@apidevtools/json-schema-ref-parser 14.1.0 → 14.2.0

package/dist/lib/bundle.js

@@ -104,8 +104,12 @@ function crawl(parent, key, path, pathFromRoot, indirections, inventory, $refs,
                 else {
                     crawl(obj, key, keyPath, keyPathFromRoot, indirections, inventory, $refs, options);
                 }
-                if (value["$ref"]) {
-                    bundleOptions?.onBundle?.(value["$ref"], obj[key], obj, key);
+                // We need to ensure that we have an object to work with here because we may be crawling
+                // an `examples` schema and `value` may be nullish.
+                if (value && typeof value === "object" && !Array.isArray(value)) {
+                    if ("$ref" in value) {
+                        bundleOptions?.onBundle?.(value["$ref"], obj[key], obj, key);
+                    }
                 }
             }
         }

package/dist/lib/util/url.d.ts

@@ -61,7 +61,7 @@ export declare function isHttp(path: string): boolean;
  * @param path - The URL or path to check
  * @returns true if the URL is unsafe/internal, false otherwise
  */
-export declare function isUnsafeUrl(path: string): boolean;
+export declare function isUnsafeUrl(path: string | unknown): boolean;
 /**
  * Determines whether the given path is a filesystem path.
  * This includes "file://" URLs.

package/dist/lib/util/url.js

@@ -140,7 +140,7 @@ function getProtocol(path) {
 function getExtension(path) {
     const lastDot = path.lastIndexOf(".");
     if (lastDot >= 0) {
-        return stripQuery(path.substr(lastDot).toLowerCase());
+        return stripQuery(path.substring(lastDot).toLowerCase());
     }
     return "";
 }
@@ -153,7 +153,7 @@ function getExtension(path) {
 function stripQuery(path) {
     const queryIndex = path.indexOf("?");
     if (queryIndex >= 0) {
-        path = path.substr(0, queryIndex);
+        path = path.substring(0, queryIndex);
     }
     return path;
 }
@@ -295,7 +295,7 @@ function isUnsafeUrl(path) {
             return true;
         }
     }
-    catch (e) {
+    catch {
         // If URL parsing fails, check if it's a relative path or contains suspicious patterns
         // Relative paths starting with / are generally safe for same-origin
         if (normalizedPath.startsWith("/") && !normalizedPath.startsWith("//")) {
@@ -432,13 +432,13 @@ function toFileSystemPath(path, keepFileProtocol) {
     }
     // Step 3: If it's a "file://" URL, then format it consistently
     // or convert it to a local filesystem path
-    let isFileUrl = path.substr(0, 7).toLowerCase() === "file://";
+    let isFileUrl = path.toLowerCase().startsWith("file://");
     if (isFileUrl) {
         // Strip-off the protocol, and the initial "/", if there is one
-        path = path[7] === "/" ? path.substr(8) : path.substr(7);
+        path = path.replace(/^file:\/\//, "").replace(/^\//, "");
         // insert a colon (":") after the drive letter on Windows
         if ((0, is_windows_1.isWindows)() && path[1] === "/") {
-            path = path[0] + ":" + path.substr(1);
+            path = `${path[0]}:${path.substring(1)}`;
         }
         if (keepFileProtocol) {
             // Return the consistently-formatted "file://" URL
@@ -457,8 +457,8 @@ function toFileSystemPath(path, keepFileProtocol) {
         // Replace forward slashes with backslashes
         path = path.replace(forwardSlashPattern, "\\");
         // Capitalize the drive letter
-        if (path.substr(1, 2) === ":\\") {
-            path = path[0].toUpperCase() + path.substr(1);
+        if (path.match(/^[a-z]:\\/i)) {
+            path = path[0].toUpperCase() + path.substring(1);
         }
     }
     return path;

package/lib/bundle.ts

@@ -101,8 +101,12 @@ function crawl<S extends object = JSONSchema, O extends ParserOptions<S> = Parse
           crawl(obj, key, keyPath, keyPathFromRoot, indirections, inventory, $refs, options);
         }
 
-        if (value["$ref"]) {
-          bundleOptions?.onBundle?.(value["$ref"], obj[key], obj as any, key);          
+        // We need to ensure that we have an object to work with here because we may be crawling
+        // an `examples` schema and `value` may be nullish.
+        if (value && typeof value === "object" && !Array.isArray(value)) {
+          if ("$ref" in value) {
+            bundleOptions?.onBundle?.(value["$ref"], obj[key], obj as any, key);
+          }
         }
       }
     }

package/lib/util/url.ts

@@ -95,7 +95,7 @@ export function getProtocol(path: string | undefined) {
 export function getExtension(path: any) {
   const lastDot = path.lastIndexOf(".");
   if (lastDot >= 0) {
-    return stripQuery(path.substr(lastDot).toLowerCase());
+    return stripQuery(path.substring(lastDot).toLowerCase());
   }
   return "";
 }
@@ -109,7 +109,7 @@ export function getExtension(path: any) {
 export function stripQuery(path: any) {
   const queryIndex = path.indexOf("?");
   if (queryIndex >= 0) {
-    path = path.substr(0, queryIndex);
+    path = path.substring(0, queryIndex);
   }
   return path;
 }
@@ -173,7 +173,7 @@ export function isHttp(path: string) {
  * @param path - The URL or path to check
  * @returns true if the URL is unsafe/internal, false otherwise
  */
-export function isUnsafeUrl(path: string): boolean {
+export function isUnsafeUrl(path: string | unknown): boolean {
   if (!path || typeof path !== "string") {
     return true;
   }
@@ -267,7 +267,7 @@ export function isUnsafeUrl(path: string): boolean {
     if (port && isInternalPort(parseInt(port))) {
       return true;
     }
-  } catch (e) {
+  } catch {
     // If URL parsing fails, check if it's a relative path or contains suspicious patterns
 
     // Relative paths starting with / are generally safe for same-origin
@@ -425,14 +425,14 @@ export function toFileSystemPath(path: string | undefined, keepFileProtocol?: bo
 
   // Step 3: If it's a "file://" URL, then format it consistently
   // or convert it to a local filesystem path
-  let isFileUrl = path.substr(0, 7).toLowerCase() === "file://";
+  let isFileUrl = path.toLowerCase().startsWith("file://");
   if (isFileUrl) {
     // Strip-off the protocol, and the initial "/", if there is one
-    path = path[7] === "/" ? path.substr(8) : path.substr(7);
+    path = path.replace(/^file:\/\//, "").replace(/^\//, "");
 
     // insert a colon (":") after the drive letter on Windows
     if (isWindows() && path[1] === "/") {
-      path = path[0] + ":" + path.substr(1);
+      path = `${path[0]}:${path.substring(1)}`;
     }
 
     if (keepFileProtocol) {
@@ -453,8 +453,8 @@ export function toFileSystemPath(path: string | undefined, keepFileProtocol?: bo
     path = path.replace(forwardSlashPattern, "\\");
 
     // Capitalize the drive letter
-    if (path.substr(1, 2) === ":\\") {
-      path = path[0].toUpperCase() + path.substr(1);
+    if (path.match(/^[a-z]:\\/i)) {
+      path = path[0].toUpperCase() + path.substring(1);
     }
   }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@apidevtools/json-schema-ref-parser",
-  "version": "14.1.0",
+  "version": "14.2.0",
   "description": "Parse, Resolve, and Dereference JSON Schema $ref pointers",
   "scripts": {
     "prepublishOnly": "yarn build",
@@ -25,8 +25,9 @@
     "resolve"
   ],
   "author": {
-    "name": "James Messinger",
-    "url": "https://jamesmessinger.com"
+    "name": "JonLuca DeCaro",
+    "url": "https://jonlu.ca",
+    "email": "apis@jonlu.ca"
   },
   "contributors": [
     {
@@ -42,8 +43,8 @@
       "email": "jakub@stoplight.io"
     },
     {
-      "name": "JonLuca DeCaro",
-      "email": "apis@jonlu.ca"
+      "name": "James Messinger",
+      "url": "https://jamesmessinger.com"
     }
   ],
   "homepage": "https://apidevtools.com/json-schema-ref-parser/",
@@ -65,35 +66,37 @@
     "lib",
     "dist"
   ],
+  "peerDependencies": {
+    "@types/json-schema": "^7.0.15"
+  },
+  "dependencies": {
+    "js-yaml": "^4.1.0"
+  },
   "devDependencies": {
-    "@eslint/compat": "^1.3.1",
-    "@eslint/js": "^9.30.0",
+    "@eslint/compat": "^1.3.2",
+    "@eslint/js": "^9.33.0",
     "@types/eslint": "^9.6.1",
     "@types/js-yaml": "^4.0.9",
+    "@types/json-schema": "^7.0.15",
     "@types/node": "^24",
-    "@typescript-eslint/eslint-plugin": "^8.35.1",
-    "@typescript-eslint/parser": "^8.35.1",
+    "@typescript-eslint/eslint-plugin": "^8.39.1",
+    "@typescript-eslint/parser": "^8.39.1",
     "@vitest/coverage-v8": "^3.2.4",
-    "cross-env": "^7.0.3",
-    "eslint": "^9.30.0",
-    "eslint-config-prettier": "^10.1.5",
-    "eslint-config-standard": "^17.1.0",
+    "cross-env": "^10.0.0",
+    "eslint": "^9.33.0",
+    "eslint-config-prettier": "^10.1.8",
     "eslint-plugin-import": "^2.32.0",
-    "eslint-plugin-prettier": "^5.5.1",
+    "eslint-plugin-prettier": "^5.5.4",
     "eslint-plugin-promise": "^7.2.1",
-    "eslint-plugin-unused-imports": "^4.1.4",
-    "globals": "^16.2.0",
+    "eslint-plugin-unused-imports": "^4.2.0",
+    "globals": "^16.3.0",
     "jsdom": "^26.1.0",
     "prettier": "^3.6.2",
     "rimraf": "^6.0.1",
-    "typescript": "^5.8.3",
-    "typescript-eslint": "^8.35.1",
+    "typescript": "^5.9.2",
+    "typescript-eslint": "^8.39.1",
     "vitest": "^3.2.4"
   },
-  "dependencies": {
-    "@types/json-schema": "^7.0.15",
-    "js-yaml": "^4.1.0"
-  },
   "release": {
     "branches": [
       "main"
@@ -105,5 +108,5 @@
       "@semantic-release/github"
     ]
   },
-  "packageManager": "yarn@4.9.1"
+  "packageManager": "yarn@4.9.2"
 }