npm - @singi-labs/sifa-sdk - Versions diffs - 0.9.3 → 0.9.4 - Mend

@singi-labs/sifa-sdk 0.9.3 → 0.9.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.cts CHANGED Viewed

@@ -94,6 +94,10 @@ declare function getWorkplaceTypeLabel(value: string | undefined | null): string
 declare const PLATFORM_LABELS: {
     readonly bluesky: "Bluesky";
     readonly github: "GitHub";
+    readonly codeberg: "Codeberg";
+    readonly gitlab: "GitLab";
+    readonly forgejo: "Forgejo";
+    readonly gitea: "Gitea";
     readonly linkedin: "LinkedIn";
     readonly youtube: "YouTube";
     readonly twitter: "X (Twitter)";
@@ -259,6 +263,27 @@ declare function getDisplayLabel(displayName: string | undefined, handle: string
 declare function getPdsDisplayName(providerName: string): string;
 declare function detectPdsProvider(handle: string): PdsProvider | null;
+/**
+ * Limit runs of Unicode combining marks (`\p{M}`) to at most `maxPerBase`
+ * marks following any single base character. Defuses "Zalgo" text where
+ * dozens of stacked combining marks render outside the line box and bleed
+ * into neighbouring UI.
+ *
+ * `maxPerBase` defaults to 4 — high enough to preserve legitimate stacks
+ * in Thai, Arabic, Vietnamese, and IPA, low enough to neutralise the
+ * vertical-overflow attack vector.
+ */
+declare function limitCombiningMarks(value: string, maxPerBase?: number): string;
+/**
+ * Sanitise untrusted display text from PDS records before rendering in UI:
+ * - strips bidi formatting controls (LRM/RLM/LRE/RLE/PDF/LRO/RLO/LRI/RLI/FSI/PDI)
+ *   that can hijack reading order or crash `next/og` (see Satori LRM+emoji bug)
+ * - limits stacked combining marks (Zalgo defence)
+ *
+ * Preserves ZWJ (U+200D) so emoji sequences keep rendering.
+ */
+declare function sanitizeDisplayText(value: string, maxCombiningPerBase?: number): string;
 /**
  * Truncate a string to at most `maxLen` grapheme clusters, appending an
  * ellipsis when the string was shortened. Grapheme-aware so it never splits
@@ -393,4 +418,4 @@ declare function countFilledDimensions(input: ProfileDimensionInputs | Profile):
  */
 declare const SIFA_SDK_VERSION: string;
-export { CATEGORY_LABELS, CATEGORY_ORDER, COMPLETENESS_MAX_SCORE, CONTINENTS, COUNTRIES, type ContinentCode, DIMENSIONS_MAX_SCORE, type DimensionKey, type DimensionMap, EMPLOYMENT_TYPE_GROUPS, EMPLOYMENT_TYPE_LABELS, type EmploymentTypeGroup, type EmploymentTypeOption, INDUSTRY_OPTIONS, type IndustryOption, LocationValue, MIN_SKILLS, type MergedProfileSkill, OPEN_TO_OPTIONS, type OpenToOption, PLATFORM_LABELS, PLATFORM_OPTIONS, type PdsProvider, PdsProviderInfo, type PlatformId, Profile, type ProfileCompletion, type ProfileDimensionInputs, ProfileSkill, type RgbColor, SIFA_SDK_VERSION, SKILL_CATEGORIES, type SkillCategory, WORKPLACE_TYPE_LABELS, WORKPLACE_TYPE_OPTIONS, type WorkplaceTypeOption, certDateExtractor, completenessPercent, completenessScore, contrastRatio, countFilledDimensions, countryCodeToFlag, dateRangeExtractor, dedupeSkills, detectPdsProvider, dimensionsFromInputs, findIndustry, formatDistanceToNow, formatLocation, formatRelativeTime, getContinent, getDisplayLabel, getEmploymentTypeLabel, getFaviconUrl, getFilledDimensionsMap, getHandleStem, getIndustryLabelKey, getOpenToLabelKey, getPdsDisplayName, getPlatformLabel, getWorkplaceTypeLabel, groupSkillsByCategory, isKnownPlatform, isValidRgbColor, lexiconDateExtractor, meetsContrastAA, parseLocationString, pdsProviderFromApi, profileToDimensionInputs, relativeLuminance, rgbToString, sanitizeHandleInput, singleDateExtractor, sortByDateDesc, truncateGraphemes };
+export { CATEGORY_LABELS, CATEGORY_ORDER, COMPLETENESS_MAX_SCORE, CONTINENTS, COUNTRIES, type ContinentCode, DIMENSIONS_MAX_SCORE, type DimensionKey, type DimensionMap, EMPLOYMENT_TYPE_GROUPS, EMPLOYMENT_TYPE_LABELS, type EmploymentTypeGroup, type EmploymentTypeOption, INDUSTRY_OPTIONS, type IndustryOption, LocationValue, MIN_SKILLS, type MergedProfileSkill, OPEN_TO_OPTIONS, type OpenToOption, PLATFORM_LABELS, PLATFORM_OPTIONS, type PdsProvider, PdsProviderInfo, type PlatformId, Profile, type ProfileCompletion, type ProfileDimensionInputs, ProfileSkill, type RgbColor, SIFA_SDK_VERSION, SKILL_CATEGORIES, type SkillCategory, WORKPLACE_TYPE_LABELS, WORKPLACE_TYPE_OPTIONS, type WorkplaceTypeOption, certDateExtractor, completenessPercent, completenessScore, contrastRatio, countFilledDimensions, countryCodeToFlag, dateRangeExtractor, dedupeSkills, detectPdsProvider, dimensionsFromInputs, findIndustry, formatDistanceToNow, formatLocation, formatRelativeTime, getContinent, getDisplayLabel, getEmploymentTypeLabel, getFaviconUrl, getFilledDimensionsMap, getHandleStem, getIndustryLabelKey, getOpenToLabelKey, getPdsDisplayName, getPlatformLabel, getWorkplaceTypeLabel, groupSkillsByCategory, isKnownPlatform, isValidRgbColor, lexiconDateExtractor, limitCombiningMarks, meetsContrastAA, parseLocationString, pdsProviderFromApi, profileToDimensionInputs, relativeLuminance, rgbToString, sanitizeDisplayText, sanitizeHandleInput, singleDateExtractor, sortByDateDesc, truncateGraphemes };

package/dist/index.d.ts CHANGED Viewed

@@ -94,6 +94,10 @@ declare function getWorkplaceTypeLabel(value: string | undefined | null): string
 declare const PLATFORM_LABELS: {
     readonly bluesky: "Bluesky";
     readonly github: "GitHub";
+    readonly codeberg: "Codeberg";
+    readonly gitlab: "GitLab";
+    readonly forgejo: "Forgejo";
+    readonly gitea: "Gitea";
     readonly linkedin: "LinkedIn";
     readonly youtube: "YouTube";
     readonly twitter: "X (Twitter)";
@@ -259,6 +263,27 @@ declare function getDisplayLabel(displayName: string | undefined, handle: string
 declare function getPdsDisplayName(providerName: string): string;
 declare function detectPdsProvider(handle: string): PdsProvider | null;
+/**
+ * Limit runs of Unicode combining marks (`\p{M}`) to at most `maxPerBase`
+ * marks following any single base character. Defuses "Zalgo" text where
+ * dozens of stacked combining marks render outside the line box and bleed
+ * into neighbouring UI.
+ *
+ * `maxPerBase` defaults to 4 — high enough to preserve legitimate stacks
+ * in Thai, Arabic, Vietnamese, and IPA, low enough to neutralise the
+ * vertical-overflow attack vector.
+ */
+declare function limitCombiningMarks(value: string, maxPerBase?: number): string;
+/**
+ * Sanitise untrusted display text from PDS records before rendering in UI:
+ * - strips bidi formatting controls (LRM/RLM/LRE/RLE/PDF/LRO/RLO/LRI/RLI/FSI/PDI)
+ *   that can hijack reading order or crash `next/og` (see Satori LRM+emoji bug)
+ * - limits stacked combining marks (Zalgo defence)
+ *
+ * Preserves ZWJ (U+200D) so emoji sequences keep rendering.
+ */
+declare function sanitizeDisplayText(value: string, maxCombiningPerBase?: number): string;
 /**
  * Truncate a string to at most `maxLen` grapheme clusters, appending an
  * ellipsis when the string was shortened. Grapheme-aware so it never splits
@@ -393,4 +418,4 @@ declare function countFilledDimensions(input: ProfileDimensionInputs | Profile):
  */
 declare const SIFA_SDK_VERSION: string;
-export { CATEGORY_LABELS, CATEGORY_ORDER, COMPLETENESS_MAX_SCORE, CONTINENTS, COUNTRIES, type ContinentCode, DIMENSIONS_MAX_SCORE, type DimensionKey, type DimensionMap, EMPLOYMENT_TYPE_GROUPS, EMPLOYMENT_TYPE_LABELS, type EmploymentTypeGroup, type EmploymentTypeOption, INDUSTRY_OPTIONS, type IndustryOption, LocationValue, MIN_SKILLS, type MergedProfileSkill, OPEN_TO_OPTIONS, type OpenToOption, PLATFORM_LABELS, PLATFORM_OPTIONS, type PdsProvider, PdsProviderInfo, type PlatformId, Profile, type ProfileCompletion, type ProfileDimensionInputs, ProfileSkill, type RgbColor, SIFA_SDK_VERSION, SKILL_CATEGORIES, type SkillCategory, WORKPLACE_TYPE_LABELS, WORKPLACE_TYPE_OPTIONS, type WorkplaceTypeOption, certDateExtractor, completenessPercent, completenessScore, contrastRatio, countFilledDimensions, countryCodeToFlag, dateRangeExtractor, dedupeSkills, detectPdsProvider, dimensionsFromInputs, findIndustry, formatDistanceToNow, formatLocation, formatRelativeTime, getContinent, getDisplayLabel, getEmploymentTypeLabel, getFaviconUrl, getFilledDimensionsMap, getHandleStem, getIndustryLabelKey, getOpenToLabelKey, getPdsDisplayName, getPlatformLabel, getWorkplaceTypeLabel, groupSkillsByCategory, isKnownPlatform, isValidRgbColor, lexiconDateExtractor, meetsContrastAA, parseLocationString, pdsProviderFromApi, profileToDimensionInputs, relativeLuminance, rgbToString, sanitizeHandleInput, singleDateExtractor, sortByDateDesc, truncateGraphemes };
+export { CATEGORY_LABELS, CATEGORY_ORDER, COMPLETENESS_MAX_SCORE, CONTINENTS, COUNTRIES, type ContinentCode, DIMENSIONS_MAX_SCORE, type DimensionKey, type DimensionMap, EMPLOYMENT_TYPE_GROUPS, EMPLOYMENT_TYPE_LABELS, type EmploymentTypeGroup, type EmploymentTypeOption, INDUSTRY_OPTIONS, type IndustryOption, LocationValue, MIN_SKILLS, type MergedProfileSkill, OPEN_TO_OPTIONS, type OpenToOption, PLATFORM_LABELS, PLATFORM_OPTIONS, type PdsProvider, PdsProviderInfo, type PlatformId, Profile, type ProfileCompletion, type ProfileDimensionInputs, ProfileSkill, type RgbColor, SIFA_SDK_VERSION, SKILL_CATEGORIES, type SkillCategory, WORKPLACE_TYPE_LABELS, WORKPLACE_TYPE_OPTIONS, type WorkplaceTypeOption, certDateExtractor, completenessPercent, completenessScore, contrastRatio, countFilledDimensions, countryCodeToFlag, dateRangeExtractor, dedupeSkills, detectPdsProvider, dimensionsFromInputs, findIndustry, formatDistanceToNow, formatLocation, formatRelativeTime, getContinent, getDisplayLabel, getEmploymentTypeLabel, getFaviconUrl, getFilledDimensionsMap, getHandleStem, getIndustryLabelKey, getOpenToLabelKey, getPdsDisplayName, getPlatformLabel, getWorkplaceTypeLabel, groupSkillsByCategory, isKnownPlatform, isValidRgbColor, lexiconDateExtractor, limitCombiningMarks, meetsContrastAA, parseLocationString, pdsProviderFromApi, profileToDimensionInputs, relativeLuminance, rgbToString, sanitizeDisplayText, sanitizeHandleInput, singleDateExtractor, sortByDateDesc, truncateGraphemes };

package/dist/index.js CHANGED Viewed

@@ -691,6 +691,10 @@ function getWorkplaceTypeLabel(value) {
 var PLATFORM_LABELS = {
   bluesky: "Bluesky",
   github: "GitHub",
+  codeberg: "Codeberg",
+  gitlab: "GitLab",
+  forgejo: "Forgejo",
+  gitea: "Gitea",
   linkedin: "LinkedIn",
   youtube: "YouTube",
   twitter: "X (Twitter)",
@@ -955,6 +959,31 @@ function detectPdsProvider(handle) {
   return null;
 }
+// src/format/text-sanitize.ts
+var COMBINING_MARK = /\p{M}/u;
+var BIDI_CONTROLS = /[‎‏‪-‮⁦-⁩]/gu;
+function limitCombiningMarks(value, maxPerBase = 4) {
+  if (!value || !COMBINING_MARK.test(value)) return value;
+  let out = "";
+  let combiningRun = 0;
+  for (const char of value) {
+    if (/\p{M}/u.test(char)) {
+      if (combiningRun < maxPerBase) {
+        out += char;
+        combiningRun += 1;
+      }
+    } else {
+      out += char;
+      combiningRun = 0;
+    }
+  }
+  return out;
+}
+function sanitizeDisplayText(value, maxCombiningPerBase = 4) {
+  if (!value) return value;
+  return limitCombiningMarks(value.replace(BIDI_CONTROLS, ""), maxCombiningPerBase);
+}
 // src/format/text-truncate.ts
 var ELLIPSIS = "\u2026";
 function truncateGraphemes(value, maxLen) {
@@ -1229,8 +1258,8 @@ var ProfileVolunteeringRecordSchema = z.object({
 });
 // src/index.ts
-var SIFA_SDK_VERSION = "0.9.3";
+var SIFA_SDK_VERSION = "0.9.4";
-export { CATEGORY_LABELS, CATEGORY_ORDER, COMPLETENESS_MAX_SCORE, CONTINENTS, COUNTRIES, DIMENSIONS_MAX_SCORE, EMPLOYMENT_TYPE_GROUPS, EMPLOYMENT_TYPE_LABELS, EndorsementConfirmationRecordSchema, EndorsementRecordSchema, GraphFollowRecordSchema, INDUSTRY_OPTIONS, MIN_SKILLS, OPEN_TO_OPTIONS, PLATFORM_LABELS, PLATFORM_OPTIONS, ProfileCertificationRecordSchema, ProfileCourseRecordSchema, ProfileEducationRecordSchema, ProfileExternalAccountRecordSchema, ProfileHonorRecordSchema, ProfileLanguageRecordSchema, ProfilePositionRecordSchema, ProfileProjectRecordSchema, ProfilePublicationRecordSchema, ProfileSelfRecordSchema, ProfileSkillRecordSchema, ProfileVolunteeringRecordSchema, PublicationAuthorSchema, SIFA_SDK_VERSION, SKILL_CATEGORIES, WORKPLACE_TYPE_LABELS, WORKPLACE_TYPE_OPTIONS, atUriSchema, certDateExtractor, cidSchema, completenessPercent, completenessScore, contrastRatio, countFilledDimensions, countryCodeToFlag, dateRangeExtractor, datetimeSchema, dedupeSkills, detectPdsProvider, didSchema, dimensionsFromInputs, findIndustry, formatDistanceToNow, formatLocation, formatRelativeTime, getContinent, getDisplayLabel, getEmploymentTypeLabel, getFaviconUrl, getFilledDimensionsMap, getHandleStem, getIndustryLabelKey, getOpenToLabelKey, getPdsDisplayName, getPlatformLabel, getWorkplaceTypeLabel, groupSkillsByCategory, isKnownPlatform, isValidRgbColor, languageTagSchema, lexiconDateExtractor, maxGraphemes, meetsContrastAA, parseLocationString, pdsProviderFromApi, profileToDimensionInputs, relativeLuminance, rgbToString, sanitizeHandleInput, selfLabelsSchema, singleDateExtractor, sortByDateDesc, strongRefSchema, truncateGraphemes, uriSchema };
+export { CATEGORY_LABELS, CATEGORY_ORDER, COMPLETENESS_MAX_SCORE, CONTINENTS, COUNTRIES, DIMENSIONS_MAX_SCORE, EMPLOYMENT_TYPE_GROUPS, EMPLOYMENT_TYPE_LABELS, EndorsementConfirmationRecordSchema, EndorsementRecordSchema, GraphFollowRecordSchema, INDUSTRY_OPTIONS, MIN_SKILLS, OPEN_TO_OPTIONS, PLATFORM_LABELS, PLATFORM_OPTIONS, ProfileCertificationRecordSchema, ProfileCourseRecordSchema, ProfileEducationRecordSchema, ProfileExternalAccountRecordSchema, ProfileHonorRecordSchema, ProfileLanguageRecordSchema, ProfilePositionRecordSchema, ProfileProjectRecordSchema, ProfilePublicationRecordSchema, ProfileSelfRecordSchema, ProfileSkillRecordSchema, ProfileVolunteeringRecordSchema, PublicationAuthorSchema, SIFA_SDK_VERSION, SKILL_CATEGORIES, WORKPLACE_TYPE_LABELS, WORKPLACE_TYPE_OPTIONS, atUriSchema, certDateExtractor, cidSchema, completenessPercent, completenessScore, contrastRatio, countFilledDimensions, countryCodeToFlag, dateRangeExtractor, datetimeSchema, dedupeSkills, detectPdsProvider, didSchema, dimensionsFromInputs, findIndustry, formatDistanceToNow, formatLocation, formatRelativeTime, getContinent, getDisplayLabel, getEmploymentTypeLabel, getFaviconUrl, getFilledDimensionsMap, getHandleStem, getIndustryLabelKey, getOpenToLabelKey, getPdsDisplayName, getPlatformLabel, getWorkplaceTypeLabel, groupSkillsByCategory, isKnownPlatform, isValidRgbColor, languageTagSchema, lexiconDateExtractor, limitCombiningMarks, maxGraphemes, meetsContrastAA, parseLocationString, pdsProviderFromApi, profileToDimensionInputs, relativeLuminance, rgbToString, sanitizeDisplayText, sanitizeHandleInput, selfLabelsSchema, singleDateExtractor, sortByDateDesc, strongRefSchema, truncateGraphemes, uriSchema };
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map