@yamo/cli 1.3.12 → 1.3.14

package/dist/utils/validation.js

@@ -0,0 +1,39 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateBytes32 = validateBytes32;
+exports.validateBlockId = validateBlockId;
+exports.validateArtifactPath = validateArtifactPath;
+const constants_js_1 = require("./constants.js");
+/**
+ * Validates bytes32 hash format (0x + 64 hex characters).
+ * @param hash - Hash string to validate
+ * @returns True if valid bytes32 format
+ */
+function validateBytes32(hash) {
+    return constants_js_1.CONSTANTS.HASH_PATTERN.test(hash);
+}
+/**
+ * Validates YAMO block ID format (origin_workflow).
+ * Enforces alphanumeric characters and a single underscore.
+ * @param blockId - Block identifier to validate
+ * @returns True if valid format
+ */
+function validateBlockId(blockId) {
+    const pattern = /^[a-z0-9]+_[a-z0-9]+$/i;
+    return pattern.test(blockId);
+}
+/**
+ * Validates artifact path for security (no path traversal).
+ * @param artifactName - Artifact name from YAMO file
+ * @param artifactPath - Resolved artifact path
+ * @param inputDir - Directory of YAMO file
+ * @throws Error if path is unsafe
+ */
+function validateArtifactPath(artifactName, artifactPath, inputDir) {
+    if (artifactName.includes('..') || artifactName.startsWith('/')) {
+        throw new Error(`Invalid artifact name: ${artifactName}. Path traversal attempts are blocked for security.`);
+    }
+    if (!artifactPath.startsWith(inputDir)) {
+        throw new Error(`Artifact path outside allowed directory: ${artifactName}. Only artifacts in the same directory or subdirectories are allowed.`);
+    }
+}

package/package.json

@@ -1,6 +1,9 @@
 {
   "name": "@yamo/cli",
-  "version": "1.3.12",
+  "version": "1.3.14",
+  "engines": {
+    "node": ">=20.0.0"
+  },
   "description": "YAMO Protocol v0.4 - Command-line tools for blockchain integration",
   "main": "dist/index.js",
   "type": "commonjs",
@@ -17,8 +20,12 @@
     "build": "tsc && chmod +x dist/index.js",
     "prepublishOnly": "npm run build",
     "start": "node dist/index.js",
-    "test": "node --test test/**/*.test.js",
-    "test:security": "node --test test/security.test.js"
+    "test": "node --test 'test/*.test.js' 'test/e2e/*.test.js'",
+    "test:security": "node --test test/security.test.js",
+    "lint": "eslint src",
+    "lint:fix": "eslint src --fix",
+    "format": "prettier --write src/**/*.ts",
+    "format:check": "prettier --check src/**/*.ts"
   },
   "keywords": [
     "yamo",
@@ -38,16 +45,25 @@
   "homepage": "https://github.com/yamo-protocol/yamo-cli#readme",
   "devDependencies": {
     "@types/form-data": "^2.2.1",
-    "@types/node": "^25.0.3",
+    "@types/inquirer": "^9.0.7",
+    "@types/node": "^25.0.8",
+    "@typescript-eslint/eslint-plugin": "^8.53.0",
+    "@typescript-eslint/parser": "^8.53.0",
+    "eslint": "^9.39.2",
+    "eslint-config-prettier": "^9.1.2",
+    "globals": "^17.0.0",
+    "prettier": "^3.8.0",
     "ts-node": "^10.9.2",
     "typescript": "^5.9.3"
   },
   "dependencies": {
-    "@yamo/core": "^1.2.14",
+    "@yamo/core": "^1.2.15",
     "axios": "^1.13.2",
     "chalk": "^4.1.2",
-    "commander": "^12.0.0",
+    "commander": "^14.0.2",
     "dotenv": "^17.2.3",
-    "form-data": "^4.0.5"
+    "form-data": "^4.0.5",
+    "inquirer": "^9.2.12",
+    "ora": "^5.4.1"
   }
 }