@bfra.me/doc-sync 0.1.0 → 0.1.1

package/src/generators/mdx-generator.ts

@@ -169,15 +169,12 @@ function renderMDXDocument(frontmatter: MDXFrontmatter, content: string): string
  * Prevents XSS by escaping potentially dangerous content
  */
 export function sanitizeContent(content: string): string {
-  // Use comprehensive sanitization from utils
   return sanitizeForMDX(content)
 }
 
 /**
  * Sanitizes content within MDX while preserving JSX components
- * Only escapes content that appears to be user-provided text
- * Now includes sanitization of JSX component attributes to prevent XSS
- * Uses safe, non-backtracking parsing to prevent ReDoS
+ * Sanitizes JSX component attributes to prevent XSS while leaving closing tags unchanged
  */
 export function sanitizeTextContent(content: string): string {
   const jsxTags = parseJSXTags(content)
@@ -189,12 +186,7 @@ export function sanitizeTextContent(content: string): string {
       parts.push(sanitizeContent(content.slice(lastIndex, index)))
     }
 
-    if (isClosing) {
-      parts.push(tag)
-    } else {
-      parts.push(sanitizeJSXTag(tag))
-    }
-
+    parts.push(isClosing ? tag : sanitizeJSXTag(tag))
     lastIndex = index + tag.length
   }
 
@@ -225,23 +217,32 @@ export function validateMDXSyntax(mdx: string): Result<true, SyncError> {
   return ok(true)
 }
 
+/**
+ * Checks if a tag name is likely a TypeScript generic parameter rather than a JSX component
+ * Single uppercase letters (T, E, K, V, etc.) are common generic type parameters
+ */
+function isTypeScriptGeneric(tag: string): boolean {
+  const tagNameMatch = tag.match(/<\/?([A-Z][a-zA-Z0-9]*)/)
+  const tagName = tagNameMatch?.[1]
+  return tagName !== undefined && tagName.length === 1
+}
+
 function checkForUnclosedTags(mdx: string): string[] {
   const unclosed: string[] = []
   const tagStack: string[] = []
 
-  // Remove code blocks from content before checking for JSX tags
-  // This prevents TypeScript generics like Result<T, E> from being
-  // misinterpreted as unclosed JSX tags
+  // Remove code blocks and inline code to prevent TypeScript generics like Result<T, E>
+  // from being misinterpreted as JSX tags
   const codeBlocks = extractCodeBlocks(mdx)
-  let contentWithoutCodeBlocks = mdx
+  let contentWithoutCode = mdx
   for (const block of codeBlocks) {
-    // Replace code block with empty lines to preserve line numbers
     const lineCount = block.split('\n').length
     const placeholder = '\n'.repeat(lineCount)
-    contentWithoutCodeBlocks = contentWithoutCodeBlocks.replace(block, placeholder)
+    contentWithoutCode = contentWithoutCode.replace(block, placeholder)
   }
 
-  const jsxTags = parseJSXTags(contentWithoutCodeBlocks)
+  const allJSXTags = parseJSXTags(contentWithoutCode)
+  const jsxTags = allJSXTags.filter(({tag}) => !isTypeScriptGeneric(tag))
 
   for (const {tag, isClosing, isSelfClosing} of jsxTags) {
     const tagNameMatch = isClosing

package/src/index.ts

@@ -71,6 +71,75 @@ export type {
   ValidationWarning,
 } from './orchestrator'
 
+// Re-export parsers
+export {
+  analyzePublicAPI,
+  analyzeTypeScriptContent,
+  analyzeTypeScriptFile,
+  assertPackageAPI,
+  assertPackageInfo,
+  assertParseError,
+  buildDocSlug,
+  createProject,
+  extractDocsConfig,
+  extractExportedFunctions,
+  extractExportedTypes,
+  extractJSDocInfo,
+  extractPackageAPI,
+  extractReExports,
+  findEntryPoint,
+  findExportedSymbols,
+  findReadmePath,
+  findSection,
+  flattenSections,
+  getExportedSymbolInfo,
+  getExportsByKind,
+  getPackageScope,
+  getSectionsByLevel,
+  getTableOfContents,
+  getUnscopedName,
+  hasJSDoc,
+  isDocConfigSource,
+  isExportedFunction,
+  isExportedType,
+  isJSDocInfo,
+  isJSDocParam,
+  isJSDocTag,
+  isMDXFrontmatter,
+  isPackageAPI,
+  isPackageInfo,
+  isParseError,
+  isReadmeContent,
+  isReadmeSection,
+  isReExport,
+  isSafeContent,
+  isSafeFilePath,
+  isSymbolExported,
+  isSyncError,
+  isValidHeadingLevel,
+  isValidPackageName,
+  isValidSemver,
+  parseJSDoc,
+  parsePackageComplete,
+  parsePackageJson,
+  parsePackageJsonContent,
+  parseReadme,
+  parseReadmeFile,
+  parseSourceContent,
+  parseSourceFile,
+} from './parsers'
+
+export type {
+  ExportAnalyzerOptions,
+  JSDocableDeclaration,
+  PackageInfoOptions,
+  PackageJsonSchema,
+  PublicAPIAnalysis,
+  ReadmeParserOptions,
+  ResolvedExport,
+  TypeScriptParserOptions,
+} from './parsers'
+
 export type {
   CLIOptions,
   DocConfig,
@@ -102,6 +171,19 @@ export type {
 
 export {SENTINEL_MARKERS} from './types'
 
+// Re-export utils
+export {
+  createHeadingPattern,
+  extractCodeBlocks,
+  findEmptyMarkdownLinks,
+  hasComponent,
+  parseJSXAttributes,
+  parseJSXTags,
+  sanitizeAttribute,
+  sanitizeForMDX,
+  sanitizeJSXTag,
+} from './utils'
+
 // Re-export watcher
 export {
   categorizeFile,

package/src/utils/safe-patterns.ts

@@ -51,11 +51,11 @@ export function hasComponent(content: string, componentName: string): boolean {
 }
 
 /**
- * Extract code blocks from markdown content using unified/remark (safe, no regex)
+ * Extract code blocks and inline code from markdown content using unified/remark (safe, no regex)
  * This approach uses AST parsing instead of regex to avoid ReDoS vulnerabilities
  *
  * @param content - The markdown content to parse
- * @returns Array of code block strings with their language identifiers
+ * @returns Array of code block strings (fenced blocks with backticks, inline code with backticks)
  *
  * @example
  * ```ts
@@ -91,6 +91,10 @@ export function extractCodeBlocks(content: string): readonly string[] {
       const value = node.value ?? ''
       blocks.push(`\`\`\`${lang}\n${value}\n\`\`\``)
     }
+    if (node.type === 'inlineCode') {
+      const value = node.value ?? ''
+      blocks.push(`\`${value}\``)
+    }
     if (Array.isArray(node.children)) {
       for (const child of node.children) {
         visit(child)