xlsx-for-ai 1.5.1 → 1.5.3

package/README.md

@@ -317,6 +317,27 @@ Run `rm -rf node_modules package-lock.json && npm install` and the warnings will
 
 A future release may apply these dep upgrades via `patch-package` so they travel through the dep graph automatically. The infrastructure is in place; the patches haven't been needed urgently because most installs are CLI-direct.
 
+### Audit findings on install (what's inherited from upstream)
+
+When you `npm install xlsx-for-ai` (especially as a library dep, not the top-level project), `npm audit` may surface one or more advisories. Most are inherited transitively from `@protobi/exceljs` and the legacy `xlsx` fallback parser. Each one has been triaged and is documented in [`.github/audit-allowlist.json`](.github/audit-allowlist.json), which is the canonical list our CI's `audit.yml` job reads.
+
+Each allowlist entry includes:
+
+- **`ghsa`** — the advisory ID (e.g. `GHSA-w5hq-g745-h8pq`).
+- **`package`** — the dependency the advisory lives on.
+- **`severity`** — the advisory's published severity.
+- **`reason`** — why the finding is accepted, including the code path's reachability in our usage.
+- **`reassess`** — the date by which we will re-evaluate (typically a quarterly cadence).
+- **`owner`** — who owns the re-evaluation.
+
+The current set covers two `xlsx` advisories (the npm-published 0.18.5 line is unmaintained; we carry it as a fallback parser only) and one `uuid` advisory inherited from ExcelJS (`v4()` call sites in ExcelJS do not pass a pre-allocated buffer, so the bounds-check gap is unreachable here). An upstream gift PR is open to bump uuid in the protobi fork; once merged and released, the `uuid` line will drop on the next `@protobi/exceljs` update.
+
+If you embed xlsx-for-ai in a product with stricter audit policies than ours, you have three clean options:
+
+1. **Mirror the allowlist entries** into your own audit configuration (e.g. `npm audit --omit=dev` filters, Snyk policy file, GitHub Dependabot ignore rules) using the same `ghsa` IDs.
+2. **Pin to a future xlsx-for-ai release** that bumps `@protobi/exceljs` past the upstream uuid bump (will drop the `uuid` advisory automatically; tracked in the allowlist's `reassess` date).
+3. **Vendor the parser path you actually use** — if you only need the modern `@protobi/exceljs` engine and not the legacy `xlsx` fallback, you can disable the fallback in your wrapper and the `xlsx` advisories cease to apply to your dep graph.
+
 ## Reporting bugs
 
 **The privacy contract: we never auto-send workbook data.** Anonymous crash telemetry is opt-in via `--enable-telemetry`; even then, we receive only error type, error message (sanitized — paths scrubbed, capped at 200 chars), tool version, Node version, and OS/arch. No paths, no cell values, no identifiers.

package/index.js

@@ -381,6 +381,18 @@ function detectRegion(ws) {
   const colCount = ws.columnCount;
   if (rowCount === 0 || colCount === 0) return null;
 
+  // ExcelJS reports rowCount/columnCount as the highest USED row/column,
+  // not actual storage. A workbook with one cell at XFD1048576 reports
+  // 1048576 × 16384 = ~17B coordinates. Refuse the scan past 5M cells —
+  // pathological/malicious inputs would otherwise hang the CLI.
+  if (rowCount * colCount > 5_000_000) {
+    console.warn(
+      `detectRegion: workbook reports ${rowCount}×${colCount} cell dimensions, ` +
+      `exceeds 5M-cell scan cap; skipping region detection`
+    );
+    return null;
+  }
+
   for (let r = 1; r <= rowCount; r++) {
     const row = ws.getRow(r);
     for (let c = 1; c <= colCount; c++) {

package/lib/engine.js

@@ -23,7 +23,7 @@ class ExcelJSEngine {
   /** Engine identifier — useful for diagnostics. */
   get name() { return 'exceljs'; }
   get version() {
-    try { return require('exceljs/package.json').version; } catch (_) { return 'unknown'; }
+    try { return require('@protobi/exceljs/package.json').version; } catch (_) { return 'unknown'; }
   }
 
   /**

package/lib/redactWorkbook.js

@@ -117,17 +117,36 @@ function redactSharedStringsXml(xml) {
 }
 
 // Comments: <comment><text><r>...<t>USER TEXT</t></r></text></comment>
-// Replace every <t> payload with "x".
+// Replace every <t> payload with "x". Also strips <author>NAME</author>
+// display names in <authors>; the numeric authorId on each <comment>
+// references the (now redacted) author entry.
 function redactCommentsXml(xml) {
-  return xml.replace(/(<t\b[^>]*>)([\s\S]*?)(<\/t>)/g, (m, open, payload, close) => {
+  let out = xml.replace(/(<t\b[^>]*>)([\s\S]*?)(<\/t>)/g, (m, open, payload, close) => {
+    return open + (payload === '' ? '' : 'x') + close;
+  });
+  out = out.replace(/(<author\b[^>]*>)([\s\S]*?)(<\/author>)/g, (m, open, payload, close) => {
     return open + (payload === '' ? '' : 'x') + close;
   });
+  return out;
 }
 
 // Threaded comments: <threadedComment ... text="USER TEXT" .../>
-// Excel encodes the body as an attribute — must redact in place.
+// Excel encodes the body as an attribute — must redact in place. Both
+// double-quoted and single-quoted attribute values are valid XML and we
+// must scrub both forms.
 function redactThreadedCommentsXml(xml) {
-  return xml.replace(/\btext="[^"]*"/g, 'text="x"');
+  return xml.replace(/\btext=("[^"]*"|'[^']*')/g, 'text="x"');
+}
+
+// xl/persons/person.xml — author registry for threaded comments.
+// <person displayName="Alice" id="..." userId="alice@co.com" providerId="AzureAD"/>
+// Strip the three identifying attributes; leave id (a UUID) so threaded comment
+// authorId references still resolve.
+function redactPersonsXml(xml) {
+  return xml
+    .replace(/\bdisplayName="[^"]*"/g, 'displayName="x"')
+    .replace(/\buserId="[^"]*"/g, 'userId="x"')
+    .replace(/\bproviderId="[^"]*"/g, 'providerId="x"');
 }
 
 // docProps/core.xml — strip author, title, subject, description, keywords,
@@ -196,9 +215,40 @@ function redactAppXml(xml) {
 function redactCustomPropsXml(xml) {
   // Custom property values live inside <vt:*> typed-value elements.
   // Replace their inner text with empty string (preserves type nodes).
-  return xml.replace(/(<vt:[a-zA-Z]+\b[^>]*>)[^<]*(.*?)(<\/vt:[a-zA-Z]+>)/g, '$1$3');
+  //
+  // The character class includes digits so OOXML numeric type names
+  // (vt:r4, vt:r8, vt:i1/i2/i4/i8, vt:ui1/ui2/ui4/ui8, vt:filetime) match.
+  // The \2 backreference forces the open and close tag names to match,
+  // so a payload that contains nested elements (e.g.
+  // <vt:variant><vt:lpwstr>X</vt:lpwstr></vt:variant>) doesn't produce
+  // mangled output. The inner text class [^<] keeps the match strictly
+  // text-only; the outer wrapper is left structurally intact and any
+  // nested vt:* elements get scrubbed by the same regex on overlapping
+  // passes.
+  return xml.replace(/(<(vt:[a-zA-Z0-9]+)\b[^>]*>)[^<]*(<\/\2>)/g, '$1$3');
 }
 
+// 1×1 transparent PNG — minimum valid PNG bytes. Used as a safe placeholder
+// when stripping xl/media/ binary blobs so the ZIP remains structurally valid
+// and drawing relationships don't point to missing entries.
+// (96 bytes: PNG sig + IHDR + IDAT with one transparent pixel + IEND)
+const TRANSPARENT_1X1_PNG = Buffer.from(
+  '89504e470d0a1a0a' + // PNG signature
+  '0000000d49484452' + // IHDR length + type
+  '00000001' +         // width = 1
+  '00000001' +         // height = 1
+  '08060000' +         // 8-bit RGBA
+  '001f15c4' +         // IHDR CRC
+  '89' +               // IHDR chunk footer padding
+  '0000000a49444154' + // IDAT length + type
+  '789c6260' +         // zlib header + deflate block
+  '0000000200' +       // deflate end
+  '01e221bc33' +       // IDAT CRC
+  '0000000049454e44' + // IEND length + type
+  'ae426082',          // IEND CRC
+  'hex',
+);
+
 async function exportRedactedWorkbook(inputPath, outputPath) {
   if (!fs.existsSync(inputPath)) {
     throw new Error(`File not found: ${inputPath}`);
@@ -238,6 +288,14 @@ async function exportRedactedWorkbook(inputPath, outputPath) {
     } else if (/^docProps\/custom\.xml$/i.test(name)) {
       const xml = await file.async('string');
       zip.file(name, redactCustomPropsXml(xml));
+    } else if (/^xl\/persons\/person\.xml$/i.test(name)) {
+      const xml = await file.async('string');
+      zip.file(name, redactPersonsXml(xml));
+    } else if (/^xl\/media\//i.test(name)) {
+      // Embedded images / media — replace with a 1×1 transparent PNG so
+      // drawing relationships remain valid and the ZIP is structurally intact,
+      // but no user-supplied binary data survives in the output.
+      zip.file(name, TRANSPARENT_1X1_PNG);
     }
     // All other parts pass through untouched.
   }
@@ -258,7 +316,11 @@ module.exports = {
   // exported for unit testing
   _redactSheetXml: redactSheetXml,
   _redactSharedStringsXml: redactSharedStringsXml,
+  _redactCommentsXml: redactCommentsXml,
+  _redactThreadedCommentsXml: redactThreadedCommentsXml,
   _redactCoreXml: redactCoreXml,
   _redactAppXml: redactAppXml,
   _redactCustomPropsXml: redactCustomPropsXml,
+  _redactPersonsXml: redactPersonsXml,
+  _TRANSPARENT_1X1_PNG: TRANSPARENT_1X1_PNG,
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "xlsx-for-ai",
-  "version": "1.5.1",
+  "version": "1.5.3",
   "description": "CLI that converts .xlsx files into rich text or JSON dumps that AI coding agents (Claude, Cursor, Copilot, ChatGPT, etc.) can read — preserving values, formulas, formatting, colors, column widths, frozen panes, named ranges, tables, and more.",
   "main": "index.js",
   "bin": {
@@ -17,7 +17,7 @@
     "LICENSE"
   ],
   "scripts": {
-    "test": "node --test test/round-trip.test.js test/output-matrix.test.js test/unit/*.test.js tests/telemetry-sanitize.test.js tests/telemetry-config.test.js tests/telemetry-consent-version.test.js tests/telemetry-flags.test.js"
+    "test": "node --test test/round-trip.test.js test/output-matrix.test.js test/unit/*.test.js tests/telemetry-sanitize.test.js tests/telemetry-config.test.js tests/telemetry-consent-version.test.js tests/telemetry-flags.test.js tests/redactWorkbook-leak-check.test.js"
   },
   "keywords": [
     "xlsx",