npm - @ai-sdk/provider-utils - Versions diffs - 4.0.28 → 4.0.30 - Mend

@ai-sdk/provider-utils 4.0.28 → 4.0.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/CHANGELOG.md +29 -0
package/dist/index.d.mts +73 -1
package/dist/index.d.ts +73 -1
package/dist/index.js +195 -83
package/dist/index.js.map +1 -1
package/dist/index.mjs +191 -83
package/dist/index.mjs.map +1 -1
package/package.json +1 -1
package/src/cancel-response-body.ts +19 -0
package/src/download-blob.ts +8 -9
package/src/fetch-with-validated-redirects.ts +87 -0
package/src/index.ts +4 -0
package/src/is-browser-runtime.ts +13 -0
package/src/is-same-origin.ts +19 -0
package/src/read-response-with-size-limit.ts +4 -0
package/src/validate-download-url.ts +113 -31

package/dist/index.mjs CHANGED Viewed

@@ -208,6 +208,15 @@ function convertToFormData(input, options = {}) {
   return formData;
 }
+// src/cancel-response-body.ts
+async function cancelResponseBody(response) {
+  var _a2;
+  try {
+    await ((_a2 = response.body) == null ? void 0 : _a2.cancel());
+  } catch (e) {
+  }
+}
 // src/download-error.ts
 import { AISDKError } from "@ai-sdk/provider";
 var name = "AI_DownloadError";
@@ -233,59 +242,9 @@ var DownloadError = class extends (_b = AISDKError, _a = symbol, _b) {
   }
 };
-// src/read-response-with-size-limit.ts
-var DEFAULT_MAX_DOWNLOAD_SIZE = 2 * 1024 * 1024 * 1024;
-async function readResponseWithSizeLimit({
-  response,
-  url,
-  maxBytes = DEFAULT_MAX_DOWNLOAD_SIZE
-}) {
-  const contentLength = response.headers.get("content-length");
-  if (contentLength != null) {
-    const length = parseInt(contentLength, 10);
-    if (!isNaN(length) && length > maxBytes) {
-      throw new DownloadError({
-        url,
-        message: `Download of ${url} exceeded maximum size of ${maxBytes} bytes (Content-Length: ${length}).`
-      });
-    }
-  }
-  const body = response.body;
-  if (body == null) {
-    return new Uint8Array(0);
-  }
-  const reader = body.getReader();
-  const chunks = [];
-  let totalBytes = 0;
-  try {
-    while (true) {
-      const { done, value } = await reader.read();
-      if (done) {
-        break;
-      }
-      totalBytes += value.length;
-      if (totalBytes > maxBytes) {
-        throw new DownloadError({
-          url,
-          message: `Download of ${url} exceeded maximum size of ${maxBytes} bytes.`
-        });
-      }
-      chunks.push(value);
-    }
-  } finally {
-    try {
-      await reader.cancel();
-    } finally {
-      reader.releaseLock();
-    }
-  }
-  const result = new Uint8Array(totalBytes);
-  let offset = 0;
-  for (const chunk of chunks) {
-    result.set(chunk, offset);
-    offset += chunk.length;
-  }
-  return result;
+// src/is-browser-runtime.ts
+function isBrowserRuntime(globalThisAny = globalThis) {
+  return globalThisAny.window != null;
 }
 // src/validate-download-url.ts
@@ -308,7 +267,7 @@ function validateDownloadUrl(url) {
       message: `URL scheme must be http, https, or data, got ${parsed.protocol}`
     });
   }
-  const hostname = parsed.hostname;
+  const hostname = parsed.hostname.toLowerCase().replace(/\.+$/, "");
   if (!hostname) {
     throw new DownloadError({
       url,
@@ -351,54 +310,190 @@ function isIPv4(hostname) {
 }
 function isPrivateIPv4(ip) {
   const parts = ip.split(".").map(Number);
-  const [a, b] = parts;
+  const [a, b, c] = parts;
   if (a === 0) return true;
   if (a === 10) return true;
+  if (a === 100 && b >= 64 && b <= 127) return true;
   if (a === 127) return true;
   if (a === 169 && b === 254) return true;
   if (a === 172 && b >= 16 && b <= 31) return true;
+  if (a === 192 && b === 0 && c === 0) return true;
   if (a === 192 && b === 168) return true;
+  if (a === 198 && (b === 18 || b === 19)) return true;
+  if (a >= 240) return true;
   return false;
 }
-function isPrivateIPv6(ip) {
-  const normalized = ip.toLowerCase();
-  if (normalized === "::1") return true;
-  if (normalized === "::") return true;
-  if (normalized.startsWith("::ffff:")) {
-    const mappedPart = normalized.slice(7);
-    if (isIPv4(mappedPart)) {
-      return isPrivateIPv4(mappedPart);
-    }
-    const hexParts = mappedPart.split(":");
-    if (hexParts.length === 2) {
-      const high = parseInt(hexParts[0], 16);
-      const low = parseInt(hexParts[1], 16);
-      if (!isNaN(high) && !isNaN(low)) {
-        const a = high >> 8 & 255;
-        const b = high & 255;
-        const c = low >> 8 & 255;
-        const d = low & 255;
-        return isPrivateIPv4(`${a}.${b}.${c}.${d}`);
+function parseIPv6(ip) {
+  let address = ip.toLowerCase();
+  const zoneIndex = address.indexOf("%");
+  if (zoneIndex !== -1) {
+    address = address.slice(0, zoneIndex);
+  }
+  const halves = address.split("::");
+  if (halves.length > 2) return null;
+  const toGroups = (segment) => {
+    if (segment === "") return [];
+    const groups = [];
+    const parts = segment.split(":");
+    for (let i = 0; i < parts.length; i++) {
+      const part = parts[i];
+      if (part.includes(".")) {
+        if (i !== parts.length - 1 || !isIPv4(part)) return null;
+        const [a, b, c, d] = part.split(".").map(Number);
+        groups.push(a << 8 | b, c << 8 | d);
+        continue;
       }
+      if (!/^[0-9a-f]{1,4}$/.test(part)) return null;
+      groups.push(parseInt(part, 16));
     }
+    return groups;
+  };
+  const head = toGroups(halves[0]);
+  if (head === null) return null;
+  if (halves.length === 2) {
+    const tail = toGroups(halves[1]);
+    if (tail === null) return null;
+    const fill = 8 - head.length - tail.length;
+    if (fill < 0) return null;
+    return [...head, ...new Array(fill).fill(0), ...tail];
+  }
+  return head.length === 8 ? head : null;
+}
+function isPrivateIPv6(ip) {
+  const groups = parseIPv6(ip);
+  if (groups === null) return true;
+  const topZero = (count) => groups.slice(0, count).every((group) => group === 0);
+  if (topZero(7) && (groups[7] === 0 || groups[7] === 1)) return true;
+  if ((groups[0] & 65024) === 64512) return true;
+  if ((groups[0] & 65472) === 65152) return true;
+  if ((groups[0] & 65472) === 65216) return true;
+  if ((groups[0] & 65280) === 65280) return true;
+  const embedsIPv4 = (
+    // ::/96 — IPv4-compatible (deprecated)
+    topZero(6) || // ::ffff:0:0/96 — IPv4-mapped (ffff in group 5)
+    topZero(5) && groups[5] === 65535 || // ::ffff:0:0/96 — IPv4-translated form (ffff in group 4, group 5 zero)
+    topZero(4) && groups[4] === 65535 && groups[5] === 0 || // 64:ff9b::/96 — NAT64 well-known prefix
+    groups[0] === 100 && groups[1] === 65435 && groups[2] === 0 && groups[3] === 0 && groups[4] === 0 && groups[5] === 0 || // 64:ff9b:1::/48 — NAT64 local-use prefix
+    groups[0] === 100 && groups[1] === 65435 && groups[2] === 1
+  );
+  if (embedsIPv4) {
+    const a = groups[6] >> 8 & 255;
+    const b = groups[6] & 255;
+    const c = groups[7] >> 8 & 255;
+    const d = groups[7] & 255;
+    return isPrivateIPv4(`${a}.${b}.${c}.${d}`);
   }
-  if (normalized.startsWith("fc") || normalized.startsWith("fd")) return true;
-  if (normalized.startsWith("fe80")) return true;
   return false;
 }
+// src/fetch-with-validated-redirects.ts
+var MAX_DOWNLOAD_REDIRECTS = 10;
+async function fetchWithValidatedRedirects({
+  url,
+  headers,
+  abortSignal,
+  maxRedirects = MAX_DOWNLOAD_REDIRECTS
+}) {
+  const baseInit = { signal: abortSignal };
+  if (headers !== void 0) {
+    baseInit.headers = headers;
+  }
+  let currentUrl = url;
+  for (let redirectCount = 0; redirectCount <= maxRedirects; redirectCount++) {
+    validateDownloadUrl(currentUrl);
+    const response = await fetch(currentUrl, {
+      ...baseInit,
+      redirect: "manual"
+    });
+    if (response.type === "opaqueredirect") {
+      if (!isBrowserRuntime()) {
+        throw new DownloadError({
+          url,
+          message: `Redirect from ${currentUrl} could not be validated and was blocked`
+        });
+      }
+      return await fetch(currentUrl, { ...baseInit, redirect: "follow" });
+    }
+    const location = response.headers.get("location");
+    if (response.status >= 300 && response.status < 400 && location) {
+      await cancelResponseBody(response);
+      currentUrl = new URL(location, currentUrl).toString();
+      continue;
+    }
+    return response;
+  }
+  throw new DownloadError({
+    url,
+    message: `Too many redirects (max ${maxRedirects})`
+  });
+}
+// src/read-response-with-size-limit.ts
+var DEFAULT_MAX_DOWNLOAD_SIZE = 2 * 1024 * 1024 * 1024;
+async function readResponseWithSizeLimit({
+  response,
+  url,
+  maxBytes = DEFAULT_MAX_DOWNLOAD_SIZE
+}) {
+  const contentLength = response.headers.get("content-length");
+  if (contentLength != null) {
+    const length = parseInt(contentLength, 10);
+    if (!isNaN(length) && length > maxBytes) {
+      await cancelResponseBody(response);
+      throw new DownloadError({
+        url,
+        message: `Download of ${url} exceeded maximum size of ${maxBytes} bytes (Content-Length: ${length}).`
+      });
+    }
+  }
+  const body = response.body;
+  if (body == null) {
+    return new Uint8Array(0);
+  }
+  const reader = body.getReader();
+  const chunks = [];
+  let totalBytes = 0;
+  try {
+    while (true) {
+      const { done, value } = await reader.read();
+      if (done) {
+        break;
+      }
+      totalBytes += value.length;
+      if (totalBytes > maxBytes) {
+        throw new DownloadError({
+          url,
+          message: `Download of ${url} exceeded maximum size of ${maxBytes} bytes.`
+        });
+      }
+      chunks.push(value);
+    }
+  } finally {
+    try {
+      await reader.cancel();
+    } finally {
+      reader.releaseLock();
+    }
+  }
+  const result = new Uint8Array(totalBytes);
+  let offset = 0;
+  for (const chunk of chunks) {
+    result.set(chunk, offset);
+    offset += chunk.length;
+  }
+  return result;
+}
 // src/download-blob.ts
 async function downloadBlob(url, options) {
   var _a2, _b2;
-  validateDownloadUrl(url);
   try {
-    const response = await fetch(url, {
-      signal: options == null ? void 0 : options.abortSignal
+    const response = await fetchWithValidatedRedirects({
+      url,
+      abortSignal: options == null ? void 0 : options.abortSignal
     });
-    if (response.redirected) {
-      validateDownloadUrl(response.url);
-    }
     if (!response.ok) {
+      await cancelResponseBody(response);
       throw new DownloadError({
         url,
         statusCode: response.status,
@@ -582,7 +677,7 @@ function withUserAgentSuffix(headers, ...userAgentSuffixParts) {
 }
 // src/version.ts
-var VERSION = true ? "4.0.28" : "0.0.0-test";
+var VERSION = true ? "4.0.30" : "0.0.0-test";
 // src/get-from-api.ts
 var getOriginalFetch = () => globalThis.fetch;
@@ -698,6 +793,15 @@ function isNonNullable(value) {
   return value != null;
 }
+// src/is-same-origin.ts
+function isSameOrigin(url, baseUrl) {
+  try {
+    return new URL(url).origin === new URL(baseUrl).origin;
+  } catch (e) {
+    return false;
+  }
+}
 // src/is-url-supported.ts
 function isUrlSupported({
   mediaType,
@@ -2705,6 +2809,7 @@ export {
   EventSourceParserStream2 as EventSourceParserStream,
   VERSION,
   asSchema,
+  cancelResponseBody,
   combineHeaders,
   convertAsyncIteratorToReadableStream,
   convertBase64ToUint8Array,
@@ -2726,14 +2831,17 @@ export {
   dynamicTool,
   executeTool,
   extractResponseHeaders,
+  fetchWithValidatedRedirects,
   generateId,
   getErrorMessage,
   getFromApi,
   getRuntimeEnvironmentUserAgent,
   injectJsonInstructionIntoMessages,
   isAbortError,
+  isBrowserRuntime,
   isNonNullable,
   isParsableJson,
+  isSameOrigin,
   isUrlSupported,
   jsonSchema,
   lazySchema,