npm - it-tools-mcp - Versions diffs - 5.2.8 → 5.2.9 - Mend

it-tools-mcp 5.2.8 → 5.2.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/build/index.js +1 -1
package/build/tools/data_format/format_json/index.js +17 -28
package/package.json +1 -1

package/build/index.js CHANGED Viewed

@@ -204,7 +204,7 @@ export function getResourceUsage() {
  */
 // Get package metadata for enhanced server info
 function getPackageMetadata() {
-    const __dirname = path.dirname(new URL(import.meta.url).pathname);
+    // Use module-level __dirname (correctly handles Windows paths via fileURLToPath)
     const pkgPath = path.resolve(__dirname, '../package.json');
     const pkgRaw = fs.readFileSync(pkgPath, 'utf-8');
     const pkg = JSON.parse(pkgRaw);

package/build/tools/data_format/format_json/index.js CHANGED Viewed

@@ -61,37 +61,26 @@ export function registerFormatJson(server) {
                     };
                 }
                 catch (secondError) {
-                    // If normalization fails, try using Function constructor for JavaScript object literals
-                    try {
-                        const evaluated = new Function('return ' + json)();
-                        const formatted = JSON.stringify(evaluated, null, indent);
-                        return {
-                            content: [
-                                {
-                                    type: "text",
-                                    text: `Formatted JSON (converted from JavaScript object):\n${formatted}`,
-                                },
-                            ],
-                        };
-                    }
-                    catch (evalError) {
-                        return {
-                            content: [
-                                {
-                                    type: "text",
-                                    text: `Error parsing JSON: ${firstError instanceof Error ? firstError.message : 'Unknown error'}
+                    // Security: Do NOT use Function() constructor or eval() as they enable code injection
+                    // Only JSON.parse() should be used - it's safe and sufficient for JSON formatting
+                    return {
+                        content: [
+                            {
+                                type: "text",
+                                text: `Error parsing JSON: ${firstError instanceof Error ? firstError.message : 'Unknown error'}
+Attempted normalization failed: ${secondError instanceof Error ? secondError.message : 'Unknown error'}
-Tried to normalize JavaScript object notation but failed.
-Please ensure your input is valid JSON or JavaScript object notation.
+Please ensure your input is valid JSON.
-Examples of supported formats:
+Supported format:
 - Valid JSON: {"name":"John","age":30}
-- JavaScript object: {'name':'John','age':30}
-- Unquoted keys: {name:'John',age:30}`,
-                                },
-                            ],
-                        };
-                    }
+Note: For security reasons, JavaScript object literals and code evaluation are not supported.
+Please convert your input to valid JSON format before formatting.`,
+                            },
+                        ],
+                    };
                 }
             }
         }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "it-tools-mcp",
-  "version": "5.2.8",
+  "version": "5.2.9",
   "description": "MCP-compliant server access to over 100 IT tools and utilities commonly used by developers, system administrators, and IT professionals.",
   "mcpName": "io.github.wrenchpilot/it-tools-mcp",
   "type": "module",