@likecoin/epubcheck-ts 0.2.2 → 0.2.4

package/dist/index.js

@@ -1,7 +1,473 @@
 import { XmlDocument } from 'libxml2-wasm';
+import { parse, walk } from 'css-tree';
 import { unzipSync, strFromU8, gunzipSync } from 'fflate';
 
 // src/content/validator.ts
+var BLESSED_FONT_TYPES = /* @__PURE__ */ new Set([
+  "application/font-woff",
+  "application/font-woff2",
+  "font/woff",
+  "font/woff2",
+  "font/otf",
+  "font/ttf",
+  "application/vnd.ms-opentype",
+  "application/font-sfnt",
+  "application/x-font-ttf",
+  "application/x-font-opentype",
+  "application/x-font-truetype"
+]);
+var FONT_EXTENSION_TO_TYPE = {
+  ".woff": "font/woff",
+  ".woff2": "font/woff2",
+  ".otf": "font/otf",
+  ".ttf": "font/ttf"
+};
+var CSSValidator = class {
+  /**
+   * Validate CSS content and extract references
+   */
+  validate(context, css, resourcePath) {
+    const result = {
+      references: [],
+      fontFamilies: []
+    };
+    let ast;
+    try {
+      ast = parse(css, {
+        positions: true,
+        onParseError: (error) => {
+          const err = error;
+          const location = {
+            path: resourcePath
+          };
+          if (err.line !== void 0) location.line = err.line;
+          if (err.column !== void 0) location.column = err.column;
+          context.messages.push({
+            id: "CSS-008",
+            severity: "error",
+            message: `CSS parse error: ${error.formattedMessage}`,
+            location
+          });
+        }
+      });
+    } catch (error) {
+      context.messages.push({
+        id: "CSS-008",
+        severity: "error",
+        message: `CSS parse error: ${error instanceof Error ? error.message : "Unknown error"}`,
+        location: { path: resourcePath }
+      });
+      return result;
+    }
+    this.checkDiscouragedProperties(context, ast, resourcePath);
+    this.checkAtRules(context, ast, resourcePath, result);
+    this.checkMediaOverlayClasses(context, ast, resourcePath);
+    this.extractUrlReferences(context, ast, resourcePath, result);
+    return result;
+  }
+  extractUrlReferences(context, ast, resourcePath, result) {
+    walk(ast, (node) => {
+      if (node.type === "Atrule") {
+        const atRule = node;
+        if (atRule.name === "font-face") {
+          return;
+        }
+        if (atRule.block) {
+          walk(atRule.block, (blockNode) => {
+            if (blockNode.type === "Declaration") {
+              this.processDeclarationForUrl(blockNode, resourcePath, result);
+            }
+          });
+        }
+      } else if (node.type === "Rule") {
+        const rule = node;
+        walk(rule.block, (blockNode) => {
+          if (blockNode.type === "Declaration") {
+            this.processDeclarationForUrl(blockNode, resourcePath, result);
+          }
+        });
+      }
+    });
+  }
+  processDeclarationForUrl(declaration, resourcePath, result) {
+    const property = declaration.property.toLowerCase();
+    walk(declaration.value, (valueNode) => {
+      if (valueNode.type === "Url") {
+        const urlValue = this.extractUrlValue(valueNode);
+        if (urlValue && !urlValue.startsWith("data:")) {
+          const loc = valueNode.loc;
+          const start = loc?.start;
+          if (start) {
+            start.line;
+            start.column;
+          }
+          let refType = "resource";
+          if (property.includes("font")) {
+            refType = "font";
+          } else if (property.includes("background") || property.includes("list-style") || property.includes("content") || property.includes("border-image") || property.includes("mask")) {
+            refType = "image";
+          }
+          result.references.push({
+            url: urlValue,
+            type: refType,
+            line: start?.line,
+            column: start?.column
+          });
+        }
+      }
+    });
+  }
+  /**
+   * Check for forbidden and discouraged CSS properties in EPUB
+   */
+  checkDiscouragedProperties(context, ast, resourcePath) {
+    walk(ast, (node) => {
+      if (node.type === "Declaration") {
+        this.checkForbiddenProperties(context, node, resourcePath);
+        this.checkPositionProperty(context, node, resourcePath);
+      }
+    });
+  }
+  /**
+   * Check for forbidden CSS properties (direction, unicode-bidi)
+   * These properties must not be used in EPUB content per EPUB spec
+   */
+  checkForbiddenProperties(context, node, resourcePath) {
+    const property = node.property.toLowerCase();
+    const forbiddenProperties = ["direction", "unicode-bidi"];
+    if (!forbiddenProperties.includes(property)) return;
+    const loc = node.loc;
+    const start = loc?.start;
+    const location = { path: resourcePath };
+    if (start) {
+      location.line = start.line;
+      location.column = start.column;
+    }
+    context.messages.push({
+      id: "CSS-001",
+      severity: "error",
+      message: `CSS property "${property}" must not be included in an EPUB Style Sheet`,
+      location
+    });
+  }
+  /**
+   * Check position property for discouraged values
+   */
+  checkPositionProperty(context, node, resourcePath) {
+    const property = node.property.toLowerCase();
+    if (property !== "position") return;
+    const value = this.getDeclarationValue(node);
+    const loc = node.loc;
+    const start = loc?.start;
+    const location = { path: resourcePath };
+    if (start) {
+      location.line = start.line;
+      location.column = start.column;
+    }
+    if (value === "fixed") {
+      context.messages.push({
+        id: "CSS-006",
+        severity: "warning",
+        message: 'CSS property "position: fixed" is discouraged in EPUB',
+        location
+      });
+    }
+    if (value === "absolute") {
+      context.messages.push({
+        id: "CSS-019",
+        severity: "warning",
+        message: 'CSS property "position: absolute" should be used with caution in EPUB',
+        location
+      });
+    }
+  }
+  /**
+   * Extract the value from a Declaration node
+   */
+  getDeclarationValue(node) {
+    const value = node.value;
+    if (value.type === "Value") {
+      const first = value.children.first;
+      if (first?.type === "Identifier") {
+        return first.name.toLowerCase();
+      }
+    }
+    return "";
+  }
+  /**
+   * Check at-rules (@import, @font-face)
+   */
+  checkAtRules(context, ast, resourcePath, result) {
+    walk(ast, (node) => {
+      if (node.type === "Atrule") {
+        const atRule = node;
+        const ruleName = atRule.name.toLowerCase();
+        if (ruleName === "import") {
+          this.checkImport(context, atRule, resourcePath, result);
+        } else if (ruleName === "font-face") {
+          this.checkFontFace(context, atRule, resourcePath, result);
+        }
+      }
+    });
+  }
+  /**
+   * Check @import at-rule
+   */
+  checkImport(context, atRule, resourcePath, result) {
+    const loc = atRule.loc;
+    const start = loc?.start;
+    const location = { path: resourcePath };
+    if (start) {
+      location.line = start.line;
+      location.column = start.column;
+    }
+    if (!atRule.prelude) {
+      context.messages.push({
+        id: "CSS-002",
+        severity: "error",
+        message: "Empty @import rule",
+        location
+      });
+      return;
+    }
+    let importUrl = "";
+    walk(atRule.prelude, (node) => {
+      if (importUrl) return;
+      if (node.type === "Url") {
+        importUrl = this.extractUrlValue(node);
+      } else if (node.type === "String") {
+        importUrl = node.value;
+      }
+    });
+    if (!importUrl || importUrl.trim() === "") {
+      context.messages.push({
+        id: "CSS-002",
+        severity: "error",
+        message: "Empty or NULL reference found in @import",
+        location
+      });
+      return;
+    }
+    result.references.push({
+      url: importUrl,
+      type: "import",
+      line: start?.line,
+      column: start?.column
+    });
+  }
+  /**
+   * Check @font-face at-rule
+   */
+  checkFontFace(context, atRule, resourcePath, result) {
+    const loc = atRule.loc;
+    const start = loc?.start;
+    const location = { path: resourcePath };
+    if (start) {
+      location.line = start.line;
+      location.column = start.column;
+    }
+    if (context.options.includeUsage) {
+      context.messages.push({
+        id: "CSS-028",
+        severity: "usage",
+        message: "Use of @font-face declaration",
+        location
+      });
+    }
+    if (!atRule.block || atRule.block.children.isEmpty) {
+      context.messages.push({
+        id: "CSS-019",
+        severity: "warning",
+        message: "@font-face declaration has no attributes",
+        location
+      });
+      return;
+    }
+    const state = { hasSrc: false, fontFamily: null };
+    walk(atRule.block, (node) => {
+      if (node.type === "Declaration") {
+        const propName = node.property.toLowerCase();
+        if (propName === "font-family") {
+          state.fontFamily = this.extractFontFamily(node);
+        } else if (propName === "src") {
+          state.hasSrc = true;
+          this.checkFontFaceSrc(context, node, resourcePath, result);
+        }
+      }
+    });
+    if (state.fontFamily) {
+      result.fontFamilies.push(state.fontFamily);
+    }
+    if (!state.hasSrc) {
+      context.messages.push({
+        id: "CSS-019",
+        severity: "warning",
+        message: "@font-face declaration is missing src property",
+        location
+      });
+    }
+  }
+  /**
+   * Check src property in @font-face
+   */
+  checkFontFaceSrc(context, decl, resourcePath, result) {
+    const loc = decl.loc;
+    const start = loc?.start;
+    const location = { path: resourcePath };
+    if (start) {
+      location.line = start.line;
+      location.column = start.column;
+    }
+    walk(decl.value, (node) => {
+      if (node.type === "Url") {
+        const urlNode = node;
+        const urlValue = this.extractUrlValue(urlNode);
+        if (!urlValue || urlValue.trim() === "") {
+          context.messages.push({
+            id: "CSS-002",
+            severity: "error",
+            message: "Empty or NULL reference found in @font-face src",
+            location
+          });
+          return;
+        }
+        if (urlValue.startsWith("data:") || urlValue.startsWith("#")) {
+          return;
+        }
+        result.references.push({
+          url: urlValue,
+          type: "font",
+          line: start?.line,
+          column: start?.column
+        });
+        this.checkFontType(context, urlValue, resourcePath, location);
+      }
+    });
+  }
+  /**
+   * Check if font type is a blessed EPUB font type
+   */
+  checkFontType(context, fontUrl, resourcePath, location) {
+    const urlPath = fontUrl.split("?")[0] ?? fontUrl;
+    const extMatch = /\.[a-zA-Z0-9]+$/.exec(urlPath);
+    if (!extMatch) return;
+    const ext = extMatch[0].toLowerCase();
+    const mimeType = FONT_EXTENSION_TO_TYPE[ext];
+    if (mimeType && !BLESSED_FONT_TYPES.has(mimeType)) {
+      context.messages.push({
+        id: "CSS-007",
+        severity: "error",
+        message: `Font-face reference "${fontUrl}" refers to non-standard font type "${mimeType}"`,
+        location
+      });
+    }
+    const packageDoc = context.packageDocument;
+    if (packageDoc) {
+      const cssDir = resourcePath.includes("/") ? resourcePath.substring(0, resourcePath.lastIndexOf("/")) : "";
+      const resolvedPath = this.resolvePath(cssDir, fontUrl);
+      const manifestItem = packageDoc.manifest.find((item) => item.href === resolvedPath);
+      if (manifestItem && !BLESSED_FONT_TYPES.has(manifestItem.mediaType)) {
+        context.messages.push({
+          id: "CSS-007",
+          severity: "error",
+          message: `Font-face reference "${fontUrl}" has non-standard media type "${manifestItem.mediaType}" in manifest`,
+          location
+        });
+      }
+    }
+  }
+  /**
+   * Extract URL value from Url node
+   */
+  extractUrlValue(urlNode) {
+    const value = urlNode.value;
+    if (typeof value === "string") {
+      return value;
+    }
+    return "";
+  }
+  /**
+   * Extract font-family value from declaration
+   */
+  extractFontFamily(decl) {
+    const value = decl.value;
+    if (value.type === "Value") {
+      const first = value.children.first;
+      if (first?.type === "String") {
+        return first.value;
+      }
+      if (first?.type === "Identifier") {
+        return first.name;
+      }
+    }
+    return null;
+  }
+  /**
+   * Resolve a relative path from a base path
+   */
+  resolvePath(basePath, relativePath) {
+    if (relativePath.startsWith("/")) {
+      return relativePath.substring(1);
+    }
+    const baseSegments = basePath.split("/").filter(Boolean);
+    const relativeSegments = relativePath.split("/");
+    const resultSegments = [...baseSegments];
+    for (const segment of relativeSegments) {
+      if (segment === "..") {
+        resultSegments.pop();
+      } else if (segment !== "." && segment !== "") {
+        resultSegments.push(segment);
+      }
+    }
+    return resultSegments.join("/");
+  }
+  /**
+   * Check for reserved media overlay class names
+   */
+  checkMediaOverlayClasses(context, ast, resourcePath) {
+    const reservedClassNames = /* @__PURE__ */ new Set([
+      "-epub-media-overlay-active",
+      "media-overlay-active",
+      "-epub-media-overlay-playing",
+      "media-overlay-playing"
+    ]);
+    walk(ast, (node) => {
+      if (node.type === "ClassSelector") {
+        const className = node.name.toLowerCase();
+        if (reservedClassNames.has(className)) {
+          const loc = node.loc;
+          const start = loc?.start;
+          const location = { path: resourcePath };
+          if (start) {
+            location.line = start.line;
+            location.column = start.column;
+          }
+          context.messages.push({
+            id: "CSS-029",
+            severity: "error",
+            message: `Class name "${className}" is reserved for media overlays`,
+            location
+          });
+        }
+        if (className.startsWith("-epub-media-overlay-")) {
+          const loc = node.loc;
+          const start = loc?.start;
+          const location = { path: resourcePath };
+          if (start) {
+            location.line = start.line;
+            location.column = start.column;
+          }
+          context.messages.push({
+            id: "CSS-030",
+            severity: "warning",
+            message: `Class names starting with "-epub-media-overlay-" are reserved for future use`,
+            location
+          });
+        }
+      }
+    });
+  }
+};
 
 // src/references/types.ts
 function isPublicationResourceReference(type) {
@@ -19,6 +485,104 @@ function isPublicationResourceReference(type) {
 
 // src/content/validator.ts
 var DISCOURAGED_ELEMENTS = /* @__PURE__ */ new Set(["base", "embed"]);
+var HTML_ENTITIES = /* @__PURE__ */ new Set([
+  "nbsp",
+  "iexcl",
+  "cent",
+  "pound",
+  "curren",
+  "yen",
+  "brvbar",
+  "sect",
+  "uml",
+  "copy",
+  "ordf",
+  "laquo",
+  "not",
+  "shy",
+  "reg",
+  "macr",
+  "deg",
+  "plusmn",
+  "sup2",
+  "sup3",
+  "acute",
+  "micro",
+  "para",
+  "middot",
+  "cedil",
+  "sup1",
+  "ordm",
+  "raquo",
+  "frac14",
+  "frac12",
+  "frac34",
+  "iquest",
+  "Agrave",
+  "Aacute",
+  "Acirc",
+  "Atilde",
+  "Auml",
+  "Aring",
+  "AElig",
+  "Ccedil",
+  "Egrave",
+  "Eacute",
+  "Ecirc",
+  "Euml",
+  "Igrave",
+  "Iacute",
+  "Icirc",
+  "Iuml",
+  "ETH",
+  "Ntilde",
+  "Ograve",
+  "Oacute",
+  "Ocirc",
+  "Otilde",
+  "Ouml",
+  "times",
+  "Oslash",
+  "Ugrave",
+  "Uacute",
+  "Ucirc",
+  "Uuml",
+  "Yacute",
+  "THORN",
+  "szlig",
+  "agrave",
+  "aacute",
+  "acirc",
+  "atilde",
+  "auml",
+  "aring",
+  "aelig",
+  "ccedil",
+  "egrave",
+  "eacute",
+  "ecirc",
+  "euml",
+  "igrave",
+  "iacute",
+  "icirc",
+  "iuml",
+  "eth",
+  "ntilde",
+  "ograve",
+  "oacute",
+  "ocirc",
+  "otilde",
+  "ouml",
+  "divide",
+  "oslash",
+  "ugrave",
+  "uacute",
+  "ucirc",
+  "uuml",
+  "yacute",
+  "thorn",
+  "yuml"
+]);
 var ContentValidator = class {
   validate(context, registry, refValidator) {
     const packageDoc = context.packageDocument;
@@ -43,6 +607,32 @@ var ContentValidator = class {
       return;
     }
     const cssContent = new TextDecoder().decode(cssData);
+    const cssValidator = new CSSValidator();
+    const result = cssValidator.validate(context, cssContent, path);
+    const cssDir = path.includes("/") ? path.substring(0, path.lastIndexOf("/")) : "";
+    for (const ref of result.references) {
+      if (ref.type === "font") {
+        const resolvedPath = this.resolveRelativePath(cssDir, ref.url, opfDir);
+        const hashIndex = resolvedPath.indexOf("#");
+        const targetResource = hashIndex >= 0 ? resolvedPath.slice(0, hashIndex) : resolvedPath;
+        refValidator.addReference({
+          url: ref.url,
+          targetResource,
+          type: "font" /* FONT */,
+          location: { path }
+        });
+      } else if (ref.type === "image") {
+        const resolvedPath = this.resolveRelativePath(cssDir, ref.url, opfDir);
+        const hashIndex = resolvedPath.indexOf("#");
+        const targetResource = hashIndex >= 0 ? resolvedPath.slice(0, hashIndex) : resolvedPath;
+        refValidator.addReference({
+          url: ref.url,
+          targetResource,
+          type: "image" /* IMAGE */,
+          location: { path }
+        });
+      }
+    }
     this.extractCSSImports(path, cssContent, opfDir, refValidator);
   }
   validateXHTMLDocument(context, path, itemId, opfDir, registry, refValidator) {
@@ -62,19 +652,26 @@ var ContentValidator = class {
     } catch (error) {
       if (error instanceof Error) {
         const { message, line, column } = this.parseLibxmlError(error.message);
-        const location = { path };
-        if (line !== void 0) {
-          location.line = line;
-        }
-        if (column !== void 0) {
-          location.column = column;
+        const entityPattern = /Entity '(\w+)' not defined/;
+        const entityExec = entityPattern.exec(error.message);
+        const entityName = entityExec?.[1];
+        const isKnownHtmlEntity = entityName !== void 0 && HTML_ENTITIES.has(entityName);
+        const isEpub2 = context.version === "2.0";
+        if (!isEpub2 || !isKnownHtmlEntity) {
+          const location = { path };
+          if (line !== void 0) {
+            location.line = line;
+          }
+          if (column !== void 0) {
+            location.column = column;
+          }
+          context.messages.push({
+            id: "HTM-004",
+            severity: "error",
+            message,
+            location
+          });
         }
-        context.messages.push({
-          id: "HTM-004",
-          severity: "error",
-          message,
-          location
-        });
       }
       return;
     }
@@ -177,6 +774,7 @@ var ContentValidator = class {
         this.extractAndRegisterHyperlinks(path, root, opfDir, refValidator);
         this.extractAndRegisterStylesheets(path, root, opfDir, refValidator);
         this.extractAndRegisterImages(path, root, opfDir, refValidator);
+        this.extractAndRegisterCiteAttributes(path, root, opfDir, refValidator);
       }
     } finally {
       doc.dispose();
@@ -273,10 +871,18 @@ var ContentValidator = class {
     }
   }
   detectScripts(_context, _path, root) {
-    const htmlScript = root.get(".//html:script", { html: "http://www.w3.org/1999/xhtml" });
-    if (htmlScript) return true;
-    const svgScript = root.get(".//svg:script", { svg: "http://www.w3.org/2000/svg" });
-    if (svgScript) return true;
+    const htmlScripts = root.find(".//html:script", { html: "http://www.w3.org/1999/xhtml" });
+    for (const script of htmlScripts) {
+      if (this.isScriptType(this.getAttribute(script, "type"))) {
+        return true;
+      }
+    }
+    const svgScripts = root.find(".//svg:script", { svg: "http://www.w3.org/2000/svg" });
+    for (const script of svgScripts) {
+      if (this.isScriptType(this.getAttribute(script, "type"))) {
+        return true;
+      }
+    }
     const form = root.get(".//html:form", { html: "http://www.w3.org/1999/xhtml" });
     if (form) return true;
     const elementsWithEvents = root.find(
@@ -285,6 +891,35 @@ var ContentValidator = class {
     if (elementsWithEvents.length > 0) return true;
     return false;
   }
+  /**
+   * Check if the script type is a JavaScript type that requires "scripted" property.
+   * Per EPUB spec and Java EPUBCheck, only JavaScript types require it.
+   * Data block types like application/ld+json, application/json do NOT require it.
+   */
+  isScriptType(type) {
+    if (!type || type.trim() === "") return true;
+    const jsTypes = /* @__PURE__ */ new Set([
+      "application/javascript",
+      "text/javascript",
+      "application/ecmascript",
+      "application/x-ecmascript",
+      "application/x-javascript",
+      "text/ecmascript",
+      "text/javascript1.0",
+      "text/javascript1.1",
+      "text/javascript1.2",
+      "text/javascript1.3",
+      "text/javascript1.4",
+      "text/javascript1.5",
+      "text/jscript",
+      "text/livescript",
+      "text/x-ecmascript",
+      "text/x-javascript",
+      "module"
+      // ES modules
+    ]);
+    return jsTypes.has(type.toLowerCase());
+  }
   detectMathML(_context, _path, root) {
     const mathMLElements = root.find(".//math:*", { math: "http://www.w3.org/1998/Math/MathML" });
     return mathMLElements.length > 0;
@@ -859,6 +1494,53 @@ var ContentValidator = class {
       });
     }
   }
+  /**
+   * Extract cite attribute references from blockquote, q, ins, del elements
+   * These need to be validated as RSC-007 if the referenced resource is missing
+   */
+  extractAndRegisterCiteAttributes(path, root, opfDir, refValidator) {
+    const docDir = path.includes("/") ? path.substring(0, path.lastIndexOf("/")) : "";
+    const citeElements = [
+      ...root.find(".//html:blockquote[@cite]", { html: "http://www.w3.org/1999/xhtml" }),
+      ...root.find(".//html:q[@cite]", { html: "http://www.w3.org/1999/xhtml" }),
+      ...root.find(".//html:ins[@cite]", { html: "http://www.w3.org/1999/xhtml" }),
+      ...root.find(".//html:del[@cite]", { html: "http://www.w3.org/1999/xhtml" })
+    ];
+    for (const elem of citeElements) {
+      const cite = this.getAttribute(elem, "cite");
+      if (!cite) continue;
+      const line = elem.line;
+      if (cite.startsWith("http://") || cite.startsWith("https://")) {
+        continue;
+      }
+      if (cite.startsWith("#")) {
+        const targetResource2 = path;
+        const fragment2 = cite.slice(1);
+        refValidator.addReference({
+          url: cite,
+          targetResource: targetResource2,
+          fragment: fragment2,
+          type: "hyperlink" /* HYPERLINK */,
+          location: { path, line }
+        });
+        continue;
+      }
+      const resolvedPath = this.resolveRelativePath(docDir, cite, opfDir);
+      const hashIndex = resolvedPath.indexOf("#");
+      const targetResource = hashIndex >= 0 ? resolvedPath.slice(0, hashIndex) : resolvedPath;
+      const fragment = hashIndex >= 0 ? resolvedPath.slice(hashIndex + 1) : void 0;
+      const ref = {
+        url: cite,
+        targetResource,
+        type: "hyperlink" /* HYPERLINK */,
+        location: { path, line }
+      };
+      if (fragment) {
+        ref.fragment = fragment;
+      }
+      refValidator.addReference(ref);
+    }
+  }
   resolveRelativePath(docDir, href, _opfDir) {
     const hrefWithoutFragment = href.split("#")[0] ?? href;
     const fragment = href.includes("#") ? href.split("#")[1] : "";
@@ -1177,6 +1859,93 @@ var ZipReader = class _ZipReader {
     const prefix = dirPath.endsWith("/") ? dirPath : `${dirPath}/`;
     return this._paths.filter((p) => p.startsWith(prefix));
   }
+  /**
+   * Check for filenames that are not valid UTF-8 by parsing raw ZIP data
+   *
+   * ZIP files store filenames as bytes. The EPUB spec requires filenames to be UTF-8.
+   * This method parses the ZIP central directory to find filenames with invalid UTF-8.
+   *
+   * @returns Array of filenames with invalid UTF-8 encoding
+   */
+  getInvalidUtf8Filenames() {
+    const invalid = [];
+    const data = this._rawData;
+    let eocdOffset = -1;
+    for (let i = data.length - 22; i >= 0; i--) {
+      if (data[i] === 80 && data[i + 1] === 75 && data[i + 2] === 5 && data[i + 3] === 6) {
+        eocdOffset = i;
+        break;
+      }
+    }
+    if (eocdOffset === -1) {
+      return invalid;
+    }
+    const cdOffset = (data[eocdOffset + 16] ?? 0) | (data[eocdOffset + 17] ?? 0) << 8 | (data[eocdOffset + 18] ?? 0) << 16 | (data[eocdOffset + 19] ?? 0) << 24;
+    let offset = cdOffset;
+    while (offset < eocdOffset) {
+      if (data[offset] !== 80 || data[offset + 1] !== 75 || data[offset + 2] !== 1 || data[offset + 3] !== 2) {
+        break;
+      }
+      const filenameLength = (data[offset + 28] ?? 0) | (data[offset + 29] ?? 0) << 8;
+      const extraLength = (data[offset + 30] ?? 0) | (data[offset + 31] ?? 0) << 8;
+      const commentLength = (data[offset + 32] ?? 0) | (data[offset + 33] ?? 0) << 8;
+      const filenameBytes = data.slice(offset + 46, offset + 46 + filenameLength);
+      const utf8Error = this.validateUtf8(filenameBytes);
+      if (utf8Error) {
+        const filename = strFromU8(filenameBytes);
+        invalid.push({ filename, reason: utf8Error });
+      }
+      offset += 46 + filenameLength + extraLength + commentLength;
+    }
+    return invalid;
+  }
+  /**
+   * Validate that bytes form a valid UTF-8 sequence
+   *
+   * @returns Error description if invalid, undefined if valid
+   */
+  validateUtf8(bytes) {
+    let i = 0;
+    while (i < bytes.length) {
+      const byte = bytes[i] ?? 0;
+      if (byte <= 127) {
+        i++;
+      } else if ((byte & 224) === 192) {
+        if (byte < 194) {
+          return `Overlong encoding at byte ${String(i)}`;
+        }
+        if (i + 1 >= bytes.length || ((bytes[i + 1] ?? 0) & 192) !== 128) {
+          return `Invalid continuation byte at position ${String(i + 1)}`;
+        }
+        i += 2;
+      } else if ((byte & 240) === 224) {
+        if (i + 2 >= bytes.length || ((bytes[i + 1] ?? 0) & 192) !== 128 || ((bytes[i + 2] ?? 0) & 192) !== 128) {
+          return `Invalid continuation byte in 3-byte sequence at position ${String(i)}`;
+        }
+        if (byte === 224 && (bytes[i + 1] ?? 0) < 160) {
+          return `Overlong 3-byte encoding at byte ${String(i)}`;
+        }
+        if (byte === 237 && (bytes[i + 1] ?? 0) >= 160) {
+          return `UTF-16 surrogate at byte ${String(i)}`;
+        }
+        i += 3;
+      } else if ((byte & 248) === 240) {
+        if (i + 3 >= bytes.length || ((bytes[i + 1] ?? 0) & 192) !== 128 || ((bytes[i + 2] ?? 0) & 192) !== 128 || ((bytes[i + 3] ?? 0) & 192) !== 128) {
+          return `Invalid continuation byte in 4-byte sequence at position ${String(i)}`;
+        }
+        if (byte === 240 && (bytes[i + 1] ?? 0) < 144) {
+          return `Overlong 4-byte encoding at byte ${String(i)}`;
+        }
+        if (byte > 244 || byte === 244 && (bytes[i + 1] ?? 0) > 143) {
+          return `Code point exceeds U+10FFFF at byte ${String(i)}`;
+        }
+        i += 4;
+      } else {
+        return `Invalid UTF-8 start byte 0x${byte.toString(16).toUpperCase()} at position ${String(i)}`;
+      }
+    }
+    return void 0;
+  }
 };
 
 // src/ocf/validator.ts
@@ -1207,6 +1976,8 @@ var OCFValidator = class {
     this.validateContainer(zip, context);
     this.validateMetaInf(zip, context.messages);
     this.validateFilenames(zip, context.messages);
+    this.validateDuplicateFilenames(zip, context.messages);
+    this.validateUtf8Filenames(zip, context.messages);
     this.validateEmptyDirectories(zip, context.messages);
   }
   /**
@@ -1273,20 +2044,11 @@ var OCFValidator = class {
       });
       return;
     }
-    const trimmed = content.trim();
-    if (trimmed !== EPUB_MIMETYPE) {
+    if (content !== EPUB_MIMETYPE) {
       messages.push({
         id: "PKG-007",
         severity: "error",
-        message: `Mimetype file must contain "${EPUB_MIMETYPE}", found "${trimmed}"`,
-        location: { path: "mimetype" }
-      });
-    }
-    if (content !== EPUB_MIMETYPE) {
-      messages.push({
-        id: "PKG-008",
-        severity: "warning",
-        message: "Mimetype file should not contain leading/trailing whitespace or newlines",
+        message: `Mimetype file must contain exactly "${EPUB_MIMETYPE}"`,
         location: { path: "mimetype" }
       });
     }
@@ -1298,9 +2060,9 @@ var OCFValidator = class {
     const containerPath = "META-INF/container.xml";
     if (!zip.has(containerPath)) {
       context.messages.push({
-        id: "PKG-003",
+        id: "RSC-002",
         severity: "fatal",
-        message: "Missing META-INF/container.xml",
+        message: "Required file META-INF/container.xml was not found",
         location: { path: containerPath }
       });
       return;
@@ -1308,7 +2070,7 @@ var OCFValidator = class {
     const content = zip.readText(containerPath);
     if (!content) {
       context.messages.push({
-        id: "PKG-003",
+        id: "RSC-002",
         severity: "fatal",
         message: "Could not read META-INF/container.xml",
         location: { path: containerPath }
@@ -1382,8 +2144,15 @@ var OCFValidator = class {
   }
   /**
    * Validate filenames for invalid characters
+   *
+   * Per EPUB 3.3 spec and Java EPUBCheck:
+   * - PKG-009: Disallowed characters (ASCII special chars, control chars, private use, etc.)
+   * - PKG-010: Whitespace characters (warning)
+   * - PKG-011: Filename ends with period
+   * - PKG-012: Non-ASCII characters (usage info)
    */
   validateFilenames(zip, messages) {
+    const DISALLOWED_ASCII = /* @__PURE__ */ new Set([34, 42, 58, 60, 62, 63, 92, 124]);
     for (const path of zip.paths) {
       if (path === "mimetype") continue;
       if (path.endsWith("/")) continue;
@@ -1397,30 +2166,164 @@ var OCFValidator = class {
         });
         continue;
       }
+      const disallowed = [];
+      let hasSpaces = false;
       for (let i = 0; i < filename.length; i++) {
         const code = filename.charCodeAt(i);
-        if (code < 32 || code === 127 || code >= 128 && code <= 159) {
-          messages.push({
-            id: "PKG-010",
-            severity: "error",
-            message: `Filename contains control character: "${path}"`,
-            location: { path }
-          });
-          break;
+        if (DISALLOWED_ASCII.has(code)) {
+          const char = filename[i] ?? "";
+          disallowed.push(`U+${code.toString(16).toUpperCase().padStart(4, "0")} (${char})`);
+        } else if (code <= 31 || code === 127 || code >= 128 && code <= 159) {
+          disallowed.push(`U+${code.toString(16).toUpperCase().padStart(4, "0")} (CONTROL)`);
+        } else if (code >= 57344 && code <= 63743) {
+          disallowed.push(`U+${code.toString(16).toUpperCase().padStart(4, "0")} (PRIVATE USE)`);
+        } else if (code >= 65520 && code <= 65535) {
+          disallowed.push(`U+${code.toString(16).toUpperCase().padStart(4, "0")} (SPECIALS)`);
         }
-      }
-      const specialChars = '<>:"|?*';
-      for (const char of specialChars) {
-        if (filename.includes(char)) {
-          messages.push({
-            id: "PKG-011",
-            severity: "error",
-            message: `Filename contains special character: "${path}"`,
-            location: { path }
-          });
-          break;
+        if (code === 32 || code === 9 || code === 10 || code === 13) {
+          hasSpaces = true;
         }
       }
+      if (filename.endsWith(".")) {
+        messages.push({
+          id: "PKG-011",
+          severity: "error",
+          message: `Filename must not end with a period: "${path}"`,
+          location: { path }
+        });
+      }
+      if (disallowed.length > 0) {
+        messages.push({
+          id: "PKG-009",
+          severity: "error",
+          message: `Filename "${path}" contains disallowed characters: ${disallowed.join(", ")}`,
+          location: { path }
+        });
+      }
+      if (hasSpaces) {
+        messages.push({
+          id: "PKG-010",
+          severity: "warning",
+          message: `Filename "${path}" contains spaces`,
+          location: { path }
+        });
+      }
+    }
+  }
+  /**
+   * Check for duplicate filenames after Unicode normalization and case folding
+   *
+   * Per EPUB spec, filenames must be unique after applying:
+   * - Unicode Canonical Case Fold Normalization (NFD + case folding)
+   *
+   * OPF-060: Duplicate filename after normalization
+   */
+  validateDuplicateFilenames(zip, messages) {
+    const seenPaths = /* @__PURE__ */ new Set();
+    const normalizedPaths = /* @__PURE__ */ new Map();
+    for (const path of zip.paths) {
+      if (path.endsWith("/")) continue;
+      if (seenPaths.has(path)) {
+        messages.push({
+          id: "OPF-060",
+          severity: "error",
+          message: `Duplicate ZIP entry: "${path}"`,
+          location: { path }
+        });
+        continue;
+      }
+      seenPaths.add(path);
+      const normalized = this.canonicalCaseFold(path);
+      const existing = normalizedPaths.get(normalized);
+      if (existing !== void 0) {
+        messages.push({
+          id: "OPF-060",
+          severity: "error",
+          message: `Duplicate filename after Unicode normalization: "${path}" conflicts with "${existing}"`,
+          location: { path }
+        });
+      } else {
+        normalizedPaths.set(normalized, path);
+      }
+    }
+  }
+  /**
+   * Apply Unicode Canonical Case Fold Normalization
+   *
+   * This applies:
+   * 1. NFD (Canonical Decomposition) - decomposes combined characters
+   * 2. Full Unicode case folding
+   *
+   * Based on Unicode case folding rules for filename comparison.
+   */
+  canonicalCaseFold(str) {
+    let result = str.normalize("NFD");
+    result = this.unicodeCaseFold(result);
+    return result;
+  }
+  /**
+   * Perform Unicode full case folding
+   *
+   * Handles special Unicode case folding rules beyond simple toLowerCase:
+   * - ß (U+00DF) -> ss
+   * - ẞ (U+1E9E) -> ss (capital sharp s)
+   * - fi (U+FB01) -> fi
+   * - fl (U+FB02) -> fl
+   * - ff (U+FB00) -> ff
+   * - ffi (U+FB03) -> ffi
+   * - ffl (U+FB04) -> ffl
+   * - ſt (U+FB05) -> st
+   * - st (U+FB06) -> st
+   * And other Unicode case folding rules
+   */
+  unicodeCaseFold(str) {
+    const caseFoldMap = {
+      "\xDF": "ss",
+      // ß -> ss
+      "\u1E9E": "ss",
+      // ẞ -> ss (capital sharp s)
+      "\uFB00": "ff",
+      // ff -> ff
+      "\uFB01": "fi",
+      // fi -> fi
+      "\uFB02": "fl",
+      // fl -> fl
+      "\uFB03": "ffi",
+      // ffi -> ffi
+      "\uFB04": "ffl",
+      // ffl -> ffl
+      "\uFB05": "st",
+      // ſt -> st
+      "\uFB06": "st",
+      // st -> st
+      "\u0130": "i\u0307"
+      // İ -> i + combining dot above
+    };
+    let result = "";
+    for (const char of str) {
+      const folded = caseFoldMap[char];
+      if (folded !== void 0) {
+        result += folded;
+      } else {
+        result += char.toLowerCase();
+      }
+    }
+    return result;
+  }
+  /**
+   * Validate that filenames are encoded as UTF-8
+   *
+   * PKG-027: Filenames in EPUB ZIP archives must be UTF-8 encoded
+   */
+  validateUtf8Filenames(zip, messages) {
+    const invalidFilenames = zip.getInvalidUtf8Filenames();
+    for (const { filename, reason } of invalidFilenames) {
+      messages.push({
+        id: "PKG-027",
+        severity: "fatal",
+        message: `Filename is not valid UTF-8: "${filename}" (${reason})`,
+        location: { path: filename }
+      });
     }
   }
   /**
@@ -1835,6 +2738,7 @@ var OPFValidator = class {
     context.packageDocument = this.packageDoc;
     this.validatePackageAttributes(context, opfPath);
     this.validateMetadata(context, opfPath);
+    this.validateLinkElements(context, opfPath);
     this.validateManifest(context, opfPath);
     this.validateSpine(context, opfPath);
     this.validateFallbackChains(context, opfPath);
@@ -2086,6 +2990,34 @@ var OPFValidator = class {
       }
     }
   }
+  /**
+   * Validate EPUB 3 link elements in metadata
+   */
+  validateLinkElements(context, opfPath) {
+    if (!this.packageDoc) return;
+    const opfDir = opfPath.includes("/") ? opfPath.substring(0, opfPath.lastIndexOf("/")) : "";
+    for (const link of this.packageDoc.linkElements) {
+      const href = link.href;
+      const decodedHref = tryDecodeUriComponent(href);
+      const basePath = href.includes("#") ? href.substring(0, href.indexOf("#")) : href;
+      const basePathDecoded = decodedHref.includes("#") ? decodedHref.substring(0, decodedHref.indexOf("#")) : decodedHref;
+      if (href.startsWith("#")) {
+        continue;
+      }
+      const resolvedPath = resolvePath(opfDir, basePath);
+      const resolvedPathDecoded = basePathDecoded !== basePath ? resolvePath(opfDir, basePathDecoded) : resolvedPath;
+      const fileExists = context.files.has(resolvedPath) || context.files.has(resolvedPathDecoded);
+      const inManifest = this.manifestByHref.has(basePath) || this.manifestByHref.has(basePathDecoded);
+      if (!fileExists && !inManifest) {
+        context.messages.push({
+          id: "RSC-007",
+          severity: "warning",
+          message: `Referenced resource "${resolvedPath}" could not be found in the EPUB`,
+          location: { path: opfPath }
+        });
+      }
+    }
+  }
   /**
    * Validate manifest section
    */
@@ -2113,11 +3045,32 @@ var OPFValidator = class {
       }
       seenHrefs.add(item.href);
       const fullPath = resolvePath(opfPath, item.href);
-      if (!context.files.has(fullPath) && !item.href.startsWith("http")) {
+      if (fullPath === opfPath) {
+        context.messages.push({
+          id: "OPF-099",
+          severity: "error",
+          message: "The manifest must not list the package document",
+          location: { path: opfPath }
+        });
+      }
+      if (!item.href.startsWith("http") && !item.href.startsWith("mailto:")) {
+        const leaked = checkUrlLeaking(item.href);
+        if (leaked) {
+          context.messages.push({
+            id: "RSC-026",
+            severity: "error",
+            message: `URL "${item.href}" leaks outside the container (it is not a valid-relative-ocf-URL-with-fragment string)`,
+            location: { path: opfPath }
+          });
+        }
+      }
+      const decodedHref = tryDecodeUriComponent(item.href);
+      const fullPathDecoded = decodedHref !== item.href ? resolvePath(opfPath, decodedHref) : fullPath;
+      if (!context.files.has(fullPath) && !context.files.has(fullPathDecoded) && !item.href.startsWith("http")) {
         context.messages.push({
-          id: "OPF-010",
+          id: "RSC-001",
           severity: "error",
-          message: `Manifest item "${item.id}" references missing file: ${item.href}`,
+          message: `Referenced resource "${item.href}" could not be found in the EPUB`,
           location: { path: opfPath }
         });
       }
@@ -2204,31 +3157,6 @@ var OPFValidator = class {
         });
       }
     }
-    this.checkUndeclaredResources(context, opfPath);
-  }
-  /**
-   * Check for files in container that are not declared in manifest
-   */
-  checkUndeclaredResources(context, opfPath) {
-    if (!this.packageDoc) return;
-    const declaredPaths = /* @__PURE__ */ new Set();
-    for (const item of this.packageDoc.manifest) {
-      const fullPath = resolvePath(opfPath, item.href);
-      declaredPaths.add(fullPath);
-    }
-    declaredPaths.add(opfPath);
-    for (const filePath of context.files.keys()) {
-      if (filePath.endsWith("/")) continue;
-      if (filePath.startsWith("META-INF/")) continue;
-      if (filePath === "mimetype") continue;
-      if (declaredPaths.has(filePath)) continue;
-      context.messages.push({
-        id: "RSC-008",
-        severity: "error",
-        message: `File in container is not declared in manifest: ${filePath}`,
-        location: { path: filePath }
-      });
-    }
   }
   /**
    * Validate spine section
@@ -2253,32 +3181,30 @@ var OPFValidator = class {
         location: { path: opfPath }
       });
     }
-    if (this.packageDoc.version === "2.0") {
-      const ncxId = this.packageDoc.spineToc;
-      if (!ncxId) {
+    const ncxId = this.packageDoc.spineToc;
+    if (this.packageDoc.version === "2.0" && !ncxId) {
+      context.messages.push({
+        id: "OPF-050",
+        severity: "warning",
+        message: "EPUB 2 spine should have a toc attribute referencing the NCX",
+        location: { path: opfPath }
+      });
+    } else if (ncxId) {
+      const ncxItem = this.manifestById.get(ncxId);
+      if (!ncxItem) {
+        context.messages.push({
+          id: "OPF-049",
+          severity: "error",
+          message: `Spine toc attribute references non-existent item: "${ncxId}"`,
+          location: { path: opfPath }
+        });
+      } else if (ncxItem.mediaType !== "application/x-dtbncx+xml") {
         context.messages.push({
           id: "OPF-050",
-          severity: "warning",
-          message: "EPUB 2 spine should have a toc attribute referencing the NCX",
+          severity: "error",
+          message: `Spine toc attribute must reference an NCX document (media-type "application/x-dtbncx+xml"), found: "${ncxItem.mediaType}"`,
           location: { path: opfPath }
         });
-      } else {
-        const ncxItem = this.manifestById.get(ncxId);
-        if (!ncxItem) {
-          context.messages.push({
-            id: "OPF-049",
-            severity: "error",
-            message: `Spine toc attribute references non-existent item: "${ncxId}"`,
-            location: { path: opfPath }
-          });
-        } else if (ncxItem.mediaType !== "application/x-dtbncx+xml") {
-          context.messages.push({
-            id: "OPF-050",
-            severity: "error",
-            message: `NCX item must have media-type "application/x-dtbncx+xml", found: "${ncxItem.mediaType}"`,
-            location: { path: opfPath }
-          });
-        }
       }
     }
     const seenIdrefs = /* @__PURE__ */ new Set();
@@ -2293,7 +3219,7 @@ var OPFValidator = class {
         });
         continue;
       }
-      if (this.packageDoc.version === "2.0" && seenIdrefs.has(itemref.idref)) {
+      if (seenIdrefs.has(itemref.idref)) {
         context.messages.push({
           id: "OPF-034",
           severity: "error",
@@ -2492,6 +3418,24 @@ function resolvePath(basePath, relativePath) {
   }
   return parts.join("/");
 }
+function tryDecodeUriComponent(encoded) {
+  try {
+    return decodeURIComponent(encoded);
+  } catch {
+    return encoded;
+  }
+}
+function checkUrlLeaking(href) {
+  const TEST_BASE_A = "https://a.example.org/A/";
+  const TEST_BASE_B = "https://b.example.org/B/";
+  try {
+    const urlA = new URL(href, TEST_BASE_A).toString();
+    const urlB = new URL(href, TEST_BASE_B).toString();
+    return !urlA.startsWith(TEST_BASE_A) || !urlB.startsWith(TEST_BASE_B);
+  } catch {
+    return false;
+  }
+}
 function isValidMimeType(mediaType) {
   const mimeTypePattern = /^[a-zA-Z][a-zA-Z0-9!#$&\-^_.]*\/[a-zA-Z0-9][a-zA-Z0-9!#$&\-^_.+]*(?:\s*;\s*[a-zA-Z0-9-]+=[^;]+)?$/;
   if (!mimeTypePattern.test(mediaType)) {
@@ -2785,7 +3729,18 @@ var ReferenceValidator = class {
     }
     if (!this.registry.hasResource(resourcePath)) {
       const fileExistsInContainer = context.files.has(resourcePath);
-      if (!fileExistsInContainer) {
+      if (fileExistsInContainer) {
+        if (!context.referencedUndeclaredResources?.has(resourcePath)) {
+          context.messages.push({
+            id: "RSC-008",
+            severity: "error",
+            message: `Referenced resource "${resourcePath}" is not declared in the OPF manifest`,
+            location: reference.location
+          });
+          context.referencedUndeclaredResources ??= /* @__PURE__ */ new Set();
+          context.referencedUndeclaredResources.add(resourcePath);
+        }
+      } else {
         const isLinkRef = reference.type === "link" /* LINK */;
         context.messages.push({
           id: isLinkRef ? "RSC-007w" : "RSC-007",
@@ -3461,6 +4416,7 @@ var MessageId = /* @__PURE__ */ ((MessageId2) => {
   MessageId2["OPF_013"] = "OPF-013";
   MessageId2["OPF_014"] = "OPF-014";
   MessageId2["OPF_097"] = "OPF-097";
+  MessageId2["OPF_099"] = "OPF-099";
   MessageId2["OPF_015"] = "OPF-015";
   MessageId2["RSC_001"] = "RSC-001";
   MessageId2["RSC_002"] = "RSC-002";