npm - @blamejs/core - Versions diffs - 0.14.0 → 0.14.2 - Mend

@blamejs/core 0.14.0 → 0.14.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (277) hide show

package/CHANGELOG.md +4 -0
package/lib/_test/crypto-fixtures.js +3 -3
package/lib/a2a-tasks.js +18 -18
package/lib/a2a.js +4 -4
package/lib/acme.js +3 -3
package/lib/agent-idempotency.js +1 -1
package/lib/agent-orchestrator.js +8 -8
package/lib/agent-posture-chain.js +2 -2
package/lib/agent-saga.js +1 -1
package/lib/agent-snapshot.js +1 -1
package/lib/agent-stream.js +1 -1
package/lib/agent-tenant.js +1 -1
package/lib/agent-trace.js +3 -3
package/lib/ai-capability.js +1 -1
package/lib/ai-dp.js +4 -4
package/lib/ai-input.js +3 -3
package/lib/ai-model-manifest.js +7 -7
package/lib/ai-pref.js +3 -3
package/lib/archive-gz.js +2 -2
package/lib/archive-read.js +25 -25
package/lib/archive-tar-read.js +2 -2
package/lib/archive-tar.js +20 -20
package/lib/archive-wrap.js +10 -10
package/lib/argon2-builtin.js +1 -1
package/lib/asn1-der.js +45 -34
package/lib/atomic-file.js +2 -2
package/lib/audit-daily-review.js +3 -3
package/lib/audit-sign.js +5 -5
package/lib/audit-tools.js +1 -1
package/lib/audit.js +2 -2
package/lib/auth/acr-vocabulary.js +2 -2
package/lib/auth/bot-challenge.js +3 -3
package/lib/auth/ciba.js +7 -7
package/lib/auth/dpop.js +3 -3
package/lib/auth/fido-mds3.js +8 -8
package/lib/auth/jar.js +11 -0
package/lib/auth/jwt-external.js +5 -5
package/lib/auth/oauth.js +7 -9
package/lib/auth/oid4vci.js +10 -10
package/lib/auth/oid4vp.js +2 -2
package/lib/auth/openid-federation.js +2 -2
package/lib/auth/passkey.js +3 -3
package/lib/auth/saml.js +29 -25
package/lib/auth/sd-jwt-vc-disclosure.js +1 -1
package/lib/auth/sd-jwt-vc.js +4 -4
package/lib/auth/status-list.js +10 -10
package/lib/auth/step-up.js +1 -1
package/lib/auth-bot-challenge.js +1 -1
package/lib/backup/index.js +7 -7
package/lib/base32.js +8 -8
package/lib/budr.js +2 -2
package/lib/cache-status.js +2 -2
package/lib/calendar.js +23 -23
package/lib/cbor.js +12 -12
package/lib/cdn-cache-control.js +1 -1
package/lib/cert.js +5 -5
package/lib/cloud-events.js +5 -5
package/lib/cms-codec.js +21 -21
package/lib/codepoint-class.js +12 -12
package/lib/compliance-sanctions-fuzzy.js +4 -4
package/lib/compliance-sanctions.js +4 -4
package/lib/compliance.js +29 -29
package/lib/content-credentials.js +36 -36
package/lib/cookies.js +1 -1
package/lib/cose.js +13 -13
package/lib/cra-report.js +1 -1
package/lib/crdt.js +1 -1
package/lib/crypto-field.js +2 -2
package/lib/crypto-xwing.js +7 -7
package/lib/crypto.js +6 -6
package/lib/csp.js +2 -2
package/lib/cwt.js +4 -4
package/lib/dark-patterns.js +2 -2
package/lib/data-act.js +2 -2
package/lib/db-file-lifecycle.js +4 -4
package/lib/db-query.js +1 -1
package/lib/db.js +6 -6
package/lib/dbsc.js +13 -13
package/lib/did.js +17 -17
package/lib/dora.js +4 -4
package/lib/dsr.js +1 -1
package/lib/early-hints.js +2 -2
package/lib/eat.js +4 -4
package/lib/external-db-migrate.js +1 -1
package/lib/external-db.js +1 -1
package/lib/flag-cache.js +1 -1
package/lib/flag-evaluation-context.js +2 -2
package/lib/graphql-federation.js +4 -4
package/lib/guard-agent-registry.js +5 -5
package/lib/guard-archive.js +24 -24
package/lib/guard-cidr.js +33 -33
package/lib/guard-csv.js +1 -1
package/lib/guard-domain.js +10 -10
package/lib/guard-dsn.js +4 -4
package/lib/guard-email.js +19 -19
package/lib/guard-event-bus-payload.js +4 -4
package/lib/guard-event-bus-topic.js +6 -6
package/lib/guard-filename.js +7 -7
package/lib/guard-graphql.js +9 -9
package/lib/guard-html-wcag-tagwalk.js +1 -1
package/lib/guard-html-wcag.js +4 -4
package/lib/guard-html.js +7 -7
package/lib/guard-idempotency-key.js +6 -6
package/lib/guard-image.js +4 -4
package/lib/guard-imap-command.js +17 -17
package/lib/guard-jmap.js +20 -20
package/lib/guard-json.js +12 -12
package/lib/guard-jsonpath.js +3 -3
package/lib/guard-jwt.js +4 -4
package/lib/guard-list-id.js +7 -7
package/lib/guard-list-unsubscribe.js +8 -8
package/lib/guard-mail-compose.js +4 -4
package/lib/guard-mail-move.js +5 -5
package/lib/guard-mail-query.js +3 -3
package/lib/guard-mail-reply.js +3 -3
package/lib/guard-mail-sieve.js +6 -6
package/lib/guard-managesieve-command.js +25 -25
package/lib/guard-markdown.js +31 -31
package/lib/guard-message-id.js +5 -5
package/lib/guard-mime.js +1 -1
package/lib/guard-oauth.js +3 -3
package/lib/guard-pdf.js +6 -6
package/lib/guard-pop3-command.js +11 -11
package/lib/guard-posture-chain.js +5 -5
package/lib/guard-regex.js +10 -10
package/lib/guard-saga-config.js +5 -5
package/lib/guard-smtp-command.js +6 -6
package/lib/guard-snapshot-envelope.js +3 -3
package/lib/guard-stream-args.js +4 -4
package/lib/guard-svg.js +11 -11
package/lib/guard-tenant-id.js +5 -5
package/lib/guard-time.js +15 -15
package/lib/guard-trace-context.js +4 -4
package/lib/guard-uuid.js +11 -11
package/lib/guard-xml.js +12 -12
package/lib/guard-yaml.js +16 -16
package/lib/honeytoken.js +5 -5
package/lib/http-client.js +1 -1
package/lib/http-message-signature.js +2 -2
package/lib/iab-mspa.js +3 -3
package/lib/iab-tcf.js +70 -70
package/lib/inbox.js +4 -4
package/lib/ip-utils.js +15 -15
package/lib/jose-jwe-experimental.js +2 -2
package/lib/json-path.js +3 -3
package/lib/json-schema.js +1 -1
package/lib/jsonapi.js +3 -3
package/lib/jtd.js +2 -2
package/lib/link-header.js +1 -1
package/lib/local-db-thin.js +1 -1
package/lib/log.js +1 -1
package/lib/lro.js +4 -4
package/lib/mail-agent.js +1 -1
package/lib/mail-arc-sign.js +6 -6
package/lib/mail-auth.js +43 -43
package/lib/mail-bimi.js +3 -3
package/lib/mail-crypto-pgp.js +53 -45
package/lib/mail-crypto-smime.js +5 -5
package/lib/mail-dav.js +1 -1
package/lib/mail-deploy.js +39 -39
package/lib/mail-dkim.js +11 -11
package/lib/mail-greylist.js +12 -12
package/lib/mail-helo.js +1 -1
package/lib/mail-journal.js +8 -8
package/lib/mail-rbl.js +7 -7
package/lib/mail-scan.js +7 -7
package/lib/mail-send-deliver.js +2 -2
package/lib/mail-server-imap.js +12 -12
package/lib/mail-server-jmap.js +16 -16
package/lib/mail-server-managesieve.js +4 -4
package/lib/mail-server-mx.js +17 -17
package/lib/mail-server-pop3.js +4 -4
package/lib/mail-server-rate-limit.js +2 -2
package/lib/mail-server-submission.js +21 -21
package/lib/mail-sieve.js +2 -2
package/lib/mail-spam-score.js +5 -5
package/lib/mail-srs.js +12 -12
package/lib/mail-store-fts.js +2 -2
package/lib/mail-store.js +8 -8
package/lib/mail-unsubscribe.js +4 -4
package/lib/mail.js +4 -4
package/lib/mcp-tool-registry.js +4 -4
package/lib/mcp.js +8 -8
package/lib/mdoc.js +2 -2
package/lib/metrics.js +8 -8
package/lib/middleware/age-gate.js +1 -1
package/lib/middleware/api-encrypt.js +7 -7
package/lib/middleware/assetlinks.js +2 -2
package/lib/middleware/asyncapi-serve.js +2 -2
package/lib/middleware/bearer-auth.js +5 -5
package/lib/middleware/body-parser.js +5 -5
package/lib/middleware/compose-pipeline.js +15 -15
package/lib/middleware/csp-report.js +4 -4
package/lib/middleware/daily-byte-quota.js +1 -1
package/lib/middleware/dpop.js +1 -1
package/lib/middleware/headers.js +2 -2
package/lib/middleware/host-allowlist.js +1 -1
package/lib/middleware/idempotency-key.js +12 -12
package/lib/middleware/nel.js +1 -1
package/lib/middleware/openapi-serve.js +2 -2
package/lib/middleware/protected-resource-metadata.js +2 -2
package/lib/middleware/require-aal.js +1 -1
package/lib/middleware/require-bound-key.js +2 -2
package/lib/middleware/require-content-type.js +1 -1
package/lib/middleware/require-methods.js +1 -1
package/lib/middleware/require-step-up.js +2 -2
package/lib/middleware/scim-server.js +1 -1
package/lib/middleware/security-txt.js +3 -3
package/lib/middleware/tus-upload.js +12 -12
package/lib/middleware/web-app-manifest.js +2 -2
package/lib/network-byte-quota.js +1 -1
package/lib/network-dns-resolver.js +23 -23
package/lib/network-dns.js +29 -29
package/lib/network-dnssec.js +33 -33
package/lib/network-smtp-policy.js +10 -10
package/lib/network-tls.js +99 -94
package/lib/network-tsig.js +33 -33
package/lib/nis2-report.js +1 -1
package/lib/ntp-check.js +3 -3
package/lib/observability-otlp-exporter.js +17 -17
package/lib/observability-tracer.js +6 -6
package/lib/observability.js +8 -8
package/lib/openapi-yaml.js +1 -1
package/lib/openapi.js +1 -1
package/lib/outbox.js +6 -6
package/lib/pqc-agent.js +4 -4
package/lib/pqc-software.js +1 -1
package/lib/privacy-pass.js +5 -5
package/lib/problem-details.js +5 -5
package/lib/promise-pool.js +1 -1
package/lib/protobuf-encoder.js +9 -1
package/lib/queue.js +4 -2
package/lib/redact.js +2 -2
package/lib/request-helpers.js +1 -1
package/lib/router.js +10 -10
package/lib/safe-async.js +2 -2
package/lib/safe-dns.js +71 -71
package/lib/safe-ical.js +19 -19
package/lib/safe-icap.js +24 -24
package/lib/safe-jsonpath.js +2 -2
package/lib/safe-mime.js +10 -10
package/lib/safe-mount-info.js +3 -3
package/lib/safe-redirect.js +1 -1
package/lib/safe-sieve.js +23 -23
package/lib/safe-smtp.js +1 -1
package/lib/safe-vcard.js +14 -14
package/lib/sandbox.js +5 -5
package/lib/sec-cyber.js +1 -1
package/lib/self-update-standalone-verifier.js +3 -3
package/lib/self-update.js +3 -3
package/lib/server-timing.js +3 -3
package/lib/session-device-binding.js +7 -7
package/lib/session.js +8 -8
package/lib/standard-webhooks.js +4 -4
package/lib/storage.js +2 -2
package/lib/stream-throttle.js +1 -1
package/lib/structured-fields.js +15 -15
package/lib/subject.js +1 -1
package/lib/tcpa-10dlc.js +1 -1
package/lib/tenant-quota.js +3 -3
package/lib/test-harness.js +1 -1
package/lib/tracing.js +1 -1
package/lib/tsa.js +5 -5
package/lib/uri-template.js +5 -5
package/lib/vault/index.js +2 -2
package/lib/vault/seal-pem-file.js +4 -4
package/lib/vc.js +2 -2
package/lib/vendor-data.js +1 -1
package/lib/watcher.js +4 -4
package/lib/web-push-vapid.js +21 -21
package/lib/webhook.js +2 -2
package/lib/websocket.js +3 -3
package/lib/worker-pool.js +3 -3
package/lib/ws-client.js +24 -24
package/lib/xml-c14n.js +2 -2
package/package.json +1 -1
package/sbom.cdx.json +6 -6

package/lib/network-tsig.js CHANGED Viewed

@@ -39,8 +39,8 @@ var { defineClass } = require("./framework-error");
 var TsigError = defineClass("TsigError", { alwaysPermanent: true });
-var TYPE_TSIG = 250;                                        // allow:raw-byte-literal — IANA RR type TSIG
-var CLASS_ANY = 255;                                        // allow:raw-byte-literal — TSIG RRs use CLASS ANY
+var TYPE_TSIG = 250;                                        // IANA RR type TSIG
+var CLASS_ANY = 255;                                        // TSIG RRs use CLASS ANY
 var DEFAULT_FUDGE = 300;                                    // allow:raw-time-literal — RFC 8945 recommended fudge window (seconds)
 // Algorithm name → Node hash. The strong HMAC-SHA-2 family is the safe set;
@@ -57,7 +57,7 @@ var LEGACY_ALGORITHMS = {
   "hmac-md5": "md5",
 };
 // RFC 8945 §5.2.2.1 — TSIG error RCODEs.
-var ERROR = { NOERROR: 0, BADSIG: 16, BADKEY: 17, BADTIME: 18, BADTRUNC: 22 };   // allow:raw-byte-literal — RFC 8945 extended-RCODE values
+var ERROR = { NOERROR: 0, BADSIG: 16, BADKEY: 17, BADTIME: 18, BADTRUNC: 22 };   // RFC 8945 extended-RCODE values
 function _normAlg(name, allowLegacy) {
   var key = String(name || "hmac-sha256").toLowerCase().replace(/\.$/, "");
@@ -90,7 +90,7 @@ function _encodeName(name) {
   var out = [];
   for (var i = 0; i < parts.length; i++) {
     var lab = Buffer.from(parts[i], "ascii");
-    if (lab.length === 0 || lab.length > 63) throw new TsigError("tsig/bad-name", "tsig: invalid label in name '" + name + "'");   // allow:raw-byte-literal — RFC 1035 max label length
+    if (lab.length === 0 || lab.length > 63) throw new TsigError("tsig/bad-name", "tsig: invalid label in name '" + name + "'");   // RFC 1035 max label length
     out.push(Buffer.from([lab.length]), lab);
   }
   out.push(Buffer.from([0]));
@@ -109,15 +109,15 @@ function _readName(buf, off) {
     if (i >= buf.length) throw new TsigError("tsig/truncated", "tsig: truncated name in message");
     var len = buf[i];
     if (len === 0) { if (end === -1) end = i + 1; break; }
-    if ((len & 0xc0) === 0xc0) {                            // allow:raw-byte-literal — RFC 1035 §4.1.4 compression-pointer flag
+    if ((len & 0xc0) === 0xc0) {                            // RFC 1035 §4.1.4 compression-pointer flag
       if (i + 1 >= buf.length) throw new TsigError("tsig/truncated", "tsig: truncated compression pointer");
       if (end === -1) end = i + 2;
-      var ptr = ((len & 0x3f) << 8) | buf[i + 1];           // allow:raw-byte-literal — 14-bit pointer offset
-      if (++jumps > 128) throw new TsigError("tsig/bad-name", "tsig: compression-pointer loop");   // allow:raw-byte-literal — pointer-chase cap
+      var ptr = ((len & 0x3f) << 8) | buf[i + 1];           // 14-bit pointer offset
+      if (++jumps > 128) throw new TsigError("tsig/bad-name", "tsig: compression-pointer loop");   // pointer-chase cap
       i = ptr;
       continue;
     }
-    if ((len & 0xc0) !== 0) throw new TsigError("tsig/bad-name", "tsig: reserved label-length bits set");   // allow:raw-byte-literal — RFC 1035 label top-bits
+    if ((len & 0xc0) !== 0) throw new TsigError("tsig/bad-name", "tsig: reserved label-length bits set");   // RFC 1035 label top-bits
     i++;
     labels.push(buf.slice(i, i + len).toString("ascii"));
     i += len;
@@ -132,8 +132,8 @@ function _skipName(buf, off) {
     if (i >= buf.length) throw new TsigError("tsig/truncated", "tsig: truncated name");
     var len = buf[i];
     if (len === 0) return i + 1;
-    if ((len & 0xc0) === 0xc0) return i + 2;                // allow:raw-byte-literal — compression pointer is terminal
-    if ((len & 0xc0) !== 0) throw new TsigError("tsig/bad-name", "tsig: reserved label-length bits set");   // allow:raw-byte-literal — RFC 1035 label top-bits
+    if ((len & 0xc0) === 0xc0) return i + 2;                // compression pointer is terminal
+    if ((len & 0xc0) !== 0) throw new TsigError("tsig/bad-name", "tsig: reserved label-length bits set");   // RFC 1035 label top-bits
     i += 1 + len;
   }
 }
@@ -141,20 +141,20 @@ function _skipName(buf, off) {
 // Walk the message to the start of the LAST resource record, which a
 // TSIG-bearing message requires to be the TSIG RR (RFC 8945 §5.1).
 function _findTsigRr(buf) {
-  if (buf.length < 12) throw new TsigError("tsig/truncated", "tsig: message shorter than the 12-byte header");   // allow:raw-byte-literal — DNS header length
+  if (buf.length < 12) throw new TsigError("tsig/truncated", "tsig: message shorter than the 12-byte header");   // DNS header length
   var qd = buf.readUInt16BE(4), an = buf.readUInt16BE(6), ns = buf.readUInt16BE(8), ar = buf.readUInt16BE(10);
   if (ar < 1) throw new TsigError("tsig/no-tsig", "tsig: message has no additional records (no TSIG)");
-  var off = 12;                                             // allow:raw-byte-literal — past the DNS header
+  var off = 12;                                             // past the DNS header
   var q;
-  for (q = 0; q < qd; q++) { off = _skipName(buf, off); off += 4; }   // allow:raw-byte-literal — QTYPE + QCLASS
+  for (q = 0; q < qd; q++) { off = _skipName(buf, off); off += 4; }   // QTYPE + QCLASS
   var total = an + ns + ar;
   var rrStart = -1;
   for (var r = 0; r < total; r++) {
     rrStart = off;
     off = _skipName(buf, off);
-    if (off + 10 > buf.length) throw new TsigError("tsig/truncated", "tsig: truncated RR header");   // allow:raw-byte-literal — type+class+ttl+rdlength
-    var rdlen = buf.readUInt16BE(off + 8);                  // allow:raw-byte-literal — rdlength offset within RR header
-    off += 10 + rdlen;                                      // allow:raw-byte-literal — RR fixed header before RDATA
+    if (off + 10 > buf.length) throw new TsigError("tsig/truncated", "tsig: truncated RR header");   // type+class+ttl+rdlength
+    var rdlen = buf.readUInt16BE(off + 8);                  // rdlength offset within RR header
+    off += 10 + rdlen;                                      // RR fixed header before RDATA
   }
   if (off !== buf.length) throw new TsigError("tsig/trailing-bytes", "tsig: trailing bytes after the final record");
   return rrStart;
@@ -162,12 +162,12 @@ function _findTsigRr(buf) {
 // Build the TSIG-variables byte block (RFC 8945 §4.3.3).
 function _tsigVariables(keyName, algName, timeSigned, fudge, error, otherData) {
-  var time = Buffer.alloc(6);                               // allow:raw-byte-literal — 48-bit time-signed field
-  time.writeUIntBE(timeSigned, 0, 6);                       // allow:raw-byte-literal — 48-bit big-endian
-  var head = Buffer.alloc(6);                               // allow:raw-byte-literal — CLASS(2) + TTL(4)
+  var time = Buffer.alloc(6);                               // 48-bit time-signed field
+  time.writeUIntBE(timeSigned, 0, 6);                       // 48-bit big-endian
+  var head = Buffer.alloc(6);                               // CLASS(2) + TTL(4)
   head.writeUInt16BE(CLASS_ANY, 0);
   head.writeUInt32BE(0, 2);                                 // TTL is always 0 (4 bytes)
-  var tail = Buffer.alloc(6);                               // allow:raw-byte-literal — fudge(2)+error(2)+otherlen(2)
+  var tail = Buffer.alloc(6);                               // fudge(2)+error(2)+otherlen(2)
   tail.writeUInt16BE(fudge, 0);
   tail.writeUInt16BE(error, 2);
   tail.writeUInt16BE(otherData.length, 4);
@@ -224,7 +224,7 @@ function sign(message, opts) {
   var alg = _normAlg(opts.algorithm, opts.allowLegacy === true);
   var secret = _secretBuf(opts.secret);
   var fudge = opts.fudge == null ? DEFAULT_FUDGE : opts.fudge;
-  if (typeof fudge !== "number" || !isFinite(fudge) || fudge < 0 || fudge > 0xffff) throw new TsigError("tsig/bad-opt", "tsig.sign: fudge must be 0..65535 seconds");   // allow:raw-byte-literal — 16-bit fudge field
+  if (typeof fudge !== "number" || !isFinite(fudge) || fudge < 0 || fudge > 0xffff) throw new TsigError("tsig/bad-opt", "tsig.sign: fudge must be 0..65535 seconds");   // 16-bit fudge field
   var time = opts.time == null ? Math.floor(Date.now() / 1000) : opts.time;   // allow:raw-time-literal — ms→s
   if (typeof time !== "number" || !isFinite(time) || time < 0) throw new TsigError("tsig/bad-opt", "tsig.sign: time must be a non-negative Unix-seconds number");
   var error = opts.error == null ? 0 : opts.error;
@@ -241,25 +241,25 @@ function sign(message, opts) {
   // TSIG RDATA: algorithm name, time signed, fudge, MAC size + MAC,
   // original ID, error, other len + other data.
-  var rtime = Buffer.alloc(6); rtime.writeUIntBE(time, 0, 6);   // allow:raw-byte-literal — 48-bit time-signed
-  var fixed = Buffer.alloc(4);                                  // allow:raw-byte-literal — fudge(2)+macsize(2)
+  var rtime = Buffer.alloc(6); rtime.writeUIntBE(time, 0, 6);   // 48-bit time-signed
+  var fixed = Buffer.alloc(4);                                  // fudge(2)+macsize(2)
   fixed.writeUInt16BE(fudge, 0);
   fixed.writeUInt16BE(mac.length, 2);
-  var trailer = Buffer.alloc(6);                                // allow:raw-byte-literal — origid(2)+error(2)+otherlen(2)
+  var trailer = Buffer.alloc(6);                                // origid(2)+error(2)+otherlen(2)
   trailer.writeUInt16BE(originalId, 0);
   trailer.writeUInt16BE(error, 2);
   trailer.writeUInt16BE(otherData.length, 4);
   var rdata = Buffer.concat([_encodeName(algName), rtime, fixed, mac, trailer, otherData]);
-  var rrHead = Buffer.alloc(10);                               // allow:raw-byte-literal — type+class+ttl+rdlength
+  var rrHead = Buffer.alloc(10);                               // type+class+ttl+rdlength
   rrHead.writeUInt16BE(TYPE_TSIG, 0);
   rrHead.writeUInt16BE(CLASS_ANY, 2);
   rrHead.writeUInt32BE(0, 4);                                  // TTL 0
-  rrHead.writeUInt16BE(rdata.length, 8);                      // allow:raw-byte-literal — rdlength offset within the 10-byte RR header
+  rrHead.writeUInt16BE(rdata.length, 8);                      // rdlength offset within the 10-byte RR header
   var tsigRr = Buffer.concat([_encodeName(opts.keyName), rrHead, rdata]);
   var out = Buffer.from(message);                             // copy so we can bump ARCOUNT
-  out.writeUInt16BE(out.readUInt16BE(10) + 1, 10);            // allow:raw-byte-literal — ARCOUNT offset
+  out.writeUInt16BE(out.readUInt16BE(10) + 1, 10);            // ARCOUNT offset
   return { wire: Buffer.concat([out, tsigRr]), mac: mac };
 }
@@ -272,15 +272,15 @@ function _parseTsigRr(buf, rrStart) {
   // TTL are outside the signed data — they MUST be validated explicitly or
   // an attacker could flip them in transit and still verify (RFC 8945 §4.2:
   // CLASS = ANY, TTL = 0).
-  var rrClass = buf.readUInt16BE(off + 2);                   // allow:raw-byte-literal — CLASS offset within RR header
-  var rrTtl = buf.readUInt32BE(off + 4);                     // allow:raw-byte-literal — TTL offset within RR header
+  var rrClass = buf.readUInt16BE(off + 2);                   // CLASS offset within RR header
+  var rrTtl = buf.readUInt32BE(off + 4);                     // TTL offset within RR header
   if (rrClass !== CLASS_ANY) throw new TsigError("tsig/bad-rr", "tsig: TSIG RR CLASS must be ANY (255), got " + rrClass);
   if (rrTtl !== 0) throw new TsigError("tsig/bad-rr", "tsig: TSIG RR TTL must be 0, got " + rrTtl);
-  off += 8;                                                  // allow:raw-byte-literal — type(2)+class(2)+ttl(4)
+  off += 8;                                                  // type(2)+class(2)+ttl(4)
   var rdlen = buf.readUInt16BE(off); off += 2;
   var rdStart = off;
   var alg = _readName(buf, off); off = alg.end;
-  var timeSigned = buf.readUIntBE(off, 6); off += 6;         // allow:raw-byte-literal — 48-bit time-signed
+  var timeSigned = buf.readUIntBE(off, 6); off += 6;         // 48-bit time-signed
   var fudge = buf.readUInt16BE(off); off += 2;
   var macSize = buf.readUInt16BE(off); off += 2;
   var mac = buf.slice(off, off + macSize); off += macSize;
@@ -361,7 +361,7 @@ function verify(message, opts) {
   // ARCOUNT decremented and the ID restored to the original ID.
   var digestMsg = Buffer.from(message.slice(0, rrStart));
   digestMsg.writeUInt16BE(rr.originalId, 0);
-  digestMsg.writeUInt16BE(digestMsg.readUInt16BE(10) - 1, 10);   // allow:raw-byte-literal — ARCOUNT offset
+  digestMsg.writeUInt16BE(digestMsg.readUInt16BE(10) - 1, 10);   // ARCOUNT offset
   var digest = Buffer.concat([
     _requestMacPrefix(opts.requestMac),
@@ -375,7 +375,7 @@ function verify(message, opts) {
   var macValid = false;
   if (rr.mac.length === expected.length) {
     macValid = timingSafeEqual(rr.mac, expected);
-  } else if (rr.mac.length >= Math.max(10, expected.length / 2) && rr.mac.length < expected.length) {   // allow:raw-byte-literal — RFC 8945 §5.2.2.1 minimum truncated-MAC length
+  } else if (rr.mac.length >= Math.max(10, expected.length / 2) && rr.mac.length < expected.length) {   // RFC 8945 §5.2.2.1 minimum truncated-MAC length
     macValid = timingSafeEqual(rr.mac, expected.slice(0, rr.mac.length));
   }

package/lib/nis2-report.js CHANGED Viewed

@@ -102,7 +102,7 @@ function create(opts) {
         body: Buffer.from(JSON.stringify(payload), "utf8"),
         responseMode: "always-resolve",
       });
-      var ok = res.statusCode >= 200 && res.statusCode < 300;                            // allow:raw-byte-literal — HTTP status range
+      var ok = res.statusCode >= 200 && res.statusCode < 300;                            // HTTP status range
       _emitAudit("submitted", ok ? "success" : "failure", { statusCode: res.statusCode });
       return { submitted: ok, statusCode: res.statusCode };
     } catch (e) {

package/lib/ntp-check.js CHANGED Viewed

@@ -207,8 +207,8 @@ function querySingle(server, opts) {
         return done({ code: "ntp/bad-reply", message: "reply too short (" + (msg && msg.length) + " bytes)" });
       }
       // Bytes 40-47 = Transmit Timestamp (NTP epoch seconds.fraction)
-      var ntpSeconds  = msg.readUInt32BE(40);                                    // allow:raw-byte-literal — NTP packet offset
-      var ntpFraction = msg.readUInt32BE(44);                                    // allow:raw-byte-literal — NTP packet offset
+      var ntpSeconds  = msg.readUInt32BE(40);                                    // NTP packet offset
+      var ntpFraction = msg.readUInt32BE(44);                                    // NTP packet offset
       // Refuse a reply whose Transmit Timestamp is zero or earlier than
       // the NTP epoch (1900-01-01). RFC 5905 §7.3 — a Stratum-16
       // unsynchronized server emits 0 here; fed to the Unix-offset
@@ -222,7 +222,7 @@ function querySingle(server, opts) {
           message: "server returned NTP transmit timestamp < Unix epoch (likely Stratum-16 unsynchronized)" });
       }
       var serverUnixSeconds = ntpSeconds - NTP_TO_UNIX_OFFSET_SECONDS;
-      var fracMs = Math.round(C.TIME.seconds(ntpFraction / 0x100000000));       // allow:raw-byte-literal — NTP fraction divisor (2^32)
+      var fracMs = Math.round(C.TIME.seconds(ntpFraction / 0x100000000));       // NTP fraction divisor (2^32)
       var serverTimeMs = C.TIME.seconds(serverUnixSeconds) + fracMs;
       // Round-trip-corrected drift: assume the server's reply transmit

package/lib/observability-otlp-exporter.js CHANGED Viewed

@@ -65,16 +65,16 @@ function _defaultFetchImpl(endpoint, init) {
   }).then(function (res) {
     var status = res && res.statusCode;
     return {
-      ok:     status >= 200 && status < 300,                                       // allow:raw-byte-literal — HTTP status ranges
+      ok:     status >= 200 && status < 300,                                       // HTTP status ranges
       status: status,
     };
   });
 }
-var DEFAULT_BATCH_SIZE         = 200;                                              // allow:raw-byte-literal — OTLP recommended batch
-var DEFAULT_MAX_QUEUE_SIZE     = 4096;                                             // allow:raw-byte-literal — operator-side queue cap
+var DEFAULT_BATCH_SIZE         = 200;                                              // OTLP recommended batch
+var DEFAULT_MAX_QUEUE_SIZE     = 4096;                                             // operator-side queue cap
 var DEFAULT_FLUSH_INTERVAL_MS  = C.TIME.seconds(5);
-var DEFAULT_MAX_ATTEMPTS       = 3;                                                // allow:raw-byte-literal — retry attempt count
+var DEFAULT_MAX_ATTEMPTS       = 3;                                                // retry attempt count
 var DEFAULT_BACKOFF_INITIAL_MS = C.TIME.seconds(1);
 var DEFAULT_BACKOFF_MAX_MS     = C.TIME.seconds(30);
 var DEFAULT_TIMEOUT_MS         = C.TIME.seconds(30);
@@ -82,17 +82,17 @@ var DEFAULT_TIMEOUT_MS         = C.TIME.seconds(30);
 // OTLP severity numbers per §3.5 (logs); not used for traces but
 // retained as a reference for future log-export support.
 var STATUS_CODE_TO_OTLP = Object.freeze({
-  unset: 0,                                                                        // allow:raw-byte-literal — OTLP STATUS_CODE_UNSET enum
-  ok:    1,                                                                        // allow:raw-byte-literal — OTLP STATUS_CODE_OK enum
-  error: 2,                                                                        // allow:raw-byte-literal — OTLP STATUS_CODE_ERROR enum
+  unset: 0,                                                                        // OTLP STATUS_CODE_UNSET enum
+  ok:    1,                                                                        // OTLP STATUS_CODE_OK enum
+  error: 2,                                                                        // OTLP STATUS_CODE_ERROR enum
 });
 var KIND_TO_OTLP = Object.freeze({
-  internal: 1,                                                                     // allow:raw-byte-literal — OTLP SPAN_KIND_INTERNAL
-  server:   2,                                                                     // allow:raw-byte-literal — OTLP SPAN_KIND_SERVER
-  client:   3,                                                                     // allow:raw-byte-literal — OTLP SPAN_KIND_CLIENT
-  producer: 4,                                                                     // allow:raw-byte-literal — OTLP SPAN_KIND_PRODUCER
-  consumer: 5,                                                                     // allow:raw-byte-literal — OTLP SPAN_KIND_CONSUMER
+  internal: 1,                                                                     // OTLP SPAN_KIND_INTERNAL
+  server:   2,                                                                     // OTLP SPAN_KIND_SERVER
+  client:   3,                                                                     // OTLP SPAN_KIND_CLIENT
+  producer: 4,                                                                     // OTLP SPAN_KIND_PRODUCER
+  consumer: 5,                                                                     // OTLP SPAN_KIND_CONSUMER
 });
 function _attrToOtlp(attrs) {
@@ -249,7 +249,7 @@ function _bundleSpans(spans) {
 // AnyValue recursion is capped at MAX_ANYVALUE_DEPTH to defend the
 // CVE-2024-7254 + CVE-2025-4565 protobuf nested-group DoS class.
-var MAX_ANYVALUE_DEPTH = 100;                                                    // allow:raw-byte-literal — protobuf nested-message DoS cap
+var MAX_ANYVALUE_DEPTH = 100;                                                    // protobuf nested-message DoS cap
 function _hexToBytes(hex) {
   if (typeof hex !== "string" || hex.length === 0) return Buffer.alloc(0);
@@ -259,7 +259,7 @@ function _hexToBytes(hex) {
   if (hex.length % 2 !== 0) return Buffer.alloc(0);
   var out = Buffer.alloc(hex.length / 2);
   for (var i = 0; i < hex.length; i += 2) {
-    var byte = parseInt(hex.substr(i, 2), 16);                                  // allow:raw-byte-literal — radix=16 for hex parse, not byte count
+    var byte = parseInt(hex.substr(i, 2), 16);                                  // radix=16 for hex parse, not byte count
     if (!isFinite(byte)) return Buffer.alloc(0);
     out[i / 2] = byte;
   }
@@ -348,7 +348,7 @@ function _spanToProto(span) {
     pb.string(5,  span.name || ""),
     pb.uint32(6,  KIND_TEXT_TO_ENUM[span.kind] != null ? KIND_TEXT_TO_ENUM[span.kind] : KIND_TEXT_TO_ENUM.internal),
     pb.fixed64(7, span.startTimeUnixNano || 0),
-    pb.fixed64(8, span.endTimeUnixNano || span.startTimeUnixNano || 0),         // allow:raw-byte-literal — proto field number 8, not bytes
+    pb.fixed64(8, span.endTimeUnixNano || span.startTimeUnixNano || 0),         // proto field number 8, not bytes
     pb.repeatedMessage(9, _attrsToProto(span.attributes), _keyValueToProto),
     pb.uint32(10, span.droppedAttributesCount || 0),
     eventsRepeated,
@@ -518,7 +518,7 @@ function create(opts) {
   }
   function _backoffMs(attempt) {
-    var ms = backoffInitial * Math.pow(2, Math.max(0, attempt - 1));               // allow:raw-byte-literal — exponential factor
+    var ms = backoffInitial * Math.pow(2, Math.max(0, attempt - 1));               // exponential factor
     return Math.min(ms, backoffMax);
   }
@@ -544,7 +544,7 @@ function create(opts) {
       if (res && res.ok) return { ok: true, status: res.status };
       var status = res && res.status;
       // 5xx + 408/429 → retryable; everything else permanent
-      var retryable = (status >= 500 && status < 600) || status === 408 || status === 429;  // allow:raw-byte-literal — HTTP status ranges
+      var retryable = (status >= 500 && status < 600) || status === 408 || status === 429;  // HTTP status ranges
       if (retryable && attempt < maxAttempts) {
         await _sleep(_backoffMs(attempt));
         return await _post(payload, attempt + 1);

package/lib/observability-tracer.js CHANGED Viewed

@@ -86,9 +86,9 @@ var TracerError = defineClass("TracerError", { alwaysPermanent: true });
 var observability = lazyRequire(function () { return require("./observability"); });
-var DEFAULT_MAX_ATTRIBUTES = 128;                                                  // allow:raw-byte-literal — OTLP default span attribute cap
-var DEFAULT_MAX_EVENTS     = 128;                                                  // allow:raw-byte-literal — OTLP default span event cap
-var DEFAULT_MAX_ATTR_VALUE_LEN = 1024;                                             // allow:raw-byte-literal — OTLP attribute value char cap
+var DEFAULT_MAX_ATTRIBUTES = 128;                                                  // OTLP default span attribute cap
+var DEFAULT_MAX_EVENTS     = 128;                                                  // OTLP default span event cap
+var DEFAULT_MAX_ATTR_VALUE_LEN = 1024;                                             // OTLP attribute value char cap
 var VALID_KINDS = ["internal", "server", "client", "producer", "consumer"];
 var VALID_STATUS_CODES = ["unset", "ok", "error"];
@@ -99,7 +99,7 @@ function _msToUnixNano(ms) {
   // OTLP timestamps are uint64 nanoseconds since Unix epoch. JS Date.now()
   // gives ms; multiply by 1e6 and stringify (OTLP/JSON uses string for
   // uint64 values per https://protobuf.dev/programming-guides/proto3/#json).
-  return String(BigInt(ms) * 1000000n);                                            // allow:raw-byte-literal — ms→ns conversion factor (1e6)
+  return String(BigInt(ms) * 1000000n);                                            // ms→ns conversion factor (1e6)
 }
 function _truncateAttrValue(v, maxLen) {
@@ -123,7 +123,7 @@ function _validateAttrKey(key) {
   if (typeof key !== "string" || key.length === 0) return false;
   // OTel attribute keys: ASCII printable, dot-separated, no spaces
   // beyond what the SEMCONV vocabulary uses.
-  if (key.length > 255) return false;                                              // allow:raw-byte-literal — OTLP attribute key cap
+  if (key.length > 255) return false;                                              // OTLP attribute key cap
   return true;
 }
@@ -295,7 +295,7 @@ function create(opts) {
         kind:              kind,
         startTimeUnixNano: _msToUnixNano(startMs),
         endTimeUnixNano:   endNano,
-        durationNs:        endNano !== null ? String(BigInt(durationMs) * 1000000n) : null,  // allow:raw-byte-literal — ms→ns conversion factor (1e6)
+        durationNs:        endNano !== null ? String(BigInt(durationMs) * 1000000n) : null,  // ms→ns conversion factor (1e6)
         durationMs:        durationMs,
         attributes:        Object.assign({}, attributes),
         events:            events.slice(),

package/lib/observability.js CHANGED Viewed

@@ -429,11 +429,11 @@ var _TRACEPARENT_RE = /^([0-9a-f]{2})-([0-9a-f]{32})-([0-9a-f]{16})-([0-9a-f]{2}
 var _ALL_ZERO_TRACE = "00000000000000000000000000000000";
 var _ALL_ZERO_PARENT = "0000000000000000";
-var _HEX_RADIX = 16;                                                               // allow:raw-byte-literal — Number.parseInt radix
+var _HEX_RADIX = 16;                                                               // Number.parseInt radix
 var _TRACE_FLAG_SAMPLED = 0x01;                                                    // W3C Trace Context §3.2.2.5 sampled bit
-var _TRACE_ID_BYTES = 16;                                                          // allow:raw-byte-literal — W3C Trace Context §3.2.2.3 (16 bytes)
-var _PARENT_ID_BYTES = 8;                                                          // allow:raw-byte-literal — W3C Trace Context §3.2.2.4 (8 bytes)
-var _FLAGS_HEX_LEN = 2;                                                            // allow:raw-byte-literal — W3C Trace Context flags are 1 byte = 2 hex chars
+var _TRACE_ID_BYTES = 16;                                                          // W3C Trace Context §3.2.2.3 (16 bytes)
+var _PARENT_ID_BYTES = 8;                                                          // W3C Trace Context §3.2.2.4 (8 bytes)
+var _FLAGS_HEX_LEN = 2;                                                            // W3C Trace Context flags are 1 byte = 2 hex chars
 function _parseTraceparent(headerValue) {
   if (typeof headerValue !== "string" || headerValue.length === 0) return null;
@@ -497,8 +497,8 @@ function _newParentId() {
 //   - duplicate keys: keep first, drop rest
 var _TRACESTATE_KEY_RE   = /^[a-z0-9][a-z0-9_\-*/]{0,255}(@[a-z0-9][a-z0-9_\-*/]{0,255})?$/;
 var _TRACESTATE_VALUE_RE = /^[\x20-\x2B\x2D-\x3C\x3E-\x7E]{1,256}$/;     // printable, no "," or "="
-var _TRACESTATE_MAX_ENTRIES = 32;                                                  // allow:raw-byte-literal — W3C spec hard cap (§3.3.1.3)
-var _TRACESTATE_MAX_CHARS   = 512;                                                 // allow:raw-byte-literal — W3C spec hard cap (§3.3.1.3)
+var _TRACESTATE_MAX_ENTRIES = 32;                                                  // W3C spec hard cap (§3.3.1.3)
+var _TRACESTATE_MAX_CHARS   = 512;                                                 // W3C spec hard cap (§3.3.1.3)
 function _parseTracestate(headerValue) {
   if (typeof headerValue !== "string") return null;
@@ -583,7 +583,7 @@ var traceContext = {
 //   - max 8192 chars total (W3C recommended cap)
 // Resolved at first call; lazyRequire returns a function.
 function _baggageTokenRe() { return safeBuffer().RFC7230_TCHAR_RE; }
-var _BAGGAGE_MAX_ENTRIES = 64;                                                     // allow:raw-byte-literal — W3C Baggage recommended cap
+var _BAGGAGE_MAX_ENTRIES = 64;                                                     // W3C Baggage recommended cap
 var _BAGGAGE_MAX_CHARS = C.BYTES.kib(8);                                           // W3C Baggage recommended 8192-char cap
 function _parseBaggage(headerValue) {
@@ -603,7 +603,7 @@ function _parseBaggage(headerValue) {
     var key = head.slice(0, eqIdx).trim();
     var rawValue = head.slice(eqIdx + 1).trim();
     if (!_baggageTokenRe().test(key)) return null;                                 // allow:regex-no-length-cap — RFC 7230 tchar; bound by header-cap
-    if (key.length > 255) return null;                                             // allow:raw-byte-literal — W3C key length cap
+    if (key.length > 255) return null;                                             // W3C key length cap
     var value;
     try { value = decodeURIComponent(rawValue); }
     catch (_e) { return null; }

package/lib/openapi-yaml.js CHANGED Viewed

@@ -47,7 +47,7 @@ function _quoteString(str) {
     else if (code === 0x0a) out += "\\n";
     else if (code === 0x0d) out += "\\r";
     else if (code === 0x09) out += "\\t";
-    else if (code < 0x20)   out += "\\u" + code.toString(16).padStart(4, "0");        // allow:raw-byte-literal — codepoint hex padding
+    else if (code < 0x20)   out += "\\u" + code.toString(16).padStart(4, "0");        // codepoint hex padding
     else                    out += ch;
   }
   out += '"';

package/lib/openapi.js CHANGED Viewed

@@ -332,7 +332,7 @@ function create(opts) {
       var mw = function (req, res, next) {
         if (typeof res.writeHead !== "function") return next();
         var body = cachedString;
-        res.writeHead(200, {                                                                                  // allow:raw-byte-literal — HTTP 200 status
+        res.writeHead(200, {                                                                                  // HTTP 200 status
           "Content-Type":   "application/json; charset=utf-8",
           "Content-Length": Buffer.byteLength(body),
           "Cache-Control":  cacheControl,

package/lib/outbox.js CHANGED Viewed

@@ -79,11 +79,11 @@ var audit = lazyRequire(function () { return require("./audit"); });
 var observability = lazyRequire(function () { return require("./observability"); });
 var DEFAULT_POLL_MS         = C.TIME.seconds(1);
-var DEFAULT_BATCH_SIZE      = 100;                                                 // allow:raw-byte-literal — row count, not bytes
-var DEFAULT_MAX_ATTEMPTS    = 10;                                                  // allow:raw-byte-literal — attempt count, not bytes
+var DEFAULT_BATCH_SIZE      = 100;                                                 // row count, not bytes
+var DEFAULT_MAX_ATTEMPTS    = 10;                                                  // attempt count, not bytes
 var DEFAULT_BACKOFF_INITIAL = C.TIME.seconds(1);
 var DEFAULT_BACKOFF_MAX     = C.TIME.minutes(5);
-var DEFAULT_BACKOFF_FACTOR  = 2;                                                   // allow:raw-byte-literal — multiplier, not bytes
+var DEFAULT_BACKOFF_FACTOR  = 2;                                                   // multiplier, not bytes
 var TOPIC_MAX_LEN           = C.BYTES.bytes(255);
 var KEY_MAX_LEN             = C.BYTES.bytes(255);
@@ -115,7 +115,7 @@ function _utcNowExpr(externalDb) {
 // "operator-supplied JSON object" by default. Operators integrating
 // with Confluent Schema Registry attach `event.debezium.schema` to
 // override per-event.
-var DEFAULT_DEBEZIUM_CONNECTOR_VERSION = "1.0.0";                                  // allow:raw-byte-literal — version string
+var DEFAULT_DEBEZIUM_CONNECTOR_VERSION = "1.0.0";                                  // version string
 function _debeziumSchemaFor(payloadObj) {
   // Best-effort schema synthesis. Debezium consumers expect a JSON
@@ -439,7 +439,7 @@ function create(opts) {
       "UPDATE " + quotedTable +
       " SET status = 'pending', attempts = $1, last_error = $2, next_attempt_at = $3" +
       " WHERE id = $4",
-      [attempts + 1, String(errMsg).slice(0, 1024), nextAt, id]                    // allow:raw-byte-literal — error-message char cap
+      [attempts + 1, String(errMsg).slice(0, 1024), nextAt, id]                    // error-message char cap
     );
   }
@@ -447,7 +447,7 @@ function create(opts) {
     await externalDb.query(
       "UPDATE " + quotedTable +
       " SET status = 'dead', attempts = $1, last_error = $2 WHERE id = $3",
-      [attempts + 1, String(errMsg).slice(0, 1024), id]                            // allow:raw-byte-literal — error-message char cap
+      [attempts + 1, String(errMsg).slice(0, 1024), id]                            // error-message char cap
     );
     _emitAudit("system.outbox.deadletter", "failure", { id: id, attempts: attempts + 1 });
     _emitMetric("dead-letter", 1);

package/lib/pqc-agent.js CHANGED Viewed

@@ -52,9 +52,9 @@ var KNOWN_TLS_GROUPS = Object.freeze([
   "SecP256r1MLKEM768",    // RFC 9794 0x11EB
   // Classical groups (operator opt-in only)
   "X25519",
-  "secp256r1",            // allow:raw-byte-literal — IANA TLS group name (P-256), not bytes
-  "secp384r1",            // allow:raw-byte-literal — IANA TLS group name (P-384), not bytes
-  "secp521r1",            // allow:raw-byte-literal — IANA TLS group name (P-521), not bytes
+  "secp256r1",            // IANA TLS group name (P-256), not bytes
+  "secp384r1",            // IANA TLS group name (P-384), not bytes
+  "secp521r1",            // IANA TLS group name (P-521), not bytes
   "X448",
 ]);
@@ -62,7 +62,7 @@ function _validateGroupName(name) {
   // Same shape as network-tls._validateKeyShare: alphanumeric +
   // underscore, bounded length. Refuses `:` so an operator can't
   // smuggle a second group through one slot.
-  if (typeof name !== "string" || name.length === 0 || name.length > 64) { // allow:raw-byte-literal — string-length cap, not bytes
+  if (typeof name !== "string" || name.length === 0 || name.length > 64) { // string-length cap, not bytes
     throw new TypeError(
       "pqc-agent: ecdhCurve group entries must be non-empty strings up to 64 chars"
     );

package/lib/pqc-software.js CHANGED Viewed

@@ -251,7 +251,7 @@ function runKnownAnswerTest() {
     if (!ssAlice || !ssBob) {
       return { ok: false, reason: "keygen/encapsulate/decapsulate returned falsy" };
     }
-    if (ssAlice.length !== 32 || ssBob.length !== 32) {                            // allow:raw-byte-literal — FIPS 203 §1 K_size = 32 bytes
+    if (ssAlice.length !== 32 || ssBob.length !== 32) {                            // FIPS 203 §1 K_size = 32 bytes
       return { ok: false, reason: "shared-secret length mismatch (expected 32 bytes)" };
     }
     // Constant-time compare via the framework wrapper. The KAT runs

package/lib/privacy-pass.js CHANGED Viewed

@@ -44,17 +44,17 @@ var PrivacyPassError = defineClass("PrivacyPassError", { alwaysPermanent: true }
 var TOKEN_TYPE_BLIND_RSA = 0x0002;
 // RFC 9578 §5.3 token type 0x0002: RSABSSA-SHA384-PSS, salt length 48.
 var PSS_HASH = "sha384";
-var PSS_SALT_LEN = 48;                                        // allow:raw-byte-literal — RFC 9578 §5.3 PSS salt length (= SHA-384 digest size)
+var PSS_SALT_LEN = 48;                                        // RFC 9578 §5.3 PSS salt length (= SHA-384 digest size)
 // Fixed-size token fields (RFC 9577 §2.2): type(2) nonce(32)
 // challenge_digest(32) token_key_id(32), then the authenticator.
-var TOKEN_PREFIX_LEN = 98;                                    // allow:raw-byte-literal — 2 + 32 + 32 + 32 (token_input length)
+var TOKEN_PREFIX_LEN = 98;                                    // 2 + 32 + 32 + 32 (token_input length)
 // RFC 9577 §2.1 sends the challenge / token-key auth-params as base64url
 // WITH padding; Node's "base64url" output is unpadded, so pad to a
 // multiple of 4 so strict clients / proxies accept the header.
 function _b64urlPadded(buf) {
   var s = Buffer.from(buf).toString("base64url");
-  while (s.length % 4 !== 0) s += "=";                        // allow:raw-byte-literal — base64 quantum is 4 chars
+  while (s.length % 4 !== 0) s += "=";                        // base64 quantum is 4 chars
   return s;
 }
@@ -164,7 +164,7 @@ function verifyToken(opts) {
   var parsed = parseToken(opts.token);
   if (parsed.tokenType !== TOKEN_TYPE_BLIND_RSA) {
-    throw new PrivacyPassError("privacy-pass/unsupported-token-type", "privacyPass.verifyToken: only token type 0x0002 (Blind RSA) is verifiable by the origin; got 0x" + parsed.tokenType.toString(16).padStart(4, "0"));  // allow:raw-byte-literal — base-16 radix + 4-hex-digit pad, not a size
+    throw new PrivacyPassError("privacy-pass/unsupported-token-type", "privacyPass.verifyToken: only token type 0x0002 (Blind RSA) is verifiable by the origin; got 0x" + parsed.tokenType.toString(16).padStart(4, "0"));  // base-16 radix + 4-hex-digit pad, not a size
   }
   var imported = _importIssuerKey(opts.issuerPublicKey);
@@ -240,7 +240,7 @@ function buildChallenge(opts) {
     if (origin.length > 0xffff) throw new PrivacyPassError("privacy-pass/bad-arg", "privacyPass.buildChallenge: originInfo too long");
   }
   var rc = opts.redemptionContext !== undefined && opts.redemptionContext !== null ? _bytes(opts.redemptionContext, "redemptionContext") : Buffer.alloc(0);
-  if (rc.length !== 0 && rc.length !== 32) throw new PrivacyPassError("privacy-pass/bad-arg", "privacyPass.buildChallenge: redemptionContext must be empty or 32 bytes");  // allow:raw-byte-literal — RFC 9577 redemption_context is 0 or 32 bytes
+  if (rc.length !== 0 && rc.length !== 32) throw new PrivacyPassError("privacy-pass/bad-arg", "privacyPass.buildChallenge: redemptionContext must be empty or 32 bytes");  // RFC 9577 redemption_context is 0 or 32 bytes
   var u16 = function (n) { return Buffer.from([(n >> 8) & 0xff, n & 0xff]); };
   var challenge = Buffer.concat([

package/lib/problem-details.js CHANGED Viewed

@@ -188,7 +188,7 @@ function create(opts) {
   // status (§3.1.3 — integer 100..599)
   if (opts.status !== undefined) {
     if (typeof opts.status !== "number" || !Number.isInteger(opts.status) ||
-        opts.status < 100 || opts.status > 599) {                                                  // allow:raw-byte-literal — HTTP status range bounds
+        opts.status < 100 || opts.status > 599) {                                                  // HTTP status range bounds
       throw new ProblemDetailsError("problem-details/bad-status",
         "create: status must be an integer 100..599 when provided", true);
     }
@@ -293,10 +293,10 @@ function fromError(err, opts2) {
   if (opts2.status !== undefined) {
     status = opts2.status;
   } else if (typeof err.statusCode === "number" && Number.isInteger(err.statusCode) &&
-             err.statusCode >= 100 && err.statusCode <= 599) {                                     // allow:raw-byte-literal — HTTP status range
+             err.statusCode >= 100 && err.statusCode <= 599) {                                     // HTTP status range
     status = err.statusCode;
   } else {
-    status = 500;                                                                                  // allow:raw-byte-literal — default HTTP status 500 (Internal Server Error)
+    status = 500;                                                                                  // default HTTP status 500 (Internal Server Error)
   }
   var built = {
@@ -350,7 +350,7 @@ function respond(res, problem) {
       "respond: problem must be a non-null object", true);
   }
   var status = (typeof problem.status === "number" && Number.isInteger(problem.status) &&
-                problem.status >= 100 && problem.status <= 599) ? problem.status : 500;            // allow:raw-byte-literal — HTTP status range + default 500
+                problem.status >= 100 && problem.status <= 599) ? problem.status : 500;            // HTTP status range + default 500
   var body = JSON.stringify(problem);
   res.statusCode = status;
   res.setHeader("Content-Type", "application/problem+json");
@@ -440,7 +440,7 @@ function validate(doc) {
   }
   if (doc.status !== undefined) {
     if (typeof doc.status !== "number" || !Number.isInteger(doc.status) ||
-        doc.status < 100 || doc.status > 599) {                                                    // allow:raw-byte-literal — HTTP status range
+        doc.status < 100 || doc.status > 599) {                                                    // HTTP status range
       throw new ProblemDetailsError("problem-details/bad-inbound",
         "validate: status must be an integer 100..599 when present", true);
     }

package/lib/promise-pool.js CHANGED Viewed

@@ -45,7 +45,7 @@ var { defineClass } = require("./framework-error");
 var PromisePoolError = defineClass("PromisePoolError", { alwaysPermanent: true });
-var MAX_CONCURRENCY = 65536;                                                                    // allow:raw-byte-literal — uint16 ceiling on parallel I/O fan-out
+var MAX_CONCURRENCY = 65536;                                                                    // uint16 ceiling on parallel I/O fan-out
 /**
  * @primitive b.promisePool.create

package/lib/protobuf-encoder.js CHANGED Viewed

@@ -82,6 +82,14 @@ function _writeVarint(value) {
 }
 function _tag(fieldNumber, wireType) {
+  // `fieldNumber << 3` uses JS's 32-bit signed shift, which overflows and
+  // emits a wrong tag once fieldNumber reaches 2^28. Reject anything outside
+  // the safe single-shift range rather than encode silently wrong — the OTLP
+  // schema this serves uses small field numbers well within it.
+  if (fieldNumber < 1 || fieldNumber > 268435455) {  // 2^28 - 1
+    throw new RangeError("protobuf: field number " + fieldNumber +
+      " out of range (1..2^28-1)");
+  }
   return _writeVarint((fieldNumber << 3) | wireType);
 }
@@ -168,7 +176,7 @@ function fixed64(fieldNumber, value) {
     }
     for (var ci = 0; ci < value.length; ci += 1) {
       var cc = value.charCodeAt(ci);
-      if (cc < 0x30 || cc > 0x39) {                                                  // allow:raw-byte-literal — ASCII '0' (0x30) .. '9' (0x39)
+      if (cc < 0x30 || cc > 0x39) {                                                  // ASCII '0' (0x30) .. '9' (0x39)
         throw new Error("protobuf-encoder: fixed64 string must be unsigned digit-only (got " + JSON.stringify(value) + ")");
       }
     }

package/lib/queue.js CHANGED Viewed

@@ -417,8 +417,10 @@ function consume(queueName, handler, opts) {
       }
       var jobs;
       try { jobs = await b.lease(queueName, leaseDurationMs, slots); }
-      catch {
-        // Backend down (breaker open, etc.) — back off
+      catch (e) {
+        // Backend down (breaker open, etc.) — log + back off so a flapping
+        // backend that hasn't yet tripped the breaker is still visible.
+        log.debug("lease-failed", { op: "b.lease", queue: queueName, error: e.message });
         await _pollSleep(pollIntervalMs);
         continue;
       }