@socketsecurity/lib 5.20.1 → 5.23.0

package/dist/validation/json-parser.js

@@ -1,63 +0,0 @@
-"use strict";
-/* Socket Lib - Built with esbuild */
-"use strict";
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-var json_parser_exports = {};
-__export(json_parser_exports, {
-  safeJsonParse: () => safeJsonParse
-});
-module.exports = __toCommonJS(json_parser_exports);
-const DANGEROUS_KEYS = /* @__PURE__ */ new Set(["__proto__", "constructor", "prototype"]);
-function prototypePollutionReviver(key, value) {
-  if (DANGEROUS_KEYS.has(key)) {
-    throw new Error(
-      "JSON contains potentially malicious prototype pollution keys"
-    );
-  }
-  return value;
-}
-function safeJsonParse(jsonString, schema, options = {}) {
-  const { allowPrototype = false, maxSize = 10 * 1024 * 1024 } = options;
-  const byteLength = Buffer.byteLength(jsonString, "utf8");
-  if (byteLength > maxSize) {
-    throw new Error(
-      `JSON string exceeds maximum size limit${maxSize !== 10 * 1024 * 1024 ? ` of ${maxSize} bytes` : ""}`
-    );
-  }
-  let parsed;
-  try {
-    parsed = allowPrototype ? JSON.parse(jsonString) : JSON.parse(jsonString, prototypePollutionReviver);
-  } catch (error) {
-    throw new Error(`Failed to parse JSON: ${error}`);
-  }
-  if (schema) {
-    const result = schema.safeParse(parsed);
-    if (!result.success) {
-      const error = result.error;
-      const errors = error.issues.map((issue) => `${issue.path.join(".")}: ${issue.message}`).join(", ");
-      throw new Error(`Validation failed: ${errors}`);
-    }
-    return result.data;
-  }
-  return parsed;
-}
-// Annotate the CommonJS export names for ESM import in node:
-0 && (module.exports = {
-  safeJsonParse
-});

package/dist/validation/types.d.ts

@@ -1,118 +0,0 @@
-/**
- * @fileoverview Validation type definitions.
- * Provides core types for schema validation and JSON parsing with security features.
- */
-/**
- * Result of a schema validation operation.
- * Contains either successful parsed data or error information.
- *
- * @template T - The expected type of the parsed data
- *
- * @example
- * ```ts
- * const result: ParseResult<User> = schema.safeParse(data)
- * if (result.success) {
- *   console.log(result.data) // User object
- * } else {
- *   console.error(result.error) // Error details
- * }
- * ```
- */
-export interface ParseResult<T> {
-    /** Indicates whether parsing was successful */
-    success: boolean;
-    /** Parsed and validated data (only present when `success` is `true`) */
-    data?: T | undefined;
-    /** Error information (only present when `success` is `false`) */
-    error?: unknown;
-}
-/**
- * Base schema interface compatible with Zod and similar validation libraries.
- * Provides both safe and throwing parsing methods.
- *
- * @template T - The expected output type after validation
- *
- * @example
- * ```ts
- * import { z } from 'zod'
- *
- * const userSchema = z.object({
- *   name: z.string(),
- *   age: z.number()
- * })
- *
- * // Schema satisfies this interface
- * const schema: Schema<User> = userSchema
- * const result = schema.safeParse({ name: 'Alice', age: 30 })
- * ```
- */
-export interface Schema<T = unknown> {
-    /**
-     * Safely parse data without throwing errors.
-     * Returns a result object indicating success or failure.
-     *
-     * @param data - The data to validate
-     * @returns Parse result with success flag and data or error
-     */
-    safeParse(data: unknown): ParseResult<T>;
-    /**
-     * Parse data and throw an error if validation fails.
-     * Use this when you want to fail fast on invalid data.
-     *
-     * @param data - The data to validate
-     * @returns The validated and parsed data
-     * @throws {Error} When validation fails
-     */
-    parse(data: unknown): T;
-    /**
-     * Optional schema name for debugging and error messages.
-     * Useful for identifying which schema failed in complex validation chains.
-     */
-    _name?: string | undefined;
-}
-/**
- * Options for configuring safe JSON parsing with security controls.
- * Distinct from `JsonParseOptions` in `@socketsecurity/lib/json/types`
- * which is scoped to reviver/error-handling for fs-oriented JSON reads.
- *
- * @example
- * ```ts
- * const options: SafeJsonParseOptions = {
- *   maxSize: 1024 * 1024, // 1MB limit
- *   allowPrototype: false // Block prototype pollution
- * }
- * ```
- */
-export interface SafeJsonParseOptions {
-    /**
-     * Allow dangerous prototype pollution keys (`__proto__`, `constructor`, `prototype`).
-     * Set to `true` only if you trust the JSON source completely.
-     *
-     * @default false
-     *
-     * @example
-     * ```ts
-     * // Will throw error by default
-     * safeJsonParse('{"__proto__": {"polluted": true}}')
-     *
-     * // Allows the parse (dangerous!)
-     * safeJsonParse('{"__proto__": {"polluted": true}}', undefined, {
-     *   allowPrototype: true
-     * })
-     * ```
-     */
-    allowPrototype?: boolean | undefined;
-    /**
-     * Maximum allowed size of JSON string in bytes.
-     * Prevents memory exhaustion from extremely large payloads.
-     *
-     * @default 10_485_760 (10 MB)
-     *
-     * @example
-     * ```ts
-     * // Limit to 1KB
-     * safeJsonParse(jsonString, undefined, { maxSize: 1024 })
-     * ```
-     */
-    maxSize?: number | undefined;
-}

package/dist/validation/validate-schema.d.ts

@@ -1,124 +0,0 @@
-/**
- * @fileoverview Universal schema validation for Zod-style schemas (Zod v3,
- * v4, and any `safeParse`-shaped duck type).
- *
- * Accepts a schema and returns a tagged result.
- *   - `{ ok: true, value }`  — validation passed, `value` is typed as the
- *     schema's inferred output (`z.infer<typeof S>`).
- *   - `{ ok: false, errors }` — validation failed, `errors` is a normalized
- *     list of `{ path, message }`.
- *
- * Zod is detected purely structurally via `.safeParse` — no runtime import of
- * the `zod` package is required by socket-lib.
- *
- * @internal
- * Socket-lib additionally recognizes TypeBox schemas for its own internal
- * use (e.g. `src/ipc.ts`'s stub-file validation). That path is not a
- * supported consumer API — callers should use Zod.
- */
-import type { Schema } from './types';
-/**
- * TypeBox's `Kind` symbol. We reference it structurally for schema detection
- * rather than importing it from `@sinclair/typebox` — detection scans the
- * schema's own-symbol keys for one whose description is `'TypeBox.Kind'`.
- * The `Value` runtime is only loaded lazily when a TypeBox schema is seen.
- */
-type TypeBoxKindSymbol = symbol & {
-    __typeBoxKindBrand?: never;
-};
-/**
- * Structural minimum of a TypeBox `TSchema`. The phantom `static` field is
- * the type TypeBox uses for inference (`Static<T> = T['static']`).
- */
-interface TypeBoxLikeSchema {
-    [k: TypeBoxKindSymbol]: string;
-    static: unknown;
-}
-/**
- * Structural shape of a Zod v4 schema — carries output type on `_zod.output`.
- */
-interface ZodV4LikeSchema<O = unknown> {
-    _zod: {
-        output: O;
-    };
-    safeParse(data: unknown): unknown;
-}
-/**
- * Structural shape of a Zod v3 schema — carries output type on `_output`.
- */
-interface ZodV3LikeSchema<O = unknown> {
-    _output: O;
-    safeParse(data: unknown): unknown;
-}
-/**
- * Any schema kind this helper accepts.
- */
-export type AnySchema = TypeBoxLikeSchema | ZodV4LikeSchema<unknown> | ZodV3LikeSchema<unknown> | Schema<unknown>;
-/**
- * Infer the validated output type from any supported schema kind.
- *
- * Order matters: TypeBox schemas also carry a phantom `static` field, so we
- * check for TypeBox before falling through to Zod and the duck-type.
- */
-export type Infer<S> = S extends {
-    static: infer Static;
-} ? Static : S extends {
-    _zod: {
-        output: infer O;
-    };
-} ? O : S extends {
-    _output: infer O;
-} ? O : S extends Schema<infer T> ? T : unknown;
-/**
- * A single normalized validation error.
- * - `path` is a dotted or slash-separated identifier locating the bad value.
- * - `message` is human-readable.
- */
-export interface ValidationIssue {
-    /** Array path into the value (e.g. `['user', 'age']`). */
-    path: Array<string | number>;
-    /** Human-readable description of the failure. */
-    message: string;
-}
-/**
- * Tagged-union result of {@link validateSchema}. Callers narrow on `ok`.
- */
-export type ValidateResult<T> = {
-    ok: true;
-    value: T;
-} | {
-    ok: false;
-    errors: ValidationIssue[];
-};
-/**
- * Validate `data` against a Zod-style `schema`. Non-throwing.
- *
- * Accepted schemas:
- * - `zod` schemas, v3 and v4 (detected via `.safeParse` on the schema)
- * - Any object conforming to {@link Schema} (the socket-lib duck type)
- *
- * The return type narrows `value` to {@link Infer | `Infer<S>`}, so callers
- * get `z.infer<typeof S>` with no casts.
- *
- * @example
- * ```ts
- * import { z } from 'zod'
- * const U = z.object({ name: z.string() })
- * const r = validateSchema(U, data)
- * if (r.ok) r.value.name // string
- * ```
- *
- * Errors are normalized to {@link ValidationIssue}: `{ path, message }`.
- */
-export declare function validateSchema<S>(schema: S, data: unknown): ValidateResult<Infer<S>>;
-/**
- * Parse `data` against `schema` and return the validated value. Throws if
- * validation fails. This is the throwing twin of {@link validateSchema}.
- *
- * Use when you want fail-fast semantics at a trust boundary. For recoverable
- * validation (form input, external configs), prefer {@link validateSchema}.
- *
- * @throws {Error} When validation fails. The message lists all issues.
- */
-export declare function parseSchema<S>(schema: S, data: unknown): Infer<S>;
-export {};