[PM-26822] feat: add Costco

[dakotatokad]

🎟️ Tracking

#125

📔 Objective

Add Costco to list of supported sites and resolves #125.

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

:white_check_mark: dakotatokad
:x: mark-youssef-bitwarden
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[bitwarden-bot]

Thank you for your contribution! We've added this to our internal tracking system for review. ID: PM-26822 Link: https://bitwarden.atlassian.net/browse/PM-26822

Details on our contribution process can be found here: https://contributing.bitwarden.com/contributing/pull-requests/community-pr-process.

[github-actions[bot]]

Checkmarx One – Scan Summary & Details – 4ccafee4-9625-488d-9e43-4ee32f82659a

New Issues (8)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2025-59837	Npm-@astrojs/internal-helpers-0.7.2	details Recommended version: 0.7.3 Description: Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypass... Attack Vector: NETWORK Attack Complexity: LOW ID: DZd5x7Wm%2FyHKe3b4DXGxtpyklBz9q0ZwwuVSkO00ygM%3D Vulnerable Package
	CVE-2025-61925	Npm-astro-5.13.2	details Recommended version: 5.15.9 Description: Astro is a web framework. Prior to version 5.14.3, Astro reflects the value in `X-Forwarded-Host` in output when using `Astro.url` without any vali... Attack Vector: NETWORK Attack Complexity: LOW ID: %2Fs%2Fc11dxdym%2FTbTm913T7JiZGKbyRfeG90lIbfTzZSE%3D Vulnerable Package
	CVE-2025-64525	Npm-astro-5.13.2	details Recommended version: 5.15.9 Description: Astro is a web framework. In Astro versions 2.16.0 prior to 5.15.5 and 6.0.0-alpha.0 which utilizeon-demand rendering, request headers `x-forwarded... Attack Vector: NETWORK Attack Complexity: LOW ID: dxuO6z9g2G7GPzPichJF%2FIeP6NJTMd4w%2BETpumVHSNw%3D Vulnerable Package
	CVE-2025-64745	Npm-astro-5.13.2	details Recommended version: 5.15.9 Description: Astro is a web framework. Starting in version 5.2.0 through version 5.15.5 and 6.0.0-alpha.0, a Reflected Cross-Site Scripting (XSS) vulnerability ... Attack Vector: NETWORK Attack Complexity: LOW ID: W2EFvddTgrhw7EOH5NaaRBAKeHySHOp5jyQGmi3LXYc%3D Vulnerable Package
	CVE-2025-64764	Npm-astro-5.13.2	details Recommended version: 5.15.9 Description: Astro is a web framework. Prior to version 5.15.8, a reflected Cross-Site Scripting (XSS) vulnerability is present when the server islands feature ... Attack Vector: NETWORK Attack Complexity: LOW ID: FDedX6TRbB6%2FR6lTrLAq%2BUK72uF34vQDigg6awuRK0Q%3D Vulnerable Package
	CVE-2025-64765	Npm-astro-5.13.2	details Recommended version: 5.15.9 Description: Astro is a web framework. Prior to version 5.15.8 and 6.0.0-alpha.0, a mismatch exists between how Astro normalizes request paths for routing/rende... Attack Vector: NETWORK Attack Complexity: LOW ID: RVWN6IaWaXzwSpwKd7i0mY80gBTDE7AavnhObqSgtWg%3D Vulnerable Package
	CVE-2025-65019	Npm-astro-5.13.2	details Recommended version: 5.15.9 Description: Astro is a web framework. Prior to version 5.15.9 and 6.0.0-alpha.0, when using Astro's Cloudflare adapter (@astrojs/cloudflare) with output: 'serv... Attack Vector: NETWORK Attack Complexity: LOW ID: HP1EEvNT%2FlaxQ760xDAMnmbgGJpo6e6BH7SOEK78bzI%3D Vulnerable Package
	CVE-2025-64757	Npm-astro-5.13.2	details Recommended version: 5.15.9 Description: Astro is a web framework. Prior to version 5.14.3, a vulnerability was identified in the Astro framework's development server that allows arbitrary... Attack Vector: ADJACENT_NETWORK Attack Complexity: LOW ID: J4foNcVAvylA6HwygvdrfoJB2BvMyEGLa1Oa2xpxQc8%3D Vulnerable Package