You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
chore: tidy up validation helpers and improve test coverage (#18)
- Consolidate shared validation patterns
- Improve primordial coverage for consistency
- Add bounds to internal caches and string processing
- Fix VERS containment for compound range expressions
- Update tests to match improved validation behavior
- Freeze cached instances for immutability guarantees
Copy file name to clipboardExpand all lines: CHANGELOG.md
+14-20Lines changed: 14 additions & 20 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,38 +8,32 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
8
8
9
9
### Added
10
10
11
-
-**VERS parser**: First JavaScript implementation of the VERS (VErsion Range Specifier) companion spec to PURL. Supports parsing, serialization, and containment checking for semver-based schemes (npm, cargo, golang, gem, hex, pub, cran, swift)
-**PurlBuilder factories**: Added 18 new type factories (bitbucket, cocoapods, conan, conda, cran, deb, docker, github, gitlab, hackage, hex, huggingface, luarocks, oci, pub, rpm, swift, vscode-extension)
18
-
-**Injection character detection**: `containsInjectionCharacters()` utility for shell metacharacter detection
17
+
-**PurlBuilder factories**: Added type factories for common ecosystems
18
+
-**Input validation utilities**: Character detection for dangerous input
19
19
-**`vers` qualifier**: Added 6th standard qualifier per purl spec
20
20
-**`./exists` entry point**: Registry existence checks available via `@socketregistry/packageurl-js/exists`
21
21
22
22
### Changed
23
23
24
-
-**Bundle size reduced 95%**: Core bundle is 178 KB (was 3.3 MB). Exists functions moved to separate entry point to avoid bundling HTTP dependencies
25
-
-**Primordials module**: All 43 built-in references captured at module load time via `uncurryThis` pattern (mirrors Node.js internals). Zero raw prototype method calls remain
26
-
-**Frozen constants**: Module-level Maps, Sets, regex patterns, and arrays are frozen
27
-
-**Null prototype objects**: All user-facing object literals use `__proto__: null`
28
-
-**Flyweight cache**: `fromString()` caches up to 1024 instances; `toString()` memoized
24
+
-**Bundle size reduced 95%**: Exists functions moved to separate entry point to avoid bundling HTTP dependencies
25
+
-**Hardened against prototype pollution**: Built-in references captured at module load time
26
+
-**Frozen constants**: Module-level data structures are immutable
27
+
-**Null prototype objects**: All user-facing object literals use null prototypes
28
+
-**Performance**: Instance caching for `fromString()`; `toString()` memoized
29
29
-**Version lowercasing**: Added for oci, pypi, and vscode-extension per upstream spec
30
30
31
31
### Fixed
32
32
33
-
-**ReDoS prevention**: Consecutive `.*` groups collapsed in wildcard regex
34
-
-**Null byte rejection**: All string components reject `\x00` to prevent truncation in C-based consumers
0 commit comments