@plasius/images 1.0.0 → 1.0.2

package/CHANGELOG.md

@@ -20,6 +20,34 @@ The format is based on **[Keep a Changelog](https://keepachangelog.com/en/1.1.0/
 - **Security**
   - (placeholder)
 
+## [1.0.2] - 2026-02-22
+
+- **Added**
+  - (placeholder)
+
+- **Changed**
+  - (placeholder)
+
+- **Fixed**
+  - (placeholder)
+
+- **Security**
+  - (placeholder)
+
+## [1.0.1] - 2026-02-13
+
+- **Added**
+  - (placeholder)
+
+- **Changed**
+  - Replace dual-`tsc` build steps with `tsup` to emit ESM + CJS + types side-by-side in `dist/` (`index.js`, `index.cjs`, `index.d.ts`).
+
+- **Fixed**
+  - (placeholder)
+
+- **Security**
+  - (placeholder)
+
 ## [1.0.0] - 2026-02-12
 
 - **Added**
@@ -48,7 +76,7 @@ The format is based on **[Keep a Changelog](https://keepachangelog.com/en/1.1.0/
 
 ---
 
-[Unreleased]: https://github.com/Plasius-LTD/images/compare/v1.0.0...HEAD
+[Unreleased]: https://github.com/Plasius-LTD/images/compare/v1.0.2...HEAD
 
 ## [1.0.0] - 2026-02-11
 
@@ -64,3 +92,5 @@ The format is based on **[Keep a Changelog](https://keepachangelog.com/en/1.1.0/
 - **Security**
   - (placeholder)
 [1.0.0]: https://github.com/Plasius-LTD/images/releases/tag/v1.0.0
+[1.0.1]: https://github.com/Plasius-LTD/images/releases/tag/v1.0.1
+[1.0.2]: https://github.com/Plasius-LTD/images/releases/tag/v1.0.2

package/dist/index.cjs

@@ -0,0 +1,225 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  sanitiseSVG: () => sanitiseSVG,
+  validateAvatarImage: () => validateAvatarImage,
+  validateSvgAvatar: () => validateSvgAvatar
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/validators/svgValidator.ts
+var import_xmldom = require("@xmldom/xmldom");
+function sanitiseSVG(svgText, options) {
+  const strippedTags = [];
+  const strippedAttributes = [];
+  const parser = new import_xmldom.DOMParser({
+    onError: (level, msg) => {
+      switch (level) {
+        case "warning":
+          break;
+        default:
+          throw new Error(msg);
+      }
+    }
+  });
+  const serializer = new import_xmldom.XMLSerializer();
+  const doc = parser.parseFromString(svgText, "image/svg+xml");
+  function cleanNode(node) {
+    if (node === null) return;
+    if (node.nodeType === 8 && !options.allowComments) {
+      node.parentNode?.removeChild(node);
+      return;
+    }
+    if (node.nodeType === 1) {
+      const el = node;
+      const tagName = el.tagName.toLowerCase();
+      if (tagName === "style") {
+        strippedTags.push(tagName);
+        node.parentNode?.removeChild(node);
+        return;
+      }
+      if (!options.allowedTags.includes(tagName) && !options.allowUnknownElements) {
+        strippedTags.push(tagName);
+        node.parentNode?.removeChild(node);
+        return;
+      }
+      const allowedAttrs = options.allowedAttributes["*"] || [];
+      const toRemove = [];
+      for (const attr of Array.from(el.attributes)) {
+        const attrName = attr.name.toLowerCase();
+        if (attrName.startsWith("on")) {
+          toRemove.push(attr.name);
+          strippedAttributes.push(`${tagName}.${attr.name}`);
+          continue;
+        }
+        if (attrName === "xlink:href" || attrName === "xmlns:xlink") {
+          toRemove.push(attr.name);
+          strippedAttributes.push(`${tagName}.${attr.name}`);
+          continue;
+        }
+        if (attrName === "style") {
+          toRemove.push(attr.name);
+          strippedAttributes.push(`${tagName}.${attr.name}`);
+          continue;
+        }
+        if (!allowedAttrs.includes(attr.name) && !options.allowUnknownAttributes) {
+          toRemove.push(attr.name);
+          strippedAttributes.push(`${tagName}.${attr.name}`);
+        }
+      }
+      toRemove.forEach((attrName) => el.removeAttribute(attrName));
+    }
+    const children = Array.from(node.childNodes);
+    children.forEach((child) => cleanNode(child));
+  }
+  cleanNode(doc.documentElement);
+  return {
+    svg: serializer.serializeToString(doc),
+    audit: { strippedTags, strippedAttributes }
+  };
+}
+function validateSvgAvatar(buffer) {
+  const svgText = buffer.toString("utf8");
+  const { svg: cleanSvg } = sanitiseSVG(svgText, {
+    allowedTags: [
+      "svg",
+      "g",
+      "rect",
+      "circle",
+      "ellipse",
+      "line",
+      "polygon",
+      "polyline",
+      "path",
+      "text",
+      "title",
+      "desc"
+    ],
+    allowedAttributes: {
+      "*": [
+        "width",
+        "height",
+        "viewBox",
+        "xmlns",
+        "transform",
+        "x",
+        "y",
+        "cx",
+        "cy",
+        "r",
+        "rx",
+        "ry",
+        "x1",
+        "y1",
+        "x2",
+        "y2",
+        "points",
+        "d",
+        "fill",
+        "stroke",
+        "stroke-width",
+        "font-family",
+        "font-size",
+        "text-anchor"
+      ]
+    },
+    allowComments: false,
+    allowUnknownElements: false,
+    allowUnknownAttributes: false
+  });
+  const cleanBuffer = Buffer.from(cleanSvg, "utf8");
+  if (cleanBuffer.length > 256 * 1024) {
+    throw new Error("SVG too large (max 256 KB)");
+  }
+  return Promise.resolve({
+    width: 0,
+    // SVG is scalable, can’t guarantee pixel dimensions
+    height: 0,
+    format: "svg",
+    size: cleanBuffer.length,
+    safeBuffer: cleanBuffer
+  });
+}
+
+// src/validators/avatarValidator.ts
+var import_sharp = __toESM(require("sharp"), 1);
+async function validateAvatarImage(buffer) {
+  const metadata = await (0, import_sharp.default)(buffer).metadata();
+  const format = metadata.format;
+  if (!format) {
+    throw new Error("Unsupported or unknown image format");
+  }
+  const width = metadata.width;
+  const height = metadata.height;
+  if (!width || !height) {
+    throw new Error("Could not determine image dimensions");
+  }
+  if (width < 64 || height < 64) {
+    throw new Error("Image too small (min 64x64)");
+  }
+  if (width > 2048 || height > 2048) {
+    throw new Error("Image too large (max 2048x2048)");
+  }
+  const targetFormat = "png";
+  let safeBuffer;
+  if (format === "svg") {
+    const svgText = buffer.toString("utf8");
+    const svgValidation = await validateSvgAvatar(
+      Buffer.from(svgText, "utf-8")
+    );
+    safeBuffer = await (0, import_sharp.default)(svgValidation.safeBuffer).resize({
+      width: Math.min(width, 2048),
+      height: Math.min(height, 2048),
+      fit: "inside"
+    }).toFormat(targetFormat).toBuffer();
+  } else {
+    safeBuffer = await (0, import_sharp.default)(buffer).resize({
+      width: Math.min(width, 2048),
+      height: Math.min(height, 2048),
+      fit: "inside"
+    }).toFormat(targetFormat, { quality: 90 }).toBuffer();
+  }
+  return {
+    width,
+    height,
+    format,
+    size: buffer.length,
+    safeBuffer
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  sanitiseSVG,
+  validateAvatarImage,
+  validateSvgAvatar
+});
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/index.ts","../src/validators/svgValidator.ts","../src/validators/avatarValidator.ts"],"sourcesContent":["export * from \"./validators/index.js\";\n","import type { ImageValidationResult } from \"./avatarValidator.js\";\nimport { DOMParser, XMLSerializer } from \"@xmldom/xmldom\";\nimport type { Element as XmlElement } from \"@xmldom/xmldom\";\n\nexport function sanitiseSVG(\n  svgText: string,\n  options: {\n    allowedTags: string[];\n    allowedAttributes: { \"*\": string[] };\n    allowComments: boolean;\n    allowUnknownElements: boolean;\n    allowUnknownAttributes: boolean;\n  }\n): {\n  svg: string;\n  audit: { strippedTags: string[]; strippedAttributes: string[] };\n} {\n  const strippedTags: string[] = [];\n  const strippedAttributes: string[] = [];\n\n  const parser = new DOMParser({\n    onError: (\n      level: \"warning\" | \"error\" | \"fatalError\",\n      msg: string\n    ): void => {\n      switch (level) {\n        case \"warning\":\n          break;\n        default:\n          throw new Error(msg);\n      }\n    },\n  });\n  const serializer = new XMLSerializer();\n  const doc = parser.parseFromString(svgText, \"image/svg+xml\");\n\n  function cleanNode(node: Node | null) {\n    // TODO: optionally sanitize <style> elements and inline style attributes\n\n    if (node === null) return;\n\n    if (node.nodeType === 8 /* Comment */ && !options.allowComments) {\n      node.parentNode?.removeChild(node);\n      return;\n    }\n\n    if (node.nodeType === 1 /* Element */) {\n      const el = node as unknown as XmlElement;\n      const tagName = el.tagName.toLowerCase();\n\n      // Strip <style> elements entirely\n      if (tagName === \"style\") {\n        strippedTags.push(tagName);\n        node.parentNode?.removeChild(node);\n        return;\n      }\n\n      if (\n        !options.allowedTags.includes(tagName) &&\n        !options.allowUnknownElements\n      ) {\n        strippedTags.push(tagName);\n        node.parentNode?.removeChild(node);\n        return;\n      }\n\n      // Clean attributes\n      const allowedAttrs = options.allowedAttributes[\"*\"] || [];\n\n      const toRemove: string[] = [];\n      for (const attr of Array.from(el.attributes)) {\n        const attrName = attr.name.toLowerCase();\n\n        if (attrName.startsWith(\"on\")) {\n          toRemove.push(attr.name);\n          strippedAttributes.push(`${tagName}.${attr.name}`);\n          continue;\n        }\n        if (attrName === \"xlink:href\" || attrName === \"xmlns:xlink\") {\n          toRemove.push(attr.name);\n          strippedAttributes.push(`${tagName}.${attr.name}`);\n          continue;\n        }\n        if (attrName === \"style\") {\n          toRemove.push(attr.name);\n          strippedAttributes.push(`${tagName}.${attr.name}`);\n          continue;\n        }\n\n        if (\n          !allowedAttrs.includes(attr.name) &&\n          !options.allowUnknownAttributes\n        ) {\n          toRemove.push(attr.name);\n          strippedAttributes.push(`${tagName}.${attr.name}`);\n        }\n      }\n      toRemove.forEach((attrName) => el.removeAttribute(attrName));\n    }\n\n    // Recursively clean children\n    const children = Array.from(node.childNodes);\n    children.forEach((child) => cleanNode(child));\n  }\n\n  cleanNode(doc.documentElement as unknown as Node);\n\n  return {\n    svg: serializer.serializeToString(doc),\n    audit: { strippedTags, strippedAttributes },\n  };\n}\n\nexport function validateSvgAvatar(\n  buffer: Buffer\n): Promise<ImageValidationResult> {\n  const svgText = buffer.toString(\"utf8\");\n\n  const { svg: cleanSvg } = sanitiseSVG(svgText, {\n    allowedTags: [\n      \"svg\",\n      \"g\",\n      \"rect\",\n      \"circle\",\n      \"ellipse\",\n      \"line\",\n      \"polygon\",\n      \"polyline\",\n      \"path\",\n      \"text\",\n      \"title\",\n      \"desc\",\n    ],\n    allowedAttributes: {\n      \"*\": [\n        \"width\",\n        \"height\",\n        \"viewBox\",\n        \"xmlns\",\n        \"transform\",\n        \"x\",\n        \"y\",\n        \"cx\",\n        \"cy\",\n        \"r\",\n        \"rx\",\n        \"ry\",\n        \"x1\",\n        \"y1\",\n        \"x2\",\n        \"y2\",\n        \"points\",\n        \"d\",\n        \"fill\",\n        \"stroke\",\n        \"stroke-width\",\n        \"font-family\",\n        \"font-size\",\n        \"text-anchor\",\n      ],\n    },\n\n    allowComments: false,\n    allowUnknownElements: false,\n    allowUnknownAttributes: false,\n  });\n\n  const cleanBuffer = Buffer.from(cleanSvg, \"utf8\");\n\n  // Basic sanity checks\n  if (cleanBuffer.length > 256 * 1024) {\n    throw new Error(\"SVG too large (max 256 KB)\");\n  }\n\n  return Promise.resolve({\n    width: 0, // SVG is scalable, can’t guarantee pixel dimensions\n    height: 0,\n    format: \"svg\",\n    size: cleanBuffer.length,\n    safeBuffer: cleanBuffer,\n  });\n}\n","import sharp from \"sharp\";\nimport { validateSvgAvatar } from \"./svgValidator.js\";\n\nexport interface ImageValidationResult {\n  width: number;\n  height: number;\n  format: string;\n  size: number;\n  safeBuffer: Buffer;\n}\n\nexport async function validateAvatarImage(\n  buffer: Buffer\n): Promise<ImageValidationResult> {\n  const metadata = await sharp(buffer).metadata();\n  const format = metadata.format;\n\n  if (!format) {\n    throw new Error(\"Unsupported or unknown image format\");\n  }\n\n  const width = metadata.width;\n  const height = metadata.height;\n\n  if (!width || !height) {\n    throw new Error(\"Could not determine image dimensions\");\n  }\n\n  if (width < 64 || height < 64) {\n    throw new Error(\"Image too small (min 64x64)\");\n  }\n\n  if (width > 2048 || height > 2048) {\n    throw new Error(\"Image too large (max 2048x2048)\");\n  }\n\n  const targetFormat = \"png\"; // common safe web format\n\n  let safeBuffer: Buffer;\n\n  if (format === \"svg\") {\n    const svgText = buffer.toString(\"utf8\");\n    const svgValidation = await validateSvgAvatar(\n      Buffer.from(svgText, \"utf-8\")\n    );\n    safeBuffer = await sharp(svgValidation.safeBuffer)\n      .resize({\n        width: Math.min(width, 2048),\n        height: Math.min(height, 2048),\n        fit: \"inside\",\n      })\n      .toFormat(targetFormat)\n      .toBuffer();\n  } else {\n    safeBuffer = await sharp(buffer)\n      .resize({\n        width: Math.min(width, 2048),\n        height: Math.min(height, 2048),\n        fit: \"inside\",\n      })\n      .toFormat(targetFormat, { quality: 90 })\n      .toBuffer();\n  }\n\n  return {\n    width,\n    height,\n    format,\n    size: buffer.length,\n    safeBuffer,\n  };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACCA,oBAAyC;AAGlC,SAAS,YACd,SACA,SAUA;AACA,QAAM,eAAyB,CAAC;AAChC,QAAM,qBAA+B,CAAC;AAEtC,QAAM,SAAS,IAAI,wBAAU;AAAA,IAC3B,SAAS,CACP,OACA,QACS;AACT,cAAQ,OAAO;AAAA,QACb,KAAK;AACH;AAAA,QACF;AACE,gBAAM,IAAI,MAAM,GAAG;AAAA,MACvB;AAAA,IACF;AAAA,EACF,CAAC;AACD,QAAM,aAAa,IAAI,4BAAc;AACrC,QAAM,MAAM,OAAO,gBAAgB,SAAS,eAAe;AAE3D,WAAS,UAAU,MAAmB;AAGpC,QAAI,SAAS,KAAM;AAEnB,QAAI,KAAK,aAAa,KAAmB,CAAC,QAAQ,eAAe;AAC/D,WAAK,YAAY,YAAY,IAAI;AACjC;AAAA,IACF;AAEA,QAAI,KAAK,aAAa,GAAiB;AACrC,YAAM,KAAK;AACX,YAAM,UAAU,GAAG,QAAQ,YAAY;AAGvC,UAAI,YAAY,SAAS;AACvB,qBAAa,KAAK,OAAO;AACzB,aAAK,YAAY,YAAY,IAAI;AACjC;AAAA,MACF;AAEA,UACE,CAAC,QAAQ,YAAY,SAAS,OAAO,KACrC,CAAC,QAAQ,sBACT;AACA,qBAAa,KAAK,OAAO;AACzB,aAAK,YAAY,YAAY,IAAI;AACjC;AAAA,MACF;AAGA,YAAM,eAAe,QAAQ,kBAAkB,GAAG,KAAK,CAAC;AAExD,YAAM,WAAqB,CAAC;AAC5B,iBAAW,QAAQ,MAAM,KAAK,GAAG,UAAU,GAAG;AAC5C,cAAM,WAAW,KAAK,KAAK,YAAY;AAEvC,YAAI,SAAS,WAAW,IAAI,GAAG;AAC7B,mBAAS,KAAK,KAAK,IAAI;AACvB,6BAAmB,KAAK,GAAG,OAAO,IAAI,KAAK,IAAI,EAAE;AACjD;AAAA,QACF;AACA,YAAI,aAAa,gBAAgB,aAAa,eAAe;AAC3D,mBAAS,KAAK,KAAK,IAAI;AACvB,6BAAmB,KAAK,GAAG,OAAO,IAAI,KAAK,IAAI,EAAE;AACjD;AAAA,QACF;AACA,YAAI,aAAa,SAAS;AACxB,mBAAS,KAAK,KAAK,IAAI;AACvB,6BAAmB,KAAK,GAAG,OAAO,IAAI,KAAK,IAAI,EAAE;AACjD;AAAA,QACF;AAEA,YACE,CAAC,aAAa,SAAS,KAAK,IAAI,KAChC,CAAC,QAAQ,wBACT;AACA,mBAAS,KAAK,KAAK,IAAI;AACvB,6BAAmB,KAAK,GAAG,OAAO,IAAI,KAAK,IAAI,EAAE;AAAA,QACnD;AAAA,MACF;AACA,eAAS,QAAQ,CAAC,aAAa,GAAG,gBAAgB,QAAQ,CAAC;AAAA,IAC7D;AAGA,UAAM,WAAW,MAAM,KAAK,KAAK,UAAU;AAC3C,aAAS,QAAQ,CAAC,UAAU,UAAU,KAAK,CAAC;AAAA,EAC9C;AAEA,YAAU,IAAI,eAAkC;AAEhD,SAAO;AAAA,IACL,KAAK,WAAW,kBAAkB,GAAG;AAAA,IACrC,OAAO,EAAE,cAAc,mBAAmB;AAAA,EAC5C;AACF;AAEO,SAAS,kBACd,QACgC;AAChC,QAAM,UAAU,OAAO,SAAS,MAAM;AAEtC,QAAM,EAAE,KAAK,SAAS,IAAI,YAAY,SAAS;AAAA,IAC7C,aAAa;AAAA,MACX;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,IACA,mBAAmB;AAAA,MACjB,KAAK;AAAA,QACH;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAAA,IAEA,eAAe;AAAA,IACf,sBAAsB;AAAA,IACtB,wBAAwB;AAAA,EAC1B,CAAC;AAED,QAAM,cAAc,OAAO,KAAK,UAAU,MAAM;AAGhD,MAAI,YAAY,SAAS,MAAM,MAAM;AACnC,UAAM,IAAI,MAAM,4BAA4B;AAAA,EAC9C;AAEA,SAAO,QAAQ,QAAQ;AAAA,IACrB,OAAO;AAAA;AAAA,IACP,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,MAAM,YAAY;AAAA,IAClB,YAAY;AAAA,EACd,CAAC;AACH;;;ACrLA,mBAAkB;AAWlB,eAAsB,oBACpB,QACgC;AAChC,QAAM,WAAW,UAAM,aAAAA,SAAM,MAAM,EAAE,SAAS;AAC9C,QAAM,SAAS,SAAS;AAExB,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI,MAAM,qCAAqC;AAAA,EACvD;AAEA,QAAM,QAAQ,SAAS;AACvB,QAAM,SAAS,SAAS;AAExB,MAAI,CAAC,SAAS,CAAC,QAAQ;AACrB,UAAM,IAAI,MAAM,sCAAsC;AAAA,EACxD;AAEA,MAAI,QAAQ,MAAM,SAAS,IAAI;AAC7B,UAAM,IAAI,MAAM,6BAA6B;AAAA,EAC/C;AAEA,MAAI,QAAQ,QAAQ,SAAS,MAAM;AACjC,UAAM,IAAI,MAAM,iCAAiC;AAAA,EACnD;AAEA,QAAM,eAAe;AAErB,MAAI;AAEJ,MAAI,WAAW,OAAO;AACpB,UAAM,UAAU,OAAO,SAAS,MAAM;AACtC,UAAM,gBAAgB,MAAM;AAAA,MAC1B,OAAO,KAAK,SAAS,OAAO;AAAA,IAC9B;AACA,iBAAa,UAAM,aAAAA,SAAM,cAAc,UAAU,EAC9C,OAAO;AAAA,MACN,OAAO,KAAK,IAAI,OAAO,IAAI;AAAA,MAC3B,QAAQ,KAAK,IAAI,QAAQ,IAAI;AAAA,MAC7B,KAAK;AAAA,IACP,CAAC,EACA,SAAS,YAAY,EACrB,SAAS;AAAA,EACd,OAAO;AACL,iBAAa,UAAM,aAAAA,SAAM,MAAM,EAC5B,OAAO;AAAA,MACN,OAAO,KAAK,IAAI,OAAO,IAAI;AAAA,MAC3B,QAAQ,KAAK,IAAI,QAAQ,IAAI;AAAA,MAC7B,KAAK;AAAA,IACP,CAAC,EACA,SAAS,cAAc,EAAE,SAAS,GAAG,CAAC,EACtC,SAAS;AAAA,EACd;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA,MAAM,OAAO;AAAA,IACb;AAAA,EACF;AACF;","names":["sharp"]}

package/dist/index.d.cts

@@ -0,0 +1,27 @@
+interface ImageValidationResult {
+    width: number;
+    height: number;
+    format: string;
+    size: number;
+    safeBuffer: Buffer;
+}
+declare function validateAvatarImage(buffer: Buffer): Promise<ImageValidationResult>;
+
+declare function sanitiseSVG(svgText: string, options: {
+    allowedTags: string[];
+    allowedAttributes: {
+        "*": string[];
+    };
+    allowComments: boolean;
+    allowUnknownElements: boolean;
+    allowUnknownAttributes: boolean;
+}): {
+    svg: string;
+    audit: {
+        strippedTags: string[];
+        strippedAttributes: string[];
+    };
+};
+declare function validateSvgAvatar(buffer: Buffer): Promise<ImageValidationResult>;
+
+export { type ImageValidationResult, sanitiseSVG, validateAvatarImage, validateSvgAvatar };

package/dist/index.d.ts

@@ -1,2 +1,27 @@
-export * from "./validators/index.js";
-//# sourceMappingURL=index.d.ts.map
+interface ImageValidationResult {
+    width: number;
+    height: number;
+    format: string;
+    size: number;
+    safeBuffer: Buffer;
+}
+declare function validateAvatarImage(buffer: Buffer): Promise<ImageValidationResult>;
+
+declare function sanitiseSVG(svgText: string, options: {
+    allowedTags: string[];
+    allowedAttributes: {
+        "*": string[];
+    };
+    allowComments: boolean;
+    allowUnknownElements: boolean;
+    allowUnknownAttributes: boolean;
+}): {
+    svg: string;
+    audit: {
+        strippedTags: string[];
+        strippedAttributes: string[];
+    };
+};
+declare function validateSvgAvatar(buffer: Buffer): Promise<ImageValidationResult>;
+
+export { type ImageValidationResult, sanitiseSVG, validateAvatarImage, validateSvgAvatar };

package/dist/index.js

@@ -1 +1,186 @@
-export * from "./validators/index.js";
+// src/validators/svgValidator.ts
+import { DOMParser, XMLSerializer } from "@xmldom/xmldom";
+function sanitiseSVG(svgText, options) {
+  const strippedTags = [];
+  const strippedAttributes = [];
+  const parser = new DOMParser({
+    onError: (level, msg) => {
+      switch (level) {
+        case "warning":
+          break;
+        default:
+          throw new Error(msg);
+      }
+    }
+  });
+  const serializer = new XMLSerializer();
+  const doc = parser.parseFromString(svgText, "image/svg+xml");
+  function cleanNode(node) {
+    if (node === null) return;
+    if (node.nodeType === 8 && !options.allowComments) {
+      node.parentNode?.removeChild(node);
+      return;
+    }
+    if (node.nodeType === 1) {
+      const el = node;
+      const tagName = el.tagName.toLowerCase();
+      if (tagName === "style") {
+        strippedTags.push(tagName);
+        node.parentNode?.removeChild(node);
+        return;
+      }
+      if (!options.allowedTags.includes(tagName) && !options.allowUnknownElements) {
+        strippedTags.push(tagName);
+        node.parentNode?.removeChild(node);
+        return;
+      }
+      const allowedAttrs = options.allowedAttributes["*"] || [];
+      const toRemove = [];
+      for (const attr of Array.from(el.attributes)) {
+        const attrName = attr.name.toLowerCase();
+        if (attrName.startsWith("on")) {
+          toRemove.push(attr.name);
+          strippedAttributes.push(`${tagName}.${attr.name}`);
+          continue;
+        }
+        if (attrName === "xlink:href" || attrName === "xmlns:xlink") {
+          toRemove.push(attr.name);
+          strippedAttributes.push(`${tagName}.${attr.name}`);
+          continue;
+        }
+        if (attrName === "style") {
+          toRemove.push(attr.name);
+          strippedAttributes.push(`${tagName}.${attr.name}`);
+          continue;
+        }
+        if (!allowedAttrs.includes(attr.name) && !options.allowUnknownAttributes) {
+          toRemove.push(attr.name);
+          strippedAttributes.push(`${tagName}.${attr.name}`);
+        }
+      }
+      toRemove.forEach((attrName) => el.removeAttribute(attrName));
+    }
+    const children = Array.from(node.childNodes);
+    children.forEach((child) => cleanNode(child));
+  }
+  cleanNode(doc.documentElement);
+  return {
+    svg: serializer.serializeToString(doc),
+    audit: { strippedTags, strippedAttributes }
+  };
+}
+function validateSvgAvatar(buffer) {
+  const svgText = buffer.toString("utf8");
+  const { svg: cleanSvg } = sanitiseSVG(svgText, {
+    allowedTags: [
+      "svg",
+      "g",
+      "rect",
+      "circle",
+      "ellipse",
+      "line",
+      "polygon",
+      "polyline",
+      "path",
+      "text",
+      "title",
+      "desc"
+    ],
+    allowedAttributes: {
+      "*": [
+        "width",
+        "height",
+        "viewBox",
+        "xmlns",
+        "transform",
+        "x",
+        "y",
+        "cx",
+        "cy",
+        "r",
+        "rx",
+        "ry",
+        "x1",
+        "y1",
+        "x2",
+        "y2",
+        "points",
+        "d",
+        "fill",
+        "stroke",
+        "stroke-width",
+        "font-family",
+        "font-size",
+        "text-anchor"
+      ]
+    },
+    allowComments: false,
+    allowUnknownElements: false,
+    allowUnknownAttributes: false
+  });
+  const cleanBuffer = Buffer.from(cleanSvg, "utf8");
+  if (cleanBuffer.length > 256 * 1024) {
+    throw new Error("SVG too large (max 256 KB)");
+  }
+  return Promise.resolve({
+    width: 0,
+    // SVG is scalable, can’t guarantee pixel dimensions
+    height: 0,
+    format: "svg",
+    size: cleanBuffer.length,
+    safeBuffer: cleanBuffer
+  });
+}
+
+// src/validators/avatarValidator.ts
+import sharp from "sharp";
+async function validateAvatarImage(buffer) {
+  const metadata = await sharp(buffer).metadata();
+  const format = metadata.format;
+  if (!format) {
+    throw new Error("Unsupported or unknown image format");
+  }
+  const width = metadata.width;
+  const height = metadata.height;
+  if (!width || !height) {
+    throw new Error("Could not determine image dimensions");
+  }
+  if (width < 64 || height < 64) {
+    throw new Error("Image too small (min 64x64)");
+  }
+  if (width > 2048 || height > 2048) {
+    throw new Error("Image too large (max 2048x2048)");
+  }
+  const targetFormat = "png";
+  let safeBuffer;
+  if (format === "svg") {
+    const svgText = buffer.toString("utf8");
+    const svgValidation = await validateSvgAvatar(
+      Buffer.from(svgText, "utf-8")
+    );
+    safeBuffer = await sharp(svgValidation.safeBuffer).resize({
+      width: Math.min(width, 2048),
+      height: Math.min(height, 2048),
+      fit: "inside"
+    }).toFormat(targetFormat).toBuffer();
+  } else {
+    safeBuffer = await sharp(buffer).resize({
+      width: Math.min(width, 2048),
+      height: Math.min(height, 2048),
+      fit: "inside"
+    }).toFormat(targetFormat, { quality: 90 }).toBuffer();
+  }
+  return {
+    width,
+    height,
+    format,
+    size: buffer.length,
+    safeBuffer
+  };
+}
+export {
+  sanitiseSVG,
+  validateAvatarImage,
+  validateSvgAvatar
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/validators/svgValidator.ts","../src/validators/avatarValidator.ts"],"sourcesContent":["import type { ImageValidationResult } from \"./avatarValidator.js\";\nimport { DOMParser, XMLSerializer } from \"@xmldom/xmldom\";\nimport type { Element as XmlElement } from \"@xmldom/xmldom\";\n\nexport function sanitiseSVG(\n  svgText: string,\n  options: {\n    allowedTags: string[];\n    allowedAttributes: { \"*\": string[] };\n    allowComments: boolean;\n    allowUnknownElements: boolean;\n    allowUnknownAttributes: boolean;\n  }\n): {\n  svg: string;\n  audit: { strippedTags: string[]; strippedAttributes: string[] };\n} {\n  const strippedTags: string[] = [];\n  const strippedAttributes: string[] = [];\n\n  const parser = new DOMParser({\n    onError: (\n      level: \"warning\" | \"error\" | \"fatalError\",\n      msg: string\n    ): void => {\n      switch (level) {\n        case \"warning\":\n          break;\n        default:\n          throw new Error(msg);\n      }\n    },\n  });\n  const serializer = new XMLSerializer();\n  const doc = parser.parseFromString(svgText, \"image/svg+xml\");\n\n  function cleanNode(node: Node | null) {\n    // TODO: optionally sanitize <style> elements and inline style attributes\n\n    if (node === null) return;\n\n    if (node.nodeType === 8 /* Comment */ && !options.allowComments) {\n      node.parentNode?.removeChild(node);\n      return;\n    }\n\n    if (node.nodeType === 1 /* Element */) {\n      const el = node as unknown as XmlElement;\n      const tagName = el.tagName.toLowerCase();\n\n      // Strip <style> elements entirely\n      if (tagName === \"style\") {\n        strippedTags.push(tagName);\n        node.parentNode?.removeChild(node);\n        return;\n      }\n\n      if (\n        !options.allowedTags.includes(tagName) &&\n        !options.allowUnknownElements\n      ) {\n        strippedTags.push(tagName);\n        node.parentNode?.removeChild(node);\n        return;\n      }\n\n      // Clean attributes\n      const allowedAttrs = options.allowedAttributes[\"*\"] || [];\n\n      const toRemove: string[] = [];\n      for (const attr of Array.from(el.attributes)) {\n        const attrName = attr.name.toLowerCase();\n\n        if (attrName.startsWith(\"on\")) {\n          toRemove.push(attr.name);\n          strippedAttributes.push(`${tagName}.${attr.name}`);\n          continue;\n        }\n        if (attrName === \"xlink:href\" || attrName === \"xmlns:xlink\") {\n          toRemove.push(attr.name);\n          strippedAttributes.push(`${tagName}.${attr.name}`);\n          continue;\n        }\n        if (attrName === \"style\") {\n          toRemove.push(attr.name);\n          strippedAttributes.push(`${tagName}.${attr.name}`);\n          continue;\n        }\n\n        if (\n          !allowedAttrs.includes(attr.name) &&\n          !options.allowUnknownAttributes\n        ) {\n          toRemove.push(attr.name);\n          strippedAttributes.push(`${tagName}.${attr.name}`);\n        }\n      }\n      toRemove.forEach((attrName) => el.removeAttribute(attrName));\n    }\n\n    // Recursively clean children\n    const children = Array.from(node.childNodes);\n    children.forEach((child) => cleanNode(child));\n  }\n\n  cleanNode(doc.documentElement as unknown as Node);\n\n  return {\n    svg: serializer.serializeToString(doc),\n    audit: { strippedTags, strippedAttributes },\n  };\n}\n\nexport function validateSvgAvatar(\n  buffer: Buffer\n): Promise<ImageValidationResult> {\n  const svgText = buffer.toString(\"utf8\");\n\n  const { svg: cleanSvg } = sanitiseSVG(svgText, {\n    allowedTags: [\n      \"svg\",\n      \"g\",\n      \"rect\",\n      \"circle\",\n      \"ellipse\",\n      \"line\",\n      \"polygon\",\n      \"polyline\",\n      \"path\",\n      \"text\",\n      \"title\",\n      \"desc\",\n    ],\n    allowedAttributes: {\n      \"*\": [\n        \"width\",\n        \"height\",\n        \"viewBox\",\n        \"xmlns\",\n        \"transform\",\n        \"x\",\n        \"y\",\n        \"cx\",\n        \"cy\",\n        \"r\",\n        \"rx\",\n        \"ry\",\n        \"x1\",\n        \"y1\",\n        \"x2\",\n        \"y2\",\n        \"points\",\n        \"d\",\n        \"fill\",\n        \"stroke\",\n        \"stroke-width\",\n        \"font-family\",\n        \"font-size\",\n        \"text-anchor\",\n      ],\n    },\n\n    allowComments: false,\n    allowUnknownElements: false,\n    allowUnknownAttributes: false,\n  });\n\n  const cleanBuffer = Buffer.from(cleanSvg, \"utf8\");\n\n  // Basic sanity checks\n  if (cleanBuffer.length > 256 * 1024) {\n    throw new Error(\"SVG too large (max 256 KB)\");\n  }\n\n  return Promise.resolve({\n    width: 0, // SVG is scalable, can’t guarantee pixel dimensions\n    height: 0,\n    format: \"svg\",\n    size: cleanBuffer.length,\n    safeBuffer: cleanBuffer,\n  });\n}\n","import sharp from \"sharp\";\nimport { validateSvgAvatar } from \"./svgValidator.js\";\n\nexport interface ImageValidationResult {\n  width: number;\n  height: number;\n  format: string;\n  size: number;\n  safeBuffer: Buffer;\n}\n\nexport async function validateAvatarImage(\n  buffer: Buffer\n): Promise<ImageValidationResult> {\n  const metadata = await sharp(buffer).metadata();\n  const format = metadata.format;\n\n  if (!format) {\n    throw new Error(\"Unsupported or unknown image format\");\n  }\n\n  const width = metadata.width;\n  const height = metadata.height;\n\n  if (!width || !height) {\n    throw new Error(\"Could not determine image dimensions\");\n  }\n\n  if (width < 64 || height < 64) {\n    throw new Error(\"Image too small (min 64x64)\");\n  }\n\n  if (width > 2048 || height > 2048) {\n    throw new Error(\"Image too large (max 2048x2048)\");\n  }\n\n  const targetFormat = \"png\"; // common safe web format\n\n  let safeBuffer: Buffer;\n\n  if (format === \"svg\") {\n    const svgText = buffer.toString(\"utf8\");\n    const svgValidation = await validateSvgAvatar(\n      Buffer.from(svgText, \"utf-8\")\n    );\n    safeBuffer = await sharp(svgValidation.safeBuffer)\n      .resize({\n        width: Math.min(width, 2048),\n        height: Math.min(height, 2048),\n        fit: \"inside\",\n      })\n      .toFormat(targetFormat)\n      .toBuffer();\n  } else {\n    safeBuffer = await sharp(buffer)\n      .resize({\n        width: Math.min(width, 2048),\n        height: Math.min(height, 2048),\n        fit: \"inside\",\n      })\n      .toFormat(targetFormat, { quality: 90 })\n      .toBuffer();\n  }\n\n  return {\n    width,\n    height,\n    format,\n    size: buffer.length,\n    safeBuffer,\n  };\n}\n"],"mappings":";AACA,SAAS,WAAW,qBAAqB;AAGlC,SAAS,YACd,SACA,SAUA;AACA,QAAM,eAAyB,CAAC;AAChC,QAAM,qBAA+B,CAAC;AAEtC,QAAM,SAAS,IAAI,UAAU;AAAA,IAC3B,SAAS,CACP,OACA,QACS;AACT,cAAQ,OAAO;AAAA,QACb,KAAK;AACH;AAAA,QACF;AACE,gBAAM,IAAI,MAAM,GAAG;AAAA,MACvB;AAAA,IACF;AAAA,EACF,CAAC;AACD,QAAM,aAAa,IAAI,cAAc;AACrC,QAAM,MAAM,OAAO,gBAAgB,SAAS,eAAe;AAE3D,WAAS,UAAU,MAAmB;AAGpC,QAAI,SAAS,KAAM;AAEnB,QAAI,KAAK,aAAa,KAAmB,CAAC,QAAQ,eAAe;AAC/D,WAAK,YAAY,YAAY,IAAI;AACjC;AAAA,IACF;AAEA,QAAI,KAAK,aAAa,GAAiB;AACrC,YAAM,KAAK;AACX,YAAM,UAAU,GAAG,QAAQ,YAAY;AAGvC,UAAI,YAAY,SAAS;AACvB,qBAAa,KAAK,OAAO;AACzB,aAAK,YAAY,YAAY,IAAI;AACjC;AAAA,MACF;AAEA,UACE,CAAC,QAAQ,YAAY,SAAS,OAAO,KACrC,CAAC,QAAQ,sBACT;AACA,qBAAa,KAAK,OAAO;AACzB,aAAK,YAAY,YAAY,IAAI;AACjC;AAAA,MACF;AAGA,YAAM,eAAe,QAAQ,kBAAkB,GAAG,KAAK,CAAC;AAExD,YAAM,WAAqB,CAAC;AAC5B,iBAAW,QAAQ,MAAM,KAAK,GAAG,UAAU,GAAG;AAC5C,cAAM,WAAW,KAAK,KAAK,YAAY;AAEvC,YAAI,SAAS,WAAW,IAAI,GAAG;AAC7B,mBAAS,KAAK,KAAK,IAAI;AACvB,6BAAmB,KAAK,GAAG,OAAO,IAAI,KAAK,IAAI,EAAE;AACjD;AAAA,QACF;AACA,YAAI,aAAa,gBAAgB,aAAa,eAAe;AAC3D,mBAAS,KAAK,KAAK,IAAI;AACvB,6BAAmB,KAAK,GAAG,OAAO,IAAI,KAAK,IAAI,EAAE;AACjD;AAAA,QACF;AACA,YAAI,aAAa,SAAS;AACxB,mBAAS,KAAK,KAAK,IAAI;AACvB,6BAAmB,KAAK,GAAG,OAAO,IAAI,KAAK,IAAI,EAAE;AACjD;AAAA,QACF;AAEA,YACE,CAAC,aAAa,SAAS,KAAK,IAAI,KAChC,CAAC,QAAQ,wBACT;AACA,mBAAS,KAAK,KAAK,IAAI;AACvB,6BAAmB,KAAK,GAAG,OAAO,IAAI,KAAK,IAAI,EAAE;AAAA,QACnD;AAAA,MACF;AACA,eAAS,QAAQ,CAAC,aAAa,GAAG,gBAAgB,QAAQ,CAAC;AAAA,IAC7D;AAGA,UAAM,WAAW,MAAM,KAAK,KAAK,UAAU;AAC3C,aAAS,QAAQ,CAAC,UAAU,UAAU,KAAK,CAAC;AAAA,EAC9C;AAEA,YAAU,IAAI,eAAkC;AAEhD,SAAO;AAAA,IACL,KAAK,WAAW,kBAAkB,GAAG;AAAA,IACrC,OAAO,EAAE,cAAc,mBAAmB;AAAA,EAC5C;AACF;AAEO,SAAS,kBACd,QACgC;AAChC,QAAM,UAAU,OAAO,SAAS,MAAM;AAEtC,QAAM,EAAE,KAAK,SAAS,IAAI,YAAY,SAAS;AAAA,IAC7C,aAAa;AAAA,MACX;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,IACA,mBAAmB;AAAA,MACjB,KAAK;AAAA,QACH;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAAA,IAEA,eAAe;AAAA,IACf,sBAAsB;AAAA,IACtB,wBAAwB;AAAA,EAC1B,CAAC;AAED,QAAM,cAAc,OAAO,KAAK,UAAU,MAAM;AAGhD,MAAI,YAAY,SAAS,MAAM,MAAM;AACnC,UAAM,IAAI,MAAM,4BAA4B;AAAA,EAC9C;AAEA,SAAO,QAAQ,QAAQ;AAAA,IACrB,OAAO;AAAA;AAAA,IACP,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,MAAM,YAAY;AAAA,IAClB,YAAY;AAAA,EACd,CAAC;AACH;;;ACrLA,OAAO,WAAW;AAWlB,eAAsB,oBACpB,QACgC;AAChC,QAAM,WAAW,MAAM,MAAM,MAAM,EAAE,SAAS;AAC9C,QAAM,SAAS,SAAS;AAExB,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI,MAAM,qCAAqC;AAAA,EACvD;AAEA,QAAM,QAAQ,SAAS;AACvB,QAAM,SAAS,SAAS;AAExB,MAAI,CAAC,SAAS,CAAC,QAAQ;AACrB,UAAM,IAAI,MAAM,sCAAsC;AAAA,EACxD;AAEA,MAAI,QAAQ,MAAM,SAAS,IAAI;AAC7B,UAAM,IAAI,MAAM,6BAA6B;AAAA,EAC/C;AAEA,MAAI,QAAQ,QAAQ,SAAS,MAAM;AACjC,UAAM,IAAI,MAAM,iCAAiC;AAAA,EACnD;AAEA,QAAM,eAAe;AAErB,MAAI;AAEJ,MAAI,WAAW,OAAO;AACpB,UAAM,UAAU,OAAO,SAAS,MAAM;AACtC,UAAM,gBAAgB,MAAM;AAAA,MAC1B,OAAO,KAAK,SAAS,OAAO;AAAA,IAC9B;AACA,iBAAa,MAAM,MAAM,cAAc,UAAU,EAC9C,OAAO;AAAA,MACN,OAAO,KAAK,IAAI,OAAO,IAAI;AAAA,MAC3B,QAAQ,KAAK,IAAI,QAAQ,IAAI;AAAA,MAC7B,KAAK;AAAA,IACP,CAAC,EACA,SAAS,YAAY,EACrB,SAAS;AAAA,EACd,OAAO;AACL,iBAAa,MAAM,MAAM,MAAM,EAC5B,OAAO;AAAA,MACN,OAAO,KAAK,IAAI,OAAO,IAAI;AAAA,MAC3B,QAAQ,KAAK,IAAI,QAAQ,IAAI;AAAA,MAC7B,KAAK;AAAA,IACP,CAAC,EACA,SAAS,cAAc,EAAE,SAAS,GAAG,CAAC,EACtC,SAAS;AAAA,EACd;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA,MAAM,OAAO;AAAA,IACb;AAAA,EACF;AACF;","names":[]}

package/docs/adrs/index.md

@@ -0,0 +1,4 @@
+# ADR Index
+
+- [ADR-0001: Standalone @plasius/images Package Scope](./adr-0001-images-package-scope.md)
+- [ADR-0002: Public Repository Governance Baseline](./adr-0002-public-repo-governance.md)

package/package.json

@@ -1,26 +1,25 @@
 {
   "name": "@plasius/images",
-  "version": "1.0.0",
-  "main": "./dist-cjs/index.js",
+  "version": "1.0.2",
+  "main": "./dist/index.cjs",
   "types": "./dist/index.d.ts",
   "private": false,
   "type": "module",
   "description": "Image validator and uploader for Plasius projects",
   "scripts": {
-    "build": "tsc --build && npm run build:cjs",
+    "build": "tsup",
     "test": "vitest run",
     "test:watch": "vitest",
     "test:coverage": "vitest run --coverage",
     "test:coverage:watch": "vitest --coverage",
-    "clean": "rimraf dist-cjs dist tsconfig.tsbuildinfo",
+    "clean": "rimraf dist dist-cjs tsconfig.tsbuildinfo",
     "reset:clean": "rm -rf node_modules package-lock.json && npm run clean",
     "audit:ts": "tsc --noEmit --pretty",
     "audit:eslint": "eslint \"{src,apps,packages}/**/*.{ts,tsx}\" --max-warnings=0 --ext .ts,.tsx",
-    "audit:deps": "depcheck --skip-missing=true",
+    "audit:deps": "npm ls --all --omit=optional --omit=peer > /dev/null 2>&1 || true",
     "audit:npm": "npm audit --audit-level=moderate || true",
     "audit:test": "vitest run --coverage",
     "audit:all": "npm-run-all -l audit:ts audit:eslint audit:deps audit:npm audit:test",
-    "build:cjs": "tsc -p tsconfig.json --module commonjs --moduleResolution node --outDir dist-cjs --tsBuildInfoFile dist-cjs/tsconfig.tsbuildinfo",
     "lint": "eslint .",
     "prepare": "npm run build"
   },
@@ -36,35 +35,34 @@
   },
   "devDependencies": {
     "@azure/cosmos": "^4.4.1",
-    "@types/node": "^24.3.1",
     "@testing-library/react": "^16.3.0",
+    "@types/node": "^24.3.1",
     "@types/react": "^19.1.8",
     "@types/uuid": "^10.0.0",
-    "@typescript-eslint/eslint-plugin": "^8.38.0",
-    "@typescript-eslint/parser": "^8.38.0",
-    "@vitest/coverage-v8": "^3.2.4",
+    "@typescript-eslint/eslint-plugin": "^8.56.0",
+    "@typescript-eslint/parser": "^8.56.0",
+    "@vitest/coverage-v8": "^4.0.18",
     "ajv": "^6.12.6",
-    "depcheck": "^1.4.7",
-    "eslint": "^9.33.0",
-    "npm-run-all": "^4.1.5",
+    "eslint": "^10.0.1",
+    "npm-run-all": "^1.1.3",
     "react": "^19.1.0",
+    "tsup": "^8.5.0",
     "tsx": "^4.20.3",
     "typescript": "^5.8.3",
-    "vitest": "^3.2.4",
+    "vitest": "^4.0.18",
     "zod": "^4.0.17"
   },
   "exports": {
     ".": {
       "types": "./dist/index.d.ts",
       "import": "./dist/index.js",
-      "require": "./dist-cjs/index.js"
+      "require": "./dist/index.cjs"
     },
     "./package.json": "./package.json"
   },
   "module": "./dist/index.js",
   "files": [
     "dist",
-    "dist-cjs",
     "src",
     "README.md",
     "CHANGELOG.md",
@@ -98,5 +96,8 @@
   ],
   "engines": {
     "node": ">=22.12"
+  },
+  "overrides": {
+    "minimatch": "^10.2.1"
   }
 }

package/dist/detectFormat.d.ts

@@ -1,2 +0,0 @@
-export declare function detectFormat(buffer: Buffer): "jpeg" | "png" | "webp" | "svg" | undefined;
-//# sourceMappingURL=detectFormat.d.ts.map

package/dist/detectFormat.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"detectFormat.d.ts","sourceRoot":"","sources":["../src/detectFormat.ts"],"names":[],"mappings":"AAAA,wBAAgB,YAAY,CAC1B,MAAM,EAAE,MAAM,GACb,MAAM,GAAG,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,SAAS,CAyB7C"}