@character-foundry/character-foundry 0.1.6 → 0.1.8-dev.1765911776

package/dist/image-utils.js

@@ -0,0 +1,226 @@
+// ../image-utils/dist/index.js
+function extractImageUrls(text, options = {}) {
+  const {
+    includeMarkdown = true,
+    includeHTML = true,
+    includeBase64 = true
+  } = options;
+  const results = [];
+  const seen = /* @__PURE__ */ new Set();
+  if (includeMarkdown) {
+    const markdownPattern = /!\[([^\]]*)\]\(<?([^>\s)]+)>?(?:\s*=[^)]+)?\)/g;
+    let match;
+    while ((match = markdownPattern.exec(text)) !== null) {
+      const url = match[2]?.trim();
+      if (url && !seen.has(url)) {
+        seen.add(url);
+        results.push({
+          url,
+          source: "markdown",
+          context: match[0]
+        });
+      }
+    }
+  }
+  if (includeHTML) {
+    const htmlQuotedPattern = /<img[^>]+src=["']([^"']+)["'][^>]*>/gi;
+    let match;
+    while ((match = htmlQuotedPattern.exec(text)) !== null) {
+      const url = match[1]?.trim();
+      if (url && !seen.has(url)) {
+        seen.add(url);
+        results.push({
+          url,
+          source: "html",
+          context: match[0]
+        });
+      }
+    }
+    const htmlUnquotedPattern = /<img[^>]+src=([^\s"'>]+)[^>]*>/gi;
+    while ((match = htmlUnquotedPattern.exec(text)) !== null) {
+      const url = match[1]?.trim();
+      if (url && !url.startsWith('"') && !url.startsWith("'") && !seen.has(url)) {
+        seen.add(url);
+        results.push({
+          url,
+          source: "html",
+          context: match[0]
+        });
+      }
+    }
+    const cssUrlPattern = /url\(["']?([^)"']+)["']?\)/gi;
+    while ((match = cssUrlPattern.exec(text)) !== null) {
+      const url = match[1]?.trim();
+      if (url && (url.startsWith("http://") || url.startsWith("https://")) && !seen.has(url)) {
+        seen.add(url);
+        results.push({
+          url,
+          source: "html",
+          context: match[0]
+        });
+      }
+    }
+  }
+  if (includeHTML) {
+    const plainUrlPattern = /(?<![("'])(https?:\/\/[^\s<>"']+\.(?:jpg|jpeg|png|gif|webp|svg|avif|bmp))(?![)"'])/gi;
+    let match;
+    while ((match = plainUrlPattern.exec(text)) !== null) {
+      const url = match[0]?.trim();
+      if (url && !seen.has(url)) {
+        seen.add(url);
+        results.push({
+          url,
+          source: "html",
+          context: url
+        });
+      }
+    }
+  }
+  if (includeBase64) {
+    const dataUrlPattern = /data:image\/[^;]+;base64,[A-Za-z0-9+/=]+/g;
+    let match;
+    while ((match = dataUrlPattern.exec(text)) !== null) {
+      const url = match[0];
+      if (!seen.has(url)) {
+        seen.add(url);
+        results.push({
+          url,
+          source: "base64"
+        });
+      }
+    }
+  }
+  return results;
+}
+function extractRemoteImageUrls(text) {
+  const all = extractImageUrls(text, { includeBase64: false });
+  return all.filter((img) => /^https?:\/\//i.test(img.url));
+}
+function extractDataUrls(text) {
+  return extractImageUrls(text, {
+    includeMarkdown: false,
+    includeHTML: false,
+    includeBase64: true
+  });
+}
+function countImages(text) {
+  return extractImageUrls(text).length;
+}
+var DEFAULT_SSRF_POLICY = {
+  allowPrivateIPs: false,
+  allowLocalhost: false,
+  blockedDomains: [],
+  allowedDomains: [],
+  allowDataUrls: false
+};
+function isURLSafe(url, policy = {}) {
+  const config = { ...DEFAULT_SSRF_POLICY, ...policy };
+  let parsed;
+  try {
+    parsed = new URL(url);
+  } catch {
+    return { safe: false, reason: "Invalid URL format" };
+  }
+  if (parsed.protocol === "data:") {
+    if (!config.allowDataUrls) {
+      return { safe: false, reason: "Data URLs not allowed" };
+    }
+    return { safe: true };
+  }
+  if (!["http:", "https:"].includes(parsed.protocol)) {
+    return {
+      safe: false,
+      reason: `Protocol '${parsed.protocol}' not allowed (only http/https)`
+    };
+  }
+  const hostname = parsed.hostname.toLowerCase();
+  if (config.allowedDomains.length > 0) {
+    const isAllowed = config.allowedDomains.some(
+      (pattern) => matchDomainPattern(hostname, pattern)
+    );
+    if (!isAllowed) {
+      return {
+        safe: false,
+        reason: `Domain '${hostname}' not in allowed list`
+      };
+    }
+  }
+  if (config.blockedDomains.length > 0) {
+    const isBlocked = config.blockedDomains.some(
+      (pattern) => matchDomainPattern(hostname, pattern)
+    );
+    if (isBlocked) {
+      return {
+        safe: false,
+        reason: `Domain '${hostname}' is blocked`
+      };
+    }
+  }
+  if (isLocalhost(hostname) && !config.allowLocalhost) {
+    return { safe: false, reason: "Localhost not allowed" };
+  }
+  if (isPrivateIP(hostname) && !config.allowPrivateIPs) {
+    return { safe: false, reason: "Private IP addresses not allowed" };
+  }
+  return { safe: true };
+}
+function isSafeForFetch(url) {
+  return isURLSafe(url).safe;
+}
+function matchDomainPattern(domain, pattern) {
+  if (domain === pattern) return true;
+  if (pattern.startsWith("*.")) {
+    const suffix = pattern.slice(2);
+    return domain.endsWith("." + suffix);
+  }
+  return false;
+}
+function isLocalhost(hostname) {
+  const lower = hostname.toLowerCase();
+  if (lower === "localhost" || lower === "0.0.0.0" || lower.startsWith("127.")) {
+    return true;
+  }
+  if (lower === "::1" || lower === "[::1]") {
+    return true;
+  }
+  return false;
+}
+function isPrivateIP(hostname) {
+  const lower = hostname.toLowerCase();
+  const parts = hostname.split(".").map(Number);
+  if (parts.length === 4 && parts.every((p) => p >= 0 && p <= 255 && !isNaN(p))) {
+    const [octet1, octet2] = parts;
+    if (octet1 === 10) return true;
+    if (octet1 === 172 && octet2 !== void 0 && octet2 >= 16 && octet2 <= 31)
+      return true;
+    if (octet1 === 192 && octet2 === 168) return true;
+    if (octet1 === 169 && octet2 === 254) return true;
+  }
+  const cleanedHostname = lower.replace(/^\[|\]$/g, "");
+  const ipv6Patterns = [
+    /^f[cd][0-9a-f]{2}:/i,
+    // fc00::/7 (includes both fc and fd ranges)
+    /^fe80:/i
+    // fe80::/10 (link-local)
+  ];
+  for (const pattern of ipv6Patterns) {
+    if (pattern.test(cleanedHostname)) {
+      return true;
+    }
+  }
+  return false;
+}
+function filterSafeUrls(urls, policy) {
+  return urls.filter((url) => isURLSafe(url, policy).safe);
+}
+export {
+  DEFAULT_SSRF_POLICY,
+  countImages,
+  extractDataUrls,
+  extractImageUrls,
+  extractRemoteImageUrls,
+  filterSafeUrls,
+  isSafeForFetch,
+  isURLSafe
+};
+//# sourceMappingURL=image-utils.js.map

package/dist/image-utils.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../image-utils/src/extraction.ts","../../image-utils/src/ssrf.ts"],"sourcesContent":["/**\n * Image URL Extraction\n *\n * Extracts image URLs from markdown, HTML, and base64 data URLs in text.\n * Used across Federation, Archive, and Architect for image processing.\n */\n\nexport interface ImageExtractionOptions {\n  /** Include markdown image syntax `![alt](url)` (default: true) */\n  includeMarkdown?: boolean;\n  /** Include HTML img tags `<img src=\"url\">` (default: true) */\n  includeHTML?: boolean;\n  /** Include base64 data URLs `data:image/...;base64,...` (default: true) */\n  includeBase64?: boolean;\n}\n\nexport interface ExtractedImage {\n  /** The extracted URL or data URL */\n  url: string;\n  /** Source format where the image was found */\n  source: 'markdown' | 'html' | 'base64';\n  /** Surrounding context for debugging (optional) */\n  context?: string;\n}\n\n/**\n * Extract all image URLs from text.\n *\n * Supports markdown, HTML, and base64 data URLs.\n * Returns deduplicated results.\n *\n * @param text - Text to extract image URLs from\n * @param options - Extraction options\n * @returns Array of extracted images with source information\n *\n * @example\n * ```typescript\n * const text = 'Check out ![portrait](avatar.png) and <img src=\"banner.jpg\">';\n * const images = extractImageUrls(text);\n * // [\n * //   { url: 'avatar.png', source: 'markdown' },\n * //   { url: 'banner.jpg', source: 'html' }\n * // ]\n * ```\n */\nexport function extractImageUrls(\n  text: string,\n  options: ImageExtractionOptions = {},\n): ExtractedImage[] {\n  const {\n    includeMarkdown = true,\n    includeHTML = true,\n    includeBase64 = true,\n  } = options;\n\n  const results: ExtractedImage[] = [];\n  const seen = new Set<string>();\n\n  // Extract markdown images: ![alt](url) or ![alt](<url>) or ![alt](url =dimensions)\n  // Supports: standard, angle brackets, and SillyTavern dimension syntax\n  if (includeMarkdown) {\n    const markdownPattern = /!\\[([^\\]]*)\\]\\(<?([^>\\s)]+)>?(?:\\s*=[^)]+)?\\)/g;\n    let match: RegExpExecArray | null;\n\n    while ((match = markdownPattern.exec(text)) !== null) {\n      const url = match[2]?.trim();\n      if (url && !seen.has(url)) {\n        seen.add(url);\n        results.push({\n          url,\n          source: 'markdown',\n          context: match[0],\n        });\n      }\n    }\n  }\n\n  // Extract HTML img tags: <img src=\"url\"> (quoted and unquoted)\n  if (includeHTML) {\n    // Quoted src\n    const htmlQuotedPattern = /<img[^>]+src=[\"']([^\"']+)[\"'][^>]*>/gi;\n    let match: RegExpExecArray | null;\n\n    while ((match = htmlQuotedPattern.exec(text)) !== null) {\n      const url = match[1]?.trim();\n      if (url && !seen.has(url)) {\n        seen.add(url);\n        results.push({\n          url,\n          source: 'html',\n          context: match[0],\n        });\n      }\n    }\n\n    // Unquoted src (e.g., <img src=url>)\n    const htmlUnquotedPattern = /<img[^>]+src=([^\\s\"'>]+)[^>]*>/gi;\n    while ((match = htmlUnquotedPattern.exec(text)) !== null) {\n      const url = match[1]?.trim();\n      // Skip if it starts with a quote (already handled above)\n      if (url && !url.startsWith('\"') && !url.startsWith(\"'\") && !seen.has(url)) {\n        seen.add(url);\n        results.push({\n          url,\n          source: 'html',\n          context: match[0],\n        });\n      }\n    }\n\n    // CSS url() function: url(url), url(\"url\"), url('url')\n    // Common in background-image, background, content properties\n    const cssUrlPattern = /url\\([\"']?([^)\"']+)[\"']?\\)/gi;\n    while ((match = cssUrlPattern.exec(text)) !== null) {\n      const url = match[1]?.trim();\n      // Only include http(s) URLs to avoid CSS variables and relative paths\n      if (url && (url.startsWith('http://') || url.startsWith('https://')) && !seen.has(url)) {\n        seen.add(url);\n        results.push({\n          url,\n          source: 'html',\n          context: match[0],\n        });\n      }\n    }\n  }\n\n  // Extract plain image URLs (not wrapped in any syntax)\n  if (includeHTML) {\n    // Plain URLs with image extensions (common on image hosts)\n    const plainUrlPattern = /(?<![(\"'])(https?:\\/\\/[^\\s<>\"']+\\.(?:jpg|jpeg|png|gif|webp|svg|avif|bmp))(?![)\"'])/gi;\n    let match: RegExpExecArray | null;\n\n    while ((match = plainUrlPattern.exec(text)) !== null) {\n      const url = match[0]?.trim();\n      if (url && !seen.has(url)) {\n        seen.add(url);\n        results.push({\n          url,\n          source: 'html',\n          context: url,\n        });\n      }\n    }\n  }\n\n  // Extract base64 data URLs: data:image/...;base64,...\n  if (includeBase64) {\n    const dataUrlPattern = /data:image\\/[^;]+;base64,[A-Za-z0-9+/=]+/g;\n    let match: RegExpExecArray | null;\n\n    while ((match = dataUrlPattern.exec(text)) !== null) {\n      const url = match[0];\n      if (!seen.has(url)) {\n        seen.add(url);\n        results.push({\n          url,\n          source: 'base64',\n        });\n      }\n    }\n  }\n\n  return results;\n}\n\n/**\n * Extract only HTTP/HTTPS URLs (excludes data URLs and relative paths).\n *\n * Convenience wrapper around extractImageUrls that filters for remote URLs.\n *\n * @param text - Text to extract URLs from\n * @returns Array of extracted HTTP/HTTPS image URLs\n */\nexport function extractRemoteImageUrls(text: string): ExtractedImage[] {\n  const all = extractImageUrls(text, { includeBase64: false });\n  return all.filter((img) => /^https?:\\/\\//i.test(img.url));\n}\n\n/**\n * Extract only base64 data URLs.\n *\n * Convenience wrapper around extractImageUrls.\n *\n * @param text - Text to extract data URLs from\n * @returns Array of base64 image data URLs\n */\nexport function extractDataUrls(text: string): ExtractedImage[] {\n  return extractImageUrls(text, {\n    includeMarkdown: false,\n    includeHTML: false,\n    includeBase64: true,\n  });\n}\n\n/**\n * Count images in text without extracting full details.\n *\n * More efficient than extractImageUrls when you only need the count.\n *\n * @param text - Text to count images in\n * @returns Total number of unique image references\n */\nexport function countImages(text: string): number {\n  return extractImageUrls(text).length;\n}\n","/**\n * SSRF (Server-Side Request Forgery) Protection\n *\n * Validates URLs to prevent SSRF attacks.\n * Browser-safe implementation (no Node.js dependencies).\n */\n\nexport interface SSRFPolicy {\n  /** Allow private IP addresses (10.x, 172.16-31.x, 192.168.x) (default: false) */\n  allowPrivateIPs?: boolean;\n  /** Allow localhost/loopback (127.x, ::1) (default: false) */\n  allowLocalhost?: boolean;\n  /** Blocked domain patterns (e.g., ['internal.company.com', '*.local']) */\n  blockedDomains?: string[];\n  /** Allowed domain patterns - if provided, ONLY these are allowed */\n  allowedDomains?: string[];\n  /** Allow data URLs (data:image/...) (default: false) */\n  allowDataUrls?: boolean;\n}\n\nexport interface SafetyCheck {\n  /** Whether the URL is safe according to policy */\n  safe: boolean;\n  /** Reason why URL is unsafe (if safe=false) */\n  reason?: string;\n}\n\n/**\n * Default SSRF policy - blocks private IPs, localhost, and data URLs.\n */\nexport const DEFAULT_SSRF_POLICY: Required<SSRFPolicy> = {\n  allowPrivateIPs: false,\n  allowLocalhost: false,\n  blockedDomains: [],\n  allowedDomains: [],\n  allowDataUrls: false,\n};\n\n/**\n * Check if URL is safe to fetch according to SSRF policy.\n *\n * This is the canonical SSRF protection - all apps should use this\n * before fetching external URLs.\n *\n * @param url - URL to validate\n * @param policy - SSRF policy (uses defaults if not provided)\n * @returns Safety check result with reason if unsafe\n *\n * @example\n * ```typescript\n * const check = isURLSafe('http://10.0.0.1/secret');\n * if (!check.safe) {\n *   console.error('Unsafe URL:', check.reason);\n * }\n * ```\n */\nexport function isURLSafe(\n  url: string,\n  policy: SSRFPolicy = {},\n): SafetyCheck {\n  const config = { ...DEFAULT_SSRF_POLICY, ...policy };\n\n  // Parse URL\n  let parsed: URL;\n  try {\n    parsed = new URL(url);\n  } catch {\n    return { safe: false, reason: 'Invalid URL format' };\n  }\n\n  // Check protocol\n  if (parsed.protocol === 'data:') {\n    if (!config.allowDataUrls) {\n      return { safe: false, reason: 'Data URLs not allowed' };\n    }\n    return { safe: true };\n  }\n\n  if (!['http:', 'https:'].includes(parsed.protocol)) {\n    return {\n      safe: false,\n      reason: `Protocol '${parsed.protocol}' not allowed (only http/https)`,\n    };\n  }\n\n  const hostname = parsed.hostname.toLowerCase();\n\n  // Check allowed domains (whitelist)\n  if (config.allowedDomains.length > 0) {\n    const isAllowed = config.allowedDomains.some((pattern) =>\n      matchDomainPattern(hostname, pattern),\n    );\n    if (!isAllowed) {\n      return {\n        safe: false,\n        reason: `Domain '${hostname}' not in allowed list`,\n      };\n    }\n  }\n\n  // Check blocked domains (blacklist)\n  if (config.blockedDomains.length > 0) {\n    const isBlocked = config.blockedDomains.some((pattern) =>\n      matchDomainPattern(hostname, pattern),\n    );\n    if (isBlocked) {\n      return {\n        safe: false,\n        reason: `Domain '${hostname}' is blocked`,\n      };\n    }\n  }\n\n  // Check localhost\n  if (isLocalhost(hostname) && !config.allowLocalhost) {\n    return { safe: false, reason: 'Localhost not allowed' };\n  }\n\n  // Check private IPs\n  if (isPrivateIP(hostname) && !config.allowPrivateIPs) {\n    return { safe: false, reason: 'Private IP addresses not allowed' };\n  }\n\n  return { safe: true };\n}\n\n/**\n * Quick check if URL is safe with default policy.\n *\n * Convenience wrapper for common case.\n *\n * @param url - URL to validate\n * @returns true if safe, false otherwise\n */\nexport function isSafeForFetch(url: string): boolean {\n  return isURLSafe(url).safe;\n}\n\n/**\n * Match domain against pattern (supports wildcards).\n *\n * @example\n * ```typescript\n * matchDomainPattern('api.github.com', '*.github.com') // true\n * matchDomainPattern('github.com', '*.github.com') // false\n * matchDomainPattern('github.com', 'github.com') // true\n * ```\n */\nfunction matchDomainPattern(domain: string, pattern: string): boolean {\n  // Exact match\n  if (domain === pattern) return true;\n\n  // Wildcard match - only matches subdomains, not the base domain\n  if (pattern.startsWith('*.')) {\n    const suffix = pattern.slice(2);\n    return domain.endsWith('.' + suffix);\n  }\n\n  return false;\n}\n\n/**\n * Check if hostname is localhost/loopback.\n */\nfunction isLocalhost(hostname: string): boolean {\n  const lower = hostname.toLowerCase();\n\n  // IPv4 loopback\n  if (lower === 'localhost' || lower === '0.0.0.0' || lower.startsWith('127.')) {\n    return true;\n  }\n\n  // IPv6 loopback\n  if (lower === '::1' || lower === '[::1]') {\n    return true;\n  }\n\n  return false;\n}\n\n/**\n * Check if hostname is a private IP address.\n *\n * Checks for:\n * - 10.0.0.0/8\n * - 172.16.0.0/12\n * - 192.168.0.0/16\n * - Link-local: 169.254.0.0/16 (includes AWS metadata endpoint)\n * - IPv6 private ranges\n */\nfunction isPrivateIP(hostname: string): boolean {\n  const lower = hostname.toLowerCase();\n\n  // IPv4 private ranges\n  const parts = hostname.split('.').map(Number);\n\n  if (\n    parts.length === 4 &&\n    parts.every((p) => p >= 0 && p <= 255 && !isNaN(p))\n  ) {\n    const [octet1, octet2] = parts;\n\n    // 10.0.0.0/8\n    if (octet1 === 10) return true;\n\n    // 172.16.0.0/12\n    if (octet1 === 172 && octet2 !== undefined && octet2 >= 16 && octet2 <= 31)\n      return true;\n\n    // 192.168.0.0/16\n    if (octet1 === 192 && octet2 === 168) return true;\n\n    // 169.254.0.0/16 (link-local) - includes AWS metadata endpoint\n    if (octet1 === 169 && octet2 === 254) return true;\n  }\n\n  // IPv6 private ranges using regex patterns\n  // Strip brackets if present (URL parser adds them: [fc00::1])\n  const cleanedHostname = lower.replace(/^\\[|\\]$/g, '');\n\n  const ipv6Patterns = [\n    /^f[cd][0-9a-f]{2}:/i, // fc00::/7 (includes both fc and fd ranges)\n    /^fe80:/i, // fe80::/10 (link-local)\n  ];\n\n  for (const pattern of ipv6Patterns) {\n    if (pattern.test(cleanedHostname)) {\n      return true;\n    }\n  }\n\n  return false;\n}\n\n/**\n * Filter array of URLs, keeping only safe ones.\n *\n * @param urls - Array of URLs to filter\n * @param policy - SSRF policy\n * @returns Array of safe URLs\n */\nexport function filterSafeUrls(\n  urls: string[],\n  policy?: SSRFPolicy,\n): string[] {\n  return urls.filter((url) => isURLSafe(url, policy).safe);\n}\n"],"mappings":";AA6CO,SAAS,iBACd,MACA,UAAkC,CAAC,GACjB;AAClB,QAAM;IACJ,kBAAkB;IAClB,cAAc;IACd,gBAAgB;EAClB,IAAI;AAEJ,QAAM,UAA4B,CAAC;AACnC,QAAM,OAAO,oBAAI,IAAY;AAI7B,MAAI,iBAAiB;AACnB,UAAM,kBAAkB;AACxB,QAAI;AAEJ,YAAQ,QAAQ,gBAAgB,KAAK,IAAI,OAAO,MAAM;AACpD,YAAM,MAAM,MAAM,CAAC,GAAG,KAAK;AAC3B,UAAI,OAAO,CAAC,KAAK,IAAI,GAAG,GAAG;AACzB,aAAK,IAAI,GAAG;AACZ,gBAAQ,KAAK;UACX;UACA,QAAQ;UACR,SAAS,MAAM,CAAC;QAClB,CAAC;MACH;IACF;EACF;AAGA,MAAI,aAAa;AAEf,UAAM,oBAAoB;AAC1B,QAAI;AAEJ,YAAQ,QAAQ,kBAAkB,KAAK,IAAI,OAAO,MAAM;AACtD,YAAM,MAAM,MAAM,CAAC,GAAG,KAAK;AAC3B,UAAI,OAAO,CAAC,KAAK,IAAI,GAAG,GAAG;AACzB,aAAK,IAAI,GAAG;AACZ,gBAAQ,KAAK;UACX;UACA,QAAQ;UACR,SAAS,MAAM,CAAC;QAClB,CAAC;MACH;IACF;AAGA,UAAM,sBAAsB;AAC5B,YAAQ,QAAQ,oBAAoB,KAAK,IAAI,OAAO,MAAM;AACxD,YAAM,MAAM,MAAM,CAAC,GAAG,KAAK;AAE3B,UAAI,OAAO,CAAC,IAAI,WAAW,GAAG,KAAK,CAAC,IAAI,WAAW,GAAG,KAAK,CAAC,KAAK,IAAI,GAAG,GAAG;AACzE,aAAK,IAAI,GAAG;AACZ,gBAAQ,KAAK;UACX;UACA,QAAQ;UACR,SAAS,MAAM,CAAC;QAClB,CAAC;MACH;IACF;AAIA,UAAM,gBAAgB;AACtB,YAAQ,QAAQ,cAAc,KAAK,IAAI,OAAO,MAAM;AAClD,YAAM,MAAM,MAAM,CAAC,GAAG,KAAK;AAE3B,UAAI,QAAQ,IAAI,WAAW,SAAS,KAAK,IAAI,WAAW,UAAU,MAAM,CAAC,KAAK,IAAI,GAAG,GAAG;AACtF,aAAK,IAAI,GAAG;AACZ,gBAAQ,KAAK;UACX;UACA,QAAQ;UACR,SAAS,MAAM,CAAC;QAClB,CAAC;MACH;IACF;EACF;AAGA,MAAI,aAAa;AAEf,UAAM,kBAAkB;AACxB,QAAI;AAEJ,YAAQ,QAAQ,gBAAgB,KAAK,IAAI,OAAO,MAAM;AACpD,YAAM,MAAM,MAAM,CAAC,GAAG,KAAK;AAC3B,UAAI,OAAO,CAAC,KAAK,IAAI,GAAG,GAAG;AACzB,aAAK,IAAI,GAAG;AACZ,gBAAQ,KAAK;UACX;UACA,QAAQ;UACR,SAAS;QACX,CAAC;MACH;IACF;EACF;AAGA,MAAI,eAAe;AACjB,UAAM,iBAAiB;AACvB,QAAI;AAEJ,YAAQ,QAAQ,eAAe,KAAK,IAAI,OAAO,MAAM;AACnD,YAAM,MAAM,MAAM,CAAC;AACnB,UAAI,CAAC,KAAK,IAAI,GAAG,GAAG;AAClB,aAAK,IAAI,GAAG;AACZ,gBAAQ,KAAK;UACX;UACA,QAAQ;QACV,CAAC;MACH;IACF;EACF;AAEA,SAAO;AACT;AAUO,SAAS,uBAAuB,MAAgC;AACrE,QAAM,MAAM,iBAAiB,MAAM,EAAE,eAAe,MAAM,CAAC;AAC3D,SAAO,IAAI,OAAO,CAAC,QAAQ,gBAAgB,KAAK,IAAI,GAAG,CAAC;AAC1D;AAUO,SAAS,gBAAgB,MAAgC;AAC9D,SAAO,iBAAiB,MAAM;IAC5B,iBAAiB;IACjB,aAAa;IACb,eAAe;EACjB,CAAC;AACH;AAUO,SAAS,YAAY,MAAsB;AAChD,SAAO,iBAAiB,IAAI,EAAE;AAChC;AC/KO,IAAM,sBAA4C;EACvD,iBAAiB;EACjB,gBAAgB;EAChB,gBAAgB,CAAC;EACjB,gBAAgB,CAAC;EACjB,eAAe;AACjB;AAoBO,SAAS,UACd,KACA,SAAqB,CAAC,GACT;AACb,QAAM,SAAS,EAAE,GAAG,qBAAqB,GAAG,OAAO;AAGnD,MAAI;AACJ,MAAI;AACF,aAAS,IAAI,IAAI,GAAG;EACtB,QAAQ;AACN,WAAO,EAAE,MAAM,OAAO,QAAQ,qBAAqB;EACrD;AAGA,MAAI,OAAO,aAAa,SAAS;AAC/B,QAAI,CAAC,OAAO,eAAe;AACzB,aAAO,EAAE,MAAM,OAAO,QAAQ,wBAAwB;IACxD;AACA,WAAO,EAAE,MAAM,KAAK;EACtB;AAEA,MAAI,CAAC,CAAC,SAAS,QAAQ,EAAE,SAAS,OAAO,QAAQ,GAAG;AAClD,WAAO;MACL,MAAM;MACN,QAAQ,aAAa,OAAO,QAAQ;IACtC;EACF;AAEA,QAAM,WAAW,OAAO,SAAS,YAAY;AAG7C,MAAI,OAAO,eAAe,SAAS,GAAG;AACpC,UAAM,YAAY,OAAO,eAAe;MAAK,CAAC,YAC5C,mBAAmB,UAAU,OAAO;IACtC;AACA,QAAI,CAAC,WAAW;AACd,aAAO;QACL,MAAM;QACN,QAAQ,WAAW,QAAQ;MAC7B;IACF;EACF;AAGA,MAAI,OAAO,eAAe,SAAS,GAAG;AACpC,UAAM,YAAY,OAAO,eAAe;MAAK,CAAC,YAC5C,mBAAmB,UAAU,OAAO;IACtC;AACA,QAAI,WAAW;AACb,aAAO;QACL,MAAM;QACN,QAAQ,WAAW,QAAQ;MAC7B;IACF;EACF;AAGA,MAAI,YAAY,QAAQ,KAAK,CAAC,OAAO,gBAAgB;AACnD,WAAO,EAAE,MAAM,OAAO,QAAQ,wBAAwB;EACxD;AAGA,MAAI,YAAY,QAAQ,KAAK,CAAC,OAAO,iBAAiB;AACpD,WAAO,EAAE,MAAM,OAAO,QAAQ,mCAAmC;EACnE;AAEA,SAAO,EAAE,MAAM,KAAK;AACtB;AAUO,SAAS,eAAe,KAAsB;AACnD,SAAO,UAAU,GAAG,EAAE;AACxB;AAYA,SAAS,mBAAmB,QAAgB,SAA0B;AAEpE,MAAI,WAAW,QAAS,QAAO;AAG/B,MAAI,QAAQ,WAAW,IAAI,GAAG;AAC5B,UAAM,SAAS,QAAQ,MAAM,CAAC;AAC9B,WAAO,OAAO,SAAS,MAAM,MAAM;EACrC;AAEA,SAAO;AACT;AAKA,SAAS,YAAY,UAA2B;AAC9C,QAAM,QAAQ,SAAS,YAAY;AAGnC,MAAI,UAAU,eAAe,UAAU,aAAa,MAAM,WAAW,MAAM,GAAG;AAC5E,WAAO;EACT;AAGA,MAAI,UAAU,SAAS,UAAU,SAAS;AACxC,WAAO;EACT;AAEA,SAAO;AACT;AAYA,SAAS,YAAY,UAA2B;AAC9C,QAAM,QAAQ,SAAS,YAAY;AAGnC,QAAM,QAAQ,SAAS,MAAM,GAAG,EAAE,IAAI,MAAM;AAE5C,MACE,MAAM,WAAW,KACjB,MAAM,MAAM,CAAC,MAAM,KAAK,KAAK,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC,GAClD;AACA,UAAM,CAAC,QAAQ,MAAM,IAAI;AAGzB,QAAI,WAAW,GAAI,QAAO;AAG1B,QAAI,WAAW,OAAO,WAAW,UAAa,UAAU,MAAM,UAAU;AACtE,aAAO;AAGT,QAAI,WAAW,OAAO,WAAW,IAAK,QAAO;AAG7C,QAAI,WAAW,OAAO,WAAW,IAAK,QAAO;EAC/C;AAIA,QAAM,kBAAkB,MAAM,QAAQ,YAAY,EAAE;AAEpD,QAAM,eAAe;IACnB;;IACA;;EACF;AAEA,aAAW,WAAW,cAAc;AAClC,QAAI,QAAQ,KAAK,eAAe,GAAG;AACjC,aAAO;IACT;EACF;AAEA,SAAO;AACT;AASO,SAAS,eACd,MACA,QACU;AACV,SAAO,KAAK,OAAO,CAAC,QAAQ,UAAU,KAAK,MAAM,EAAE,IAAI;AACzD;","names":[]}

package/dist/index.cjs

@@ -879,7 +879,7 @@ function inflateSyncWithLimit(compressed, maxSize = MAX_INFLATED_SIZE) {
   const chunks = [];
   let totalSize = 0;
   let error = null;
-  const inflater = new import_fflate2.Inflate((data, final) => {
+  const inflater = new import_fflate2.Inflate((data, _final) => {
     if (error) return;
     if (data && data.length > 0) {
       totalSize += data.length;
@@ -8172,7 +8172,7 @@ function sanitizeName2(name, ext) {
   return safeName;
 }
 function writeVoxta(card, assets, options = {}) {
-  let { compressionLevel = 6, includePackageJson = false } = options;
+  const { compressionLevel = 6, includePackageJson = false } = options;
   const cardData = card.data;
   const extensions = cardData.extensions;
   const voxtaExt = extensions?.voxta;
@@ -8692,7 +8692,7 @@ function parsePng(data, options) {
               throw new SizeLimitError(estimatedSize, options.maxAssetSize, `Orphan chunk ${chunk.keyword}`);
             }
             const buffer = decode(chunk.text);
-            let extMatch = assetId.match(/\.([^.]+)$/);
+            const extMatch = assetId.match(/\.([^.]+)$/);
             let ext = extMatch ? extMatch[1] : null;
             if (!ext) {
               const detected = detectExtension(buffer);
@@ -8741,7 +8741,7 @@ function parseCharx(data, options) {
     isMain: asset.descriptor.type === "icon"
     // Main icon is type='icon' in descriptor
   }));
-  let sourceFormat = charxData.isRisuFormat ? "charx_risu" : "charx";
+  const sourceFormat = charxData.isRisuFormat ? "charx_risu" : "charx";
   return {
     card: charxData.card,
     assets,
@@ -8860,7 +8860,7 @@ function parseJson(data, options) {
   }
   return parseJsonFromParsed(parsed, jsonStr, data, options);
 }
-function parseJsonFromParsed(parsed, jsonStr, rawBuffer, options) {
+function parseJsonFromParsed(parsed, jsonStr, rawBuffer, _options) {
   const spec = detectSpec(parsed);
   let card;
   let sourceFormat;
@@ -8933,7 +8933,7 @@ function checkPngLoss(card, assets) {
   if (soundAssets.length > 0) {
     warnings.push(`${soundAssets.length} sound assets cannot be embedded in PNG`);
   }
-  const extensions = card.data.extensions;
+  const _extensions = card.data.extensions;
   if (card.data.assets && card.data.assets.length > 1) {
     warnings.push("Card has multiple asset references - only main will be available");
   }
@@ -8945,7 +8945,7 @@ function checkPngLoss(card, assets) {
     isLossless: lostFields.length === 0 && lostAssets.length === 0
   };
 }
-function checkCharxLoss(card, assets) {
+function checkCharxLoss(card, _assets) {
   const lostFields = [];
   const lostAssets = [];
   const warnings = [];