i18ntk 1.10.2 → 2.0.3

package/utils/json-output.js

@@ -1,99 +1,99 @@
-/**
- * JSON Output Utility for i18ntk commands
- * Provides consistent machine-readable output format for CI/CD integration
- */
-
-class JsonOutput {
-  constructor(command) {
-    this.command = command;
-    this.version = this.getPackageVersion();
-    this.startTime = Date.now();
-    this.data = {
-      command: this.command,
-      version: this.version,
-      status: 'ok',
-      stats: {},
-      issues: [],
-      metadata: {
-        timestamp: new Date().toISOString(),
-        duration: 0
-      }
-    };
-  }
-
-  getPackageVersion() {
-    try {
-      const packageJson = require('../package.json');
-      return packageJson.version;
-    } catch (error) {
-      return '1.8.3';
-    }
-  }
-
-  /**
-   * Set the overall status
-   * @param {'ok'|'warn'|'error'} status 
-   */
-  setStatus(status) {
-    this.data.status = status;
-  }
-
-  /**
-   * Add statistics to the output
-   * @param {Object} stats 
-   */
-  setStats(stats) {
-    this.data.stats = { ...this.data.stats, ...stats };
-  }
-
-  /**
-   * Add an issue to the output
-   * @param {Object} issue 
-   */
-  addIssue(issue) {
-    this.data.issues.push({
-      file: issue.file || '',
-      key: issue.key || '',
-      type: issue.type || 'unknown',
-      message: issue.message || '',
-      severity: issue.severity || 'info'
-    });
-  }
-
-  /**
-   * Add metadata information
-   * @param {Object} metadata 
-   */
-  addMetadata(metadata) {
-    this.data.metadata = { ...this.data.metadata, ...metadata };
-  }
-
-  /**
-   * Finalize and output the JSON
-   */
-  output() {
-    this.data.metadata.duration = Date.now() - this.startTime;
-    
-    if (process.env.NODE_ENV !== 'test') {
-      console.log(JSON.stringify(this.data, null, 2));
-    }
-    
-    return this.data;
-  }
-
-  /**
-   * Output error in JSON format
-   * @param {Error} error 
-   */
-  outputError(error) {
-    this.setStatus('error');
-    this.addIssue({
-      type: 'error',
-      message: error.message,
-      severity: 'error'
-    });
-    this.output();
-  }
-}
-
+/**
+ * JSON Output Utility for i18ntk commands
+ * Provides consistent machine-readable output format for CI/CD integration
+ */
+
+class JsonOutput {
+  constructor(command) {
+    this.command = command;
+    this.version = this.getPackageVersion();
+    this.startTime = Date.now();
+    this.data = {
+      command: this.command,
+      version: this.version,
+      status: 'ok',
+      stats: {},
+      issues: [],
+      metadata: {
+        timestamp: new Date().toISOString(),
+        duration: 0
+      }
+    };
+  }
+
+  getPackageVersion() {
+    try {
+      const packageJson = require('../package.json');
+      return packageJson.version;
+    } catch (error) {
+      return '1.8.3';
+    }
+  }
+
+  /**
+   * Set the overall status
+   * @param {'ok'|'warn'|'error'} status 
+   */
+  setStatus(status) {
+    this.data.status = status;
+  }
+
+  /**
+   * Add statistics to the output
+   * @param {Object} stats 
+   */
+  setStats(stats) {
+    this.data.stats = { ...this.data.stats, ...stats };
+  }
+
+  /**
+   * Add an issue to the output
+   * @param {Object} issue 
+   */
+  addIssue(issue) {
+    this.data.issues.push({
+      file: issue.file || '',
+      key: issue.key || '',
+      type: issue.type || 'unknown',
+      message: issue.message || '',
+      severity: issue.severity || 'info'
+    });
+  }
+
+  /**
+   * Add metadata information
+   * @param {Object} metadata 
+   */
+  addMetadata(metadata) {
+    this.data.metadata = { ...this.data.metadata, ...metadata };
+  }
+
+  /**
+   * Finalize and output the JSON
+   */
+  output() {
+    this.data.metadata.duration = Date.now() - this.startTime;
+    
+    if (process.env.NODE_ENV !== 'test') {
+      console.log(JSON.stringify(this.data, null, 2));
+    }
+    
+    return this.data;
+  }
+
+  /**
+   * Output error in JSON format
+   * @param {Error} error 
+   */
+  outputError(error) {
+    this.setStatus('error');
+    this.addIssue({
+      type: 'error',
+      message: error.message,
+      severity: 'error'
+    });
+    this.output();
+  }
+}
+
 module.exports = JsonOutput;

package/utils/mini-commander.js

@@ -0,0 +1,179 @@
+/**
+ * Minimal zero-dependency subset of commander used by i18ntk language CLIs.
+ */
+
+function toCamelCase(input) {
+  return String(input || '').replace(/-([a-z])/g, (_, char) => char.toUpperCase());
+}
+
+function parseOptionDefinition(flags, defaultValue) {
+  const longMatch = flags.match(/--([a-zA-Z0-9-]+)/);
+  const shortMatch = flags.match(/(^|\s)-([a-zA-Z])(\s|,|$)/);
+  const hasValue = /<[^>]+>/.test(flags);
+  const longName = longMatch ? longMatch[1] : null;
+  const shortName = shortMatch ? shortMatch[2] : null;
+  const name = toCamelCase(longName || shortName || '');
+
+  return {
+    flags,
+    hasValue,
+    defaultValue,
+    longFlag: longName ? `--${longName}` : null,
+    shortFlag: shortName ? `-${shortName}` : null,
+    name
+  };
+}
+
+function parseOptions(args, optionDefs) {
+  const options = {};
+
+  for (const def of optionDefs) {
+    if (def.defaultValue !== undefined) {
+      options[def.name] = def.defaultValue;
+    } else if (!def.hasValue) {
+      options[def.name] = false;
+    }
+  }
+
+  for (let i = 0; i < args.length; i++) {
+    const arg = args[i];
+    if (!arg || !arg.startsWith('-')) {
+      continue;
+    }
+
+    let matchedDef = null;
+    let inlineValue;
+
+    if (arg.startsWith('--')) {
+      const [flag, value] = arg.split('=', 2);
+      matchedDef = optionDefs.find(def => def.longFlag === flag);
+      inlineValue = value;
+    } else {
+      matchedDef = optionDefs.find(def => def.shortFlag === arg);
+    }
+
+    if (!matchedDef) {
+      continue;
+    }
+
+    if (!matchedDef.hasValue) {
+      options[matchedDef.name] = true;
+      continue;
+    }
+
+    let value = inlineValue;
+    if (value === undefined) {
+      const next = args[i + 1];
+      if (next !== undefined && !String(next).startsWith('-')) {
+        value = next;
+        i++;
+      }
+    }
+
+    options[matchedDef.name] = value !== undefined ? value : '';
+  }
+
+  return options;
+}
+
+class MiniCommand {
+  constructor(name) {
+    this._name = name;
+    this._description = '';
+    this._options = [];
+    this._action = null;
+  }
+
+  description(text) {
+    this._description = text;
+    return this;
+  }
+
+  option(flags, _description, defaultValue) {
+    this._options.push(parseOptionDefinition(flags, defaultValue));
+    return this;
+  }
+
+  action(handler) {
+    this._action = handler;
+    return this;
+  }
+
+  execute(args) {
+    const parsed = parseOptions(args, this._options);
+    if (typeof this._action === 'function') {
+      const result = this._action(parsed);
+      if (result && typeof result.then === 'function') {
+        result.catch(error => {
+          console.error(error && error.message ? error.message : String(error));
+          process.exit(1);
+        });
+      }
+    }
+  }
+}
+
+class MiniProgram {
+  constructor() {
+    this._name = '';
+    this._description = '';
+    this._version = '';
+    this._options = [];
+    this._commands = [];
+    this._opts = {};
+  }
+
+  name(value) {
+    this._name = value;
+    return this;
+  }
+
+  description(value) {
+    this._description = value;
+    return this;
+  }
+
+  version(value) {
+    this._version = value;
+    return this;
+  }
+
+  option(flags, _description, defaultValue) {
+    this._options.push(parseOptionDefinition(flags, defaultValue));
+    return this;
+  }
+
+  command(name) {
+    const command = new MiniCommand(name);
+    this._commands.push(command);
+    return command;
+  }
+
+  opts() {
+    return { ...this._opts };
+  }
+
+  parse(argv = process.argv) {
+    const args = argv.slice(2);
+
+    if (this._commands.length > 0 && args.length > 0 && !args[0].startsWith('-')) {
+      const command = this._commands.find(item => item._name === args[0]);
+      if (command) {
+        command.execute(args.slice(1));
+        return this;
+      }
+    }
+
+    this._opts = parseOptions(args, this._options);
+    return this;
+  }
+}
+
+function createProgram() {
+  return new MiniProgram();
+}
+
+module.exports = {
+  createProgram,
+  program: createProgram()
+};

package/utils/missing-key-validator.js

@@ -775,14 +775,14 @@ class MissingKeyValidator {
   }
 
   async validateLanguageKeys(language) {
-    const localePath = path.join(this.projectRoot, 'ui-locales', `${language}.json`);
+    const localePath = path.join(this.projectRoot, 'resources', 'i18n', 'ui-locales', `${language}.json`);
     
-    if (!fs.existsSync(localePath)) {
+    if (!SecurityUtils.safeExistsSync(localePath)) {
       return this.requiredKeys; // All keys missing if file doesn't exist
     }
     
     try {
-      const localeData = JSON.parse(fs.readFileSync(localePath, 'utf8'));
+      const localeData = JSON.parse(SecurityUtils.safeReadFileSync(localePath, 'utf8'));
       const existingKeys = Object.keys(localeData);
       
       return this.requiredKeys.filter(key => !existingKeys.includes(key));
@@ -807,7 +807,7 @@ class MissingKeyValidator {
     };
 
     const reportPath = path.join(__dirname, 'missing-keys-report.json');
-    fs.writeFileSync(reportPath, JSON.stringify(report, null, 2));
+    SecurityUtils.safeWriteFileSync(reportPath, JSON.stringify(report, null, 2));
     
     console.log('\n📊 Missing Keys Report:');
     console.log(`Total Languages: ${report.summary.totalLanguages}`);
@@ -837,7 +837,7 @@ class MissingKeyValidator {
     });
 
     const templatePath = path.join(__dirname, 'translation-template.json');
-    fs.writeFileSync(templatePath, JSON.stringify(template, null, 2));
+    SecurityUtils.safeWriteFileSync(templatePath, JSON.stringify(template, null, 2));
     
     console.log(`Translation template saved to: ${templatePath}`);
     return template;

package/utils/plugin-loader.js

@@ -1,6 +1,20 @@
-const path = require('path');
+function loadOptionalModule(name) {
+  // Security hardening: allow only known built-in optional plugins.
+  // This avoids dynamic runtime require of arbitrary package names.
+  const builtinPlugins = {
+    regex: () => require('./extractors/regex'),
+    'i18ntk-extractor-regex': () => require('./extractors/regex')
+  };
+
+  const direct = builtinPlugins[name];
+  if (direct) {
+    try {
+      return direct();
+    } catch {
+      return null;
+    }
+  }
 
-function loadOptionalModule(name, cwd = process.cwd()) {
   // Sanitize the module name to prevent path traversal
   const sanitizedName = name.replace(/[^a-zA-Z0-9@/_-]/g, '');
   if (sanitizedName !== name) {
@@ -8,31 +22,28 @@ function loadOptionalModule(name, cwd = process.cwd()) {
     return null;
   }
 
-  try {
-    const resolved = require.resolve(sanitizedName, { paths: [cwd] });
-    return require(resolved);
- } catch {
-    return null;
-  }
+  // Unknown optional modules are disabled by default.
+  // Register plugins programmatically through PluginLoader.registerPlugin instead.
+  return null;
 }
-class PluginLoader {
-  constructor() {
-    this.plugins = {};
-  }
-
-  registerPlugin(plugin) {
-    if (!plugin || !plugin.type) return;
-    const type = plugin.type;
-    if (!this.plugins[type]) {
-      this.plugins[type] = [];
-    }
-    this.plugins[type].push(plugin);
-  }
-
-  getPlugins(type) {
-    return this.plugins[type] || [];
-  }
-}
-
-module.exports = PluginLoader;
-module.exports.loadOptionalModule = loadOptionalModule;
+class PluginLoader {
+  constructor() {
+    this.plugins = {};
+  }
+
+  registerPlugin(plugin) {
+    if (!plugin || !plugin.type) return;
+    const type = plugin.type;
+    if (!this.plugins[type]) {
+      this.plugins[type] = [];
+    }
+    this.plugins[type].push(plugin);
+  }
+
+  getPlugins(type) {
+    return this.plugins[type] || [];
+  }
+}
+
+module.exports = PluginLoader;
+module.exports.loadOptionalModule = loadOptionalModule;

package/utils/prompt.js

@@ -1,9 +1,6 @@
-const readline = require('node:readline');
-const { stdin: input, stdout: output } = require('node:process');
+const readline = require('readline');
+const { logger } = require('./logger');
 
-/**
- * Simple prompt utility for CLI interactions
- */
 class Prompt {
   constructor() {
     this.rl = readline.createInterface({
@@ -26,60 +23,33 @@ class Prompt {
 
   async confirm(questionText, defaultValue = false) {
     const answer = await this.question(`${questionText} (${defaultValue ? 'Y/n' : 'y/N'}) `);
-    const answer = await this.question(`${message} (${defaultValue ? 'Y/n' : 'y/N'}): `);
-    return answer ? answer.toLowerCase().startsWith('y') : defaultValue;
-  }
-
-  async select(message, choices, defaultIndex = 0) {
-    logger.log(`\n${message}:`);
-  async confirm(question, defaultValue = false) {
-    const answer = await this.question(`${question} (${defaultValue ? 'Y/n' : 'y/N'}) `);
     if (answer === '') return defaultValue;
     return /^y|yes$/i.test(answer);
   }
 
-  /**
-   * Present a list of choices and let the user select one
-   * @param {string} question - The question to ask
-   * @param {Array<string>} choices - Array of choices
-   * @returns {Promise<string>} The selected choice
-   */
-  async list(question, choices) {
-    if (!choices || !choices.length) {
-      throw new Error('No choices provided');
-    }
-
-    console.log(question);
+  async select(questionText, choices, defaultIndex = 0) {
+    logger.log(`\n${questionText}:`);
     choices.forEach((choice, index) => {
-      console.log(`  ${index + 1}. ${choice}`);
+      logger.log(`  ${index + 1}. ${choice}`);
     });
 
     while (true) {
-      const answer = await this.question(`Select an option (1-${choices.length}): `);
-      const index = parseInt(answer.trim(), 10) - 1;
-      
-      if (index >= 0 && index < choices.length) {
-        return choices[index];
+      const answer = await this.question(`\nSelect an option (1-${choices.length}): `);
+      const selected = parseInt(answer, 10) - 1;
+      if (!isNaN(selected) && selected >= 0 && selected < choices.length) {
+        return selected;
       }
-      
-      console.log('Invalid selection. Please try again.');
+      logger.log('Invalid selection. Please try again.');
     }
   }
 
-  /**
-   * Close the readline interface
-   */
-  close() {
-    this.rl.close();
+  async input(questionText, defaultValue = '') {
+    const answer = await this.question(`${questionText}${defaultValue ? ` [${defaultValue}]` : ''}: `);
+    return answer || defaultValue;
   }
 }
 
-// Create a singleton instance
 const prompt = new Prompt();
-
-// Handle process termination
-process.on('exit', () => {
-  prompt.close();
-});
+process.on('exit', () => prompt.close());
 
 module.exports = prompt;

package/utils/safe-json.js

@@ -0,0 +1,40 @@
+// utils/safe-json.js
+const { readFile } = require('fs/promises');
+
+function stripBOM(s) {
+  if (typeof s === 'string' && s.charCodeAt(0) === 0xFEFF) return s.slice(1);
+  return s;
+}
+
+/**
+ * Safe JSON load with guardrails.
+ * - Max file size (default 1MB)
+ * - BOM stripping
+ * - Single, typed error (no loops)
+ */
+async function readJsonSafe(filePath, { maxBytes = 1_000_000 } = {}) {
+  const buf = await readFile(filePath);
+  if (buf.length === 0) {
+    const err = new Error('Empty JSON file');
+    err.code = 'EJSONEMPTY';
+    err.path = filePath;
+    throw err;
+  }
+  if (buf.length > maxBytes) {
+    const err = new Error(`JSON too large (${buf.length} bytes)`);
+    err.code = 'EJSONTOOBIG';
+    err.path = filePath;
+    throw err;
+  }
+  try {
+    return JSON.parse(stripBOM(buf.toString('utf8')));
+  } catch (e) {
+    const err = new Error(`Invalid JSON`);
+    err.code = 'EJSONPARSE';
+    err.path = filePath;
+    err.cause = e;
+    throw err;
+  }
+}
+
+module.exports = { readJsonSafe };

package/utils/secure-errors.js

@@ -76,7 +76,7 @@ function secureErrorHandler(options = {}) {
   const config = { ...defaults, ...options };
   
   // Ensure log directory exists
-  if (config.logFilePath && !fs.existsSync(path.dirname(config.logFilePath))) {
+  if (config.logFilePath && !SecurityUtils.safeExistsSync(path.dirname(config.logFilePath))) {
     try {
       fs.mkdirSync(path.dirname(config.logFilePath), { recursive: true });
     } catch (e) {
@@ -126,12 +126,12 @@ function secureErrorHandler(options = {}) {
 
       // Log to console
       if (typeof config.logFunction === 'function') {
-        config.logFunction(JSON.stringify(logEntry, null, 2));
+        SecurityUtils.safeWriteFileSync(config.logFilePath, JSON.stringify(logEntry, null, 2));
       }
 
       // Log to file if configured
       if (config.logFilePath) {
-        fs.appendFileSync(
+        SecurityUtils.safeWriteFileSync(
           config.logFilePath,
           JSON.stringify(logEntry) + '\n',
           'utf8'