npm - @blamejs/core - Versions diffs - 0.14.0 → 0.14.2 - Mend

@blamejs/core 0.14.0 → 0.14.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (277) hide show

package/CHANGELOG.md +4 -0
package/lib/_test/crypto-fixtures.js +3 -3
package/lib/a2a-tasks.js +18 -18
package/lib/a2a.js +4 -4
package/lib/acme.js +3 -3
package/lib/agent-idempotency.js +1 -1
package/lib/agent-orchestrator.js +8 -8
package/lib/agent-posture-chain.js +2 -2
package/lib/agent-saga.js +1 -1
package/lib/agent-snapshot.js +1 -1
package/lib/agent-stream.js +1 -1
package/lib/agent-tenant.js +1 -1
package/lib/agent-trace.js +3 -3
package/lib/ai-capability.js +1 -1
package/lib/ai-dp.js +4 -4
package/lib/ai-input.js +3 -3
package/lib/ai-model-manifest.js +7 -7
package/lib/ai-pref.js +3 -3
package/lib/archive-gz.js +2 -2
package/lib/archive-read.js +25 -25
package/lib/archive-tar-read.js +2 -2
package/lib/archive-tar.js +20 -20
package/lib/archive-wrap.js +10 -10
package/lib/argon2-builtin.js +1 -1
package/lib/asn1-der.js +45 -34
package/lib/atomic-file.js +2 -2
package/lib/audit-daily-review.js +3 -3
package/lib/audit-sign.js +5 -5
package/lib/audit-tools.js +1 -1
package/lib/audit.js +2 -2
package/lib/auth/acr-vocabulary.js +2 -2
package/lib/auth/bot-challenge.js +3 -3
package/lib/auth/ciba.js +7 -7
package/lib/auth/dpop.js +3 -3
package/lib/auth/fido-mds3.js +8 -8
package/lib/auth/jar.js +11 -0
package/lib/auth/jwt-external.js +5 -5
package/lib/auth/oauth.js +7 -9
package/lib/auth/oid4vci.js +10 -10
package/lib/auth/oid4vp.js +2 -2
package/lib/auth/openid-federation.js +2 -2
package/lib/auth/passkey.js +3 -3
package/lib/auth/saml.js +29 -25
package/lib/auth/sd-jwt-vc-disclosure.js +1 -1
package/lib/auth/sd-jwt-vc.js +4 -4
package/lib/auth/status-list.js +10 -10
package/lib/auth/step-up.js +1 -1
package/lib/auth-bot-challenge.js +1 -1
package/lib/backup/index.js +7 -7
package/lib/base32.js +8 -8
package/lib/budr.js +2 -2
package/lib/cache-status.js +2 -2
package/lib/calendar.js +23 -23
package/lib/cbor.js +12 -12
package/lib/cdn-cache-control.js +1 -1
package/lib/cert.js +5 -5
package/lib/cloud-events.js +5 -5
package/lib/cms-codec.js +21 -21
package/lib/codepoint-class.js +12 -12
package/lib/compliance-sanctions-fuzzy.js +4 -4
package/lib/compliance-sanctions.js +4 -4
package/lib/compliance.js +29 -29
package/lib/content-credentials.js +36 -36
package/lib/cookies.js +1 -1
package/lib/cose.js +13 -13
package/lib/cra-report.js +1 -1
package/lib/crdt.js +1 -1
package/lib/crypto-field.js +2 -2
package/lib/crypto-xwing.js +7 -7
package/lib/crypto.js +6 -6
package/lib/csp.js +2 -2
package/lib/cwt.js +4 -4
package/lib/dark-patterns.js +2 -2
package/lib/data-act.js +2 -2
package/lib/db-file-lifecycle.js +4 -4
package/lib/db-query.js +1 -1
package/lib/db.js +6 -6
package/lib/dbsc.js +13 -13
package/lib/did.js +17 -17
package/lib/dora.js +4 -4
package/lib/dsr.js +1 -1
package/lib/early-hints.js +2 -2
package/lib/eat.js +4 -4
package/lib/external-db-migrate.js +1 -1
package/lib/external-db.js +1 -1
package/lib/flag-cache.js +1 -1
package/lib/flag-evaluation-context.js +2 -2
package/lib/graphql-federation.js +4 -4
package/lib/guard-agent-registry.js +5 -5
package/lib/guard-archive.js +24 -24
package/lib/guard-cidr.js +33 -33
package/lib/guard-csv.js +1 -1
package/lib/guard-domain.js +10 -10
package/lib/guard-dsn.js +4 -4
package/lib/guard-email.js +19 -19
package/lib/guard-event-bus-payload.js +4 -4
package/lib/guard-event-bus-topic.js +6 -6
package/lib/guard-filename.js +7 -7
package/lib/guard-graphql.js +9 -9
package/lib/guard-html-wcag-tagwalk.js +1 -1
package/lib/guard-html-wcag.js +4 -4
package/lib/guard-html.js +7 -7
package/lib/guard-idempotency-key.js +6 -6
package/lib/guard-image.js +4 -4
package/lib/guard-imap-command.js +17 -17
package/lib/guard-jmap.js +20 -20
package/lib/guard-json.js +12 -12
package/lib/guard-jsonpath.js +3 -3
package/lib/guard-jwt.js +4 -4
package/lib/guard-list-id.js +7 -7
package/lib/guard-list-unsubscribe.js +8 -8
package/lib/guard-mail-compose.js +4 -4
package/lib/guard-mail-move.js +5 -5
package/lib/guard-mail-query.js +3 -3
package/lib/guard-mail-reply.js +3 -3
package/lib/guard-mail-sieve.js +6 -6
package/lib/guard-managesieve-command.js +25 -25
package/lib/guard-markdown.js +31 -31
package/lib/guard-message-id.js +5 -5
package/lib/guard-mime.js +1 -1
package/lib/guard-oauth.js +3 -3
package/lib/guard-pdf.js +6 -6
package/lib/guard-pop3-command.js +11 -11
package/lib/guard-posture-chain.js +5 -5
package/lib/guard-regex.js +10 -10
package/lib/guard-saga-config.js +5 -5
package/lib/guard-smtp-command.js +6 -6
package/lib/guard-snapshot-envelope.js +3 -3
package/lib/guard-stream-args.js +4 -4
package/lib/guard-svg.js +11 -11
package/lib/guard-tenant-id.js +5 -5
package/lib/guard-time.js +15 -15
package/lib/guard-trace-context.js +4 -4
package/lib/guard-uuid.js +11 -11
package/lib/guard-xml.js +12 -12
package/lib/guard-yaml.js +16 -16
package/lib/honeytoken.js +5 -5
package/lib/http-client.js +1 -1
package/lib/http-message-signature.js +2 -2
package/lib/iab-mspa.js +3 -3
package/lib/iab-tcf.js +70 -70
package/lib/inbox.js +4 -4
package/lib/ip-utils.js +15 -15
package/lib/jose-jwe-experimental.js +2 -2
package/lib/json-path.js +3 -3
package/lib/json-schema.js +1 -1
package/lib/jsonapi.js +3 -3
package/lib/jtd.js +2 -2
package/lib/link-header.js +1 -1
package/lib/local-db-thin.js +1 -1
package/lib/log.js +1 -1
package/lib/lro.js +4 -4
package/lib/mail-agent.js +1 -1
package/lib/mail-arc-sign.js +6 -6
package/lib/mail-auth.js +43 -43
package/lib/mail-bimi.js +3 -3
package/lib/mail-crypto-pgp.js +53 -45
package/lib/mail-crypto-smime.js +5 -5
package/lib/mail-dav.js +1 -1
package/lib/mail-deploy.js +39 -39
package/lib/mail-dkim.js +11 -11
package/lib/mail-greylist.js +12 -12
package/lib/mail-helo.js +1 -1
package/lib/mail-journal.js +8 -8
package/lib/mail-rbl.js +7 -7
package/lib/mail-scan.js +7 -7
package/lib/mail-send-deliver.js +2 -2
package/lib/mail-server-imap.js +12 -12
package/lib/mail-server-jmap.js +16 -16
package/lib/mail-server-managesieve.js +4 -4
package/lib/mail-server-mx.js +17 -17
package/lib/mail-server-pop3.js +4 -4
package/lib/mail-server-rate-limit.js +2 -2
package/lib/mail-server-submission.js +21 -21
package/lib/mail-sieve.js +2 -2
package/lib/mail-spam-score.js +5 -5
package/lib/mail-srs.js +12 -12
package/lib/mail-store-fts.js +2 -2
package/lib/mail-store.js +8 -8
package/lib/mail-unsubscribe.js +4 -4
package/lib/mail.js +4 -4
package/lib/mcp-tool-registry.js +4 -4
package/lib/mcp.js +8 -8
package/lib/mdoc.js +2 -2
package/lib/metrics.js +8 -8
package/lib/middleware/age-gate.js +1 -1
package/lib/middleware/api-encrypt.js +7 -7
package/lib/middleware/assetlinks.js +2 -2
package/lib/middleware/asyncapi-serve.js +2 -2
package/lib/middleware/bearer-auth.js +5 -5
package/lib/middleware/body-parser.js +5 -5
package/lib/middleware/compose-pipeline.js +15 -15
package/lib/middleware/csp-report.js +4 -4
package/lib/middleware/daily-byte-quota.js +1 -1
package/lib/middleware/dpop.js +1 -1
package/lib/middleware/headers.js +2 -2
package/lib/middleware/host-allowlist.js +1 -1
package/lib/middleware/idempotency-key.js +12 -12
package/lib/middleware/nel.js +1 -1
package/lib/middleware/openapi-serve.js +2 -2
package/lib/middleware/protected-resource-metadata.js +2 -2
package/lib/middleware/require-aal.js +1 -1
package/lib/middleware/require-bound-key.js +2 -2
package/lib/middleware/require-content-type.js +1 -1
package/lib/middleware/require-methods.js +1 -1
package/lib/middleware/require-step-up.js +2 -2
package/lib/middleware/scim-server.js +1 -1
package/lib/middleware/security-txt.js +3 -3
package/lib/middleware/tus-upload.js +12 -12
package/lib/middleware/web-app-manifest.js +2 -2
package/lib/network-byte-quota.js +1 -1
package/lib/network-dns-resolver.js +23 -23
package/lib/network-dns.js +29 -29
package/lib/network-dnssec.js +33 -33
package/lib/network-smtp-policy.js +10 -10
package/lib/network-tls.js +99 -94
package/lib/network-tsig.js +33 -33
package/lib/nis2-report.js +1 -1
package/lib/ntp-check.js +3 -3
package/lib/observability-otlp-exporter.js +17 -17
package/lib/observability-tracer.js +6 -6
package/lib/observability.js +8 -8
package/lib/openapi-yaml.js +1 -1
package/lib/openapi.js +1 -1
package/lib/outbox.js +6 -6
package/lib/pqc-agent.js +4 -4
package/lib/pqc-software.js +1 -1
package/lib/privacy-pass.js +5 -5
package/lib/problem-details.js +5 -5
package/lib/promise-pool.js +1 -1
package/lib/protobuf-encoder.js +9 -1
package/lib/queue.js +4 -2
package/lib/redact.js +2 -2
package/lib/request-helpers.js +1 -1
package/lib/router.js +10 -10
package/lib/safe-async.js +2 -2
package/lib/safe-dns.js +71 -71
package/lib/safe-ical.js +19 -19
package/lib/safe-icap.js +24 -24
package/lib/safe-jsonpath.js +2 -2
package/lib/safe-mime.js +10 -10
package/lib/safe-mount-info.js +3 -3
package/lib/safe-redirect.js +1 -1
package/lib/safe-sieve.js +23 -23
package/lib/safe-smtp.js +1 -1
package/lib/safe-vcard.js +14 -14
package/lib/sandbox.js +5 -5
package/lib/sec-cyber.js +1 -1
package/lib/self-update-standalone-verifier.js +3 -3
package/lib/self-update.js +3 -3
package/lib/server-timing.js +3 -3
package/lib/session-device-binding.js +7 -7
package/lib/session.js +8 -8
package/lib/standard-webhooks.js +4 -4
package/lib/storage.js +2 -2
package/lib/stream-throttle.js +1 -1
package/lib/structured-fields.js +15 -15
package/lib/subject.js +1 -1
package/lib/tcpa-10dlc.js +1 -1
package/lib/tenant-quota.js +3 -3
package/lib/test-harness.js +1 -1
package/lib/tracing.js +1 -1
package/lib/tsa.js +5 -5
package/lib/uri-template.js +5 -5
package/lib/vault/index.js +2 -2
package/lib/vault/seal-pem-file.js +4 -4
package/lib/vc.js +2 -2
package/lib/vendor-data.js +1 -1
package/lib/watcher.js +4 -4
package/lib/web-push-vapid.js +21 -21
package/lib/webhook.js +2 -2
package/lib/websocket.js +3 -3
package/lib/worker-pool.js +3 -3
package/lib/ws-client.js +24 -24
package/lib/xml-c14n.js +2 -2
package/package.json +1 -1
package/sbom.cdx.json +6 -6

package/lib/auth/status-list.js CHANGED Viewed

@@ -55,7 +55,7 @@ var { defineClass } = require("../framework-error");
 var StatusListError = defineClass("StatusListError", { alwaysPermanent: true });
-var SUPPORTED_BIT_SIZES = { 1: 1, 2: 1, 4: 1, 8: 1 };                            // allow:raw-byte-literal — bit-size enum (1/2/4/8 bits per status), not bytes
+var SUPPORTED_BIT_SIZES = { 1: 1, 2: 1, 4: 1, 8: 1 };                            // bit-size enum (1/2/4/8 bits per status), not bytes
 var STATUS_VALID                = 0;
 var STATUS_INVALID              = 1;
 var STATUS_SUSPENDED            = 2;
@@ -107,7 +107,7 @@ function create(opts) {
   var bits = opts.bits === undefined ? 1 : opts.bits;
   _validateBits(bits);
   // Allocate the bit-packed buffer up front. byteCount = ceil(size*bits/8).
-  var bitBytes = Math.ceil((size * bits) / 8);                                   // allow:raw-byte-literal — bits-per-byte conversion
+  var bitBytes = Math.ceil((size * bits) / 8);                                   // bits-per-byte conversion
   var bytes = Buffer.alloc(bitBytes);
   if (opts.fill !== undefined && opts.fill !== 0) {
     _validateStatus(opts.fill, bits);
@@ -184,19 +184,19 @@ function create(opts) {
 // ---- bit-packed helpers ----
 function _setAt(bytes, bits, idx, status) {
-  if (bits === 8) { bytes[idx] = status & 0xff; return; }                        // allow:raw-byte-literal — byte mask
+  if (bits === 8) { bytes[idx] = status & 0xff; return; }                        // byte mask
   var bitOffset = idx * bits;
-  var byteIdx   = Math.floor(bitOffset / 8);                                     // allow:raw-byte-literal — bits-per-byte
-  var bitInByte = bitOffset % 8;                                                 // allow:raw-byte-literal — bits-per-byte
+  var byteIdx   = Math.floor(bitOffset / 8);                                     // bits-per-byte
+  var bitInByte = bitOffset % 8;                                                 // bits-per-byte
   var mask      = ((1 << bits) - 1) << bitInByte;
   bytes[byteIdx] = (bytes[byteIdx] & ~mask) | ((status << bitInByte) & mask);
 }
 function _getAt(bytes, bits, idx) {
-  if (bits === 8) return bytes[idx];                                             // allow:raw-byte-literal — 8-bit fast path
+  if (bits === 8) return bytes[idx];                                             // 8-bit fast path
   var bitOffset = idx * bits;
-  var byteIdx   = Math.floor(bitOffset / 8);                                     // allow:raw-byte-literal — bits-per-byte
-  var bitInByte = bitOffset % 8;                                                 // allow:raw-byte-literal — bits-per-byte
+  var byteIdx   = Math.floor(bitOffset / 8);                                     // bits-per-byte
+  var bitInByte = bitOffset % 8;                                                 // bits-per-byte
   var mask      = (1 << bits) - 1;
   return (bytes[byteIdx] >> bitInByte) & mask;
 }
@@ -238,13 +238,13 @@ async function fromJwt(token, opts) {
       "statusList.fromJwt: compressed list exceeds " + MAX_LIST_BYTES + " bytes");
   }
   var inflated;
-  try { inflated = zlib.inflateRawSync(deflated, { maxOutputLength: MAX_LIST_BYTES * 8 }); }      // allow:raw-byte-literal — 8x compression-ratio cap
+  try { inflated = zlib.inflateRawSync(deflated, { maxOutputLength: MAX_LIST_BYTES * 8 }); }      // 8x compression-ratio cap
   catch (e) {
     throw new StatusListError("status-list/inflate-failed",
       "statusList.fromJwt: zlib inflate failed: " + ((e && e.message) || String(e)));
   }
   // Reconstruct the list object pointing at the inflated bytes.
-  var size = (inflated.length * 8) / bits;                                       // allow:raw-byte-literal — bits-per-byte
+  var size = (inflated.length * 8) / bits;                                       // bits-per-byte
   return {
     list: {
       size:     size,

package/lib/auth/step-up.js CHANGED Viewed

@@ -86,7 +86,7 @@ function _quote(value) {
   // Reject CTLs and quote-injecting characters.
   for (var i = 0; i < value.length; i += 1) {
     var code = value.charCodeAt(i);
-    if (code < 32 || code === 127) {                                    // allow:raw-byte-literal — ASCII control codepoints
+    if (code < 32 || code === 127) {                                    // ASCII control codepoints
       throw new AuthError("auth-step-up/bad-challenge",
         "challenge value contains control character at index " + i);
     }

package/lib/auth-bot-challenge.js CHANGED Viewed

@@ -270,7 +270,7 @@ function create(opts) {
   function _runBotGuardCheck(req) {
     return new Promise(function (resolve) {
       var capturedRes = {
-        statusCode: 200, // allow:raw-byte-literal — HTTP 200 status code, not bytes
+        statusCode: 200, // HTTP 200 status code, not bytes
         writableEnded: false,
         writeHead: function (status) { capturedRes.statusCode = status; },
         end: function () { capturedRes.writableEnded = true; },

package/lib/backup/index.js CHANGED Viewed

@@ -1118,7 +1118,7 @@ function bundleAdapterStorage(opts) {
   var passphraseMinEntropyBits;
   if (opts.passphraseMinEntropyBits === undefined ||
       opts.passphraseMinEntropyBits === null) {
-    passphraseMinEntropyBits = 80;                                                    // allow:raw-byte-literal — entropy-bits default floor, not byte count
+    passphraseMinEntropyBits = 80;                                                    // entropy-bits default floor, not byte count
   } else if (Number.isFinite(opts.passphraseMinEntropyBits) &&
              opts.passphraseMinEntropyBits >= 0) {
     passphraseMinEntropyBits = Math.floor(opts.passphraseMinEntropyBits);
@@ -1164,8 +1164,8 @@ function bundleAdapterStorage(opts) {
     // v0.12.11 — passphrase strategy under HIPAA / PCI-DSS raises
     // the entropy floor to 128 bits (matches the framework's
     // existing crypto-grade-password discipline for sealed-storage).
-    if (cryptoStrategy === "passphrase" && passphraseMinEntropyBits < 128) {          // allow:raw-byte-literal — entropy-bits floor, not byte count
-      passphraseMinEntropyBits = 128;                                                  // allow:raw-byte-literal — entropy-bits floor, not byte count
+    if (cryptoStrategy === "passphrase" && passphraseMinEntropyBits < 128) {          // entropy-bits floor, not byte count
+      passphraseMinEntropyBits = 128;                                                  // entropy-bits floor, not byte count
     }
   }
   // Codex P2 on v0.12.8 PR #159 — tar mode builds the whole archive
@@ -1754,7 +1754,7 @@ function bundleAdapterStorage(opts) {
     // per-bundle rewrap.
     async rewrapAllBundles(opts) {
       opts = opts || {};
-      var concurrency = 4;                                                            // allow:raw-byte-literal — default fan-out, not byte count
+      var concurrency = 4;                                                            // default fan-out, not byte count
       if (typeof opts.concurrency === "number" && Number.isFinite(opts.concurrency) &&
           opts.concurrency > 0) {
         concurrency = Math.max(1, Math.floor(opts.concurrency));
@@ -1855,7 +1855,7 @@ function bundleAdapterStorage(opts) {
       // a silent ok=0/failed=0 report on non-empty storage. Default
       // 4; minimum 1; non-finite / non-positive falls back to
       // default.
-      var concurrency = 4;                                                            // allow:raw-byte-literal — default fan-out, not byte count
+      var concurrency = 4;                                                            // default fan-out, not byte count
       if (typeof vOpts.concurrency === "number" && Number.isFinite(vOpts.concurrency) &&
           vOpts.concurrency > 0) {
         concurrency = Math.max(1, Math.floor(vOpts.concurrency));
@@ -2096,7 +2096,7 @@ function bundleAdapterStorage(opts) {
         // capped 16-byte readFile via the fallback path (still
         // bounded; better than full payload).
         if (typeof adapter.readPartial === "function") {
-          var probe = await adapter.readPartial(payloadKey, 16);                      // allow:raw-byte-literal — 16-byte probe head, magic comparison
+          var probe = await adapter.readPartial(payloadKey, 16);                      // 16-byte probe head, magic comparison
           envelopeKind = archiveLazy().sniffEnvelope(probe);
         } else {
           // Legacy adapter — readPartial missing. Operators using
@@ -2389,7 +2389,7 @@ bundleAdapterStorage.objectStoreAdapter = function (client, osOpts) {
       // is consumed. PAGINATION_CAP guards against a runaway
       // server returning truncated:true forever (defense-in-depth;
       // shipped backends honour the contract).
-      var PAGINATION_CAP = 1000;                                                      // allow:raw-byte-literal — page count cap, not byte count
+      var PAGINATION_CAP = 1000;                                                      // page count cap, not byte count
       var out = [];
       var token = null;
       var pages = 0;

package/lib/base32.js CHANGED Viewed

@@ -42,7 +42,7 @@ Object.keys(ALPHABETS).forEach(function (v) {
   LOOKUPS[v] = map;
 });
-var GROUP = 8;                                              // allow:raw-byte-literal — Base32 emits 8 chars per 5 input bytes (RFC 4648 §6)
+var GROUP = 8;                                              // Base32 emits 8 chars per 5 input bytes (RFC 4648 §6)
 var BITS = 5;                                               // 5 bits per Base32 symbol
 function _alphabet(variant) {
@@ -82,14 +82,14 @@ function encode(input, opts) {
   var out = "";
   var value = 0, bits = 0;
   for (var i = 0; i < buf.length; i++) {
-    value = (value << 8) | buf[i];                          // allow:raw-byte-literal — shift in one input byte
-    bits += 8;                                              // allow:raw-byte-literal — eight bits per input byte
+    value = (value << 8) | buf[i];                          // shift in one input byte
+    bits += 8;                                              // eight bits per input byte
     while (bits >= BITS) {
-      out += alphabet.charAt((value >>> (bits - BITS)) & 31);   // allow:raw-byte-literal — low 5 bits mask (2^5 - 1)
+      out += alphabet.charAt((value >>> (bits - BITS)) & 31);   // low 5 bits mask (2^5 - 1)
       bits -= BITS;
     }
   }
-  if (bits > 0) out += alphabet.charAt((value << (BITS - bits)) & 31);   // allow:raw-byte-literal — final partial group, low 5 bits
+  if (bits > 0) out += alphabet.charAt((value << (BITS - bits)) & 31);   // final partial group, low 5 bits
   if (pad) while (out.length % GROUP !== 0) out += "=";
   return out;
 }
@@ -138,9 +138,9 @@ function decode(str, opts) {
     if (idx === undefined) throw new Base32Error("base32/bad-char", "base32.decode: invalid Base32 character '" + str.charAt(i) + "' at index " + i);
     value = (value << BITS) | idx;
     bits += BITS;
-    if (bits >= 8) {                                        // allow:raw-byte-literal — emit a full output byte
-      bytes.push((value >>> (bits - 8)) & 0xff);            // allow:raw-byte-literal — eight-bit output byte mask
-      bits -= 8;                                            // allow:raw-byte-literal — consumed eight bits
+    if (bits >= 8) {                                        // emit a full output byte
+      bytes.push((value >>> (bits - 8)) & 0xff);            // eight-bit output byte mask
+      bits -= 8;                                            // consumed eight bits
     }
   }
   return Buffer.from(bytes);

package/lib/budr.js CHANGED Viewed

@@ -30,8 +30,8 @@ var audit = require("./audit");
 var { defineClass } = require("./framework-error");
 var BudrError = defineClass("BudrError", { alwaysPermanent: true });
-var SERVICE_MAX = 128;                                                                        // allow:raw-byte-literal — string-length cap, not bytes
-var SERVICE_RE = /^[a-zA-Z0-9._:/-]{1,128}$/;                                                 // allow:raw-byte-literal — string-length cap; not bytes
+var SERVICE_MAX = 128;                                                                        // string-length cap, not bytes
+var SERVICE_RE = /^[a-zA-Z0-9._:/-]{1,128}$/;                                                 // string-length cap; not bytes
 var TIERS = ["platinum", "gold", "silver", "bronze"];
 var CRITICALITIES = ["critical", "high", "medium", "low"];

package/lib/cache-status.js CHANGED Viewed

@@ -47,7 +47,7 @@ var CacheStatusError = defineClass("CacheStatusError", { alwaysPermanent: true }
 // per RFC 8941: starts with ALPHA or "*", continues with tchar / ":"
 // / "/". tchar excludes `, ; " \ space and all controls.
 var CACHE_NAME_RE   = /^[A-Za-z*][!#$%&'*+\-.^_`|~0-9A-Za-z:/]*$/;                                 // allow:duplicate-regex — sf-token shape per RFC 8941 §3.3.4
-var CACHE_NAME_MAX  = 128;                                                                         // allow:raw-byte-literal — cache-name length cap, not bytes
+var CACHE_NAME_MAX  = 128;                                                                         // cache-name length cap, not bytes
 var FWD_VALUES = Object.freeze(["bypass", "method", "uri-miss", "vary-miss", "miss", "request", "stale", "partial"]);
 var BOOLEAN_PARAMS = Object.freeze(["hit", "stored", "collapsed"]);
 // Reserved parameter names per RFC 9211 §2 — the framework knows their
@@ -153,7 +153,7 @@ function entryString(entry) {
   }
   if (entry.fwdStatus !== undefined && entry.fwdStatus !== null) {
     if (typeof entry.fwdStatus !== "number" || !Number.isInteger(entry.fwdStatus) ||
-        entry.fwdStatus < 100 || entry.fwdStatus > 599) {                                          // allow:raw-byte-literal — HTTP status range
+        entry.fwdStatus < 100 || entry.fwdStatus > 599) {                                          // HTTP status range
       throw new CacheStatusError("cache-status/bad-fwd-status",
         "entry.fwdStatus must be an integer 100..599");
     }

package/lib/calendar.js CHANGED Viewed

@@ -98,7 +98,7 @@ var JSCAL_NOTE_STATUS = Object.freeze({
 // Recurrence-expansion caps. Mirror b.safeIcal's RRULE limits so the
 // expand path can't outpace what the parser already permitted.
-var MAX_EXPAND_INSTANCES = 4096;                                                                       // allow:raw-byte-literal — instance count cap, not bytes
+var MAX_EXPAND_INSTANCES = 4096;                                                                       // instance count cap, not bytes
 var MAX_EXPAND_SPAN_MS   = 10 * 365 * 24 * 60 * 60 * 1000;                                             // allow:raw-byte-literal + allow:raw-time-literal — 10 year max expansion span
 /**
@@ -138,7 +138,7 @@ function validate(jsCal) {
     throw new CalendarError("calendar/no-uid",
       "b.calendar.validate: uid is required (RFC 8984 §5.1.4)");
   }
-  if (jsCal.uid.length > 1024) {                                                                       // allow:raw-byte-literal — anti-DoS uid length cap
+  if (jsCal.uid.length > 1024) {                                                                       // anti-DoS uid length cap
     throw new CalendarError("calendar/oversize-uid",
       "b.calendar.validate: uid exceeds 1024 bytes");
   }
@@ -183,7 +183,7 @@ function validate(jsCal) {
       // refuse.
       if (typeof jsCal.percentComplete !== "number" || !isFinite(jsCal.percentComplete) ||
           !Number.isInteger(jsCal.percentComplete) ||
-          jsCal.percentComplete < 0 || jsCal.percentComplete > 100) {                                  // allow:raw-byte-literal — RFC 8984 §6 percent range
+          jsCal.percentComplete < 0 || jsCal.percentComplete > 100) {                                  // RFC 8984 §6 percent range
         throw new CalendarError("calendar/bad-percent",
           "b.calendar.validate: Task.percentComplete MUST be an integer in 0..100 (RFC 8984 §6.4.4 UnsignedInt)");
       }
@@ -586,7 +586,7 @@ function expandRecurrence(event, opts) {
   // specified, they are expanded independently and the resulting
   // instances are UNIONed (deduped + sorted ascending). Per-rule
   // count caps apply per-rule per the same section.
-  var globalStepBudget = MAX_EXPAND_INSTANCES * 366;                                                   // allow:raw-byte-literal — total days/year step budget shared across all rules
+  var globalStepBudget = MAX_EXPAND_INSTANCES * 366;                                                   // total days/year step budget shared across all rules
   var seen = Object.create(null);
   var unioned = [];
   for (var rrIndex = 0; rrIndex < event.recurrenceRules.length; rrIndex += 1) {
@@ -644,7 +644,7 @@ function _expandSingleRule(rule, startMs, ctx) {
     byMonthSet = Object.create(null);
     for (var mi = 0; mi < rule.byMonth.length; mi += 1) {
       var mn = parseInt(rule.byMonth[mi], 10);
-      if (isFinite(mn) && mn >= 1 && mn <= 12) byMonthSet[mn] = true;                                  // allow:raw-byte-literal — 12 calendar months
+      if (isFinite(mn) && mn >= 1 && mn <= 12) byMonthSet[mn] = true;                                  // 12 calendar months
     }
   }
   var byMonthDaySet = null;
@@ -652,7 +652,7 @@ function _expandSingleRule(rule, startMs, ctx) {
     byMonthDaySet = Object.create(null);
     for (var mdi = 0; mdi < rule.byMonthDay.length; mdi += 1) {
       var mdn = parseInt(rule.byMonthDay[mdi], 10);
-      if (isFinite(mdn) && mdn !== 0 && mdn >= -31 && mdn <= 31) byMonthDaySet[mdn] = true;            // allow:raw-byte-literal — calendar day-of-month bounds
+      if (isFinite(mdn) && mdn !== 0 && mdn >= -31 && mdn <= 31) byMonthDaySet[mdn] = true;            // calendar day-of-month bounds
     }
   }
   // RFC 5545 §3.3.10 — BYWEEKNO refines yearly recurrences to specific
@@ -663,7 +663,7 @@ function _expandSingleRule(rule, startMs, ctx) {
     byWeekNoSet = Object.create(null);
     for (var wni = 0; wni < rule.byWeekNo.length; wni += 1) {
       var wn = parseInt(rule.byWeekNo[wni], 10);
-      if (isFinite(wn) && wn !== 0 && wn >= -53 && wn <= 53) byWeekNoSet[wn] = true;                   // allow:raw-byte-literal — ISO 8601 week-number bounds
+      if (isFinite(wn) && wn !== 0 && wn >= -53 && wn <= 53) byWeekNoSet[wn] = true;                   // ISO 8601 week-number bounds
     }
   }
   // BYYEARDAY — day-of-year (1..366 or -1..-366; negative counts from
@@ -673,7 +673,7 @@ function _expandSingleRule(rule, startMs, ctx) {
     byYearDaySet = Object.create(null);
     for (var ydi = 0; ydi < rule.byYearDay.length; ydi += 1) {
       var yd = parseInt(rule.byYearDay[ydi], 10);
-      if (isFinite(yd) && yd !== 0 && yd >= -366 && yd <= 366) byYearDaySet[yd] = true;                // allow:raw-byte-literal — day-of-year bounds
+      if (isFinite(yd) && yd !== 0 && yd >= -366 && yd <= 366) byYearDaySet[yd] = true;                // day-of-year bounds
     }
   }
   // BYHOUR / BYMINUTE / BYSECOND — time-of-day filters. RFC 5545 §3.3.10
@@ -695,8 +695,8 @@ function _expandSingleRule(rule, startMs, ctx) {
     // unfiltered candidate per RFC 5545's tolerant grammar.
     return hasAny ? s : null;
   }
-  var byHourSet   = _bySet(rule.byHour,   0, 23);                                                      // allow:raw-byte-literal — RFC 5545 hour range
-  var byMinuteSet = _bySet(rule.byMinute, 0, 59);                                                      // allow:raw-byte-literal — RFC 5545 minute range
+  var byHourSet   = _bySet(rule.byHour,   0, 23);                                                      // RFC 5545 hour range
+  var byMinuteSet = _bySet(rule.byMinute, 0, 59);                                                      // RFC 5545 minute range
   var bySecondSet = _bySet(rule.bySecond, 0, 60);                                                      // allow:raw-byte-literal — RFC 5545 second range incl. leap second // allow:raw-time-literal — second-of-minute bound, not a duration
   function _isoWeekParts(d) {
@@ -706,7 +706,7 @@ function _expandSingleRule(rule, startMs, ctx) {
     // Returns { week, year }.
     var tmp = new Date(Date.UTC(d.getUTCFullYear(), d.getUTCMonth(), d.getUTCDate()));
     var dayOfWeek = tmp.getUTCDay() || 7;
-    tmp.setUTCDate(tmp.getUTCDate() + 4 - dayOfWeek);                                                  // allow:raw-byte-literal — ISO week-year anchor (Thursday)
+    tmp.setUTCDate(tmp.getUTCDate() + 4 - dayOfWeek);                                                  // ISO week-year anchor (Thursday)
     var weekYear = tmp.getUTCFullYear();
     var yearStart = new Date(Date.UTC(weekYear, 0, 1));
     var week = Math.ceil((((tmp - yearStart) / 86400000) + 1) / 7);                                    // allow:raw-time-literal — 86400000 ms/day, 7 days/week // allow:raw-byte-literal
@@ -720,7 +720,7 @@ function _expandSingleRule(rule, startMs, ctx) {
     return Math.floor((d - startOfYear) / 86400000) + 1;                                               // allow:raw-time-literal — 86400000 ms/day // allow:raw-byte-literal
   }
   function _daysInYear(year) {
-    return ((year % 4 === 0 && year % 100 !== 0) || year % 400 === 0) ? 366 : 365;                      // allow:raw-byte-literal — Gregorian leap-year rule
+    return ((year % 4 === 0 && year % 100 !== 0) || year % 400 === 0) ? 366 : 365;                      // Gregorian leap-year rule
   }
   function _matchesBy(t) {
     var d = new Date(t);
@@ -738,7 +738,7 @@ function _expandSingleRule(rule, startMs, ctx) {
       // a future explicit knob if demand surfaces.
       var iso = _isoWeekParts(d);
       if (iso.year !== d.getUTCFullYear()) return false;
-      var lastWeek = _isoWeekOf(new Date(Date.UTC(d.getUTCFullYear(), 11, 28)));                       // allow:raw-byte-literal — Dec 28 always in last ISO week
+      var lastWeek = _isoWeekOf(new Date(Date.UTC(d.getUTCFullYear(), 11, 28)));                       // Dec 28 always in last ISO week
       if (!byWeekNoSet[iso.week] && !byWeekNoSet[-(lastWeek - iso.week + 1)]) return false;
     }
     if (byYearDaySet) {
@@ -814,7 +814,7 @@ function _bySetPosArray(raw) {
   var out = [];
   for (var i = 0; i < raw.length; i += 1) {
     var n = parseInt(raw[i], 10);
-    if (isFinite(n) && n !== 0 && n >= -366 && n <= 366) out.push(n);                                  // allow:raw-byte-literal — RFC 5545 §3.3.10 bysetpos range
+    if (isFinite(n) && n !== 0 && n >= -366 && n <= 366) out.push(n);                                  // RFC 5545 §3.3.10 bysetpos range
   }
   return out.length > 0 ? out : null;
 }
@@ -864,7 +864,7 @@ function _expandWithBysetpos(ctx) {
     // periods (e.g. YEARLY = 366 days) can't loop forever.
     var candidates = [];
     var dayMs = period.startMs;
-    var safety = 400;                                                                                  // allow:raw-byte-literal — period day cap (covers leap year 366 + slack)
+    var safety = 400;                                                                                  // period day cap (covers leap year 366 + slack)
     while (dayMs <= period.endMs && safety-- > 0 && stepBudgetRef.remaining > 0) {
       stepBudgetRef.remaining -= 1;
       var candidate = _withTimeOfDay(dayMs, hh, mm, ss, ms);
@@ -919,8 +919,8 @@ function _periodForIndex(freq, startDate, offset) {
   }
   if (freq === "monthly") {
     var bm = startDate.getUTCMonth() + offset;
-    var by = startDate.getUTCFullYear() + Math.floor(bm / 12);                                         // allow:raw-byte-literal — months/year
-    var mm = ((bm % 12) + 12) % 12;                                                                    // allow:raw-byte-literal — months/year
+    var by = startDate.getUTCFullYear() + Math.floor(bm / 12);                                         // months/year
+    var mm = ((bm % 12) + 12) % 12;                                                                    // months/year
     var ms = Date.UTC(by, mm, 1, 0, 0, 0, 0);
     var me = Date.UTC(by, mm + 1, 1, 0, 0, 0, 0) - 1;
     return { startMs: ms, endMs: me };
@@ -928,7 +928,7 @@ function _periodForIndex(freq, startDate, offset) {
   // weekly — align to WKST=Monday (RFC 5545 default WKST).
   var anchor = new Date(Date.UTC(startDate.getUTCFullYear(), startDate.getUTCMonth(), startDate.getUTCDate(), 0, 0, 0, 0));
   var dow = anchor.getUTCDay() || 7;
-  anchor.setUTCDate(anchor.getUTCDate() - (dow - 1) + offset * 7);                                     // allow:raw-byte-literal — days/week
+  anchor.setUTCDate(anchor.getUTCDate() - (dow - 1) + offset * 7);                                     // days/week
   var ws = anchor.getTime();
   var we = ws + 7 * 86400000 - 1;                                                                      // allow:raw-byte-literal + allow:raw-time-literal — 7-day window
   return { startMs: ws, endMs: we };
@@ -1021,7 +1021,7 @@ function _vtodoToJsCalTask(vt) {
   var percent = _firstValue(props["PERCENT-COMPLETE"]);
   if (percent !== null && percent !== undefined) {
     var pn = parseInt(percent, 10);
-    if (isFinite(pn) && pn >= 0 && pn <= 100) jsCal.percentComplete = pn;                              // allow:raw-byte-literal — RFC 8984 §6 percent range
+    if (isFinite(pn) && pn >= 0 && pn <= 100) jsCal.percentComplete = pn;                              // RFC 8984 §6 percent range
   }
   var completed = _firstValue(props.COMPLETED);
   if (completed) jsCal.progressUpdated = _icalDateTimeToUtc(completed);
@@ -1202,7 +1202,7 @@ function _advance(ms, freq, interval) {
   var d = new Date(ms);
   switch (freq) {
   case "daily":   d.setUTCDate(d.getUTCDate() + interval); break;
-  case "weekly":  d.setUTCDate(d.getUTCDate() + 7 * interval); break;                                  // allow:raw-byte-literal — 7 days/week
+  case "weekly":  d.setUTCDate(d.getUTCDate() + 7 * interval); break;                                  // 7 days/week
   case "monthly": d.setUTCMonth(d.getUTCMonth() + interval); break;
   case "yearly":  d.setUTCFullYear(d.getUTCFullYear() + interval); break;
   case "hourly":  d.setUTCHours(d.getUTCHours() + interval); break;
@@ -1227,10 +1227,10 @@ function _foldLine(s) {
   // RFC 5545 §3.1 — content lines SHOULD NOT exceed 75 octets; fold
   // with CRLF + leading space. We let the joining code add the
   // trailing CRLF; this helper only inserts the intra-line fold.
-  if (s.length <= 75) return s;                                                                        // allow:raw-byte-literal — RFC 5545 §3.1 line-length cap
+  if (s.length <= 75) return s;                                                                        // RFC 5545 §3.1 line-length cap
   var out = "";
-  for (var i = 0; i < s.length; i += 73) {                                                             // allow:raw-byte-literal — 73 = 75 minus the CR/LF wrap
-    out += (i === 0 ? "" : "\r\n ") + s.slice(i, i + 73);                                              // allow:raw-byte-literal — same cap
+  for (var i = 0; i < s.length; i += 73) {                                                             // 73 = 75 minus the CR/LF wrap
+    out += (i === 0 ? "" : "\r\n ") + s.slice(i, i + 73);                                              // same cap
   }
   return out;
 }

package/lib/cbor.js CHANGED Viewed

@@ -58,15 +58,15 @@ var { defineClass } = require("./framework-error");
 var CborError = defineClass("CborError", { alwaysPermanent: true });
-var DEFAULT_MAX_DEPTH = 64;                                                            // allow:raw-byte-literal — nesting depth, not a size
-var ABSOLUTE_MAX_DEPTH = 256;                                                          // allow:raw-byte-literal — nesting depth ceiling, not a size
+var DEFAULT_MAX_DEPTH = 64;                                                            // nesting depth, not a size
+var ABSOLUTE_MAX_DEPTH = 256;                                                          // nesting depth ceiling, not a size
 var DEFAULT_MAX_BYTES = C.BYTES.mib(16);
 var ABSOLUTE_MAX_BYTES = C.BYTES.mib(64);
 // CBOR / IEEE-754 wire constants (not byte sizes — protocol values).
-var CBOR_AI_1BYTE = 24;            // allow:raw-byte-literal — RFC 8949 §3 additional-info boundary (inline vs 1-byte argument)
-var BYTES_64BIT = 8;               // allow:raw-byte-literal — width of a CBOR uint64 / float64 argument, not a cap
-var FLOAT16_MANT_DIV = 1024;       // allow:raw-byte-literal — IEEE 754 half-precision mantissa scale (2^10), not a size
+var CBOR_AI_1BYTE = 24;            // RFC 8949 §3 additional-info boundary (inline vs 1-byte argument)
+var BYTES_64BIT = 8;               // width of a CBOR uint64 / float64 argument, not a cap
+var FLOAT16_MANT_DIV = 1024;       // IEEE 754 half-precision mantissa scale (2^10), not a size
 /**
  * @primitive b.cbor.Tag
@@ -110,9 +110,9 @@ function _capInt(v, dflt, absolute) {
 // + SCITT depend on this — emitting float64 for a value representable
 // in float16 is non-canonical and trips requireDeterministic.
 function _encodeFloat(value) {
-  if (Number.isNaN(value)) return Buffer.from([0xf9, 0x7e, 0x00]);                      // allow:raw-byte-literal — canonical half NaN (RFC 8949 §4.2.1)
-  if (value === Infinity) return Buffer.from([0xf9, 0x7c, 0x00]);                       // allow:raw-byte-literal — half +Inf
-  if (value === -Infinity) return Buffer.from([0xf9, 0xfc, 0x00]);                      // allow:raw-byte-literal — half -Inf
+  if (Number.isNaN(value)) return Buffer.from([0xf9, 0x7e, 0x00]);                      // canonical half NaN (RFC 8949 §4.2.1)
+  if (value === Infinity) return Buffer.from([0xf9, 0x7c, 0x00]);                       // half +Inf
+  if (value === -Infinity) return Buffer.from([0xf9, 0xfc, 0x00]);                      // half -Inf
   var half = _doubleToHalfBits(value);
   if (half >= 0) { var hb = Buffer.alloc(3); hb[0] = 0xf9; hb.writeUInt16BE(half, 1); return hb; }
   var f4 = Buffer.alloc(5); f4[0] = 0xfa; f4.writeFloatBE(value, 1);
@@ -167,10 +167,10 @@ function _head(major, argument) {
 }
 function _encodeValue(value, opts) {
-  if (value === null) return Buffer.from([0xf6]);                                       // allow:raw-byte-literal — CBOR null simple value
-  if (value === undefined) return Buffer.from([0xf7]);                                  // allow:raw-byte-literal — CBOR undefined simple value
-  if (value === true) return Buffer.from([0xf5]);                                       // allow:raw-byte-literal — CBOR true simple value
-  if (value === false) return Buffer.from([0xf4]);                                      // allow:raw-byte-literal — CBOR false simple value
+  if (value === null) return Buffer.from([0xf6]);                                       // CBOR null simple value
+  if (value === undefined) return Buffer.from([0xf7]);                                  // CBOR undefined simple value
+  if (value === true) return Buffer.from([0xf5]);                                       // CBOR true simple value
+  if (value === false) return Buffer.from([0xf4]);                                      // CBOR false simple value
   if (typeof value === "number") {
     // Exact integers within the safe range encode as CBOR integers;

package/lib/cdn-cache-control.js CHANGED Viewed

@@ -251,7 +251,7 @@ function build(opts) {
     // regex. RFC 7234 §5.2 token directives are tiny in practice
     // (max-age = 7 chars, stale-while-revalidate = 22); 64 is the
     // operator-headroom ceiling.
-    var DIRECTIVE_MAX = 64;                                                                        // allow:raw-byte-literal — directive key/value length cap
+    var DIRECTIVE_MAX = 64;                                                                        // directive key/value length cap
     for (var e = 0; e < ekeys.length; e += 1) {
       var ek = ekeys[e];
       if (ek.length === 0 || ek.length > DIRECTIVE_MAX || !DIRECTIVE_KEY_RE.test(ek)) {

package/lib/cert.js CHANGED Viewed

@@ -69,8 +69,8 @@ var log = boot("cert");
 var DEFAULT_RENEW_INTERVAL_MS    = C.TIME.hours(6);
 var DEFAULT_MIN_DAYS_BEFORE_EXPIRY = 14;
 var DEFAULT_OCSP_REFRESH_MS      = C.TIME.hours(12);
-var MAX_DOMAINS_PER_CERT         = 100;                                              // allow:raw-byte-literal — operator-facing manifest size cap, not a byte count (RFC 6066 SNI permits more)
-var MAX_CERTS_PER_MANAGER        = 1000;                                             // allow:raw-byte-literal — operator-facing manifest size cap, not a byte count
+var MAX_DOMAINS_PER_CERT         = 100;                                              // operator-facing manifest size cap, not a byte count (RFC 6066 SNI permits more)
+var MAX_CERTS_PER_MANAGER        = 1000;                                             // operator-facing manifest size cap, not a byte count
 function _positiveFiniteOrDefault(value, defaultValue, label, code) {
   if (value === undefined || value === null) return defaultValue;
@@ -481,9 +481,9 @@ function create(opts) {
   // counts. The framework's leaf-key alg names embed the bit length
   // verbatim ("rsa-2048" / "rsa-3072" / "rsa-4096"), so the literals
   // here are protocol-constant references.
-  var RSA_MODULUS_BITS_2048 = 2048;                                                  // allow:raw-byte-literal — RSA modulus length, not a byte count
-  var RSA_MODULUS_BITS_3072 = 3072;                                                  // allow:raw-byte-literal — RSA modulus length, not a byte count
-  var RSA_MODULUS_BITS_4096 = 4096;                                                  // allow:raw-byte-literal — RSA modulus length, not a byte count
+  var RSA_MODULUS_BITS_2048 = 2048;                                                  // RSA modulus length, not a byte count
+  var RSA_MODULUS_BITS_3072 = 3072;                                                  // RSA modulus length, not a byte count
+  var RSA_MODULUS_BITS_4096 = 4096;                                                  // RSA modulus length, not a byte count
   function _generateLeafKeypair(keyAlg) {
     switch (keyAlg) {

package/lib/cloud-events.js CHANGED Viewed

@@ -275,8 +275,8 @@ function parse(envelope) {
 // ---- validate / isValid (non-throwing spec check) ----
-var INT_MIN = -2147483648;                                  // allow:raw-byte-literal — CloudEvents Integer type range
-var INT_MAX = 2147483647;                                   // allow:raw-byte-literal — CloudEvents Integer type range
+var INT_MIN = -2147483648;                                  // CloudEvents Integer type range
+var INT_MAX = 2147483647;                                   // CloudEvents Integer type range
 // JSON-formatted media type essence (after the parameters are stripped):
 // type/json or type/anything+json. Each run is bounded by the single "/"
 // separator so the match is linear (no overlapping quantifiers → no
@@ -515,8 +515,8 @@ function _pctEncode(s) {
   var out = "";
   for (var i = 0; i < bytes.length; i += 1) {
     var by = bytes[i];
-    if (by < 0x21 || by > 0x7E || by === 0x22 || by === 0x25) {   // allow:raw-byte-literal — printable-ASCII bounds + double-quote and percent (HTTP binding header rule)
-      out += "%" + bytes[i].toString(16).toUpperCase().padStart(2, "0");   // allow:raw-byte-literal — 16 is the hex radix
+    if (by < 0x21 || by > 0x7E || by === 0x22 || by === 0x25) {   // printable-ASCII bounds + double-quote and percent (HTTP binding header rule)
+      out += "%" + bytes[i].toString(16).toUpperCase().padStart(2, "0");   // 16 is the hex radix
     } else {
       out += String.fromCharCode(by);
     }
@@ -528,7 +528,7 @@ function _pctDecode(s) {
   var i = 0;
   while (i < s.length) {
     if (s[i] === "%" && /^[0-9A-Fa-f]{2}$/.test(s.slice(i + 1, i + 3))) {
-      bytes.push(parseInt(s.slice(i + 1, i + 3), 16));   // allow:raw-byte-literal — 16 is the hex radix
+      bytes.push(parseInt(s.slice(i + 1, i + 3), 16));   // 16 is the hex radix
       i += 3;
     } else {
       var ch = Buffer.from(s[i], "utf8");