claudecode-linter 2.1.148-patch.1 → 2.1.148-patch.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claudecode-lint.defaults.yaml +13 -0
- package/README.md +90 -3
- package/contracts/agent-frontmatter.schema.json +141 -1
- package/contracts/command-frontmatter.schema.json +127 -1
- package/contracts/hooks.schema.json +275 -0
- package/contracts/mcp.schema.json +302 -0
- package/contracts/settings.schema.json +285 -2
- package/contracts/skill-frontmatter.schema.json +197 -1
- package/dist/config.js +13 -8
- package/dist/contracts.js +13 -0
- package/dist/formatters/human.js +3 -2
- package/dist/index.js +72 -12
- package/dist/linters/agent-md.js +29 -1
- package/dist/linters/command-md.js +37 -1
- package/dist/linters/hooks-json.js +24 -0
- package/dist/linters/mcp-json.js +24 -0
- package/dist/linters/skill-md.js +41 -0
- package/dist/plugin-schema.js +17 -8
- package/dist/utils/asset-path.js +56 -0
- package/dist/utils/effort.js +29 -0
- package/dist/utils/frontmatter-keys.js +32 -3
- package/dist/utils/frontmatter.js +1 -1
- package/dist/utils/safe-write.js +36 -0
- package/dist/utils/terminal.js +18 -0
- package/package.json +3 -1
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Strip C0 control characters and DEL from a string before it is written to
|
|
3
|
+
* a terminal, while preserving tab and newline.
|
|
4
|
+
*
|
|
5
|
+
* Diagnostic messages, file paths and `--fix-dry-run` diffs embed untrusted
|
|
6
|
+
* strings (rule content, field values, file content, plugin-controlled file
|
|
7
|
+
* and directory names). Without sanitization an attacker-supplied artifact
|
|
8
|
+
* could smuggle ANSI/control sequences into the user's terminal.
|
|
9
|
+
*
|
|
10
|
+
* Strips U+0000-U+0008, U+000B-U+001F and U+007F (DEL) - every C0 control
|
|
11
|
+
* char and DEL except U+0009 (tab) and U+000A (newline), which are kept.
|
|
12
|
+
* The stripped set includes U+000D (CR) and U+001B (ESC) by design.
|
|
13
|
+
*/
|
|
14
|
+
export function sanitizeForTerminal(s) {
|
|
15
|
+
// eslint-disable-next-line no-control-regex
|
|
16
|
+
return s.replace(/[\u0000-\u0008\u000B-\u001F\u007F]/g, "");
|
|
17
|
+
}
|
|
18
|
+
//# sourceMappingURL=terminal.js.map
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "claudecode-linter",
|
|
3
|
-
"version": "2.1.148-patch.
|
|
3
|
+
"version": "2.1.148-patch.3",
|
|
4
4
|
"description": "Standalone linter for Claude Code plugins and configuration files",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|
|
@@ -30,6 +30,8 @@
|
|
|
30
30
|
"contracts/skill-frontmatter.schema.json",
|
|
31
31
|
"contracts/agent-frontmatter.schema.json",
|
|
32
32
|
"contracts/command-frontmatter.schema.json",
|
|
33
|
+
"contracts/mcp.schema.json",
|
|
34
|
+
"contracts/hooks.schema.json",
|
|
33
35
|
".claudecode-lint.defaults.yaml",
|
|
34
36
|
"README.md"
|
|
35
37
|
],
|