i18ntk 2.3.2 → 2.3.4

package/README.md

@@ -1,4 +1,4 @@
-# i18ntk v2.3.2
+# i18ntk v2.3.4
 
 Zero-dependency internationalization toolkit for setup, scanning, analysis, validation, usage tracking, and translation completion.
 
@@ -9,14 +9,15 @@ Zero-dependency internationalization toolkit for setup, scanning, analysis, vali
 [![node](https://img.shields.io/badge/node-%3E%3D16-339933)](https://nodejs.org)
 [![dependencies](https://img.shields.io/badge/dependencies-0-success)](https://www.npmjs.com/package/i18ntk)
 [![license](https://img.shields.io/badge/license-MIT-yellow.svg)](LICENSE)
-[![socket](https://socket.dev/api/badge/npm/package/i18ntk/2.3.2)](https://socket.dev/npm/package/i18ntk/overview/2.3.2)
+[![socket](https://socket.dev/api/badge/npm/package/i18ntk/2.3.4)](https://socket.dev/npm/package/i18ntk/overview/2.3.4)
 
 ## Upgrade Notice
 
-Versions earlier than `2.3.2` may contain known stability and security issues.
-They are considered unsupported for production use. Upgrade to `2.3.2` or newer.
+Versions earlier than `2.3.4` may contain known stability and security issues.
+They are considered unsupported for production use. Upgrade to `2.3.4` or newer.
 The CLI now checks npm registry metadata at startup and warns when your installed version is out of date.
 Set `I18NTK_DISABLE_UPDATE_CHECK=true` to disable this warning in restricted/offline environments.
+Set `I18NTK_DISABLE_AUTOSAVE=1` in server/runtime environments to keep config in memory and skip disk writes.
 
 ## What i18ntk Does
 
@@ -153,7 +154,7 @@ Example `.i18ntk-config`:
 
 ```json
 {
-  "version": "2.3.2",
+  "version": "2.3.4",
   "sourceDir": "./locales",
   "i18nDir": "./locales",
   "outputDir": "./i18ntk-reports",
@@ -176,7 +177,7 @@ See [docs/api/CONFIGURATION.md](docs/api/CONFIGURATION.md) for the full configur
 - [Runtime API Guide](docs/runtime.md)
 - [Scanner Guide](docs/scanner-guide.md)
 - [Environment Variables](docs/environment-variables.md)
-- [Migration Guide v2.3.2](docs/migration-guide-v2.3.2.md)
+- [Migration Guide v2.3.4](docs/migration-guide-v2.3.4.md)
 - [Optimization Prompt](docs/development/package-optimization-prompt.md)
 
 ## License

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "i18ntk",
-  "version": "2.3.2",
+  "version": "2.3.4",
   "description": "🚀 The fastest internationalization toolkit with 97% performance boost! Zero-dependency, enterprise-grade internationalization for React, Vue, Angular, Python, Java, PHP & more. Features PIN protection, auto framework detection, 7+ UI languages, and comprehensive translation management. Perfect for startups to enterprises.",
   "keywords": [
     "i18n",
@@ -227,7 +227,7 @@
   },
   "preferGlobal": true,
   "versionInfo": {
-    "version": "2.3.2",
+    "version": "2.3.4",
     "releaseDate": "12/04/2026",
     "lastUpdated": "12/04/2026",
     "maintainer": "Vlad Noskov",
@@ -238,7 +238,9 @@
       "HOTFIX: Removed deprecated package-path fallback that caused production build warnings for non-exported subpaths.",
       "CRITICAL FIX: Resolved sizing and usage-analysis regressions in v2 command flow.",
       "PACKAGING: Reduced publish footprint by removing internal development scripts and legacy fixed-file artifacts.",
-      "SECURITY: Hardened release checks and added explicit support guidance to update from pre-2.3.2 versions.",
+      "SECURITY: Hardened release checks and added explicit support guidance to update from pre-2.3.4 versions.",
+      "CONFIG: Added cross-process file locking for .i18ntk-config writes to prevent production rename races.",
+      "CONFIG: Made autosave runtime-safe with non-throwing save failures and I18NTK_DISABLE_AUTOSAVE support.",
       "CLI: Added npm registry version check with upgrade warning for out-of-date installs.",
       "I18N: Completed internal UI locale parity and actionable untranslated-key cleanup across supported languages."
     ],
@@ -265,7 +267,7 @@
       "spring-boot": ">=2.5.0",
       "laravel": ">=8.0.0"
     },
-    "supportPolicy": "Versions earlier than 2.3.2 may be unstable or insecure. Upgrade to 2.3.2 or newer."
+    "supportPolicy": "Versions earlier than 2.3.4 may be unstable or insecure. Upgrade to 2.3.4 or newer."
   },
   "_comment": "This package is zero-dependency and uses only native Node.js modules"
 }

package/utils/config-manager.js

@@ -1,6 +1,7 @@
 const fs = require('fs');
 const path = require('path');
 const os = require('os');
+const crypto = require('crypto');
 const SecurityUtils = require('./security');
 
 // Determine package directory and user project root
@@ -9,8 +10,13 @@ const userProjectRoot = process.cwd();
 
 // Always use current working directory for settings to support test environments
 // This ensures config works correctly when tests change the working directory
-const PROJECT_CONFIG_PATH = path.join(process.cwd(), '.i18ntk-config');
-const PROJECT_SETTINGS_DIR = path.dirname(PROJECT_CONFIG_PATH);
+const PROJECT_CONFIG_PATH = path.join(process.cwd(), '.i18ntk-config');
+const PROJECT_SETTINGS_DIR = path.dirname(PROJECT_CONFIG_PATH);
+const CONFIG_LOCK_PATH = `${PROJECT_CONFIG_PATH}.lock`;
+const CONFIG_LOCK_TIMEOUT_MS = 5000;
+const CONFIG_LOCK_STALE_MS = 15000;
+const CONFIG_LOCK_RETRY_MS = 50;
+let autosaveDisabledWarned = false;
 
 // Setup tracking file
 const SETUP_COMPLETED_FILE = path.join(PROJECT_SETTINGS_DIR, 'setup.json');
@@ -244,10 +250,69 @@ const DEFAULT_CONFIG = {
 
 // Environment variable support has been removed in favor of exclusive .i18ntk-config configuration
 
-let currentConfig = null;
-let configLoadInProgress = false;
-let recursionDepth = 0;
-const MAX_RECURSION_DEPTH = 15; // Increased to handle legitimate sequential calls
+let currentConfig = null;
+let configLoadInProgress = false;
+let recursionDepth = 0;
+const MAX_RECURSION_DEPTH = 15; // Increased to handle legitimate sequential calls
+let configSaveQueue = Promise.resolve();
+
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+async function acquireConfigLock(timeoutMs = CONFIG_LOCK_TIMEOUT_MS) {
+  const start = Date.now();
+  let lockHandle = null;
+
+  while (!lockHandle) {
+    try {
+      lockHandle = await fs.promises.open(CONFIG_LOCK_PATH, 'wx');
+      await lockHandle.writeFile(String(process.pid), 'utf8');
+      break;
+    } catch (error) {
+      if (!error || error.code !== 'EEXIST') {
+        throw error;
+      }
+
+      // Recover from stale lock files left by crashed processes.
+      try {
+        const stats = await fs.promises.stat(CONFIG_LOCK_PATH);
+        if (Date.now() - stats.mtimeMs > CONFIG_LOCK_STALE_MS) {
+          await fs.promises.unlink(CONFIG_LOCK_PATH);
+          continue;
+        }
+      } catch (_) {
+        // Lock may have been released between exists check and stat/unlink.
+      }
+
+      if (Date.now() - start >= timeoutMs) {
+        throw new Error(`Timed out waiting for config lock after ${timeoutMs}ms`);
+      }
+
+      await sleep(CONFIG_LOCK_RETRY_MS);
+    }
+  }
+
+  return async function releaseConfigLock() {
+    try {
+      if (lockHandle) {
+        await lockHandle.close();
+      }
+    } catch (_) {
+      // Best-effort close only.
+    }
+    try {
+      await fs.promises.unlink(CONFIG_LOCK_PATH);
+    } catch (_) {
+      // Best-effort cleanup only.
+    }
+  };
+}
+
+function isAutosaveDisabled() {
+  const flag = String(process.env.I18NTK_DISABLE_AUTOSAVE || '').trim().toLowerCase();
+  return flag === '1' || flag === 'true' || flag === 'yes';
+}
 
 function clone(obj) {
    return JSON.parse(JSON.stringify(obj));
@@ -424,28 +489,71 @@ function loadConfig() {
 
 async function saveConfig(cfg = currentConfig) {
   if (!cfg || typeof cfg !== 'object') return;
-
-  try {
-    // Ensure settings directory exists
-    if (!SecurityUtils.safeExistsSync(PROJECT_SETTINGS_DIR)) {
-      fs.mkdirSync(PROJECT_SETTINGS_DIR, { recursive: true });
-    }
-
-    const serialized = JSON.stringify(cfg, null, 2);
-    if (typeof serialized !== 'string' || serialized.length === 0) {
-      throw new Error('Cannot save empty configuration payload');
-    }
 
-    // Atomic write prevents partially-written/empty config files.
-    const tempPath = `${PROJECT_CONFIG_PATH}.tmp`;
-    await fs.promises.writeFile(tempPath, serialized, 'utf8');
-    await fs.promises.rename(tempPath, PROJECT_CONFIG_PATH);
+  // Runtime/server safety valve: allow disabling disk writes entirely.
+  if (isAutosaveDisabled()) {
     currentConfig = cfg;
-  } catch (error) {
-    console.error('[i18ntk] Error saving configuration:', error.message);
-    throw error;
-  }
-}
+    if (!autosaveDisabledWarned) {
+      autosaveDisabledWarned = true;
+      console.warn('[i18ntk] Autosave disabled by I18NTK_DISABLE_AUTOSAVE. Keeping configuration in memory only.');
+    }
+    return false;
+  }
+
+  configSaveQueue = configSaveQueue.then(async () => {
+    let tempPath = null;
+    let releaseLock = null;
+    try {
+      // Ensure settings directory exists before any lock/file operations.
+      await fs.promises.mkdir(PROJECT_SETTINGS_DIR, { recursive: true });
+
+      releaseLock = await acquireConfigLock();
+
+      const serialized = JSON.stringify(cfg, null, 2);
+      if (typeof serialized !== 'string' || serialized.length === 0) {
+        throw new Error('Cannot save empty configuration payload');
+      }
+
+      // Use a unique temp file to avoid concurrent writer races.
+      const nonce = `${process.pid}.${Date.now()}.${crypto.randomUUID()}`;
+      tempPath = `${PROJECT_CONFIG_PATH}.${nonce}.tmp`;
+      await fs.promises.writeFile(tempPath, serialized, 'utf8');
+
+      try {
+        await fs.promises.rename(tempPath, PROJECT_CONFIG_PATH);
+      } catch (renameError) {
+        // If destination dir disappeared between checks, recreate and retry once.
+        if (renameError && renameError.code === 'ENOENT') {
+          await fs.promises.mkdir(PROJECT_SETTINGS_DIR, { recursive: true });
+          await fs.promises.rename(tempPath, PROJECT_CONFIG_PATH);
+        } else {
+          throw renameError;
+        }
+      }
+
+      currentConfig = cfg;
+      return true;
+    } catch (error) {
+      console.error('[i18ntk] Error saving configuration:', error.message);
+      return false;
+    } finally {
+      if (releaseLock) {
+        await releaseLock();
+      }
+      if (tempPath) {
+        try {
+          if (SecurityUtils.safeExistsSync(tempPath, path.dirname(tempPath))) {
+            fs.unlinkSync(tempPath);
+          }
+        } catch (_) {
+          // Best-effort temp cleanup only.
+        }
+      }
+    }
+  });
+
+  return configSaveQueue;
+}
 
 function getConfig() {
     // Check for recursion
@@ -486,7 +594,9 @@ function getConfig() {
          throw new Error('Invalid legacy configuration JSON');
        }
        const migratedConfig = { ...DEFAULT_CONFIG, ...legacyConfig };
-       saveConfig(migratedConfig);
+       saveConfig(migratedConfig).catch((err) => {
+         console.warn('[i18ntk] Warning: failed to persist migrated configuration:', err.message);
+       });
        currentConfig = migratedConfig;
 
        // Clean up legacy config
@@ -504,7 +614,9 @@ function getConfig() {
 
      // Use package defaults for new installation
      console.log('📦 Initializing with default configuration...');
-     saveConfig(DEFAULT_CONFIG);
+     saveConfig(DEFAULT_CONFIG).catch((err) => {
+       console.warn('[i18ntk] Warning: failed to persist default configuration:', err.message);
+     });
      currentConfig = DEFAULT_CONFIG;
      return resolvePaths(DEFAULT_CONFIG);