@emasoft/svg-matrix 1.0.30 → 1.0.31

package/bin/svgm.js

@@ -121,6 +121,10 @@ let config = { ...DEFAULT_CONFIG };
  * @returns {void}
  */
 function log(msg) {
+  // Why: Validate parameter to prevent runtime errors with null/undefined
+  if (typeof msg !== "string") {
+    throw new TypeError(`log: expected string, got ${typeof msg}`);
+  }
   if (!config.quiet) console.log(msg);
 }
 
@@ -130,6 +134,11 @@ function log(msg) {
  * @returns {void}
  */
 function logError(msg) {
+  // Why: Validate parameter to prevent runtime errors with null/undefined
+  if (typeof msg !== "string") {
+    console.error(`${colors.red}error:${colors.reset} Invalid error message type: ${typeof msg}`);
+    return;
+  }
   console.error(`${colors.red}error:${colors.reset} ${msg}`);
 }
 
@@ -288,6 +297,10 @@ const DEFAULT_PIPELINE = [
  * @returns {string} Normalized path
  */
 function normalizePath(p) {
+  // Why: Validate parameter to prevent runtime errors with null/undefined
+  if (typeof p !== "string") {
+    throw new TypeError(`normalizePath: expected string, got ${typeof p}`);
+  }
   return p.replace(/\\/g, "/");
 }
 
@@ -297,6 +310,10 @@ function normalizePath(p) {
  * @returns {string} Absolute normalized path
  */
 function resolvePath(p) {
+  // Why: Validate parameter to prevent runtime errors with null/undefined
+  if (typeof p !== "string") {
+    throw new TypeError(`resolvePath: expected string, got ${typeof p}`);
+  }
   return isAbsolute(p)
     ? normalizePath(p)
     : normalizePath(resolve(process.cwd(), p));
@@ -308,6 +325,8 @@ function resolvePath(p) {
  * @returns {boolean} True if directory exists
  */
 function isDir(p) {
+  // Why: Validate parameter to prevent runtime errors with null/undefined
+  if (typeof p !== "string") return false;
   try {
     return statSync(p).isDirectory();
   } catch {
@@ -321,6 +340,8 @@ function isDir(p) {
  * @returns {boolean} True if file exists
  */
 function isFile(p) {
+  // Why: Validate parameter to prevent runtime errors with null/undefined
+  if (typeof p !== "string") return false;
   try {
     return statSync(p).isFile();
   } catch {
@@ -334,6 +355,10 @@ function isFile(p) {
  * @returns {void}
  */
 function ensureDir(dir) {
+  // Why: Validate parameter to prevent runtime errors with null/undefined
+  if (typeof dir !== "string") {
+    throw new TypeError(`ensureDir: expected string, got ${typeof dir}`);
+  }
   if (!existsSync(dir)) {
     mkdirSync(dir, { recursive: true });
   }
@@ -347,14 +372,32 @@ function ensureDir(dir) {
  * @returns {string[]} Array of SVG file paths
  */
 function getSvgFiles(dir, recursive = false, exclude = []) {
+  // Why: Validate parameters to prevent runtime errors
+  if (typeof dir !== "string") {
+    throw new TypeError(`getSvgFiles: expected string dir, got ${typeof dir}`);
+  }
+  if (!existsSync(dir)) {
+    throw new Error(`getSvgFiles: directory does not exist: ${dir}`);
+  }
+  if (!Array.isArray(exclude)) {
+    throw new TypeError(`getSvgFiles: expected array exclude, got ${typeof exclude}`);
+  }
+
   const files = [];
   function scan(d) {
     for (const entry of readdirSync(d, { withFileTypes: true })) {
       const fullPath = join(d, entry.name);
       // Check exclusion patterns
       const shouldExclude = exclude.some((pattern) => {
-        const regex = new RegExp(pattern);
-        return regex.test(fullPath) || regex.test(entry.name);
+        try {
+          // Why: Wrap RegExp constructor in try-catch to handle invalid patterns
+          const regex = new RegExp(pattern);
+          return regex.test(fullPath) || regex.test(entry.name);
+        } catch (_e) {
+          // Why: Catch invalid regex patterns (unused error marked with underscore per ESLint)
+          logError(`Invalid exclusion pattern: ${pattern}`);
+          return false;
+        }
       });
       if (shouldExclude) continue;
 
@@ -381,6 +424,16 @@ function getSvgFiles(dir, recursive = false, exclude = []) {
  * @returns {Promise<string>} Optimized SVG content
  */
 async function optimizeSvg(content, options = {}) {
+  // Why: Validate parameters to prevent runtime errors
+  if (typeof content !== "string") {
+    throw new TypeError(`optimizeSvg: expected string content, got ${typeof content}`);
+  }
+  if (content.length === 0) {
+    throw new Error("optimizeSvg: content is empty");
+  }
+  if (options !== null && typeof options !== "object") {
+    throw new TypeError(`optimizeSvg: expected object options, got ${typeof options}`);
+  }
   const doc = parseSVG(content);
   const pipeline = DEFAULT_PIPELINE;
 
@@ -464,6 +517,10 @@ async function optimizeSvg(content, options = {}) {
  * @returns {string} Minified XML
  */
 function minifyXml(xml) {
+  // Why: Validate parameter to prevent runtime errors
+  if (typeof xml !== "string") {
+    throw new TypeError(`minifyXml: expected string, got ${typeof xml}`);
+  }
   return (
     xml
       // Remove newlines and collapse whitespace between tags
@@ -480,6 +537,13 @@ function minifyXml(xml) {
  * @returns {string} Prettified XML
  */
 function prettifyXml(xml, indent = 2) {
+  // Why: Validate parameters to prevent runtime errors
+  if (typeof xml !== "string") {
+    throw new TypeError(`prettifyXml: expected string xml, got ${typeof xml}`);
+  }
+  if (typeof indent !== "number" || indent < 0 || indent > 16) {
+    throw new RangeError(`prettifyXml: indent must be number 0-16, got ${indent}`);
+  }
   // Simple XML prettifier
   const indentStr = " ".repeat(indent);
   let formatted = "";
@@ -523,6 +587,14 @@ function prettifyXml(xml, indent = 2) {
  * @returns {string} Data URI string
  */
 function toDataUri(content, format) {
+  // Why: Validate parameters to prevent runtime errors
+  if (typeof content !== "string") {
+    throw new TypeError(`toDataUri: expected string content, got ${typeof content}`);
+  }
+  const validFormats = ["base64", "enc", "unenc"];
+  if (!validFormats.includes(format)) {
+    throw new Error(`toDataUri: format must be one of ${validFormats.join(", ")}, got ${format}`);
+  }
   if (format === "base64") {
     return (
       "data:image/svg+xml;base64," + Buffer.from(content).toString("base64")
@@ -545,10 +617,30 @@ function toDataUri(content, format) {
  * @returns {Promise<Object>} Processing result with success status and metrics
  */
 async function processFile(inputPath, outputPath, options) {
+  // Why: Validate parameters to prevent runtime errors
+  if (typeof inputPath !== "string") {
+    return { success: false, error: `Invalid input path: ${typeof inputPath}`, inputPath };
+  }
+  if (typeof outputPath !== "string") {
+    return { success: false, error: `Invalid output path: ${typeof outputPath}`, inputPath };
+  }
+  if (options !== null && typeof options !== "object") {
+    return { success: false, error: `Invalid options: ${typeof options}`, inputPath };
+  }
+
   try {
     let content = readFileSync(inputPath, "utf8");
     const originalSize = Buffer.byteLength(content);
 
+    // Why: Validate file size to prevent processing extremely large files
+    if (originalSize > CONSTANTS.MAX_FILE_SIZE_BYTES) {
+      return {
+        success: false,
+        error: `File too large: ${originalSize} bytes (max ${CONSTANTS.MAX_FILE_SIZE_BYTES} bytes)`,
+        inputPath
+      };
+    }
+
     // Apply embedding if enabled
     if (options.embed) {
       const doc = parseSVG(content);
@@ -594,7 +686,10 @@ async function processFile(inputPath, outputPath, options) {
     }
 
     const savings = originalSize - optimizedSize;
-    const percent = ((savings / originalSize) * 100).toFixed(1);
+    // Why: Handle case where optimizedSize > originalSize (negative savings)
+    const percent = originalSize > 0
+      ? ((savings / originalSize) * 100).toFixed(1)
+      : "0.0";
 
     return {
       success: true,
@@ -716,6 +811,11 @@ function showPlugins() {
  * @returns {Object} Parsed configuration
  */
 function loadConfigFile(configPath) {
+  // Why: Validate parameter to prevent runtime errors
+  if (typeof configPath !== "string") {
+    logError(`Invalid config path: expected string, got ${typeof configPath}`);
+    process.exit(CONSTANTS.EXIT_ERROR);
+  }
   try {
     const absolutePath = resolvePath(configPath);
     if (!existsSync(absolutePath)) {
@@ -723,7 +823,14 @@ function loadConfigFile(configPath) {
       process.exit(CONSTANTS.EXIT_ERROR);
     }
     const content = readFileSync(absolutePath, "utf8");
-    const loadedConfig = yaml.load(content);
+    // Why: Use safeLoad to prevent arbitrary code execution via YAML (security fix)
+    const loadedConfig = yaml.load(content, { schema: yaml.FAILSAFE_SCHEMA });
+
+    // Why: Validate loaded config is an object to prevent runtime errors
+    if (loadedConfig === null || typeof loadedConfig !== "object") {
+      logError(`Invalid config file: expected object, got ${typeof loadedConfig}`);
+      process.exit(CONSTANTS.EXIT_ERROR);
+    }
 
     // Convert YAML config structure to CLI config structure
     const result = {};
@@ -780,12 +887,42 @@ function loadConfigFile(configPath) {
 // ============================================================================
 // ARGUMENT PARSING
 // ============================================================================
+/**
+ * Helper to safely get next argument with bounds checking.
+ * @param {string[]} args - Arguments array
+ * @param {number} i - Current index
+ * @param {string} flag - Flag name for error message
+ * @returns {string} Next argument value
+ */
+function getNextArg(args, i, flag) {
+  // Why: Validate parameters to prevent runtime errors
+  if (!Array.isArray(args)) {
+    logError(`getNextArg: expected array args, got ${typeof args}`);
+    process.exit(CONSTANTS.EXIT_ERROR);
+  }
+  if (typeof i !== "number" || i < 0) {
+    logError(`getNextArg: expected non-negative number i, got ${typeof i}`);
+    process.exit(CONSTANTS.EXIT_ERROR);
+  }
+  // Why: Validate bounds to prevent accessing undefined arguments
+  if (i + 1 >= args.length) {
+    logError(`${flag} requires a value`);
+    process.exit(CONSTANTS.EXIT_ERROR);
+  }
+  return args[i + 1];
+}
+
 /**
  * Parse command-line arguments.
  * @param {string[]} args - Command-line arguments
  * @returns {Object} Parsed configuration object
  */
 function parseArgs(args) {
+  // Why: Validate parameter to prevent runtime errors
+  if (!Array.isArray(args)) {
+    logError(`parseArgs: expected array, got ${typeof args}`);
+    process.exit(CONSTANTS.EXIT_ERROR);
+  }
   let cfg = { ...DEFAULT_CONFIG };
   const inputs = [];
   let i = 0;
@@ -826,12 +963,16 @@ function parseArgs(args) {
 
       case "-s":
       case "--string":
-        cfg.string = args[++i];
+        // Why: Use helper to safely get next argument with bounds checking
+        cfg.string = getNextArg(args, i, arg);
+        i++;
         break;
 
       case "-f":
       case "--folder":
-        cfg.folder = args[++i];
+        // Why: Use helper to safely get next argument with bounds checking
+        cfg.folder = getNextArg(args, i, arg);
+        i++;
         break;
 
       case "-o":
@@ -850,11 +991,24 @@ function parseArgs(args) {
 
       case "-p":
       case "--precision":
-        cfg.precision = parseInt(args[++i], 10);
+        // Why: Use helper to safely get next argument with bounds checking
+        {
+          const precisionArg = getNextArg(args, i, arg);
+          const parsed = parseInt(precisionArg, 10);
+          // Why: Validate parseInt result to prevent NaN values
+          if (isNaN(parsed)) {
+            logError(`--precision requires a valid number, got: ${precisionArg}`);
+            process.exit(CONSTANTS.EXIT_ERROR);
+          }
+          cfg.precision = parsed;
+          i++;
+        }
         break;
 
       case "--datauri":
-        cfg.datauri = args[++i];
+        // Why: Use helper to safely get next argument with bounds checking
+        cfg.datauri = getNextArg(args, i, arg);
+        i++;
         break;
 
       case "--multipass":
@@ -866,11 +1020,24 @@ function parseArgs(args) {
         break;
 
       case "--indent":
-        cfg.indent = parseInt(args[++i], 10);
+        // Why: Use helper to safely get next argument with bounds checking
+        {
+          const indentArg = getNextArg(args, i, arg);
+          const parsed = parseInt(indentArg, 10);
+          // Why: Validate parseInt result to prevent NaN values
+          if (isNaN(parsed)) {
+            logError(`--indent requires a valid number, got: ${indentArg}`);
+            process.exit(CONSTANTS.EXIT_ERROR);
+          }
+          cfg.indent = parsed;
+          i++;
+        }
         break;
 
       case "--eol":
-        cfg.eol = args[++i];
+        // Why: Use helper to safely get next argument with bounds checking
+        cfg.eol = getNextArg(args, i, arg);
+        i++;
         break;
 
       case "--final-newline":
@@ -902,12 +1069,14 @@ function parseArgs(args) {
 
       case "--preserve-ns":
         {
-          const val = argValue || args[++i];
+          // Why: Use helper to safely get next argument with bounds checking
+          const val = argValue || getNextArg(args, i, arg);
+          if (!argValue) i++; // Only increment if we used getNextArg
           if (!val) {
             logError(
               "--preserve-ns requires a comma-separated list of namespaces",
             );
-            process.exit(1);
+            process.exit(CONSTANTS.EXIT_ERROR);
           }
           cfg.preserveNamespaces = val
             .split(",")
@@ -934,7 +1103,9 @@ function parseArgs(args) {
         break;
 
       case "--config":
-        cfg.configFile = args[++i];
+        // Why: Use helper to safely get next argument with bounds checking
+        cfg.configFile = getNextArg(args, i, arg);
+        i++;
         break;
 
       case "--embed":
@@ -961,7 +1132,9 @@ function parseArgs(args) {
         break;
 
       case "--embed-svg-mode":
-        cfg.embedExternalSVGMode = args[++i];
+        // Why: Use helper to safely get next argument with bounds checking
+        cfg.embedExternalSVGMode = getNextArg(args, i, arg);
+        i++;
         break;
 
       case "--embed-css":
@@ -995,15 +1168,39 @@ function parseArgs(args) {
         break;
 
       case "--embed-max-depth":
-        cfg.embedMaxRecursionDepth = parseInt(args[++i], 10);
+        // Why: Use helper to safely get next argument with bounds checking
+        {
+          const depthArg = getNextArg(args, i, arg);
+          const parsed = parseInt(depthArg, 10);
+          // Why: Validate parseInt result to prevent NaN values
+          if (isNaN(parsed)) {
+            logError(`--embed-max-depth requires a valid number, got: ${depthArg}`);
+            process.exit(CONSTANTS.EXIT_ERROR);
+          }
+          cfg.embedMaxRecursionDepth = parsed;
+          i++;
+        }
         break;
 
       case "--embed-timeout":
-        cfg.embedTimeout = parseInt(args[++i], 10);
+        // Why: Use helper to safely get next argument with bounds checking
+        {
+          const timeoutArg = getNextArg(args, i, arg);
+          const parsed = parseInt(timeoutArg, 10);
+          // Why: Validate parseInt result to prevent NaN values
+          if (isNaN(parsed)) {
+            logError(`--embed-timeout requires a valid number, got: ${timeoutArg}`);
+            process.exit(CONSTANTS.EXIT_ERROR);
+          }
+          cfg.embedTimeout = parsed;
+          i++;
+        }
         break;
 
       case "--embed-on-missing":
-        cfg.embedOnMissingResource = args[++i];
+        // Why: Use helper to safely get next argument with bounds checking
+        cfg.embedOnMissingResource = getNextArg(args, i, arg);
+        i++;
         break;
 
       default:
@@ -1019,23 +1216,25 @@ function parseArgs(args) {
   cfg.inputs = inputs;
 
   // Validate numeric arguments
+  // Why: Check type first before using isNaN to prevent incorrect validation
   if (
-    cfg.precision !== undefined &&
-    (isNaN(cfg.precision) || cfg.precision < 0 || cfg.precision > 20)
+    cfg.precision !== undefined && cfg.precision !== null &&
+    (typeof cfg.precision !== "number" || isNaN(cfg.precision) ||
+     cfg.precision < CONSTANTS.MIN_PRECISION || cfg.precision > CONSTANTS.MAX_PRECISION)
   ) {
-    logError("--precision must be a number between 0 and 20");
+    logError(`--precision must be a number between ${CONSTANTS.MIN_PRECISION} and ${CONSTANTS.MAX_PRECISION}`);
     process.exit(CONSTANTS.EXIT_ERROR);
   }
   if (
-    cfg.indent !== undefined &&
-    (isNaN(cfg.indent) || cfg.indent < 0 || cfg.indent > 16)
+    cfg.indent !== undefined && cfg.indent !== null &&
+    (typeof cfg.indent !== "number" || isNaN(cfg.indent) || cfg.indent < 0 || cfg.indent > 16)
   ) {
     logError("--indent must be a number between 0 and 16");
     process.exit(CONSTANTS.EXIT_ERROR);
   }
   if (
-    cfg.embedMaxRecursionDepth !== undefined &&
-    (isNaN(cfg.embedMaxRecursionDepth) ||
+    cfg.embedMaxRecursionDepth !== undefined && cfg.embedMaxRecursionDepth !== null &&
+    (typeof cfg.embedMaxRecursionDepth !== "number" || isNaN(cfg.embedMaxRecursionDepth) ||
       cfg.embedMaxRecursionDepth < 1 ||
       cfg.embedMaxRecursionDepth > 100)
   ) {
@@ -1043,8 +1242,8 @@ function parseArgs(args) {
     process.exit(CONSTANTS.EXIT_ERROR);
   }
   if (
-    cfg.embedTimeout !== undefined &&
-    (isNaN(cfg.embedTimeout) ||
+    cfg.embedTimeout !== undefined && cfg.embedTimeout !== null &&
+    (typeof cfg.embedTimeout !== "number" || isNaN(cfg.embedTimeout) ||
       cfg.embedTimeout < 1000 ||
       cfg.embedTimeout > 300000)
   ) {
@@ -1099,6 +1298,11 @@ function parseArgs(args) {
  * @returns {Promise<void>}
  */
 async function main() {
+  // Why: Validate process.argv exists and is an array to prevent runtime errors
+  if (!Array.isArray(process.argv)) {
+    logError("process.argv is not an array");
+    process.exit(CONSTANTS.EXIT_ERROR);
+  }
   const args = process.argv.slice(2);
 
   if (args.length === 0) {
@@ -1209,7 +1413,12 @@ async function main() {
       if (config.output === "-") {
         outputPath = "-";
       } else if (Array.isArray(config.output)) {
-        outputPath = config.output[i] || config.output[0];
+        // Why: Bounds check when accessing array to prevent undefined values
+        if (config.output.length === 0) {
+          logError("Output array is empty");
+          process.exit(CONSTANTS.EXIT_ERROR);
+        }
+        outputPath = config.output[i] || config.output[config.output.length - 1];
       } else if (files.length > 1 || isDir(resolvePath(config.output))) {
         // Multiple files or output is a directory
         outputPath = join(resolvePath(config.output), basename(inputPath));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@emasoft/svg-matrix",
-  "version": "1.0.30",
+  "version": "1.0.31",
   "description": "Arbitrary-precision matrix, vector and affine transformation library for JavaScript using decimal.js",
   "type": "module",
   "main": "src/index.js",