@socketsecurity/lib 5.19.1 → 5.21.0

package/dist/validation/json-parser.d.ts

@@ -1,58 +0,0 @@
-/**
- * @fileoverview Safe JSON parsing with validation and security controls.
- * Provides protection against prototype pollution, size limits, and schema
- * validation.
- *
- * Key Features:
- * - Prototype pollution protection: Blocks `__proto__`, `constructor`, and
- *   `prototype` keys via JSON.parse reviver at any depth.
- * - Size limits: Configurable maximum JSON string size (default 10MB).
- * - Schema validation: Optional Zod-compatible schema validation.
- * - Memory safety: Prevents memory exhaustion attacks.
- */
-import type { SafeJsonParseOptions, Schema } from './types';
-/**
- * Safely parse JSON with optional schema validation and security controls.
- * Throws errors on parse failures, validation failures, or security violations.
- *
- * This is the recommended method for parsing untrusted JSON input as it
- * provides multiple layers of security including prototype pollution
- * protection and size limits.
- *
- * @template T - The expected type of the parsed data
- * @param jsonString - The JSON string to parse
- * @param schema - Optional Zod-compatible schema for validation
- * @param options - Parsing options for security and behavior control
- * @returns The parsed and validated data
- *
- * @throws {Error} When JSON string exceeds `maxSize`.
- * @throws {Error} When JSON parsing fails.
- * @throws {Error} When prototype pollution keys are detected (unless
- *   `allowPrototype` is `true`).
- * @throws {Error} When schema validation fails.
- *
- * @example
- * ```ts
- * // Basic parsing with type inference
- * const data = safeJsonParse<User>('{"name":"Alice","age":30}')
- *
- * // With schema validation
- * import { z } from 'zod'
- * const userSchema = z.object({
- *   name: z.string(),
- *   age: z.number()
- * })
- * const user = safeJsonParse('{"name":"Alice","age":30}', userSchema)
- *
- * // With size limit
- * const data = safeJsonParse(jsonString, undefined, {
- *   maxSize: 1024 * 1024 // 1MB
- * })
- *
- * // Allow prototype keys (DANGEROUS — only for trusted sources)
- * const data = safeJsonParse('{"__proto__": {}}', undefined, {
- *   allowPrototype: true
- * })
- * ```
- */
-export declare function safeJsonParse<T = unknown>(jsonString: string, schema?: Schema<T> | undefined, options?: SafeJsonParseOptions): T;

package/dist/validation/json-parser.js

@@ -1,63 +0,0 @@
-"use strict";
-/* Socket Lib - Built with esbuild */
-"use strict";
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-var json_parser_exports = {};
-__export(json_parser_exports, {
-  safeJsonParse: () => safeJsonParse
-});
-module.exports = __toCommonJS(json_parser_exports);
-const DANGEROUS_KEYS = /* @__PURE__ */ new Set(["__proto__", "constructor", "prototype"]);
-function prototypePollutionReviver(key, value) {
-  if (DANGEROUS_KEYS.has(key)) {
-    throw new Error(
-      "JSON contains potentially malicious prototype pollution keys"
-    );
-  }
-  return value;
-}
-function safeJsonParse(jsonString, schema, options = {}) {
-  const { allowPrototype = false, maxSize = 10 * 1024 * 1024 } = options;
-  const byteLength = Buffer.byteLength(jsonString, "utf8");
-  if (byteLength > maxSize) {
-    throw new Error(
-      `JSON string exceeds maximum size limit${maxSize !== 10 * 1024 * 1024 ? ` of ${maxSize} bytes` : ""}`
-    );
-  }
-  let parsed;
-  try {
-    parsed = allowPrototype ? JSON.parse(jsonString) : JSON.parse(jsonString, prototypePollutionReviver);
-  } catch (error) {
-    throw new Error(`Failed to parse JSON: ${error}`);
-  }
-  if (schema) {
-    const result = schema.safeParse(parsed);
-    if (!result.success) {
-      const error = result.error;
-      const errors = error.issues.map((issue) => `${issue.path.join(".")}: ${issue.message}`).join(", ");
-      throw new Error(`Validation failed: ${errors}`);
-    }
-    return result.data;
-  }
-  return parsed;
-}
-// Annotate the CommonJS export names for ESM import in node:
-0 && (module.exports = {
-  safeJsonParse
-});

package/dist/validation/types.d.ts

@@ -1,118 +0,0 @@
-/**
- * @fileoverview Validation type definitions.
- * Provides core types for schema validation and JSON parsing with security features.
- */
-/**
- * Result of a schema validation operation.
- * Contains either successful parsed data or error information.
- *
- * @template T - The expected type of the parsed data
- *
- * @example
- * ```ts
- * const result: ParseResult<User> = schema.safeParse(data)
- * if (result.success) {
- *   console.log(result.data) // User object
- * } else {
- *   console.error(result.error) // Error details
- * }
- * ```
- */
-export interface ParseResult<T> {
-    /** Indicates whether parsing was successful */
-    success: boolean;
-    /** Parsed and validated data (only present when `success` is `true`) */
-    data?: T | undefined;
-    /** Error information (only present when `success` is `false`) */
-    error?: unknown;
-}
-/**
- * Base schema interface compatible with Zod and similar validation libraries.
- * Provides both safe and throwing parsing methods.
- *
- * @template T - The expected output type after validation
- *
- * @example
- * ```ts
- * import { z } from 'zod'
- *
- * const userSchema = z.object({
- *   name: z.string(),
- *   age: z.number()
- * })
- *
- * // Schema satisfies this interface
- * const schema: Schema<User> = userSchema
- * const result = schema.safeParse({ name: 'Alice', age: 30 })
- * ```
- */
-export interface Schema<T = unknown> {
-    /**
-     * Safely parse data without throwing errors.
-     * Returns a result object indicating success or failure.
-     *
-     * @param data - The data to validate
-     * @returns Parse result with success flag and data or error
-     */
-    safeParse(data: unknown): ParseResult<T>;
-    /**
-     * Parse data and throw an error if validation fails.
-     * Use this when you want to fail fast on invalid data.
-     *
-     * @param data - The data to validate
-     * @returns The validated and parsed data
-     * @throws {Error} When validation fails
-     */
-    parse(data: unknown): T;
-    /**
-     * Optional schema name for debugging and error messages.
-     * Useful for identifying which schema failed in complex validation chains.
-     */
-    _name?: string | undefined;
-}
-/**
- * Options for configuring safe JSON parsing with security controls.
- * Distinct from `JsonParseOptions` in `@socketsecurity/lib/json/types`
- * which is scoped to reviver/error-handling for fs-oriented JSON reads.
- *
- * @example
- * ```ts
- * const options: SafeJsonParseOptions = {
- *   maxSize: 1024 * 1024, // 1MB limit
- *   allowPrototype: false // Block prototype pollution
- * }
- * ```
- */
-export interface SafeJsonParseOptions {
-    /**
-     * Allow dangerous prototype pollution keys (`__proto__`, `constructor`, `prototype`).
-     * Set to `true` only if you trust the JSON source completely.
-     *
-     * @default false
-     *
-     * @example
-     * ```ts
-     * // Will throw error by default
-     * safeJsonParse('{"__proto__": {"polluted": true}}')
-     *
-     * // Allows the parse (dangerous!)
-     * safeJsonParse('{"__proto__": {"polluted": true}}', undefined, {
-     *   allowPrototype: true
-     * })
-     * ```
-     */
-    allowPrototype?: boolean | undefined;
-    /**
-     * Maximum allowed size of JSON string in bytes.
-     * Prevents memory exhaustion from extremely large payloads.
-     *
-     * @default 10_485_760 (10 MB)
-     *
-     * @example
-     * ```ts
-     * // Limit to 1KB
-     * safeJsonParse(jsonString, undefined, { maxSize: 1024 })
-     * ```
-     */
-    maxSize?: number | undefined;
-}

package/dist/zod.d.ts

@@ -1,5 +0,0 @@
-/**
- * @fileoverview Zod schema validation library wrapper for type-safe runtime validation.
- * Provides access to zod's schema builder through the z object.
- */
-export { z } from './external/zod';