i18ntk 2.5.0 → 2.6.0

package/SECURITY.md

@@ -0,0 +1,52 @@
+# Security Policy
+
+## Supported Versions
+
+The supported production line is `2.5.x`.
+
+Versions earlier than `2.5.0` are not recommended for production use because later releases include package, filesystem, environment, and admin-auth hardening.
+
+## Security Model
+
+i18ntk is a local developer CLI and runtime helper. It is expected to read and write project files, but it must do so with conservative path validation and without external runtime dependencies.
+
+Security priorities:
+
+- zero runtime dependencies
+- no install-time lifecycle commands in the public package manifest
+- no shipped local setup state, admin PINs, backups, reports, logs, credentials, or generated artifacts
+- centralized environment-variable access through `utils/env-manager.js`
+- path containment checks based on resolved paths and `path.relative()`
+- timing-safe comparison for authentication hashes or tokens
+- silent-by-default logging for production-like contexts
+
+## Published Package Controls
+
+The npm package uses a stripped public manifest. It must not contain install-time lifecycle commands, dependency fields, local setup state, or development tooling.
+
+## Reporting Vulnerabilities
+
+Do not report security vulnerabilities in public GitHub issues.
+
+Use GitHub Security Advisories for private vulnerability reports. Include:
+
+- affected version
+- clear reproduction steps
+- expected and actual behavior
+- impact assessment
+- proof of concept, if safe to share privately
+
+## Disclosure Process
+
+Security reports are reviewed privately first. Confirmed issues should receive:
+
+- a fix or mitigation
+- a release note or migration note when user action is required
+- an npm release when the fix affects published users
+
+## User Guidance
+
+- Keep i18ntk updated to `2.5.0` or newer.
+- Do not commit `.i18ntk-config`, admin PIN files, backup directories, generated reports, logs, npm credentials, or secret material.
+- Run i18ntk only in project directories you trust.
+- Review generated translation changes before committing them.

package/main/i18ntk-analyze.js

@@ -252,7 +252,7 @@ class I18nAnalyzer {
               const relativePath = path.relative(this.sourceDir, fullPath);
               const shouldExclude = (this.config.excludeFiles || []).some(pattern => {
                 if (typeof pattern === 'string') {
-                  return relativePath === pattern || relativePath.endsWith(path.sep + pattern);
+                  return relativePath === pattern || relativePath.endsWith('/' + pattern) || relativePath.endsWith('\\' + pattern);
                 }
                 if (pattern instanceof RegExp) {
                   return pattern.test(relativePath);
@@ -908,9 +908,9 @@ try {
         const isRequired = await adminAuth.isAuthRequired();
         if (isRequired) {
           console.log('\n' + t('adminCli.authRequiredForOperation', { operation: 'analyze translations' }));
-          const cliHelper = require('../utils/cli-helper');
-        const pin = await cliHelper.promptPin(t('adminCli.enterPin'));
-        const isValid = await this.adminAuth.verifyPin(pin);
+          const cli = require('../utils/cli-helper');
+        const pin = await cli.promptPin(t('adminCli.enterPin'));
+        const isValid = await adminAuth.verifyPin(pin);
           
           if (!isValid) {
             console.log(t('adminCli.invalidPin'));

package/main/i18ntk-scanner.js

@@ -181,9 +181,9 @@ class I18nTextScanner {
         if (pyproject.includes('Flask')) return 'flask';
       }
 
-      // Check for Python files
-      const hasPythonFiles = fs.readdirSync(projectRoot, { recursive: true })
-        .some(file => file.endsWith && file.endsWith('.py'));
+      // Check for Python files using safeReaddirSync
+      const pythonItems = SecurityUtils.safeReaddirSync(projectRoot, projectRoot, { withFileTypes: true }) || [];
+      const hasPythonFiles = pythonItems.some(item => item.isFile && item.name && item.name.endsWith('.py'));
       if (hasPythonFiles) return 'python';
     } catch (error) {
       // Continue to JS frameworks
@@ -420,20 +420,22 @@ class I18nTextScanner {
     const extensions = ['.js', '.jsx', '.ts', '.tsx', '.vue', '.html', '.svelte', '.py', '.pyx', '.pyi'];
 
     const scanRecursive = (currentDir) => {
-      const items = fs.readdirSync(currentDir);
+      const items = SecurityUtils.safeReaddirSync(currentDir, path.dirname(currentDir), { withFileTypes: true });
+      if (!items) return;
 
       for (const item of items) {
-        const fullPath = path.join(currentDir, item);
-        const stat = fs.statSync(fullPath);
+        const fullPath = path.join(currentDir, item.name);
+        const stat = SecurityUtils.safeStatSync(fullPath, currentDir);
+        if (!stat) continue;
 
         if (stat.isDirectory()) {
-          if (!item.startsWith('.') && !this.shouldExcludeFile(fullPath, exclusions)) {
+          if (!item.name.startsWith('.') && !this.shouldExcludeFile(fullPath, exclusions)) {
             scanRecursive(fullPath);
           }
         } else if (stat.isFile()) {
-          const ext = path.extname(item);
+          const ext = path.extname(item.name);
           if (extensions.includes(ext) && !this.shouldExcludeFile(fullPath, exclusions)) {
-            if (!includeTests && (item.includes('.test.') || item.includes('.spec.'))) {
+            if (!includeTests && (item.name.includes('.test.') || item.name.includes('.spec.'))) {
               continue;
             }
 
@@ -455,7 +457,7 @@ class I18nTextScanner {
 
   async generateReport(results, outputDir) {
     if (!SecurityUtils.safeExistsSync(outputDir, path.dirname(outputDir))) {
-      fs.mkdirSync(outputDir, { recursive: true });
+      SecurityUtils.safeMkdirSync(outputDir, process.cwd(), { recursive: true });
     }
 
     const timestamp = new Date().toISOString().replace(/[:.]/g, '-');
@@ -472,11 +474,11 @@ class I18nTextScanner {
     };
 
     // JSON report
-    SecurityUtils.safeWriteFileSync(reportFile, JSON.stringify(summary, null, 2), outputDir);
+    SecurityUtils.safeWriteFileSync(reportFile, JSON.stringify(summary, null, 2), outputDir, 'utf8');
 
     // Markdown summary
     const mdContent = this.generateMarkdownReport(summary);
-    SecurityUtils.safeWriteFileSync(summaryFile, mdContent, outputDir);
+    SecurityUtils.safeWriteFileSync(summaryFile, mdContent, outputDir, 'utf8');
 
     return { reportFile, summaryFile, summary };
   }

package/main/i18ntk-validate.js

@@ -33,7 +33,7 @@ if (isUppercase) {
   console.error('   npm run i18ntk:manage');
   console.error('');
   console.error('📖 For more information, run: npx i18ntk --help');
-  process.exit(ExitCodes.CONFIG_ERROR);
+  process.exit(1);
 }
 
 const fs = require('fs');
@@ -112,8 +112,8 @@ class I18nValidator {
         } else {
           console.warn(t('config.dirFallbackWarning', { dir: this.sourceDir, fallback: this.sourceLanguageDir }) ||
             `Warning: Directory ${this.sourceDir} not found. Using ${this.sourceLanguageDir}.`);
-          if (!SecurityUtils.safeExistsSync(this.sourceLanguageDir)) {
-            fs.mkdirSync(this.sourceLanguageDir, { recursive: true });
+          if (!SecurityUtils.safeExistsSync(this.sourceLanguageDir, process.cwd())) {
+            SecurityUtils.safeMkdirSync(this.sourceLanguageDir, process.cwd(), { recursive: true });
           }
         }
       }
@@ -204,13 +204,17 @@ class I18nValidator {
         throw new Error(`Source directory not found: ${this.sourceDir}`);
       }
       
-      const languages = fs.readdirSync(this.sourceDir)
-        .filter(item => {
-          const itemPath = path.join(this.sourceDir, item);
-          return fs.statSync(itemPath).isDirectory() &&
-                 item !== this.config.sourceLanguage &&
-                 !this.isExcludedLanguageDirectory(item);
-        });
+      const items = SecurityUtils.safeReaddirSync(this.sourceDir, process.cwd(), { withFileTypes: true });
+      if (!items) {
+        throw new Error(`Source directory not found: ${this.sourceDir}`);
+      }
+      
+      const languages = items
+        .filter(item => {
+          return item.isDirectory() &&
+                 item.name !== this.config.sourceLanguage &&
+                 !this.isExcludedLanguageDirectory(item.name);
+        }).map(item => item.name);
       
       return languages;
     } catch (error) {
@@ -228,11 +232,14 @@ class I18nValidator {
         return [];
       }
       
-      const files = fs.readdirSync(languageDir)
-        .filter(file => {
-          return file.endsWith('.json') && 
-                 !this.config.excludeFiles.includes(file);
-        });
+      const items = SecurityUtils.safeReaddirSync(languageDir, process.cwd(), { withFileTypes: true });
+      if (!items) return [];
+      
+      const files = items
+        .filter(item => {
+          return item.isFile() && item.name.endsWith('.json') && 
+                 !this.config.excludeFiles.includes(item.name);
+        }).map(item => item.name);
       
       return files;
     } catch (error) {
@@ -682,10 +689,10 @@ class I18nValidator {
         
         // Delete old validation report if it exists
         const reportPath = path.join(process.cwd(), 'validation-report.txt');
-        SecurityUtils.validatePath(reportPath);
+        const validatedPath = SecurityUtils.validatePath(reportPath, process.cwd());
         
-        if (SecurityUtils.safeExistsSync(reportPath)) {
-          fs.unlinkSync(reportPath);
+        if (validatedPath && SecurityUtils.safeExistsSync(validatedPath, process.cwd())) {
+          SecurityUtils.safeUnlinkSync(validatedPath, process.cwd());
           console.log(t('validate.deletedOldReport'));
           
           SecurityUtils.logSecurityEvent(t('validate.fileDeleted'), 'info', {

package/main/manage/commands/AnalyzeCommand.js

@@ -129,10 +129,13 @@ class AnalyzeCommand {
             throw new Error(`Source directory does not exist or is not a directory: ${safePath}`);
         }
 
-        try {
-            fs.accessSync(safePath, fs.constants.R_OK | fs.constants.W_OK);
-        } catch {
-            throw new Error(`Insufficient permissions for source directory: ${safePath}`);
+        try {
+            const stat = SecurityUtils.safeStatSync(safePath, process.cwd());
+            if (!stat || !stat.isDirectory()) {
+                throw new Error(`Source directory is not accessible: ${safePath}`);
+            }
+        } catch (error) {
+            throw new Error(`Insufficient permissions for source directory: ${safePath}`);
         }
     }
 

package/main/manage/commands/FixerCommand.js

@@ -373,7 +373,17 @@ class FixerCommand {
             if (backupDirs.length <= keepCount) return;
 
             for (const staleDir of backupDirs.slice(keepCount)) {
-                fs.rmSync(staleDir.path, { recursive: true, force: true });
+              try {
+                SecurityUtils.safeUnlinkSync(staleDir.path, process.cwd());
+              } catch (_) {
+                // Directory not empty, use recursive removal
+                try {
+                  const { rmSync } = require('fs');
+                  rmSync(staleDir.path, { recursive: true, force: true });
+                } catch (_) {
+                  // Best-effort cleanup
+                }
+              }
             }
         } catch (error) {
             console.warn(`Failed to clean old backups: ${error.message}`);

package/main/manage/commands/ScannerCommand.js

@@ -175,9 +175,9 @@ class ScannerCommand {
                 if (pyproject.includes('Flask')) return 'flask';
             }
 
-            // Check for Python files
-            const hasPythonFiles = fs.readdirSync(projectRoot, { recursive: true })
-                .some(file => file.endsWith && file.endsWith('.py'));
+            // Check for Python files using safeReaddirSync
+            const pythonItems = SecurityUtils.safeReaddirSync(projectRoot, projectRoot, { withFileTypes: true }) || [];
+            const hasPythonFiles = pythonItems.some(item => item.isFile && item.name && item.name.endsWith('.py'));
             if (hasPythonFiles) return 'python';
         } catch (error) {
             // Continue to JS frameworks
@@ -414,20 +414,22 @@ class ScannerCommand {
         const extensions = ['.js', '.jsx', '.ts', '.tsx', '.vue', '.html', '.svelte', '.py', '.pyx', '.pyi'];
 
         const scanRecursive = (currentDir) => {
-            const items = fs.readdirSync(currentDir);
+            const items = SecurityUtils.safeReaddirSync(currentDir, path.dirname(currentDir), { withFileTypes: true });
+            if (!items) return;
 
             for (const item of items) {
-                const fullPath = path.join(currentDir, item);
-                const stat = fs.statSync(fullPath);
+                const fullPath = path.join(currentDir, item.name);
+                const stat = SecurityUtils.safeStatSync(fullPath, currentDir);
+                if (!stat) continue;
 
                 if (stat.isDirectory()) {
-                    if (!item.startsWith('.') && !this.shouldExcludeFile(fullPath, exclusions)) {
+                    if (!item.name.startsWith('.') && !this.shouldExcludeFile(fullPath, exclusions)) {
                         scanRecursive(fullPath);
                     }
                 } else if (stat.isFile()) {
-                    const ext = path.extname(item);
+                    const ext = path.extname(item.name);
                     if (extensions.includes(ext) && !this.shouldExcludeFile(fullPath, exclusions)) {
-                        if (!includeTests && (item.includes('.test.') || item.includes('.spec.'))) {
+                        if (!includeTests && (item.name.includes('.test.') || item.name.includes('.spec.'))) {
                             continue;
                         }
 
@@ -449,7 +451,7 @@ class ScannerCommand {
 
     async generateReport(results, outputDir) {
         if (!SecurityUtils.safeExistsSync(outputDir, path.dirname(outputDir))) {
-            fs.mkdirSync(outputDir, { recursive: true });
+            SecurityUtils.safeMkdirSync(outputDir, process.cwd(), { recursive: true });
         }
 
         const timestamp = new Date().toISOString().replace(/[:.]/g, '-');

package/main/manage/commands/ValidateCommand.js

@@ -94,8 +94,8 @@ class ValidateCommand {
                 } else {
                     console.warn(t('config.dirFallbackWarning', { dir: this.sourceDir, fallback: this.sourceLanguageDir }) ||
                         `Warning: Directory ${this.sourceDir} not found. Using ${this.sourceLanguageDir}.`);
-                    if (!SecurityUtils.safeExistsSync(this.sourceLanguageDir)) {
-                        fs.mkdirSync(this.sourceLanguageDir, { recursive: true });
+                    if (!SecurityUtils.safeExistsSync(this.sourceLanguageDir, process.cwd())) {
+                        SecurityUtils.safeMkdirSync(this.sourceLanguageDir, process.cwd(), { recursive: true });
                     }
                 }
             }
@@ -185,13 +185,15 @@ class ValidateCommand {
                 throw new Error(`Source directory not found: ${this.sourceDir}`);
             }
 
-            const languages = fs.readdirSync(this.sourceDir)
-                .filter(item => {
-                    const itemPath = path.join(this.sourceDir, item);
-                    return fs.statSync(itemPath).isDirectory() &&
-                           item !== this.config.sourceLanguage &&
-                           !this.isExcludedLanguageDirectory(item);
-                });
+            const items = SecurityUtils.safeReaddirSync(this.sourceDir, process.cwd(), { withFileTypes: true });
+            if (!items) {
+                throw new Error(`Source directory not found: ${this.sourceDir}`);
+            }
+
+            const languages = items
+                .filter(item => item.isDirectory())
+                .filter(item => item.name !== this.config.sourceLanguage && !this.isExcludedLanguageDirectory(item.name))
+                .map(item => item.name);
 
             return languages;
         } catch (error) {
@@ -209,11 +211,13 @@ class ValidateCommand {
                 return [];
             }
 
-            const files = fs.readdirSync(languageDir)
-                .filter(file => {
-                    return file.endsWith('.json') &&
-                          !this.config.excludeFiles.includes(file);
-                });
+            const items = SecurityUtils.safeReaddirSync(languageDir, process.cwd(), { withFileTypes: true });
+            if (!items) return [];
+
+            const files = items
+                .filter(item => item.isFile() && item.name.endsWith('.json') &&
+                    !this.config.excludeFiles.includes(item.name))
+                .map(item => item.name);
 
             return files;
         } catch (error) {
@@ -663,10 +667,10 @@ class ValidateCommand {
 
                 // Delete old validation report if it exists
                 const reportPath = path.join(process.cwd(), 'validation-report.txt');
-                SecurityUtils.validatePath(reportPath);
+                const validatedPath = SecurityUtils.validatePath(reportPath, process.cwd());
 
-                if (SecurityUtils.safeExistsSync(reportPath)) {
-                    fs.unlinkSync(reportPath);
+                if (validatedPath && SecurityUtils.safeExistsSync(validatedPath, process.cwd())) {
+                    SecurityUtils.safeUnlinkSync(validatedPath, process.cwd());
                     console.log(t('validate.deletedOldReport'));
 
                     SecurityUtils.logSecurityEvent(t('validate.fileDeleted'), 'info', {

package/main/manage/index.js

@@ -765,10 +765,11 @@ class I18nManager {
 
         function findFiles(dir, results = []) {
             try {
-                const items = fs.readdirSync(dir);
+                const items = SecurityUtils.safeReaddirSync(dir, cwd, { withFileTypes: true });
+                if (!items) return results;
 
                 for (const item of items) {
-                    const fullPath = path.join(dir, item);
+                    const fullPath = path.join(dir, item.name);
                     const relativePath = path.relative(cwd, fullPath);
 
                     if (shouldIgnore(relativePath)) {
@@ -776,14 +777,12 @@ class I18nManager {
                     }
 
                     try {
-                        const stat = fs.statSync(fullPath);
-
-                        if (stat.isDirectory()) {
+                        if (item.isDirectory()) {
                             findFiles(fullPath, results);
-                        } else if (stat.isFile()) {
+                        } else if (item.isFile()) {
                             // Check if file matches any of our patterns
                             for (const pattern of patterns) {
-                                if (matchesPattern(item, pattern)) {
+                                if (matchesPattern(item.name, pattern)) {
                                     results.push(relativePath);
                                     break;
                                 }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "i18ntk",
-  "version": "2.5.0",
-  "description": "🚀 The fastest internationalization toolkit with 97% performance boost! Zero-dependency, enterprise-grade internationalization for React, Vue, Angular, Python, Java, PHP & more. Features PIN protection, auto framework detection, 7+ UI languages, and comprehensive translation management. Perfect for startups to enterprises.",
+  "version": "2.6.0",
+  "description": "Zero-dependency internationalization toolkit for setup, scanning, analysis, validation, usage tracking, fixing, reporting, and runtime translation loading.",
   "keywords": [
     "i18n",
     "internationalization",
@@ -9,94 +9,22 @@
     "translation",
     "l10n",
     "multilingual",
-    "globalization",
     "i18next",
     "react-i18next",
     "vue-i18n",
     "angular-i18n",
     "next-i18next",
-    "nuxt-i18n",
-    "svelte-i18n",
-    "django",
-    "flask",
-    "fastapi",
-    "laravel",
-    "spring-boot",
     "nodejs",
     "javascript",
     "typescript",
     "cli",
     "command-line",
-    "automation",
     "developer-tools",
-    "productivity",
     "translation-management",
-    "language-support",
     "framework-detection",
     "zero-dependency",
-    "lightweight",
-    "fast",
-    "performance",
     "security",
-    "enterprise",
-    "devops",
-    "ci-cd",
-    "json",
-    "yaml",
-    "csv",
-    "po",
-    "xliff",
-    "android",
-    "ios",
-    "react-native",
-    "flutter",
-    "expo",
-    "electron",
-    "desktop",
-    "mobile",
-    "web",
-    "full-stack",
-    "backend",
-    "frontend",
-    "api",
-    "microservices",
-    "serverless",
-    "docker",
-    "kubernetes",
-    "cloud",
-    "aws",
-    "azure",
-    "gcp",
-    "saas",
-    "paas",
-    "open-source",
-    "free",
-    "npm",
-    "package",
-    "tool",
-    "utility",
-    "workflow",
-    "efficiency",
-    "best-practices",
-    "standards",
-    "compliance",
-    "accessibility",
-    "a11y",
-    "seo",
-    "marketing",
-    "growth",
-    "scale",
-    "startup",
-    "business",
-    "professional",
-    "expert",
-    "advanced",
-    "comprehensive",
-    "complete",
-    "all-in-one",
-    "suite",
-    "platform",
-    "solution"
+    "json"
   ],
   "homepage": "https://github.com/vladnoskv/i18ntk#readme",
   "bugs": {
@@ -107,8 +35,8 @@
     "url": "git+https://github.com/vladnoskv/i18ntk.git"
   },
   "funding": {
-    "type": "github",
-    "url": "https://github.com/sponsors/vladnoskv"
+    "type": "individual",
+    "url": "https://www.charitynavigator.org/"
   },
   "license": "MIT",
   "author": {
@@ -150,10 +78,6 @@
     "i18ntk-scanner": "main/i18ntk-scanner.js",
     "i18ntk-backup": "main/i18ntk-backup.js"
   },
-  "directories": {
-    "doc": "docs",
-    "test": "tests"
-  },
   "files": [
     "main/i18ntk-analyze.js",
     "main/i18ntk-backup-class.js",
@@ -207,49 +131,14 @@
     "utils/version-utils.js",
     "utils/watch-locales.js",
     "LICENSE",
-    "package.json",
-    "README.md"
+    "README.md",
+    "CHANGELOG.md",
+    "CODE_OF_CONDUCT.md",
+    "CONTRIBUTING.md",
+    "FUNDING.md",
+    "SECURITY.md"
   ],
   "sideEffects": false,
-  "scripts": {
-    "i18ntk": "node main/manage/index.js",
-    "i18ntk-setup": "node main/i18ntk-setup.js",
-    "i18ntk-manage": "node main/manage/index.js",
-    "i18ntk-init": "node main/i18ntk-init.js",
-    "i18ntk-analyze": "node main/i18ntk-analyze.js",
-    "i18ntk-validate": "node main/i18ntk-validate.js",
-    "i18ntk-usage": "node main/i18ntk-usage.js",
-    "i18ntk-complete": "node main/i18ntk-complete.js",
-    "i18ntk-sizing": "node main/i18ntk-sizing.js",
-    "i18ntk-summary": "node main/i18ntk-summary.js",
-    "i18ntk-doctor": "node main/i18ntk-doctor.js",
-    "i18ntk-fixer": "node main/i18ntk-fixer.js",
-    "i18ntk-scanner": "node main/i18ntk-scanner.js",
-    "i18ntk-backup": "node main/i18ntk-backup.js",
-    "i18ntk-py": "node main/i18ntk-py.js",
-    "i18ntk-js": "node main/i18ntk-js.js",
-    "i18ntk-java": "node main/i18ntk-java.js",
-    "i18ntk-php": "node main/i18ntk-php.js",
-    "i18ntk-go": "node main/i18ntk-go.js",
-    "start": "node main/manage/index.js",
-    "security:check": "node utils/security-check-improved.js",
-    "security:test": "node --test tests/security.test.js",
-    "security:audit": "npm run security:check && npm run security:test",
-    "test": "npm run security:test",
-    "test:all": "npm run security:audit",
-    "release:reset": "node scripts/reset-release-state.js",
-    "prepublishOnly": "npm run security:audit",
-    "prepare": "npm run security:check",
-    "backup:create": "node main/i18ntk-backup.js create",
-    "backup:restore": "node main/i18ntk-backup.js restore",
-    "backup:list": "node main/i18ntk-backup.js list",
-    "backup:verify": "node main/i18ntk-backup.js verify",
-    "backup:cleanup": "node main/i18ntk-backup.js cleanup",
-    "languages:select": "node settings/settings-cli.js",
-    "languages:list": "node settings/settings-cli.js --list-languages",
-    "languages:status": "node settings/settings-cli.js --language-status",
-    "lint:locales": "node scripts/lint-locales.js"
-  },
   "engines": {
     "node": ">=16.0.0",
     "npm": ">=8.0.0"
@@ -257,47 +146,5 @@
   "publishConfig": {
     "access": "public"
   },
-  "preferGlobal": true,
-  "versionInfo": {
-    "version": "2.5.0",
-    "releaseDate": "29/04/2026",
-    "lastUpdated": "29/04/2026",
-    "maintainer": "Vlad Noskov",
-    "changelog": "./CHANGELOG.md",
-    "documentation": "./README.md",
-    "apiReference": "./docs/api/API_REFERENCE.md",
-    "majorChanges": [
-      "SECURITY: Centralized environment-variable access behind an explicit allowlist.",
-      "SECURITY: Hardened path containment checks to reject sibling-prefix traversal cases.",
-      "SECURITY: Added timing-safe admin PIN hash comparison and fixed expired-session cleanup.",
-      "SECURITY: Expanded release security scanning to nested production source files.",
-      "FIXER: Fixed translation fixer writes for absolute source directories and confirmed applied fixes persist.",
-      "PACKAGING: Updated package and documentation metadata for the 2.5.0 release."
-    ],
-    "breakingChanges": [],
-    "nextVersion": "2.5.1",
-    "supportedNodeVersions": ">=16.0.0",
-    "supportedFrameworks": {
-      "react-i18next": ">=11.0.0",
-      "vue-i18n": ">=9.0.0",
-      "angular-i18n": ">=12.0.0",
-      "next-i18next": ">=13.0.0",
-      "nuxt-i18n": ">=8.0.0",
-      "svelte-i18n": ">=3.0.0",
-      "sveltekit-i18n": ">=2.0.0",
-      "react-native-localize": ">=2.0.0",
-      "expo-localization": ">=14.0.0",
-      "ionic-angular": ">=6.0.0",
-      "ember-intl": ">=5.0.0",
-      "formatjs": ">=2.0.0",
-      "i18next": ">=21.0.0",
-      "django": ">=3.0.0",
-      "flask-babel": ">=2.0.0",
-      "fastapi": ">=0.70.0",
-      "spring-boot": ">=2.5.0",
-      "laravel": ">=8.0.0"
-    },
-    "supportPolicy": "Versions earlier than 2.5.0 may be unstable or insecure. Upgrade to 2.5.0 or newer."
-  },
-  "_comment": "This package is zero-dependency and uses only native Node.js modules"
+  "preferGlobal": true
 }