namespace-guard 0.8.1 → 0.8.2

package/README.md

@@ -648,7 +648,8 @@ Enable in-memory caching to reduce database calls during rapid checks (e.g., liv
 const guard = createNamespaceGuard({
   sources: [/* ... */],
   cache: {
-    ttl: 5000, // milliseconds (default: 5000)
+    ttl: 5000,     // milliseconds (default: 5000)
+    maxSize: 1000, // max cached entries before LRU eviction (default: 1000)
   },
 }, adapter);
 

package/dist/adapters/raw.d.mts

@@ -3,32 +3,6 @@ import { NamespaceAdapter } from '../index.mjs';
 type QueryExecutor = (sql: string, params: unknown[]) => Promise<{
     rows: Record<string, unknown>[];
 }>;
-/**
- * Create a namespace adapter for raw SQL queries
- *
- * Works with PostgreSQL-compatible clients that use $1-style parameter placeholders (pg).
- * For MySQL or SQLite, wrap the executor to translate parameter syntax.
- *
- * @example
- * ```ts
- * import { Pool } from "pg";
- * import { createNamespaceGuard } from "namespace-guard";
- * import { createRawAdapter } from "namespace-guard/adapters/raw";
- *
- * const pool = new Pool();
- *
- * const guard = createNamespaceGuard(
- *   {
- *     reserved: ["admin", "api", "settings"],
- *     sources: [
- *       { name: "users", column: "handle", scopeKey: "id" },
- *       { name: "organizations", column: "slug", scopeKey: "id" },
- *     ],
- *   },
- *   createRawAdapter((sql, params) => pool.query(sql, params))
- * );
- * ```
- */
 declare function createRawAdapter(execute: QueryExecutor): NamespaceAdapter;
 
 export { createRawAdapter };

package/dist/adapters/raw.d.ts

@@ -3,32 +3,6 @@ import { NamespaceAdapter } from '../index.js';
 type QueryExecutor = (sql: string, params: unknown[]) => Promise<{
     rows: Record<string, unknown>[];
 }>;
-/**
- * Create a namespace adapter for raw SQL queries
- *
- * Works with PostgreSQL-compatible clients that use $1-style parameter placeholders (pg).
- * For MySQL or SQLite, wrap the executor to translate parameter syntax.
- *
- * @example
- * ```ts
- * import { Pool } from "pg";
- * import { createNamespaceGuard } from "namespace-guard";
- * import { createRawAdapter } from "namespace-guard/adapters/raw";
- *
- * const pool = new Pool();
- *
- * const guard = createNamespaceGuard(
- *   {
- *     reserved: ["admin", "api", "settings"],
- *     sources: [
- *       { name: "users", column: "handle", scopeKey: "id" },
- *       { name: "organizations", column: "slug", scopeKey: "id" },
- *     ],
- *   },
- *   createRawAdapter((sql, params) => pool.query(sql, params))
- * );
- * ```
- */
 declare function createRawAdapter(execute: QueryExecutor): NamespaceAdapter;
 
 export { createRawAdapter };

package/dist/adapters/raw.js

@@ -23,10 +23,20 @@ __export(raw_exports, {
   createRawAdapter: () => createRawAdapter
 });
 module.exports = __toCommonJS(raw_exports);
+var SAFE_IDENTIFIER = /^[a-zA-Z_][a-zA-Z0-9_]*$/;
+function assertSafeIdentifier(name, label) {
+  if (!SAFE_IDENTIFIER.test(name)) {
+    throw new Error(`Unsafe ${label}: ${JSON.stringify(name)}. Use only letters, digits, and underscores.`);
+  }
+}
 function createRawAdapter(execute) {
   return {
     async findOne(source, value, options) {
       const idColumn = source.idColumn ?? "id";
+      assertSafeIdentifier(source.name, "table name");
+      assertSafeIdentifier(source.column, "column name");
+      assertSafeIdentifier(idColumn, "id column name");
+      if (source.scopeKey) assertSafeIdentifier(source.scopeKey, "scope key");
       const columns = source.scopeKey && source.scopeKey !== idColumn ? `"${idColumn}", "${source.scopeKey}"` : `"${idColumn}"`;
       const whereClause = options?.caseInsensitive ? `LOWER("${source.column}") = LOWER($1)` : `"${source.column}" = $1`;
       const sql = `SELECT ${columns} FROM "${source.name}" WHERE ${whereClause} LIMIT 1`;

package/dist/adapters/raw.mjs

@@ -1,8 +1,18 @@
 // src/adapters/raw.ts
+var SAFE_IDENTIFIER = /^[a-zA-Z_][a-zA-Z0-9_]*$/;
+function assertSafeIdentifier(name, label) {
+  if (!SAFE_IDENTIFIER.test(name)) {
+    throw new Error(`Unsafe ${label}: ${JSON.stringify(name)}. Use only letters, digits, and underscores.`);
+  }
+}
 function createRawAdapter(execute) {
   return {
     async findOne(source, value, options) {
       const idColumn = source.idColumn ?? "id";
+      assertSafeIdentifier(source.name, "table name");
+      assertSafeIdentifier(source.column, "column name");
+      assertSafeIdentifier(idColumn, "id column name");
+      if (source.scopeKey) assertSafeIdentifier(source.scopeKey, "scope key");
       const columns = source.scopeKey && source.scopeKey !== idColumn ? `"${idColumn}", "${source.scopeKey}"` : `"${idColumn}"`;
       const whereClause = options?.caseInsensitive ? `LOWER("${source.column}") = LOWER($1)` : `"${source.column}" = $1`;
       const sql = `SELECT ${columns} FROM "${source.name}" WHERE ${whereClause} LIMIT 1`;

package/dist/cli.js

@@ -144,14 +144,12 @@ function createScrambleStrategy(_pattern) {
     const candidates = [];
     const chars = identifier.split("");
     for (let i = 0; i < chars.length - 1; i++) {
-      if (chars[i] !== chars[i + 1]) {
-        const swapped = [...chars];
-        [swapped[i], swapped[i + 1]] = [swapped[i + 1], swapped[i]];
-        const candidate = swapped.join("");
-        if (candidate !== identifier && !seen.has(candidate)) {
-          seen.add(candidate);
-          candidates.push(candidate);
-        }
+      const swapped = [...chars];
+      [swapped[i], swapped[i + 1]] = [swapped[i + 1], swapped[i]];
+      const candidate = swapped.join("");
+      if (candidate !== identifier && !seen.has(candidate)) {
+        seen.add(candidate);
+        candidates.push(candidate);
       }
     }
     return candidates;
@@ -298,7 +296,7 @@ function createNamespaceGuard(config, adapter) {
   const purelyNumericMsg = configMessages.purelyNumeric ?? "Identifiers cannot be purely numeric.";
   const cacheEnabled = !!config.cache;
   const cacheTtl = config.cache?.ttl ?? 5e3;
-  const cacheMaxSize = 1e3;
+  const cacheMaxSize = config.cache?.maxSize ?? 1e3;
   const cacheMap = /* @__PURE__ */ new Map();
   let cacheHits = 0;
   let cacheMisses = 0;
@@ -488,10 +486,20 @@ function createNamespaceGuard(config, adapter) {
 }
 
 // src/adapters/raw.ts
+var SAFE_IDENTIFIER = /^[a-zA-Z_][a-zA-Z0-9_]*$/;
+function assertSafeIdentifier(name, label) {
+  if (!SAFE_IDENTIFIER.test(name)) {
+    throw new Error(`Unsafe ${label}: ${JSON.stringify(name)}. Use only letters, digits, and underscores.`);
+  }
+}
 function createRawAdapter(execute) {
   return {
     async findOne(source, value, options) {
       const idColumn = source.idColumn ?? "id";
+      assertSafeIdentifier(source.name, "table name");
+      assertSafeIdentifier(source.column, "column name");
+      assertSafeIdentifier(idColumn, "id column name");
+      if (source.scopeKey) assertSafeIdentifier(source.scopeKey, "scope key");
       const columns = source.scopeKey && source.scopeKey !== idColumn ? `"${idColumn}", "${source.scopeKey}"` : `"${idColumn}"`;
       const whereClause = options?.caseInsensitive ? `LOWER("${source.column}") = LOWER($1)` : `"${source.column}" = $1`;
       const sql = `SELECT ${columns} FROM "${source.name}" WHERE ${whereClause} LIMIT 1`;
@@ -574,6 +582,10 @@ async function createDatabaseAdapter(url) {
     process.exit(1);
   }
   const Pool = pg.default?.Pool ?? pg.Pool;
+  if (!Pool) {
+    console.error("Could not find Pool export from pg package. Check your pg version.");
+    process.exit(1);
+  }
   const pool = new Pool({ connectionString: url });
   return {
     adapter: createRawAdapter((sql, params) => pool.query(sql, params)),

package/dist/cli.mjs

@@ -121,14 +121,12 @@ function createScrambleStrategy(_pattern) {
     const candidates = [];
     const chars = identifier.split("");
     for (let i = 0; i < chars.length - 1; i++) {
-      if (chars[i] !== chars[i + 1]) {
-        const swapped = [...chars];
-        [swapped[i], swapped[i + 1]] = [swapped[i + 1], swapped[i]];
-        const candidate = swapped.join("");
-        if (candidate !== identifier && !seen.has(candidate)) {
-          seen.add(candidate);
-          candidates.push(candidate);
-        }
+      const swapped = [...chars];
+      [swapped[i], swapped[i + 1]] = [swapped[i + 1], swapped[i]];
+      const candidate = swapped.join("");
+      if (candidate !== identifier && !seen.has(candidate)) {
+        seen.add(candidate);
+        candidates.push(candidate);
       }
     }
     return candidates;
@@ -275,7 +273,7 @@ function createNamespaceGuard(config, adapter) {
   const purelyNumericMsg = configMessages.purelyNumeric ?? "Identifiers cannot be purely numeric.";
   const cacheEnabled = !!config.cache;
   const cacheTtl = config.cache?.ttl ?? 5e3;
-  const cacheMaxSize = 1e3;
+  const cacheMaxSize = config.cache?.maxSize ?? 1e3;
   const cacheMap = /* @__PURE__ */ new Map();
   let cacheHits = 0;
   let cacheMisses = 0;
@@ -465,10 +463,20 @@ function createNamespaceGuard(config, adapter) {
 }
 
 // src/adapters/raw.ts
+var SAFE_IDENTIFIER = /^[a-zA-Z_][a-zA-Z0-9_]*$/;
+function assertSafeIdentifier(name, label) {
+  if (!SAFE_IDENTIFIER.test(name)) {
+    throw new Error(`Unsafe ${label}: ${JSON.stringify(name)}. Use only letters, digits, and underscores.`);
+  }
+}
 function createRawAdapter(execute) {
   return {
     async findOne(source, value, options) {
       const idColumn = source.idColumn ?? "id";
+      assertSafeIdentifier(source.name, "table name");
+      assertSafeIdentifier(source.column, "column name");
+      assertSafeIdentifier(idColumn, "id column name");
+      if (source.scopeKey) assertSafeIdentifier(source.scopeKey, "scope key");
       const columns = source.scopeKey && source.scopeKey !== idColumn ? `"${idColumn}", "${source.scopeKey}"` : `"${idColumn}"`;
       const whereClause = options?.caseInsensitive ? `LOWER("${source.column}") = LOWER($1)` : `"${source.column}" = $1`;
       const sql = `SELECT ${columns} FROM "${source.name}" WHERE ${whereClause} LIMIT 1`;
@@ -551,6 +559,10 @@ async function createDatabaseAdapter(url) {
     process.exit(1);
   }
   const Pool = pg.default?.Pool ?? pg.Pool;
+  if (!Pool) {
+    console.error("Could not find Pool export from pg package. Check your pg version.");
+    process.exit(1);
+  }
   const pool = new Pool({ connectionString: url });
   return {
     adapter: createRawAdapter((sql, params) => pool.query(sql, params)),

package/dist/index.d.mts

@@ -53,6 +53,8 @@ type NamespaceConfig = {
     cache?: {
         /** Time-to-live in milliseconds (default: 5000) */
         ttl?: number;
+        /** Maximum number of cached entries before LRU eviction (default: 1000) */
+        maxSize?: number;
     };
 };
 /** Options passed to adapter `findOne` calls. */

package/dist/index.d.ts

@@ -53,6 +53,8 @@ type NamespaceConfig = {
     cache?: {
         /** Time-to-live in milliseconds (default: 5000) */
         ttl?: number;
+        /** Maximum number of cached entries before LRU eviction (default: 1000) */
+        maxSize?: number;
     };
 };
 /** Options passed to adapter `findOne` calls. */

package/dist/index.js

@@ -143,14 +143,12 @@ function createScrambleStrategy(_pattern) {
     const candidates = [];
     const chars = identifier.split("");
     for (let i = 0; i < chars.length - 1; i++) {
-      if (chars[i] !== chars[i + 1]) {
-        const swapped = [...chars];
-        [swapped[i], swapped[i + 1]] = [swapped[i + 1], swapped[i]];
-        const candidate = swapped.join("");
-        if (candidate !== identifier && !seen.has(candidate)) {
-          seen.add(candidate);
-          candidates.push(candidate);
-        }
+      const swapped = [...chars];
+      [swapped[i], swapped[i + 1]] = [swapped[i + 1], swapped[i]];
+      const candidate = swapped.join("");
+      if (candidate !== identifier && !seen.has(candidate)) {
+        seen.add(candidate);
+        candidates.push(candidate);
       }
     }
     return candidates;
@@ -971,7 +969,9 @@ function createHomoglyphValidator(options) {
     Object.assign(map, options.additionalMappings);
   }
   const confusableChars = Object.keys(map);
-  const confusableRegex = confusableChars.length > 0 ? new RegExp("[" + confusableChars.join("") + "]") : null;
+  const confusableRegex = confusableChars.length > 0 ? new RegExp(
+    "[" + confusableChars.map((c) => c.replace(/[\\\]^-]/g, "\\$&")).join("") + "]"
+  ) : null;
   const nonLatinRegex = /[\u0370-\u03FF\u0400-\u04FF\u0500-\u052F\u0530-\u058F\u0590-\u05FF\u0600-\u074F\u0900-\u0DFF\u0E00-\u0EFF\u1000-\u109F\u10A0-\u10FF\u1200-\u137F\u13A0-\u13FF\u1400-\u167F\u16A0-\u16FF\u1780-\u17FF\u2C80-\u2CFF\u2D30-\u2D7F\uA4D0-\uA4FF\uA6A0-\uA6FF\uAB70-\uABBF]/;
   const latinRegex = /[a-zA-Z]/;
   return async (value) => {
@@ -1015,7 +1015,7 @@ function createNamespaceGuard(config, adapter) {
   const purelyNumericMsg = configMessages.purelyNumeric ?? "Identifiers cannot be purely numeric.";
   const cacheEnabled = !!config.cache;
   const cacheTtl = config.cache?.ttl ?? 5e3;
-  const cacheMaxSize = 1e3;
+  const cacheMaxSize = config.cache?.maxSize ?? 1e3;
   const cacheMap = /* @__PURE__ */ new Map();
   let cacheHits = 0;
   let cacheMisses = 0;

package/dist/index.mjs

@@ -115,14 +115,12 @@ function createScrambleStrategy(_pattern) {
     const candidates = [];
     const chars = identifier.split("");
     for (let i = 0; i < chars.length - 1; i++) {
-      if (chars[i] !== chars[i + 1]) {
-        const swapped = [...chars];
-        [swapped[i], swapped[i + 1]] = [swapped[i + 1], swapped[i]];
-        const candidate = swapped.join("");
-        if (candidate !== identifier && !seen.has(candidate)) {
-          seen.add(candidate);
-          candidates.push(candidate);
-        }
+      const swapped = [...chars];
+      [swapped[i], swapped[i + 1]] = [swapped[i + 1], swapped[i]];
+      const candidate = swapped.join("");
+      if (candidate !== identifier && !seen.has(candidate)) {
+        seen.add(candidate);
+        candidates.push(candidate);
       }
     }
     return candidates;
@@ -943,7 +941,9 @@ function createHomoglyphValidator(options) {
     Object.assign(map, options.additionalMappings);
   }
   const confusableChars = Object.keys(map);
-  const confusableRegex = confusableChars.length > 0 ? new RegExp("[" + confusableChars.join("") + "]") : null;
+  const confusableRegex = confusableChars.length > 0 ? new RegExp(
+    "[" + confusableChars.map((c) => c.replace(/[\\\]^-]/g, "\\$&")).join("") + "]"
+  ) : null;
   const nonLatinRegex = /[\u0370-\u03FF\u0400-\u04FF\u0500-\u052F\u0530-\u058F\u0590-\u05FF\u0600-\u074F\u0900-\u0DFF\u0E00-\u0EFF\u1000-\u109F\u10A0-\u10FF\u1200-\u137F\u13A0-\u13FF\u1400-\u167F\u16A0-\u16FF\u1780-\u17FF\u2C80-\u2CFF\u2D30-\u2D7F\uA4D0-\uA4FF\uA6A0-\uA6FF\uAB70-\uABBF]/;
   const latinRegex = /[a-zA-Z]/;
   return async (value) => {
@@ -987,7 +987,7 @@ function createNamespaceGuard(config, adapter) {
   const purelyNumericMsg = configMessages.purelyNumeric ?? "Identifiers cannot be purely numeric.";
   const cacheEnabled = !!config.cache;
   const cacheTtl = config.cache?.ttl ?? 5e3;
-  const cacheMaxSize = 1e3;
+  const cacheMaxSize = config.cache?.maxSize ?? 1e3;
   const cacheMap = /* @__PURE__ */ new Map();
   let cacheHits = 0;
   let cacheMisses = 0;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "namespace-guard",
-  "version": "0.8.1",
+  "version": "0.8.2",
   "description": "Check slug/handle uniqueness across multiple database tables with reserved name protection",
   "main": "dist/index.js",
   "module": "dist/index.mjs",