I'm not sure the code style of factory functions is very tree shakeable to begin with because the bundler can't execute the factory to determine if some of the code is used or not later on. So it must include it.

But I could be wrong, or maybe things advanced and I'm not sure, so its worth including it anyways.

[ryanbas21]

Great work!

[ancheetah]

@ryanbas21 @cerebrl please review again. Added support for marketplace nodes, updated readme with important note, and changed the module name from createProtect to protect. Also I updated the ProtectInitializeConfig type and it was a little strange to me. Should it just extend from the ProtectConfig type?

[cerebrl]

👍

[cerebrl]

Ryan says, "It's fine"

[cerebrl]

This looks good. I think there's just one correction needed in the README.md file to reflect the name change in the exported function.

[cerebrl]

This import is now just protect, yeah?

[ancheetah]

updated readme with new naming for protect module and squashed commits

[ryanbas21]

is there any chance that there are no metadata callbacks and this produces undefined?

[ryanbas21]

I don't remember, so maybe i should look into this. I maybe wrote it like this originally.

[ryanbas21]

nevermind I see the check below