@intlayer/config 8.9.5 → 8.9.6-canary.0

package/dist/cjs/utils/index.cjs

@@ -13,6 +13,7 @@ const require_utils_getStorageAttributes = require('./getStorageAttributes.cjs')
 const require_utils_getUsedNodeTypes = require('./getUsedNodeTypes.cjs');
 const require_utils_logStack = require('./logStack.cjs');
 const require_utils_parseFilePathPattern = require('./parseFilePathPattern.cjs');
+const require_utils_pathSecurity = require('./pathSecurity.cjs');
 const require_utils_retryManager = require('./retryManager.cjs');
 const require_utils_setIntlayerIdentifier = require('./setIntlayerIdentifier.cjs');
 const require_utils_stringFormatter_camelCaseToKebabCase = require('./stringFormatter/camelCaseToKebabCase.cjs');
@@ -20,6 +21,7 @@ const require_utils_stringFormatter_camelCaseToSentence = require('./stringForma
 const require_utils_stringFormatter_kebabCaseToCamelCase = require('./stringFormatter/kebabCaseToCamelCase.cjs');
 const require_utils_stringFormatter_toLowerCamelCase = require('./stringFormatter/toLowerCamelCase.cjs');
 
+exports.assertPathWithin = require_utils_pathSecurity.assertPathWithin;
 exports.cacheDisk = require_utils_cacheDisk.cacheDisk;
 exports.cacheMemory = require_utils_cacheMemory.cacheMemory;
 exports.camelCaseToKebabCase = require_utils_stringFormatter_camelCaseToKebabCase.camelCaseToKebabCase;

package/dist/cjs/utils/pathSecurity.cjs

@@ -0,0 +1,20 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_runtime = require('../_virtual/_rolldown/runtime.cjs');
+let node_path = require("node:path");
+
+//#region src/utils/pathSecurity.ts
+/**
+* Throws if `resolvedPath` escapes `baseDir`.
+* Use this before any file operation whose path is derived from user-controlled
+* input (e.g. dictionary keys, filePath fields from dictionary data) to prevent
+* path-traversal attacks.
+*/
+const assertPathWithin = (resolvedPath, baseDir) => {
+	const normalizedBase = (0, node_path.resolve)(baseDir);
+	const normalizedPath = (0, node_path.resolve)(resolvedPath);
+	if (normalizedPath !== normalizedBase && !normalizedPath.startsWith(normalizedBase + node_path.sep)) throw new Error(`Path traversal detected: "${resolvedPath}" escapes the base directory "${baseDir}"`);
+};
+
+//#endregion
+exports.assertPathWithin = assertPathWithin;
+//# sourceMappingURL=pathSecurity.cjs.map

package/dist/cjs/utils/pathSecurity.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"pathSecurity.cjs","names":["sep"],"sources":["../../../src/utils/pathSecurity.ts"],"sourcesContent":["import { resolve, sep } from 'node:path';\n\n/**\n * Throws if `resolvedPath` escapes `baseDir`.\n * Use this before any file operation whose path is derived from user-controlled\n * input (e.g. dictionary keys, filePath fields from dictionary data) to prevent\n * path-traversal attacks.\n */\nexport const assertPathWithin = (\n  resolvedPath: string,\n  baseDir: string\n): void => {\n  const normalizedBase = resolve(baseDir);\n  const normalizedPath = resolve(resolvedPath);\n  if (\n    normalizedPath !== normalizedBase &&\n    !normalizedPath.startsWith(normalizedBase + sep)\n  ) {\n    throw new Error(\n      `Path traversal detected: \"${resolvedPath}\" escapes the base directory \"${baseDir}\"`\n    );\n  }\n};\n"],"mappings":";;;;;;;;;;;AAQA,MAAa,oBACX,cACA,YACS;CACT,MAAM,wCAAyB,QAAQ;CACvC,MAAM,wCAAyB,aAAa;CAC5C,IACE,mBAAmB,kBACnB,CAAC,eAAe,WAAW,iBAAiBA,cAAI,EAEhD,MAAM,IAAI,MACR,6BAA6B,aAAa,gCAAgC,QAAQ,GACnF"}

package/dist/esm/utils/index.mjs

@@ -12,6 +12,7 @@ import { getStorageAttributes } from "./getStorageAttributes.mjs";
 import { getUnusedNodeTypes, getUnusedNodeTypesAsync, getUsedNodeTypes, getUsedNodeTypesAsync } from "./getUsedNodeTypes.mjs";
 import { logStack } from "./logStack.mjs";
 import { parseFilePathPattern, parseStringPattern } from "./parseFilePathPattern.mjs";
+import { assertPathWithin } from "./pathSecurity.mjs";
 import { retryManager } from "./retryManager.mjs";
 import { setIntlayerIdentifier } from "./setIntlayerIdentifier.mjs";
 import { camelCaseToKebabCase } from "./stringFormatter/camelCaseToKebabCase.mjs";
@@ -19,4 +20,4 @@ import { camelCaseToSentence } from "./stringFormatter/camelCaseToSentence.mjs";
 import { kebabCaseToCamelCase } from "./stringFormatter/kebabCaseToCamelCase.mjs";
 import { toLowerCamelCase } from "./stringFormatter/toLowerCamelCase.mjs";
 
-export { cacheDisk, cacheMemory, camelCaseToKebabCase, camelCaseToSentence, clearAllCache, clearCache, clearDiskCacheMemory, clearModuleCache, compareVersions, computeKeyId, configESMxCJSRequire, extractErrorMessage, getAlias, getCache, getExtension, getPackageJsonPath, getProjectRequire, getStorageAttributes, getUnusedNodeTypes, getUnusedNodeTypesAsync, getUsedNodeTypes, getUsedNodeTypesAsync, isESModule, kebabCaseToCamelCase, logStack, normalizePath, parseFilePathPattern, parseStringPattern, retryManager, setCache, setIntlayerIdentifier, stableStringify, toLowerCamelCase };
+export { assertPathWithin, cacheDisk, cacheMemory, camelCaseToKebabCase, camelCaseToSentence, clearAllCache, clearCache, clearDiskCacheMemory, clearModuleCache, compareVersions, computeKeyId, configESMxCJSRequire, extractErrorMessage, getAlias, getCache, getExtension, getPackageJsonPath, getProjectRequire, getStorageAttributes, getUnusedNodeTypes, getUnusedNodeTypesAsync, getUsedNodeTypes, getUsedNodeTypesAsync, isESModule, kebabCaseToCamelCase, logStack, normalizePath, parseFilePathPattern, parseStringPattern, retryManager, setCache, setIntlayerIdentifier, stableStringify, toLowerCamelCase };

package/dist/esm/utils/pathSecurity.mjs

@@ -0,0 +1,18 @@
+import { resolve, sep } from "node:path";
+
+//#region src/utils/pathSecurity.ts
+/**
+* Throws if `resolvedPath` escapes `baseDir`.
+* Use this before any file operation whose path is derived from user-controlled
+* input (e.g. dictionary keys, filePath fields from dictionary data) to prevent
+* path-traversal attacks.
+*/
+const assertPathWithin = (resolvedPath, baseDir) => {
+	const normalizedBase = resolve(baseDir);
+	const normalizedPath = resolve(resolvedPath);
+	if (normalizedPath !== normalizedBase && !normalizedPath.startsWith(normalizedBase + sep)) throw new Error(`Path traversal detected: "${resolvedPath}" escapes the base directory "${baseDir}"`);
+};
+
+//#endregion
+export { assertPathWithin };
+//# sourceMappingURL=pathSecurity.mjs.map

package/dist/esm/utils/pathSecurity.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"pathSecurity.mjs","names":[],"sources":["../../../src/utils/pathSecurity.ts"],"sourcesContent":["import { resolve, sep } from 'node:path';\n\n/**\n * Throws if `resolvedPath` escapes `baseDir`.\n * Use this before any file operation whose path is derived from user-controlled\n * input (e.g. dictionary keys, filePath fields from dictionary data) to prevent\n * path-traversal attacks.\n */\nexport const assertPathWithin = (\n  resolvedPath: string,\n  baseDir: string\n): void => {\n  const normalizedBase = resolve(baseDir);\n  const normalizedPath = resolve(resolvedPath);\n  if (\n    normalizedPath !== normalizedBase &&\n    !normalizedPath.startsWith(normalizedBase + sep)\n  ) {\n    throw new Error(\n      `Path traversal detected: \"${resolvedPath}\" escapes the base directory \"${baseDir}\"`\n    );\n  }\n};\n"],"mappings":";;;;;;;;;AAQA,MAAa,oBACX,cACA,YACS;CACT,MAAM,iBAAiB,QAAQ,QAAQ;CACvC,MAAM,iBAAiB,QAAQ,aAAa;CAC5C,IACE,mBAAmB,kBACnB,CAAC,eAAe,WAAW,iBAAiB,IAAI,EAEhD,MAAM,IAAI,MACR,6BAA6B,aAAa,gCAAgC,QAAQ,GACnF"}

package/dist/types/configFile/configurationSchema.d.ts

@@ -272,8 +272,8 @@ declare const buildSchema: z.ZodObject<{
   }>>;
   traversePattern: z.ZodOptional<z.ZodArray<z.ZodString>>;
   outputFormat: z.ZodOptional<z.ZodArray<z.ZodEnum<{
-    esm: "esm";
     cjs: "cjs";
+    esm: "esm";
   }>>>;
   cache: z.ZodOptional<z.ZodBoolean>;
   require: z.ZodOptional<z.ZodUnknown>;
@@ -467,8 +467,8 @@ declare const intlayerConfigSchema: z.ZodObject<{
     }>>;
     traversePattern: z.ZodOptional<z.ZodArray<z.ZodString>>;
     outputFormat: z.ZodOptional<z.ZodArray<z.ZodEnum<{
-      esm: "esm";
       cjs: "cjs";
+      esm: "esm";
     }>>>;
     cache: z.ZodOptional<z.ZodBoolean>;
     require: z.ZodOptional<z.ZodUnknown>;

package/dist/types/utils/index.d.ts

@@ -17,5 +17,6 @@ import { getPackageJsonPath } from "./getPackageJsonPath.js";
 import { getStorageAttributes } from "./getStorageAttributes.js";
 import { PluginNodeType, getUnusedNodeTypes, getUnusedNodeTypesAsync, getUsedNodeTypes, getUsedNodeTypesAsync } from "./getUsedNodeTypes.js";
 import { parseFilePathPattern, parseStringPattern } from "./parseFilePathPattern.js";
+import { assertPathWithin } from "./pathSecurity.js";
 import { RetryManagerOptions, retryManager } from "./retryManager.js";
-export { CacheKey, GetAliasOptions, PluginNodeType, RetryManagerOptions, WindowsWithIntlayer, cacheDisk, cacheMemory, camelCaseToKebabCase, camelCaseToSentence, clearAllCache, clearCache, clearDiskCacheMemory, clearModuleCache, compareVersions, computeKeyId, configESMxCJSRequire, extractErrorMessage, getAlias, getCache, getExtension, getPackageJsonPath, getProjectRequire, getStorageAttributes, getUnusedNodeTypes, getUnusedNodeTypesAsync, getUsedNodeTypes, getUsedNodeTypesAsync, isESModule, kebabCaseToCamelCase, logStack, normalizePath, parseFilePathPattern, parseStringPattern, retryManager, setCache, setIntlayerIdentifier, stableStringify, toLowerCamelCase };
+export { CacheKey, GetAliasOptions, PluginNodeType, RetryManagerOptions, WindowsWithIntlayer, assertPathWithin, cacheDisk, cacheMemory, camelCaseToKebabCase, camelCaseToSentence, clearAllCache, clearCache, clearDiskCacheMemory, clearModuleCache, compareVersions, computeKeyId, configESMxCJSRequire, extractErrorMessage, getAlias, getCache, getExtension, getPackageJsonPath, getProjectRequire, getStorageAttributes, getUnusedNodeTypes, getUnusedNodeTypesAsync, getUsedNodeTypes, getUsedNodeTypesAsync, isESModule, kebabCaseToCamelCase, logStack, normalizePath, parseFilePathPattern, parseStringPattern, retryManager, setCache, setIntlayerIdentifier, stableStringify, toLowerCamelCase };

package/dist/types/utils/pathSecurity.d.ts

@@ -0,0 +1,11 @@
+//#region src/utils/pathSecurity.d.ts
+/**
+ * Throws if `resolvedPath` escapes `baseDir`.
+ * Use this before any file operation whose path is derived from user-controlled
+ * input (e.g. dictionary keys, filePath fields from dictionary data) to prevent
+ * path-traversal attacks.
+ */
+declare const assertPathWithin: (resolvedPath: string, baseDir: string) => void;
+//#endregion
+export { assertPathWithin };
+//# sourceMappingURL=pathSecurity.d.ts.map

package/dist/types/utils/pathSecurity.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pathSecurity.d.ts","names":[],"sources":["../../../src/utils/pathSecurity.ts"],"mappings":";;AAQA;;;;;cAAa,gBAAA,GACX,YAAA,UACA,OAAA"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@intlayer/config",
-  "version": "8.9.5",
+  "version": "8.9.6-canary.0",
   "private": false,
   "description": "Retrieve Intlayer configurations and manage environment variables for both server-side and client-side environments.",
   "keywords": [
@@ -160,7 +160,7 @@
     "typecheck": "tsc --noEmit --project tsconfig.types.json"
   },
   "dependencies": {
-    "@intlayer/types": "8.9.5",
+    "@intlayer/types": "8.9.6-canary.0",
     "defu": "6.1.7",
     "dotenv": "17.4.2",
     "esbuild": "0.28.0",
@@ -168,7 +168,7 @@
     "zod": "4.4.3"
   },
   "devDependencies": {
-    "@types/node": "25.7.0",
+    "@types/node": "25.8.0",
     "@utils/ts-config": "1.0.4",
     "@utils/ts-config-types": "1.0.4",
     "@utils/tsdown-config": "1.0.4",