npm - expo-tvos-search - Versions diffs - 1.5.0 → 1.5.1 - Mend

expo-tvos-search 1.5.0 → 1.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/CHANGELOG.md +8 -0
package/README.md +1 -1
package/ios/ExpoTvosSearchModule.swift +45 -5
package/ios/ExpoTvosSearchView.swift +12 -19
package/ios/MarqueeText.swift +1 -1
package/package.json +1 -1

package/CHANGELOG.md CHANGED Viewed

@@ -5,6 +5,14 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [1.5.1] - 2026-02-01
+### Fixed
+- `cardWidth`, `cardHeight`, `cardMargin`, `cardPadding`, and `overlayTitleSize` now emit `onValidationWarning` when values are clamped, consistent with `columns`, `topInset`, and `marqueeDelay`
+- Data URIs exceeding 1 MB are now rejected with a validation warning to prevent memory exhaustion
+- Removed redundant results array truncation in the view layer (module already enforces the 500-item limit)
+- Added defensive overflow protection in marquee animation sleep
 ## [1.5.0] - 2026-02-01
 ### Added

package/README.md CHANGED Viewed

@@ -1,4 +1,4 @@
-# expo-tvos-search — Native tvOS Search for React Native tvOS (Expo)
+# expo-tvos-search — Native tvOS Search Component for Expo
 [![npm version](https://img.shields.io/npm/v/expo-tvos-search.svg)](https://www.npmjs.com/package/expo-tvos-search)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)

package/ios/ExpoTvosSearchModule.swift CHANGED Viewed

@@ -148,11 +148,27 @@ public class ExpoTvosSearchModule: Module {
             }
             Prop("cardWidth") { (view: ExpoTvosSearchView, width: Double) in
-                view.cardWidth = CGFloat(max(50, min(1000, width)))  // Clamp to reasonable range
+                let clampedValue = min(max(50, width), 1000)
+                if clampedValue != width {
+                    view.onValidationWarning([
+                        "type": "value_clamped",
+                        "message": "cardWidth value \(width) was clamped to range [50, 1000]",
+                        "context": "cardWidth=\(clampedValue)"
+                    ])
+                }
+                view.cardWidth = CGFloat(clampedValue)
             }
             Prop("cardHeight") { (view: ExpoTvosSearchView, height: Double) in
-                view.cardHeight = CGFloat(max(50, min(1000, height)))  // Clamp to reasonable range
+                let clampedValue = min(max(50, height), 1000)
+                if clampedValue != height {
+                    view.onValidationWarning([
+                        "type": "value_clamped",
+                        "message": "cardHeight value \(height) was clamped to range [50, 1000]",
+                        "context": "cardHeight=\(clampedValue)"
+                    ])
+                }
+                view.cardHeight = CGFloat(clampedValue)
             }
             Prop("imageContentMode") { (view: ExpoTvosSearchView, mode: String) in
@@ -160,15 +176,39 @@ public class ExpoTvosSearchModule: Module {
             }
             Prop("cardMargin") { (view: ExpoTvosSearchView, margin: Double) in
-                view.cardMargin = CGFloat(max(0, min(200, margin)))  // Clamp to reasonable range
+                let clampedValue = min(max(0, margin), 200)
+                if clampedValue != margin {
+                    view.onValidationWarning([
+                        "type": "value_clamped",
+                        "message": "cardMargin value \(margin) was clamped to range [0, 200]",
+                        "context": "cardMargin=\(clampedValue)"
+                    ])
+                }
+                view.cardMargin = CGFloat(clampedValue)
             }
             Prop("cardPadding") { (view: ExpoTvosSearchView, padding: Double) in
-                view.cardPadding = CGFloat(max(0, min(100, padding)))  // Clamp to reasonable range
+                let clampedValue = min(max(0, padding), 100)
+                if clampedValue != padding {
+                    view.onValidationWarning([
+                        "type": "value_clamped",
+                        "message": "cardPadding value \(padding) was clamped to range [0, 100]",
+                        "context": "cardPadding=\(clampedValue)"
+                    ])
+                }
+                view.cardPadding = CGFloat(clampedValue)
             }
             Prop("overlayTitleSize") { (view: ExpoTvosSearchView, size: Double) in
-                view.overlayTitleSize = CGFloat(max(8, min(72, size)))  // Clamp to reasonable font size range
+                let clampedValue = min(max(8, size), 72)
+                if clampedValue != size {
+                    view.onValidationWarning([
+                        "type": "value_clamped",
+                        "message": "overlayTitleSize value \(size) was clamped to range [8, 72]",
+                        "context": "overlayTitleSize=\(clampedValue)"
+                    ])
+                }
+                view.overlayTitleSize = CGFloat(clampedValue)
             }
         }
     }

package/ios/ExpoTvosSearchView.swift CHANGED Viewed

@@ -61,8 +61,8 @@ class ExpoTvosSearchView: ExpoView {
     /// Maximum length for string fields (id, title, subtitle) to prevent memory issues.
     private static let maxStringFieldLength = 500
-    /// Maximum number of results to process to prevent memory exhaustion.
-    private static let maxResultsCount = 500
+    /// Maximum length for data: URIs to prevent memory exhaustion (~750KB decoded).
+    private static let maxDataUrlLength = 1_000_000
     // Track if we've disabled RN gesture handlers for keyboard input
     private var gestureHandlersDisabled = false
@@ -410,23 +410,13 @@ class ExpoTvosSearchView: ExpoView {
     }
     func updateResults(_ results: [[String: Any]]) {
-        // Limit results to prevent memory exhaustion from malicious/buggy input
-        let limitedResults = results.prefix(Self.maxResultsCount)
-        let truncatedResultsCount = results.count - limitedResults.count
         var validResults: [SearchResultItem] = []
         var skippedCount = 0
         var urlValidationFailures = 0
         var httpUrlCount = 0
         var truncatedFields = 0
-        #if DEBUG
-        if truncatedResultsCount > 0 {
-            print("[expo-tvos-search] Truncated \(truncatedResultsCount) results (max \(Self.maxResultsCount) allowed)")
-        }
-        #endif
-        for (index, dict) in limitedResults.enumerated() {
+        for (index, dict) in results.enumerated() {
             // Validate required fields
             guard let id = dict["id"] as? String, !id.isEmpty else {
                 skippedCount += 1
@@ -451,7 +441,15 @@ class ExpoTvosSearchView: ExpoView {
                 if let url = URL(string: imageUrl),
                    let scheme = url.scheme?.lowercased(),
                    scheme == "http" || scheme == "https" || scheme == "data" {
-                    validatedImageUrl = imageUrl
+                    // Reject oversized data URIs to prevent memory exhaustion
+                    if scheme == "data" && imageUrl.count > Self.maxDataUrlLength {
+                        urlValidationFailures += 1
+                        #if DEBUG
+                        print("[expo-tvos-search] Result '\(title)' (id: '\(id)'): data URL too large (\(imageUrl.count) chars, max \(Self.maxDataUrlLength)). Skipped.")
+                        #endif
+                    } else {
+                        validatedImageUrl = imageUrl
+                    }
                     // Warn about insecure HTTP URLs (HTTPS recommended)
                     if scheme == "http" {
                         httpUrlCount += 1
@@ -513,11 +511,6 @@ class ExpoTvosSearchView: ExpoView {
         #endif
         // Emit validation warnings for production monitoring
-        if truncatedResultsCount > 0 {
-            emitWarning(type: "results_truncated",
-                       message: "Truncated \(truncatedResultsCount) result(s) exceeding maximum of \(Self.maxResultsCount)",
-                       context: "Consider implementing pagination")
-        }
         if skippedCount > 0 {
             emitWarning(type: "validation_failed",
                        message: "Skipped \(skippedCount) result(s) due to missing required fields",

package/ios/MarqueeText.swift CHANGED Viewed

@@ -87,7 +87,7 @@ struct MarqueeText: View {
             .task(id: shouldAnimate) {
                 if shouldAnimate {
                     do {
-                        try await Task.sleep(nanoseconds: UInt64(startDelay * 1_000_000_000))
+                        try await Task.sleep(nanoseconds: UInt64(min(startDelay, 60.0) * 1_000_000_000))
                     } catch {
                         return
                     }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "expo-tvos-search",
-  "version": "1.5.0",
+  "version": "1.5.1",
   "description": "Native tvOS search view using SwiftUI .searchable modifier for Expo/React Native",
   "main": "build/index.js",
   "types": "build/index.d.ts",