@socketsecurity/lib 5.20.1 → 5.21.0

package/dist/json/parse.js

@@ -21,9 +21,11 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var parse_exports = {};
 __export(parse_exports, {
   isJsonPrimitive: () => isJsonPrimitive,
-  jsonParse: () => jsonParse
+  jsonParse: () => jsonParse,
+  safeJsonParse: () => safeJsonParse
 });
 module.exports = __toCommonJS(parse_exports);
+var import_validate = require("../schema/validate");
 var import_strings = require("../strings");
 const JSONParse = JSON.parse;
 // @__NO_SIDE_EFFECTS__
@@ -69,8 +71,44 @@ function jsonParse(content, options) {
   }
   return void 0;
 }
+const DANGEROUS_KEYS = /* @__PURE__ */ new Set(["__proto__", "constructor", "prototype"]);
+function prototypePollutionReviver(key, value) {
+  if (DANGEROUS_KEYS.has(key)) {
+    throw new Error(
+      "JSON contains potentially malicious prototype pollution keys"
+    );
+  }
+  return value;
+}
+const DEFAULT_MAX_SIZE = 10 * 1024 * 1024;
+// @__NO_SIDE_EFFECTS__
+function safeJsonParse(jsonString, schema, options = {}) {
+  const { allowPrototype = false, maxSize = DEFAULT_MAX_SIZE } = options;
+  const byteLength = Buffer.byteLength(jsonString, "utf8");
+  if (byteLength > maxSize) {
+    throw new Error(
+      `JSON string exceeds maximum size limit${maxSize !== DEFAULT_MAX_SIZE ? ` of ${maxSize} bytes` : ""}`
+    );
+  }
+  let parsed;
+  try {
+    parsed = allowPrototype ? JSONParse(jsonString) : JSONParse(jsonString, prototypePollutionReviver);
+  } catch (error) {
+    throw new Error(`Failed to parse JSON: ${error}`);
+  }
+  if (schema) {
+    const result = (0, import_validate.validateSchema)(schema, parsed);
+    if (!result.ok) {
+      const summary = result.errors.map((e) => `${e.path.join(".") || "(root)"}: ${e.message}`).join(", ");
+      throw new Error(`Validation failed: ${summary}`);
+    }
+    return result.value;
+  }
+  return parsed;
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   isJsonPrimitive,
-  jsonParse
+  jsonParse,
+  safeJsonParse
 });

package/dist/json/types.d.ts

@@ -72,6 +72,55 @@ export type JsonValue = JsonPrimitive | JsonObject | JsonArray;
  * ```
  */
 export type JsonReviver = (key: string, value: unknown) => unknown;
+/**
+ * Options for `safeJsonParse`: security controls for untrusted JSON.
+ *
+ * Distinct from `JsonParseOptions` (which is scoped to reviver /
+ * error-handling for trusted-source fs reads). Use this type when
+ * parsing user input, network payloads, or anything beyond a trust
+ * boundary.
+ *
+ * @example
+ * ```ts
+ * const options: SafeJsonParseOptions = {
+ *   maxSize: 1024 * 1024, // 1MB limit
+ *   allowPrototype: false // Block prototype pollution
+ * }
+ * ```
+ */
+export interface SafeJsonParseOptions {
+    /**
+     * Allow dangerous prototype pollution keys (`__proto__`, `constructor`, `prototype`).
+     * Set to `true` only if you trust the JSON source completely.
+     *
+     * @default false
+     *
+     * @example
+     * ```ts
+     * // Will throw error by default
+     * safeJsonParse('{"__proto__": {"polluted": true}}')
+     *
+     * // Allows the parse (dangerous!)
+     * safeJsonParse('{"__proto__": {"polluted": true}}', undefined, {
+     *   allowPrototype: true
+     * })
+     * ```
+     */
+    allowPrototype?: boolean | undefined;
+    /**
+     * Maximum allowed size of JSON string in bytes.
+     * Prevents memory exhaustion from extremely large payloads.
+     *
+     * @default 10_485_760 (10 MB)
+     *
+     * @example
+     * ```ts
+     * // Limit to 1KB
+     * safeJsonParse(jsonString, undefined, { maxSize: 1024 })
+     * ```
+     */
+    maxSize?: number | undefined;
+}
 /**
  * Options for JSON parsing operations.
  */

package/dist/memoization.d.ts

@@ -5,7 +5,7 @@
 /**
  * Options for memoization behavior.
  */
-export type MemoizeOptions<Args extends unknown[], _Result = unknown> = {
+export type MemoizeOptions<Args extends unknown[]> = {
     /** Custom cache key generator (defaults to JSON.stringify) */
     keyGen?: (...args: Args) => string;
     /** Maximum cache size (LRU eviction when exceeded) */
@@ -49,7 +49,7 @@ export declare function clearAllMemoizationCaches(): void;
  *   }
  * }
  */
-export declare function Memoize(options?: MemoizeOptions<unknown[], unknown>): (_target: unknown, propertyKey: string, descriptor: PropertyDescriptor) => PropertyDescriptor;
+export declare function Memoize(options?: MemoizeOptions<unknown[]>): (_target: unknown, propertyKey: string, descriptor: PropertyDescriptor) => PropertyDescriptor;
 /**
  * Memoize a function with configurable caching behavior.
  * Caches function results to avoid repeated computation.
@@ -69,7 +69,7 @@ export declare function Memoize(options?: MemoizeOptions<unknown[], unknown>): (
  * expensiveOperation(1000) // Computed
  * expensiveOperation(1000) // Cached
  */
-export declare function memoize<Args extends unknown[], Result>(fn: (...args: Args) => Result, options?: MemoizeOptions<Args, Result>): (...args: Args) => Result;
+export declare function memoize<Args extends unknown[], Result>(fn: (...args: Args) => Result, options?: MemoizeOptions<Args>): (...args: Args) => Result;
 /**
  * Memoize an async function.
  * Similar to memoize() but handles promises properly.
@@ -89,26 +89,7 @@ export declare function memoize<Args extends unknown[], Result>(fn: (...args: Ar
  * await fetchUser('123') // Fetches from API
  * await fetchUser('123') // Returns cached result
  */
-export declare function memoizeAsync<Args extends unknown[], Result>(fn: (...args: Args) => Promise<Result>, options?: MemoizeOptions<Args, Result>): (...args: Args) => Promise<Result>;
-/**
- * Create a debounced memoized function.
- * Combines memoization with debouncing for expensive operations.
- *
- * @param fn - Function to memoize and debounce
- * @param wait - Debounce wait time in milliseconds
- * @param options - Memoization options
- * @returns Debounced memoized function
- *
- * @example
- * import { memoizeDebounced } from '@socketsecurity/lib/memoization'
- *
- * const search = memoizeDebounced(
- *   (query: string) => performSearch(query),
- *   300,
- *   { name: 'search' }
- * )
- */
-export declare function memoizeDebounced<Args extends unknown[], Result>(fn: (...args: Args) => Result, wait: number, options?: MemoizeOptions<Args, Result>): (...args: Args) => Result;
+export declare function memoizeAsync<Args extends unknown[], Result>(fn: (...args: Args) => Promise<Result>, options?: MemoizeOptions<Args>): (...args: Args) => Promise<Result>;
 /**
  * Memoize with WeakMap for object keys.
  * Allows garbage collection when objects are no longer referenced.

package/dist/memoization.js

@@ -24,7 +24,6 @@ __export(memoization_exports, {
   clearAllMemoizationCaches: () => clearAllMemoizationCaches,
   memoize: () => memoize,
   memoizeAsync: () => memoizeAsync,
-  memoizeDebounced: () => memoizeDebounced,
   memoizeWeak: () => memoizeWeak,
   once: () => once
 });
@@ -78,15 +77,13 @@ function memoize(fn, options = {}) {
     throw new TypeError("TTL must be non-negative");
   }
   const cache = /* @__PURE__ */ new Map();
-  const accessOrder = [];
   cacheRegistry.push(() => {
     cache.clear();
-    accessOrder.length = 0;
   });
   function evictLRU() {
-    if (cache.size >= maxSize && accessOrder.length > 0) {
-      const oldest = accessOrder.shift();
-      if (oldest) {
+    if (cache.size >= maxSize) {
+      const oldest = cache.keys().next().value;
+      if (oldest !== void 0) {
         cache.delete(oldest);
         (0, import_debug.debugLog)(`[memoize:${name}] clear`, {
           key: oldest,
@@ -107,19 +104,12 @@ function memoize(fn, options = {}) {
     if (cached) {
       if (!isExpired(cached)) {
         cached.hits++;
-        const index2 = accessOrder.indexOf(key);
-        if (index2 !== -1) {
-          accessOrder.splice(index2, 1);
-        }
-        accessOrder.push(key);
+        cache.delete(key);
+        cache.set(key, cached);
         (0, import_debug.debugLog)(`[memoize:${name}] hit`, { key, hits: cached.hits });
         return cached.value;
       }
       cache.delete(key);
-      const index = accessOrder.indexOf(key);
-      if (index !== -1) {
-        accessOrder.splice(index, 1);
-      }
     }
     (0, import_debug.debugLog)(`[memoize:${name}] miss`, { key });
     const value = fn(...args);
@@ -129,7 +119,6 @@ function memoize(fn, options = {}) {
       timestamp: Date.now(),
       hits: 0
     });
-    accessOrder.push(key);
     (0, import_debug.debugLog)(`[memoize:${name}] set`, { key, cacheSize: cache.size });
     return value;
   };
@@ -142,15 +131,13 @@ function memoizeAsync(fn, options = {}) {
     ttl = Number.POSITIVE_INFINITY
   } = options;
   const cache = /* @__PURE__ */ new Map();
-  const accessOrder = [];
   cacheRegistry.push(() => {
     cache.clear();
-    accessOrder.length = 0;
   });
   function evictLRU() {
-    if (cache.size >= maxSize && accessOrder.length > 0) {
-      const oldest = accessOrder.shift();
-      if (oldest) {
+    if (cache.size >= maxSize) {
+      const oldest = cache.keys().next().value;
+      if (oldest !== void 0) {
         cache.delete(oldest);
         (0, import_debug.debugLog)(`[memoizeAsync:${name}] clear`, {
           key: oldest,
@@ -165,6 +152,10 @@ function memoizeAsync(fn, options = {}) {
     }
     return Date.now() - entry.timestamp > ttl;
   }
+  function bumpRecency(key, entry) {
+    cache.delete(key);
+    cache.set(key, entry);
+  }
   const refreshing = /* @__PURE__ */ new Map();
   return async function memoized(...args) {
     const key = keyGen(...args);
@@ -172,29 +163,17 @@ function memoizeAsync(fn, options = {}) {
     if (cached) {
       if (!isExpired(cached)) {
         cached.hits++;
-        const index2 = accessOrder.indexOf(key);
-        if (index2 !== -1) {
-          accessOrder.splice(index2, 1);
-        }
-        accessOrder.push(key);
+        bumpRecency(key, cached);
         (0, import_debug.debugLog)(`[memoizeAsync:${name}] hit`, { key, hits: cached.hits });
         return await cached.value;
       }
       const inflight = refreshing.get(key);
       if (inflight) {
         (0, import_debug.debugLog)(`[memoizeAsync:${name}] stale-dedup`, { key });
-        const inflightIndex = accessOrder.indexOf(key);
-        if (inflightIndex !== -1) {
-          accessOrder.splice(inflightIndex, 1);
-        }
-        accessOrder.push(key);
+        bumpRecency(key, cached);
         return await inflight;
       }
       cache.delete(key);
-      const index = accessOrder.indexOf(key);
-      if (index !== -1) {
-        accessOrder.splice(index, 1);
-      }
     }
     (0, import_debug.debugLog)(`[memoizeAsync:${name}] miss`, { key });
     const promise = fn(...args).then(
@@ -210,10 +189,6 @@ function memoizeAsync(fn, options = {}) {
       (error) => {
         refreshing.delete(key);
         cache.delete(key);
-        const index = accessOrder.indexOf(key);
-        if (index !== -1) {
-          accessOrder.splice(index, 1);
-        }
         (0, import_debug.debugLog)(`[memoizeAsync:${name}] error`, { key, error });
         throw error;
       }
@@ -225,24 +200,10 @@ function memoizeAsync(fn, options = {}) {
       timestamp: Date.now(),
       hits: 0
     });
-    accessOrder.push(key);
     (0, import_debug.debugLog)(`[memoizeAsync:${name}] set`, { key, cacheSize: cache.size });
     return await promise;
   };
 }
-function memoizeDebounced(fn, wait, options = {}) {
-  const memoized = memoize(fn, options);
-  let timeoutId;
-  return function debounced(...args) {
-    if (timeoutId) {
-      clearTimeout(timeoutId);
-    }
-    timeoutId = setTimeout(() => {
-      memoized(...args);
-    }, wait);
-    return memoized(...args);
-  };
-}
 function memoizeWeak(fn) {
   const cache = /* @__PURE__ */ new WeakMap();
   return function memoized(key) {
@@ -276,7 +237,6 @@ function once(fn) {
   clearAllMemoizationCaches,
   memoize,
   memoizeAsync,
-  memoizeDebounced,
   memoizeWeak,
   once
 });

package/dist/packages/specs.js

@@ -42,9 +42,16 @@ var import_objects = require("../objects");
 var import_strings = require("../strings");
 // @__NO_SIDE_EFFECTS__
 function getRepoUrlDetails(repoUrl = "") {
-  const userAndRepo = repoUrl.replace(/^.+github.com\//, "").split("/");
+  const match = /^(?:[a-z][a-z+]*:\/\/)(?:[^/@]+@)?github\.com\/([^?#]+)(?:[?#]|$)/i.exec(
+    repoUrl
+  );
+  if (!match || !match[1]) {
+    return { user: "", project: "" };
+  }
+  const userAndRepo = match[1].split("/");
   const user = userAndRepo[0] || "";
-  const project = userAndRepo.length > 1 ? (userAndRepo[1]?.endsWith(".git") ? userAndRepo[1].slice(0, -4) : userAndRepo[1]) || "" : "";
+  const rawProject = userAndRepo[1] ?? "";
+  const project = rawProject.endsWith(".git") ? rawProject.slice(0, -4) : rawProject;
   return { user, project };
 }
 // @__NO_SIDE_EFFECTS__

package/dist/process-lock.js

@@ -136,9 +136,7 @@ class ProcessLockManager {
       if (!stats) {
         return false;
       }
-      const ageSeconds = Math.floor((Date.now() - stats.mtime.getTime()) / 1e3);
-      const staleSeconds = Math.floor(staleMs / 1e3);
-      return ageSeconds > staleSeconds;
+      return Date.now() - stats.mtime.getTime() > staleMs;
     } catch {
       return false;
     }
@@ -186,9 +184,6 @@ class ProcessLockManager {
             }
           }
           const fs = /* @__PURE__ */ getFs();
-          if (fs.existsSync(lockPath)) {
-            throw new Error(`Lock already exists: ${lockPath}`);
-          }
           const parent = (/* @__PURE__ */ getPath()).dirname(lockPath);
           if (parent && parent !== "." && parent !== lockPath) {
             fs.mkdirSync(parent, { recursive: true });

package/dist/promise-queue.d.ts

@@ -1,8 +1,9 @@
 /**
  * @fileoverview Bounded concurrency promise queue.
  * Exports the `PromiseQueue` class, which limits how many async tasks run
- * simultaneously, supports an optional max queue length (dropping the oldest
- * pending task when exceeded), and exposes an idle-wait helper.
+ * simultaneously, supports an optional max queue length (new tasks beyond
+ * the cap are rejected with "Task dropped: queue length exceeded"), and
+ * exposes an idle-wait helper.
  */
 export declare class PromiseQueue {
     private queue;
@@ -13,13 +14,17 @@ export declare class PromiseQueue {
     /**
      * Creates a new PromiseQueue
      * @param maxConcurrency - Maximum number of promises that can run concurrently
-     * @param maxQueueLength - Maximum queue size (older tasks are dropped if exceeded)
+     * @param maxQueueLength - Maximum queue size; submissions past the cap
+     * reject with "Task dropped: queue length exceeded" instead of evicting
+     * a caller that has been waiting patiently. Callers must handle this
+     * rejection or they'll see an unhandled rejection.
      */
     constructor(maxConcurrency: number, maxQueueLength?: number | undefined);
     /**
      * Add a task to the queue
      * @param fn - Async function to execute
-     * @returns Promise that resolves with the function's result
+     * @returns Promise that resolves with the function's result, or rejects
+     * with "Task dropped: queue length exceeded" if the queue is full.
      */
     add<T>(fn: () => Promise<T>): Promise<T>;
     private runNext;

package/dist/promise-queue.js

@@ -32,7 +32,10 @@ class PromiseQueue {
   /**
    * Creates a new PromiseQueue
    * @param maxConcurrency - Maximum number of promises that can run concurrently
-   * @param maxQueueLength - Maximum queue size (older tasks are dropped if exceeded)
+   * @param maxQueueLength - Maximum queue size; submissions past the cap
+   * reject with "Task dropped: queue length exceeded" instead of evicting
+   * a caller that has been waiting patiently. Callers must handle this
+   * rejection or they'll see an unhandled rejection.
    */
   constructor(maxConcurrency, maxQueueLength) {
     this.maxConcurrency = maxConcurrency;
@@ -44,17 +47,16 @@ class PromiseQueue {
   /**
    * Add a task to the queue
    * @param fn - Async function to execute
-   * @returns Promise that resolves with the function's result
+   * @returns Promise that resolves with the function's result, or rejects
+   * with "Task dropped: queue length exceeded" if the queue is full.
    */
   async add(fn) {
     return await new Promise((resolve, reject) => {
-      const task = { fn, resolve, reject };
       if (this.maxQueueLength !== void 0 && this.queue.length >= this.maxQueueLength) {
-        const droppedTask = this.queue.shift();
-        if (droppedTask) {
-          droppedTask.reject(new Error("Task dropped: queue length exceeded"));
-        }
+        reject(new Error("Task dropped: queue length exceeded"));
+        return;
       }
+      const task = { fn, resolve, reject };
       this.queue.push(task);
       this.runNext();
     });

package/dist/promises.d.ts

@@ -440,3 +440,44 @@ export declare function pRetry<T>(callbackFn: (...args: unknown[]) => Promise<T>
  * // => { retries: 5, minTimeout: 200, maxTimeout: 5000, factor: 2 }
  */
 export declare function resolveRetryOptions(options?: number | RetryOptions | undefined): RetryOptions;
+/**
+ * Shape returned by {@link withResolvers}: a fresh pending promise plus
+ * the `resolve` / `reject` handles that settle it.
+ *
+ * Matches the spec return-shape exactly
+ * ([ECMA-262 §27.2.4.9](https://tc39.es/ecma262/#sec-promise.withResolvers)).
+ */
+export interface PromiseWithResolvers<T> {
+    /** The pending promise. */
+    promise: Promise<T>;
+    /** Resolves {@link promise} with the given value (or thenable). */
+    resolve: (value: T | PromiseLike<T>) => void;
+    /** Rejects {@link promise} with the given reason. */
+    reject: (reason?: unknown) => void;
+}
+/**
+ * Create a pending promise together with its `resolve` and `reject`
+ * handles as first-class values, per
+ * [ECMA-262 §27.2.4.9](https://tc39.es/ecma262/#sec-promise.withResolvers).
+ *
+ * Bound to native `Promise.withResolvers` when available (Node 20.12+ /
+ * 21+ / 22+; V8 ≥ 12.0); otherwise falls back to a spec-equivalent
+ * `new Promise(executor)` implementation that captures the handles via
+ * closure. The returned object always has own data properties `promise`,
+ * `resolve`, `reject` on `Object.prototype` — writable, enumerable, and
+ * configurable — matching the spec's `CreateDataPropertyOrThrow` steps.
+ *
+ * Use this instead of the manual
+ * `let resolve; const p = new Promise(r => { resolve = r })` dance for
+ * deferred-resolution patterns (event-driven bridges, adapter layers,
+ * handshake signaling) where the settle path lives outside the executor.
+ *
+ * @example
+ * ```typescript
+ * const { promise, resolve, reject } = withResolvers<string>()
+ * emitter.once('ready', () => resolve('ok'))
+ * emitter.once('error', err => reject(err))
+ * const result = await promise
+ * ```
+ */
+export declare const withResolvers: <T>() => PromiseWithResolvers<T>;

package/dist/promises.js

@@ -27,7 +27,8 @@ __export(promises_exports, {
   pFilter: () => pFilter,
   pFilterChunk: () => pFilterChunk,
   pRetry: () => pRetry,
-  resolveRetryOptions: () => resolveRetryOptions
+  resolveRetryOptions: () => resolveRetryOptions,
+  withResolvers: () => withResolvers
 });
 module.exports = __toCommonJS(promises_exports);
 var import_arrays = require("./arrays");
@@ -258,6 +259,21 @@ function resolveRetryOptions(options) {
   }
   return options ? { ...defaults, ...options } : defaults;
 }
+const maybeNativeWithResolvers = Promise.withResolvers;
+const withResolvers = typeof maybeNativeWithResolvers === "function" ? (
+  // Bind so callers who destructure the export don't lose `this`.
+  maybeNativeWithResolvers.bind(
+    Promise
+  )
+) : () => {
+  let resolve;
+  let reject;
+  const promise = new Promise((res, rej) => {
+    resolve = res;
+    reject = rej;
+  });
+  return { promise, resolve, reject };
+};
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   normalizeIterationOptions,
@@ -267,5 +283,6 @@ function resolveRetryOptions(options) {
   pFilter,
   pFilterChunk,
   pRetry,
-  resolveRetryOptions
+  resolveRetryOptions,
+  withResolvers
 });

package/dist/regexps.d.ts

@@ -1,15 +1,6 @@
 /**
- * @fileoverview Regular expression utilities including escape-string-regexp implementation.
- * Provides regex escaping and pattern matching helpers.
+ * @fileoverview Regular expression utilities including a spec-compliant
+ * `RegExp.escape` fallback. Provides regex escaping and pattern matching
+ * helpers.
  */
-/**
- * Escape special characters in a string for use in a regular expression.
- *
- * @example
- * ```typescript
- * escapeRegExp('foo.bar')     // 'foo\\.bar'
- * escapeRegExp('a+b*c?')     // 'a\\+b\\*c\\?'
- * new RegExp(escapeRegExp('[test]'))  // /\[test\]/
- * ```
- */
-export declare function escapeRegExp(str: string): string;
+export declare const escapeRegExp: (str: string) => string;

package/dist/regexps.js

@@ -23,10 +23,67 @@ __export(regexps_exports, {
   escapeRegExp: () => escapeRegExp
 });
 module.exports = __toCommonJS(regexps_exports);
-// @__NO_SIDE_EFFECTS__
-function escapeRegExp(str) {
-  return str.replace(/[\\|{}()[\]^$+*?.]/g, "\\$&");
+const SYNTAX_CHARACTERS = new Set("^$\\.*+?()[]{}|/");
+const CONTROL_ESCAPES = /* @__PURE__ */ new Map([
+  [9, "\\t"],
+  [10, "\\n"],
+  [11, "\\v"],
+  [12, "\\f"],
+  [13, "\\r"]
+]);
+const OTHER_PUNCTUATORS = new Set(",-=<>#&!%:;@~'`\"");
+function isSpecHexEscapeCp(cp) {
+  if (OTHER_PUNCTUATORS.has(String.fromCodePoint(cp))) {
+    return true;
+  }
+  if (cp === 10 || cp === 13 || cp === 8232 || cp === 8233) {
+    return true;
+  }
+  if (cp === 9 || cp === 11 || cp === 12 || cp === 32 || cp === 160 || cp === 65279) {
+    return true;
+  }
+  if (cp >= 55296 && cp <= 57343) {
+    return true;
+  }
+  return false;
+}
+function hex2(n) {
+  return n.toString(16).padStart(2, "0");
+}
+function hex4(n) {
+  return n.toString(16).padStart(4, "0");
+}
+function escapeRegExpFallback(str) {
+  let out = "";
+  let isFirst = true;
+  for (const char of str) {
+    const cp = char.codePointAt(0);
+    if (isFirst && (cp >= 48 && cp <= 57 || cp >= 65 && cp <= 90 || cp >= 97 && cp <= 122)) {
+      out += "\\x" + hex2(cp);
+    } else if (SYNTAX_CHARACTERS.has(char)) {
+      out += "\\" + char;
+    } else {
+      const ctrl = CONTROL_ESCAPES.get(cp);
+      if (ctrl !== void 0) {
+        out += ctrl;
+      } else if (isSpecHexEscapeCp(cp)) {
+        if (cp <= 255) {
+          out += "\\x" + hex2(cp);
+        } else {
+          for (let i = 0; i < char.length; i++) {
+            out += "\\u" + hex4(char.charCodeAt(i));
+          }
+        }
+      } else {
+        out += char;
+      }
+    }
+    isFirst = false;
+  }
+  return out;
 }
+const maybeNativeEscape = RegExp.escape;
+const escapeRegExp = typeof maybeNativeEscape === "function" ? maybeNativeEscape : escapeRegExpFallback;
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   escapeRegExp

package/dist/schema/parse.d.ts

@@ -0,0 +1,26 @@
+/**
+ * @fileoverview Throwing twin of `validateSchema`.
+ *
+ * Use `parseSchema(schema, data)` for fail-fast trust boundaries (app
+ * startup, config files, internal assertions). Use the non-throwing
+ * `validateSchema` for recoverable input (form fields, API request bodies,
+ * anywhere errors need to surface to a user).
+ *
+ * @example
+ * ```ts
+ * import { z } from 'zod'
+ * import { parseSchema } from '@socketsecurity/lib/schema/parse'
+ *
+ * const Config = z.object({ host: z.string(), port: z.number() })
+ * const config = parseSchema(Config, json)  // throws on invalid
+ * ```
+ */
+import type { Infer } from './types';
+/**
+ * Parse `data` against `schema` and return the validated value.
+ *
+ * @throws {Error} When validation fails. The message lists all issues as
+ *   `path: message, path: message, ...`. Use `validateSchema` if you need
+ *   structured access to the error list.
+ */
+export declare function parseSchema<S>(schema: S, data: unknown): Infer<S>;