@vercel/sandbox 1.1.9 → 1.2.1

package/src/utils/jwt-expiry.test.ts

@@ -1,125 +0,0 @@
-import { assert, beforeEach, describe, expect, test, vi } from "vitest";
-import { JwtExpiry } from "./jwt-expiry";
-import type { getVercelOidcToken } from "@vercel/oidc";
-
-const { getVercelOidcTokenMock } = vi.hoisted(() => {
-  return {
-    getVercelOidcTokenMock: vi.fn<typeof getVercelOidcToken>(),
-  };
-});
-vi.mock("@vercel/oidc", () => ({
-  getVercelOidcToken: getVercelOidcTokenMock,
-}));
-beforeEach(() => {
-  getVercelOidcTokenMock.mockReset();
-});
-
-describe("JwtExpiry", () => {
-  test("refreshes a token", async () => {
-    const token = createMockJWT({
-      owner_id: "team1",
-      project_id: "proj1",
-    });
-    getVercelOidcTokenMock.mockImplementationOnce(async () => "hello world");
-    const expiry = await JwtExpiry.fromToken(token)?.refresh();
-    expect(expiry).toBeInstanceOf(JwtExpiry);
-    expect(expiry?.token).toEqual("hello world");
-  });
-
-  test("isValid returns true for tokens without expiry", () => {
-    // Mock token without exp field (like OIDC tokens without exp)
-    const tokenWithoutExp = createMockJWT({
-      owner_id: "team1",
-      project_id: "proj1",
-    });
-    const expiry = JwtExpiry.fromToken(tokenWithoutExp);
-    assert(expiry, "Expiry should not be null for valid JWT");
-    expect(expiry.isValid()).toBe(false); // No exp field means malformed JWT
-  });
-
-  test("isValid returns true for unexpired tokens", () => {
-    const futureTime = Math.floor(Date.now() / 1000) + 3600; // 1 hour from now
-    const tokenValid = createMockJWT({
-      owner_id: "team1",
-      project_id: "proj1",
-      exp: futureTime,
-    });
-    const expiry = JwtExpiry.fromToken(tokenValid);
-    assert(expiry, "Expiry should not be null for valid JWT");
-    expect(expiry.isValid()).toBe(true);
-  });
-
-  test("isValid returns false for expired tokens", () => {
-    const pastTime = Math.floor(Date.now() / 1000) - 3600; // 1 hour ago
-    const tokenExpired = createMockJWT({
-      owner_id: "team1",
-      project_id: "proj1",
-      exp: pastTime,
-    });
-    const expiry = JwtExpiry.fromToken(tokenExpired);
-    assert(expiry, "Expiry should not be null for valid JWT");
-    expect(expiry.isValid()).toBe(false);
-  });
-
-  test("isValid returns false for tokens expiring within buffer time", () => {
-    const soonTime = Math.floor(Date.now() / 1000) + 120; // 2 minutes from now
-    const tokenExpiringSoon = createMockJWT({
-      owner_id: "team1",
-      project_id: "proj1",
-      exp: soonTime,
-    });
-    const expiry = JwtExpiry.fromToken(tokenExpiringSoon);
-    assert(expiry, "Expiry should not be null for valid JWT");
-    expect(expiry.isValid(5)).toBe(false); // 5 minute buffer
-  });
-
-  test("isValid returns false for malformed JWT tokens", () => {
-    const expiry = JwtExpiry.fromToken("header.invalid-payload.signature");
-    assert(expiry, "Expiry should not be null for valid JWT");
-    expect(expiry.isValid()).toBe(false);
-  });
-
-  test("getExpiryDate returns correct expiry date", () => {
-    const expTime = Math.floor(Date.now() / 1000) + 3600; // 1 hour from now
-    const token = createMockJWT({
-      owner_id: "team1",
-      project_id: "proj1",
-      exp: expTime,
-    });
-    const expiry = JwtExpiry.fromToken(token);
-    assert(expiry, "Expiry should not be null for valid JWT");
-    expect(expiry.getExpiryDate()).toEqual(new Date(expTime * 1000));
-  });
-
-  test("getExpiryDate returns null for tokens without expiry", () => {
-    const token = createMockJWT({ owner_id: "team1", project_id: "proj1" });
-    const expiry = JwtExpiry.fromToken(token);
-    assert(expiry, "Expiry should not be null for valid JWT");
-    expect(expiry.getExpiryDate()).toBeNull();
-  });
-
-  test("getExpiryDate returns null for malformed tokens", () => {
-    const token = "hello.world.hey";
-    const expiry = JwtExpiry.fromToken(token);
-    assert(expiry, "Expiry should not be null for valid JWT");
-    expect(expiry.getExpiryDate()).toBeNull();
-  });
-
-  test("returns null for non-JWT style tokens", () => {
-    expect(JwtExpiry.fromToken("personal-access-token")).toBeNull();
-  });
-});
-
-// Helper function to create mock JWT tokens for testing
-function createMockJWT(payload: any): string {
-  const header = { typ: "JWT", alg: "HS256" };
-  const encodedHeader = Buffer.from(JSON.stringify(header)).toString(
-    "base64url",
-  );
-  const encodedPayload = Buffer.from(JSON.stringify(payload)).toString(
-    "base64url",
-  );
-  const signature = "mock-signature";
-
-  return `${encodedHeader}.${encodedPayload}.${signature}`;
-}

package/src/utils/jwt-expiry.ts

@@ -1,105 +0,0 @@
-import { z } from "zod";
-import { decodeBase64Url } from "./decode-base64-url";
-import { schema } from "./get-credentials";
-import { getVercelOidcToken } from "@vercel/oidc";
-import ms from "ms";
-
-/** Time buffer before token expiry to consider it invalid (in milliseconds) */
-const BUFFER_MS = ms("5m");
-
-export class OidcRefreshError extends Error {
-  name = "OidcRefreshError";
-}
-
-/**
- * Expiry implementation for JWT tokens (OIDC tokens).
- * Parses the JWT once and provides fast expiry validation.
- */
-export class JwtExpiry {
-  private expiryTime: number | null; // Unix timestamp in seconds
-  readonly payload?: Readonly<z.infer<typeof schema>>;
-
-  static fromToken(token: string): JwtExpiry | null {
-    if (!isJwtFormat(token)) {
-      return null;
-    } else {
-      return new JwtExpiry(token);
-    }
-  }
-
-  /**
-   * Creates a new JWT expiry checker.
-   *
-   * @param token - The JWT token to parse
-   */
-  constructor(readonly token: string) {
-    try {
-      const tokenContents = token.split(".")[1];
-      this.payload = schema.parse(decodeBase64Url(tokenContents));
-      this.expiryTime = this.payload.exp || null;
-    } catch {
-      // Malformed token - treat as expired to trigger refresh
-      this.expiryTime = 0;
-    }
-  }
-
-  /**
-   * Checks if the JWT token is valid (not expired).
-   * @returns true if token is valid, false if expired or expiring soon
-   */
-  isValid(): boolean {
-    if (this.expiryTime === null) {
-      return false; // No expiry means malformed JWT
-    }
-
-    const now = Math.floor(Date.now() / 1000);
-    const buffer = BUFFER_MS / 1000;
-    return now + buffer < this.expiryTime;
-  }
-
-  /**
-   * Gets the expiry date of the JWT token.
-   *
-   * @returns Date object representing when the token expires, or null if no expiry
-   */
-  getExpiryDate(): Date | null {
-    return this.expiryTime ? new Date(this.expiryTime * 1000) : null;
-  }
-
-  /**
-   * Refreshes the JWT token by fetching a new OIDC token.
-   *
-   * @returns Promise resolving to a new JwtExpiry instance with fresh token
-   */
-  async refresh(): Promise<JwtExpiry> {
-    try {
-      const freshToken = await getVercelOidcToken();
-      return new JwtExpiry(freshToken);
-    } catch (cause) {
-      throw new OidcRefreshError("Failed to refresh OIDC token", {
-        cause,
-      });
-    }
-  }
-
-  /**
-   * Refreshes the JWT token if it's expired or expiring soon.
-   */
-  async tryRefresh(): Promise<JwtExpiry | null> {
-    if (this.isValid()) {
-      return null; // Still valid, no need to refresh
-    }
-
-    return this.refresh();
-  }
-}
-
-/**
- * Checks if a token follows JWT format (has 3 parts separated by dots).
- *
- * @param token - The token to check
- * @returns true if token appears to be a JWT, false otherwise
- */
-function isJwtFormat(token: string): boolean {
-  return token.split(".").length === 3;
-}

package/src/utils/log.ts

@@ -1,20 +0,0 @@
-import pico from "picocolors";
-const colors = {
-  warn: pico.yellow,
-  error: pico.red,
-  success: pico.green,
-  info: pico.blue,
-};
-const logPrefix = pico.dim("[vercel/sandbox]");
-export function write(
-  level: "warn" | "error" | "info" | "success",
-  text: string | string[],
-) {
-  text = Array.isArray(text) ? text.join("\n") : text;
-  const prefixed = text.replace(/^/gm, `${logPrefix} `);
-  console.error(colors[level](prefixed));
-}
-
-export function code(text: string) {
-  return pico.italic(pico.dim("`") + text + pico.dim("`"));
-}

package/src/utils/normalizePath.test.ts

@@ -1,114 +0,0 @@
-import { describe, expect, it } from "vitest";
-import { normalizePath } from "./normalizePath";
-
-describe("normalizePath", () => {
-  it("handles base cases", () => {
-    expect(
-      normalizePath({
-        filePath: "foo.txt",
-        cwd: "/vercel/sandbox",
-        extractDir: "/",
-      }),
-    ).toBe("vercel/sandbox/foo.txt");
-    expect(
-      normalizePath({
-        filePath: "foo/bar/baz.txt",
-        cwd: "/vercel/sandbox",
-        extractDir: "/",
-      }),
-    ).toBe("vercel/sandbox/foo/bar/baz.txt");
-    expect(
-      normalizePath({ filePath: "bar.txt", cwd: "/", extractDir: "/" }),
-    ).toBe("bar.txt");
-    expect(
-      normalizePath({
-        filePath: "/some/other/dir/foo.txt",
-        cwd: "/bar",
-        extractDir: "/",
-      }),
-    ).toBe("some/other/dir/foo.txt");
-  });
-
-  it("handles base cases (extract dir)", () => {
-    expect(
-      normalizePath({
-        filePath: "foo.txt",
-        cwd: "/vercel/sandbox",
-        extractDir: "/vercel",
-      }),
-    ).toBe("sandbox/foo.txt");
-    expect(
-      normalizePath({
-        filePath: "foo/bar/baz.txt",
-        cwd: "/vercel/sandbox",
-        extractDir: "/vercel",
-      }),
-    ).toBe("sandbox/foo/bar/baz.txt");
-
-    // TODO: Should this be allowed?
-    expect(
-      normalizePath({ filePath: "bar.txt", cwd: "/", extractDir: "/vercel" }),
-    ).toBe("../bar.txt");
-  });
-
-  it("handles normalization", () => {
-    expect(
-      normalizePath({
-        filePath: "/resolves/../this/stuff/foo.txt",
-        cwd: "/bar",
-        extractDir: "/",
-      }),
-    ).toBe("this/stuff/foo.txt");
-    expect(
-      normalizePath({
-        filePath: "/handles//extra-slashes",
-        cwd: "/",
-        extractDir: "/",
-      }),
-    ).toBe("handles/extra-slashes");
-  });
-
-  it("resolves relative paths", () => {
-    expect(
-      normalizePath({
-        filePath: "/../../../foo.txt",
-        cwd: "/",
-        extractDir: "/",
-      }),
-    ).toBe("foo.txt");
-    expect(
-      normalizePath({
-        filePath: "../../../../foo.txt",
-        cwd: "/vercel/sandbox",
-        extractDir: "/",
-      }),
-    ).toBe("foo.txt");
-    expect(
-      normalizePath({
-        filePath: "../foo.txt",
-        cwd: "/vercel/sandbox",
-        extractDir: "/",
-      }),
-    ).toBe("vercel/foo.txt");
-  });
-
-  it("validates the cwd", () => {
-    expect(() => {
-      normalizePath({
-        filePath: "doesn't matter",
-        cwd: "relative/root",
-        extractDir: "/",
-      });
-    }).toThrow("cwd dir must be absolute");
-  });
-
-  it("validates the cwd", () => {
-    expect(() => {
-      normalizePath({
-        filePath: "doesn't matter",
-        cwd: "/",
-        extractDir: "some/relative/path",
-      });
-    }).toThrow("extractDir must be absolute");
-  });
-});

package/src/utils/normalizePath.ts

@@ -1,33 +0,0 @@
-import path from "path";
-
-/**
- * Normalize a path and make it relative to `params.extractDir` for inclusion
- * in our tar archives.
- *
- * Relative paths are first resolved to `params.cwd`.
- * Absolute paths are normalized and resolved relative to `params.extractDir`.
- *
- * In addition, paths are normalized so consecutive slashes are removed and
- * stuff like `../..` is resolved appropriately.
- *
- * This function always returns a path relative to `params.extractDir`.
- */
-export function normalizePath(params: {
-  filePath: string;
-  cwd: string;
-  extractDir: string;
-}) {
-  if (!path.posix.isAbsolute(params.cwd)) {
-    throw new Error("cwd dir must be absolute");
-  }
-
-  if (!path.posix.isAbsolute(params.extractDir)) {
-    throw new Error("extractDir must be absolute");
-  }
-
-  const basePath = path.posix.isAbsolute(params.filePath)
-    ? path.posix.normalize(params.filePath)
-    : path.posix.join(params.cwd, params.filePath);
-
-  return path.posix.relative(params.extractDir, basePath);
-}

package/src/utils/resolveSignal.ts

@@ -1,24 +0,0 @@
-const linuxSignalMapping = {
-  SIGHUP: 1,
-  SIGINT: 2,
-  SIGQUIT: 3,
-  SIGKILL: 9,
-  SIGTERM: 15,
-  SIGCONT: 18,
-  SIGSTOP: 19,
-} as const;
-
-type CommonLinuxSignals = keyof typeof linuxSignalMapping;
-
-export type Signal = CommonLinuxSignals | number;
-
-export function resolveSignal(signal: Signal): number {
-  if (typeof signal === "number") {
-    return signal;
-  }
-
-  if (signal in linuxSignalMapping) {
-    return linuxSignalMapping[signal];
-  }
-  throw new Error(`Unknown signal name: ${String(signal)}`);
-}

package/src/utils/types.test.js

@@ -1,7 +0,0 @@
-import { expect, it } from "vitest";
-import { getPrivateParams } from "./types";
-
-it("getPrivateParams filters unknown params", async () => {
-  const result = getPrivateParams({ foo: 123, __someParam: "abc" });
-  expect(result).toEqual({ __someParam: "abc" });
-});

package/src/utils/types.ts

@@ -1,23 +0,0 @@
-/**
- * Utility type that extends a type to accept private parameters.
- *
- * The private parameters can then be extracted out of the object using
- * `getPrivateParams`.
- */
-export type WithPrivate<T> = T & {
-  [K in `__${string}`]?: unknown;
-};
-
-/**
- * Extract private parameters out of an object.
- */
-export const getPrivateParams = (params?: object) => {
-  const privateEntries = Object.entries(params ?? {}).filter(([k]) =>
-    k.startsWith("__"),
-  );
-  return Object.fromEntries(privateEntries) as {
-    [K in keyof typeof params as K extends `__${string}`
-      ? K
-      : never]: (typeof params)[K];
-  };
-};

package/src/version.ts

@@ -1,2 +0,0 @@
-// Autogenerated by inject-version.ts
-export const VERSION = "1.1.9";

package/test-utils/mock-response.ts

@@ -1,12 +0,0 @@
-export function createNdjsonStream(
-  lines: object[],
-): ReadableStream<Uint8Array> {
-  const encoder = new TextEncoder();
-  const ndjson = lines.map((line) => JSON.stringify(line)).join("\n") + "\n";
-  return new ReadableStream({
-    start(controller) {
-      controller.enqueue(encoder.encode(ndjson));
-      controller.close();
-    },
-  });
-}

package/tsconfig.json

@@ -1,16 +0,0 @@
-{
-  "compilerOptions": {
-    "outDir": "./dist",
-    "esModuleInterop": true,
-    "skipLibCheck": true,
-    "lib": ["ESNext"],
-    "strict": true,
-    "target": "ES2020",
-    "declaration": true,
-    "sourceMap": true,
-    "module": "commonjs",
-    "resolveJsonModule": true
-  },
-  "include": ["src/**/*.ts"],
-  "exclude": ["src/**/*.test.ts", "vitest.config.ts", "vitest.setup.ts"]
-}

package/turbo.json

@@ -1,9 +0,0 @@
-{
-  "extends": ["//"],
-  "tasks": {
-    "version:bump": {
-      "inputs": ["package.json"],
-      "outputs": ["src/version.ts"]
-    }
-  }
-}

package/typedoc.json

@@ -1,13 +0,0 @@
-{
-  "out": "dist/doc",
-  "sort": ["source-order"],
-  "navigationLinks": {
-    "GitHub": "https://github.com/vercel/sandbox-sdk"
-  },
-  "compilerOptions": {
-    "exclude": ["src/command.test.ts"],
-    "stripInternal": true
-  },
-  "excludeInternal": false,
-  "excludePrivate": true
-}

package/vercel.json

@@ -1,9 +0,0 @@
-{
-  "redirects": [
-    {
-      "source": "/(.*)",
-      "destination": "https://vercel.com/docs/vercel-sandbox",
-      "permanent": true
-    }
-  ]
-}

package/vitest.config.ts

@@ -1,9 +0,0 @@
-import { defineConfig } from "vitest/config";
-
-export default defineConfig({
-  test: {
-    env: { FORCE_COLOR: "1" },
-    setupFiles: ["./vitest.setup.ts"],
-    testTimeout: 60_000,
-  },
-});

package/vitest.setup.ts

@@ -1,4 +0,0 @@
-import { config } from "dotenv";
-import { resolve } from "path";
-
-config({ path: resolve(__dirname, ".env.test") });