RubyGems - shakapacker - Versions diffs - 9.0.0.beta.6 → 9.0.0.beta.8 - Mend

shakapacker 9.0.0.beta.6 → 9.0.0.beta.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (72) hide show

checksums.yaml +4 -4
data/.eslintrc.fast.js +40 -0
data/.eslintrc.js +48 -0
data/.github/workflows/generator.yml +6 -0
data/.gitignore +1 -4
data/.npmignore +56 -0
data/CHANGELOG.md +64 -1
data/CONTRIBUTING.md +75 -21
data/Gemfile.lock +1 -1
data/README.md +4 -0
data/TODO.md +15 -16
data/docs/transpiler-migration.md +191 -0
data/docs/typescript-migration.md +378 -0
data/lib/install/template.rb +54 -7
data/lib/shakapacker/version.rb +1 -1
data/package/.npmignore +4 -0
data/package/babel/preset.ts +56 -0
data/package/config.ts +23 -10
data/package/env.ts +15 -2
data/package/environments/{development.js → development.ts} +30 -8
data/package/environments/{production.js → production.ts} +18 -4
data/package/environments/test.ts +53 -0
data/package/environments/types.ts +90 -0
data/package/esbuild/index.ts +42 -0
data/package/optimization/rspack.ts +36 -0
data/package/optimization/{webpack.js → webpack.ts} +12 -4
data/package/plugins/{rspack.js → rspack.ts} +20 -5
data/package/plugins/{webpack.js → webpack.ts} +2 -2
data/package/rspack/{index.js → index.ts} +17 -10
data/package/rules/{babel.js → babel.ts} +1 -1
data/package/rules/{coffee.js → coffee.ts} +1 -1
data/package/rules/{css.js → css.ts} +1 -1
data/package/rules/{erb.js → erb.ts} +1 -1
data/package/rules/{esbuild.js → esbuild.ts} +2 -2
data/package/rules/{file.js → file.ts} +11 -6
data/package/rules/{jscommon.js → jscommon.ts} +4 -4
data/package/rules/{less.js → less.ts} +3 -3
data/package/rules/raw.ts +25 -0
data/package/rules/{rspack.js → rspack.ts} +21 -11
data/package/rules/{sass.js → sass.ts} +1 -1
data/package/rules/{stylus.js → stylus.ts} +3 -7
data/package/rules/{swc.js → swc.ts} +2 -2
data/package/rules/{webpack.js → webpack.ts} +1 -1
data/package/swc/index.ts +54 -0
data/package/types/README.md +87 -0
data/package/types/index.ts +60 -0
data/package/utils/errorCodes.ts +219 -0
data/package/utils/errorHelpers.ts +68 -2
data/package/utils/pathValidation.ts +139 -0
data/package/utils/typeGuards.ts +161 -47
data/package.json +26 -4
data/scripts/remove-use-strict.js +45 -0
data/scripts/type-check-no-emit.js +27 -0
data/test/package/rules/raw.test.js +40 -7
data/test/package/rules/webpack.test.js +21 -2
data/test/package/transpiler-defaults.test.js +127 -0
data/test/scripts/remove-use-strict.test.js +125 -0
data/test/typescript/build.test.js +3 -2
data/test/typescript/environments.test.js +107 -0
data/test/typescript/pathValidation.test.js +142 -0
data/test/typescript/securityValidation.test.js +182 -0
data/tsconfig.eslint.json +16 -0
data/tsconfig.json +9 -10
data/yarn.lock +415 -6
metadata +50 -28
data/package/babel/preset.js +0 -48
data/package/environments/base.js +0 -103
data/package/environments/test.js +0 -19
data/package/esbuild/index.js +0 -40
data/package/optimization/rspack.js +0 -29
data/package/rules/raw.js +0 -15
data/package/swc/index.js +0 -50

data/test/typescript/securityValidation.test.js ADDED Viewed

@@ -0,0 +1,182 @@
+const {
+  isValidConfig,
+  clearValidationCache
+} = require("../../package/utils/typeGuards")
+describe("security validation", () => {
+  const originalNodeEnv = process.env.NODE_ENV
+  const originalStrictValidation = process.env.SHAKAPACKER_STRICT_VALIDATION
+  afterEach(() => {
+    process.env.NODE_ENV = originalNodeEnv
+    process.env.SHAKAPACKER_STRICT_VALIDATION = originalStrictValidation
+    clearValidationCache()
+  })
+  describe("path traversal security checks", () => {
+    const baseConfig = {
+      source_path: "./app/javascript",
+      source_entry_path: "./packs",
+      public_root_path: "./public",
+      public_output_path: "packs",
+      cache_path: "tmp/shakapacker",
+      javascript_transpiler: "babel",
+      nested_entries: false,
+      css_extract_ignore_order_warnings: false,
+      webpack_compile_output: true,
+      shakapacker_precompile: true,
+      cache_manifest: false,
+      ensure_consistent_versioning: false,
+      useContentHash: true,
+      compile: true,
+      additional_paths: []
+    }
+    it("always validates path traversal in required path fields in production", () => {
+      process.env.NODE_ENV = "production"
+      delete process.env.SHAKAPACKER_STRICT_VALIDATION
+      const unsafeConfig = {
+        ...baseConfig,
+        source_path: "../../../etc/passwd"
+      }
+      expect(isValidConfig(unsafeConfig)).toBe(false)
+    })
+    it("always validates path traversal in required path fields in development", () => {
+      process.env.NODE_ENV = "development"
+      const unsafeConfig = {
+        ...baseConfig,
+        public_output_path: "../../sensitive/data"
+      }
+      expect(isValidConfig(unsafeConfig)).toBe(false)
+    })
+    it("always validates path traversal in additional_paths in production", () => {
+      process.env.NODE_ENV = "production"
+      delete process.env.SHAKAPACKER_STRICT_VALIDATION
+      const unsafeConfig = {
+        ...baseConfig,
+        additional_paths: ["./safe/path", "../../../etc/passwd"]
+      }
+      expect(isValidConfig(unsafeConfig)).toBe(false)
+    })
+    it("always validates path traversal in additional_paths in development", () => {
+      process.env.NODE_ENV = "development"
+      const unsafeConfig = {
+        ...baseConfig,
+        additional_paths: ["./safe/path", "../../../../root/.ssh"]
+      }
+      expect(isValidConfig(unsafeConfig)).toBe(false)
+    })
+    it("allows safe paths in production", () => {
+      process.env.NODE_ENV = "production"
+      delete process.env.SHAKAPACKER_STRICT_VALIDATION
+      const safeConfig = {
+        ...baseConfig,
+        additional_paths: ["./app/assets", "./vendor/assets", "node_modules"]
+      }
+      expect(isValidConfig(safeConfig)).toBe(true)
+    })
+    it("allows safe paths in development", () => {
+      process.env.NODE_ENV = "development"
+      const safeConfig = {
+        ...baseConfig,
+        additional_paths: ["./app/components", "./lib/assets"]
+      }
+      expect(isValidConfig(safeConfig)).toBe(true)
+    })
+  })
+  describe("optional field validation", () => {
+    const validConfig = {
+      source_path: "./app/javascript",
+      source_entry_path: "./packs",
+      public_root_path: "./public",
+      public_output_path: "packs",
+      cache_path: "tmp/shakapacker",
+      javascript_transpiler: "babel",
+      nested_entries: false,
+      css_extract_ignore_order_warnings: false,
+      webpack_compile_output: true,
+      shakapacker_precompile: true,
+      cache_manifest: false,
+      ensure_consistent_versioning: false,
+      useContentHash: true,
+      compile: true,
+      additional_paths: [],
+      dev_server: {
+        hmr: true,
+        port: 3035
+      },
+      integrity: {
+        enabled: true,
+        cross_origin: "anonymous"
+      }
+    }
+    it("skips deep validation of optional fields in production without strict mode", () => {
+      process.env.NODE_ENV = "production"
+      delete process.env.SHAKAPACKER_STRICT_VALIDATION
+      // Invalid integrity config that would fail deep validation
+      const configWithInvalidOptional = {
+        ...validConfig,
+        integrity: {
+          enabled: "not-a-boolean", // Invalid type
+          cross_origin: "anonymous"
+        }
+      }
+      // Should pass because deep validation is skipped in production
+      expect(isValidConfig(configWithInvalidOptional)).toBe(true)
+    })
+    it("performs deep validation of optional fields in development", () => {
+      process.env.NODE_ENV = "development"
+      // Invalid integrity config
+      const configWithInvalidOptional = {
+        ...validConfig,
+        integrity: {
+          enabled: "not-a-boolean", // Invalid type
+          cross_origin: "anonymous"
+        }
+      }
+      // Should fail because deep validation runs in development
+      expect(isValidConfig(configWithInvalidOptional)).toBe(false)
+    })
+    it("performs deep validation in production with strict mode", () => {
+      process.env.NODE_ENV = "production"
+      process.env.SHAKAPACKER_STRICT_VALIDATION = "true"
+      // Invalid integrity config
+      const configWithInvalidOptional = {
+        ...validConfig,
+        integrity: {
+          enabled: "not-a-boolean", // Invalid type
+          cross_origin: "anonymous"
+        }
+      }
+      // Should fail because strict validation is enabled
+      expect(isValidConfig(configWithInvalidOptional)).toBe(false)
+    })
+  })
+})

data/tsconfig.eslint.json ADDED Viewed

@@ -0,0 +1,16 @@
+{
+  "extends": "./tsconfig.json",
+  "compilerOptions": {
+    "noEmit": true,
+    "rootDir": "."
+  },
+  "include": [
+    "package/**/*.ts",
+    "package/**/*.tsx",
+    "package/**/*.test.ts",
+    "package/**/*.spec.ts",
+    "test/**/*.ts",
+    "test/**/*.tsx"
+  ],
+  "exclude": ["node_modules"]
+}

data/tsconfig.json CHANGED Viewed

@@ -3,7 +3,12 @@
     "target": "ES2020",
     "module": "commonjs",
     "lib": ["ES2020"],
-    "typeRoots": ["./node_modules/@types", "node_modules/@types", "../node_modules/@types"],
+    "importHelpers": false,
+    "typeRoots": [
+      "./node_modules/@types",
+      "node_modules/@types",
+      "../node_modules/@types"
+    ],
     "declaration": true,
     "declarationMap": true,
     "outDir": "./package",
@@ -22,18 +27,12 @@
     "strictBindCallApply": true,
     "strictPropertyInitialization": false,
     "noImplicitThis": true,
-    "alwaysStrict": false,
+    "alwaysStrict": true,
     "allowSyntheticDefaultImports": true,
     "preserveConstEnums": true,
     "isolatedModules": true,
     "removeComments": false
   },
-  "include": [
-    "package/**/*.ts"
-  ],
-  "exclude": [
-    "node_modules",
-    "package/**/*.test.ts",
-    "package/**/*.spec.ts"
-  ]
+  "include": ["package/**/*.ts"],
+  "exclude": ["node_modules", "package/**/*.test.ts", "package/**/*.spec.ts"]
 }