npm - safe-formdata - Versions diffs - 0.1.2 → 0.1.4 - Mend

safe-formdata 0.1.2 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -2,6 +2,7 @@
 **The strict trust boundary for FormData.**
+[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/roottool/safe-formdata)
 [![npm version](https://img.shields.io/npm/v/safe-formdata)](https://www.npmjs.com/package/safe-formdata)
 [![CI](https://github.com/roottool/safe-formdata/actions/workflows/ci.yml/badge.svg)](https://github.com/roottool/safe-formdata/actions/workflows/ci.yml)
 [![codecov](https://codecov.io/gh/roottool/safe-formdata/graph/badge.svg)](https://codecov.io/gh/roottool/safe-formdata)
@@ -9,12 +10,35 @@
 safe-formdata is a **security-focused** parser that establishes a predictable boundary between untrusted input and application logic.
 It enforces strict rules on keys and forbids structural inference by design.
+## Table of Contents
+- [safe-formdata](#safe-formdata)
+  - [Table of Contents](#table-of-contents)
+  - [Overview](#overview)
+  - [Design principles](#design-principles)
+  - [Security scope](#security-scope)
+  - [Design decisions (Why not?)](#design-decisions-why-not)
+    - [Why no structural inference?](#why-no-structural-inference)
+    - [Why no generic type parameters?](#why-no-generic-type-parameters)
+    - [Why no multiple values or repeated keys?](#why-no-multiple-values-or-repeated-keys)
+    - [Why no throwing or `parseOrThrow`?](#why-no-throwing-or-parseorthrow)
+    - [What is safe-formdata not?](#what-is-safe-formdata-not)
+  - [Installation](#installation)
+  - [Quick Start](#quick-start)
+  - [API](#api)
+    - [parse(formData): ParseResult](#parseformdata-parseresult)
+    - [Result](#result)
+    - [Issues](#issues)
+  - [Versioning](#versioning)
+  - [Contributing](#contributing)
+  - [License](#license)
 ---
 ## Overview
 FormData is untyped and unstructured by nature.
-Many parsers attempt to infer structure or semantics from key naming conventions.
+Parsers often attempt to infer structure or semantics from key naming conventions.
 safe-formdata intentionally does not.
@@ -59,49 +83,9 @@ Security decisions and issue triage are based on the definitions in SECURITY.md.
 ---
-## API
-### parse(formData): ParseResult
-```ts
-import { parse } from "safe-formdata";
-const { data, issues } = parse(formData);
-```
-- `data` is `null` if any boundary violations are detected
-- `issues` contains all detected structural issues
-- Partial success is not allowed
-### Result
-```ts
-export interface ParseResult {
-  data: Record<string, string | File> | null;
-  issues: ParseIssue[];
-}
-```
-- `data` is non-null only when no boundary violations are detected
-- `data` is always a flat object; no structural inference is performed
-- `issues` must always be checked by the caller
-### Issues
-```ts
-export interface ParseIssue {
-  code: "invalid_key" | "forbidden_key" | "duplicate_key";
-  path: string[];
-  key?: unknown;
-}
-```
-- `path` is always empty and exists only for compatibility
-- Issues are informational and are never thrown
 ## Design decisions (Why not?)
-safe-formdata intentionally omits several common features.
+safe-formdata intentionally omits the following common features.
 ### Why no structural inference?
@@ -168,11 +152,115 @@ inspect issues and decide what to do.
 safe-formdata defines a safe boundary.
 Validation and typing belong beyond it.
+---
+## Installation
+Install safe-formdata using your preferred package manager:
+```bash
+# npm
+npm install safe-formdata
+# yarn
+yarn add safe-formdata
+# pnpm
+pnpm add safe-formdata
+# bun
+bun add safe-formdata
+```
+**Requirements**: TypeScript 5.0+ (for discriminated union type narrowing)
+---
+## Quick Start
+```typescript
+import { parse } from "safe-formdata";
+const formData = new FormData();
+formData.append("username", "alice");
+formData.append("age", "25");
+const result = parse(formData);
+if (result.data !== null) {
+  // Success: data is available
+  console.log(result.data.username); // 'alice'
+  console.log(result.data.age); // '25'
+} else {
+  // Failure: validation issues occurred
+  console.error(result.issues);
+}
+```
+### Key points
+- All values are `string | File` - no automatic type conversion
+- Use `data !== null` to check for success and narrow the type
+- Security boundaries are enforced from the start
+For complete examples including file uploads and validation patterns, see the [examples/](./examples) directory.
+---
+## API
+### parse(formData): ParseResult
+```ts
+import { parse } from "safe-formdata";
+const { data, issues } = parse(formData);
+```
+- `data` is `null` if any boundary violations are detected
+- `issues` contains all detected structural issues
+- Partial success is not allowed
+### Result
+```ts
+export interface ParseResult {
+  data: Record<string, string | File> | null;
+  issues: ParseIssue[];
+}
+```
+- `data` is non-null only when no boundary violations are detected
+- `data` is always a flat object; no structural inference is performed
+- `issues` must always be checked by the caller
+### Issues
+```ts
+export interface ParseIssue {
+  code: "invalid_key" | "forbidden_key" | "duplicate_key";
+  path: string[];
+  key?: unknown;
+}
+```
+- `path` is always empty and exists only for compatibility
+- Issues are informational and are never thrown
+---
 ## Versioning
 v0.x focuses exclusively on establishing and clarifying the FormData boundary.
 No inference or convenience features will be added within v0.x.
+## Contributing
+Contributions are welcome! Please see:
+- [CONTRIBUTING.md](CONTRIBUTING.md) - Contributor guide
+- [docs/PUBLISHING.md](docs/PUBLISHING.md) - Publishing guide (for maintainers)
 ## License
 MIT

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/issues/createIssue.ts","../src/issues/forbiddenKeys.ts","../src/parse.ts"],"sourcesContent":["import type { IssueCode } from \"#types/IssueCode\";\nimport type { ParseIssue } from \"#types/ParseIssue\";\n\n/*\n Payload for creating a ParseIssue.\n \n @property {unknown} key - The problematic key that triggered the issue (for debugging)\n /\ninterface IssuePayload {\n\tkey?: unknown;\n}\n\n/\n Creates a ParseIssue with the specified code and optional payload.\n \n This is an internal utility function for generating structured issue reports\n * during FormData parsing. All issues have an empty `path` array, as this parser\n * does not infer structural relationships.\n \n @param code - The type of issue (invalid_key, forbidden_key, or duplicate_key)\n * @param payload - Optional payload containing the problematic key\n * @returns A ParseIssue object ready to be added to the issues array\n \n @internal\n /\nexport function createIssue(code: IssueCode, payload: IssuePayload = {}): ParseIssue {\n\treturn {\n\t\tcode,\n\t\tpath: [],\n\t\t...payload,\n\t};\n}\n","/\n Keys explicitly forbidden to prevent prototype pollution attacks.\n \n These keys are reserved properties on `Object.prototype` and must never\n * be allowed in parsed FormData, regardless of their values or context.\n \n The forbidden keys are:\n * - `__proto__`: Legacy prototype accessor\n * - `prototype`: Function prototype property\n * - `constructor`: Object constructor reference\n \n Any FormData entry containing these keys will trigger a `forbidden_key` issue,\n * causing the parse operation to fail with `data: null`.\n \n @see {@link https://github.com/roottool/safe-formdata/blob/main/AGENTS.md#prototype-safety AGENTS.md > Security rules > Prototype safety}\n /\nexport const FORBIDDEN_KEYS = new Set<string>([\n\t\"__proto__\",\n\t\"prototype\",\n\t\"constructor\",\n] as const satisfies readonly string[]);\n","import { createIssue } from \"#issues/createIssue\";\nimport { FORBIDDEN_KEYS } from \"#issues/forbiddenKeys\";\nimport type { ParseResult } from \"#types/ParseResult\";\n\n/\n Parses FormData into a flat JavaScript object with strict boundary enforcement.\n \n This function establishes a security-focused boundary between untrusted FormData input\n * and application logic by:\n * - Detecting duplicate, forbidden, and invalid keys\n * - Treating keys as opaque strings (no structural inference)\n * - Returning null data if any issues are detected (no partial success)\n \n @param formData - The FormData instance to parse\n * @returns ParseResult containing either parsed data or issues (never both)\n \n @example\n * ```ts\n * const fd = new FormData()\n * fd.append('name', 'alice')\n * const result = parse(fd)\n \n if (result.data) {\n * // Success: result.data is { name: 'alice' }\n * } else {\n * // Failure: result.issues contains detected problems\n * }\n * ```\n \n @see {@link https://github.com/roottool/safe-formdata/blob/main/AGENTS.md AGENTS.md} for design rules\n */\nexport function parse(formData: FormData): ParseResult {\n\tconst data = Object.create(null) as Record<string, string \| File>;\n\tconst issues = [];\n\tconst seenKeys = new Set<string>();\n\n\tfor (const [key, value] of formData.entries()) {\n\t\tif (typeof key !== \"string\" \|\| key.length === 0) {\n\t\t\tissues.push(createIssue(\"invalid_key\", { key }));\n\t\t\tcontinue;\n\t\t}\n\n\t\tif (FORBIDDEN_KEYS.has(key)) {\n\t\t\tissues.push(createIssue(\"forbidden_key\", { key }));\n\t\t\tcontinue;\n\t\t}\n\n\t\tif (seenKeys.has(key)) {\n\t\t\tissues.push(createIssue(\"duplicate_key\", { key }));\n\t\t\tcontinue;\n\t\t}\n\n\t\tseenKeys.add(key);\n\t\tdata[key] = value;\n\t}\n\n\treturn issues.length > 0\n\t\t? {\n\t\t\t\tdata: null,\n\t\t\t\tissues,\n\t\t\t}\n\t\t: {\n\t\t\t\tdata,\n\t\t\t\tissues: [],\n\t\t\t};\n}\n"],"mappings":";AAyBO,SAAS,YAAY,MAAiB,UAAwB,CAAC,GAAe;AACpF,SAAO;AAAA,IACN;AAAA,IACA,MAAM,CAAC;AAAA,IACP,GAAG;AAAA,EACJ;AACD;;;ACfO,IAAM,iBAAiB,oBAAI,IAAY;AAAA,EAC7C;AAAA,EACA;AAAA,EACA;AACD,CAAsC;;;ACW/B,SAAS,MAAM,UAAiC;AACtD,QAAM,OAAO,uBAAO,OAAO,IAAI;AAC/B,QAAM,SAAS,CAAC;AAChB,QAAM,WAAW,oBAAI,IAAY;AAEjC,aAAW,CAAC,KAAK,KAAK,KAAK,SAAS,QAAQ,GAAG;AAC9C,QAAI,OAAO,QAAQ,YAAY,IAAI,WAAW,GAAG;AAChD,aAAO,KAAK,YAAY,eAAe,EAAE,IAAI,CAAC,CAAC;AAC/C;AAAA,IACD;AAEA,QAAI,eAAe,IAAI,GAAG,GAAG;AAC5B,aAAO,KAAK,YAAY,iBAAiB,EAAE,IAAI,CAAC,CAAC;AACjD;AAAA,IACD;AAEA,QAAI,SAAS,IAAI,GAAG,GAAG;AACtB,aAAO,KAAK,YAAY,iBAAiB,EAAE,IAAI,CAAC,CAAC;AACjD;AAAA,IACD;AAEA,aAAS,IAAI,GAAG;AAChB,SAAK,GAAG,IAAI;AAAA,EACb;AAEA,SAAO,OAAO,SAAS,IACpB;AAAA,IACA,MAAM;AAAA,IACN;AAAA,EACD,IACC;AAAA,IACA;AAAA,IACA,QAAQ,CAAC;AAAA,EACV;AACH;","names":[]}
1	+ {"version":3,"sources":["../src/issues/createIssue.ts","../src/issues/forbiddenKeys.ts","../src/parse.ts"],"sourcesContent":["import type { IssueCode } from \"#types/IssueCode\";\nimport type { ParseIssue } from \"#types/ParseIssue\";\n\n/*\n Payload for creating a ParseIssue.\n \n @property {unknown} key - The problematic key that triggered the issue (for debugging)\n /\ninterface IssuePayload {\n\tkey?: unknown;\n}\n\n/\n Creates a ParseIssue with the specified code and optional payload.\n \n This is an internal utility function for generating structured issue reports\n * during FormData parsing. All issues have an empty `path` array, as this parser\n * does not infer structural relationships.\n \n @param code - The type of issue (invalid_key, forbidden_key, or duplicate_key)\n * @param payload - Optional payload containing the problematic key\n * @returns A ParseIssue object ready to be added to the issues array\n \n @internal\n /\nexport function createIssue(code: IssueCode, payload: IssuePayload = {}): ParseIssue {\n\treturn {\n\t\tcode,\n\t\tpath: [],\n\t\t...payload,\n\t};\n}\n","/\n Keys explicitly forbidden to prevent prototype pollution attacks.\n \n These keys are reserved properties on `Object.prototype` and must never\n * be allowed in parsed FormData, regardless of their values or context.\n \n The forbidden keys are the following.\n * - `__proto__`: Legacy prototype accessor\n * - `prototype`: Function prototype property\n * - `constructor`: Object constructor reference\n \n Any FormData entry containing these keys will trigger a `forbidden_key` issue,\n * causing the parse operation to fail with `data: null`.\n \n @see {@link https://github.com/roottool/safe-formdata/blob/main/AGENTS.md#prototype-safety AGENTS.md > Security rules > Prototype safety}\n /\nexport const FORBIDDEN_KEYS = new Set<string>([\n\t\"__proto__\",\n\t\"prototype\",\n\t\"constructor\",\n] as const satisfies readonly string[]);\n","import { createIssue } from \"#issues/createIssue\";\nimport { FORBIDDEN_KEYS } from \"#issues/forbiddenKeys\";\nimport type { ParseResult } from \"#types/ParseResult\";\n\n/\n Parses FormData into a flat JavaScript object with strict boundary enforcement.\n \n This function establishes a security-focused boundary between untrusted FormData input\n * and application logic by:\n * - Detecting duplicate, forbidden, and invalid keys\n * - Treating keys as opaque strings (no structural inference)\n * - Returning null data if any issues are detected (no partial success)\n \n @param formData - The FormData instance to parse\n * @returns ParseResult containing either parsed data or issues (never both)\n \n @example\n * ```ts\n * const fd = new FormData()\n * fd.append('name', 'alice')\n * const result = parse(fd)\n \n if (result.data) {\n * // Success: result.data is { name: 'alice' }\n * } else {\n * // Failure: result.issues contains detected problems\n * }\n * ```\n \n @see {@link https://github.com/roottool/safe-formdata/blob/main/AGENTS.md AGENTS.md} for design rules\n */\nexport function parse(formData: FormData): ParseResult {\n\tconst data = Object.create(null) as Record<string, string \| File>;\n\tconst issues = [];\n\tconst seenKeys = new Set<string>();\n\n\tfor (const [key, value] of formData.entries()) {\n\t\tif (typeof key !== \"string\" \|\| key.length === 0) {\n\t\t\tissues.push(createIssue(\"invalid_key\", { key }));\n\t\t\tcontinue;\n\t\t}\n\n\t\tif (FORBIDDEN_KEYS.has(key)) {\n\t\t\tissues.push(createIssue(\"forbidden_key\", { key }));\n\t\t\tcontinue;\n\t\t}\n\n\t\tif (seenKeys.has(key)) {\n\t\t\tissues.push(createIssue(\"duplicate_key\", { key }));\n\t\t\tcontinue;\n\t\t}\n\n\t\tseenKeys.add(key);\n\t\tdata[key] = value;\n\t}\n\n\treturn issues.length > 0\n\t\t? {\n\t\t\t\tdata: null,\n\t\t\t\tissues,\n\t\t\t}\n\t\t: {\n\t\t\t\tdata,\n\t\t\t\tissues: [],\n\t\t\t};\n}\n"],"mappings":";AAyBO,SAAS,YAAY,MAAiB,UAAwB,CAAC,GAAe;AACpF,SAAO;AAAA,IACN;AAAA,IACA,MAAM,CAAC;AAAA,IACP,GAAG;AAAA,EACJ;AACD;;;ACfO,IAAM,iBAAiB,oBAAI,IAAY;AAAA,EAC7C;AAAA,EACA;AAAA,EACA;AACD,CAAsC;;;ACW/B,SAAS,MAAM,UAAiC;AACtD,QAAM,OAAO,uBAAO,OAAO,IAAI;AAC/B,QAAM,SAAS,CAAC;AAChB,QAAM,WAAW,oBAAI,IAAY;AAEjC,aAAW,CAAC,KAAK,KAAK,KAAK,SAAS,QAAQ,GAAG;AAC9C,QAAI,OAAO,QAAQ,YAAY,IAAI,WAAW,GAAG;AAChD,aAAO,KAAK,YAAY,eAAe,EAAE,IAAI,CAAC,CAAC;AAC/C;AAAA,IACD;AAEA,QAAI,eAAe,IAAI,GAAG,GAAG;AAC5B,aAAO,KAAK,YAAY,iBAAiB,EAAE,IAAI,CAAC,CAAC;AACjD;AAAA,IACD;AAEA,QAAI,SAAS,IAAI,GAAG,GAAG;AACtB,aAAO,KAAK,YAAY,iBAAiB,EAAE,IAAI,CAAC,CAAC;AACjD;AAAA,IACD;AAEA,aAAS,IAAI,GAAG;AAChB,SAAK,GAAG,IAAI;AAAA,EACb;AAEA,SAAO,OAAO,SAAS,IACpB;AAAA,IACA,MAAM;AAAA,IACN;AAAA,EACD,IACC;AAAA,IACA;AAAA,IACA,QAAQ,CAAC;AAAA,EACV;AACH;","names":[]}

package/package.json CHANGED Viewed

@@ -1,16 +1,31 @@
 {
 	"name": "safe-formdata",
-	"version": "0.1.2",
+	"version": "0.1.4",
 	"description": "Boundary-focused FormData parser with strict security guarantees",
+	"keywords": [
+		"boundary",
+		"formdata",
+		"parser",
+		"prototype-pollution",
+		"security"
+	],
+	"homepage": "https://github.com/roottool/safe-formdata#readme",
+	"bugs": {
+		"url": "https://github.com/roottool/safe-formdata/issues"
+	},
+	"license": "MIT",
 	"author": "roottool",
 	"repository": {
 		"type": "git",
 		"url": "git+https://github.com/roottool/safe-formdata.git"
 	},
-	"bugs": {
-		"url": "https://github.com/roottool/safe-formdata/issues"
-	},
-	"homepage": "https://github.com/roottool/safe-formdata#readme",
+	"files": [
+		"dist"
+	],
+	"type": "module",
+	"main": "./dist/index.js",
+	"module": "./dist/index.js",
+	"types": "./dist/index.d.ts",
 	"imports": {
 		"#*": {
 			"types": "./src/*.ts",
@@ -19,10 +34,6 @@
 		},
 		"#safe-formdata": "./src/index.ts"
 	},
-	"type": "module",
-	"main": "./dist/index.js",
-	"module": "./dist/index.js",
-	"types": "./dist/index.d.ts",
 	"exports": {
 		".": {
 			"types": "./dist/index.d.ts",
@@ -30,56 +41,38 @@
 			"default": "./dist/index.js"
 		}
 	},
-	"files": [
-		"dist"
-	],
 	"scripts": {
 		"dev": "tsup --watch",
 		"lint": "oxlint . --deny-warnings",
 		"lint:fix": "oxlint . --fix-suggestions",
-		"format:biome": "biome check --write --assist-enabled true",
-		"format:prettier": "prettier --cache --write \"**/*.{md,yml,yaml}\"",
-		"format": "npm-run-all2 format:biome format:prettier",
+		"format": "oxfmt",
 		"fix": "npm-run-all2 lint:fix format",
-		"check:biome": "biome check . --assist-enabled true",
-		"check:prettier": "prettier --cache --check \"**/*.{md,yml,yaml}\"",
-		"check:format": "npm-run-all2 check:biome check:prettier",
+		"check:format": "oxfmt --check",
 		"check:source": "npm-run-all2 lint check:format",
 		"check": "bun run check:source",
 		"check:type:source": "tsc --noEmit",
 		"check:type:example": "tsc --project tsconfig.examples.json --noEmit",
 		"check:type": "npm-run-all2 check:type:source check:type:example",
-		"check:prettier:ci": "prettier --check \"**/*.{md,yml,yaml}\"",
-		"check:format:ci": "npm-run-all2 check:biome check:prettier:ci",
-		"check:source:ci": "npm-run-all2 lint check:format:ci",
+		"check:source:ci": "npm-run-all2 lint check:format",
 		"test": "vitest run",
 		"test:watch": "vitest",
 		"test:coverage": "vitest run --coverage",
 		"build": "tsup",
 		"check:package": "publint && attw --pack . --ignore-rules cjs-resolves-to-esm",
-		"prepublishOnly": "bun run check:type:source && bun run test:coverage && bun run build && bun run check:package"
+		"prepare:publish": "npm-run-all2 check:type:source test:coverage build check:package"
 	},
 	"devDependencies": {
 		"@arethetypeswrong/cli": "0.18.2",
-		"@biomejs/biome": "2.3.10",
 		"@types/node": "25.0.3",
 		"@vitest/coverage-v8": "4.0.16",
 		"happy-dom": "20.0.11",
 		"npm-run-all2": "8.0.4",
+		"oxfmt": "0.35.0",
 		"oxlint": "1.34.0",
-		"prettier": "3.7.4",
 		"publint": "0.3.16",
 		"terser": "5.44.1",
 		"tsup": "8.5.1",
 		"typescript": "5.9.3",
 		"vitest": "4.0.16"
-	},
-	"license": "MIT",
-	"keywords": [
-		"formdata",
-		"parser",
-		"security",
-		"boundary",
-		"prototype-pollution"
-	]
+	}
 }