i18ntk 1.10.2 → 2.0.2

package/scripts/prepublish.js

@@ -30,7 +30,7 @@ class PrepublishCleaner {
         // Essential files that must exist for release
         this.essentialFiles = [
             'package.json',
-            'main/i18ntk-manage.js',
+            'main/manage/index.js',
             'main/i18ntk-init.js',
             'main/i18ntk-analyze.js',
             'main/i18ntk-validate.js',
@@ -49,13 +49,13 @@ class PrepublishCleaner {
         
         // Essential locale files
         this.essentialLocales = [
-            'ui-locales/en.json',
-            'ui-locales/es.json',
-            'ui-locales/fr.json',
-            'ui-locales/de.json',
-            'ui-locales/ja.json',
-            'ui-locales/ru.json',
-            'ui-locales/zh.json'
+            'resources/i18n/ui-locales/en.json',
+            'resources/i18n/ui-locales/es.json',
+            'resources/i18n/ui-locales/fr.json',
+            'resources/i18n/ui-locales/de.json',
+            'resources/i18n/ui-locales/ja.json',
+            'resources/i18n/ui-locales/ru.json',
+            'resources/i18n/ui-locales/zh.json'
         ];
     }
 
@@ -95,7 +95,7 @@ class PrepublishCleaner {
     }
 
     async cleanDirectory(dirPath) {
-        if (!fs.existsSync(dirPath)) {
+        if (!SecurityUtils.safeExistsSync(dirPath)) {
             return;
         }
 
@@ -138,7 +138,7 @@ class PrepublishCleaner {
             const dir = path.dirname(searchPath);
             const filenamePattern = path.basename(searchPath);
             
-            if (fs.existsSync(dir)) {
+            if (SecurityUtils.safeExistsSync(dir)) {
                 const files = fs.readdirSync(dir);
                 const regex = new RegExp(filenamePattern.replace('*', '.*'));
                 
@@ -152,7 +152,7 @@ class PrepublishCleaner {
             }
         } else {
             // Handle exact files
-            if (fs.existsSync(searchPath)) {
+            if (SecurityUtils.safeExistsSync(searchPath)) {
                 fs.unlinkSync(searchPath);
                 this.log(`Deleted ${path.relative(this.projectRoot, searchPath)}`);
             }
@@ -165,7 +165,7 @@ class PrepublishCleaner {
         let missingFiles = [];
         for (const file of this.essentialFiles) {
             const filePath = path.join(this.projectRoot, file);
-            if (!fs.existsSync(filePath)) {
+            if (!SecurityUtils.safeExistsSync(filePath)) {
                 missingFiles.push(file);
             } else if (!fs.statSync(filePath).isFile()) {
                 this.log(`❌ ${file} is not a file`);
@@ -187,13 +187,13 @@ class PrepublishCleaner {
         let invalidFiles = [];
         for (const localeFile of this.essentialLocales) {
             const filePath = path.join(this.projectRoot, localeFile);
-            if (!fs.existsSync(filePath)) {
+            if (!SecurityUtils.safeExistsSync(filePath)) {
                 invalidFiles.push(localeFile);
                 continue;
             }
             
             try {
-                const content = fs.readFileSync(filePath, 'utf8');
+                const content = SecurityUtils.safeReadFileSync(filePath, path.dirname(filePath), 'utf8');
                 const parsed = JSON.parse(content);
                 
                 // Validate structure
@@ -224,7 +224,7 @@ class PrepublishCleaner {
         
         const packagePath = path.join(this.projectRoot, 'package.json');
         try {
-            const pkg = JSON.parse(fs.readFileSync(packagePath, 'utf8'));
+            const pkg = JSON.parse(SecurityUtils.safeReadFileSync(packagePath, path.dirname(packagePath), 'utf8'));
             
             // Validate required fields
             const requiredFields = ['name', 'version', 'description', 'main', 'bin', 'files'];
@@ -255,7 +255,7 @@ class PrepublishCleaner {
                 }
                 
                 const binPath = path.join(this.projectRoot, pkg.bin[bin]);
-                if (!fs.existsSync(binPath)) {
+                if (!SecurityUtils.safeExistsSync(binPath)) {
                     this.log(`❌ Missing bin script: ${pkg.bin[bin]}`);
                     process.exit(1);
                 }
@@ -282,14 +282,14 @@ class PrepublishCleaner {
         
         for (const artifact of devArtifacts) {
             const artifactPath = path.join(this.projectRoot, artifact);
-            if (fs.existsSync(artifactPath)) {
+            if (SecurityUtils.safeExistsSync(artifactPath)) {
                 this.log(`⚠️ Development artifact found: ${artifact}`);
             }
         }
         
         // Validate file permissions for executable scripts
         const scripts = [
-            'main/i18ntk-manage.js',
+            'main/manage/index.js',
             'main/i18ntk-init.js',
             'main/i18ntk-analyze.js',
             'main/i18ntk-validate.js',
@@ -303,7 +303,7 @@ class PrepublishCleaner {
         
         for (const script of scripts) {
             const scriptPath = path.join(this.projectRoot, script);
-            if (fs.existsSync(scriptPath)) {
+            if (SecurityUtils.safeExistsSync(scriptPath)) {
                 try {
                     fs.accessSync(scriptPath, fs.constants.X_OK);
                 } catch (e) {
@@ -318,7 +318,7 @@ class PrepublishCleaner {
     async resetSecuritySettings() {
         const configPath = path.join(require('../settings/settings-manager').configDir, '.i18n-admin-config.json');
         
-        if (fs.existsSync(configPath)) {
+        if (SecurityUtils.safeExistsSync(configPath)) {
             const defaultConfig = {
                 enabled: false,
                 pinHash: null,
@@ -330,7 +330,7 @@ class PrepublishCleaner {
                 lockedUntil: null
             };
             
-            fs.writeFileSync(configPath, JSON.stringify(defaultConfig, null, 2));
+            SecurityUtils.safeWriteFileSync(configPath, JSON.stringify(defaultConfig, null, 2));
             this.log('Reset security settings to defaults');
         }
     }

package/scripts/security-check.js

@@ -1,117 +1,117 @@
-#!/usr/bin/env node
-/**
- * Security Check Script
- * Validates that no child_process usage exists in production code
- */
-
-const fs = require('fs');
-const path = require('path');
-
-class SecurityCheck {
-  constructor() {
-    this.productionDirs = ['main', 'utils', 'settings', 'scripts'];
-    this.forbiddenPatterns = [
-      /require\(['"]child_process['"]\)/,
-      /import.*child_process/,
-      /execSync\(/,
-      /spawnSync\(/,
-      /execFileSync\(/,
-      /spawn\(/,
-      /exec\(/,
-      /execFile\(/ 
-    ];
-    this.allowedFiles = [
-      'dev/',           // Development files allowed to use child_process
-      'benchmarks/',    // Benchmark scripts
-      'test/',          // Test files
-      'scripts/deprecate-versions.js', // Allowed to use child_process for npm commands
-      'verify-package.js' // Package verification (development)
-    ];
-    this.violations = [];
-  }
-
-  async run() {
-    console.log('🔒 i18ntk Security Check - Production Code Validation');
-    console.log('═'.repeat(55));
-    
-    for (const dir of this.productionDirs) {
-      await this.checkDirectory(dir);
-    }
-    
-    if (this.violations.length > 0) {
-      console.error('\n❌ SECURITY VIOLATIONS FOUND:');
-      this.violations.forEach(violation => {
-        console.error(`   ${violation.file}:${violation.line} - ${violation.pattern}`);
-      });
-      console.error('\n💡 Production code must not use child_process');
-      process.exit(1);
-    } else {
-      console.log('\n✅ All security checks passed - no child_process usage in production code');
-    }
-  }
-
-  async checkDirectory(dir) {
-    const dirPath = path.join(process.cwd(), dir);
-    
-    if (!fs.existsSync(dirPath)) {
-      return;
-    }
-
-    const files = this.getAllFiles(dirPath);
-    
-    for (const file of files) {
-      await this.checkFile(file);
-    }
-  }
-
-  getAllFiles(dirPath) {
-    const files = [];
-    const entries = fs.readdirSync(dirPath, { withFileTypes: true });
-    
-    for (const entry of entries) {
-      const fullPath = path.join(dirPath, entry.name);
-      
-      if (entry.isDirectory()) {
-        files.push(...this.getAllFiles(fullPath));
-      } else if (entry.isFile() && entry.name.endsWith('.js')) {
-        files.push(fullPath);
-      }
-    }
-    
-    return files;
-  }
-
-  async checkFile(filePath) {
-    const relativePath = path.relative(process.cwd(), filePath).replace(/\\/g, '/');
-
-    for (const allowed of this.allowedFiles) {
-      if (relativePath.startsWith(allowed)) {
-        return;
-      }
-    }
-
-    const content = fs.readFileSync(filePath, 'utf8');
-    const lines = content.split('\n');
-    
-    for (let i = 0; i < lines.length; i++) {
-      const line = lines[i];
-      
-      for (const pattern of this.forbiddenPatterns) {
-        if (pattern.test(line)) {
-          this.violations.push({
-            file: relativePath,
-            line: i + 1,
-            pattern: pattern.toString()
-          });
-        }
-      }
-    }
-  }
-}
-
-if (require.main === module) {
-  const check = new SecurityCheck();
-  check.run().catch(console.error);
-}
-
-module.exports = SecurityCheck;
+#!/usr/bin/env node
+/**
+ * Security Check Script
+ * Validates that no child_process usage exists in production code
+ */
+
+const fs = require('fs');
+const path = require('path');
+
+class SecurityCheck {
+  constructor() {
+    this.productionDirs = ['main', 'utils', 'settings', 'scripts'];
+    this.forbiddenPatterns = [
+      /require\(['"]child_process['"]\)/,
+      /import.*child_process/,
+      /execSync\(/,
+      /spawnSync\(/,
+      /execFileSync\(/,
+      /spawn\(/,
+      /exec\(/,
+      /execFile\(/ 
+    ];
+    this.allowedFiles = [
+      'dev/',           // Development files allowed to use child_process
+      'benchmarks/',    // Benchmark scripts
+      'test/',          // Test files
+      'scripts/deprecate-versions.js', // Allowed to use child_process for npm commands
+      'verify-package.js' // Package verification (development)
+    ];
+    this.violations = [];
+  }
+
+  async run() {
+    console.log('🔒 i18ntk Security Check - Production Code Validation');
+    console.log('═'.repeat(55));
+    
+    for (const dir of this.productionDirs) {
+      await this.checkDirectory(dir);
+    }
+    
+    if (this.violations.length > 0) {
+      console.error('\n❌ SECURITY VIOLATIONS FOUND:');
+      this.violations.forEach(violation => {
+        console.error(`   ${violation.file}:${violation.line} - ${violation.pattern}`);
+      });
+      console.error('\n💡 Production code must not use child_process');
+      process.exit(1);
+    } else {
+      console.log('\n✅ All security checks passed - no child_process usage in production code');
+    }
+  }
+
+  async checkDirectory(dir) {
+    const dirPath = path.join(process.cwd(), dir);
+    
+    if (!SecurityUtils.safeExistsSync(dirPath)) {
+      return;
+    }
+
+    const files = this.getAllFiles(dirPath);
+    
+    for (const file of files) {
+      await this.checkFile(file);
+    }
+  }
+
+  getAllFiles(dirPath) {
+    const files = [];
+    const entries = fs.readdirSync(dirPath, { withFileTypes: true });
+    
+    for (const entry of entries) {
+      const fullPath = path.join(dirPath, entry.name);
+      
+      if (entry.isDirectory()) {
+        files.push(...this.getAllFiles(fullPath));
+      } else if (entry.isFile() && entry.name.endsWith('.js')) {
+        files.push(fullPath);
+      }
+    }
+    
+    return files;
+  }
+
+  async checkFile(filePath) {
+    const relativePath = path.relative(process.cwd(), filePath).replace(/\\/g, '/');
+
+    for (const allowed of this.allowedFiles) {
+      if (relativePath.startsWith(allowed)) {
+        return;
+      }
+    }
+
+    const content = SecurityUtils.safeReadFileSync(filePath, path.dirname(filePath), 'utf8');
+    const lines = content.split('\n');
+    
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      
+      for (const pattern of this.forbiddenPatterns) {
+        if (pattern.test(line)) {
+          this.violations.push({
+            file: relativePath,
+            line: i + 1,
+            pattern: pattern.toString()
+          });
+        }
+      }
+    }
+  }
+}
+
+if (require.main === module) {
+  const check = new SecurityCheck();
+  check.run().catch(console.error);
+}
+
+module.exports = SecurityCheck;

package/scripts/sync-translations.js

@@ -14,7 +14,7 @@ const fs = require('fs');
 const path = require('path');
 
 // Configuration
-const UI_LOCALES_DIR = path.join(__dirname, '..', 'ui-locales');
+const UI_LOCALES_DIR = path.join(__dirname, '..', 'resources', 'i18n', 'ui-locales');
 const ENGLISH_DIR = path.join(UI_LOCALES_DIR, 'en');
 const TARGET_LANGUAGES = ['de', 'es', 'fr', 'ru', 'ja']; // Exclude Chinese (zh) as it's fully translated
 
@@ -36,7 +36,7 @@ function getEnglishFiles() {
  */
 function readJsonFile(filePath) {
   try {
-    const content = fs.readFileSync(filePath, 'utf8');
+    const content = SecurityUtils.safeReadFileSync(filePath, path.dirname(filePath), 'utf8');
     return JSON.parse(content);
   } catch (error) {
     console.error(`Error reading JSON file ${filePath}:`, error.message);
@@ -50,7 +50,7 @@ function readJsonFile(filePath) {
 function writeJsonFile(filePath, data) {
   try {
     const jsonString = JSON.stringify(data, null, 2);
-    fs.writeFileSync(filePath, jsonString + '\n');
+    SecurityUtils.safeWriteFileSync(filePath, jsonString + '\n');
     return true;
   } catch (error) {
     console.error(`Error writing JSON file ${filePath}:`, error.message);
@@ -74,7 +74,7 @@ function syncLanguage(language) {
   const languageDir = path.join(UI_LOCALES_DIR, language);
   
   // Ensure language directory exists
-  if (!fs.existsSync(languageDir)) {
+  if (!SecurityUtils.safeExistsSync(languageDir)) {
     fs.mkdirSync(languageDir, { recursive: true });
   }
   

package/scripts/sync-ui-locales.js

@@ -1,19 +1,20 @@
-const fs = require('fs');
-const path = require('path');
-const baseDir = path.join(__dirname, '..', 'ui-locales');
-const en = JSON.parse(fs.readFileSync(path.join(baseDir,'en.json'),'utf8'));
+const fs = require('fs');
+const path = require('path');
+const SecurityUtils = require('../utils/security');
+const baseDir = path.join(__dirname, '..', 'resources', 'i18n', 'ui-locales');
+const en = JSON.parse(SecurityUtils.safeReadFileSync(path.join(baseDir,'en.json'), baseDir, 'utf8'));
 function flatten(obj,pfx='',out={}){ for(const [k,v] of Object.entries(obj)){ const nk=pfx?`${pfx}.${k}`:k; if(v && typeof v==='object' && !Array.isArray(v)) flatten(v,nk,out); else out[nk]=v; } return out; }
 function unflatten(map){ const root={}; for(const [k,v] of Object.entries(map)){ const parts=k.split('.'); let cur=root; while(parts.length>1){ const p=parts.shift(); cur[p]=cur[p]||{}; cur=cur[p]; } cur[parts[0]]=v; } return root; }
 const enFlat = flatten(en);
 for (const file of fs.readdirSync(baseDir)) {
   if (!file.endsWith('.json') || file==='en.json') continue;
   const p = path.join(baseDir,file);
-  const data = JSON.parse(fs.readFileSync(p,'utf8'));
+  const data = JSON.parse(SecurityUtils.safeReadFileSync(p, baseDir, 'utf8'));
   const flat = flatten(data);
   let changed = false;
   for (const [k,v] of Object.entries(enFlat)) {
     if (!(k in flat)) { flat[k] = v || 'NOT_TRANSLATED'; changed = true; }
   }
-  if (changed) { fs.writeFileSync(p, JSON.stringify(unflatten(flat), null, 2)); }
-}
-console.log('UI locales synced.');
+  if (changed) { SecurityUtils.safeWriteFileSync(p, JSON.stringify(unflatten(flat), null, 2), path.dirname(p), 'utf8'); }
+}
+console.log('UI locales synced.');

package/scripts/validate-all-translations.js

@@ -15,8 +15,9 @@
  *    --languages=en,de,es,fr,ru,ja,zh
  */
 
-const fs = require('fs');
-const path = require('path');
+const fs = require('fs');
+const path = require('path');
+const SecurityUtils = require('../utils/security');
 
 const argv = Object.fromEntries(
   process.argv.slice(2).map(a => {
@@ -25,13 +26,13 @@ const argv = Object.fromEntries(
   })
 );
 
-const I18N_DIR = path.resolve(argv['i18n-dir'] || './ui-locales');
+const I18N_DIR = path.resolve(argv['i18n-dir'] || './resources/i18n/ui-locales');
 const LANGS    = (argv.languages || 'en,de,es,fr,ru,ja,zh').split(',').map(s => s.trim());
 const MARKER   = argv.marker || '⚠️ TRANSLATION NEEDED ⚠️';
 
 // ------------ helpers ------------
 function readJSON(p) {
-  try { return JSON.parse(fs.readFileSync(p, 'utf8')); }
+  try { return JSON.parse(SecurityUtils.safeReadFileSync(p, path.dirname(p), 'utf8')); }
   catch { return {}; }
 }
 
@@ -50,7 +51,7 @@ function flatten(obj, prefix = '') {
 
 function listLocaleFile(lang) {
   const file = path.join(I18N_DIR, `${lang}.json`);
-  if (fs.existsSync(file)) return file;
+  if (SecurityUtils.safeExistsSync(file)) return file;
   throw new Error(`Locale file not found: ${file}`);
 }
 
@@ -124,7 +125,7 @@ function validate() {
   });
 
   const reportFile = path.join(I18N_DIR, 'validation-purity-report.json');
-  fs.writeFileSync(reportFile, JSON.stringify(report, null, 2), 'utf8');
+  SecurityUtils.safeWriteFileSync(reportFile, JSON.stringify(report, null, 2), path.dirname(reportFile), 'utf8');
   console.log(`✅ Validation report saved: ${reportFile}`);
   console.log(`   Review this file for full details of problematic keys.`);
 }
@@ -135,4 +136,4 @@ try {
 } catch (err) {
   console.error('❌ Validation failed:', err.message);
   process.exit(1);
-}
+}