locize-cli 11.0.0 → 11.1.0

package/CHANGELOG.md

@@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file.
 Project versioning adheres to [Semantic Versioning](http://semver.org/).
 Change log format is based on [Keep a Changelog](http://keepachangelog.com/).
 
+## [11.1.0](https://github.com/locize/locize-cli/compare/v11.1.0...v11.0.0) - 2025-12-11
+
+- replace internal csv library to address security advisory #110
+
 ## [11.0.0](https://github.com/locize/locize-cli/compare/v10.4.0...v11.0.0) - 2025-12-10
 
 - log/error is shown if cdnType is not defined, because of changing default to 'standard' instead of 'pro'

package/convertToDesiredFormat.js

@@ -1,6 +1,6 @@
 const flatten = require('flat')
 const i18next2po = require('gettext-converter/cjs/i18next2po')
-const csvjson = require('csvjson')
+const csv = require('fast-csv')
 const xlsx = require('xlsx')
 const yaml = require('yaml')
 const js2asr = require('android-string-resource/cjs/js2asr')
@@ -81,34 +81,18 @@ const convertToDesiredFormat = (
         const js2CsvData = Object.keys(flatten(data)).reduce((mem, k) => {
           const value = data[k] || ''
           const line = {
-            // https://en.wikipedia.org/wiki/Delimiter-separated_values
-            key: k.replace(/"/g, '""'),
+            key: k,
             [opt.referenceLanguage]: refNs[k] || '',
-            [lng]: value.replace(/"/g, '""')
+            [lng]: value
           }
-          line.key = line.key.replace(/\n/g, '\\NeWlInE\\')
-          line[opt.referenceLanguage] = line[opt.referenceLanguage].replace(
-            /\n/g,
-            '\\NeWlInE\\'
-          )
-          line[lng] = line[lng].replace(/\n/g, '\\NeWlInE\\')
           mem.push(line)
 
           return mem
         }, [])
-        const options = {
-          delimiter: ',',
-          wrap: true,
-          headers: 'relative'
-          // objectDenote: '.',
-          // arrayDenote: '[]'
-        }
-        cb(
-          null,
-          `\ufeff${csvjson
-            .toCSV(js2CsvData, options)
-            .replace(/\\NeWlInE\\/g, '\n')}`
-        )
+
+        csv.writeToString(js2CsvData, { headers: true, quoteColumns: true })
+          .then((data) => cb(null, `\ufeff${data}`))
+          .catch(cb)
       })
       return
     }

package/convertToFlatFormat.js

@@ -1,5 +1,5 @@
 const po2i18next = require('gettext-converter/cjs/po2i18next')
-const csvjson = require('csvjson')
+const csv = require('fast-csv')
 const xlsx = require('xlsx')
 const yaml = require('yaml')
 const asr2js = require('android-string-resource/cjs/asr2js')
@@ -60,50 +60,26 @@ const convertToFlatFormat = (opt, data, lng, cb) => {
       return
     }
     if (opt.format === 'csv') {
-      const options = {
-        delimiter: ',',
-        quote: '"'
-      }
-
       // CRLF => LF
-      let text = data.toString().replace(/\r\n/g, '\n')
-
-      // handle multiline stuff
-      const lines = text.split('\n')
-      const toHandle = []
-      lines.forEach((l) => {
-        const amountOfOccurrencies = l.split('"').length - 1
-        if (amountOfOccurrencies % 2 === 1) toHandle.push(l)
-      })
-      while (toHandle.length > 1) {
-        let firstToHandle = toHandle.shift()
-        const secondToHandle = toHandle.shift()
-        const indexOfFirst = lines.indexOf(firstToHandle)
-        const indexOfSecond = lines.indexOf(secondToHandle)
-        let handlingIndex = indexOfFirst
-        while (handlingIndex < indexOfSecond) {
-          firstToHandle += `\\NeWlInE\\${lines[handlingIndex + 1]}`
-          handlingIndex++
-        }
-        lines[indexOfFirst] = firstToHandle
-        lines.splice(indexOfFirst + 1, indexOfSecond - indexOfFirst)
-      }
-      text = lines.join('\n')
+      const text = data.toString().replace(/\r\n/g, '\n')
 
-      // https://en.wikipedia.org/wiki/Delimiter-separated_values
-      // temporary replace "" with \_\" so we can revert this 3 lines after
-      const jsonData = csvjson.toObject(text.replace(/""/g, '\\_\\"'), options)
-      data = jsonData.reduce((mem, entry) => {
-        if (entry.key && typeof entry[opt.referenceLanguage] === 'string') {
-          mem[
-            entry.key.replace(/\\_\\"/g, '"').replace(/\\NeWlInE\\/g, '\n')
-          ] = entry[opt.referenceLanguage]
-            .replace(/\\_\\"/g, '"')
-            .replace(/\\NeWlInE\\/g, '\n')
-        }
-        return mem
-      }, {})
-      cb(null, data)
+      const res = []
+      csv.parseString(text, { headers: true, ignoreEmpty: true })
+        .on('error', cb)
+        .on('data', (row) => res.push(row))
+        .on('end', () => {
+          try {
+            data = res.reduce((mem, entry) => {
+              if (entry.key && typeof entry[opt.referenceLanguage] === 'string') {
+                mem[entry.key] = entry[opt.referenceLanguage]
+              }
+              return mem
+            }, {})
+            cb(null, data)
+          } catch (err) {
+            cb(err)
+          }
+        })
       return
     }
     if (opt.format === 'xlsx') {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "locize-cli",
-  "version": "11.0.0",
+  "version": "11.1.0",
   "description": "locize cli to import locales",
   "main": "index.js",
   "bin": {
@@ -13,9 +13,9 @@
     "cacheable-lookup": "6.1.0",
     "colors": "1.4.0",
     "commander": "9.5.0",
-    "csvjson": "5.1.0",
     "diff": "7.0.0",
     "dotenv": "16.5.0",
+    "fast-csv": "5.0.5",
     "flat": "5.0.2",
     "fluent_conv": "3.3.0",
     "gettext-converter": "1.3.0",
@@ -38,8 +38,8 @@
     "@yao-pkg/pkg": "6.4.0",
     "eslint": "9.39.1",
     "eslint-plugin-import": "2.32.0",
-    "neostandard": "0.12.2",
-    "gh-release": "7.0.2"
+    "gh-release": "7.0.2",
+    "neostandard": "0.12.2"
   },
   "scripts": {
     "lint": "eslint .",