@arcis/node 1.0.0

package/dist/validation/index.js

@@ -0,0 +1,705 @@
+'use strict';
+
+// src/core/constants.ts
+var INPUT = {
+  /** Default maximum input size (1MB) */
+  DEFAULT_MAX_SIZE: 1e6};
+var XSS_REMOVE_PATTERNS = [
+  /** Full script blocks (content + tags) */
+  /<script[^>]*>[\s\S]*?<\/script>/gi,
+  /** Standalone/unclosed script tags */
+  /<script[^>]*>/gi,
+  /** iframe — full block and partial/unclosed */
+  /<iframe[^>]*>[\s\S]*?<\/iframe>/gi,
+  /<iframe[^>]*/gi,
+  /** object — full block and partial/unclosed */
+  /<object[^>]*>[\s\S]*?<\/object>/gi,
+  /<object[^>]*/gi,
+  /** embed tags */
+  /<embed[^>]*/gi,
+  /** SVG with inline event handlers */
+  /<svg[^>]*onload[^>]*>/gi,
+  /** URL-encoded script tags */
+  /%3Cscript/gi,
+  /** Event handlers with quoted values: onclick="...", onerror='...' */
+  /(?:[\s/])on\w+\s*=\s*["'][^"']*["']/gi,
+  /** Event handlers with unquoted values: onload=value */
+  /(?:[\s/])on\w+\s*=\s*[^\s>]*/gi,
+  /** javascript: and vbscript: protocols (allow optional spaces before colon) */
+  /javascript\s*:/gi,
+  /vbscript\s*:/gi,
+  /** data: URIs with HTML/script content */
+  /data\s*:\s*text\/html[^>\s]*/gi
+];
+var SQL_PATTERNS = [
+  /** SQL keywords */
+  /(\b(SELECT|INSERT|UPDATE|DELETE|DROP|UNION|ALTER|CREATE|TRUNCATE|EXEC|EXECUTE)\b)/gi,
+  /** SQL comments: ANSI (--), C-style (slash-star ... star-slash), MySQL (#) */
+  /(--|\/\*|\*\/|#)/g,
+  /** SQL statement separators */
+  /(;|\|\||&&)/g,
+  /** Boolean injection: OR 1=1 */
+  /\bOR\s+\d+\s*=\s*\d+/gi,
+  /** Boolean injection: OR 'a'='a' or OR "a"="a" (including mixed quotes) */
+  /\bOR\s+(['"])[^'"]*\1\s*=\s*(['"])[^'"]*\2/gi,
+  /\bOR\s+('[^']*'|"[^"]*")\s*=\s*('[^']*'|"[^"]*")/gi,
+  /** Boolean injection: AND 1=1 */
+  /\bAND\s+\d+\s*=\s*\d+/gi,
+  /** Boolean injection: AND 'a'='a' or AND "a"="a" (including mixed quotes) */
+  /\bAND\s+(['"])[^'"]*\1\s*=\s*(['"])[^'"]*\2/gi,
+  /\bAND\s+('[^']*'|"[^"]*")\s*=\s*('[^']*'|"[^"]*")/gi,
+  /** Time-based blind: SLEEP() */
+  /\bSLEEP\s*\(\s*\d+\s*\)/gi,
+  /** Time-based blind: BENCHMARK() */
+  /\bBENCHMARK\s*\(/gi
+];
+var PATH_PATTERNS = [
+  /** Unix path traversal */
+  /\.\.\//g,
+  /** Windows path traversal */
+  /\.\.\\/g,
+  /** URL-encoded traversal (%2e%2e) */
+  /%2e%2e/gi,
+  /** Double URL-encoded traversal (%252e) */
+  /%252e/gi,
+  /** Mixed encoding: ..%2F */
+  /\.\.%2F/gi,
+  /** Mixed encoding: %2e./ and .%2e/ */
+  /%2e\.[\\/]/gi,
+  /\.%2e[\\/]/gi,
+  /** Fully URL-encoded: %2e%2e%2f */
+  /%2e%2e%2f/gi,
+  /** Null byte injection in paths */
+  /\0/g
+];
+var COMMAND_PATTERNS = [
+  /**
+   * Shell metacharacters that enable command chaining/substitution.
+   * Bare ( and ) are excluded — they appear in common legitimate values
+   * (function calls in code fields, math expressions, etc.).
+   * Command substitution is caught by the $( combined pattern below.
+   * NOTE: ';', '&', '|' may appear in legitimate URL query strings
+   * and Markdown; consider disabling command checking (command: false)
+   * for fields that intentionally allow those characters.
+   */
+  /[;&|`]/g,
+  /** Command substitution: $( ... ) — matched as a pair to reduce false positives */
+  /\$\(/g
+];
+var VALIDATION = {
+  /**
+   * Email regex pattern.
+   * Rejects consecutive dots in local part (e.g. test..foo@example.com),
+   * leading/trailing dots, and other common invalid forms.
+   */
+  EMAIL: /^[^\s@.][^\s@]*(?:\.[^\s@.][^\s@]*)*@[^\s@]+\.[^\s@]+$/,
+  /**
+   * URL regex pattern.
+   * Only allows http:// and https:// — explicitly rejects javascript:,
+   * data:, vbscript:, and other dangerous URI schemes.
+   */
+  URL: /^https?:\/\/[^\s/$.?#][^\s]*$/,
+  /** UUID regex pattern (v4) */
+  UUID: /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+};
+var ERRORS = {
+  /** Validation error messages */
+  VALIDATION: {
+    REQUIRED: (field) => `${field} is required`,
+    INVALID_TYPE: (field, type) => `${field} must be a ${type}`,
+    MIN_LENGTH: (field, min) => `${field} must be at least ${min} characters`,
+    MAX_LENGTH: (field, max) => `${field} must be at most ${max} characters`,
+    MIN_VALUE: (field, min) => `${field} must be at least ${min}`,
+    MAX_VALUE: (field, max) => `${field} must be at most ${max}`,
+    INVALID_FORMAT: (field) => `${field} format is invalid`,
+    INVALID_EMAIL: (field) => `${field} must be a valid email`,
+    INVALID_URL: (field) => `${field} must be a valid URL`,
+    INVALID_UUID: (field) => `${field} must be a valid UUID`,
+    INVALID_ENUM: (field, values) => `${field} must be one of: ${values.join(", ")}`,
+    MIN_ITEMS: (field, min) => `${field} must have at least ${min} items`,
+    MAX_ITEMS: (field, max) => `${field} must have at most ${max} items`
+  }
+};
+
+// src/core/errors.ts
+var ArcisError = class extends Error {
+  constructor(message, statusCode = 500, code = "ARCIS_ERROR") {
+    super(message);
+    this.name = "ArcisError";
+    this.statusCode = statusCode;
+    this.code = code;
+    this.expose = statusCode < 500;
+    if (Error.captureStackTrace) {
+      Error.captureStackTrace(this, this.constructor);
+    }
+  }
+};
+var InputTooLargeError = class extends ArcisError {
+  constructor(maxSize, actualSize) {
+    super(`Input exceeds maximum size of ${maxSize} bytes`, 413, "INPUT_TOO_LARGE");
+    this.name = "InputTooLargeError";
+    this.maxSize = maxSize;
+    this.actualSize = actualSize;
+  }
+};
+var SecurityThreatError = class extends ArcisError {
+  constructor(threatType, pattern) {
+    super("Request blocked for security reasons", 400, "SECURITY_THREAT");
+    this.name = "SecurityThreatError";
+    this.threatType = threatType;
+    this.pattern = pattern;
+  }
+};
+
+// src/sanitizers/utils.ts
+function encodeHtmlEntities(str) {
+  return str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#x27;");
+}
+
+// src/sanitizers/xss.ts
+function sanitizeXss(input, collectThreats = false, htmlEncode = false) {
+  if (typeof input !== "string") {
+    return collectThreats ? { value: String(input), wasSanitized: false, threats: [] } : String(input);
+  }
+  const threats = [];
+  let value = input;
+  let wasSanitized = false;
+  for (const pattern of XSS_REMOVE_PATTERNS) {
+    pattern.lastIndex = 0;
+    if (pattern.test(value)) {
+      pattern.lastIndex = 0;
+      if (collectThreats) {
+        const matches = value.match(pattern);
+        if (matches) {
+          for (const match of matches) {
+            threats.push({
+              type: "xss",
+              pattern: pattern.source,
+              original: match
+            });
+          }
+        }
+      }
+      value = value.replace(pattern, "");
+      wasSanitized = true;
+    }
+  }
+  if (htmlEncode) {
+    const encoded = encodeHtmlEntities(value);
+    if (encoded !== value) {
+      wasSanitized = true;
+    }
+    value = encoded;
+  }
+  if (collectThreats) {
+    return { value, wasSanitized, threats };
+  }
+  return value;
+}
+
+// src/sanitizers/sql.ts
+function sanitizeSql(input, collectThreats = false) {
+  if (typeof input !== "string") {
+    return collectThreats ? { value: String(input), wasSanitized: false, threats: [] } : String(input);
+  }
+  const threats = [];
+  let value = input;
+  let wasSanitized = false;
+  for (const pattern of SQL_PATTERNS) {
+    pattern.lastIndex = 0;
+    if (pattern.test(value)) {
+      pattern.lastIndex = 0;
+      if (collectThreats) {
+        const matches = value.match(pattern);
+        if (matches) {
+          for (const match of matches) {
+            threats.push({
+              type: "sql_injection",
+              pattern: pattern.source,
+              original: match
+            });
+          }
+        }
+      }
+      value = value.replace(pattern, " ");
+      wasSanitized = true;
+    }
+  }
+  if (collectThreats) {
+    return { value, wasSanitized, threats };
+  }
+  return value;
+}
+function detectSql(input) {
+  if (typeof input !== "string") return false;
+  for (const pattern of SQL_PATTERNS) {
+    pattern.lastIndex = 0;
+    if (pattern.test(input)) {
+      return true;
+    }
+  }
+  return false;
+}
+
+// src/sanitizers/path.ts
+function sanitizePath(input, collectThreats = false) {
+  if (typeof input !== "string") {
+    return collectThreats ? { value: String(input), wasSanitized: false, threats: [] } : String(input);
+  }
+  const threats = [];
+  let value = input;
+  let wasSanitized = false;
+  for (const pattern of PATH_PATTERNS) {
+    pattern.lastIndex = 0;
+    if (pattern.test(value)) {
+      pattern.lastIndex = 0;
+      if (collectThreats) {
+        const matches = value.match(pattern);
+        if (matches) {
+          for (const match of matches) {
+            threats.push({
+              type: "path_traversal",
+              pattern: pattern.source,
+              original: match
+            });
+          }
+        }
+      }
+      value = value.replace(pattern, "");
+      wasSanitized = true;
+    }
+  }
+  if (collectThreats) {
+    return { value, wasSanitized, threats };
+  }
+  return value;
+}
+
+// src/sanitizers/command.ts
+function sanitizeCommand(input, collectThreats = false) {
+  if (typeof input !== "string") {
+    return collectThreats ? { value: String(input), wasSanitized: false, threats: [] } : String(input);
+  }
+  const threats = [];
+  let value = input;
+  let wasSanitized = false;
+  for (const pattern of COMMAND_PATTERNS) {
+    pattern.lastIndex = 0;
+    if (pattern.test(value)) {
+      pattern.lastIndex = 0;
+      if (collectThreats) {
+        const matches = value.match(pattern);
+        if (matches) {
+          for (const match of matches) {
+            threats.push({
+              type: "command_injection",
+              pattern: pattern.source,
+              original: match
+            });
+          }
+        }
+      }
+      value = value.replace(pattern, " ");
+      wasSanitized = true;
+    }
+  }
+  if (collectThreats) {
+    return { value, wasSanitized, threats };
+  }
+  return value;
+}
+function detectCommandInjection(input) {
+  if (typeof input !== "string") return false;
+  for (const pattern of COMMAND_PATTERNS) {
+    pattern.lastIndex = 0;
+    if (pattern.test(input)) {
+      return true;
+    }
+  }
+  return false;
+}
+
+// src/sanitizers/sanitize.ts
+function sanitizeString(value, options = {}) {
+  if (typeof value !== "string") return value;
+  const maxSize = options.maxSize ?? INPUT.DEFAULT_MAX_SIZE;
+  if (value.length > maxSize) {
+    throw new InputTooLargeError(maxSize, value.length);
+  }
+  const reject = options.mode !== "sanitize";
+  let result = value;
+  if (options.sql !== false) {
+    if (reject) {
+      if (detectSql(result)) {
+        throw new SecurityThreatError("sql_injection", "SQL pattern detected in input");
+      }
+    } else {
+      result = sanitizeSql(result);
+    }
+  }
+  if (options.path !== false) {
+    result = sanitizePath(result);
+  }
+  if (options.command !== false) {
+    if (reject) {
+      if (detectCommandInjection(result)) {
+        throw new SecurityThreatError("command_injection", "Shell metacharacter detected in input");
+      }
+    } else {
+      result = sanitizeCommand(result);
+    }
+  }
+  if (options.xss !== false) {
+    result = sanitizeXss(result, false, options.htmlEncode ?? false);
+  }
+  return result;
+}
+
+// src/validation/schema.ts
+function validate(schema, source = "body") {
+  return (req, res, next) => {
+    const data = req[source] || {};
+    const errors = [];
+    const validated = {};
+    for (const [field, rules] of Object.entries(schema)) {
+      const value = data[field];
+      const result = validateField(field, value, rules);
+      if (result.errors.length > 0) {
+        errors.push(...result.errors);
+      } else if (result.value !== void 0) {
+        validated[field] = result.value;
+      }
+    }
+    if (errors.length > 0) {
+      res.status(400).json({ errors });
+      return;
+    }
+    req[source] = validated;
+    next();
+  };
+}
+function validateField(field, value, rules) {
+  const errors = [];
+  if (rules.required && (value === void 0 || value === null || value === "")) {
+    errors.push(ERRORS.VALIDATION.REQUIRED(field));
+    return { errors };
+  }
+  if (value === void 0 || value === null) {
+    return { errors: [] };
+  }
+  let typedValue = value;
+  let isValid = true;
+  switch (rules.type) {
+    case "string":
+      if (typeof value !== "string") {
+        errors.push(ERRORS.VALIDATION.INVALID_TYPE(field, "string"));
+        isValid = false;
+        break;
+      }
+      if (rules.min !== void 0 && value.length < rules.min) {
+        errors.push(ERRORS.VALIDATION.MIN_LENGTH(field, rules.min));
+        isValid = false;
+      }
+      if (rules.max !== void 0 && value.length > rules.max) {
+        errors.push(ERRORS.VALIDATION.MAX_LENGTH(field, rules.max));
+        isValid = false;
+      }
+      if (rules.pattern && !rules.pattern.test(value)) {
+        errors.push(ERRORS.VALIDATION.INVALID_FORMAT(field));
+        isValid = false;
+      }
+      if (isValid && rules.enum && !rules.enum.includes(value)) {
+        errors.push(ERRORS.VALIDATION.INVALID_ENUM(field, rules.enum));
+        isValid = false;
+      }
+      if (isValid && rules.sanitize !== false) {
+        typedValue = sanitizeString(value);
+      }
+      break;
+    case "number":
+      typedValue = Number(value);
+      if (isNaN(typedValue)) {
+        errors.push(ERRORS.VALIDATION.INVALID_TYPE(field, "number"));
+        isValid = false;
+        break;
+      }
+      if (rules.min !== void 0 && typedValue < rules.min) {
+        errors.push(ERRORS.VALIDATION.MIN_VALUE(field, rules.min));
+        isValid = false;
+      }
+      if (rules.max !== void 0 && typedValue > rules.max) {
+        errors.push(ERRORS.VALIDATION.MAX_VALUE(field, rules.max));
+        isValid = false;
+      }
+      break;
+    case "boolean":
+      if (value === "true" || value === true || value === 1 || value === "1") {
+        typedValue = true;
+      } else if (value === "false" || value === false || value === 0 || value === "0") {
+        typedValue = false;
+      } else {
+        errors.push(ERRORS.VALIDATION.INVALID_TYPE(field, "boolean"));
+        isValid = false;
+      }
+      break;
+    case "email":
+      if (!VALIDATION.EMAIL.test(String(value))) {
+        errors.push(ERRORS.VALIDATION.INVALID_EMAIL(field));
+        isValid = false;
+      }
+      if (isValid) {
+        typedValue = sanitizeString(String(value).toLowerCase().trim());
+      }
+      break;
+    case "url":
+      if (!VALIDATION.URL.test(String(value))) {
+        errors.push(ERRORS.VALIDATION.INVALID_URL(field));
+        isValid = false;
+      }
+      if (isValid) {
+        typedValue = sanitizeString(String(value));
+      }
+      break;
+    case "uuid":
+      if (!VALIDATION.UUID.test(String(value))) {
+        errors.push(ERRORS.VALIDATION.INVALID_UUID(field));
+        isValid = false;
+      }
+      break;
+    case "array":
+      if (!Array.isArray(value)) {
+        errors.push(ERRORS.VALIDATION.INVALID_TYPE(field, "array"));
+        isValid = false;
+        break;
+      }
+      if (rules.min !== void 0 && value.length < rules.min) {
+        errors.push(ERRORS.VALIDATION.MIN_ITEMS(field, rules.min));
+        isValid = false;
+      }
+      if (rules.max !== void 0 && value.length > rules.max) {
+        errors.push(ERRORS.VALIDATION.MAX_ITEMS(field, rules.max));
+        isValid = false;
+      }
+      break;
+    case "object":
+      if (typeof value !== "object" || Array.isArray(value) || value === null) {
+        errors.push(ERRORS.VALIDATION.INVALID_TYPE(field, "object"));
+        isValid = false;
+      }
+      break;
+  }
+  if (isValid && rules.enum && rules.type !== "string" && !rules.enum.includes(typedValue)) {
+    errors.push(ERRORS.VALIDATION.INVALID_ENUM(field, rules.enum));
+    isValid = false;
+  }
+  if (isValid && rules.custom) {
+    const customResult = rules.custom(typedValue);
+    if (customResult === void 0) {
+      throw new TypeError(
+        `Custom validator for field "${field}" returned undefined. Return true to pass, false to fail, or a string error message.`
+      );
+    }
+    if (customResult !== true) {
+      errors.push(typeof customResult === "string" && customResult.length > 0 ? customResult : `${field} is invalid`);
+      isValid = false;
+    }
+  }
+  return {
+    value: isValid ? typedValue : void 0,
+    errors
+  };
+}
+var createValidator = validate;
+
+// src/validation/file.ts
+var MAGIC_BYTES = {
+  // Images
+  "image/jpeg": [Buffer.from([255, 216, 255])],
+  "image/png": [Buffer.from([137, 80, 78, 71])],
+  "image/gif": [Buffer.from("GIF87a"), Buffer.from("GIF89a")],
+  "image/webp": [Buffer.from("RIFF")],
+  // RIFF....WEBP
+  "image/bmp": [Buffer.from([66, 77])],
+  "image/svg+xml": [],
+  // text-based, check separately
+  // Documents
+  "application/pdf": [Buffer.from("%PDF")],
+  "application/zip": [Buffer.from([80, 75, 3, 4])],
+  // Audio/Video
+  "audio/mpeg": [Buffer.from([255, 251]), Buffer.from([255, 243]), Buffer.from([73, 68, 51])],
+  "video/mp4": []
+  // ftyp at offset 4
+};
+var DANGEROUS_EXTENSIONS = /* @__PURE__ */ new Set([
+  // Scripts
+  ".exe",
+  ".bat",
+  ".cmd",
+  ".com",
+  ".msi",
+  ".scr",
+  ".pif",
+  ".vbs",
+  ".vbe",
+  ".js",
+  ".jse",
+  ".ws",
+  ".wsf",
+  ".wsc",
+  ".wsh",
+  ".ps1",
+  ".ps1xml",
+  ".ps2",
+  ".ps2xml",
+  ".psc1",
+  ".psc2",
+  ".sh",
+  ".bash",
+  ".csh",
+  ".ksh",
+  // Server-side
+  ".php",
+  ".php3",
+  ".php4",
+  ".php5",
+  ".phtml",
+  ".pht",
+  ".asp",
+  ".aspx",
+  ".ashx",
+  ".asmx",
+  ".cer",
+  ".jsp",
+  ".jspx",
+  ".jsw",
+  ".jsv",
+  ".cgi",
+  ".pl",
+  ".py",
+  ".rb",
+  // Java
+  ".jar",
+  ".war",
+  ".ear",
+  ".class",
+  // Config that can execute
+  ".htaccess",
+  ".htpasswd",
+  // Template engines
+  ".ejs",
+  ".pug",
+  ".hbs",
+  ".handlebars",
+  ".njk",
+  ".twig",
+  // Shortcuts/links
+  ".lnk",
+  ".inf",
+  ".reg",
+  ".url",
+  // Office macros
+  ".docm",
+  ".xlsm",
+  ".pptm",
+  ".dotm"
+]);
+var DEFAULT_MAX_SIZE = 5 * 1024 * 1024;
+function sanitizeFilename(filename) {
+  let name = filename;
+  name = name.replace(/\0/g, "");
+  name = name.replace(/^.*[/\\]/, "");
+  name = name.replace(/[\x00-\x1F\x7F]/g, "");
+  name = name.replace(/[<>:"/\\|?*]/g, "");
+  name = name.replace(/[\s()]+/g, "_");
+  name = name.replace(/^\.+/, "");
+  name = name.replace(/_{2,}/g, "_");
+  name = name.replace(/\.{2,}/g, ".");
+  name = name.replace(/_+\./g, ".");
+  name = name.replace(/^_+|_+$/g, "");
+  if (!name || name === ".") {
+    name = "unnamed";
+  }
+  return name;
+}
+function matchesMagicBytes(buffer, mimetype) {
+  const signatures = MAGIC_BYTES[mimetype];
+  if (!signatures || signatures.length === 0) return true;
+  return signatures.some((sig) => {
+    if (buffer.length < sig.length) return false;
+    return buffer.subarray(0, sig.length).equals(sig);
+  });
+}
+function getExtension(filename) {
+  const lastDot = filename.lastIndexOf(".");
+  if (lastDot < 1) return "";
+  return filename.slice(lastDot).toLowerCase();
+}
+function hasDoubleExtension(filename) {
+  const parts = filename.split(".");
+  if (parts.length < 3) return false;
+  for (let i = 1; i < parts.length - 1; i++) {
+    const ext = "." + parts[i].toLowerCase();
+    if (DANGEROUS_EXTENSIONS.has(ext)) return true;
+  }
+  return false;
+}
+function validateFile(file, options = {}) {
+  const {
+    maxSize = DEFAULT_MAX_SIZE,
+    allowedTypes,
+    allowedExtensions,
+    blockExecutables = true,
+    validateMagicBytes = true,
+    blockNoExtension = true,
+    blockDoubleExtensions = true
+  } = options;
+  const errors = [];
+  const sanitizedFilename = sanitizeFilename(file.filename);
+  const extension = getExtension(sanitizedFilename);
+  if (file.size > maxSize) {
+    errors.push(`File size ${file.size} exceeds maximum ${maxSize} bytes`);
+  }
+  if (file.size === 0) {
+    errors.push("File is empty");
+  }
+  if (blockNoExtension && !extension) {
+    errors.push("File has no extension");
+  }
+  if (blockExecutables && extension && DANGEROUS_EXTENSIONS.has(extension)) {
+    errors.push(`Executable extension "${extension}" is not allowed`);
+  }
+  if (blockDoubleExtensions && hasDoubleExtension(sanitizedFilename)) {
+    errors.push("Double extensions with executable types are not allowed");
+  }
+  if (allowedExtensions && extension) {
+    const normalizedAllowed = allowedExtensions.map((e) => e.toLowerCase());
+    if (!normalizedAllowed.includes(extension)) {
+      errors.push(`Extension "${extension}" is not allowed. Allowed: ${normalizedAllowed.join(", ")}`);
+    }
+  }
+  if (allowedTypes && !allowedTypes.includes(file.mimetype)) {
+    errors.push(`MIME type "${file.mimetype}" is not allowed. Allowed: ${allowedTypes.join(", ")}`);
+  }
+  if (validateMagicBytes && file.buffer && file.buffer.length > 0) {
+    if (!matchesMagicBytes(file.buffer, file.mimetype)) {
+      errors.push(`File content does not match claimed MIME type "${file.mimetype}"`);
+    }
+  }
+  return {
+    valid: errors.length === 0,
+    errors,
+    sanitizedFilename
+  };
+}
+function isDangerousExtension(filename) {
+  const ext = getExtension(filename);
+  return ext !== "" && DANGEROUS_EXTENSIONS.has(ext);
+}
+
+exports.createValidator = createValidator;
+exports.isDangerousExtension = isDangerousExtension;
+exports.sanitizeFilename = sanitizeFilename;
+exports.validate = validate;
+exports.validateFile = validateFile;
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map