npm - resafe - Versions diffs - 1.0.0 → 1.0.2 - Mend

resafe 1.0.0 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -8,8 +8,8 @@
 <br/>
 <p align="center">
- <a href="https://github.com/ofabiodev/resafe/actions?query=branch%3Amain" rel="nofollow"><img alt="GitHub Actions Workflow Status" src="https://img.shields.io/github/actions/workflow/status/ofabiodev/resafe/test.yml?branch=main&event=push"></a>
- <a href="https://opensource.org/licenses/MIT" rel="nofollow"><img alt="GitHub License" src="https://img.shields.io/github/license/ofabiodev/resafe"></a>
+ <a href="https://github.com/ofabiodev/resafe/actions?query=branch%3Amain" rel="nofollow"><img alt="GitHub Actions Workflow Status" src="https://img.shields.io/github/actions/workflow/status/ofabiodev/resafe/ci_test.yml?branch=main&event=push"></a>
+ <a href="https://opensource.org/licenses/MIT" rel="nofollow"><img alt="License" src="https://img.shields.io/badge/license-MIT-brightgreen"></a>
  <a href="https://www.npmjs.com/package/resafe" rel="nofollow"><img alt="NPM Downloads" src="https://img.shields.io/npm/dw/resafe"></a>
 </p>

package/dist/index.cjs CHANGED Viewed

@@ -241,41 +241,40 @@ function spectralRadius(matrix) {
   const n = matrix.length;
   if (n === 0) return 0;
   let v = Array(n).fill(1 / Math.sqrt(n));
-  for (let iter = 0; iter < 100; iter++) {
+  const tolerance = 1e-6;
+  const maxIterations = 100;
+  for (let iter = 0; iter < maxIterations; iter++) {
     const newV = Array(n).fill(0);
     for (let i = 0; i < n; i++) {
-      const row = matrix[i];
-      if (row) {
-        for (let j = 0; j < n; j++) {
-          const cell = row[j];
-          const vec = v[j];
-          if (cell !== void 0 && vec !== void 0) {
-            newV[i] += cell * vec;
-          }
-        }
+      const row = matrix[i] ?? [];
+      for (let j = 0; j < n; j++) {
+        const cell = row[j] ?? 0;
+        newV[i] += cell * v[j];
       }
     }
     const norm = Math.sqrt(newV.reduce((sum, val) => sum + val * val, 0));
     if (norm === 0) return 0;
-    v = newV.map((val) => val / norm);
+    const normalizedV = newV.map((val) => val / norm);
+    let converged = true;
+    for (let i = 0; i < n; i++) {
+      const a = normalizedV[i];
+      const b = v[i];
+      if (a !== void 0 && b !== void 0 && Math.abs(a - b) > tolerance) {
+        converged = false;
+        break;
+      }
+    }
+    if (converged) break;
+    v = normalizedV;
   }
   let eigenvalue = 0;
   for (let i = 0; i < n; i++) {
+    const row = matrix[i] ?? [];
     let sum = 0;
-    const row = matrix[i];
-    if (row) {
-      for (let j = 0; j < n; j++) {
-        const cell = row[j];
-        const vec = v[j];
-        if (cell !== void 0 && vec !== void 0) {
-          sum += cell * vec;
-        }
-      }
-    }
-    const vecI = v[i];
-    if (vecI !== void 0) {
-      eigenvalue += sum * vecI;
+    for (let j = 0; j < n; j++) {
+      sum += (row[j] ?? 0) * v[j];
     }
+    eigenvalue += sum * v[i];
   }
   return Math.abs(eigenvalue);
 }
@@ -295,33 +294,90 @@ function analyze(pattern, config = {}) {
 }
 // src/utils/logger.ts
-var C = {
-  reset: "\x1B[0m",
-  yellow: "\x1B[33m",
-  red: "\x1B[31m",
-  gray: "\x1B[90m"
+var import_node_process = require("process");
+var ESC = "\x1B[";
+var Formatter = class _Formatter {
+  parts = "";
+  text;
+  constructor(text) {
+    this.text = text;
+  }
+  code(code) {
+    this.parts += `${ESC}${code}m`;
+    return this;
+  }
+  static create(text) {
+    return new _Formatter(text);
+  }
+  bold() {
+    return this.code("1");
+  }
+  white() {
+    return this.code("97");
+  }
+  darkGray() {
+    return this.code("90");
+  }
+  red() {
+    return this.code("38;2;255;85;85");
+  }
+  pastelRedBg() {
+    return this.code("48;2;255;85;85");
+  }
+  toString() {
+    return `${this.parts}${this.text}${ESC}0m`;
+  }
+  [Symbol.toPrimitive]() {
+    return this.toString();
+  }
 };
-var S = { WARN: "!", ERROR: "x" };
+var fmt = (text) => Formatter.create(text);
 var log = {
-  warn: (m) => console.log(`${C.yellow}${S.WARN}${C.reset} ${m}`),
-  error: (m) => console.log(`${C.red}${S.ERROR}${C.reset} ${m}`),
-  hint: (m) => console.log(`${C.gray}${m}${C.reset}`)
+  error: (msg, regex, extra) => {
+    let firstLine = `${fmt(" RESAFE ").bold().pastelRedBg().white()} ${fmt(msg).white()}`;
+    if (regex) {
+      firstLine += ` ${fmt("regex").red()}${fmt("=").darkGray()}${fmt(regex).white()}`;
+    }
+    import_node_process.stdout.write(`${firstLine}
+`);
+    if (extra) log.quote(extra);
+  },
+  warn: (msg, regex, extra) => {
+    let firstLine = `${fmt(" RESAFE ").bold().pastelRedBg().white()} ${fmt(msg).white()}`;
+    if (regex) {
+      firstLine += ` ${fmt("regex").red()}${fmt("=").darkGray()}${fmt(regex).white()}`;
+    }
+    import_node_process.stdout.write(`${firstLine}
+`);
+    if (extra) log.quote(extra);
+  },
+  hint: (msg) => {
+    const lines = Array.isArray(msg) ? msg : [msg];
+    log.quote(lines);
+  },
+  quote: (lines) => {
+    lines.forEach((line) => {
+      import_node_process.stdout.write(`  ${fmt("\u2502").darkGray()} ${fmt(line).white()}
+`);
+    });
+    import_node_process.stdout.write("\n");
+  }
 };
 // src/index.ts
 function check(regex, options = {}) {
   const pattern = typeof regex === "string" ? regex : regex.source;
   const result = analyze(pattern, options);
+  const radius = Number(result.radius.toFixed(4));
   if (!result.safe && !options.silent) {
-    log.error(`[Resafe] Unsafe pattern: /${pattern}/`);
-    log.warn(
-      `Spectral radius: ${result.radius.toFixed(4)} (threshold: ${options.threshold ?? 1})`
-    );
-    log.hint("Simplify regex structure to eliminate exponential paths");
+    log.error("Unsafe Regex!", `/${pattern}/`, [
+      `Spectral radius: ${radius} (threshold: ${options.threshold ?? 1})`,
+      "? Consider simplifying quantifiers"
+    ]);
   }
   if (!result.safe && options.throwErr) {
     throw new Error(
-      `[Resafe] Unsafe pattern with spectral radius ${result.radius.toFixed(4)}`
+      `Unsafe regex (spectral radius ${radius})`
     );
   }
   return result;

package/dist/index.js CHANGED Viewed

@@ -214,41 +214,40 @@ function spectralRadius(matrix) {
   const n = matrix.length;
   if (n === 0) return 0;
   let v = Array(n).fill(1 / Math.sqrt(n));
-  for (let iter = 0; iter < 100; iter++) {
+  const tolerance = 1e-6;
+  const maxIterations = 100;
+  for (let iter = 0; iter < maxIterations; iter++) {
     const newV = Array(n).fill(0);
     for (let i = 0; i < n; i++) {
-      const row = matrix[i];
-      if (row) {
-        for (let j = 0; j < n; j++) {
-          const cell = row[j];
-          const vec = v[j];
-          if (cell !== void 0 && vec !== void 0) {
-            newV[i] += cell * vec;
-          }
-        }
+      const row = matrix[i] ?? [];
+      for (let j = 0; j < n; j++) {
+        const cell = row[j] ?? 0;
+        newV[i] += cell * v[j];
       }
     }
     const norm = Math.sqrt(newV.reduce((sum, val) => sum + val * val, 0));
     if (norm === 0) return 0;
-    v = newV.map((val) => val / norm);
+    const normalizedV = newV.map((val) => val / norm);
+    let converged = true;
+    for (let i = 0; i < n; i++) {
+      const a = normalizedV[i];
+      const b = v[i];
+      if (a !== void 0 && b !== void 0 && Math.abs(a - b) > tolerance) {
+        converged = false;
+        break;
+      }
+    }
+    if (converged) break;
+    v = normalizedV;
   }
   let eigenvalue = 0;
   for (let i = 0; i < n; i++) {
+    const row = matrix[i] ?? [];
     let sum = 0;
-    const row = matrix[i];
-    if (row) {
-      for (let j = 0; j < n; j++) {
-        const cell = row[j];
-        const vec = v[j];
-        if (cell !== void 0 && vec !== void 0) {
-          sum += cell * vec;
-        }
-      }
-    }
-    const vecI = v[i];
-    if (vecI !== void 0) {
-      eigenvalue += sum * vecI;
+    for (let j = 0; j < n; j++) {
+      sum += (row[j] ?? 0) * v[j];
     }
+    eigenvalue += sum * v[i];
   }
   return Math.abs(eigenvalue);
 }
@@ -268,33 +267,90 @@ function analyze(pattern, config = {}) {
 }
 // src/utils/logger.ts
-var C = {
-  reset: "\x1B[0m",
-  yellow: "\x1B[33m",
-  red: "\x1B[31m",
-  gray: "\x1B[90m"
+import { stdout } from "process";
+var ESC = "\x1B[";
+var Formatter = class _Formatter {
+  parts = "";
+  text;
+  constructor(text) {
+    this.text = text;
+  }
+  code(code) {
+    this.parts += `${ESC}${code}m`;
+    return this;
+  }
+  static create(text) {
+    return new _Formatter(text);
+  }
+  bold() {
+    return this.code("1");
+  }
+  white() {
+    return this.code("97");
+  }
+  darkGray() {
+    return this.code("90");
+  }
+  red() {
+    return this.code("38;2;255;85;85");
+  }
+  pastelRedBg() {
+    return this.code("48;2;255;85;85");
+  }
+  toString() {
+    return `${this.parts}${this.text}${ESC}0m`;
+  }
+  [Symbol.toPrimitive]() {
+    return this.toString();
+  }
 };
-var S = { WARN: "!", ERROR: "x" };
+var fmt = (text) => Formatter.create(text);
 var log = {
-  warn: (m) => console.log(`${C.yellow}${S.WARN}${C.reset} ${m}`),
-  error: (m) => console.log(`${C.red}${S.ERROR}${C.reset} ${m}`),
-  hint: (m) => console.log(`${C.gray}${m}${C.reset}`)
+  error: (msg, regex, extra) => {
+    let firstLine = `${fmt(" RESAFE ").bold().pastelRedBg().white()} ${fmt(msg).white()}`;
+    if (regex) {
+      firstLine += ` ${fmt("regex").red()}${fmt("=").darkGray()}${fmt(regex).white()}`;
+    }
+    stdout.write(`${firstLine}
+`);
+    if (extra) log.quote(extra);
+  },
+  warn: (msg, regex, extra) => {
+    let firstLine = `${fmt(" RESAFE ").bold().pastelRedBg().white()} ${fmt(msg).white()}`;
+    if (regex) {
+      firstLine += ` ${fmt("regex").red()}${fmt("=").darkGray()}${fmt(regex).white()}`;
+    }
+    stdout.write(`${firstLine}
+`);
+    if (extra) log.quote(extra);
+  },
+  hint: (msg) => {
+    const lines = Array.isArray(msg) ? msg : [msg];
+    log.quote(lines);
+  },
+  quote: (lines) => {
+    lines.forEach((line) => {
+      stdout.write(`  ${fmt("\u2502").darkGray()} ${fmt(line).white()}
+`);
+    });
+    stdout.write("\n");
+  }
 };
 // src/index.ts
 function check(regex, options = {}) {
   const pattern = typeof regex === "string" ? regex : regex.source;
   const result = analyze(pattern, options);
+  const radius = Number(result.radius.toFixed(4));
   if (!result.safe && !options.silent) {
-    log.error(`[Resafe] Unsafe pattern: /${pattern}/`);
-    log.warn(
-      `Spectral radius: ${result.radius.toFixed(4)} (threshold: ${options.threshold ?? 1})`
-    );
-    log.hint("Simplify regex structure to eliminate exponential paths");
+    log.error("Unsafe Regex!", `/${pattern}/`, [
+      `Spectral radius: ${radius} (threshold: ${options.threshold ?? 1})`,
+      "? Consider simplifying quantifiers"
+    ]);
   }
   if (!result.safe && options.throwErr) {
     throw new Error(
-      `[Resafe] Unsafe pattern with spectral radius ${result.radius.toFixed(4)}`
+      `Unsafe regex (spectral radius ${radius})`
     );
   }
   return result;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "resafe",
-  "version": "1.0.0",
+  "version": "1.0.2",
   "description": "🛡️ Detects ReDoS vulnerabilities in regexes using Thompson NFA construction and spectral radius analysis",
   "license": "MIT",
   "homepage": "https://resafe.js.org",