apdev-js 0.1.1 → 0.2.1

package/dist/index.cjs

@@ -37,7 +37,11 @@ __export(src_exports, {
   fileToModule: () => fileToModule,
   findCycles: () => findCycles,
   isAllowedChar: () => isAllowedChar,
+  isDangerousChar: () => isDangerousChar,
+  loadCharset: () => loadCharset,
   loadConfig: () => loadConfig,
+  resolveCharsets: () => resolveCharsets,
+  resolvePaths: () => resolvePaths,
   version: () => version
 });
 module.exports = __toCommonJS(src_exports);
@@ -49,80 +53,100 @@ var importMetaUrl = /* @__PURE__ */ getImportMetaUrl();
 // src/check-chars.ts
 var import_node_fs = require("fs");
 var import_node_path = require("path");
-var EMOJI_RANGES = [
-  [127744, 128511],
-  // Symbols and Pictographs
-  [128512, 128591],
-  // Emoticons
-  [128640, 128767],
-  // Transport and Map Symbols
-  [128896, 129023],
-  // Geometric Shapes Extended
-  [129280, 129535],
-  // Supplemental Symbols and Pictographs
-  [9728, 9983],
-  // Miscellaneous Symbols
-  [9984, 10175]
-  // Dingbats
-];
-var EXTRA_ALLOWED_RANGES = [
-  [128, 255],
-  // Latin-1 Supplement
-  [8192, 8303],
-  // General Punctuation
-  [8448, 8527],
-  // Letterlike Symbols
-  [8592, 8703],
-  // Arrows
-  [8704, 8959],
-  // Mathematical Operators
-  [8960, 9215],
-  // Miscellaneous Technical
-  [9472, 9599],
-  // Box Drawing
-  [9632, 9727],
-  // Geometric Shapes
-  [11008, 11263],
-  // Miscellaneous Symbols and Arrows
-  [65024, 65039]
-  // Variation Selectors
-];
-var ALL_RANGES = [...EMOJI_RANGES, ...EXTRA_ALLOWED_RANGES];
-var DANGEROUS_CODEPOINTS = /* @__PURE__ */ new Map([
-  // Bidi control characters (Trojan Source - CVE-2021-42574)
-  [8234, "LEFT-TO-RIGHT EMBEDDING"],
-  [8235, "RIGHT-TO-LEFT EMBEDDING"],
-  [8236, "POP DIRECTIONAL FORMATTING"],
-  [8237, "LEFT-TO-RIGHT OVERRIDE"],
-  [8238, "RIGHT-TO-LEFT OVERRIDE"],
-  [8294, "LEFT-TO-RIGHT ISOLATE"],
-  [8295, "RIGHT-TO-LEFT ISOLATE"],
-  [8296, "FIRST STRONG ISOLATE"],
-  [8297, "POP DIRECTIONAL ISOLATE"],
-  // Zero-width characters
-  [8203, "ZERO WIDTH SPACE"],
-  [8204, "ZERO WIDTH NON-JOINER"],
-  [8205, "ZERO WIDTH JOINER"],
-  [8206, "LEFT-TO-RIGHT MARK"],
-  [8207, "RIGHT-TO-LEFT MARK"],
-  [8288, "WORD JOINER"]
-]);
-var PYTHON_SUFFIXES = /* @__PURE__ */ new Set([".py"]);
-var JS_SUFFIXES = /* @__PURE__ */ new Set([".js", ".ts", ".tsx", ".jsx", ".mjs", ".cjs"]);
-function isAllowedChar(c) {
-  const code = c.codePointAt(0);
-  if (code <= 127) {
-    return true;
+var import_node_url = require("url");
+function getCharsetsDir() {
+  const thisDir = typeof __dirname !== "undefined" ? __dirname : (0, import_node_path.dirname)((0, import_node_url.fileURLToPath)(importMetaUrl));
+  const devPath = (0, import_node_path.join)(thisDir, "charsets");
+  if ((0, import_node_fs.existsSync)(devPath)) {
+    return devPath;
+  }
+  return (0, import_node_path.join)(thisDir, "..", "src", "charsets");
+}
+function loadCharset(nameOrPath) {
+  if (nameOrPath.includes(import_node_path.sep) || nameOrPath.includes("/") || nameOrPath.endsWith(".json")) {
+    if (!(0, import_node_fs.existsSync)(nameOrPath)) {
+      throw new Error(`Charset file not found: ${nameOrPath}`);
+    }
+    return JSON.parse((0, import_node_fs.readFileSync)(nameOrPath, "utf-8"));
+  }
+  const filePath = (0, import_node_path.join)(getCharsetsDir(), `${nameOrPath}.json`);
+  if (!(0, import_node_fs.existsSync)(filePath)) {
+    throw new Error(`Unknown charset: ${nameOrPath}`);
+  }
+  return JSON.parse((0, import_node_fs.readFileSync)(filePath, "utf-8"));
+}
+function parseRanges(entries) {
+  return entries.map((e) => [parseInt(e.start, 16), parseInt(e.end, 16)]);
+}
+function parseDangerous(entries) {
+  const map = /* @__PURE__ */ new Map();
+  for (const e of entries) {
+    map.set(parseInt(e.code, 16), e.name);
+  }
+  return map;
+}
+function resolveCharsets(charsetNames, charsetFiles) {
+  const base = loadCharset("base");
+  const rangesSet = /* @__PURE__ */ new Map();
+  const dangerous = parseDangerous(base.dangerous ?? []);
+  function addRanges(entries) {
+    for (const [s, e] of parseRanges(entries)) {
+      rangesSet.set(`${s}-${e}`, [s, e]);
+    }
+  }
+  addRanges(base.emoji_ranges ?? []);
+  addRanges(base.extra_ranges ?? []);
+  for (const name of charsetNames) {
+    const data = loadCharset(name);
+    addRanges(data.emoji_ranges ?? []);
+    addRanges(data.extra_ranges ?? []);
+    if (data.dangerous) {
+      for (const [code, dname] of parseDangerous(data.dangerous)) {
+        dangerous.set(code, dname);
+      }
+    }
   }
-  for (const [start, end] of ALL_RANGES) {
-    if (code >= start && code <= end) {
-      return true;
+  for (const path of charsetFiles) {
+    const data = loadCharset(path);
+    addRanges(data.emoji_ranges ?? []);
+    addRanges(data.extra_ranges ?? []);
+    if (data.dangerous) {
+      for (const [code, dname] of parseDangerous(data.dangerous)) {
+        dangerous.set(code, dname);
+      }
     }
   }
+  const ranges = [...rangesSet.values()].sort((a, b) => a[0] - b[0]);
+  return { ranges, dangerous };
+}
+var PYTHON_SUFFIXES = /* @__PURE__ */ new Set([".py"]);
+var JS_SUFFIXES = /* @__PURE__ */ new Set([".js", ".ts", ".tsx", ".jsx", ".mjs", ".cjs"]);
+function isInRanges(code, ranges) {
+  if (code <= 127) return true;
+  for (const [start, end] of ranges) {
+    if (code >= start && code <= end) return true;
+  }
   return false;
 }
+var _baseRanges = null;
+var _baseDangerous = null;
+function getBaseDefaults() {
+  if (!_baseRanges || !_baseDangerous) {
+    const defaults = resolveCharsets([], []);
+    _baseRanges = defaults.ranges;
+    _baseDangerous = defaults.dangerous;
+  }
+  return { ranges: _baseRanges, dangerous: _baseDangerous };
+}
+function isAllowedChar(c) {
+  const { ranges, dangerous } = getBaseDefaults();
+  const code = c.codePointAt(0);
+  if (dangerous.has(code)) return false;
+  return isInRanges(code, ranges);
+}
 function isDangerousChar(c) {
-  return DANGEROUS_CODEPOINTS.has(c.codePointAt(0));
+  const { dangerous } = getBaseDefaults();
+  return dangerous.has(c.codePointAt(0));
 }
 function computeCommentMask(content, suffix) {
   if (PYTHON_SUFFIXES.has(suffix)) {
@@ -241,8 +265,13 @@ function computeCommentMaskJs(content) {
   }
   return mask;
 }
-function checkFile(filePath, maxProblems = 5) {
+function checkFile(filePath, maxProblems = 5, extraRanges, dangerousMap) {
   const problems = [];
+  if (!extraRanges || !dangerousMap) {
+    const defaults = getBaseDefaults();
+    extraRanges ??= defaults.ranges;
+    dangerousMap ??= defaults.dangerous;
+  }
   try {
     const content = (0, import_node_fs.readFileSync)(filePath, "utf-8");
     const suffix = (0, import_node_path.extname)(filePath).toLowerCase();
@@ -252,15 +281,15 @@ function checkFile(filePath, maxProblems = 5) {
     for (const char of content) {
       position++;
       const code = char.codePointAt(0);
-      if (isDangerousChar(char)) {
+      if (dangerousMap.has(code)) {
         if (!commentMask.has(offset)) {
-          const name = DANGEROUS_CODEPOINTS.get(code);
+          const name = dangerousMap.get(code);
           const hex = code.toString(16).toUpperCase().padStart(4, "0");
           problems.push(
             `Dangerous character in code at position ${position}: U+${hex} (${name})`
           );
         }
-      } else if (!isAllowedChar(char)) {
+      } else if (!isInRanges(code, extraRanges)) {
         const hex = code.toString(16).toUpperCase().padStart(4, "0");
         problems.push(
           `Illegal character at position ${position}: ${JSON.stringify(char)} (U+${hex})`
@@ -271,15 +300,169 @@ function checkFile(filePath, maxProblems = 5) {
       }
       offset += char.length;
     }
-  } catch {
-    problems.push(`Failed to read file: ${filePath}`);
+  } catch (e) {
+    problems.push(`Failed to read file: ${filePath} (${e})`);
   }
   return problems;
 }
-function checkPaths(paths) {
+var SKIP_SUFFIXES = /* @__PURE__ */ new Set([
+  // Bytecode
+  ".pyc",
+  ".pyo",
+  // Images
+  ".png",
+  ".jpg",
+  ".jpeg",
+  ".gif",
+  ".bmp",
+  ".ico",
+  ".svg",
+  ".webp",
+  // Fonts
+  ".ttf",
+  ".otf",
+  ".woff",
+  ".woff2",
+  ".eot",
+  // Archives
+  ".zip",
+  ".tar",
+  ".gz",
+  ".bz2",
+  ".xz",
+  ".7z",
+  // Compiled / binary
+  ".so",
+  ".dylib",
+  ".dll",
+  ".exe",
+  ".o",
+  ".a",
+  ".whl",
+  ".egg",
+  // Media
+  ".mp3",
+  ".mp4",
+  ".wav",
+  ".avi",
+  ".mov",
+  ".flac",
+  ".ogg",
+  // Documents
+  ".pdf",
+  ".doc",
+  ".docx",
+  ".xls",
+  ".xlsx",
+  ".ppt",
+  ".pptx",
+  // Data
+  ".db",
+  ".sqlite",
+  ".sqlite3",
+  ".pickle",
+  ".pkl"
+]);
+var SKIP_DIRS = /* @__PURE__ */ new Set([
+  "__pycache__",
+  "node_modules",
+  ".git",
+  ".venv",
+  "venv",
+  ".tox",
+  ".mypy_cache",
+  ".pytest_cache",
+  ".ruff_cache",
+  "dist",
+  "build"
+]);
+var DEFAULT_DIRS = ["src", "tests", "examples"];
+var DEFAULT_GLOBS = ["*.md", "*.yml", "*.yaml", "*.json", ".gitignore"];
+function walkDir(directory) {
+  const files = [];
+  let entries;
+  try {
+    entries = (0, import_node_fs.readdirSync)(directory).sort();
+  } catch {
+    return files;
+  }
+  for (const name of entries) {
+    if (name.startsWith(".")) continue;
+    const fullPath = (0, import_node_path.join)(directory, name);
+    let stat;
+    try {
+      stat = (0, import_node_fs.statSync)(fullPath);
+    } catch {
+      continue;
+    }
+    if (stat.isDirectory()) {
+      if (SKIP_DIRS.has(name) || name.endsWith(".egg-info")) continue;
+      files.push(...walkDir(fullPath));
+    } else if (stat.isFile()) {
+      if (SKIP_SUFFIXES.has((0, import_node_path.extname)(name).toLowerCase())) continue;
+      files.push(fullPath);
+    }
+  }
+  return files;
+}
+function defaultProjectFiles() {
+  const cwd = process.cwd();
+  const files = [];
+  for (const dirname3 of DEFAULT_DIRS) {
+    const d = (0, import_node_path.join)(cwd, dirname3);
+    if ((0, import_node_fs.existsSync)(d) && (0, import_node_fs.statSync)(d).isDirectory()) {
+      files.push(...walkDir(d));
+    }
+  }
+  for (const pattern of DEFAULT_GLOBS) {
+    if (pattern.startsWith("*.")) {
+      const suffix = pattern.slice(1);
+      try {
+        for (const name of (0, import_node_fs.readdirSync)(cwd).sort()) {
+          if (name.endsWith(suffix) && (0, import_node_fs.statSync)((0, import_node_path.join)(cwd, name)).isFile()) {
+            files.push((0, import_node_path.join)(cwd, name));
+          }
+        }
+      } catch {
+      }
+    } else {
+      const fullPath = (0, import_node_path.join)(cwd, pattern);
+      if ((0, import_node_fs.existsSync)(fullPath) && (0, import_node_fs.statSync)(fullPath).isFile()) {
+        files.push(fullPath);
+      }
+    }
+  }
+  return files;
+}
+function resolvePaths(paths) {
+  if (paths.length === 0) {
+    return defaultProjectFiles();
+  }
+  const result = [];
+  for (const p of paths) {
+    try {
+      if ((0, import_node_fs.statSync)(p).isDirectory()) {
+        result.push(...walkDir(p));
+      } else {
+        result.push(p);
+      }
+    } catch {
+      result.push(p);
+    }
+  }
+  return result;
+}
+function checkPaths(paths, extraRanges, dangerousMap) {
+  const resolved = resolvePaths(paths);
+  if (resolved.length === 0) {
+    console.log("No files to check.");
+    return 0;
+  }
   let hasError = false;
-  for (const path of paths) {
-    const problems = checkFile(path);
+  let checked = 0;
+  for (const path of resolved) {
+    const problems = checkFile(path, 5, extraRanges, dangerousMap);
+    checked++;
     if (problems.length > 0) {
       hasError = true;
       console.log(`
@@ -289,6 +472,9 @@ ${path} contains illegal characters:`);
       }
     }
   }
+  if (!hasError) {
+    console.log(`All ${checked} files passed.`);
+  }
   return hasError ? 1 : 0;
 }
 
@@ -525,9 +711,9 @@ function loadConfig(projectDir) {
 // src/index.ts
 var import_node_fs4 = require("fs");
 var import_node_path4 = require("path");
-var import_node_url = require("url");
+var import_node_url2 = require("url");
 function readVersion() {
-  const thisDir = typeof __dirname !== "undefined" ? __dirname : (0, import_node_path4.dirname)((0, import_node_url.fileURLToPath)(importMetaUrl));
+  const thisDir = typeof __dirname !== "undefined" ? __dirname : (0, import_node_path4.dirname)((0, import_node_url2.fileURLToPath)(importMetaUrl));
   try {
     const pkg = JSON.parse((0, import_node_fs4.readFileSync)((0, import_node_path4.join)(thisDir, "..", "package.json"), "utf-8"));
     return pkg.version ?? "0.0.0";
@@ -545,6 +731,10 @@ var version = readVersion();
   fileToModule,
   findCycles,
   isAllowedChar,
+  isDangerousChar,
+  loadCharset,
   loadConfig,
+  resolveCharsets,
+  resolvePaths,
   version
 });

package/dist/index.d.cts

@@ -1,14 +1,52 @@
-/** Return true if the character is in the allowed set. */
+/**
+ * Character validation tool.
+ *
+ * Checks that files contain only allowed characters: ASCII, common emoji,
+ * and standard technical symbols (arrows, box-drawing, math operators, etc.).
+ *
+ * Additionally flags dangerous invisible/bidi characters in code regions
+ * (Trojan Source - CVE-2021-42574) while allowing them in comments.
+ */
+interface RangeEntry {
+    start: string;
+    end: string;
+    name: string;
+}
+interface DangerousEntry {
+    code: string;
+    name: string;
+}
+interface CharsetData {
+    name: string;
+    description?: string;
+    emoji_ranges?: RangeEntry[];
+    extra_ranges?: RangeEntry[];
+    dangerous?: DangerousEntry[];
+}
+declare function loadCharset(nameOrPath: string): CharsetData;
+declare function resolveCharsets(charsetNames: string[], charsetFiles: string[]): {
+    ranges: [number, number][];
+    dangerous: Map<number, string>;
+};
+/**
+ * Return true if the character is in the base allowed set.
+ *
+ * Dangerous codepoints (Trojan Source vectors) are excluded even though
+ * they fall within allowed Unicode ranges.
+ */
 declare function isAllowedChar(c: string): boolean;
+/** Return true if the character is a dangerous invisible/bidi codepoint. */
+declare function isDangerousChar(c: string): boolean;
 /**
  * Check a single file for illegal characters.
  * Returns a list of problem descriptions (empty if the file is clean).
  */
-declare function checkFile(filePath: string, maxProblems?: number): string[];
+declare function checkFile(filePath: string, maxProblems?: number, extraRanges?: [number, number][], dangerousMap?: Map<number, string>): string[];
+declare function resolvePaths(paths: string[]): string[];
 /**
  * Check multiple files. Returns 0 if all clean, 1 if any have problems.
  */
-declare function checkPaths(paths: string[]): number;
+declare function checkPaths(paths: string[], extraRanges?: [number, number][], dangerousMap?: Map<number, string>): number;
 
 /**
  * Circular import detection tool.
@@ -38,4 +76,4 @@ declare function loadConfig(projectDir?: string): Record<string, unknown>;
 
 declare const version: string;
 
-export { buildDependencyGraph, checkCircularImports, checkFile, checkPaths, fileToModule, findCycles, isAllowedChar, loadConfig, version };
+export { buildDependencyGraph, checkCircularImports, checkFile, checkPaths, fileToModule, findCycles, isAllowedChar, isDangerousChar, loadCharset, loadConfig, resolveCharsets, resolvePaths, version };

package/dist/index.d.ts

@@ -1,14 +1,52 @@
-/** Return true if the character is in the allowed set. */
+/**
+ * Character validation tool.
+ *
+ * Checks that files contain only allowed characters: ASCII, common emoji,
+ * and standard technical symbols (arrows, box-drawing, math operators, etc.).
+ *
+ * Additionally flags dangerous invisible/bidi characters in code regions
+ * (Trojan Source - CVE-2021-42574) while allowing them in comments.
+ */
+interface RangeEntry {
+    start: string;
+    end: string;
+    name: string;
+}
+interface DangerousEntry {
+    code: string;
+    name: string;
+}
+interface CharsetData {
+    name: string;
+    description?: string;
+    emoji_ranges?: RangeEntry[];
+    extra_ranges?: RangeEntry[];
+    dangerous?: DangerousEntry[];
+}
+declare function loadCharset(nameOrPath: string): CharsetData;
+declare function resolveCharsets(charsetNames: string[], charsetFiles: string[]): {
+    ranges: [number, number][];
+    dangerous: Map<number, string>;
+};
+/**
+ * Return true if the character is in the base allowed set.
+ *
+ * Dangerous codepoints (Trojan Source vectors) are excluded even though
+ * they fall within allowed Unicode ranges.
+ */
 declare function isAllowedChar(c: string): boolean;
+/** Return true if the character is a dangerous invisible/bidi codepoint. */
+declare function isDangerousChar(c: string): boolean;
 /**
  * Check a single file for illegal characters.
  * Returns a list of problem descriptions (empty if the file is clean).
  */
-declare function checkFile(filePath: string, maxProblems?: number): string[];
+declare function checkFile(filePath: string, maxProblems?: number, extraRanges?: [number, number][], dangerousMap?: Map<number, string>): string[];
+declare function resolvePaths(paths: string[]): string[];
 /**
  * Check multiple files. Returns 0 if all clean, 1 if any have problems.
  */
-declare function checkPaths(paths: string[]): number;
+declare function checkPaths(paths: string[], extraRanges?: [number, number][], dangerousMap?: Map<number, string>): number;
 
 /**
  * Circular import detection tool.
@@ -38,4 +76,4 @@ declare function loadConfig(projectDir?: string): Record<string, unknown>;
 
 declare const version: string;
 
-export { buildDependencyGraph, checkCircularImports, checkFile, checkPaths, fileToModule, findCycles, isAllowedChar, loadConfig, version };
+export { buildDependencyGraph, checkCircularImports, checkFile, checkPaths, fileToModule, findCycles, isAllowedChar, isDangerousChar, loadCharset, loadConfig, resolveCharsets, resolvePaths, version };