npm - @plasius/schema - Versions diffs - 1.1.0 → 1.1.1 - Mend

@plasius/schema 1.1.0 → 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (58) hide show

package/dist/index.cjs +1934 -0
package/dist/index.cjs.map +1 -0
package/dist/index.d.cts +391 -0
package/dist/index.d.ts +391 -0
package/dist/index.js +1883 -0
package/dist/index.js.map +1 -0
package/package.json +18 -6
package/.eslintrc.cjs +0 -7
package/.github/workflows/cd.yml +0 -236
package/.github/workflows/ci.yml +0 -16
package/.nvmrc +0 -1
package/.vscode/launch.json +0 -15
package/CHANGELOG.md +0 -120
package/CODE_OF_CONDUCT.md +0 -79
package/CONTRIBUTING.md +0 -201
package/CONTRIBUTORS.md +0 -27
package/SECURITY.md +0 -17
package/docs/adrs/adr-0001: schema.md +0 -45
package/docs/adrs/adr-template.md +0 -67
package/legal/CLA-REGISTRY.csv +0 -2
package/legal/CLA.md +0 -22
package/legal/CORPORATE_CLA.md +0 -57
package/legal/INDIVIDUAL_CLA.md +0 -91
package/sbom.cdx.json +0 -66
package/src/components.ts +0 -39
package/src/field.builder.ts +0 -239
package/src/field.ts +0 -153
package/src/index.ts +0 -7
package/src/infer.ts +0 -34
package/src/pii.ts +0 -165
package/src/schema.ts +0 -893
package/src/types.ts +0 -156
package/src/validation/countryCode.ISO3166.ts +0 -256
package/src/validation/currencyCode.ISO4217.ts +0 -191
package/src/validation/dateTime.ISO8601.ts +0 -60
package/src/validation/email.RFC5322.ts +0 -9
package/src/validation/generalText.OWASP.ts +0 -39
package/src/validation/index.ts +0 -13
package/src/validation/languageCode.BCP47.ts +0 -299
package/src/validation/name.OWASP.ts +0 -25
package/src/validation/percentage.ISO80000-1.ts +0 -8
package/src/validation/phone.E.164.ts +0 -9
package/src/validation/richtext.OWASP.ts +0 -34
package/src/validation/url.WHATWG.ts +0 -16
package/src/validation/user.MS-GOOGLE-APPLE.ts +0 -31
package/src/validation/uuid.RFC4122.ts +0 -10
package/src/validation/version.SEMVER2.0.0.ts +0 -10
package/tests/field.builder.test.ts +0 -81
package/tests/fields.test.ts +0 -213
package/tests/pii.test.ts +0 -139
package/tests/schema.test.ts +0 -501
package/tests/test-utils.ts +0 -97
package/tests/validate.test.ts +0 -97
package/tests/validation.test.ts +0 -98
package/tsconfig.build.json +0 -19
package/tsconfig.json +0 -7
package/tsup.config.ts +0 -10
package/vitest.config.js +0 -20

package/src/validation/index.ts DELETED Viewed

@@ -1,13 +0,0 @@
-export * from "./email.RFC5322.js";
-export * from "./phone.E.164.js";
-export * from "./url.WHATWG.js";
-export * from "./uuid.RFC4122.js";
-export * from "./dateTime.ISO8601.js";
-export * from "./countryCode.ISO3166.js";
-export * from "./currencyCode.ISO4217.js";
-export * from "./generalText.OWASP.js";
-export * from "./version.SEMVER2.0.0.js";
-export * from "./percentage.ISO80000-1.js";
-export * from "./richtext.OWASP.js";
-export * from "./name.OWASP.js";
-export * from "./user.MS-GOOGLE-APPLE.js";

package/src/validation/languageCode.BCP47.ts DELETED Viewed

@@ -1,299 +0,0 @@
-/* eslint-disable @typescript-eslint/consistent-type-assertions */
-/**
- * ISO 639-1 language codes (two-letter).
- * Tip: Keep this list as source of truth for supported languages in your app.
- */
-export enum IsoLanguageCode {
-  Afar = "aa",
-  Abkhazian = "ab",
-  Afrikaans = "af",
-  Akan = "ak",
-  Albanian = "sq",
-  Amharic = "am",
-  Arabic = "ar",
-  Aragonese = "an",
-  Armenian = "hy",
-  Assamese = "as",
-  Avaric = "av",
-  Aymara = "ay",
-  Azerbaijani = "az",
-  Bashkir = "ba",
-  Bambara = "bm",
-  Basque = "eu",
-  Belarusian = "be",
-  Bengali = "bn",
-  Bislama = "bi",
-  Bosnian = "bs",
-  Breton = "br",
-  Bulgarian = "bg",
-  Burmese = "my",
-  Catalan = "ca",
-  Chamorro = "ch",
-  Chechen = "ce",
-  Chinese = "zh",
-  ChurchSlavic = "cu",
-  Chuvash = "cv",
-  Cornish = "kw",
-  Corsican = "co",
-  Cree = "cr",
-  Croatian = "hr",
-  Czech = "cs",
-  Danish = "da",
-  Divehi = "dv",
-  Dutch = "nl",
-  Dzongkha = "dz",
-  English = "en",
-  Esperanto = "eo",
-  Estonian = "et",
-  Ewe = "ee",
-  Faroese = "fo",
-  Fijian = "fj",
-  Finnish = "fi",
-  French = "fr",
-  WesternFrisian = "fy",
-  Fulah = "ff",
-  Gaelic = "gd",
-  Galician = "gl",
-  Ganda = "lg",
-  Georgian = "ka",
-  German = "de",
-  Greek = "el",
-  Kalaallisut = "kl",
-  Guarani = "gn",
-  Gujarati = "gu",
-  Haitian = "ht",
-  Hausa = "ha",
-  Hebrew = "he",
-  Herero = "hz",
-  Hindi = "hi",
-  HiriMotu = "ho",
-  Hungarian = "hu",
-  Icelandic = "is",
-  Ido = "io",
-  Igbo = "ig",
-  Indonesian = "id",
-  Interlingua = "ia",
-  Interlingue = "ie",
-  Inuktitut = "iu",
-  Inupiaq = "ik",
-  Irish = "ga",
-  Italian = "it",
-  Japanese = "ja",
-  Javanese = "jv",
-  Kannada = "kn",
-  Kanuri = "kr",
-  Kashmiri = "ks",
-  Kazakh = "kk",
-  CentralKhmer = "km",
-  Kikuyu = "ki",
-  Kinyarwanda = "rw",
-  Kyrgyz = "ky",
-  Komi = "kv",
-  Kongo = "kg",
-  Korean = "ko",
-  Kuanyama = "kj",
-  Kurdish = "ku",
-  Lao = "lo",
-  Latin = "la",
-  Latvian = "lv",
-  Limburgan = "li",
-  Lingala = "ln",
-  Lithuanian = "lt",
-  LubaKatanga = "lu",
-  Luxembourgish = "lb",
-  Macedonian = "mk",
-  Malagasy = "mg",
-  Malay = "ms",
-  Malayalam = "ml",
-  Maltese = "mt",
-  Manx = "gv",
-  Maori = "mi",
-  Marathi = "mr",
-  Marshallese = "mh",
-  Mongolian = "mn",
-  Nauru = "na",
-  Navajo = "nv",
-  NorthNdebele = "nd",
-  SouthNdebele = "nr",
-  Ndonga = "ng",
-  Nepali = "ne",
-  Norwegian = "no",
-  NorwegianBokmal = "nb",
-  NorwegianNynorsk = "nn",
-  SichuanYi = "ii",
-  Occitan = "oc",
-  Ojibwa = "oj",
-  Oriya = "or",
-  Oromo = "om",
-  Ossetian = "os",
-  Pali = "pi",
-  Pashto = "ps",
-  Persian = "fa",
-  Polish = "pl",
-  Portuguese = "pt",
-  Punjabi = "pa",
-  Quechua = "qu",
-  Romansh = "rm",
-  Romanian = "ro",
-  Rundi = "rn",
-  Russian = "ru",
-  Samoan = "sm",
-  Sango = "sg",
-  Sanskrit = "sa",
-  Sardinian = "sc",
-  Serbian = "sr",
-  Shona = "sn",
-  Sindhi = "sd",
-  Sinhala = "si",
-  Slovak = "sk",
-  Slovenian = "sl",
-  Somali = "so",
-  SouthernSotho = "st",
-  Spanish = "es",
-  Sundanese = "su",
-  Swahili = "sw",
-  Swati = "ss",
-  Swedish = "sv",
-  Tagalog = "tl",
-  Tahitian = "ty",
-  Tajik = "tg",
-  Tamil = "ta",
-  Tatar = "tt",
-  Telugu = "te",
-  Thai = "th",
-  Tibetan = "bo",
-  Tigrinya = "ti",
-  Tonga = "to",
-  Tsonga = "ts",
-  Tswana = "tn",
-  Turkish = "tr",
-  Turkmen = "tk",
-  Twi = "tw",
-  Uighur = "ug",
-  Ukrainian = "uk",
-  Urdu = "ur",
-  Uzbek = "uz",
-  Venda = "ve",
-  Vietnamese = "vi",
-  Volapuk = "vo",
-  Walloon = "wa",
-  Welsh = "cy",
-  Wolof = "wo",
-  Xhosa = "xh",
-  Yiddish = "yi",
-  Yoruba = "yo",
-  Zhuang = "za",
-  Zulu = "zu",
-}
-/** Fast lookup set for enum values (lowercase 2-letter codes). */
-const ISO_LANGUAGE_SET: ReadonlySet<string> = new Set<string>(
-  Object.values(IsoLanguageCode)
-);
-/** Type guard: primary language must be one of the enum values. */
-export function isIsoLanguageCode(value: unknown): value is IsoLanguageCode {
-  return typeof value === "string" && ISO_LANGUAGE_SET.has(value.toLowerCase());
-}
-/**
- * Region validator per BCP 47:
- * - ISO 3166-1 alpha-2: 2 uppercase letters (e.g., GB, US)
- * - UN M.49 numeric: 3 digits (e.g., 419 for Latin America)
- *
- * NOTE: This validates *shape* not membership against the 3166 list.
- * If you want hard membership, we can add a Set of all alpha-2 regions.
- */
-export function isRegionSubtag(value: string): boolean {
-  return /^[A-Z]{2}$/.test(value) || /^\d{3}$/.test(value);
-}
-/** Script subtag per ISO 15924: one capital + three lowercase (e.g., Latn, Cyrl, Hans). */
-export function isScriptSubtag(value: string): boolean {
-  return /^[A-Z][a-z]{3}$/.test(value);
-}
-/** Variant subtag per BCP 47: 5–8 alnum, or 4 starting with a digit. */
-export function isVariantSubtag(value: string): boolean {
-  return /^([0-9][A-Za-z0-9]{3}|[A-Za-z0-9]{5,8})$/.test(value);
-}
-/** Extension sequence: singleton (alnum except 'x') + one or more 2–8 alnum subtags. */
-export function isExtensionSingleton(value: string): boolean {
-  return /^[0-9A-WY-Za-wy-z]$/.test(value); // any alnum except 'x' (private-use)
-}
-export function isExtensionSubtag(value: string): boolean {
-  return /^[A-Za-z0-9]{2,8}$/.test(value);
-}
-/** Private-use subtag: 'x' then one or more 1–8 alnum subtags. */
-export function isPrivateUseSingleton(value: string): boolean {
-  return value.toLowerCase() === "x";
-}
-export function isPrivateUseSubtag(value: string): boolean {
-  return /^[A-Za-z0-9]{1,8}$/.test(value);
-}
-/**
- * Validates:
- *  - plain language: "en"
- *  - language + region: "en-GB"
- *  - language + script + region: "sr-Cyrl-RS"
- *  - language + variants: "sl-rozaj-biske", "de-CH-1996"
- *  - extensions: "en-GB-u-ca-gregory"
- *  - private-use: "en-x-klingon" or just "x-piglatin"
- *
- * Returns true only if the primary language is in IsoLanguageCode
- * and the rest of the tag conforms to BCP 47 structure.
- */
-export function validateLanguage(value: unknown): boolean {
-  if (typeof value !== "string" || value.length === 0) return false;
-  const parts = value.split("-");
-  let i = 0;
-  // 1) primary language (must be enum member; we use lowercase for comparison)
-  const lang = parts[i];
-  if (!lang || !isIsoLanguageCode(lang)) return false;
-  i += 1;
-  // 2) optional script
-  if (i < parts.length && isScriptSubtag(parts[i] as string)) {
-    i += 1;
-  }
-  // 3) optional region
-  if (i < parts.length && isRegionSubtag((parts[i] as string).toUpperCase())) {
-    // region must be uppercase if alpha; we normalize for check only
-    i += 1;
-  }
-  // 4) zero or more variants
-  while (i < parts.length && isVariantSubtag((parts[i] as string))) {
-    i += 1;
-  }
-  // 5) zero or more extensions
-  //    extension = singleton ; 2–8 ; ( ; 2–8 )*
-  while (i < parts.length && isExtensionSingleton((parts[i] as string))) {
-    i += 1;
-    // must have at least one following subtag of length 2–8
-    if (!(i < parts.length && isExtensionSubtag(parts[i]!))) return false;
-    while (i < parts.length && isExtensionSubtag(parts[i]!)) {
-      i += 1;
-    }
-  }
-  // 6) optional private-use: 'x' 1*('-' (1*8alnum))
-  if (i < parts.length && isPrivateUseSingleton(parts[i]!)) {
-    i += 1;
-    if (!(i < parts.length && isPrivateUseSubtag(parts[i]!))) return false;
-    while (i < parts.length && isPrivateUseSubtag(parts[i]!)) {
-      i += 1;
-    }
-  }
-  // no leftovers
-  return i === parts.length;
-}

package/src/validation/name.OWASP.ts DELETED Viewed

@@ -1,25 +0,0 @@
-/**
- * Validates that a name is safe, culturally inclusive, and matches global best practice.
- * Global Standard: OWASP Input Validation Cheat Sheet + ICAO Doc 9303 + IETF PRECIS
- */
-export function validateName(value: unknown): boolean {
-  if (typeof value !== "string") return false;
-  const trimmed = value.trim();
-  if (trimmed.length === 0) return false;
-  // Limit length (ISO guidance: max 256 is typical)
-  if (trimmed.length > 256) return false;
-  // Reject ASCII control chars (U+0000–U+001F and U+007F)
-  for (const ch of trimmed) {
-    const cp = ch.codePointAt(0)!;
-    if ((cp >= 0x00 && cp <= 0x1F) || cp === 0x7F) return false;
-  }
-  // Core pattern
-  const namePattern = /^[\p{L}\p{M}'\- ]+$/u;
-  if (!namePattern.test(trimmed)) return false;
-  return true;
-}

package/src/validation/percentage.ISO80000-1.ts DELETED Viewed

@@ -1,8 +0,0 @@
-/**
- * Validates that a number is a percentage value (0 to 100 inclusive).
- * Global Standard: ISO 80000-1 percentage definition.
- */
-export function validatePercentage(value: unknown): boolean {
-  if (typeof value !== "number") return false;
-  return value >= 0 && value <= 100;
-}

package/src/validation/phone.E.164.ts DELETED Viewed

@@ -1,9 +0,0 @@
-/**
- *  Validates a phone number string in strict E.164 format.
- *  Returns true for strings like "+441632960960" (max 15 digits, starting with a '+').
- */
-export const validatePhone = (value: unknown): boolean => {
-  if (typeof value !== "string") return false;
-  const phoneRegex = /^\+[1-9]\d{1,14}$/; // E.164 format
-  return phoneRegex.test(value);
-};

package/src/validation/richtext.OWASP.ts DELETED Viewed

@@ -1,34 +0,0 @@
-/**
- * Validates rich text input to ensure it contains only safe HTML/Markdown.
- * Global Standard: OWASP HTML Sanitization Guidelines (2024).
- * This validator checks for dangerous patterns — does not sanitize — assumes text will be sanitized downstream.
- */
-export function validateRichText(value: unknown): boolean {
-  if (typeof value !== "string") return false;
-  const trimmed = value.trim();
-  if (trimmed.length === 0) return true; // Allow empty rich text
-  // Reject known dangerous tags
-  if (
-    /<(script|iframe|object|embed|style|link|meta|base|form|input|button|textarea|select)\b/i.test(
-      trimmed
-    )
-  ) {
-    return false;
-  }
-  // Reject javascript: links
-  if (/javascript:/i.test(trimmed)) {
-    return false;
-  }
-  // Reject event handlers (onload, onclick, etc)
-  if (/on\w+=["']?/i.test(trimmed)) {
-    return false;
-  }
-  // Optionally: limit max length (e.g. 10,000 chars)
-  if (trimmed.length > 10000) return false;
-  return true;
-}

package/src/validation/url.WHATWG.ts DELETED Viewed

@@ -1,16 +0,0 @@
-/**
- * Validates a URL string using the WHATWG URL API.
- * Accepts only 'http' or 'https' protocols.
- * Returns true if the URL is syntactically valid.
- */
-export const validateUrl = (value: unknown): boolean => {
-  if (typeof value !== "string") return false;
-  try {
-    const url = new URL(value);
-    // Enforce scheme:
-    if (url.protocol !== "http:" && url.protocol !== "https:") return false;
-    return true;
-  } catch {
-    return false;
-  }
-};

package/src/validation/user.MS-GOOGLE-APPLE.ts DELETED Viewed

@@ -1,31 +0,0 @@
-/**
- * Validates that a user ID is a valid `sub` from one of the supported identity providers.
- * Global Standard: OpenID Connect Core 1.0 `sub` claim.
- */
-export function validateUserId(value: unknown): boolean {
-  if (typeof value !== "string") return false;
-  const trimmed = value.trim();
-  if (trimmed.length === 0) return false;
-  // Google: all digits
-  const googlePattern = /^\d{21,22}$/;
-  // Microsoft: UUID v4
-  const microsoftPattern =
-    /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
-  // Apple: opaque, usually UUID but allow any printable string up to 255 chars
-  const applePattern = /^[\w\-.]{6,255}$/; // Alphanumeric + - . _ (common safe characters)
-  return (
-    googlePattern.test(trimmed) ||
-    microsoftPattern.test(trimmed) ||
-    applePattern.test(trimmed)
-  );
-}
-export function validateUserIdArray(value: unknown): boolean {
-  if (!Array.isArray(value)) return false;
-  return value.every(validateUserId);
-}

package/src/validation/uuid.RFC4122.ts DELETED Viewed

@@ -1,10 +0,0 @@
-/**
- * Validates a string against the RFC 4122 format for UUIDs.
- * Matches UUIDs of versions 1 to 5, e.g., "123e4567-e89b-12d3-a456-426614174000".
- */
-export const validateUUID = (value: unknown): boolean => {
-  if (typeof value !== "string") return false;
-  const uuidRegex =
-    /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
-  return uuidRegex.test(value);
-};

package/src/validation/version.SEMVER2.0.0.ts DELETED Viewed

@@ -1,10 +0,0 @@
-/**
- * Validates that a version string conforms to Semantic Versioning (SemVer 2.0.0).
- * Global Standard: https://semver.org/
- */
-export function validateSemVer(value: unknown): boolean {
-  if (typeof value !== "string") return false;
-  return /^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$/.test(
-    value
-  );
-}

package/tests/field.builder.test.ts DELETED Viewed

@@ -1,81 +0,0 @@
-import { describe, it, expect } from "vitest";
-import { field } from "../src/field";
-import { createSchema } from "../src/schema";
-/**
- * This test verifies that when an older entity (v1.0.0) is validated against a newer
- * schema (v2.0.0), a field-level `.upgrade()` function is invoked to transform the
- * value into the new shape, and that validation passes with the upgraded value.
- */
-describe("schema field upgrade flow", () => {
-  it("upgrades old displayName string → new object shape", () => {
-    const userV2 = createSchema(
-      {
-        // v2 requires an object { given, family } instead of a plain string
-        displayName: field
-          .object({
-            given: field.string().required(),
-            family: field.string().required(),
-          })
-          .version("2.0.0")
-          .upgrade((value, { entityFrom, entityTo, fieldTo, fieldName }) => {
-            if (typeof value === "string") {
-              const parts = value.trim().split(/\s+/);
-              const given = parts.shift() ?? "";
-              const family = parts.join(" ") || "Unknown";
-              return { ok: true, value: { given, family } };
-            }
-            return {
-              ok: false,
-              error: `Cannot upgrade ${fieldName} from non-string`,
-            };
-          }),
-      },
-      "User",
-      { version: "2.0.0", table: "users" }
-    );
-    const oldEntity = {
-      version: "1.0.0",
-      displayName: "Ada Lovelace",
-    } as const;
-    const res = userV2.validate(oldEntity);
-    // Expect our validation contract: no errors and transformed value
-    expect(Array.isArray(res.errors)).toBe(true);
-    expect(res.errors?.length).toBe(0);
-    expect(res.value?.displayName).toEqual({
-      given: "Ada",
-      family: "Lovelace",
-    });
-  });
-  it("fails validation when upgrade is not possible", () => {
-    const userV2 = createSchema(
-      {
-        age: field
-          .number()
-          .version("2.0.0")
-          .upgrade((value) => {
-            // Only upgrade from numeric strings like "42"
-            if (typeof value === "string" && /^\d+$/.test(value)) {
-              return { ok: true, value: Number(value) };
-            }
-            return { ok: false, error: "age cannot be upgraded" };
-          })
-          .required(),
-      },
-      "User",
-      { version: "2.0.0", table: "users" }
-    );
-    const oldEntity = { version: "1.0.0", age: "forty two" } as const;
-    const res = userV2.validate(oldEntity);
-    expect(Array.isArray(res.errors)).toBe(true);
-    expect(res.errors?.length).toBeGreaterThan(0);
-    // Should keep original invalid value when upgrade fails
-    expect(res.value?.age).toBe("forty two");
-  });
-});