@master4n/decorators
Advanced tools
@master4n/decorators - npm Package Compare versions
+13
-1
@@ -288,2 +288,9 @@ import winston from 'winston'; | ||
| coerce?: boolean; | ||
| /** | ||
| * Reject inputs longer than this many characters BEFORE running the regex. | ||
| * A cheap, strong defense against ReDoS: with a vulnerable (catastrophic- | ||
| * backtracking) regex, a long crafted input can block the event loop for | ||
| * seconds. Set this to the longest value you legitimately expect. | ||
| */ | ||
| maxLength?: number; | ||
| } | ||
@@ -300,6 +307,11 @@ /** | ||
| * | ||
| * ⚠️ **ReDoS:** the regex runs against assigned (possibly untrusted) values. A | ||
| * catastrophic-backtracking pattern (e.g. `/(a+)+$/`) on a crafted long input | ||
| * can block the event loop for seconds. Prefer linear/atomic regexes, and set | ||
| * `maxLength` to bound the worst case on untrusted input. | ||
| * | ||
| * @example | ||
| * \@Configured | ||
| * class User { | ||
| * \@Pattern(/^[^@\s]+@[^@\s]+\.[^@\s]+$/, { message: 'invalid email' }) | ||
| * \@Pattern(/^[^@\s]+@[^@\s]+\.[^@\s]+$/, { message: 'invalid email', maxLength: 254 }) | ||
| * email!: string; | ||
@@ -306,0 +318,0 @@ * |
+1
-1
| { | ||
| "name": "@master4n/decorators", | ||
| "version": "2.0.0", | ||
| "version": "2.0.1", | ||
| "description": "AI-friendly TypeScript decorators for Node/backend apps, in ten families: Inject (config & value injection), Guard (validation), Shape (transforms), Shield (access control & secret redaction), Flow (resilience — retry/timeout/circuit-breaker/rate-limit/cache), Insight (observability), Model (data classes), Route (Express REST controllers), Agent (LLM tools, guardrails, idempotency), and Craft (class/method ergonomics). One decorator replaces a block of code.", | ||
@@ -5,0 +5,0 @@ "main": "./commonjs/index.cjs", |
+6
-3
@@ -231,4 +231,7 @@ # @master4n/decorators | ||
| (`DEFAULT_SENSITIVE_KEYS`: `password`, `token`, `apiKey`, `authorization`, …) ∪ | ||
| `options.keys`. Matching is case- and `_`/`-`-insensitive; nested objects, | ||
| arrays, and circular references are handled. | ||
| `options.keys`. Matching is case- and `_`/`-`-insensitive **and matches secret | ||
| stems as substrings**, so compound names like `jwtSecret`, `apiToken`, and | ||
| `userPassword` are masked too. Nested objects, arrays, `Map`/`Set`, and | ||
| circular references are handled; values past `maxDepth` (12) become | ||
| `'[Truncated]'` so deep secrets can't leak. | ||
| - `redactFormat(options?)` is a winston format. This package's own logger already | ||
@@ -265,3 +268,3 @@ uses it; add it to your logger's `format.combine(...)` to protect your logs too. | ||
| | `@ValidDate` | method | `ValidationError` | first arg must be a valid `{ DD, MM, YYYY }` date. | | ||
| | `@Pattern(regex, opts?)` | property | `ValidationError` | only allows assigning values that match the regex. | | ||
| | `@Pattern(regex, opts?)` | property | `ValidationError` | only matches the regex. ⚠️ ReDoS: set `{ maxLength }` for untrusted input. | | ||
| | `@Min(n)` / `@Max(n)` | property | `ValidationError` | string/array **length** ≥ n / ≤ n, or **number** value. | | ||
@@ -268,0 +271,0 @@ | `@Range(min, max)` | property | `ValidationError` | inclusive bounds on string/array length or number value. | |
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
Fixed alerts
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
416456
1.41%- Lines of code
6333
1.28%- Number of lines in readme file
574
0.53%- Number of medium supply chain risk alerts
0
-100%