@eggjs/security 5.0.0-beta.20 → 5.0.0-beta.21

package/dist/config/config.default.js

@@ -1,3 +1,366 @@
-import { LookupAddress, SecurityConfig, SecurityHelperConfig, SecurityMiddlewareName, config_default_default } from "../config.default-AcwQOAG0.js";
-
-export { LookupAddress, SecurityConfig, SecurityHelperConfig, SecurityMiddlewareName, config_default_default as default };
+import z from 'zod';
+import { Context } from 'egg';
+const CSRFSupportRequestItem = z.object({
+    path: z.instanceof(RegExp),
+    methods: z.array(z.string()),
+});
+export const LookupAddress = z.object({
+    address: z.string(),
+    family: z.number(),
+});
+const LookupAddressAndStringArray = z.union([z.string(), LookupAddress]).array();
+const SSRFCheckAddressFunction = z
+    .function()
+    .args(z.union([z.string(), LookupAddress, LookupAddressAndStringArray]), z.union([z.number(), z.string()]), z.string())
+    .returns(z.boolean());
+export const SecurityMiddlewareName = z.enum([
+    'csrf',
+    'hsts',
+    'methodnoallow',
+    'noopen',
+    'nosniff',
+    'csp',
+    'xssProtection',
+    'xframe',
+    'dta',
+]);
+/**
+ * (ctx) => boolean
+ */
+const IgnoreOrMatchHandler = z.function().args(z.instanceof(Context)).returns(z.boolean());
+const IgnoreOrMatch = z.union([z.string(), z.instanceof(RegExp), IgnoreOrMatchHandler]);
+const IgnoreOrMatchOption = z.union([IgnoreOrMatch, IgnoreOrMatch.array()]).optional();
+export const SecurityConfig = z.object({
+    /**
+     * domain white list
+     *
+     * Default to `[]`
+     */
+    domainWhiteList: z.array(z.string()).default([]),
+    /**
+     * protocol white list
+     *
+     * Default to `[]`
+     */
+    protocolWhiteList: z.array(z.string()).default([]),
+    /**
+     * default open security middleware
+     *
+     * Default to `'csrf,hsts,methodnoallow,noopen,nosniff,csp,xssProtection,xframe,dta'`
+     */
+    defaultMiddleware: z.union([z.string(), z.array(SecurityMiddlewareName)]).default(SecurityMiddlewareName.options),
+    /**
+     * whether defend csrf attack
+     */
+    csrf: z.preprocess(val => {
+        // transform old config, `csrf: false` to `csrf: { enable: false }`
+        if (typeof val === 'boolean') {
+            return { enable: val };
+        }
+        return val;
+    }, z
+        .object({
+        match: IgnoreOrMatchOption,
+        ignore: IgnoreOrMatchOption,
+        /**
+         * Default to `true`
+         */
+        enable: z.boolean().default(true),
+        /**
+         * csrf token detect source type
+         *
+         * Default to `'ctoken'`
+         */
+        type: z.enum(['ctoken', 'referer', 'all', 'any']).default('ctoken'),
+        /**
+         * ignore json request
+         *
+         * Default to `false`
+         *
+         * @deprecated is not safe now, don't use it
+         */
+        ignoreJSON: z.boolean().default(false),
+        /**
+         * csrf token cookie name
+         *
+         * Default to `'csrfToken'`
+         */
+        cookieName: z.union([z.string(), z.array(z.string())]).default('csrfToken'),
+        /**
+         * csrf token session name
+         *
+         * Default to `'csrfToken'`
+         */
+        sessionName: z.string().default('csrfToken'),
+        /**
+         * csrf token request header name
+         *
+         * Default to `'x-csrf-token'`
+         */
+        headerName: z.string().default('x-csrf-token'),
+        /**
+         * csrf token request body field name
+         *
+         * Default to `'_csrf'`
+         */
+        bodyName: z.union([z.string(), z.array(z.string())]).default('_csrf'),
+        /**
+         * csrf token request query field name
+         *
+         * Default to `'_csrf'`
+         */
+        queryName: z.union([z.string(), z.array(z.string())]).default('_csrf'),
+        /**
+         * rotate csrf token when it is invalid
+         *
+         * Default to `false`
+         */
+        rotateWhenInvalid: z.boolean().default(false),
+        /**
+         * These config works when using `'ctoken'` type
+         *
+         * Default to `false`
+         */
+        useSession: z.boolean().default(false),
+        /**
+         * csrf token cookie domain setting,
+         * can be `(ctx) => string` or `string`
+         *
+         * Default to `undefined`, auto set the cookie domain in the safe way
+         */
+        cookieDomain: z.union([z.string(), z.function().args(z.instanceof(Context)).returns(z.string())]).optional(),
+        /**
+         * csrf token check requests config
+         */
+        supportedRequests: z
+            .array(CSRFSupportRequestItem)
+            .default([{ path: /^\//, methods: ['POST', 'PATCH', 'DELETE', 'PUT', 'CONNECT'] }]),
+        /**
+         * referer or origin header white list.
+         * It only works when using `'referer'` type
+         *
+         * Default to `[]`
+         */
+        refererWhiteList: z.array(z.string()).default([]),
+        /**
+         * csrf token cookie options
+         *
+         * Default to `{
+         *   signed: false,
+         *   httpOnly: false,
+         *   overwrite: true,
+         * }`
+         */
+        cookieOptions: z
+            .object({
+            signed: z.boolean(),
+            httpOnly: z.boolean(),
+            overwrite: z.boolean(),
+        })
+            .default({
+            signed: false,
+            httpOnly: false,
+            overwrite: true,
+        }),
+    })
+        .default({})),
+    /**
+     * whether enable X-Frame-Options response header
+     */
+    xframe: z
+        .object({
+        match: IgnoreOrMatchOption,
+        ignore: IgnoreOrMatchOption,
+        /**
+         * Default to `true`
+         */
+        enable: z.boolean().default(true),
+        /**
+         * X-Frame-Options value, can be `'DENY'`, `'SAMEORIGIN'`, `'ALLOW-FROM https://example.com'`
+         *
+         * Default to `'SAMEORIGIN'`
+         */
+        value: z.string().default('SAMEORIGIN'),
+    })
+        .default({}),
+    /**
+     * whether enable Strict-Transport-Security response header
+     */
+    hsts: z
+        .object({
+        match: IgnoreOrMatchOption,
+        ignore: IgnoreOrMatchOption,
+        /**
+         * Default to `false`
+         */
+        enable: z.boolean().default(false),
+        /**
+         * Max age of Strict-Transport-Security in seconds
+         *
+         * Default to `365 * 24 * 3600`
+         */
+        maxAge: z.number().default(365 * 24 * 3600),
+        /**
+         * Whether include sub domains
+         *
+         * Default to `false`
+         */
+        includeSubdomains: z.boolean().default(false),
+    })
+        .default({}),
+    /**
+     * whether enable Http Method filter
+     */
+    methodnoallow: z
+        .object({
+        match: IgnoreOrMatchOption,
+        ignore: IgnoreOrMatchOption,
+        /**
+         * Default to `true`
+         */
+        enable: z.boolean().default(true),
+    })
+        .default({}),
+    /**
+     * whether enable IE automatically download open
+     */
+    noopen: z
+        .object({
+        match: IgnoreOrMatchOption,
+        ignore: IgnoreOrMatchOption,
+        /**
+         * Default to `true`
+         */
+        enable: z.boolean().default(true),
+    })
+        .default({}),
+    /**
+     * whether enable IE8 automatically detect mime
+     */
+    nosniff: z
+        .object({
+        match: IgnoreOrMatchOption,
+        ignore: IgnoreOrMatchOption,
+        /**
+         * Default to `true`
+         */
+        enable: z.boolean().default(true),
+    })
+        .default({}),
+    /**
+     * whether enable IE8 XSS Filter
+     */
+    xssProtection: z
+        .object({
+        match: IgnoreOrMatchOption,
+        ignore: IgnoreOrMatchOption,
+        /**
+         * Default to `true`
+         */
+        enable: z.boolean().default(true),
+        /**
+         * X-XSS-Protection response header value
+         *
+         * Default to `'1; mode=block'`
+         */
+        value: z.coerce.string().default('1; mode=block'),
+    })
+        .default({}),
+    /**
+     * content security policy config
+     */
+    csp: z
+        .object({
+        match: IgnoreOrMatchOption,
+        ignore: IgnoreOrMatchOption,
+        /**
+         * Default to `false`
+         */
+        enable: z.boolean().default(false),
+        // https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP#csp_overview
+        policy: z.record(z.union([z.string(), z.array(z.string()), z.boolean()])).default({}),
+        /**
+         * whether enable report only mode
+         * Default to `undefined`
+         */
+        reportOnly: z.boolean().optional(),
+        /**
+         * whether support IE
+         * Default to `undefined`
+         */
+        supportIE: z.boolean().optional(),
+    })
+        .default({}),
+    /**
+     * whether enable referrer policy
+     * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
+     */
+    referrerPolicy: z
+        .object({
+        match: IgnoreOrMatchOption,
+        ignore: IgnoreOrMatchOption,
+        /**
+         * Default to `false`
+         */
+        enable: z.boolean().default(false),
+        /**
+         * referrer policy value
+         *
+         * Default to `'no-referrer-when-downgrade'`
+         */
+        value: z.string().default('no-referrer-when-downgrade'),
+    })
+        .default({}),
+    /**
+     * whether enable auto avoid directory traversal attack
+     */
+    dta: z
+        .object({
+        match: IgnoreOrMatchOption,
+        ignore: IgnoreOrMatchOption,
+        /**
+         * Default to `true`
+         */
+        enable: z.boolean().default(true),
+    })
+        .default({}),
+    ssrf: z
+        .object({
+        ipBlackList: z.array(z.string()).optional(),
+        ipExceptionList: z.array(z.string()).optional(),
+        hostnameExceptionList: z.array(z.string()).optional(),
+        checkAddress: SSRFCheckAddressFunction.optional(),
+    })
+        .default({}),
+    match: z.union([IgnoreOrMatch, IgnoreOrMatch.array()]).optional(),
+    ignore: z.union([IgnoreOrMatch, IgnoreOrMatch.array()]).optional(),
+    __protocolWhiteListSet: z.set(z.string()).optional().readonly(),
+});
+const SecurityHelperOnTagAttrHandler = z
+    .function()
+    .args(z.string(), z.string(), z.string(), z.boolean())
+    .returns(z.union([z.string(), z.void()]));
+export const SecurityHelperConfig = z.object({
+    shtml: z
+        .object({
+        /**
+         * tag attribute white list
+         */
+        whiteList: z.record(z.array(z.string())).optional(),
+        /**
+         * domain white list
+         * @deprecated use `config.security.domainWhiteList` instead
+         */
+        domainWhiteList: z.array(z.string()).optional(),
+        /**
+         * tag attribute handler
+         */
+        onTagAttr: SecurityHelperOnTagAttrHandler.optional(),
+    })
+        .default({}),
+});
+export default {
+    security: SecurityConfig.parse({}),
+    helper: SecurityHelperConfig.parse({}),
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29uZmlnLmRlZmF1bHQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvY29uZmlnL2NvbmZpZy5kZWZhdWx0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sQ0FBQyxNQUFNLEtBQUssQ0FBQztBQUNwQixPQUFPLEVBQUUsT0FBTyxFQUFFLE1BQU0sS0FBSyxDQUFDO0FBRTlCLE1BQU0sc0JBQXNCLEdBQUcsQ0FBQyxDQUFDLE1BQU0sQ0FBQztJQUN0QyxJQUFJLEVBQUUsQ0FBQyxDQUFDLFVBQVUsQ0FBQyxNQUFNLENBQUM7SUFDMUIsT0FBTyxFQUFFLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLE1BQU0sRUFBRSxDQUFDO0NBQzdCLENBQUMsQ0FBQztBQUdILE1BQU0sQ0FBQyxNQUFNLGFBQWEsR0FBRyxDQUFDLENBQUMsTUFBTSxDQUFDO0lBQ3BDLE9BQU8sRUFBRSxDQUFDLENBQUMsTUFBTSxFQUFFO0lBQ25CLE1BQU0sRUFBRSxDQUFDLENBQUMsTUFBTSxFQUFFO0NBQ25CLENBQUMsQ0FBQztBQUdILE1BQU0sMkJBQTJCLEdBQUcsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxhQUFhLENBQUMsQ0FBQyxDQUFDLEtBQUssRUFBRSxDQUFDO0FBQ2pGLE1BQU0sd0JBQXdCLEdBQUcsQ0FBQztLQUMvQixRQUFRLEVBQUU7S0FDVixJQUFJLENBQ0gsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxhQUFhLEVBQUUsMkJBQTJCLENBQUMsQ0FBQyxFQUNqRSxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxDQUFDLEVBQ2pDLENBQUMsQ0FBQyxNQUFNLEVBQUUsQ0FDWDtLQUNBLE9BQU8sQ0FBQyxDQUFDLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztBQU94QixNQUFNLENBQUMsTUFBTSxzQkFBc0IsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDO0lBQzNDLE1BQU07SUFDTixNQUFNO0lBQ04sZUFBZTtJQUNmLFFBQVE7SUFDUixTQUFTO0lBQ1QsS0FBSztJQUNMLGVBQWU7SUFDZixRQUFRO0lBQ1IsS0FBSztDQUNOLENBQUMsQ0FBQztBQUdIOztHQUVHO0FBQ0gsTUFBTSxvQkFBb0IsR0FBRyxDQUFDLENBQUMsUUFBUSxFQUFFLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxVQUFVLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7QUFHM0YsTUFBTSxhQUFhLEdBQUcsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxFQUFFLG9CQUFvQixDQUFDLENBQUMsQ0FBQztBQUd4RixNQUFNLG1CQUFtQixHQUFHLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxhQUFhLEVBQUUsYUFBYSxDQUFDLEtBQUssRUFBRSxDQUFDLENBQUMsQ0FBQyxRQUFRLEVBQUUsQ0FBQztBQUd2RixNQUFNLENBQUMsTUFBTSxjQUFjLEdBQUcsQ0FBQyxDQUFDLE1BQU0sQ0FBQztJQUNyQzs7OztPQUlHO0lBQ0gsZUFBZSxFQUFFLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLE1BQU0sRUFBRSxDQUFDLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztJQUNoRDs7OztPQUlHO0lBQ0gsaUJBQWlCLEVBQUUsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO0lBQ2xEOzs7O09BSUc7SUFDSCxpQkFBaUIsRUFBRSxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsQ0FBQyxLQUFLLENBQUMsc0JBQXNCLENBQUMsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLHNCQUFzQixDQUFDLE9BQU8sQ0FBQztJQUNqSDs7T0FFRztJQUNILElBQUksRUFBRSxDQUFDLENBQUMsVUFBVSxDQUNoQixHQUFHLENBQUMsRUFBRTtRQUNKLG1FQUFtRTtRQUNuRSxJQUFJLE9BQU8sR0FBRyxLQUFLLFNBQVMsRUFBRSxDQUFDO1lBQzdCLE9BQU8sRUFBRSxNQUFNLEVBQUUsR0FBRyxFQUFFLENBQUM7UUFDekIsQ0FBQztRQUNELE9BQU8sR0FBRyxDQUFDO0lBQ2IsQ0FBQyxFQUNELENBQUM7U0FDRSxNQUFNLENBQUM7UUFDTixLQUFLLEVBQUUsbUJBQW1CO1FBQzFCLE1BQU0sRUFBRSxtQkFBbUI7UUFDM0I7O1dBRUc7UUFDSCxNQUFNLEVBQUUsQ0FBQyxDQUFDLE9BQU8sRUFBRSxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUM7UUFDakM7Ozs7V0FJRztRQUNILElBQUksRUFBRSxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsUUFBUSxFQUFFLFNBQVMsRUFBRSxLQUFLLEVBQUUsS0FBSyxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDO1FBQ25FOzs7Ozs7V0FNRztRQUNILFVBQVUsRUFBRSxDQUFDLENBQUMsT0FBTyxFQUFFLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQztRQUN0Qzs7OztXQUlHO1FBQ0gsVUFBVSxFQUFFLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMsTUFBTSxFQUFFLEVBQUUsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQztRQUMzRTs7OztXQUlHO1FBQ0gsV0FBVyxFQUFFLENBQUMsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxPQUFPLENBQUMsV0FBVyxDQUFDO1FBQzVDOzs7O1dBSUc7UUFDSCxVQUFVLEVBQUUsQ0FBQyxDQUFDLE1BQU0sRUFBRSxDQUFDLE9BQU8sQ0FBQyxjQUFjLENBQUM7UUFDOUM7Ozs7V0FJRztRQUNILFFBQVEsRUFBRSxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLE1BQU0sRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUM7UUFDckU7Ozs7V0FJRztRQUNILFNBQVMsRUFBRSxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLE1BQU0sRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUM7UUFDdEU7Ozs7V0FJRztRQUNILGlCQUFpQixFQUFFLENBQUMsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDO1FBQzdDOzs7O1dBSUc7UUFDSCxVQUFVLEVBQUUsQ0FBQyxDQUFDLE9BQU8sRUFBRSxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUM7UUFDdEM7Ozs7O1dBS0c7UUFDSCxZQUFZLEVBQUUsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLENBQUMsUUFBUSxFQUFFLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxVQUFVLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLE1BQU0sRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDLFFBQVEsRUFBRTtRQUM1Rzs7V0FFRztRQUNILGlCQUFpQixFQUFFLENBQUM7YUFDakIsS0FBSyxDQUFDLHNCQUFzQixDQUFDO2FBQzdCLE9BQU8sQ0FBQyxDQUFDLEVBQUUsSUFBSSxFQUFFLEtBQUssRUFBRSxPQUFPLEVBQUUsQ0FBQyxNQUFNLEVBQUUsT0FBTyxFQUFFLFFBQVEsRUFBRSxLQUFLLEVBQUUsU0FBUyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ3JGOzs7OztXQUtHO1FBQ0gsZ0JBQWdCLEVBQUUsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ2pEOzs7Ozs7OztXQVFHO1FBQ0gsYUFBYSxFQUFFLENBQUM7YUFDYixNQUFNLENBQUM7WUFDTixNQUFNLEVBQUUsQ0FBQyxDQUFDLE9BQU8sRUFBRTtZQUNuQixRQUFRLEVBQUUsQ0FBQyxDQUFDLE9BQU8sRUFBRTtZQUNyQixTQUFTLEVBQUUsQ0FBQyxDQUFDLE9BQU8sRUFBRTtTQUN2QixDQUFDO2FBQ0QsT0FBTyxDQUFDO1lBQ1AsTUFBTSxFQUFFLEtBQUs7WUFDYixRQUFRLEVBQUUsS0FBSztZQUNmLFNBQVMsRUFBRSxJQUFJO1NBQ2hCLENBQUM7S0FDTCxDQUFDO1NBQ0QsT0FBTyxDQUFDLEVBQUUsQ0FBQyxDQUNmO0lBQ0Q7O09BRUc7SUFDSCxNQUFNLEVBQUUsQ0FBQztTQUNOLE1BQU0sQ0FBQztRQUNOLEtBQUssRUFBRSxtQkFBbUI7UUFDMUIsTUFBTSxFQUFFLG1CQUFtQjtRQUMzQjs7V0FFRztRQUNILE1BQU0sRUFBRSxDQUFDLENBQUMsT0FBTyxFQUFFLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQztRQUNqQzs7OztXQUlHO1FBQ0gsS0FBSyxFQUFFLENBQUMsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDO0tBQ3hDLENBQUM7U0FDRCxPQUFPLENBQUMsRUFBRSxDQUFDO0lBQ2Q7O09BRUc7SUFDSCxJQUFJLEVBQUUsQ0FBQztTQUNKLE1BQU0sQ0FBQztRQUNOLEtBQUssRUFBRSxtQkFBbUI7UUFDMUIsTUFBTSxFQUFFLG1CQUFtQjtRQUMzQjs7V0FFRztRQUNILE1BQU0sRUFBRSxDQUFDLENBQUMsT0FBTyxFQUFFLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQztRQUNsQzs7OztXQUlHO1FBQ0gsTUFBTSxFQUFFLENBQUMsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxPQUFPLENBQUMsR0FBRyxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUM7UUFDM0M7Ozs7V0FJRztRQUNILGlCQUFpQixFQUFFLENBQUMsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDO0tBQzlDLENBQUM7U0FDRCxPQUFPLENBQUMsRUFBRSxDQUFDO0lBQ2Q7O09BRUc7SUFDSCxhQUFhLEVBQUUsQ0FBQztTQUNiLE1BQU0sQ0FBQztRQUNOLEtBQUssRUFBRSxtQkFBbUI7UUFDMUIsTUFBTSxFQUFFLG1CQUFtQjtRQUMzQjs7V0FFRztRQUNILE1BQU0sRUFBRSxDQUFDLENBQUMsT0FBTyxFQUFFLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQztLQUNsQyxDQUFDO1NBQ0QsT0FBTyxDQUFDLEVBQUUsQ0FBQztJQUNkOztPQUVHO0lBQ0gsTUFBTSxFQUFFLENBQUM7U0FDTixNQUFNLENBQUM7UUFDTixLQUFLLEVBQUUsbUJBQW1CO1FBQzFCLE1BQU0sRUFBRSxtQkFBbUI7UUFDM0I7O1dBRUc7UUFDSCxNQUFNLEVBQUUsQ0FBQyxDQUFDLE9BQU8sRUFBRSxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUM7S0FDbEMsQ0FBQztTQUNELE9BQU8sQ0FBQyxFQUFFLENBQUM7SUFDZDs7T0FFRztJQUNILE9BQU8sRUFBRSxDQUFDO1NBQ1AsTUFBTSxDQUFDO1FBQ04sS0FBSyxFQUFFLG1CQUFtQjtRQUMxQixNQUFNLEVBQUUsbUJBQW1CO1FBQzNCOztXQUVHO1FBQ0gsTUFBTSxFQUFFLENBQUMsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDO0tBQ2xDLENBQUM7U0FDRCxPQUFPLENBQUMsRUFBRSxDQUFDO0lBQ2Q7O09BRUc7SUFDSCxhQUFhLEVBQUUsQ0FBQztTQUNiLE1BQU0sQ0FBQztRQUNOLEtBQUssRUFBRSxtQkFBbUI7UUFDMUIsTUFBTSxFQUFFLG1CQUFtQjtRQUMzQjs7V0FFRztRQUNILE1BQU0sRUFBRSxDQUFDLENBQUMsT0FBTyxFQUFFLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQztRQUNqQzs7OztXQUlHO1FBQ0gsS0FBSyxFQUFFLENBQUMsQ0FBQyxNQUFNLENBQUMsTUFBTSxFQUFFLENBQUMsT0FBTyxDQUFDLGVBQWUsQ0FBQztLQUNsRCxDQUFDO1NBQ0QsT0FBTyxDQUFDLEVBQUUsQ0FBQztJQUNkOztPQUVHO0lBQ0gsR0FBRyxFQUFFLENBQUM7U0FDSCxNQUFNLENBQUM7UUFDTixLQUFLLEVBQUUsbUJBQW1CO1FBQzFCLE1BQU0sRUFBRSxtQkFBbUI7UUFDM0I7O1dBRUc7UUFDSCxNQUFNLEVBQUUsQ0FBQyxDQUFDLE9BQU8sRUFBRSxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUM7UUFDbEMscUVBQXFFO1FBQ3JFLE1BQU0sRUFBRSxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMsTUFBTSxFQUFFLEVBQUUsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsTUFBTSxFQUFFLENBQUMsRUFBRSxDQUFDLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNyRjs7O1dBR0c7UUFDSCxVQUFVLEVBQUUsQ0FBQyxDQUFDLE9BQU8sRUFBRSxDQUFDLFFBQVEsRUFBRTtRQUNsQzs7O1dBR0c7UUFDSCxTQUFTLEVBQUUsQ0FBQyxDQUFDLE9BQU8sRUFBRSxDQUFDLFFBQVEsRUFBRTtLQUNsQyxDQUFDO1NBQ0QsT0FBTyxDQUFDLEVBQUUsQ0FBQztJQUNkOzs7T0FHRztJQUNILGNBQWMsRUFBRSxDQUFDO1NBQ2QsTUFBTSxDQUFDO1FBQ04sS0FBSyxFQUFFLG1CQUFtQjtRQUMxQixNQUFNLEVBQUUsbUJBQW1CO1FBQzNCOztXQUVHO1FBQ0gsTUFBTSxFQUFFLENBQUMsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDO1FBQ2xDOzs7O1dBSUc7UUFDSCxLQUFLLEVBQUUsQ0FBQyxDQUFDLE1BQU0sRUFBRSxDQUFDLE9BQU8sQ0FBQyw0QkFBNEIsQ0FBQztLQUN4RCxDQUFDO1NBQ0QsT0FBTyxDQUFDLEVBQUUsQ0FBQztJQUNkOztPQUVHO0lBQ0gsR0FBRyxFQUFFLENBQUM7U0FDSCxNQUFNLENBQUM7UUFDTixLQUFLLEVBQUUsbUJBQW1CO1FBQzFCLE1BQU0sRUFBRSxtQkFBbUI7UUFDM0I7O1dBRUc7UUFDSCxNQUFNLEVBQUUsQ0FBQyxDQUFDLE9BQU8sRUFBRSxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUM7S0FDbEMsQ0FBQztTQUNELE9BQU8sQ0FBQyxFQUFFLENBQUM7SUFDZCxJQUFJLEVBQUUsQ0FBQztTQUNKLE1BQU0sQ0FBQztRQUNOLFdBQVcsRUFBRSxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxDQUFDLFFBQVEsRUFBRTtRQUMzQyxlQUFlLEVBQUUsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FBQyxRQUFRLEVBQUU7UUFDL0MscUJBQXFCLEVBQUUsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FBQyxRQUFRLEVBQUU7UUFDckQsWUFBWSxFQUFFLHdCQUF3QixDQUFDLFFBQVEsRUFBRTtLQUNsRCxDQUFDO1NBQ0QsT0FBTyxDQUFDLEVBQUUsQ0FBQztJQUNkLEtBQUssRUFBRSxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsYUFBYSxFQUFFLGFBQWEsQ0FBQyxLQUFLLEVBQUUsQ0FBQyxDQUFDLENBQUMsUUFBUSxFQUFFO0lBQ2pFLE1BQU0sRUFBRSxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsYUFBYSxFQUFFLGFBQWEsQ0FBQyxLQUFLLEVBQUUsQ0FBQyxDQUFDLENBQUMsUUFBUSxFQUFFO0lBQ2xFLHNCQUFzQixFQUFFLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLE1BQU0sRUFBRSxDQUFDLENBQUMsUUFBUSxFQUFFLENBQUMsUUFBUSxFQUFFO0NBQ2hFLENBQUMsQ0FBQztBQUdILE1BQU0sOEJBQThCLEdBQUcsQ0FBQztLQUNyQyxRQUFRLEVBQUU7S0FDVixJQUFJLENBQUMsQ0FBQyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLENBQUMsTUFBTSxFQUFFLEVBQUUsQ0FBQyxDQUFDLE9BQU8sRUFBRSxDQUFDO0tBQ3JELE9BQU8sQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQztBQU81QyxNQUFNLENBQUMsTUFBTSxvQkFBb0IsR0FBRyxDQUFDLENBQUMsTUFBTSxDQUFDO0lBQzNDLEtBQUssRUFBRSxDQUFDO1NBQ0wsTUFBTSxDQUFDO1FBQ047O1dBRUc7UUFDSCxTQUFTLEVBQUUsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxDQUFDLENBQUMsUUFBUSxFQUFFO1FBQ25EOzs7V0FHRztRQUNILGVBQWUsRUFBRSxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxDQUFDLFFBQVEsRUFBRTtRQUMvQzs7V0FFRztRQUNILFNBQVMsRUFBRSw4QkFBOEIsQ0FBQyxRQUFRLEVBQUU7S0FDckQsQ0FBQztTQUNELE9BQU8sQ0FBQyxFQUFFLENBQUM7Q0FDZixDQUFDLENBQUM7QUFHSCxlQUFlO0lBQ2IsUUFBUSxFQUFFLGNBQWMsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDO0lBQ2xDLE1BQU0sRUFBRSxvQkFBb0IsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDO0NBQ3ZDLENBQUMifQ==

package/dist/config/config.local.d.ts

@@ -1,6 +1,3 @@
-import { PartialEggConfig } from "egg";
-
-//#region src/config/config.local.d.ts
+import type { PartialEggConfig } from 'egg';
 declare const _default: PartialEggConfig;
-//#endregion
-export { _default as default };
+export default _default;

package/dist/config/config.local.js

@@ -1,5 +1,8 @@
-//#region src/config/config.local.ts
-var config_local_default = { security: { hsts: { enable: false } } };
-
-//#endregion
-export { config_local_default as default };
+export default {
+    security: {
+        hsts: {
+            enable: false,
+        },
+    },
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29uZmlnLmxvY2FsLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL2NvbmZpZy9jb25maWcubG9jYWwudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBRUEsZUFBZTtJQUNiLFFBQVEsRUFBRTtRQUNSLElBQUksRUFBRTtZQUNKLE1BQU0sRUFBRSxLQUFLO1NBQ2Q7S0FDRjtDQUNrQixDQUFDIn0=

package/dist/index.d.ts

@@ -1,5 +1,4 @@
-import "./config.default-D8v08Vox.js";
-import "./safe_curl-mqZZv_YQ.js";
-import "./application-n5bk2L_z.js";
-import "./context-C-N1IY85.js";
-import "./types-BZR2U30p.js";
+import './app/extend/application.ts';
+import './app/extend/context.ts';
+import './app/extend/response.ts';
+import './types.ts';

package/dist/index.js

@@ -1,8 +1,5 @@
-import "./utils-Cajs5P8M.js";
-import "./safe_curl-UlViaxoF.js";
-import "./application-COC0mYEe.js";
-import "./context-e-QJTKfq.js";
-import "./response-BFnHAJrV.js";
-import "./types-DnJpiSJb.js";
-
-export {  };
+import "./app/extend/application.js";
+import "./app/extend/context.js";
+import "./app/extend/response.js";
+import "./types.js";
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyw2QkFBNkIsQ0FBQztBQUNyQyxPQUFPLHlCQUF5QixDQUFDO0FBQ2pDLE9BQU8sMEJBQTBCLENBQUM7QUFDbEMsT0FBTyxZQUFZLENBQUMifQ==

package/dist/lib/extend/safe_curl.d.ts

@@ -1,3 +1,16 @@
-import "../../config.default-D8v08Vox.js";
-import { HttpClientOptions, HttpClientRequestURL, HttpClientResponse, safeCurlForApplication } from "../../safe_curl-mqZZv_YQ.js";
-export { HttpClientOptions, HttpClientRequestURL, HttpClientResponse, safeCurlForApplication };
+import type { EggApplicationCore } from 'egg';
+import type { SSRFCheckAddressFunction } from '../../config/config.default.ts';
+type HttpClient = EggApplicationCore['HttpClient'];
+type HttpClientParameters = Parameters<HttpClient['prototype']['request']>;
+export type HttpClientRequestURL = HttpClientParameters[0];
+export type HttpClientOptions = HttpClientParameters[1] & {
+    checkAddress?: SSRFCheckAddressFunction;
+};
+export type HttpClientResponse<T = any> = Awaited<ReturnType<HttpClient['prototype']['request']>> & {
+    data: T;
+};
+/**
+ * safe curl with ssrf protection
+ */
+export declare function safeCurlForApplication<T = any>(app: EggApplicationCore, url: HttpClientRequestURL, options?: HttpClientOptions): Promise<import("egg").HttpClientResponse<T>>;
+export {};

package/dist/lib/extend/safe_curl.js

@@ -1,3 +1,25 @@
-import { safeCurlForApplication } from "../../safe_curl-UlViaxoF.js";
-
-export { safeCurlForApplication };
+const SSRF_HTTPCLIENT = Symbol('SSRF_HTTPCLIENT');
+/**
+ * safe curl with ssrf protection
+ */
+export async function safeCurlForApplication(app, url, options = {}) {
+    const ssrfConfig = app.config.security.ssrf;
+    if (ssrfConfig?.checkAddress) {
+        options.checkAddress = ssrfConfig.checkAddress;
+    }
+    else {
+        app.logger.warn('[@eggjs/security] please configure `config.security.ssrf` first');
+    }
+    if (ssrfConfig?.checkAddress) {
+        let httpClient = app[SSRF_HTTPCLIENT];
+        // use the new httpClient init with checkAddress
+        if (!httpClient) {
+            httpClient = app[SSRF_HTTPCLIENT] = app.createHttpClient({
+                checkAddress: ssrfConfig.checkAddress,
+            });
+        }
+        return await httpClient.request(url, options);
+    }
+    return await app.curl(url, options);
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2FmZV9jdXJsLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2xpYi9leHRlbmQvc2FmZV9jdXJsLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUlBLE1BQU0sZUFBZSxHQUFHLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO0FBUWxEOztHQUVHO0FBQ0gsTUFBTSxDQUFDLEtBQUssVUFBVSxzQkFBc0IsQ0FDMUMsR0FBdUIsRUFDdkIsR0FBeUIsRUFDekIsVUFBNkIsRUFBRTtJQUUvQixNQUFNLFVBQVUsR0FBRyxHQUFHLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUM7SUFDNUMsSUFBSSxVQUFVLEVBQUUsWUFBWSxFQUFFLENBQUM7UUFDN0IsT0FBTyxDQUFDLFlBQVksR0FBRyxVQUFVLENBQUMsWUFBWSxDQUFDO0lBQ2pELENBQUM7U0FBTSxDQUFDO1FBQ04sR0FBRyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsaUVBQWlFLENBQUMsQ0FBQztJQUNyRixDQUFDO0lBRUQsSUFBSSxVQUFVLEVBQUUsWUFBWSxFQUFFLENBQUM7UUFDN0IsSUFBSSxVQUFVLEdBQUcsR0FBRyxDQUFDLGVBQWUsQ0FBdUQsQ0FBQztRQUM1RixnREFBZ0Q7UUFDaEQsSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQ2hCLFVBQVUsR0FBRyxHQUFHLENBQUMsZUFBZSxDQUFDLEdBQUcsR0FBRyxDQUFDLGdCQUFnQixDQUFDO2dCQUN2RCxZQUFZLEVBQUUsVUFBVSxDQUFDLFlBQVk7YUFDdEMsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUNELE9BQU8sTUFBTSxVQUFVLENBQUMsT0FBTyxDQUFJLEdBQUcsRUFBRSxPQUFPLENBQUMsQ0FBQztJQUNuRCxDQUFDO0lBRUQsT0FBTyxNQUFNLEdBQUcsQ0FBQyxJQUFJLENBQUksR0FBRyxFQUFFLE9BQU8sQ0FBQyxDQUFDO0FBQ3pDLENBQUMifQ==

package/dist/lib/helper/cliFilter.d.ts

@@ -1,2 +1,4 @@
-import { cliFilter } from "../../cliFilter-DKZxCxSe.js";
-export { cliFilter as default };
+/**
+ * remote command execution
+ */
+export default function cliFilter(text: string): string;

package/dist/lib/helper/cliFilter.js

@@ -1,3 +1,17 @@
-import { cliFilter } from "../../cliFilter-7BSD8Nc_.js";
-
-export { cliFilter as default };
+/**
+ * remote command execution
+ */
+const BASIC_ALPHABETS = new Set('abcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ.-_'.split(''));
+export default function cliFilter(text) {
+    const str = '' + text;
+    let res = '';
+    let ascii;
+    for (let index = 0; index < str.length; index++) {
+        ascii = str[index];
+        if (BASIC_ALPHABETS.has(ascii)) {
+            res += ascii;
+        }
+    }
+    return res;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xpRmlsdGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2xpYi9oZWxwZXIvY2xpRmlsdGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOztHQUVHO0FBRUgsTUFBTSxlQUFlLEdBQUcsSUFBSSxHQUFHLENBQUMsbUVBQW1FLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUM7QUFFL0csTUFBTSxDQUFDLE9BQU8sVUFBVSxTQUFTLENBQUMsSUFBWTtJQUM1QyxNQUFNLEdBQUcsR0FBRyxFQUFFLEdBQUcsSUFBSSxDQUFDO0lBQ3RCLElBQUksR0FBRyxHQUFHLEVBQUUsQ0FBQztJQUNiLElBQUksS0FBSyxDQUFDO0lBRVYsS0FBSyxJQUFJLEtBQUssR0FBRyxDQUFDLEVBQUUsS0FBSyxHQUFHLEdBQUcsQ0FBQyxNQUFNLEVBQUUsS0FBSyxFQUFFLEVBQUUsQ0FBQztRQUNoRCxLQUFLLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQ25CLElBQUksZUFBZSxDQUFDLEdBQUcsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQy9CLEdBQUcsSUFBSSxLQUFLLENBQUM7UUFDZixDQUFDO0lBQ0gsQ0FBQztJQUVELE9BQU8sR0FBRyxDQUFDO0FBQ2IsQ0FBQyJ9

package/dist/lib/helper/escape.d.ts

@@ -1,2 +1,2 @@
-import { escapeHTML } from "../../escape-Dex_Pk9e.js";
-export { escapeHTML as default };
+import escapeHTML from 'escape-html';
+export default escapeHTML;

package/dist/lib/helper/escape.js

@@ -1,3 +1,3 @@
-import { escape_default } from "../../escape-p8-cW8c_.js";
-
-export { escape_default as default };
+import escapeHTML from 'escape-html';
+export default escapeHTML;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXNjYXBlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2xpYi9oZWxwZXIvZXNjYXBlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sVUFBVSxNQUFNLGFBQWEsQ0FBQztBQUVyQyxlQUFlLFVBQVUsQ0FBQyJ9

package/dist/lib/helper/escapeShellArg.d.ts

@@ -1,2 +1 @@
-import { escapeShellArg } from "../../escapeShellArg-BnzDicAC.js";
-export { escapeShellArg as default };
+export default function escapeShellArg(text: string): string;

package/dist/lib/helper/escapeShellArg.js

@@ -1,3 +1,5 @@
-import { escapeShellArg } from "../../escapeShellArg-C0v1ZeCl.js";
-
-export { escapeShellArg as default };
+export default function escapeShellArg(text) {
+    const str = '' + text;
+    return "'" + str.replace(/\\/g, '\\\\').replace(/'/g, "\\'") + "'";
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXNjYXBlU2hlbGxBcmcuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvbGliL2hlbHBlci9lc2NhcGVTaGVsbEFyZy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxNQUFNLENBQUMsT0FBTyxVQUFVLGNBQWMsQ0FBQyxJQUFZO0lBQ2pELE1BQU0sR0FBRyxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUM7SUFDdEIsT0FBTyxHQUFHLEdBQUcsR0FBRyxDQUFDLE9BQU8sQ0FBQyxLQUFLLEVBQUUsTUFBTSxDQUFDLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxLQUFLLENBQUMsR0FBRyxHQUFHLENBQUM7QUFDckUsQ0FBQyJ9

package/dist/lib/helper/escapeShellCmd.d.ts

@@ -1,2 +1 @@
-import { escapeShellCmd } from "../../escapeShellCmd-DQZZIHde.js";
-export { escapeShellCmd as default };
+export default function escapeShellCmd(text: string): string;

package/dist/lib/helper/escapeShellCmd.js

@@ -1,3 +1,14 @@
-import { escapeShellCmd } from "../../escapeShellCmd-CkAdyhtO.js";
-
-export { escapeShellCmd as default };
+const BASIC_ALPHABETS = new Set('#&;`|*?~<>^()[]{}$;\'",\x0A\xFF'.split(''));
+export default function escapeShellCmd(text) {
+    const str = '' + text;
+    let res = '';
+    let ascii;
+    for (let index = 0; index < str.length; index++) {
+        ascii = str[index];
+        if (!BASIC_ALPHABETS.has(ascii)) {
+            res += ascii;
+        }
+    }
+    return res;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXNjYXBlU2hlbGxDbWQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvbGliL2hlbHBlci9lc2NhcGVTaGVsbENtZC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxNQUFNLGVBQWUsR0FBRyxJQUFJLEdBQUcsQ0FBQyxpQ0FBaUMsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQztBQUU3RSxNQUFNLENBQUMsT0FBTyxVQUFVLGNBQWMsQ0FBQyxJQUFZO0lBQ2pELE1BQU0sR0FBRyxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUM7SUFDdEIsSUFBSSxHQUFHLEdBQUcsRUFBRSxDQUFDO0lBQ2IsSUFBSSxLQUFLLENBQUM7SUFFVixLQUFLLElBQUksS0FBSyxHQUFHLENBQUMsRUFBRSxLQUFLLEdBQUcsR0FBRyxDQUFDLE1BQU0sRUFBRSxLQUFLLEVBQUUsRUFBRSxDQUFDO1FBQ2hELEtBQUssR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDbkIsSUFBSSxDQUFDLGVBQWUsQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUNoQyxHQUFHLElBQUksS0FBSyxDQUFDO1FBQ2YsQ0FBQztJQUNILENBQUM7SUFFRCxPQUFPLEdBQUcsQ0FBQztBQUNiLENBQUMifQ==

package/dist/lib/helper/index.d.ts

@@ -1,24 +1,21 @@
-import { cliFilter } from "../../cliFilter-DKZxCxSe.js";
-import { escapeShellArg } from "../../escapeShellArg-BnzDicAC.js";
-import { escapeShellCmd } from "../../escapeShellCmd-DQZZIHde.js";
-import { shtml } from "../../shtml-CAquTzgV.js";
-import { escapeJavaScript } from "../../sjs-QZIJYS71.js";
-import { jsonEscape } from "../../sjson-O-vKJPws.js";
-import { pathFilter } from "../../spath-DseDPHxf.js";
-import { surl } from "../../surl-JV70X_RZ.js";
-import { escapeHTML } from "../../escape-Dex_Pk9e.js";
-
-//#region src/lib/helper/index.d.ts
+import cliFilter from './cliFilter.ts';
+import escape from './escape.ts';
+import escapeShellArg from './escapeShellArg.ts';
+import escapeShellCmd from './escapeShellCmd.ts';
+import shtml from './shtml.ts';
+import sjs from './sjs.ts';
+import sjson from './sjson.ts';
+import spath from './spath.ts';
+import surl from './surl.ts';
 declare const _default: {
-  cliFilter: typeof cliFilter;
-  escape: typeof escapeHTML;
-  escapeShellArg: typeof escapeShellArg;
-  escapeShellCmd: typeof escapeShellCmd;
-  shtml: typeof shtml;
-  sjs: typeof escapeJavaScript;
-  sjson: typeof jsonEscape;
-  spath: typeof pathFilter;
-  surl: typeof surl;
+    cliFilter: typeof cliFilter;
+    escape: typeof escape;
+    escapeShellArg: typeof escapeShellArg;
+    escapeShellCmd: typeof escapeShellCmd;
+    shtml: typeof shtml;
+    sjs: typeof sjs;
+    sjson: typeof sjson;
+    spath: typeof spath;
+    surl: typeof surl;
 };
-//#endregion
-export { _default as default };
+export default _default;

package/dist/lib/helper/index.js

@@ -1,13 +1,21 @@
-import "../../utils-Cajs5P8M.js";
-import "../../cliFilter-7BSD8Nc_.js";
-import "../../escape-p8-cW8c_.js";
-import "../../escapeShellArg-C0v1ZeCl.js";
-import "../../escapeShellCmd-CkAdyhtO.js";
-import "../../shtml-CgF4kOx-.js";
-import "../../sjs-Cbmkk5xS.js";
-import "../../sjson-BetFnVR6.js";
-import "../../spath-Bu9sy6Kz.js";
-import "../../surl-ClleTea7.js";
-import { helper_default } from "../../helper-DylzfQ_5.js";
-
-export { helper_default as default };
+import cliFilter from "./cliFilter.js";
+import escape from "./escape.js";
+import escapeShellArg from "./escapeShellArg.js";
+import escapeShellCmd from "./escapeShellCmd.js";
+import shtml from "./shtml.js";
+import sjs from "./sjs.js";
+import sjson from "./sjson.js";
+import spath from "./spath.js";
+import surl from "./surl.js";
+export default {
+    cliFilter,
+    escape,
+    escapeShellArg,
+    escapeShellCmd,
+    shtml,
+    sjs,
+    sjson,
+    spath,
+    surl,
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvbGliL2hlbHBlci9pbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLFNBQVMsTUFBTSxnQkFBZ0IsQ0FBQztBQUN2QyxPQUFPLE1BQU0sTUFBTSxhQUFhLENBQUM7QUFDakMsT0FBTyxjQUFjLE1BQU0scUJBQXFCLENBQUM7QUFDakQsT0FBTyxjQUFjLE1BQU0scUJBQXFCLENBQUM7QUFDakQsT0FBTyxLQUFLLE1BQU0sWUFBWSxDQUFDO0FBQy9CLE9BQU8sR0FBRyxNQUFNLFVBQVUsQ0FBQztBQUMzQixPQUFPLEtBQUssTUFBTSxZQUFZLENBQUM7QUFDL0IsT0FBTyxLQUFLLE1BQU0sWUFBWSxDQUFDO0FBQy9CLE9BQU8sSUFBSSxNQUFNLFdBQVcsQ0FBQztBQUU3QixlQUFlO0lBQ2IsU0FBUztJQUNULE1BQU07SUFDTixjQUFjO0lBQ2QsY0FBYztJQUNkLEtBQUs7SUFDTCxHQUFHO0lBQ0gsS0FBSztJQUNMLEtBQUs7SUFDTCxJQUFJO0NBQ0wsQ0FBQyJ9