npm - @umituz/react-native-validation - Versions diffs - 1.4.4 → 1.4.5 - Mend

@umituz/react-native-validation 1.4.4 → 1.4.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json +3 -1
package/src/infrastructure/utils/sanitization.ts +61 -54
package/README.md +0 -245

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@umituz/react-native-validation",
-  "version": "1.4.4",
+  "version": "1.4.5",
   "description": "Comprehensive validation and sanitization utilities for React Native forms",
   "main": "./src/index.ts",
   "types": "./src/index.ts",
@@ -29,7 +29,9 @@
     "react-native": ">=0.74.0"
   },
   "devDependencies": {
+    "@types/node": "^25.0.3",
     "@types/react": "~19.1.10",
+    "@types/react-native": "^0.72.8",
     "react": "19.1.0",
     "react-native": "0.81.5",
     "typescript": "~5.9.2"

package/src/infrastructure/utils/sanitization.ts CHANGED Viewed

@@ -1,92 +1,99 @@
 /**
  * Sanitization Utilities
- * Functions to clean and secure user input
+ * Secure input cleaning for user data
  */
+/**
+ * Security constants for input validation
+ */
 export const SECURITY_LIMITS = {
-    EMAIL_MAX_LENGTH: 254,
-    PASSWORD_MAX_LENGTH: 128, // Reasonable limit for hash algorithms
-    NAME_MAX_LENGTH: 50,
-    TEXT_MAX_LENGTH: 1000,
-    URL_MAX_LENGTH: 2048,
-};
+  EMAIL_MAX_LENGTH: 254, // RFC 5321
+  PASSWORD_MIN_LENGTH: 6,
+  PASSWORD_MAX_LENGTH: 128,
+  NAME_MAX_LENGTH: 100,
+  GENERAL_TEXT_MAX_LENGTH: 500,
+} as const;
 /**
- * Sanitize whitespace from a string
- * Removes leading/trailing whitespace and replaces multiple spaces with single space
+ * Trim and normalize whitespace
  */
-export const sanitizeWhitespace = (value: string): string => {
-    if (!value) return '';
-    return value.trim().replace(/\s+/g, ' ');
+export const sanitizeWhitespace = (input: string): string => {
+  return input.trim().replace(/\s+/g, ' ');
 };
 /**
- * Sanitize email
- * Trims, lowercases, and removes dangerous characters
+ * Sanitize email address
+ * - Trim whitespace
+ * - Convert to lowercase
+ * - Limit length
  */
 export const sanitizeEmail = (email: string): string => {
-    if (!email) return '';
-    // Basic sanitization: trim and lowercase
-    let sanitized = email.trim().toLowerCase();
-    // Remove potential dangerous characters that shouldn't be in an email
-    // < > " ' `
-    sanitized = sanitized.replace(/[<>"'`]/g, '');
-    return sanitized;
+  const trimmed = email.trim().toLowerCase();
+  return trimmed.substring(0, SECURITY_LIMITS.EMAIL_MAX_LENGTH);
 };
 /**
  * Sanitize password
- * No whitespace trimming often (some allow spaces), but good to enforce consistent handling
- * Here we only strictly ensure it's a string, we DO NOT trim passwords usually to avoid confusion,
- * but for this utility we will assume standard string behavior.
- * actually it's safer NOT to modify password input other than ensuring it is a string.
+ * - Only trim (preserve case and special chars)
+ * - Limit length to prevent DoS
  */
 export const sanitizePassword = (password: string): string => {
-    if (!password) return '';
-    return password;
+  // Don't trim password to preserve intentional spaces
+  // Only limit length
+  return password.substring(0, SECURITY_LIMITS.PASSWORD_MAX_LENGTH);
 };
 /**
- * Sanitize name
- * Trims and removes special characters that are typically not in names (simple version)
+ * Sanitize display name
+ * - Trim whitespace
+ * - Normalize multiple spaces
+ * - Remove potential XSS characters
+ * - Limit length
  */
 export const sanitizeName = (name: string): string => {
-    if (!name) return '';
-    // Remove < > " ' ` / \
-    return sanitizeWhitespace(name).replace(/[<>"'`/\\]/g, '');
+  const trimmed = sanitizeWhitespace(name);
+  // Remove HTML tags and script content
+  const noTags = trimmed.replace(/<[^>]*>/g, '');
+  return noTags.substring(0, SECURITY_LIMITS.NAME_MAX_LENGTH);
 };
 /**
- * Sanitize generic text
- * Escapes HTML characters to prevent simple injection if rendered
- * (Note: React handles this by default, but useful for raw data handling)
+ * Sanitize general text input
+ * - Trim whitespace
+ * - Remove HTML/script tags
+ * - Limit length
  */
 export const sanitizeText = (text: string): string => {
-    if (!text) return '';
-    const trimmed = text.trim();
-    return trimmed
-        .replace(/&/g, '&amp;')
-        .replace(/</g, '&lt;')
-        .replace(/>/g, '&gt;')
-        .replace(/"/g, '&quot;')
-        .replace(/'/g, '&#039;');
+  const trimmed = sanitizeWhitespace(text);
+  const noTags = trimmed.replace(/<[^>]*>/g, '');
+  return noTags.substring(0, SECURITY_LIMITS.GENERAL_TEXT_MAX_LENGTH);
 };
 /**
- * Check for dangerous characters
- * Returns true if string contains characters often used in attacks (<, >, etc)
+ * Check if string contains potentially dangerous characters
  */
-export const containsDangerousChars = (value: string): boolean => {
-    if (!value) return false;
-    // Check for script tags or SQL injection common chars
-    const dangerousPattern = /[<>;]/;
-    return dangerousPattern.test(value);
+export const containsDangerousChars = (input: string): boolean => {
+  // Check for common XSS patterns
+  const dangerousPatterns = [
+    /<script/i,
+    /javascript:/i,
+    /on\w+\s*=/i, // onclick, onload, etc.
+    /<iframe/i,
+    /eval\(/i,
+  ];
+  return dangerousPatterns.some(pattern => pattern.test(input));
 };
 /**
- * Check if value is within length limits
+ * Validate string length is within bounds
  */
-export const isWithinLengthLimit = (value: string, limit: number): boolean => {
-    if (!value) return true;
-    return value.length <= limit;
+export const isWithinLengthLimit = (
+  input: string,
+  maxLength: number,
+  minLength = 0
+): boolean => {
+  const length = input.trim().length;
+  return length >= minLength && length <= maxLength;
 };

package/README.md DELETED Viewed

@@ -1,245 +0,0 @@
-# @umituz/react-native-validation
-Comprehensive validation and sanitization utilities for React Native forms. Provides reusable validation and sanitization functions for common input types.
-## Installation
-```bash
-npm install @umituz/react-native-validation
-```
-## Peer Dependencies
-- `react` >= 18.2.0
-- `react-native` >= 0.74.0
-## Features
-### Validation
-- ✅ Email validation
-- ✅ Password validation (with strength requirements)
-- ✅ Phone number validation (E.164 format)
-- ✅ Required field validation
-- ✅ Name validation
-- ✅ Number range validation
-- ✅ Min/Max length validation
-- ✅ Pattern (regex) validation
-- ✅ Date of birth validation
-- ✅ Age validation
-- ✅ Batch validation
-### Sanitization
-- ✅ Email sanitization
-- ✅ Password sanitization
-- ✅ Name sanitization
-- ✅ Text sanitization
-- ✅ XSS protection
-- ✅ Length limit validation
-- ✅ Whitespace normalization
-### General
-- ✅ TypeScript type safety
-- ✅ Image file validation (prevents zip, exe, etc.)
-- ✅ MIME type validation
-## Usage
-### Basic Example
-```typescript
-import { validateEmail, validatePassword, validateRequired } from '@umituz/react-native-validation';
-// Validate email
-const emailResult = validateEmail('user@example.com');
-if (!emailResult.isValid) {
-  console.error(emailResult.error);
-}
-// Validate password
-const passwordResult = validatePassword('MySecure123', {
-  minLength: 8,
-  requireUppercase: true,
-  requireLowercase: true,
-  requireNumber: true,
-});
-// Validate required field
-const requiredResult = validateRequired('value', 'Field Name');
-```
-### Form Validation Example
-```typescript
-import {
-  validateEmail,
-  validatePassword,
-  validatePasswordConfirmation,
-  validateRequired,
-  batchValidate,
-} from '@umituz/react-native-validation';
-const validateForm = (email: string, password: string, confirmPassword: string) => {
-  return batchValidate([
-    { field: 'email', validator: () => validateEmail(email) },
-    { field: 'password', validator: () => validatePassword(password) },
-    {
-      field: 'confirmPassword',
-      validator: () => validatePasswordConfirmation(password, confirmPassword),
-    },
-  ]);
-};
-const result = validateForm('user@example.com', 'MySecure123', 'MySecure123');
-if (!result.isValid) {
-  console.log('Validation errors:', result.errors);
-}
-```
-### Custom Validation
-```typescript
-import { validatePattern, validateNumberRange } from '@umituz/react-native-validation';
-// Validate with custom pattern
-const patternResult = validatePattern(
-  'ABC123',
-  /^[A-Z]{3}\d{3}$/,
-  'Code',
-  'Code must be 3 uppercase letters followed by 3 numbers'
-);
-// Validate number range
-const rangeResult = validateNumberRange(50, 0, 100, 'Percentage');
-```
-### Sanitization Example
-```typescript
-import {
-  sanitizeEmail,
-  sanitizeName,
-  sanitizeText,
-  containsDangerousChars,
-  SECURITY_LIMITS,
-} from '@umituz/react-native-validation';
-// Sanitize email
-const cleanEmail = sanitizeEmail('  User@Example.COM  ');
-// Result: 'user@example.com'
-// Sanitize name
-const cleanName = sanitizeName('  John   Doe  ');
-// Result: 'John Doe'
-// Sanitize text (removes HTML tags)
-const cleanText = sanitizeText('<script>alert("xss")</script>Hello');
-// Result: 'Hello'
-// Check for dangerous characters
-const isDangerous = containsDangerousChars('<script>alert("xss")</script>');
-// Result: true
-// Check length limits
-const isValidLength = isWithinLengthLimit('text', SECURITY_LIMITS.NAME_MAX_LENGTH);
-```
-### Image Validation Example
-```typescript
-import {
-  validateImageUri,
-  getImageMimeType,
-  validateImageExtension,
-  IMAGE_MIME_TYPES,
-} from '@umituz/react-native-validation';
-// Validate image URI (supports file://, http://, https://, and data: URLs)
-const result = validateImageUri('file:///path/to/image.jpg');
-if (!result.isValid) {
-  console.error(result.error);
-}
-// Get MIME type from URI
-const mimeType = getImageMimeType('file:///path/to/image.png');
-// Result: 'image/png'
-// Validate file extension
-const extensionResult = validateImageExtension('image.jpg');
-if (!extensionResult.isValid) {
-  console.error(extensionResult.error);
-}
-// Use MIME type constants
-if (mimeType === IMAGE_MIME_TYPES.PNG) {
-  console.log('PNG image');
-}
-```
-## API Reference
-### Core Validators
-- `validateEmail(email: string): ValidationResult`
-- `validatePassword(password: string, options?: PasswordOptions): ValidationResult`
-- `validatePasswordConfirmation(password: string, confirmPassword: string): ValidationResult`
-- `validateRequired(value: string, fieldName?: string): ValidationResult`
-- `validateName(name: string, fieldName?: string, minLength?: number): ValidationResult`
-- `validatePhone(phone: string): ValidationResult`
-### Number Validators
-- `validateNumberRange(value: number, min: number, max: number, fieldName?: string): ValidationResult`
-- `validatePositiveNumber(value: number, fieldName?: string): ValidationResult`
-### String Validators
-- `validateMinLength(value: string, minLength: number, fieldName?: string): ValidationResult`
-- `validateMaxLength(value: string, maxLength: number, fieldName?: string): ValidationResult`
-- `validatePattern(value: string, pattern: RegExp, fieldName?: string, errorMessage?: string): ValidationResult`
-### Date Validators
-- `validateDateOfBirth(date: Date): ValidationResult`
-- `validateAge(age: number): ValidationResult` (13-120 years)
-### Image Validators
-- `validateImageUri(uri: string, fieldName?: string): ValidationResult` - Validates image URI (supports file://, http://, https://, and data: URLs)
-- `validateImageMimeType(mimeType: string, fieldName?: string): ValidationResult` - Validates MIME type is supported image type
-- `validateImageExtension(uri: string, fieldName?: string): ValidationResult` - Validates file extension is supported image type
-- `validateImageDataUrl(dataUrl: string, fieldName?: string): ValidationResult` - Validates data URL is image type
-- `getImageMimeType(uri: string): string | null` - Get MIME type from URI (supports all URI types)
-### MIME Type Utilities
-- `getMimeTypeFromExtension(uri: string): string | null` - Get MIME type from file extension
-- `getMimeTypeFromDataUrl(dataUrl: string): string | null` - Get MIME type from data URL
-- `IMAGE_MIME_TYPES` - Supported image MIME types constants
-- `SUPPORTED_IMAGE_MIME_TYPES` - Array of supported image MIME types
-- `EXTENSION_TO_MIME_TYPE` - File extension to MIME type mapping
-- `MIME_TYPE_TO_EXTENSION` - MIME type to file extension mapping
-### Batch Validation
-- `batchValidate(validations: Array<{ field: string; validator: () => ValidationResult }>): { isValid: boolean; errors: Record<string, string> }`
-## Types
-```typescript
-interface ValidationResult {
-  isValid: boolean;
-  error?: string;
-}
-interface PasswordOptions {
-  minLength?: number;
-  requireUppercase?: boolean;
-  requireLowercase?: boolean;
-  requireNumber?: boolean;
-}
-```
-## License
-MIT