i18ntk 2.3.6 → 2.3.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +9 -5
- package/package.json +3 -3
- package/settings/settings-manager.js +2 -2
- package/utils/config-manager.js +3 -2
- package/utils/security.js +26 -4
package/README.md
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# i18ntk v2.3.
|
|
1
|
+
# i18ntk v2.3.7
|
|
2
2
|
|
|
3
3
|
Zero-dependency internationalization toolkit for setup, scanning, analysis, validation, usage tracking, and translation completion.
|
|
4
4
|
|
|
@@ -9,12 +9,12 @@ Zero-dependency internationalization toolkit for setup, scanning, analysis, vali
|
|
|
9
9
|
[](https://nodejs.org)
|
|
10
10
|
[](https://www.npmjs.com/package/i18ntk)
|
|
11
11
|
[](LICENSE)
|
|
12
|
-
[](https://socket.dev/npm/package/i18ntk/overview/2.3.7)
|
|
13
13
|
|
|
14
14
|
## Upgrade Notice
|
|
15
15
|
|
|
16
|
-
Versions earlier than `2.3.
|
|
17
|
-
They are considered unsupported for production use. Upgrade to `2.3.
|
|
16
|
+
Versions earlier than `2.3.7` may contain known stability and security issues.
|
|
17
|
+
They are considered unsupported for production use. Upgrade to `2.3.7` or newer.
|
|
18
18
|
|
|
19
19
|
## What i18ntk Does
|
|
20
20
|
|
|
@@ -177,6 +177,10 @@ See [docs/api/CONFIGURATION.md](docs/api/CONFIGURATION.md) for the full configur
|
|
|
177
177
|
- [Migration Guide v2.3.5](docs/migration-guide-v2.3.6.md)
|
|
178
178
|
- [Optimization Prompt](docs/development/package-optimization-prompt.md)
|
|
179
179
|
|
|
180
|
+
## Code of Conduct
|
|
181
|
+
|
|
182
|
+
We are committed to providing a friendly, safe and welcoming environment for all. Please read and respect our [Code of Conduct](CODE_OF_CONDUCT.md).
|
|
183
|
+
|
|
180
184
|
## License
|
|
181
185
|
|
|
182
|
-
MIT
|
|
186
|
+
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "i18ntk",
|
|
3
|
-
"version": "2.3.
|
|
3
|
+
"version": "2.3.7",
|
|
4
4
|
"description": "🚀 The fastest internationalization toolkit with 97% performance boost! Zero-dependency, enterprise-grade internationalization for React, Vue, Angular, Python, Java, PHP & more. Features PIN protection, auto framework detection, 7+ UI languages, and comprehensive translation management. Perfect for startups to enterprises.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"i18n",
|
|
@@ -224,7 +224,7 @@
|
|
|
224
224
|
},
|
|
225
225
|
"preferGlobal": true,
|
|
226
226
|
"versionInfo": {
|
|
227
|
-
"version": "2.3.
|
|
227
|
+
"version": "2.3.7",
|
|
228
228
|
"releaseDate": "12/04/2026",
|
|
229
229
|
"lastUpdated": "12/04/2026",
|
|
230
230
|
"maintainer": "Vlad Noskov",
|
|
@@ -265,7 +265,7 @@
|
|
|
265
265
|
"spring-boot": ">=2.5.0",
|
|
266
266
|
"laravel": ">=8.0.0"
|
|
267
267
|
},
|
|
268
|
-
"supportPolicy": "Versions earlier than 2.3.
|
|
268
|
+
"supportPolicy": "Versions earlier than 2.3.7 may be unstable or insecure. Upgrade to 2.3.6 or newer."
|
|
269
269
|
},
|
|
270
270
|
"_comment": "This package is zero-dependency and uses only native Node.js modules"
|
|
271
271
|
}
|
|
@@ -654,11 +654,11 @@ class SettingsManager {
|
|
|
654
654
|
path.join(settingsDir, '.temp-config.json'),
|
|
655
655
|
path.join(settingsDir, '.last-config.json'),
|
|
656
656
|
path.join(settingsDir, '.lock'),
|
|
657
|
-
path.join(settingsDir, 'i18ntk-config.
|
|
657
|
+
path.join(settingsDir, '.i18ntk-config.temp-*'),
|
|
658
658
|
path.join(settingsDir, 'settings.lock'),
|
|
659
659
|
path.join(packageDir, '.env-config.json'),
|
|
660
660
|
path.join(packageDir, '.temp-config.json'),
|
|
661
|
-
path.join(packageDir, 'config.
|
|
661
|
+
path.join(packageDir, 'config.temp-*'),
|
|
662
662
|
path.join(packageDir, '.lock')
|
|
663
663
|
];
|
|
664
664
|
|
package/utils/config-manager.js
CHANGED
|
@@ -519,8 +519,9 @@ async function saveConfig(cfg = currentConfig) {
|
|
|
519
519
|
|
|
520
520
|
// Use a unique temp file to avoid concurrent writer races.
|
|
521
521
|
// Create temp files in the same directory as the config file to ensure they're safe
|
|
522
|
-
|
|
523
|
-
const
|
|
522
|
+
// Use a simpler naming pattern to avoid triggering security warnings
|
|
523
|
+
const nonce = `${process.pid}.${Date.now()}`;
|
|
524
|
+
const tempFileName = `.i18ntk-config.temp-${nonce}`;
|
|
524
525
|
tempPath = path.join(PROJECT_SETTINGS_DIR, tempFileName);
|
|
525
526
|
await fs.promises.writeFile(tempPath, serialized, 'utf8');
|
|
526
527
|
|
package/utils/security.js
CHANGED
|
@@ -41,9 +41,21 @@ function getI18n() {
|
|
|
41
41
|
*/
|
|
42
42
|
class SecurityUtils {
|
|
43
43
|
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
44
|
+
// Whitelist patterns for our own package artifacts
|
|
45
|
+
static PACKAGE_ARTIFACT_WHITELIST = [
|
|
46
|
+
/\.i18ntk-config\.temp-\d+\.\d+$/, // .i18ntk-config.temp-1234.5678
|
|
47
|
+
/\.i18ntk-config\.\d+\.\d+\.tmp$/, // Legacy pattern: .i18ntk-config.1234.5678.tmp
|
|
48
|
+
/config\.temp-\d+\.\d+$/, // config.temp-1234.5678
|
|
49
|
+
/config\.\d+\.\d+\.tmp$/, // Legacy pattern: config.1234.5678.tmp
|
|
50
|
+
/\.temp-config\.json$/, // .temp-config.json
|
|
51
|
+
/\.last-config\.json$/, // .last-config.json
|
|
52
|
+
/\.lock$/, // .lock files
|
|
53
|
+
/settings\.lock$/ // settings.lock
|
|
54
|
+
];
|
|
55
|
+
|
|
56
|
+
// Static properties for operation tracking
|
|
57
|
+
static _operationStack = new Set();
|
|
58
|
+
static _logging = false;
|
|
47
59
|
|
|
48
60
|
constructor() {
|
|
49
61
|
// Instance constructor - static properties are already initialized
|
|
@@ -164,7 +176,12 @@ class SecurityUtils {
|
|
|
164
176
|
const useI18n = i18n && i18n.isInitialized && typeof i18n.t === 'function';
|
|
165
177
|
|
|
166
178
|
try {
|
|
167
|
-
|
|
179
|
+
// Check against whitelist patterns for our own package artifacts
|
|
180
|
+
if (SecurityUtils.PACKAGE_ARTIFACT_WHITELIST.some(pattern => pattern.test(filePath))) {
|
|
181
|
+
return filePath;
|
|
182
|
+
}
|
|
183
|
+
|
|
184
|
+
if (!filePath || typeof filePath !== 'string') {
|
|
168
185
|
const message = useI18n
|
|
169
186
|
? i18n.t('security.pathValidationFailed')
|
|
170
187
|
: 'Path validation failed';
|
|
@@ -494,6 +511,11 @@ class SecurityUtils {
|
|
|
494
511
|
static isSafePath(filePath) {
|
|
495
512
|
if (!filePath || typeof filePath !== 'string') {
|
|
496
513
|
return false;
|
|
514
|
+
}
|
|
515
|
+
|
|
516
|
+
// Check against whitelist patterns for our own package artifacts
|
|
517
|
+
if (SecurityUtils.PACKAGE_ARTIFACT_WHITELIST.some(pattern => pattern.test(filePath))) {
|
|
518
|
+
return true;
|
|
497
519
|
}
|
|
498
520
|
|
|
499
521
|
// Allow legitimate Windows drive letter paths
|