@marcuspuchalla/nachos 0.1.1 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (62) hide show
  1. package/CHANGELOG.md +55 -0
  2. package/dist/{chunk-ZRPJUEIZ.js → chunk-5IWW5H47.js} +546 -227
  3. package/dist/chunk-5IWW5H47.js.map +1 -0
  4. package/dist/{chunk-2HBCILJS.cjs → chunk-RVG2BY32.cjs} +545 -226
  5. package/dist/chunk-RVG2BY32.cjs.map +1 -0
  6. package/dist/{chunk-2FUTHZQQ.cjs → chunk-S4RXO6IB.cjs} +244 -166
  7. package/dist/chunk-S4RXO6IB.cjs.map +1 -0
  8. package/dist/{chunk-7CFYWHS6.js → chunk-UMAX5MX5.js} +244 -166
  9. package/dist/chunk-UMAX5MX5.js.map +1 -0
  10. package/dist/encoder/index.cjs +13 -13
  11. package/dist/encoder/index.d.cts +2 -2
  12. package/dist/encoder/index.d.ts +2 -2
  13. package/dist/encoder/index.js +1 -1
  14. package/dist/index.cjs +32 -32
  15. package/dist/index.cjs.map +1 -1
  16. package/dist/index.d.cts +28 -19
  17. package/dist/index.d.ts +28 -19
  18. package/dist/index.js +16 -16
  19. package/dist/index.js.map +1 -1
  20. package/dist/metafile-cjs.json +1 -1
  21. package/dist/metafile-esm.json +1 -1
  22. package/dist/parser/index.cjs +14 -14
  23. package/dist/parser/index.d.cts +3 -1
  24. package/dist/parser/index.d.ts +3 -1
  25. package/dist/parser/index.js +1 -1
  26. package/dist/{useCborSimpleEncoder-TVxzNJ_9.d.ts → useCborSimpleEncoder-BoKEmjP9.d.ts} +0 -2
  27. package/dist/{useCborSimpleEncoder-ButVU988.d.cts → useCborSimpleEncoder-C_OHxoB8.d.cts} +0 -2
  28. package/dist/{useCborTag-B_iaShG6.d.ts → useCborTag-BD6Sqp7p.d.ts} +11 -6
  29. package/dist/{useCborTag-BfTIV8HM.d.cts → useCborTag-QpZR-Er2.d.cts} +11 -6
  30. package/package.json +1 -1
  31. package/src/__tests__/public-api.test.ts +153 -0
  32. package/src/__tests__/roundtrip.test.ts +701 -0
  33. package/src/encoder/__tests__/cbor-collection-encoder.test.ts +129 -5
  34. package/src/encoder/__tests__/cbor-encoder-errors.test.ts +847 -0
  35. package/src/encoder/__tests__/cbor-simple-encoder.test.ts +126 -0
  36. package/src/encoder/__tests__/cbor-string-encoder.test.ts +14 -0
  37. package/src/encoder/composables/useCborCollectionEncoder.ts +56 -23
  38. package/src/encoder/composables/useCborEncoder.ts +27 -1
  39. package/src/encoder/composables/useCborSimpleEncoder.ts +40 -8
  40. package/src/encoder/composables/useCborStringEncoder.ts +23 -10
  41. package/src/encoder/types.ts +0 -2
  42. package/src/index.ts +29 -20
  43. package/src/parser/__tests__/buffer-native-parsing.test.ts +338 -0
  44. package/src/parser/__tests__/cbor-float-errors.test.ts +41 -0
  45. package/src/parser/__tests__/cbor-map-duplicate-keys.test.ts +97 -7
  46. package/src/parser/__tests__/cbor-security-dos-protection.test.ts +166 -33
  47. package/src/parser/__tests__/cbor-standard-tags.test.ts +104 -7
  48. package/src/parser/__tests__/cbor-string-errors.test.ts +4 -4
  49. package/src/parser/__tests__/cbor-tag-errors.test.ts +1 -1
  50. package/src/parser/__tests__/cbor-tag-reparse-fix.test.ts +268 -0
  51. package/src/parser/composables/useCborCollection.ts +45 -42
  52. package/src/parser/composables/useCborFloat.ts +95 -9
  53. package/src/parser/composables/useCborInteger.ts +24 -10
  54. package/src/parser/composables/useCborParser.ts +387 -216
  55. package/src/parser/composables/useCborString.ts +22 -4
  56. package/src/parser/composables/useCborTag.ts +149 -53
  57. package/src/parser/utils.ts +11 -0
  58. package/dist/chunk-2FUTHZQQ.cjs.map +0 -1
  59. package/dist/chunk-2HBCILJS.cjs.map +0 -1
  60. package/dist/chunk-7CFYWHS6.js.map +0 -1
  61. package/dist/chunk-ZRPJUEIZ.js.map +0 -1
  62. package/src/encoder/composables/#useCborTagEncoder.ts# +0 -158
package/CHANGELOG.md CHANGED
@@ -5,6 +5,61 @@ All notable changes to this project will be documented in this file.
5
5
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
6
6
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7
7
 
8
+ ## [0.1.4] - 2026-02-22
9
+
10
+ ### Fixed
11
+
12
+ #### Security
13
+ - **Duplicate map key bypass** - Semantic comparison now used for duplicate detection; different encodings of the same integer key (e.g. `0x01`, `0x1801`, `0x190001`) are correctly identified as duplicates (RFC 8949 Section 5.6)
14
+ - **maxParseTime bypass** - Timeout is now enforced in standard `decode()`/`parse()` path, not only in `decodeWithSourceMap()`
15
+ - **bytesWritten double-counting** - Removed broken value-copy tracking from `EncodeContext`; `maxOutputSize` is now checked once at root level after encoding completes
16
+
17
+ #### Correctness
18
+ - **Tag 4/5 integer validation** - `Number.isInteger()` check added to reject floats in exponent/mantissa positions (RFC 8949 requirement)
19
+ - **Float16 IEEE 754 rounding** - Replaced truncating `>> 42` shift with guard/round/sticky round-half-to-even; also fixed 32-bit truncation bug that corrupted most float16 mantissas
20
+ - **Exponential source-map re-parsing** - `validateTagSemantics` and `decodePlutusConstructor` now called directly on already-parsed values instead of re-parsing the entire tag subtree (O(D²) → O(D))
21
+
22
+ ### Performance
23
+ - **Eliminated O(N²) parsing** - `parseItem` and `parseSequence` no longer slice and hex-encode the full remaining buffer on each element; all types now use buffer+offset native dispatch
24
+ - **Map canonical sort** - Keys pre-encoded once before sort instead of re-encoded O(N log N) times inside comparator
25
+
26
+ ### Added
27
+ - **Uint8Array input support** - `decode()`, `decodeWithSourceMap()`, `parseSequence()`, and `CborDecoder` class methods now accept `Uint8Array` directly, skipping hex conversion entirely
28
+ - **Buffer-native parser exports** - `parseIntegerFromBuffer`, `parseFromBuffer` (float), `parseTagFromBuffer`, `validateTagSemantics`, `decodePlutusConstructor` exported for advanced use
29
+ - 115 new tests
30
+
31
+ ## [0.1.3] - 2026-02-09
32
+
33
+ ### Fixed
34
+
35
+ #### Critical Bugs
36
+ - **Float parser ReferenceError** - `options` variable was not accessible in float parsing, causing 29 test failures
37
+ - **Missing CborByteString import** - Tag parser failed when decoding byte-string tagged values
38
+ - **Float16 subnormal encoding** - Mantissa bits were being lost for subnormal half-precision floats
39
+
40
+ #### Security Hardening
41
+ - **Tag parser internal security checks** - Added depth, array length, map size, and indefinite-length validation to tag-internal array/map parsing
42
+ - **String encoder pre-allocation check** - Size validation now happens before buffer allocation (DoS prevention)
43
+ - **Default nesting limits** - Updated default `maxDepth` and `maxTagDepth` to 100 (was hardcoded as 64)
44
+ - **Replaced magic numbers** - All hardcoded limit values now use `DEFAULT_LIMITS` constants
45
+
46
+ #### RFC 8949 Compliance
47
+ - **Canonical NaN validation** - Float32/float64 NaN payloads are now validated in canonical mode
48
+ - **Canonical shortest-form float validation** - Values that fit in float16 are rejected in float32/float64 canonical mode
49
+ - **Indefinite-length chunk validation** - String chunks inside indefinite-length strings must be definite-length per RFC 3.2.3
50
+ - **Canonical + indefinite conflict** - Auto-resolves `canonical: true` with `allowIndefinite: true` instead of silently misbehaving
51
+
52
+ ### Added
53
+
54
+ #### Tests
55
+ - 91 round-trip encode/decode tests covering all CBOR major types
56
+ - 70 encoder error handling and canonical encoding tests
57
+ - Total test count increased from 1038 to 1199
58
+
59
+ ### Removed
60
+ - Stale Emacs backup file
61
+ - Commented-out dead code in parser
62
+
8
63
  ## [0.1.0] - 2025-12-01
9
64
 
10
65
  ### Added