cross-image 0.1.2 → 0.1.4

package/esm/src/formats/webp.js

@@ -1,3 +1,4 @@
+import { validateImageDimensions } from "../utils/security.js";
 // Default quality for WebP encoding when not specified
 const DEFAULT_WEBP_QUALITY = 90;
 /**
@@ -6,12 +7,14 @@ const DEFAULT_WEBP_QUALITY = 90;
  */
 export class WebPFormat {
     constructor() {
+        /** Format name identifier */
         Object.defineProperty(this, "name", {
             enumerable: true,
             configurable: true,
             writable: true,
             value: "webp"
         });
+        /** MIME type for WebP images */
         Object.defineProperty(this, "mimeType", {
             enumerable: true,
             configurable: true,
@@ -19,6 +22,11 @@ export class WebPFormat {
             value: "image/webp"
         });
     }
+    /**
+     * Check if the given data is a WebP image
+     * @param data Raw image data to check
+     * @returns true if data has WebP signature
+     */
     canDecode(data) {
         // WebP signature: "RIFF" + size + "WEBP"
         return data.length >= 12 &&
@@ -27,6 +35,11 @@ export class WebPFormat {
             data[8] === 0x57 && data[9] === 0x45 && // "WE"
             data[10] === 0x42 && data[11] === 0x50; // "BP"
     }
+    /**
+     * Decode WebP image data to RGBA
+     * @param data Raw WebP image data
+     * @returns Decoded image data with RGBA pixels
+     */
     async decode(data) {
         if (!this.canDecode(data)) {
             throw new Error("Invalid WebP signature");
@@ -89,6 +102,8 @@ export class WebPFormat {
         if (width === 0 || height === 0) {
             throw new Error("Could not determine WebP dimensions");
         }
+        // Validate dimensions for security (prevent integer overflow and heap exhaustion)
+        validateImageDimensions(width, height);
         // For a pure JS implementation, we'd need to implement full WebP decoding
         // which is very complex. Instead, we'll use the browser/runtime's decoder.
         const rgba = await this.decodeUsingRuntime(data, width, height);
@@ -99,6 +114,12 @@ export class WebPFormat {
             metadata: Object.keys(metadata).length > 0 ? metadata : undefined,
         };
     }
+    /**
+     * Encode RGBA image data to WebP format
+     * @param imageData Image data to encode
+     * @param options Optional WebP encoding options
+     * @returns Encoded WebP image bytes
+     */
     async encode(imageData, options) {
         const { width, height, data, metadata } = imageData;
         const quality = options?.quality ?? DEFAULT_WEBP_QUALITY;

package/esm/src/image.js

@@ -7,6 +7,7 @@ import { TIFFFormat } from "./formats/tiff.js";
 import { BMPFormat } from "./formats/bmp.js";
 import { RAWFormat } from "./formats/raw.js";
 import { ASCIIFormat } from "./formats/ascii.js";
+import { validateImageDimensions } from "./utils/security.js";
 /**
  * Main Image class for reading, manipulating, and saving images
  */
@@ -221,6 +222,8 @@ export class Image {
      * @returns Image instance
      */
     static fromRGBA(width, height, data) {
+        // Validate dimensions for security (prevent integer overflow and heap exhaustion)
+        validateImageDimensions(width, height);
         if (data.length !== width * height * 4) {
             throw new Error(`Data length mismatch: expected ${width * height * 4}, got ${data.length}`);
         }
@@ -237,6 +240,8 @@ export class Image {
         if (!this.imageData)
             throw new Error("No image loaded");
         const { width, height, method = "bilinear" } = options;
+        // Validate new dimensions for security (prevent integer overflow and heap exhaustion)
+        validateImageDimensions(width, height);
         const { data: srcData, width: srcWidth, height: srcHeight } = this.imageData;
         let resizedData;
         if (method === "nearest") {

package/esm/src/utils/security.d.ts

@@ -0,0 +1,28 @@
+/**
+ * Security utilities for image processing
+ * Prevents integer overflow, heap exhaustion, and decompression bombs
+ */
+/**
+ * Maximum safe image dimensions
+ * These limits prevent integer overflow and heap exhaustion attacks
+ */
+export declare const MAX_IMAGE_DIMENSION = 65535;
+export declare const MAX_IMAGE_PIXELS = 178956970;
+/**
+ * Validates image dimensions to prevent security vulnerabilities
+ *
+ * @param width Image width in pixels
+ * @param height Image height in pixels
+ * @throws Error if dimensions are invalid or unsafe
+ */
+export declare function validateImageDimensions(width: number, height: number): void;
+/**
+ * Safely calculates buffer size for RGBA image data
+ *
+ * @param width Image width in pixels
+ * @param height Image height in pixels
+ * @returns Buffer size in bytes (width * height * 4)
+ * @throws Error if calculation would overflow
+ */
+export declare function calculateBufferSize(width: number, height: number): number;
+//# sourceMappingURL=security.d.ts.map

package/esm/src/utils/security.js

@@ -0,0 +1,48 @@
+/**
+ * Security utilities for image processing
+ * Prevents integer overflow, heap exhaustion, and decompression bombs
+ */
+/**
+ * Maximum safe image dimensions
+ * These limits prevent integer overflow and heap exhaustion attacks
+ */
+export const MAX_IMAGE_DIMENSION = 65535; // 2^16 - 1 (reasonable for most use cases)
+export const MAX_IMAGE_PIXELS = 178956970; // ~179 megapixels (fits safely in memory)
+/**
+ * Validates image dimensions to prevent security vulnerabilities
+ *
+ * @param width Image width in pixels
+ * @param height Image height in pixels
+ * @throws Error if dimensions are invalid or unsafe
+ */
+export function validateImageDimensions(width, height) {
+    // Check for negative or zero dimensions
+    if (width <= 0 || height <= 0) {
+        throw new Error(`Invalid image dimensions: ${width}x${height} (dimensions must be positive)`);
+    }
+    // Check if dimensions are integers
+    if (!Number.isInteger(width) || !Number.isInteger(height)) {
+        throw new Error(`Invalid image dimensions: ${width}x${height} (dimensions must be integers)`);
+    }
+    // Check individual dimension limits
+    if (width > MAX_IMAGE_DIMENSION || height > MAX_IMAGE_DIMENSION) {
+        throw new Error(`Image dimensions too large: ${width}x${height} (maximum ${MAX_IMAGE_DIMENSION}x${MAX_IMAGE_DIMENSION})`);
+    }
+    // Check total pixel count to prevent excessive memory allocation
+    const pixelCount = width * height;
+    if (pixelCount > MAX_IMAGE_PIXELS) {
+        throw new Error(`Image size too large: ${width}x${height} (${pixelCount} pixels exceeds maximum ${MAX_IMAGE_PIXELS})`);
+    }
+}
+/**
+ * Safely calculates buffer size for RGBA image data
+ *
+ * @param width Image width in pixels
+ * @param height Image height in pixels
+ * @returns Buffer size in bytes (width * height * 4)
+ * @throws Error if calculation would overflow
+ */
+export function calculateBufferSize(width, height) {
+    validateImageDimensions(width, height);
+    return width * height * 4;
+}

package/esm/src/utils/webp_decoder.js

@@ -19,6 +19,7 @@
  * @see https://developers.google.com/speed/webp/docs/riff_container
  * @see https://developers.google.com/speed/webp/docs/webp_lossless_bitstream_specification
  */
+import { validateImageDimensions } from "./security.js";
 // Helper to read little-endian values
 function readUint24LE(data, offset) {
     return data[offset] | (data[offset + 1] << 8) | (data[offset + 2] << 16);
@@ -252,6 +253,8 @@ export class WebPDecoder {
         }
         // Read Huffman codes
         const huffmanTables = this.readHuffmanCodes(reader, useColorCache, colorCacheBits);
+        // Validate dimensions for security (prevent integer overflow and heap exhaustion)
+        validateImageDimensions(width, height);
         // Decode the image using Huffman codes
         const pixelData = new Uint8Array(width * height * 4);
         let pixelIndex = 0;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cross-image",
-  "version": "0.1.2",
+  "version": "0.1.4",
   "description": "A pure JavaScript, dependency-free, cross-runtime image processing library for Deno, Node.js, and Bun.",
   "keywords": [
     "image",
@@ -34,8 +34,5 @@
     }
   },
   "scripts": {},
-  "devDependencies": {
-    "@types/node": "^20.9.0"
-  },
   "_generatedBy": "dnt@dev"
 }

package/script/src/formats/ascii.d.ts

@@ -17,7 +17,18 @@ export declare class ASCIIFormat implements ImageFormat {
     private readonly MAGIC_BYTES;
     private readonly CHARSETS;
     canDecode(data: Uint8Array): boolean;
+    /**
+     * Decode ASCII art to a basic grayscale RGBA image
+     * @param data Raw ASCII art data
+     * @returns Decoded image data with grayscale RGBA pixels
+     */
     decode(data: Uint8Array): Promise<ImageData>;
+    /**
+     * Encode RGBA image data to ASCII art
+     * @param imageData Image data to encode
+     * @param options Optional ASCII encoding options
+     * @returns Encoded ASCII art as UTF-8 bytes
+     */
     encode(imageData: ImageData, options?: ASCIIOptions): Promise<Uint8Array>;
     /**
      * Parse options from the options line

package/script/src/formats/ascii.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ASCIIFormat = void 0;
+const security_js_1 = require("../utils/security.js");
 /**
  * ASCII format handler
  * Converts images to ASCII art text representation
@@ -65,6 +66,11 @@ class ASCIIFormat {
             data[4] === this.MAGIC_BYTES[4] &&
             data[5] === this.MAGIC_BYTES[5];
     }
+    /**
+     * Decode ASCII art to a basic grayscale RGBA image
+     * @param data Raw ASCII art data
+     * @returns Decoded image data with grayscale RGBA pixels
+     */
     decode(data) {
         if (!this.canDecode(data)) {
             throw new Error("Invalid ASCII art signature");
@@ -86,6 +92,8 @@ class ASCIIFormat {
         // Calculate dimensions
         const height = artLines.length;
         const width = Math.max(...artLines.map((line) => line.length));
+        // Validate dimensions for security (prevent integer overflow and heap exhaustion)
+        (0, security_js_1.validateImageDimensions)(width, height);
         // Convert ASCII art back to image data
         const imageData = new Uint8Array(width * height * 4);
         const charset = this.CHARSETS[options.charset] || this.CHARSETS.simple;
@@ -114,6 +122,12 @@ class ASCIIFormat {
         }
         return Promise.resolve({ width, height, data: imageData });
     }
+    /**
+     * Encode RGBA image data to ASCII art
+     * @param imageData Image data to encode
+     * @param options Optional ASCII encoding options
+     * @returns Encoded ASCII art as UTF-8 bytes
+     */
     encode(imageData, options = {}) {
         const { width: targetWidth = 80, charset = "simple", aspectRatio = 0.5, invert = false, } = options;
         // Get character set

package/script/src/formats/bmp.d.ts

@@ -4,10 +4,27 @@ import type { ImageData, ImageFormat } from "../types.js";
  * Implements a pure JavaScript BMP decoder and encoder
  */
 export declare class BMPFormat implements ImageFormat {
+    /** Format name identifier */
     readonly name = "bmp";
+    /** MIME type for BMP images */
     readonly mimeType = "image/bmp";
+    /**
+     * Check if the given data is a BMP image
+     * @param data Raw image data to check
+     * @returns true if data has BMP signature
+     */
     canDecode(data: Uint8Array): boolean;
+    /**
+     * Decode BMP image data to RGBA
+     * @param data Raw BMP image data
+     * @returns Decoded image data with RGBA pixels
+     */
     decode(data: Uint8Array): Promise<ImageData>;
+    /**
+     * Encode RGBA image data to BMP format
+     * @param imageData Image data to encode
+     * @returns Encoded BMP image bytes
+     */
     encode(imageData: ImageData): Promise<Uint8Array>;
     private readUint16LE;
     private readUint32LE;

package/script/src/formats/bmp.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.BMPFormat = void 0;
+const security_js_1 = require("../utils/security.js");
 // Constants for unit conversions
 const INCHES_PER_METER = 39.3701;
 /**
@@ -9,12 +10,14 @@ const INCHES_PER_METER = 39.3701;
  */
 class BMPFormat {
     constructor() {
+        /** Format name identifier */
         Object.defineProperty(this, "name", {
             enumerable: true,
             configurable: true,
             writable: true,
             value: "bmp"
         });
+        /** MIME type for BMP images */
         Object.defineProperty(this, "mimeType", {
             enumerable: true,
             configurable: true,
@@ -22,11 +25,21 @@ class BMPFormat {
             value: "image/bmp"
         });
     }
+    /**
+     * Check if the given data is a BMP image
+     * @param data Raw image data to check
+     * @returns true if data has BMP signature
+     */
     canDecode(data) {
         // BMP signature: 'BM' (0x42 0x4D)
         return data.length >= 2 &&
             data[0] === 0x42 && data[1] === 0x4d;
     }
+    /**
+     * Decode BMP image data to RGBA
+     * @param data Raw BMP image data
+     * @returns Decoded image data with RGBA pixels
+     */
     decode(data) {
         if (!this.canDecode(data)) {
             throw new Error("Invalid BMP signature");
@@ -64,6 +77,8 @@ class BMPFormat {
         // Handle negative height (top-down bitmap)
         const isTopDown = height < 0;
         const absHeight = Math.abs(height);
+        // Validate dimensions for security (prevent integer overflow and heap exhaustion)
+        (0, security_js_1.validateImageDimensions)(width, absHeight);
         // Only support uncompressed BMPs for now
         if (compression !== 0) {
             throw new Error(`Compressed BMP not supported (compression type: ${compression})`);
@@ -97,6 +112,11 @@ class BMPFormat {
             metadata: Object.keys(metadata).length > 0 ? metadata : undefined,
         });
     }
+    /**
+     * Encode RGBA image data to BMP format
+     * @param imageData Image data to encode
+     * @returns Encoded BMP image bytes
+     */
     encode(imageData) {
         const { width, height, data, metadata } = imageData;
         // Calculate sizes

package/script/src/formats/gif.d.ts

@@ -12,12 +12,33 @@ import type { ImageData, ImageFormat, MultiFrameImageData } from "../types.js";
  * - Falls back to runtime APIs when pure-JS fails
  */
 export declare class GIFFormat implements ImageFormat {
+    /** Format name identifier */
     readonly name = "gif";
+    /** MIME type for GIF images */
     readonly mimeType = "image/gif";
+    /**
+     * Check if this format supports multiple frames (animations)
+     * @returns true for GIF format
+     */
     supportsMultipleFrames(): boolean;
+    /**
+     * Check if the given data is a GIF image
+     * @param data Raw image data to check
+     * @returns true if data has GIF signature
+     */
     canDecode(data: Uint8Array): boolean;
+    /**
+     * Decode GIF image data to RGBA (first frame only)
+     * @param data Raw GIF image data
+     * @returns Decoded image data with RGBA pixels of first frame
+     */
     decode(data: Uint8Array): Promise<ImageData>;
     private extractMetadata;
+    /**
+     * Encode RGBA image data to GIF format (single frame)
+     * @param imageData Image data to encode
+     * @returns Encoded GIF image bytes
+     */
     encode(imageData: ImageData): Promise<Uint8Array>;
     /**
      * Decode all frames from an animated GIF

package/script/src/formats/gif.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.GIFFormat = void 0;
 const gif_decoder_js_1 = require("../utils/gif_decoder.js");
 const gif_encoder_js_1 = require("../utils/gif_encoder.js");
+const security_js_1 = require("../utils/security.js");
 /**
  * GIF format handler
  * Now includes pure-JS implementation with custom LZW compression/decompression
@@ -17,12 +18,14 @@ const gif_encoder_js_1 = require("../utils/gif_encoder.js");
  */
 class GIFFormat {
     constructor() {
+        /** Format name identifier */
         Object.defineProperty(this, "name", {
             enumerable: true,
             configurable: true,
             writable: true,
             value: "gif"
         });
+        /** MIME type for GIF images */
         Object.defineProperty(this, "mimeType", {
             enumerable: true,
             configurable: true,
@@ -30,9 +33,18 @@ class GIFFormat {
             value: "image/gif"
         });
     }
+    /**
+     * Check if this format supports multiple frames (animations)
+     * @returns true for GIF format
+     */
     supportsMultipleFrames() {
         return true;
     }
+    /**
+     * Check if the given data is a GIF image
+     * @param data Raw image data to check
+     * @returns true if data has GIF signature
+     */
     canDecode(data) {
         // GIF signature: "GIF87a" or "GIF89a"
         return data.length >= 6 &&
@@ -41,6 +53,11 @@ class GIFFormat {
             (data[4] === 0x37 || data[4] === 0x39) && // "7" or "9"
             data[5] === 0x61; // "a"
     }
+    /**
+     * Decode GIF image data to RGBA (first frame only)
+     * @param data Raw GIF image data
+     * @returns Decoded image data with RGBA pixels of first frame
+     */
     async decode(data) {
         if (!this.canDecode(data)) {
             throw new Error("Invalid GIF signature");
@@ -49,6 +66,8 @@ class GIFFormat {
         try {
             const decoder = new gif_decoder_js_1.GIFDecoder(data);
             const result = decoder.decode();
+            // Validate dimensions for security (prevent integer overflow and heap exhaustion)
+            (0, security_js_1.validateImageDimensions)(result.width, result.height);
             // Extract metadata from comment extensions
             const metadata = this.extractMetadata(data);
             return {
@@ -65,6 +84,8 @@ class GIFFormat {
             const width = this.readUint16LE(data, pos);
             pos += 2;
             const height = this.readUint16LE(data, pos);
+            // Validate dimensions for security (prevent integer overflow and heap exhaustion)
+            (0, security_js_1.validateImageDimensions)(width, height);
             const rgba = await this.decodeUsingRuntime(data, width, height);
             const metadata = this.extractMetadata(data);
             return {
@@ -127,6 +148,11 @@ class GIFFormat {
         }
         return metadata;
     }
+    /**
+     * Encode RGBA image data to GIF format (single frame)
+     * @param imageData Image data to encode
+     * @returns Encoded GIF image bytes
+     */
     async encode(imageData) {
         const { width, height, data, metadata } = imageData;
         // Try pure-JS encoder first

package/script/src/formats/jpeg.d.ts

@@ -4,10 +4,27 @@ import type { ImageData, ImageFormat } from "../types.js";
  * Implements a basic JPEG decoder and encoder
  */
 export declare class JPEGFormat implements ImageFormat {
+    /** Format name identifier */
     readonly name = "jpeg";
+    /** MIME type for JPEG images */
     readonly mimeType = "image/jpeg";
+    /**
+     * Check if the given data is a JPEG image
+     * @param data Raw image data to check
+     * @returns true if data has JPEG signature
+     */
     canDecode(data: Uint8Array): boolean;
+    /**
+     * Decode JPEG image data to RGBA
+     * @param data Raw JPEG image data
+     * @returns Decoded image data with RGBA pixels
+     */
     decode(data: Uint8Array): Promise<ImageData>;
+    /**
+     * Encode RGBA image data to JPEG format
+     * @param imageData Image data to encode
+     * @returns Encoded JPEG image bytes
+     */
     encode(imageData: ImageData): Promise<Uint8Array>;
     private injectMetadata;
     private decodeUsingRuntime;

package/script/src/formats/jpeg.js

@@ -34,6 +34,7 @@ var __importStar = (this && this.__importStar) || (function () {
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.JPEGFormat = void 0;
+const security_js_1 = require("../utils/security.js");
 // Constants for unit conversions
 const CM_PER_INCH = 2.54;
 /**
@@ -42,12 +43,14 @@ const CM_PER_INCH = 2.54;
  */
 class JPEGFormat {
     constructor() {
+        /** Format name identifier */
         Object.defineProperty(this, "name", {
             enumerable: true,
             configurable: true,
             writable: true,
             value: "jpeg"
         });
+        /** MIME type for JPEG images */
         Object.defineProperty(this, "mimeType", {
             enumerable: true,
             configurable: true,
@@ -55,11 +58,21 @@ class JPEGFormat {
             value: "image/jpeg"
         });
     }
+    /**
+     * Check if the given data is a JPEG image
+     * @param data Raw image data to check
+     * @returns true if data has JPEG signature
+     */
     canDecode(data) {
         // JPEG signature: FF D8 FF
         return data.length >= 3 &&
             data[0] === 0xff && data[1] === 0xd8 && data[2] === 0xff;
     }
+    /**
+     * Decode JPEG image data to RGBA
+     * @param data Raw JPEG image data
+     * @returns Decoded image data with RGBA pixels
+     */
     async decode(data) {
         if (!this.canDecode(data)) {
             throw new Error("Invalid JPEG signature");
@@ -114,6 +127,8 @@ class JPEGFormat {
         if (width === 0 || height === 0) {
             throw new Error("Could not determine JPEG dimensions");
         }
+        // Validate dimensions for security (prevent integer overflow and heap exhaustion)
+        (0, security_js_1.validateImageDimensions)(width, height);
         // For a pure JS implementation, we'd need to implement full JPEG decoding
         // which is very complex. Instead, we'll use the browser/runtime's decoder.
         const rgba = await this.decodeUsingRuntime(data, width, height);
@@ -124,6 +139,11 @@ class JPEGFormat {
             metadata: Object.keys(metadata).length > 0 ? metadata : undefined,
         };
     }
+    /**
+     * Encode RGBA image data to JPEG format
+     * @param imageData Image data to encode
+     * @returns Encoded JPEG image bytes
+     */
     async encode(imageData) {
         const { width, height, data, metadata } = imageData;
         // Try to use runtime encoding if available (better quality)

package/script/src/formats/png.d.ts

@@ -4,10 +4,27 @@ import type { ImageData, ImageFormat } from "../types.js";
  * Implements a pure JavaScript PNG decoder and encoder
  */
 export declare class PNGFormat implements ImageFormat {
+    /** Format name identifier */
     readonly name = "png";
+    /** MIME type for PNG images */
     readonly mimeType = "image/png";
+    /**
+     * Check if the given data is a PNG image
+     * @param data Raw image data to check
+     * @returns true if data has PNG signature
+     */
     canDecode(data: Uint8Array): boolean;
+    /**
+     * Decode PNG image data to RGBA
+     * @param data Raw PNG image data
+     * @returns Decoded image data with RGBA pixels
+     */
     decode(data: Uint8Array): Promise<ImageData>;
+    /**
+     * Encode RGBA image data to PNG format
+     * @param imageData Image data to encode
+     * @returns Encoded PNG image bytes
+     */
     encode(imageData: ImageData): Promise<Uint8Array>;
     private readUint32;
     private writeUint32;

package/script/src/formats/png.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.PNGFormat = void 0;
+const security_js_1 = require("../utils/security.js");
 // Constants for unit conversions
 const INCHES_PER_METER = 39.3701;
 /**
@@ -9,12 +10,14 @@ const INCHES_PER_METER = 39.3701;
  */
 class PNGFormat {
     constructor() {
+        /** Format name identifier */
         Object.defineProperty(this, "name", {
             enumerable: true,
             configurable: true,
             writable: true,
             value: "png"
         });
+        /** MIME type for PNG images */
         Object.defineProperty(this, "mimeType", {
             enumerable: true,
             configurable: true,
@@ -22,6 +25,11 @@ class PNGFormat {
             value: "image/png"
         });
     }
+    /**
+     * Check if the given data is a PNG image
+     * @param data Raw image data to check
+     * @returns true if data has PNG signature
+     */
     canDecode(data) {
         // PNG signature: 137 80 78 71 13 10 26 10
         return data.length >= 8 &&
@@ -30,6 +38,11 @@ class PNGFormat {
             data[4] === 13 && data[5] === 10 &&
             data[6] === 26 && data[7] === 10;
     }
+    /**
+     * Decode PNG image data to RGBA
+     * @param data Raw PNG image data
+     * @returns Decoded image data with RGBA pixels
+     */
     async decode(data) {
         if (!this.canDecode(data)) {
             throw new Error("Invalid PNG signature");
@@ -82,6 +95,8 @@ class PNGFormat {
         if (width === 0 || height === 0) {
             throw new Error("Invalid PNG: missing IHDR chunk");
         }
+        // Validate dimensions for security (prevent integer overflow and heap exhaustion)
+        (0, security_js_1.validateImageDimensions)(width, height);
         // Concatenate IDAT chunks
         const idatData = this.concatenateChunks(chunks);
         // Decompress data
@@ -95,6 +110,11 @@ class PNGFormat {
             metadata: Object.keys(metadata).length > 0 ? metadata : undefined,
         };
     }
+    /**
+     * Encode RGBA image data to PNG format
+     * @param imageData Image data to encode
+     * @returns Encoded PNG image bytes
+     */
     async encode(imageData) {
         const { width, height, data, metadata } = imageData;
         // Prepare IHDR chunk