@shipstatic/ship 0.5.4 → 0.5.5

package/dist/browser.d.ts

@@ -1,5 +1,5 @@
 import * as _shipstatic_types from '@shipstatic/types';
-import { ProgressInfo, StaticFile, Domain, Deployment, DeploymentListResponse, DomainListResponse, DomainDnsResponse, DomainRecordsResponse, DomainValidateResponse, TokenCreateResponse, TokenListResponse, Account, ConfigResponse, PlatformConfig, ResolvedConfig, DeployInput, AccountResource, DeploymentResource, DomainResource, TokenResource, ValidatableFile, FileValidationResult } from '@shipstatic/types';
+import { ProgressInfo, StaticFile, Domain, Deployment, DeploymentListResponse, DomainListResponse, DomainDnsResponse, DomainRecordsResponse, DomainValidateResponse, TokenCreateResponse, TokenListResponse, Account, ConfigResponse, ResolvedConfig, DeployInput, AccountResource, DeploymentResource, DomainResource, TokenResource, ValidatableFile, FileValidationResult } from '@shipstatic/types';
 export * from '@shipstatic/types';
 export { Account, AccountResource, DEFAULT_API, DeployInput, Deployment, DeploymentResource, Domain, DomainResource, ErrorType, FileValidationStatus as FILE_VALIDATION_STATUS, PingResponse, ResolvedConfig, ShipError, StaticFile, TokenResource } from '@shipstatic/types';
 
@@ -237,10 +237,6 @@ declare class ApiHttp extends SimpleEvents {
  * This means CLI flags always win, followed by env vars, then config files.
  */
 
-/**
- * Cross-environment config loader that dispatches to appropriate implementation.
- */
-declare function loadConfig(configFile?: string): Promise<PlatformConfig>;
 /**
  * Universal configuration resolver for all environments.
  * This is the single source of truth for config resolution.
@@ -580,6 +576,29 @@ declare function getValidFiles<T extends ValidatableFile>(files: T[]): T[];
  */
 declare function allValidFilesReady<T extends ValidatableFile>(files: T[]): boolean;
 
+/**
+ * Validate a deploy path for security concerns.
+ * Rejects paths containing path traversal patterns or null bytes.
+ *
+ * Checks for:
+ * - Null bytes (\0) — path injection
+ * - /../ — directory traversal within path
+ * - ../ at start — upward traversal
+ * - /.. at end — trailing traversal
+ *
+ * Does NOT reject double dots in filenames (e.g., "foo..bar.txt" is safe).
+ *
+ * @param deployPath - The deployment path to validate
+ * @param sourceIdentifier - Human-readable identifier for error messages
+ * @throws {ShipError} If the path contains unsafe patterns
+ */
+declare function validateDeployPath(deployPath: string, sourceIdentifier: string): void;
+
+/**
+ * Get MIME type from file path (browser-compatible, no Node.js dependencies)
+ */
+declare function getMimeType(path: string): string;
+
 /**
  * @file Platform configuration management for the Ship SDK.
  * Implements fail-fast dynamic configuration with mandatory API fetch.
@@ -597,17 +616,22 @@ declare function getCurrentConfig(): ConfigResponse;
 
 /**
  * @file Browser-specific file utilities for the Ship SDK.
- * Provides helpers for processing browser files into deploy-ready objects and extracting common directory info.
+ * Provides helpers for processing browser files into deploy-ready objects.
+ *
+ * Pipeline order matches Node.js (node-files.ts) for consistency:
+ * 1. Extract paths → 2. Filter junk → 3. Optimize paths →
+ * 4. Security validate → 5. Skip empties → 6. Size validate →
+ * 7. Calculate MD5 → 8. Count validate
  */
 
 /**
  * Processes browser files into an array of StaticFile objects ready for deploy.
- * Calculates MD5, filters junk files, and applies automatic path optimization.
+ * Calculates MD5, filters junk files, validates sizes, and applies path optimization.
  *
  * @param browserFiles - File[] to process for deploy.
  * @param options - Processing options including pathDetect for automatic path optimization.
  * @returns Promise resolving to an array of StaticFile objects.
- * @throws {ShipClientError} If called outside a browser or with invalid input.
+ * @throws {ShipError} If called outside a browser or with invalid input.
  */
 declare function processFilesForBrowser(browserFiles: File[], options?: DeploymentOptions): Promise<StaticFile[]>;
 
@@ -644,4 +668,4 @@ declare class Ship extends Ship$1 {
     protected getDeployBodyCreator(): DeployBodyCreator;
 }
 
-export { type ApiDeployOptions, ApiHttp, type ApiHttpOptions, type DeployBody, type DeployBodyCreator, type DeployFile, type DeploymentOptions, type DeploymentResourceContext, type DomainSetResult, type ExecutionEnvironment, JUNK_DIRECTORIES, type MD5Result, type ResourceContext, Ship, type ShipClientOptions, type ShipEvents, __setTestEnvironment, allValidFilesReady, calculateMD5, createAccountResource, createDeploymentResource, createDomainResource, createTokenResource, Ship as default, filterJunk, formatFileSize, getCurrentConfig, getENV, getValidFiles, loadConfig, mergeDeployOptions, optimizeDeployPaths, pluralize, processFilesForBrowser, resolveConfig, setConfig as setPlatformConfig, validateFiles };
+export { type ApiDeployOptions, ApiHttp, type ApiHttpOptions, type DeployBody, type DeployBodyCreator, type DeployFile, type DeploymentOptions, type DeploymentResourceContext, type DomainSetResult, type ExecutionEnvironment, JUNK_DIRECTORIES, type MD5Result, type ResourceContext, Ship, type ShipClientOptions, type ShipEvents, __setTestEnvironment, allValidFilesReady, calculateMD5, createAccountResource, createDeploymentResource, createDomainResource, createTokenResource, Ship as default, filterJunk, formatFileSize, getCurrentConfig, getENV, getMimeType, getValidFiles, mergeDeployOptions, optimizeDeployPaths, pluralize, processFilesForBrowser, resolveConfig, setConfig as setPlatformConfig, validateDeployPath, validateFiles };