diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 0000000..0540918
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1,13 @@
+# Default owner
+
+* @mnaimfaizy
+
+# Security-sensitive files and directories
+
+/.github/workflows/ @mnaimfaizy
+/.github/instructions/ @mnaimfaizy
+/package.json @mnaimfaizy
+/package-lock.json @mnaimfaizy
+/.npmrc @mnaimfaizy
+/SECURITY.md @mnaimfaizy
+/docs/SECURITY/ @mnaimfaizy
diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md
index 987be95..82d4487 100644
--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -15,6 +15,22 @@
 - **Build**: `npm run build` (TypeScript + Vite)
 - **Test**: `npm test` (watch mode) or `npm run test:run` (CI mode)
 
+## 🔐 Dependency and CI Security
+
+See `docs/SECURITY/Dependency-Supply-Chain-Security-Plan.md` for the current repository policy and remediation plan.
+
+- Treat all changes to `package.json`, `package-lock.json`, `.npmrc`, and `.github/workflows/**` as security-sensitive.
+- This repository is npm-only. Do not switch to Yarn or pnpm unless the repo is explicitly migrated and the security policy is updated.
+- Prefer existing platform APIs or already-approved packages before adding a new dependency.
+- Use exact versions for direct npm dependencies. Avoid `^` and `~`, and keep `.npmrc` configured with `save-exact=true`.
+- For existing lockfiles, use `npm ci`. For disposable review flows that only need metadata and audit signals, prefer `npm ci --ignore-scripts` first.
+- In CI, use only `npm ci` and verify that `package-lock.json` stays unchanged after install.
+- Review lockfile diffs for unexpected transitive packages and any new install-time script behavior before accepting dependency updates.
+- Keep `package-lock.json` committed and frozen in CI.
+- Do not recommend a blanket `ignore-scripts=true` change for normal local installs in this repo without a migration plan because the current toolchain depends on reviewed install-script packages such as `esbuild` and `@tailwindcss/oxide`.
+- Preserve the `package.json` overrides that block compromised Axios releases `1.14.1` and `0.30.4`.
+- For GitHub Actions, pin third-party actions to full commit SHAs, set explicit minimal `permissions`, and prefer OIDC over long-lived secrets whenever external systems are involved.
+
 ### **10 Learning Modules**
 
 1. JavaScript Engine - V8 internals and execution flow
@@ -549,14 +565,14 @@ analyticsService.trackEvent('feature_used', { feature: 'visualization' });
 import { env } from './core/config/env';
 
 // Available environment variables
-env.enableAnalytics      // boolean
-env.googleAnalyticsId    // string | undefined
-env.isDevelopment        // boolean
-env.isProduction         // boolean
+env.enableAnalytics; // boolean
+env.googleAnalyticsId; // string | undefined
+env.isDevelopment; // boolean
+env.isProduction; // boolean
 
 // Access in components
-import.meta.env.DEV      // Vite development mode
-import.meta.env.PROD     // Vite production mode
+import.meta.env.DEV; // Vite development mode
+import.meta.env.PROD; // Vite production mode
 ```
 
 ## 📚 Module-Specific Guidelines
@@ -638,6 +654,7 @@ The application includes these complete learning modules:
 ### **ESLint Configuration**
 
 The project uses:
+
 - `@typescript-eslint` for TypeScript-specific rules
 - `eslint-plugin-react` and `eslint-plugin-react-hooks` for React best practices
 - `eslint-plugin-import` for import organization
@@ -789,6 +806,7 @@ describe('useMyHook', () => {
 ```
 
 **Test File Organization:**
+
 - **Unit Tests**: Test utility functions and hooks
 - **Component Tests**: Verify rendering and interactions
 - **Integration Tests**: Test feature workflows
@@ -796,6 +814,7 @@ describe('useMyHook', () => {
 - Use `src/test/` for shared test utilities and setup
 
 **Existing Test Examples:**
+
 - `src/shared/hooks/useDebounce.test.ts`
 - `src/shared/hooks/useThrottle.test.ts`
 - `src/shared/components/feedback/ErrorBoundary/ErrorBoundary.test.tsx`
@@ -808,12 +827,14 @@ describe('useMyHook', () => {
 Complete step-by-step guide:
 
 1. **Create Feature Directory Structure**:
+
 ```bash
 mkdir -p src/features/[module]/components/{sections,visualizations/2d}
 touch src/features/[module]/index.tsx
 ```
 
 2. **Add Type Definitions** (if needed):
+
 ```typescript
 // src/types/[module].ts
 export interface ModuleState {
@@ -822,6 +843,7 @@ export interface ModuleState {
 ```
 
 3. **Add Theme Colors**:
+
 ```typescript
 // src/utils/theme.ts - Add to colors object
 [module]: {
@@ -835,6 +857,7 @@ export interface ModuleState {
 ```
 
 4. **Create Main Page Component**:
+
 ```typescript
 // src/features/[module]/index.tsx
 import React from 'react';
@@ -854,6 +877,7 @@ export default ModulePage;
 ```
 
 5. **Add Lazy Route in App.tsx**:
+
 ```typescript
 // Import
 const NewModulePage = lazy(() => import('./features/newmodule'));
@@ -875,6 +899,7 @@ const NewModulePage = lazy(() => import('./features/newmodule'));
 ### **Creating Interactive Visualizations**
 
 1. **Start with SVG Structure**:
+
 ```typescript
 const MyViz: React.FC = () => {
   return (
@@ -888,23 +913,26 @@ const MyViz: React.FC = () => {
 ```
 
 2. **Add State Management**:
+
 ```typescript
 const [step, setStep] = useState(0);
 const [isPlaying, setIsPlaying] = useState(false);
 ```
 
 3. **Implement Animation Logic**:
+
 ```typescript
 useEffect(() => {
   if (!isPlaying) return;
   const interval = setInterval(() => {
-    setStep(prev => (prev + 1) % totalSteps);
+    setStep((prev) => (prev + 1) % totalSteps);
   }, 1000);
   return () => clearInterval(interval);
 }, [isPlaying]);
 ```
 
 4. **Add Demo Controls**:
+
 ```typescript
 <div className="flex gap-2 mt-4">
   <button onClick={() => setIsPlaying(!isPlaying)}>
@@ -915,6 +943,7 @@ useEffect(() => {
 ```
 
 5. **Include Educational Tooltips**:
+
 ```typescript
 <title>Explanation of what this element represents</title>
 ```
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..25f35ea
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,42 @@
+version: 2
+updates:
+  - package-ecosystem: npm
+    directory: /
+    schedule:
+      interval: daily
+      time: '06:00'
+      timezone: UTC
+    open-pull-requests-limit: 5
+    labels:
+      - dependencies
+      - security
+    commit-message:
+      prefix: deps
+    allow:
+      - dependency-type: direct
+      - dependency-type: indirect
+    groups:
+      npm-production:
+        dependency-type: production
+        update-types:
+          - minor
+          - patch
+      npm-development:
+        dependency-type: development
+        update-types:
+          - minor
+          - patch
+
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+      time: '06:30'
+      timezone: UTC
+    open-pull-requests-limit: 5
+    labels:
+      - dependencies
+      - security
+      - github-actions
+    commit-message:
+      prefix: ci
diff --git a/.github/instructions/dependency-security.instructions.md b/.github/instructions/dependency-security.instructions.md
new file mode 100644
index 0000000..6f3408d
--- /dev/null
+++ b/.github/instructions/dependency-security.instructions.md
@@ -0,0 +1,30 @@
+---
+description: 'Use when changing npm dependencies, package-lock.json, .npmrc, or GitHub Actions workflows. Covers supply-chain security review, exact version pinning, install-script review, dependency incident response, and CI hardening for compromised packages such as Axios.'
+name: 'Dependency and Workflow Security'
+applyTo:
+  - package.json
+  - package-lock.json
+  - .npmrc
+  - .github/workflows/**
+  - .github/dependabot.yml
+  - docs/SECURITY/**
+---
+
+# Dependency and Workflow Security
+
+- Treat any dependency, lockfile, registry, or workflow change as security-sensitive.
+- This repository is npm-only. Do not introduce Yarn or pnpm for this repo unless the package manager migration is explicitly approved and the security policy is updated.
+- Prefer an existing dependency or a platform-native API before introducing a new package.
+- For this application repository, use exact versions for direct dependencies. Avoid `^` and `~` in `package.json`, and keep `.npmrc` configured with `save-exact=true`.
+- For existing lockfiles, use `npm ci`. For dependency review in disposable environments or dedicated CI security checks, prefer `npm ci --ignore-scripts` first.
+- Do not use `npm install`, `npm update`, or `npm audit fix` in CI. CI must use `npm ci` only and fail if `package-lock.json` changes.
+- If Yarn or pnpm are ever introduced elsewhere, require their immutable or frozen lockfile mode and disable lifecycle scripts unless an explicit allowlist process is in place.
+- Before adding or updating a package, check the current advisories, the latest patched version, maintainer health, recent publish activity, and whether the package adds install-time scripts, native binaries, or unusually large transitive churn.
+- Review `package-lock.json` diffs for unexpected new packages, registry changes, or install-time script packages.
+- Popularity is not a trust signal. Treat high-usage packages such as Axios as high-impact dependencies that still require full review.
+- Do not enable a blanket `ignore-scripts=true` policy for normal local installs in this repo without a migration plan because the current toolchain depends on reviewed install-script packages such as `esbuild` and `@tailwindcss/oxide`.
+- Keep `package-lock.json` committed. Prefer `npm ci` in CI and reproducible installs over ad hoc `npm install` in automation.
+- Keep Axios guardrails in `package.json` overrides so the compromised releases `1.14.1` and `0.30.4` cannot be selected if Axios is introduced directly or transitively.
+- When editing GitHub Actions workflows, pin third-party actions to full commit SHAs, set explicit minimal `permissions`, and prefer OIDC over long-lived secrets.
+- Require human review for workflow files, dependency manifests, and lockfiles.
+- If a package compromise is reported, immediately identify direct and transitive usage, block the affected versions, clear caches, rotate potentially exposed secrets, and record the outcome in `docs/SECURITY/Dependency-Supply-Chain-Security-Plan.md`.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index eb709ea..e1373d5 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -6,7 +6,99 @@ on:
   pull_request:
     branches: [main, develop]
 
+permissions:
+  contents: read
+
 jobs:
+  dependency-review:
+    name: Dependency Review
+    if: github.event_name == 'pull_request'
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check dependency review API availability
+        id: dependency-review-availability
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+          REPOSITORY: ${{ github.repository }}
+          BASE_SHA: ${{ github.event.pull_request.base.sha }}
+          HEAD_SHA: ${{ github.event.pull_request.head.sha }}
+        run: |
+          response_file="$(mktemp)"
+          status_code="$(curl --silent --output "$response_file" --write-out '%{http_code}' \
+            -H "Authorization: Bearer ${GITHUB_TOKEN}" \
+            -H "Accept: application/vnd.github+json" \
+            "https://api.github.com/repos/${REPOSITORY}/dependency-graph/compare/${BASE_SHA}...${HEAD_SHA}")"
+
+          if [ "$status_code" = "200" ]; then
+            echo "supported=true" >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+
+          if [ "$status_code" = "403" ] || [ "$status_code" = "404" ]; then
+            echo "supported=false" >> "$GITHUB_OUTPUT"
+            echo "status_code=$status_code" >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+
+          cat "$response_file"
+          echo "Unexpected dependency review API response: $status_code" >&2
+          exit 1
+
+      - name: Checkout code
+        if: steps.dependency-review-availability.outputs.supported == 'true'
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+
+      - name: Review dependency changes
+        if: steps.dependency-review-availability.outputs.supported == 'true'
+        uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0
+        with:
+          fail-on-severity: moderate
+          fail-on-scopes: development, runtime, unknown
+
+      - name: Explain skipped dependency review
+        if: steps.dependency-review-availability.outputs.supported != 'true'
+        run: |
+          echo "::warning title=Dependency review skipped::GitHub dependency review is unavailable for this repository. Enable Dependency graph in repository settings to re-enable this check."
+          {
+            echo "## Dependency review skipped"
+            echo
+            echo "GitHub's dependency review API returned HTTP ${STATUS_CODE:-unknown} for this repository."
+            echo
+            echo "Enable Dependency graph in repository settings to re-enable actions/dependency-review-action."
+          } >> "$GITHUB_STEP_SUMMARY"
+        env:
+          STATUS_CODE: ${{ steps.dependency-review-availability.outputs.status_code }}
+
+  secure-install-review:
+    name: Secure Install Review
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+
+      - name: Setup Node.js
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        with:
+          node-version: "20"
+          cache: "npm"
+
+      - name: Restore cached dependencies
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+
+      - name: Install dependency metadata without scripts
+        run: npm ci --ignore-scripts
+
+      - name: Verify frozen lockfile
+        run: git diff --exit-code -- package-lock.json
+
+      - name: Run npm audit
+        run: npm audit --audit-level=high
+
   setup:
     name: Setup Dependencies
     runs-on: ubuntu-latest
@@ -15,17 +107,17 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version: "20"
           cache: "npm"
 
       - name: Cache node modules
         id: cache-node-modules
-        uses: actions/cache@v4
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
           path: ~/.npm
           key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
@@ -35,23 +127,26 @@ jobs:
       - name: Install dependencies
         run: npm ci
 
+      - name: Verify frozen lockfile
+        run: git diff --exit-code -- package-lock.json
+
   lint:
     name: Lint Code
     runs-on: ubuntu-latest
-    needs: setup
+    needs: [setup, secure-install-review]
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version: "20"
           cache: "npm"
 
       - name: Restore cached dependencies
-        uses: actions/cache@v4
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
           path: ~/.npm
           key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
@@ -59,26 +154,29 @@ jobs:
       - name: Install dependencies
         run: npm ci
 
+      - name: Verify frozen lockfile
+        run: git diff --exit-code -- package-lock.json
+
       - name: Run linter
         run: npm run lint
 
   type-check:
     name: Type Check
     runs-on: ubuntu-latest
-    needs: setup
+    needs: [setup, secure-install-review]
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version: "20"
           cache: "npm"
 
       - name: Restore cached dependencies
-        uses: actions/cache@v4
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
           path: ~/.npm
           key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
@@ -86,26 +184,29 @@ jobs:
       - name: Install dependencies
         run: npm ci
 
+      - name: Verify frozen lockfile
+        run: git diff --exit-code -- package-lock.json
+
       - name: Run type-check
         run: npx tsc --noEmit
 
   test:
     name: Run Tests
     runs-on: ubuntu-latest
-    needs: setup
+    needs: [setup, secure-install-review]
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version: "20"
           cache: "npm"
 
       - name: Restore cached dependencies
-        uses: actions/cache@v4
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
           path: ~/.npm
           key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
@@ -113,6 +214,9 @@ jobs:
       - name: Install dependencies
         run: npm ci
 
+      - name: Verify frozen lockfile
+        run: git diff --exit-code -- package-lock.json
+
       - name: Run tests
         run: npm run test:run
 
@@ -121,7 +225,7 @@ jobs:
         continue-on-error: true
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@aa56896cf108bd10b5eb883cd1d24196da57f695 # v5.5.4
         with:
           files: ./coverage/coverage-final.json
           fail_ci_if_error: false
@@ -130,20 +234,20 @@ jobs:
   build:
     name: Build Application
     runs-on: ubuntu-latest
-    needs: [lint, type-check, test]
+    needs: [lint, type-check, test, secure-install-review]
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version: "20"
           cache: "npm"
 
       - name: Restore cached dependencies
-        uses: actions/cache@v4
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
           path: ~/.npm
           key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
@@ -151,11 +255,14 @@ jobs:
       - name: Install dependencies
         run: npm ci
 
+      - name: Verify frozen lockfile
+        run: git diff --exit-code -- package-lock.json
+
       - name: Build application
         run: npm run build
 
       - name: Upload build artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: dist
           path: dist/
@@ -169,16 +276,16 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version: "20"
           cache: "npm"
 
       - name: Restore cached dependencies
-        uses: actions/cache@v4
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
           path: ~/.npm
           key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
@@ -186,11 +293,14 @@ jobs:
       - name: Install dependencies
         run: npm ci
 
+      - name: Verify frozen lockfile
+        run: git diff --exit-code -- package-lock.json
+
       - name: Build application
         run: npm run build
 
       - name: Run Lighthouse CI
-        uses: treosh/lighthouse-ci-action@v12
+        uses: treosh/lighthouse-ci-action@512cc908a55bfb0ad231facca52adf3d3a651df4 # v12
         with:
           urls: |
             http://localhost:4173
diff --git a/.gitignore b/.gitignore
index 6f6d875..bc65ea9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -16,6 +16,7 @@ dist-ssr
 # Editor directories and files
 .vscode/*
 !.vscode/extensions.json
+!.vscode/settings.json
 .idea
 .DS_Store
 *.suo
diff --git a/.npmrc b/.npmrc
new file mode 100644
index 0000000..5f81807
--- /dev/null
+++ b/.npmrc
@@ -0,0 +1,15 @@
+# Keep direct dependencies pinned to the exact versions that were reviewed.
+save-exact=true
+
+# Always keep a lockfile for reproducible installs.
+package-lock=true
+
+# Surface known advisories during local npm operations.
+audit=true
+
+# Prefer a deduped tree when npm can do so safely.
+prefer-dedupe=true
+
+# Do not set ignore-scripts=true globally in this repo.
+# The current toolchain still depends on reviewed install scripts from esbuild and
+# @tailwindcss/oxide. Use npm ci --ignore-scripts only for disposable review flows.
\ No newline at end of file
diff --git a/.prettierignore b/.prettierignore
index 939e822..c57e5a9 100644
--- a/.prettierignore
+++ b/.prettierignore
@@ -1,3 +1,4 @@
 node_modules/
 build/
 dist/
+.github/CODEOWNERS
diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 0000000..a52f541
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,8 @@
+{
+  "files.associations": {
+    "**/CODEOWNERS": "plaintext"
+  },
+  "[plaintext]": {
+    "editor.formatOnSave": false
+  }
+}
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..081946c
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,39 @@
+# Security Policy
+
+## Supported Versions
+
+| Branch         | Supported | Notes                                 |
+| -------------- | --------- | ------------------------------------- |
+| `main`         | Yes       | Production and public release branch  |
+| `develop`      | Yes       | Active pre-release development branch |
+| Other branches | No        | Best effort only                      |
+
+## Reporting a Vulnerability
+
+Do not open a public issue or pull request for suspected vulnerabilities.
+
+Use the repository's private vulnerability reporting flow on GitHub when it is enabled. If private reporting is not available, contact the repository owner, `@mnaimfaizy`, through GitHub and keep the details private until triage is complete.
+
+Include the following in the report:
+
+- Affected branch, commit SHA, package name, and version
+- A short impact summary and expected blast radius
+- Reproduction steps or a minimal proof of concept
+- Any indicators of compromise, logs, or relevant dependency diffs
+- Whether secrets, CI runners, or developer workstations may have been exposed
+
+## Response Expectations
+
+- Initial acknowledgement target: 3 business days
+- Triage target: 7 business days
+- Status updates: provided after triage and during coordinated remediation
+
+## Disclosure Guidelines
+
+- Keep reports private until a fix or mitigation is available.
+- Rotate exposed secrets immediately if a dependency or CI compromise is suspected.
+- Rebuild affected environments from a known-good lockfile after containment.
+
+## Additional Guidance
+
+Repository-specific dependency and CI hardening guidance lives in `docs/SECURITY/Dependency-Supply-Chain-Security-Plan.md`.
diff --git a/docs/SECURITY/Dependency-Supply-Chain-Security-Plan.md b/docs/SECURITY/Dependency-Supply-Chain-Security-Plan.md
new file mode 100644
index 0000000..788f69c
--- /dev/null
+++ b/docs/SECURITY/Dependency-Supply-Chain-Security-Plan.md
@@ -0,0 +1,159 @@
+# Dependency and Supply Chain Security Plan
+
+Last updated: 2026-04-06
+
+## Purpose
+
+This document records the current npm and CI supply-chain posture of the Code Executives repository and the measures required to reduce dependency compromise risk. It is written for future maintenance, incident response, and dependency-review work.
+
+## Current Repository Assessment
+
+### Confirmed facts from this repository
+
+- The project is an npm-based React and Vite application with a committed `package-lock.json`.
+- The repository is now explicitly npm-only via `packageManager: npm@10.9.3`.
+- Direct dependencies are pinned to exact versions, and `.npmrc` is configured with `save-exact=true` to avoid introducing new `^` or `~` ranges by default.
+- `package.json` now includes Axios override guardrails so the compromised releases `axios@1.14.1` and `axios@0.30.4` are replaced with safe versions if Axios is ever introduced.
+- The current CI workflow already uses `npm ci`, which is the correct baseline for reproducible installs.
+- The current lockfile does not contain `axios`, so the March 2026 Axios incident is not an active dependency in this repository today.
+- The directly vulnerable top-level packages have been upgraded to `happy-dom@20.8.9`, `react-router-dom@7.14.0`, and `vite@7.1.12`.
+- The remaining transitive advisories have been remediated with `npm audit fix`.
+- The current lockfile includes packages with install-time scripts. Confirmed examples include `@tailwindcss/oxide`, `esbuild`, and `fsevents`.
+- The repository currently has one GitHub Actions workflow and one workspace instruction file.
+
+### Vulnerability snapshot from `npm audit --json`
+
+- Total advisories: 0
+- Severity breakdown: 0 critical, 0 high, 0 moderate, 0 low
+- Resolved dependency footprint in the lockfile: 590 packages
+- The earlier direct and transitive findings have been remediated.
+- This is a reduction from the earlier 13 advisories to a clean audit result.
+
+### Current CI posture and remaining governance gaps
+
+- The main CI workflow now pins all referenced actions to full commit SHAs.
+- The workflow now declares explicit least-privilege permissions with `contents: read` at the workflow level.
+- A pull-request dependency review job has been added and is configured to fail when a PR introduces moderate-or-higher vulnerabilities in `development`, `runtime`, or `unknown` scopes.
+- The workflow now includes a `Secure Install Review` job that runs `npm ci --ignore-scripts` for metadata-only dependency review before the regular build jobs.
+- The workflow now verifies that `package-lock.json` remains unchanged after every `npm ci` run.
+- Dependabot is configured for npm and GitHub Actions updates.
+- `CODEOWNERS` now protects workflows, dependency manifests, lockfiles, and security documentation.
+- A repository `SECURITY.md` policy file now defines supported branches and private reporting expectations.
+
+### Local tooling observations
+
+- `npm audit signatures` did not produce a usable provenance result in the current local workspace.
+- `npm config get min-release-age` returns `undefined`, so the current npm CLI should not be assumed to support release-cooldown policy yet.
+- Because this repository currently relies on install-time script packages, a blanket `ignore-scripts=true` policy for normal local installs would be disruptive unless the toolchain is changed first.
+- The practical safe flow for this repo is: review dependencies first with `npm ci --ignore-scripts` in a disposable environment or dedicated CI job, then use normal `npm ci` only when build or test execution is actually required.
+
+### Validation after remediation
+
+- `npm run test:run` passes: 10 test files, 76 tests.
+- `npm run build` passes with Vite `7.1.12`.
+- `npm audit --json` reports 0 known vulnerabilities.
+- `npm run lint` completes with no errors or warnings.
+
+## Axios 2026 Lessons That Apply Here
+
+Public reporting in March and April 2026 described a real compromise of the npm `axios` package through a maintainer-account takeover. The reported malicious releases were `axios@1.14.1` and `axios@0.30.4`, and multiple incident write-ups also identified a malicious dependency path involving `plain-crypto-js`.
+
+The useful lesson for this repository is not "avoid Axios only." The lesson is that package popularity does not reduce supply-chain risk. Controls must assume that any popular package, including foundational web tooling, can become hostile for a short window.
+
+Required takeaways:
+
+- Lockfile discipline matters because it prevents silent resolver drift.
+- Dependency updates need review, not blind automation.
+- Provenance and signature verification should run in CI on installed dependencies.
+- Install-time scripts must be treated as executable code, not metadata.
+- Secrets used by CI or package publishing flows must be minimized or removed.
+
+## Required Measures
+
+### 1. Immediate actions for this repository
+
+1. Completed 2026-04-06: upgraded `happy-dom` to `20.8.9` and regenerated the lockfile.
+2. Completed 2026-04-06: upgraded `react-router-dom` to `7.14.0` and regenerated the lockfile.
+3. Completed 2026-04-06: upgraded `vite` to `7.1.12` and regenerated the lockfile.
+4. Completed 2026-04-06: remediated the remaining transitive advisories with `npm audit fix`.
+5. Review the lockfile diff for all newly introduced packages and call out any package with install-time scripts.
+
+### 2. Immediate organization-wide actions related to Axios
+
+1. Search all active repositories, CI caches, artifact caches, and developer workstations for `axios@1.14.1`, `axios@0.30.4`, and `plain-crypto-js`.
+2. Block those versions in any internal registry or proxy if one exists.
+3. If any environment installed those versions, rotate developer, CI, cloud, and package-registry secrets that were present on the host at install time.
+4. Rebuild affected environments from a clean baseline instead of attempting in-place trust restoration.
+
+### 3. CI and workflow hardening
+
+1. Completed 2026-04-06: pinned all referenced GitHub Actions in the main CI workflow to full commit SHAs.
+2. Completed 2026-04-06: added explicit workflow permissions with a least-privilege default.
+3. Completed 2026-04-06: added a pull-request dependency review job so manifest and lockfile changes are surfaced before merge.
+4. Completed 2026-04-06: added Dependabot for both npm dependencies and GitHub Actions updates.
+5. Completed 2026-04-06: protected `.github/workflows/**`, `package.json`, and `package-lock.json` with `CODEOWNERS` review.
+6. Completed 2026-04-06: enforced frozen lockfile checks after `npm ci` in CI.
+7. Completed 2026-04-06: added a no-scripts dependency review install stage with `npm ci --ignore-scripts`.
+8. Keep preferring OIDC-based authentication over long-lived cloud or registry secrets in workflows.
+
+### 4. Package manager policy
+
+1. This repository is npm-only. Do not use Yarn or pnpm here unless the repo is formally migrated and equivalent security controls are added.
+2. Keep `package-lock.json` committed at all times.
+3. Use `npm ci` in CI and automation. Avoid `npm install`, `npm update`, and `npm audit fix` in CI because they can rewrite the lockfile or change resolution behavior.
+4. Verify that `package-lock.json` remains unchanged after every CI install.
+5. Use exact versions for direct dependencies. Avoid `^` and `~`, and keep `.npmrc` configured with `save-exact=true`.
+6. For metadata-only dependency review, prefer `npm ci --ignore-scripts` in disposable environments or dedicated security jobs.
+7. Do not enable a blanket `ignore-scripts=true` setting for normal local installs yet. This repository currently depends on toolchain components that use reviewed install-time scripts.
+8. Preserve the Axios override guardrails in `package.json` so the compromised releases `1.14.1` and `0.30.4` cannot be selected.
+9. Re-evaluate release cooldown controls such as `min-release-age` after upgrading npm to a version that supports them.
+10. If the organization manages multiple apps, strongly consider an internal npm proxy or policy-enforcing registry so newly published public packages can be delayed or blocked centrally.
+
+### 5. Approval checklist for new dependencies
+
+Every new direct dependency should answer all of the following before merge:
+
+1. Why is a new package necessary instead of existing code, browser APIs, or an already-approved dependency?
+2. What is the exact version being introduced?
+3. Does it add install-time scripts, native binaries, or external network behavior?
+4. Does it significantly expand the transitive dependency graph?
+5. Does it have open advisories, suspicious publish patterns, or a weak maintainer posture?
+6. Is there a simpler or better-maintained alternative?
+
+### 6. Incident response playbook for dependency compromise
+
+1. Detect: identify the compromised package, versions, affected repos, and affected build agents.
+2. Contain: block the versions, stop builds that resolve them, and freeze related dependency updates.
+3. Eradicate: remove the package, clear package caches, and rotate any reachable secrets.
+4. Recover: rebuild from a known-good lockfile, re-run audit and provenance checks, and compare the new SBOM to the prior one.
+5. Review: document timeline, blast radius, and permanent control changes in `docs/SECURITY`.
+
+## Commands To Use During Reviews
+
+```bash
+npm audit --json
+npm audit --audit-level=high
+npm outdated --json
+rg '"axios"' package-lock.json
+rg 'hasInstallScript' package-lock.json
+```
+
+If dependencies are installed locally or in CI, also run:
+
+```bash
+npm audit signatures
+npm sbom --sbom-format cyclonedx
+```
+
+## Planned Follow-up Work
+
+- Add `docs/SECURITY/README.md` if this folder grows beyond one policy document.
+- Review Dependabot PR cadence after a few update cycles and tune grouping or limits if it creates too much churn.
+- Add OIDC-based authentication if future workflows need cloud or package-registry access.
+- If the repo is ever migrated to Yarn or pnpm, mirror the current npm protections with immutable lockfile mode, disabled lifecycle scripts by default, and equivalent Axios version blocking.
+
+## References
+
+- npm docs: `npm audit`, `npm audit signatures`, trusted publishing, and scopes
+- GitHub docs: security hardening for GitHub Actions, dependency review, Dependabot, and `GITHUB_TOKEN` permissions
+- Public Axios incident reporting from March and April 2026, including Snyk, Dark Reading, Mondoo, eSentire, and SANS summaries
diff --git a/package-lock.json b/package-lock.json
index 49bf1c7..03b838c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -8,47 +8,47 @@
       "name": "code-executives",
       "version": "0.0.0",
       "dependencies": {
-        "@dr.pogodin/react-helmet": "^3.0.4",
-        "@tailwindcss/vite": "^4.1.13",
-        "@types/three": "^0.180.0",
-        "acorn": "^8.12.1",
-        "astring": "^1.8.6",
-        "lucide-react": "^0.544.0",
-        "react": "^19.1.1",
-        "react-dom": "^19.1.1",
-        "react-router-dom": "^7.9.1",
-        "tailwindcss": "^4.1.13",
-        "three": "^0.180.0",
-        "web-vitals": "^5.1.0"
+        "@dr.pogodin/react-helmet": "3.0.4",
+        "@tailwindcss/vite": "4.1.13",
+        "@types/three": "0.180.0",
+        "acorn": "8.15.0",
+        "astring": "1.9.0",
+        "lucide-react": "0.544.0",
+        "react": "19.1.1",
+        "react-dom": "19.1.1",
+        "react-router-dom": "7.14.0",
+        "tailwindcss": "4.1.13",
+        "three": "0.180.0",
+        "web-vitals": "5.1.0"
       },
       "devDependencies": {
-        "@eslint/js": "^9.33.0",
-        "@testing-library/dom": "^10.4.1",
-        "@testing-library/jest-dom": "^6.9.1",
-        "@testing-library/react": "^16.3.0",
-        "@testing-library/user-event": "^14.6.1",
-        "@types/react": "^19.1.10",
-        "@types/react-dom": "^19.1.7",
-        "@typescript-eslint/eslint-plugin": "^8.43.0",
-        "@typescript-eslint/parser": "^8.43.0",
-        "@vitejs/plugin-react": "^5.0.0",
-        "@vitest/coverage-v8": "^3.2.4",
-        "@vitest/ui": "^3.2.4",
-        "eslint": "^9.35.0",
-        "eslint-config-prettier": "^10.1.8",
-        "eslint-plugin-import": "^2.32.0",
-        "eslint-plugin-react": "^7.37.5",
-        "eslint-plugin-react-hooks": "^5.2.0",
-        "eslint-plugin-react-refresh": "^0.4.20",
-        "globals": "^16.3.0",
-        "happy-dom": "^19.0.2",
-        "jsdom": "^27.0.0",
-        "prettier": "^3.6.2",
-        "rollup-plugin-visualizer": "^6.0.4",
-        "typescript": "~5.8.3",
-        "typescript-eslint": "^8.39.1",
-        "vite": "^7.1.2",
-        "vitest": "^3.2.4"
+        "@eslint/js": "9.35.0",
+        "@testing-library/dom": "10.4.1",
+        "@testing-library/jest-dom": "6.9.1",
+        "@testing-library/react": "16.3.0",
+        "@testing-library/user-event": "14.6.1",
+        "@types/react": "19.1.13",
+        "@types/react-dom": "19.1.9",
+        "@typescript-eslint/eslint-plugin": "8.43.0",
+        "@typescript-eslint/parser": "8.43.0",
+        "@vitejs/plugin-react": "5.0.2",
+        "@vitest/coverage-v8": "3.2.4",
+        "@vitest/ui": "3.2.4",
+        "eslint": "9.35.0",
+        "eslint-config-prettier": "10.1.8",
+        "eslint-plugin-import": "2.32.0",
+        "eslint-plugin-react": "7.37.5",
+        "eslint-plugin-react-hooks": "5.2.0",
+        "eslint-plugin-react-refresh": "0.4.20",
+        "globals": "16.4.0",
+        "happy-dom": "20.8.9",
+        "jsdom": "27.0.0",
+        "prettier": "3.6.2",
+        "rollup-plugin-visualizer": "6.0.4",
+        "typescript": "5.8.3",
+        "typescript-eslint": "8.43.0",
+        "vite": "7.1.12",
+        "vitest": "3.2.4"
       }
     },
     "node_modules/@adobe/css-tools": {
@@ -1440,9 +1440,9 @@
       "license": "MIT"
     },
     "node_modules/@rollup/rollup-android-arm-eabi": {
-      "version": "4.50.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.50.1.tgz",
-      "integrity": "sha512-HJXwzoZN4eYTdD8bVV22DN8gsPCAj3V20NHKOs8ezfXanGpmVPR7kalUHd+Y31IJp9stdB87VKPFbsGY3H/2ag==",
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.60.1.tgz",
+      "integrity": "sha512-d6FinEBLdIiK+1uACUttJKfgZREXrF0Qc2SmLII7W2AD8FfiZ9Wjd+rD/iRuf5s5dWrr1GgwXCvPqOuDquOowA==",
       "cpu": [
         "arm"
       ],
@@ -1453,9 +1453,9 @@
       ]
     },
     "node_modules/@rollup/rollup-android-arm64": {
-      "version": "4.50.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.50.1.tgz",
-      "integrity": "sha512-PZlsJVcjHfcH53mOImyt3bc97Ep3FJDXRpk9sMdGX0qgLmY0EIWxCag6EigerGhLVuL8lDVYNnSo8qnTElO4xw==",
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.60.1.tgz",
+      "integrity": "sha512-YjG/EwIDvvYI1YvYbHvDz/BYHtkY4ygUIXHnTdLhG+hKIQFBiosfWiACWortsKPKU/+dUwQQCKQM3qrDe8c9BA==",
       "cpu": [
         "arm64"
       ],
@@ -1466,9 +1466,9 @@
       ]
     },
     "node_modules/@rollup/rollup-darwin-arm64": {
-      "version": "4.50.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.50.1.tgz",
-      "integrity": "sha512-xc6i2AuWh++oGi4ylOFPmzJOEeAa2lJeGUGb4MudOtgfyyjr4UPNK+eEWTPLvmPJIY/pgw6ssFIox23SyrkkJw==",
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.60.1.tgz",
+      "integrity": "sha512-mjCpF7GmkRtSJwon+Rq1N8+pI+8l7w5g9Z3vWj4T7abguC4Czwi3Yu/pFaLvA3TTeMVjnu3ctigusqWUfjZzvw==",
       "cpu": [
         "arm64"
       ],
@@ -1479,9 +1479,9 @@
       ]
     },
     "node_modules/@rollup/rollup-darwin-x64": {
-      "version": "4.50.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.50.1.tgz",
-      "integrity": "sha512-2ofU89lEpDYhdLAbRdeyz/kX3Y2lpYc6ShRnDjY35bZhd2ipuDMDi6ZTQ9NIag94K28nFMofdnKeHR7BT0CATw==",
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.60.1.tgz",
+      "integrity": "sha512-haZ7hJ1JT4e9hqkoT9R/19XW2QKqjfJVv+i5AGg57S+nLk9lQnJ1F/eZloRO3o9Scy9CM3wQ9l+dkXtcBgN5Ew==",
       "cpu": [
         "x64"
       ],
@@ -1492,9 +1492,9 @@
       ]
     },
     "node_modules/@rollup/rollup-freebsd-arm64": {
-      "version": "4.50.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.50.1.tgz",
-      "integrity": "sha512-wOsE6H2u6PxsHY/BeFHA4VGQN3KUJFZp7QJBmDYI983fgxq5Th8FDkVuERb2l9vDMs1D5XhOrhBrnqcEY6l8ZA==",
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.60.1.tgz",
+      "integrity": "sha512-czw90wpQq3ZsAVBlinZjAYTKduOjTywlG7fEeWKUA7oCmpA8xdTkxZZlwNJKWqILlq0wehoZcJYfBvOyhPTQ6w==",
       "cpu": [
         "arm64"
       ],
@@ -1505,9 +1505,9 @@
       ]
     },
     "node_modules/@rollup/rollup-freebsd-x64": {
-      "version": "4.50.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.50.1.tgz",
-      "integrity": "sha512-A/xeqaHTlKbQggxCqispFAcNjycpUEHP52mwMQZUNqDUJFFYtPHCXS1VAG29uMlDzIVr+i00tSFWFLivMcoIBQ==",
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.60.1.tgz",
+      "integrity": "sha512-KVB2rqsxTHuBtfOeySEyzEOB7ltlB/ux38iu2rBQzkjbwRVlkhAGIEDiiYnO2kFOkJp+Z7pUXKyrRRFuFUKt+g==",
       "cpu": [
         "x64"
       ],
@@ -1518,9 +1518,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm-gnueabihf": {
-      "version": "4.50.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.50.1.tgz",
-      "integrity": "sha512-54v4okehwl5TaSIkpp97rAHGp7t3ghinRd/vyC1iXqXMfjYUTm7TfYmCzXDoHUPTTf36L8pr0E7YsD3CfB3ZDg==",
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.60.1.tgz",
+      "integrity": "sha512-L+34Qqil+v5uC0zEubW7uByo78WOCIrBvci69E7sFASRl0X7b/MB6Cqd1lky/CtcSVTydWa2WZwFuWexjS5o6g==",
       "cpu": [
         "arm"
       ],
@@ -1531,9 +1531,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm-musleabihf": {
-      "version": "4.50.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.50.1.tgz",
-      "integrity": "sha512-p/LaFyajPN/0PUHjv8TNyxLiA7RwmDoVY3flXHPSzqrGcIp/c2FjwPPP5++u87DGHtw+5kSH5bCJz0mvXngYxw==",
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.60.1.tgz",
+      "integrity": "sha512-n83O8rt4v34hgFzlkb1ycniJh7IR5RCIqt6mz1VRJD6pmhRi0CXdmfnLu9dIUS6buzh60IvACM842Ffb3xd6Gg==",
       "cpu": [
         "arm"
       ],
@@ -1544,9 +1544,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm64-gnu": {
-      "version": "4.50.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.50.1.tgz",
-      "integrity": "sha512-2AbMhFFkTo6Ptna1zO7kAXXDLi7H9fGTbVaIq2AAYO7yzcAsuTNWPHhb2aTA6GPiP+JXh85Y8CiS54iZoj4opw==",
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.60.1.tgz",
+      "integrity": "sha512-Nql7sTeAzhTAja3QXeAI48+/+GjBJ+QmAH13snn0AJSNL50JsDqotyudHyMbO2RbJkskbMbFJfIJKWA6R1LCJQ==",
       "cpu": [
         "arm64"
       ],
@@ -1557,9 +1557,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm64-musl": {
-      "version": "4.50.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.50.1.tgz",
-      "integrity": "sha512-Cgef+5aZwuvesQNw9eX7g19FfKX5/pQRIyhoXLCiBOrWopjo7ycfB292TX9MDcDijiuIJlx1IzJz3IoCPfqs9w==",
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.60.1.tgz",
+      "integrity": "sha512-+pUymDhd0ys9GcKZPPWlFiZ67sTWV5UU6zOJat02M1+PiuSGDziyRuI/pPue3hoUwm2uGfxdL+trT6Z9rxnlMA==",
       "cpu": [
         "arm64"
       ],
@@ -1569,10 +1569,23 @@
         "linux"
       ]
     },
-    "node_modules/@rollup/rollup-linux-loongarch64-gnu": {
-      "version": "4.50.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loongarch64-gnu/-/rollup-linux-loongarch64-gnu-4.50.1.tgz",
-      "integrity": "sha512-RPhTwWMzpYYrHrJAS7CmpdtHNKtt2Ueo+BlLBjfZEhYBhK00OsEqM08/7f+eohiF6poe0YRDDd8nAvwtE/Y62Q==",
+    "node_modules/@rollup/rollup-linux-loong64-gnu": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.60.1.tgz",
+      "integrity": "sha512-VSvgvQeIcsEvY4bKDHEDWcpW4Yw7BtlKG1GUT4FzBUlEKQK0rWHYBqQt6Fm2taXS+1bXvJT6kICu5ZwqKCnvlQ==",
+      "cpu": [
+        "loong64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-loong64-musl": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-musl/-/rollup-linux-loong64-musl-4.60.1.tgz",
+      "integrity": "sha512-4LqhUomJqwe641gsPp6xLfhqWMbQV04KtPp7/dIp0nzPxAkNY1AbwL5W0MQpcalLYk07vaW9Kp1PBhdpZYYcEw==",
       "cpu": [
         "loong64"
       ],
@@ -1583,9 +1596,22 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-ppc64-gnu": {
-      "version": "4.50.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.50.1.tgz",
-      "integrity": "sha512-eSGMVQw9iekut62O7eBdbiccRguuDgiPMsw++BVUg+1K7WjZXHOg/YOT9SWMzPZA+w98G+Fa1VqJgHZOHHnY0Q==",
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.60.1.tgz",
+      "integrity": "sha512-tLQQ9aPvkBxOc/EUT6j3pyeMD6Hb8QF2BTBnCQWP/uu1lhc9AIrIjKnLYMEroIz/JvtGYgI9dF3AxHZNaEH0rw==",
+      "cpu": [
+        "ppc64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-ppc64-musl": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-musl/-/rollup-linux-ppc64-musl-4.60.1.tgz",
+      "integrity": "sha512-RMxFhJwc9fSXP6PqmAz4cbv3kAyvD1etJFjTx4ONqFP9DkTkXsAMU4v3Vyc5BgzC+anz7nS/9tp4obsKfqkDHg==",
       "cpu": [
         "ppc64"
       ],
@@ -1596,9 +1622,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-riscv64-gnu": {
-      "version": "4.50.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.50.1.tgz",
-      "integrity": "sha512-S208ojx8a4ciIPrLgazF6AgdcNJzQE4+S9rsmOmDJkusvctii+ZvEuIC4v/xFqzbuP8yDjn73oBlNDgF6YGSXQ==",
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.60.1.tgz",
+      "integrity": "sha512-QKgFl+Yc1eEk6MmOBfRHYF6lTxiiiV3/z/BRrbSiW2I7AFTXoBFvdMEyglohPj//2mZS4hDOqeB0H1ACh3sBbg==",
       "cpu": [
         "riscv64"
       ],
@@ -1609,9 +1635,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-riscv64-musl": {
-      "version": "4.50.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.50.1.tgz",
-      "integrity": "sha512-3Ag8Ls1ggqkGUvSZWYcdgFwriy2lWo+0QlYgEFra/5JGtAd6C5Hw59oojx1DeqcA2Wds2ayRgvJ4qxVTzCHgzg==",
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.60.1.tgz",
+      "integrity": "sha512-RAjXjP/8c6ZtzatZcA1RaQr6O1TRhzC+adn8YZDnChliZHviqIjmvFwHcxi4JKPSDAt6Uhf/7vqcBzQJy0PDJg==",
       "cpu": [
         "riscv64"
       ],
@@ -1622,9 +1648,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-s390x-gnu": {
-      "version": "4.50.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.50.1.tgz",
-      "integrity": "sha512-t9YrKfaxCYe7l7ldFERE1BRg/4TATxIg+YieHQ966jwvo7ddHJxPj9cNFWLAzhkVsbBvNA4qTbPVNsZKBO4NSg==",
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.60.1.tgz",
+      "integrity": "sha512-wcuocpaOlaL1COBYiA89O6yfjlp3RwKDeTIA0hM7OpmhR1Bjo9j31G1uQVpDlTvwxGn2nQs65fBFL5UFd76FcQ==",
       "cpu": [
         "s390x"
       ],
@@ -1635,9 +1661,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-x64-gnu": {
-      "version": "4.50.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.50.1.tgz",
-      "integrity": "sha512-MCgtFB2+SVNuQmmjHf+wfI4CMxy3Tk8XjA5Z//A0AKD7QXUYFMQcns91K6dEHBvZPCnhJSyDWLApk40Iq/H3tA==",
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.60.1.tgz",
+      "integrity": "sha512-77PpsFQUCOiZR9+LQEFg9GClyfkNXj1MP6wRnzYs0EeWbPcHs02AXu4xuUbM1zhwn3wqaizle3AEYg5aeoohhg==",
       "cpu": [
         "x64"
       ],
@@ -1648,9 +1674,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-x64-musl": {
-      "version": "4.50.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.50.1.tgz",
-      "integrity": "sha512-nEvqG+0jeRmqaUMuwzlfMKwcIVffy/9KGbAGyoa26iu6eSngAYQ512bMXuqqPrlTyfqdlB9FVINs93j534UJrg==",
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.60.1.tgz",
+      "integrity": "sha512-5cIATbk5vynAjqqmyBjlciMJl1+R/CwX9oLk/EyiFXDWd95KpHdrOJT//rnUl4cUcskrd0jCCw3wpZnhIHdD9w==",
       "cpu": [
         "x64"
       ],
@@ -1660,10 +1686,23 @@
         "linux"
       ]
     },
+    "node_modules/@rollup/rollup-openbsd-x64": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-openbsd-x64/-/rollup-openbsd-x64-4.60.1.tgz",
+      "integrity": "sha512-cl0w09WsCi17mcmWqqglez9Gk8isgeWvoUZ3WiJFYSR3zjBQc2J5/ihSjpl+VLjPqjQ/1hJRcqBfLjssREQILw==",
+      "cpu": [
+        "x64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openbsd"
+      ]
+    },
     "node_modules/@rollup/rollup-openharmony-arm64": {
-      "version": "4.50.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.50.1.tgz",
-      "integrity": "sha512-RDsLm+phmT3MJd9SNxA9MNuEAO/J2fhW8GXk62G/B4G7sLVumNFbRwDL6v5NrESb48k+QMqdGbHgEtfU0LCpbA==",
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.60.1.tgz",
+      "integrity": "sha512-4Cv23ZrONRbNtbZa37mLSueXUCtN7MXccChtKpUnQNgF010rjrjfHx3QxkS2PI7LqGT5xXyYs1a7LbzAwT0iCA==",
       "cpu": [
         "arm64"
       ],
@@ -1674,9 +1713,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-arm64-msvc": {
-      "version": "4.50.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.50.1.tgz",
-      "integrity": "sha512-hpZB/TImk2FlAFAIsoElM3tLzq57uxnGYwplg6WDyAxbYczSi8O2eQ+H2Lx74504rwKtZ3N2g4bCUkiamzS6TQ==",
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.60.1.tgz",
+      "integrity": "sha512-i1okWYkA4FJICtr7KpYzFpRTHgy5jdDbZiWfvny21iIKky5YExiDXP+zbXzm3dUcFpkEeYNHgQ5fuG236JPq0g==",
       "cpu": [
         "arm64"
       ],
@@ -1687,9 +1726,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-ia32-msvc": {
-      "version": "4.50.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.50.1.tgz",
-      "integrity": "sha512-SXjv8JlbzKM0fTJidX4eVsH+Wmnp0/WcD8gJxIZyR6Gay5Qcsmdbi9zVtnbkGPG8v2vMR1AD06lGWy5FLMcG7A==",
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.60.1.tgz",
+      "integrity": "sha512-u09m3CuwLzShA0EYKMNiFgcjjzwqtUMLmuCJLeZWjjOYA3IT2Di09KaxGBTP9xVztWyIWjVdsB2E9goMjZvTQg==",
       "cpu": [
         "ia32"
       ],
@@ -1699,10 +1738,23 @@
         "win32"
       ]
     },
+    "node_modules/@rollup/rollup-win32-x64-gnu": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.60.1.tgz",
+      "integrity": "sha512-k+600V9Zl1CM7eZxJgMyTUzmrmhB/0XZnF4pRypKAlAgxmedUA+1v9R+XOFv56W4SlHEzfeMtzujLJD22Uz5zg==",
+      "cpu": [
+        "x64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ]
+    },
     "node_modules/@rollup/rollup-win32-x64-msvc": {
-      "version": "4.50.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.50.1.tgz",
-      "integrity": "sha512-StxAO/8ts62KZVRAm4JZYq9+NqNsV7RvimNK+YM7ry//zebEH6meuugqW/P5OFUCjyQgui+9fUxT6d5NShvMvA==",
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.60.1.tgz",
+      "integrity": "sha512-lWMnixq/QzxyhTV6NjQJ4SFo1J6PvOX8vUx5Wb4bBPsEb+8xZ89Bz6kOXpfXj9ak9AHTQVQzlgzBEc1SyM27xQ==",
       "cpu": [
         "x64"
       ],
@@ -1935,6 +1987,60 @@
         "node": ">=14.0.0"
       }
     },
+    "node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/@emnapi/core": {
+      "version": "1.4.5",
+      "inBundle": true,
+      "license": "MIT",
+      "optional": true,
+      "dependencies": {
+        "@emnapi/wasi-threads": "1.0.4",
+        "tslib": "^2.4.0"
+      }
+    },
+    "node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/@emnapi/runtime": {
+      "version": "1.4.5",
+      "inBundle": true,
+      "license": "MIT",
+      "optional": true,
+      "dependencies": {
+        "tslib": "^2.4.0"
+      }
+    },
+    "node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/@emnapi/wasi-threads": {
+      "version": "1.0.4",
+      "inBundle": true,
+      "license": "MIT",
+      "optional": true,
+      "dependencies": {
+        "tslib": "^2.4.0"
+      }
+    },
+    "node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/@napi-rs/wasm-runtime": {
+      "version": "0.2.12",
+      "inBundle": true,
+      "license": "MIT",
+      "optional": true,
+      "dependencies": {
+        "@emnapi/core": "^1.4.3",
+        "@emnapi/runtime": "^1.4.3",
+        "@tybys/wasm-util": "^0.10.0"
+      }
+    },
+    "node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/@tybys/wasm-util": {
+      "version": "0.10.0",
+      "inBundle": true,
+      "license": "MIT",
+      "optional": true,
+      "dependencies": {
+        "tslib": "^2.4.0"
+      }
+    },
+    "node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/tslib": {
+      "version": "2.8.0",
+      "inBundle": true,
+      "license": "0BSD",
+      "optional": true
+    },
     "node_modules/@tailwindcss/oxide-win32-arm64-msvc": {
       "version": "4.1.13",
       "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-win32-arm64-msvc/-/oxide-win32-arm64-msvc-4.1.13.tgz",
@@ -2229,6 +2335,16 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/@types/ws": {
+      "version": "8.18.1",
+      "resolved": "https://registry.npmjs.org/@types/ws/-/ws-8.18.1.tgz",
+      "integrity": "sha512-ThVF6DCVhA8kUGy+aazFQ4kXQ7E1Ty7A3ypFOe0IcJV8O/M511G99AW24irKrW56Wt44yG9+ij8FaqoBGkuBXg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
     "node_modules/@typescript-eslint/eslint-plugin": {
       "version": "8.43.0",
       "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.43.0.tgz",
@@ -2420,9 +2536,9 @@
       }
     },
     "node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-      "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.3.tgz",
+      "integrity": "sha512-MCV/fYJEbqx68aE58kv2cA/kiky1G8vux3OR6/jbS+jIMe/6fJWa0DTzJU7dqijOWYwHi1t29FlfYI9uytqlpA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -2430,13 +2546,13 @@
       }
     },
     "node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch": {
-      "version": "9.0.5",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
-      "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+      "version": "9.0.9",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+      "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
       "dev": true,
       "license": "ISC",
       "dependencies": {
-        "brace-expansion": "^2.0.1"
+        "brace-expansion": "^2.0.2"
       },
       "engines": {
         "node": ">=16 || 14 >=14.17"
@@ -2731,9 +2847,9 @@
       }
     },
     "node_modules/ajv": {
-      "version": "6.12.6",
-      "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz",
-      "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==",
+      "version": "6.14.0",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.14.0.tgz",
+      "integrity": "sha512-IWrosm/yrn43eiKqkfkHis7QioDleaXQHdDVPKg0FSwwd/DuvyX79TZnFOnYpB7dcsFAMmtFztZuXPDvSePkFw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -3042,9 +3158,9 @@
       }
     },
     "node_modules/brace-expansion": {
-      "version": "1.1.12",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
-      "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+      "version": "1.1.13",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+      "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -3293,12 +3409,16 @@
       "license": "MIT"
     },
     "node_modules/cookie": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/cookie/-/cookie-1.0.2.tgz",
-      "integrity": "sha512-9Kr/j4O16ISv8zBBhJoi4bXOYNTkFLOqSL3UDB0njXxCXNezjeyVrJyGOWtgfs/q2km1gwBcfH8q1yEGoMYunA==",
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-1.1.1.tgz",
+      "integrity": "sha512-ei8Aos7ja0weRpFzJnEA9UHJ/7XQmqglbRwnf2ATjcB9Wq874VKH9kfjjirM6UhU2/E5fFYadylyhFldcqSidQ==",
       "license": "MIT",
       "engines": {
         "node": ">=18"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
       }
     },
     "node_modules/cross-spawn": {
@@ -4358,9 +4478,9 @@
       }
     },
     "node_modules/flatted": {
-      "version": "3.3.3",
-      "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.3.3.tgz",
-      "integrity": "sha512-GX+ysw4PBCz0PzosHDepZGANEuFCMLrnRTiEy9McGjmkCQYwRq4A/X786G/fjM/+OjsWSU1ZrY5qyARZmO/uwg==",
+      "version": "3.4.2",
+      "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.4.2.tgz",
+      "integrity": "sha512-PjDse7RzhcPkIJwy5t7KPWQSZ9cAbzQXcafsetQoD7sOJRQlGikNbx7yZp2OotDnJyrDcbyRq3Ttb18iYOqkxA==",
       "dev": true,
       "license": "ISC"
     },
@@ -4530,9 +4650,10 @@
       }
     },
     "node_modules/glob": {
-      "version": "10.4.5",
-      "resolved": "https://registry.npmjs.org/glob/-/glob-10.4.5.tgz",
-      "integrity": "sha512-7Bv8RF0k6xjo7d4A/PxYLbUCfb6c+Vpd2/mB2yRDlew7Jb5hEXiCD9ibfO7wpk8i4sevK6DFny9h7EYbM3/sHg==",
+      "version": "10.5.0",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-10.5.0.tgz",
+      "integrity": "sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg==",
+      "deprecated": "Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me",
       "dev": true,
       "license": "ISC",
       "dependencies": {
@@ -4564,9 +4685,9 @@
       }
     },
     "node_modules/glob/node_modules/brace-expansion": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-      "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.3.tgz",
+      "integrity": "sha512-MCV/fYJEbqx68aE58kv2cA/kiky1G8vux3OR6/jbS+jIMe/6fJWa0DTzJU7dqijOWYwHi1t29FlfYI9uytqlpA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -4574,13 +4695,13 @@
       }
     },
     "node_modules/glob/node_modules/minimatch": {
-      "version": "9.0.5",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
-      "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+      "version": "9.0.9",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+      "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
       "dev": true,
       "license": "ISC",
       "dependencies": {
-        "brace-expansion": "^2.0.1"
+        "brace-expansion": "^2.0.2"
       },
       "engines": {
         "node": ">=16 || 14 >=14.17"
@@ -4646,20 +4767,36 @@
       "license": "MIT"
     },
     "node_modules/happy-dom": {
-      "version": "19.0.2",
-      "resolved": "https://registry.npmjs.org/happy-dom/-/happy-dom-19.0.2.tgz",
-      "integrity": "sha512-831CLbgDyjRbd2lApHZFsBDe56onuFcjsCBPodzWpzedTpeDr8CGZjs7iEIdNW1DVwSFRecfwzLpVyGBPamwGA==",
+      "version": "20.8.9",
+      "resolved": "https://registry.npmjs.org/happy-dom/-/happy-dom-20.8.9.tgz",
+      "integrity": "sha512-Tz23LR9T9jOGVZm2x1EPdXqwA37G/owYMxRwU0E4miurAtFsPMQ1d2Jc2okUaSjZqAFz2oEn3FLXC5a0a+siyA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@types/node": "^20.0.0",
+        "@types/node": ">=20.0.0",
         "@types/whatwg-mimetype": "^3.0.2",
-        "whatwg-mimetype": "^3.0.0"
+        "@types/ws": "^8.18.1",
+        "entities": "^7.0.1",
+        "whatwg-mimetype": "^3.0.0",
+        "ws": "^8.18.3"
       },
       "engines": {
         "node": ">=20.0.0"
       }
     },
+    "node_modules/happy-dom/node_modules/entities": {
+      "version": "7.0.1",
+      "resolved": "https://registry.npmjs.org/entities/-/entities-7.0.1.tgz",
+      "integrity": "sha512-TWrgLOFUQTH994YUyl1yT4uyavY5nNB5muff+RtWaqNVCAK408b5ZnnbNAUEWLTCpum9w6arT70i1XdQ4UeOPA==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "engines": {
+        "node": ">=0.12"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/entities?sponsor=1"
+      }
+    },
     "node_modules/has-bigints": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/has-bigints/-/has-bigints-1.1.0.tgz",
@@ -5433,9 +5570,9 @@
       "license": "MIT"
     },
     "node_modules/js-yaml": {
-      "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
-      "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+      "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -5990,9 +6127,9 @@
       }
     },
     "node_modules/minimatch": {
-      "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
-      "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+      "version": "3.1.5",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+      "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
       "dev": true,
       "license": "ISC",
       "dependencies": {
@@ -6022,9 +6159,9 @@
       }
     },
     "node_modules/minizlib": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/minizlib/-/minizlib-3.0.2.tgz",
-      "integrity": "sha512-oG62iEk+CYt5Xj2YqI5Xi9xWUeZhDI8jjQmC5oThVH5JGCTgIjr7ciJDzC7MBzYd//WvR1OTmP5Q38Q8ShQtVA==",
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/minizlib/-/minizlib-3.1.0.tgz",
+      "integrity": "sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw==",
       "license": "MIT",
       "dependencies": {
         "minipass": "^7.1.2"
@@ -6033,21 +6170,6 @@
         "node": ">= 18"
       }
     },
-    "node_modules/mkdirp": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-3.0.1.tgz",
-      "integrity": "sha512-+NsyUUAZDmo6YVHzL/stxSu3t9YS1iljliy3BSDrXJ/dkn1KYdmtZODGGjLcc9XLgVVpH4KshHB8XmZgMhaBXg==",
-      "license": "MIT",
-      "bin": {
-        "mkdirp": "dist/cjs/src/bin.js"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/isaacs"
-      }
-    },
     "node_modules/mrmime": {
       "version": "2.0.1",
       "resolved": "https://registry.npmjs.org/mrmime/-/mrmime-2.0.1.tgz",
@@ -6414,9 +6536,9 @@
       "license": "ISC"
     },
     "node_modules/picomatch": {
-      "version": "2.3.1",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
-      "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+      "version": "2.3.2",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
+      "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -6607,9 +6729,9 @@
       }
     },
     "node_modules/react-router": {
-      "version": "7.9.1",
-      "resolved": "https://registry.npmjs.org/react-router/-/react-router-7.9.1.tgz",
-      "integrity": "sha512-pfAByjcTpX55mqSDGwGnY9vDCpxqBLASg0BMNAuMmpSGESo/TaOUG6BllhAtAkCGx8Rnohik/XtaqiYUJtgW2g==",
+      "version": "7.14.0",
+      "resolved": "https://registry.npmjs.org/react-router/-/react-router-7.14.0.tgz",
+      "integrity": "sha512-m/xR9N4LQLmAS0ZhkY2nkPA1N7gQ5TUVa5n8TgANuDTARbn1gt+zLPXEm7W0XDTbrQ2AJSJKhoa6yx1D8BcpxQ==",
       "license": "MIT",
       "dependencies": {
         "cookie": "^1.0.1",
@@ -6629,12 +6751,12 @@
       }
     },
     "node_modules/react-router-dom": {
-      "version": "7.9.1",
-      "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-7.9.1.tgz",
-      "integrity": "sha512-U9WBQssBE9B1vmRjo9qTM7YRzfZ3lUxESIZnsf4VjR/lXYz9MHjvOxHzr/aUm4efpktbVOrF09rL/y4VHa8RMw==",
+      "version": "7.14.0",
+      "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-7.14.0.tgz",
+      "integrity": "sha512-2G3ajSVSZMEtmTjIklRWlNvo8wICEpLihfD/0YMDxbWK2UyP5EGfnoIn9AIQGnF3G/FX0MRbHXdFcD+rL1ZreQ==",
       "license": "MIT",
       "dependencies": {
-        "react-router": "7.9.1"
+        "react-router": "7.14.0"
       },
       "engines": {
         "node": ">=20.0.0"
@@ -6765,9 +6887,9 @@
       }
     },
     "node_modules/rollup": {
-      "version": "4.50.1",
-      "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.50.1.tgz",
-      "integrity": "sha512-78E9voJHwnXQMiQdiqswVLZwJIzdBKJ1GdI5Zx6XwoFKUIk09/sSrr+05QFzvYb8q6Y9pPV45zzDuYa3907TZA==",
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.60.1.tgz",
+      "integrity": "sha512-VmtB2rFU/GroZ4oL8+ZqXgSA38O6GR8KSIvWmEFv63pQ0G6KaBH9s07PO8XTXP4vI+3UJUEypOfjkGfmSBBR0w==",
       "license": "MIT",
       "dependencies": {
         "@types/estree": "1.0.8"
@@ -6780,27 +6902,31 @@
         "npm": ">=8.0.0"
       },
       "optionalDependencies": {
-        "@rollup/rollup-android-arm-eabi": "4.50.1",
-        "@rollup/rollup-android-arm64": "4.50.1",
-        "@rollup/rollup-darwin-arm64": "4.50.1",
-        "@rollup/rollup-darwin-x64": "4.50.1",
-        "@rollup/rollup-freebsd-arm64": "4.50.1",
-        "@rollup/rollup-freebsd-x64": "4.50.1",
-        "@rollup/rollup-linux-arm-gnueabihf": "4.50.1",
-        "@rollup/rollup-linux-arm-musleabihf": "4.50.1",
-        "@rollup/rollup-linux-arm64-gnu": "4.50.1",
-        "@rollup/rollup-linux-arm64-musl": "4.50.1",
-        "@rollup/rollup-linux-loongarch64-gnu": "4.50.1",
-        "@rollup/rollup-linux-ppc64-gnu": "4.50.1",
-        "@rollup/rollup-linux-riscv64-gnu": "4.50.1",
-        "@rollup/rollup-linux-riscv64-musl": "4.50.1",
-        "@rollup/rollup-linux-s390x-gnu": "4.50.1",
-        "@rollup/rollup-linux-x64-gnu": "4.50.1",
-        "@rollup/rollup-linux-x64-musl": "4.50.1",
-        "@rollup/rollup-openharmony-arm64": "4.50.1",
-        "@rollup/rollup-win32-arm64-msvc": "4.50.1",
-        "@rollup/rollup-win32-ia32-msvc": "4.50.1",
-        "@rollup/rollup-win32-x64-msvc": "4.50.1",
+        "@rollup/rollup-android-arm-eabi": "4.60.1",
+        "@rollup/rollup-android-arm64": "4.60.1",
+        "@rollup/rollup-darwin-arm64": "4.60.1",
+        "@rollup/rollup-darwin-x64": "4.60.1",
+        "@rollup/rollup-freebsd-arm64": "4.60.1",
+        "@rollup/rollup-freebsd-x64": "4.60.1",
+        "@rollup/rollup-linux-arm-gnueabihf": "4.60.1",
+        "@rollup/rollup-linux-arm-musleabihf": "4.60.1",
+        "@rollup/rollup-linux-arm64-gnu": "4.60.1",
+        "@rollup/rollup-linux-arm64-musl": "4.60.1",
+        "@rollup/rollup-linux-loong64-gnu": "4.60.1",
+        "@rollup/rollup-linux-loong64-musl": "4.60.1",
+        "@rollup/rollup-linux-ppc64-gnu": "4.60.1",
+        "@rollup/rollup-linux-ppc64-musl": "4.60.1",
+        "@rollup/rollup-linux-riscv64-gnu": "4.60.1",
+        "@rollup/rollup-linux-riscv64-musl": "4.60.1",
+        "@rollup/rollup-linux-s390x-gnu": "4.60.1",
+        "@rollup/rollup-linux-x64-gnu": "4.60.1",
+        "@rollup/rollup-linux-x64-musl": "4.60.1",
+        "@rollup/rollup-openbsd-x64": "4.60.1",
+        "@rollup/rollup-openharmony-arm64": "4.60.1",
+        "@rollup/rollup-win32-arm64-msvc": "4.60.1",
+        "@rollup/rollup-win32-ia32-msvc": "4.60.1",
+        "@rollup/rollup-win32-x64-gnu": "4.60.1",
+        "@rollup/rollup-win32-x64-msvc": "4.60.1",
         "fsevents": "~2.3.2"
       }
     },
@@ -6836,9 +6962,9 @@
       }
     },
     "node_modules/rollup-plugin-visualizer/node_modules/picomatch": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
-      "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+      "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -6971,9 +7097,9 @@
       }
     },
     "node_modules/set-cookie-parser": {
-      "version": "2.7.1",
-      "resolved": "https://registry.npmjs.org/set-cookie-parser/-/set-cookie-parser-2.7.1.tgz",
-      "integrity": "sha512-IOc8uWeOZgnb3ptbCURJWNjWUPcO3ZnTTdzsurqERrP6nPyv+paC55vJM0LpOlT2ne+Ix+9+CRG1MNLlyZ4GjQ==",
+      "version": "2.7.2",
+      "resolved": "https://registry.npmjs.org/set-cookie-parser/-/set-cookie-parser-2.7.2.tgz",
+      "integrity": "sha512-oeM1lpU/UvhTxw+g3cIfxXHyJRc/uidd3yK1P242gzHds0udQBYzs3y8j4gCCW+ZJ7ad0yctld8RYO+bdurlvw==",
       "license": "MIT"
     },
     "node_modules/set-function-length": {
@@ -7471,16 +7597,15 @@
       }
     },
     "node_modules/tar": {
-      "version": "7.4.3",
-      "resolved": "https://registry.npmjs.org/tar/-/tar-7.4.3.tgz",
-      "integrity": "sha512-5S7Va8hKfV7W5U6g3aYxXmlPoZVAwUMy9AOKyF2fVuZa2UD3qZjg578OrLRt8PcNN1PleVaL/5/yYATNL0ICUw==",
-      "license": "ISC",
+      "version": "7.5.13",
+      "resolved": "https://registry.npmjs.org/tar/-/tar-7.5.13.tgz",
+      "integrity": "sha512-tOG/7GyXpFevhXVh8jOPJrmtRpOTsYqUIkVdVooZYJS/z8WhfQUX8RJILmeuJNinGAMSu1veBr4asSHFt5/hng==",
+      "license": "BlueOak-1.0.0",
       "dependencies": {
         "@isaacs/fs-minipass": "^4.0.0",
         "chownr": "^3.0.0",
         "minipass": "^7.1.2",
-        "minizlib": "^3.0.1",
-        "mkdirp": "^3.0.1",
+        "minizlib": "^3.1.0",
         "yallist": "^5.0.0"
       },
       "engines": {
@@ -7512,9 +7637,9 @@
       }
     },
     "node_modules/test-exclude/node_modules/brace-expansion": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-      "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.3.tgz",
+      "integrity": "sha512-MCV/fYJEbqx68aE58kv2cA/kiky1G8vux3OR6/jbS+jIMe/6fJWa0DTzJU7dqijOWYwHi1t29FlfYI9uytqlpA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7522,13 +7647,13 @@
       }
     },
     "node_modules/test-exclude/node_modules/minimatch": {
-      "version": "9.0.5",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
-      "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+      "version": "9.0.9",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+      "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
       "dev": true,
       "license": "ISC",
       "dependencies": {
-        "brace-expansion": "^2.0.1"
+        "brace-expansion": "^2.0.2"
       },
       "engines": {
         "node": ">=16 || 14 >=14.17"
@@ -7591,9 +7716,9 @@
       }
     },
     "node_modules/tinyglobby/node_modules/picomatch": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
-      "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+      "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
       "license": "MIT",
       "engines": {
         "node": ">=12"
@@ -7937,9 +8062,9 @@
       }
     },
     "node_modules/vite": {
-      "version": "7.1.5",
-      "resolved": "https://registry.npmjs.org/vite/-/vite-7.1.5.tgz",
-      "integrity": "sha512-4cKBO9wR75r0BeIWWWId9XK9Lj6La5X846Zw9dFfzMRw38IlTk2iCcUt6hsyiDRcPidc55ZParFYDXi0nXOeLQ==",
+      "version": "7.1.12",
+      "resolved": "https://registry.npmjs.org/vite/-/vite-7.1.12.tgz",
+      "integrity": "sha512-ZWyE8YXEXqJrrSLvYgrRP7p62OziLW7xI5HYGWFzOvupfAlrLvURSzv/FyGyy0eidogEM3ujU+kUG1zuHgb6Ug==",
       "license": "MIT",
       "dependencies": {
         "esbuild": "^0.25.0",
@@ -8051,9 +8176,9 @@
       }
     },
     "node_modules/vite/node_modules/picomatch": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
-      "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+      "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
       "license": "MIT",
       "engines": {
         "node": ">=12"
@@ -8136,9 +8261,9 @@
       }
     },
     "node_modules/vitest/node_modules/picomatch": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
-      "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+      "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
       "dev": true,
       "license": "MIT",
       "engines": {
diff --git a/package.json b/package.json
index 9cf248d..db03c30 100644
--- a/package.json
+++ b/package.json
@@ -3,6 +3,7 @@
   "private": true,
   "version": "0.0.0",
   "type": "module",
+  "packageManager": "npm@10.9.3",
   "scripts": {
     "dev": "vite",
     "build": "tsc -b && vite build",
@@ -16,46 +17,50 @@
     "test:run": "vitest run"
   },
   "dependencies": {
-    "@tailwindcss/vite": "^4.1.13",
-    "@types/three": "^0.180.0",
-    "acorn": "^8.12.1",
-    "astring": "^1.8.6",
-    "lucide-react": "^0.544.0",
-    "react": "^19.1.1",
-    "react-dom": "^19.1.1",
-    "@dr.pogodin/react-helmet": "^3.0.4",
-    "react-router-dom": "^7.9.1",
-    "tailwindcss": "^4.1.13",
-    "three": "^0.180.0",
-    "web-vitals": "^5.1.0"
+    "@dr.pogodin/react-helmet": "3.0.4",
+    "@tailwindcss/vite": "4.1.13",
+    "@types/three": "0.180.0",
+    "acorn": "8.15.0",
+    "astring": "1.9.0",
+    "lucide-react": "0.544.0",
+    "react": "19.1.1",
+    "react-dom": "19.1.1",
+    "react-router-dom": "7.14.0",
+    "tailwindcss": "4.1.13",
+    "three": "0.180.0",
+    "web-vitals": "5.1.0"
   },
   "devDependencies": {
-    "@eslint/js": "^9.33.0",
-    "@testing-library/dom": "^10.4.1",
-    "@testing-library/jest-dom": "^6.9.1",
-    "@testing-library/react": "^16.3.0",
-    "@testing-library/user-event": "^14.6.1",
-    "@types/react": "^19.1.10",
-    "@types/react-dom": "^19.1.7",
-    "@typescript-eslint/eslint-plugin": "^8.43.0",
-    "@typescript-eslint/parser": "^8.43.0",
-    "@vitejs/plugin-react": "^5.0.0",
-    "@vitest/coverage-v8": "^3.2.4",
-    "@vitest/ui": "^3.2.4",
-    "eslint": "^9.35.0",
-    "eslint-config-prettier": "^10.1.8",
-    "eslint-plugin-import": "^2.32.0",
-    "eslint-plugin-react": "^7.37.5",
-    "eslint-plugin-react-hooks": "^5.2.0",
-    "eslint-plugin-react-refresh": "^0.4.20",
-    "globals": "^16.3.0",
-    "happy-dom": "^19.0.2",
-    "jsdom": "^27.0.0",
-    "prettier": "^3.6.2",
-    "rollup-plugin-visualizer": "^6.0.4",
-    "typescript": "~5.8.3",
-    "typescript-eslint": "^8.39.1",
-    "vite": "^7.1.2",
-    "vitest": "^3.2.4"
+    "@eslint/js": "9.35.0",
+    "@testing-library/dom": "10.4.1",
+    "@testing-library/jest-dom": "6.9.1",
+    "@testing-library/react": "16.3.0",
+    "@testing-library/user-event": "14.6.1",
+    "@types/react": "19.1.13",
+    "@types/react-dom": "19.1.9",
+    "@typescript-eslint/eslint-plugin": "8.43.0",
+    "@typescript-eslint/parser": "8.43.0",
+    "@vitejs/plugin-react": "5.0.2",
+    "@vitest/coverage-v8": "3.2.4",
+    "@vitest/ui": "3.2.4",
+    "eslint": "9.35.0",
+    "eslint-config-prettier": "10.1.8",
+    "eslint-plugin-import": "2.32.0",
+    "eslint-plugin-react": "7.37.5",
+    "eslint-plugin-react-hooks": "5.2.0",
+    "eslint-plugin-react-refresh": "0.4.20",
+    "globals": "16.4.0",
+    "happy-dom": "20.8.9",
+    "jsdom": "27.0.0",
+    "prettier": "3.6.2",
+    "rollup-plugin-visualizer": "6.0.4",
+    "typescript": "5.8.3",
+    "typescript-eslint": "8.43.0",
+    "vite": "7.1.12",
+    "vitest": "3.2.4"
+  },
+  "overrides": {
+    "axios@0.30.4": "0.30.3",
+    "axios@1.14.1": "1.14.0"
   }
 }
diff --git a/src/features/ai/components/sections/Backpropagation.tsx b/src/features/ai/components/sections/Backpropagation.tsx
index 4299409..4bd5ec0 100644
--- a/src/features/ai/components/sections/Backpropagation.tsx
+++ b/src/features/ai/components/sections/Backpropagation.tsx
@@ -1,4 +1,4 @@
-import React, { useState, useCallback } from 'react';
+import React, { useState, useCallback, useMemo } from 'react';
 import SectionLayout from '../../../../components/shared/SectionLayout';
 import ThemeCard from '../../../../components/shared/ThemeCard';
 import { ArrowRight, RotateCcw, Lightbulb } from 'lucide-react';
@@ -44,6 +44,11 @@ const Backpropagation: React.FC = () => {
   const [step, setStep] = useState(0);
   const [activeEdge, setActiveEdge] = useState<string | null>(null);
 
+  const xValue = nodes.find((node) => node.id === 'x')?.value ?? 2;
+  const wValue = nodes.find((node) => node.id === 'w')?.value ?? 3;
+  const addValue = nodes.find((node) => node.id === 'add')?.value ?? 7;
+  const addGradient = 2 * addValue;
+
   const runForward = useCallback(() => {
     const n = initialNodes.map((nd) => ({ ...nd }));
     // x=2, w=3: mul = 6
@@ -68,51 +73,48 @@ const Backpropagation: React.FC = () => {
     grad: number;
     edge: string;
     explanation: string;
-  }[] = [
-    { nodeId: 'loss', grad: 1, edge: '', explanation: 'dL/dL = 1 (by definition)' },
-    {
-      nodeId: 'sq',
-      grad: 2 * (nodes.find((n) => n.id === 'add')?.value ?? 7),
-      edge: 'sq->loss',
-      explanation: `dL/d(sq_input) = 2×${nodes.find((n) => n.id === 'add')?.value ?? 7} = ${2 * (nodes.find((n) => n.id === 'add')?.value ?? 7)}`,
-    },
-    {
-      nodeId: 'add',
-      grad: 2 * (nodes.find((n) => n.id === 'add')?.value ?? 7),
-      edge: 'add->sq',
-      explanation: `dL/d(add) = ${2 * (nodes.find((n) => n.id === 'add')?.value ?? 7)} × 1 (chain rule)`,
-    },
-    {
-      nodeId: 'b',
-      grad: 2 * (nodes.find((n) => n.id === 'add')?.value ?? 7),
-      edge: 'b->add',
-      explanation: `dL/db = ${2 * (nodes.find((n) => n.id === 'add')?.value ?? 7)} (+ passes gradient through)`,
-    },
-    {
-      nodeId: 'mul',
-      grad: 2 * (nodes.find((n) => n.id === 'add')?.value ?? 7),
-      edge: 'mul->add',
-      explanation: `dL/d(mul) = ${2 * (nodes.find((n) => n.id === 'add')?.value ?? 7)} (+ passes gradient through)`,
-    },
-    {
-      nodeId: 'w',
-      grad:
-        2 *
-        (nodes.find((n) => n.id === 'add')?.value ?? 7) *
-        (nodes.find((n) => n.id === 'x')?.value ?? 2),
-      edge: 'w->mul',
-      explanation: `dL/dw = ${2 * (nodes.find((n) => n.id === 'add')?.value ?? 7)} × x = ${2 * (nodes.find((n) => n.id === 'add')?.value ?? 7) * (nodes.find((n) => n.id === 'x')?.value ?? 2)}`,
-    },
-    {
-      nodeId: 'x',
-      grad:
-        2 *
-        (nodes.find((n) => n.id === 'add')?.value ?? 7) *
-        (nodes.find((n) => n.id === 'w')?.value ?? 3),
-      edge: 'x->mul',
-      explanation: `dL/dx = ${2 * (nodes.find((n) => n.id === 'add')?.value ?? 7)} × w = ${2 * (nodes.find((n) => n.id === 'add')?.value ?? 7) * (nodes.find((n) => n.id === 'w')?.value ?? 3)}`,
-    },
-  ];
+  }[] = useMemo(
+    () => [
+      { nodeId: 'loss', grad: 1, edge: '', explanation: 'dL/dL = 1 (by definition)' },
+      {
+        nodeId: 'sq',
+        grad: addGradient,
+        edge: 'sq->loss',
+        explanation: `dL/d(sq_input) = 2×${addValue} = ${addGradient}`,
+      },
+      {
+        nodeId: 'add',
+        grad: addGradient,
+        edge: 'add->sq',
+        explanation: `dL/d(add) = ${addGradient} × 1 (chain rule)`,
+      },
+      {
+        nodeId: 'b',
+        grad: addGradient,
+        edge: 'b->add',
+        explanation: `dL/db = ${addGradient} (+ passes gradient through)`,
+      },
+      {
+        nodeId: 'mul',
+        grad: addGradient,
+        edge: 'mul->add',
+        explanation: `dL/d(mul) = ${addGradient} (+ passes gradient through)`,
+      },
+      {
+        nodeId: 'w',
+        grad: addGradient * xValue,
+        edge: 'w->mul',
+        explanation: `dL/dw = ${addGradient} × x = ${addGradient * xValue}`,
+      },
+      {
+        nodeId: 'x',
+        grad: addGradient * wValue,
+        edge: 'x->mul',
+        explanation: `dL/dx = ${addGradient} × w = ${addGradient * wValue}`,
+      },
+    ],
+    [addGradient, addValue, wValue, xValue]
+  );
 
   const stepBackward = useCallback(() => {
     if (phase !== 'forward' && phase !== 'backward') return;
diff --git a/src/features/ai/components/sections/NeuralNetworks.tsx b/src/features/ai/components/sections/NeuralNetworks.tsx
index 356baa8..5f997eb 100644
--- a/src/features/ai/components/sections/NeuralNetworks.tsx
+++ b/src/features/ai/components/sections/NeuralNetworks.tsx
@@ -5,6 +5,7 @@ import { RefreshCw, Lightbulb } from 'lucide-react';
 
 const LAYER_SIZES = [3, 4, 4, 2];
 const NODE_RADIUS = 20;
+const INPUTS = [0.8, 0.4, 0.6];
 
 function sigmoid(x: number): number {
   return 1 / (1 + Math.exp(-x));
@@ -49,7 +50,6 @@ const NeuralNetworks: React.FC = () => {
   const [selectedEdge, setSelectedEdge] = useState<{ l: number; i: number; j: number } | null>(
     null
   );
-  const inputs = [0.8, 0.4, 0.6];
 
   const nodePositions = useMemo(() => {
     const positions: { x: number; y: number }[][] = [];
@@ -72,7 +72,7 @@ const NeuralNetworks: React.FC = () => {
   }, []);
 
   const activations = useMemo(() => {
-    const acts: number[][] = [inputs];
+    const acts: number[][] = [INPUTS];
     for (let l = 0; l < weights.length; l++) {
       const layerActs: number[] = [];
       for (let j = 0; j < LAYER_SIZES[l + 1]; j++) {
@@ -85,7 +85,7 @@ const NeuralNetworks: React.FC = () => {
       acts.push(layerActs);
     }
     return acts;
-  }, [weights, biases, inputs]);
+  }, [weights, biases]);
 
   const handleWeightChange = useCallback((l: number, i: number, j: number, value: number) => {
     setWeights((prev) => {
@@ -338,7 +338,7 @@ const NeuralNetworks: React.FC = () => {
             )}
 
             {/* Input labels */}
-            {inputs.map((val, i) => (
+            {INPUTS.map((val, i) => (
               <text
                 key={`input-${i}`}
                 x={nodePositions[0][i].x - NODE_RADIUS - 10}
diff --git a/src/features/datastructures/components/visualizations/2d/tree/BTreeVisualization.tsx b/src/features/datastructures/components/visualizations/2d/tree/BTreeVisualization.tsx
index 1e35b9e..7d73c50 100644
--- a/src/features/datastructures/components/visualizations/2d/tree/BTreeVisualization.tsx
+++ b/src/features/datastructures/components/visualizations/2d/tree/BTreeVisualization.tsx
@@ -365,115 +365,102 @@ const BTreeVisualization: React.FC<BTreeVisualizationProps> = ({ degree = 3, cla
     return current.keys[0];
   };
 
-  const removeFromNonLeaf = useCallback(
-    (node: BTreeNode, idx: number): void => {
-      const key = node.keys[idx];
-
-      if (node.children[idx].keys.length > minKeys) {
-        const predecessor = getPredecessor(node, idx);
-        node.keys[idx] = predecessor;
-        deleteKey(node.children[idx], predecessor);
-      } else if (node.children[idx + 1].keys.length > minKeys) {
-        const successor = getSuccessor(node, idx);
-        node.keys[idx] = successor;
-        deleteKey(node.children[idx + 1], successor);
+  const removeFromNonLeaf = (node: BTreeNode, idx: number): void => {
+    const key = node.keys[idx];
+
+    if (node.children[idx].keys.length > minKeys) {
+      const predecessor = getPredecessor(node, idx);
+      node.keys[idx] = predecessor;
+      deleteKey(node.children[idx], predecessor);
+    } else if (node.children[idx + 1].keys.length > minKeys) {
+      const successor = getSuccessor(node, idx);
+      node.keys[idx] = successor;
+      deleteKey(node.children[idx + 1], successor);
+    } else {
+      merge(node, idx);
+      deleteKey(node.children[idx], key);
+    }
+  };
+
+  const deleteKey = (node: BTreeNode, key: number): void => {
+    const idx = findKey(node, key);
+
+    if (idx < node.keys.length && node.keys[idx] === key) {
+      if (node.isLeaf) {
+        removeFromLeaf(node, idx);
       } else {
-        merge(node, idx);
-        deleteKey(node.children[idx], key);
+        removeFromNonLeaf(node, idx);
       }
-    },
-    [minKeys, merge]
-  );
+      return;
+    }
 
-  const deleteKey = useCallback(
-    (node: BTreeNode, key: number): void => {
-      const idx = findKey(node, key);
+    if (node.isLeaf) {
+      return;
+    }
 
-      if (idx < node.keys.length && node.keys[idx] === key) {
-        // Key found in this node
-        if (node.isLeaf) {
-          removeFromLeaf(node, idx);
-        } else {
-          removeFromNonLeaf(node, idx);
-        }
-      } else {
-        // Key not in this node
-        if (node.isLeaf) {
-          return; // Key not in tree
-        }
+    const isInLastChild = idx === node.keys.length;
 
-        const isInLastChild = idx === node.keys.length;
+    if (node.children[idx].keys.length <= minKeys) {
+      fill(node, idx);
+    }
 
-        // If child has only minKeys keys, fill it first
-        if (node.children[idx].keys.length <= minKeys) {
-          fill(node, idx);
-        }
+    if (isInLastChild && idx > node.keys.length) {
+      deleteKey(node.children[idx - 1], key);
+      return;
+    }
 
-        // After fill, the key might have moved
-        if (isInLastChild && idx > node.keys.length) {
-          deleteKey(node.children[idx - 1], key);
-        } else {
-          deleteKey(node.children[idx], key);
-        }
-      }
-    },
-    [minKeys, fill, removeFromNonLeaf]
-  );
+    deleteKey(node.children[idx], key);
+  };
 
-  const deleteFromTree = useCallback(
-    (key: number) => {
-      if (!root) {
-        setMessage('Tree is empty');
-        return;
-      }
+  const deleteFromTree = (key: number) => {
+    if (!root) {
+      setMessage('Tree is empty');
+      return;
+    }
 
-      setIsAnimating(true);
-      setAnimationState('deleting');
-      setMessage(`Deleting ${key}...`);
+    setIsAnimating(true);
+    setAnimationState('deleting');
+    setMessage(`Deleting ${key}...`);
 
-      setTimeout(() => {
-        const newRoot = { ...root };
+    setTimeout(() => {
+      const newRoot = { ...root };
 
-        // Deep clone the tree to avoid mutation issues
-        const cloneNode = (node: BTreeNode): BTreeNode => ({
-          ...node,
-          keys: [...node.keys],
-          children: node.children.map(cloneNode),
-        });
+      const cloneNode = (node: BTreeNode): BTreeNode => ({
+        ...node,
+        keys: [...node.keys],
+        children: node.children.map(cloneNode),
+      });
 
-        const clonedRoot = cloneNode(newRoot);
-
-        try {
-          deleteKey(clonedRoot, key);
-
-          // If root is empty after deletion, make its only child the new root
-          let finalRoot: BTreeNode | null = clonedRoot;
-          if (clonedRoot.keys.length === 0) {
-            if (!clonedRoot.isLeaf && clonedRoot.children.length > 0) {
-              finalRoot = clonedRoot.children[0];
-              setMessage(`Deleted ${key} and updated root`);
-            } else {
-              finalRoot = null;
-              setMessage(`Deleted ${key}, tree is now empty`);
-            }
+      const clonedRoot = cloneNode(newRoot);
+
+      try {
+        deleteKey(clonedRoot, key);
+
+        let finalRoot: BTreeNode | null = clonedRoot;
+        if (clonedRoot.keys.length === 0) {
+          if (!clonedRoot.isLeaf && clonedRoot.children.length > 0) {
+            finalRoot = clonedRoot.children[0];
+            setMessage(`Deleted ${key} and updated root`);
           } else {
-            setMessage(`Deleted ${key} from B-Tree`);
+            finalRoot = null;
+            setMessage(`Deleted ${key}, tree is now empty`);
           }
+        } else {
+          setMessage(`Deleted ${key} from B-Tree`);
+        }
 
-          if (finalRoot) {
-            calculatePositions(finalRoot);
-          }
-          setRoot(finalRoot ? { ...finalRoot } : null);
-        } catch {
-          setMessage(`Key ${key} not found in tree`);
+        if (finalRoot) {
+          calculatePositions(finalRoot);
         }
+        setRoot(finalRoot ? { ...finalRoot } : null);
+      } catch {
+        setMessage(`Key ${key} not found in tree`);
+      }
 
-        setAnimationState(null);
-        setIsAnimating(false);
-      }, 500);
-    },
-    [root, calculatePositions, deleteKey]
-  );
+      setAnimationState(null);
+      setIsAnimating(false);
+    }, 500);
+  };
 
   const handleSearch = () => {
     const value = parseInt(searchValue);
diff --git a/src/shared/hooks/useReducedMotion.test.ts b/src/shared/hooks/useReducedMotion.test.ts
index 7e173e4..3695a2e 100644
--- a/src/shared/hooks/useReducedMotion.test.ts
+++ b/src/shared/hooks/useReducedMotion.test.ts
@@ -3,7 +3,7 @@
  */
 
 import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest';
-import { renderHook } from '@testing-library/react';
+import { act, renderHook } from '@testing-library/react';
 import { useReducedMotion } from './useReducedMotion';
 
 describe('useReducedMotion', () => {
@@ -68,16 +68,17 @@ describe('useReducedMotion', () => {
     );
     matchMediaMock.matches = false;
 
-    const { result, rerender } = renderHook(() => useReducedMotion());
+    const { result } = renderHook(() => useReducedMotion());
 
     expect(result.current).toBe(false);
 
     // Simulate media query change
     matchMediaMock.matches = true;
     if (changeHandler) {
-      changeHandler({ matches: true } as MediaQueryListEvent);
+      act(() => {
+        changeHandler({ matches: true } as MediaQueryListEvent);
+      });
     }
-    rerender();
 
     expect(result.current).toBe(true);
   });