		@@ -9,2 +9,19 @@ # Changelog

		## [6.1.0]
		### Added
		- Add optional `destroy` method to `Keyring` type ([#108](https://github.com/MetaMask/utils/pull/108))

		## [6.0.1]
		### Fixed
		- Strip `__proto__` and `constructor` JSON properties in `getSafeJson` ([#105](https://github.com/MetaMask/utils/pull/105))

		## [6.0.0]
		### Changed
		- BREAKING: Bump minimum Node version to 16 ([#102](https://github.com/MetaMask/utils/pull/102))
		- BREAKING: Target `ES2020` ([#102](https://github.com/MetaMask/utils/pull/102))

		### Fixed
		- Fix JSON validation security issue ([#103](https://github.com/MetaMask/utils/pull/103))
		- This adds a new function `getSafeJson` which validates and returns sanitized JSON.

		## [5.0.2]
		@@ -145,3 +162,6 @@ ### Changed

		[Unreleased]: https://github.com/MetaMask/utils/compare/v5.0.2...HEAD
		[Unreleased]: https://github.com/MetaMask/utils/compare/v6.1.0...HEAD
		[6.1.0]: https://github.com/MetaMask/utils/compare/v6.0.1...v6.1.0
		[6.0.1]: https://github.com/MetaMask/utils/compare/v6.0.0...v6.0.1
		[6.0.0]: https://github.com/MetaMask/utils/compare/v5.0.2...v6.0.0
		[5.0.2]: https://github.com/MetaMask/utils/compare/v5.0.1...v5.0.2
		@@ -148,0 +168,0 @@ [5.0.1]: https://github.com/MetaMask/utils/compare/v5.0.0...v5.0.1

dist/assert.js

		@@ -23,5 +23,4 @@ "use strict";
		function isConstructable(fn) {
		var _a, _b;
		/* istanbul ignore next */
		return Boolean(typeof ((_b = (_a = fn === null \|\| fn === void 0 ? void 0 : fn.prototype) === null \|\| _a === void 0 ? void 0 : _a.constructor) === null \|\| _b === void 0 ? void 0 : _b.name) === 'string');
		return Boolean(typeof fn?.prototype?.constructor?.name === 'string');
		}
		@@ -28,0 +27,0 @@ /**

dist/base64.js

		@@ -14,5 +14,4 @@ "use strict";
		const base64 = (struct, options = {}) => {
		var _a, _b;
		const paddingRequired = (_a = options.paddingRequired) !== null && _a !== void 0 ? _a : false;
		const characterSet = (_b = options.characterSet) !== null && _b !== void 0 ? _b : 'base64';
		const paddingRequired = options.paddingRequired ?? false;
		const characterSet = options.characterSet ?? 'base64';
		let letters;
		@@ -19,0 +18,0 @@ if (characterSet === 'base64') {

dist/bytes.js

		@@ -159,5 +159,4 @@ "use strict";
		function hexToBytes(value) {
		var _a;
		// "0x" is often used as empty byte array.
		if (((_a = value === null \|\| value === void 0 ? void 0 : value.toLowerCase) === null \|\| _a === void 0 ? void 0 : _a.call(value)) === '0x') {
		if (value?.toLowerCase?.() === '0x') {
		return new Uint8Array();
		@@ -164,0 +163,0 @@ }

dist/json.d.ts

		@@ -21,3 +21,3 @@ import { Infer, Struct } from 'superstruct';
		*/
		export declare const JsonStruct: Struct<Json, null>;
		export declare const JsonStruct: Struct<Json, unknown>;
		/**
		@@ -32,2 +32,15 @@ * Check if the given value is a valid {@link Json} value, i.e., a value that is
		/**
		* Validate and return sanitized JSON.
		*
		* Note:
		* This function uses sanitized JsonStruct for validation
		* that applies stringify and then parse of a value provided
		* to ensure that there are no getters which can have side effects
		* that can cause security issues.
		*
		* @param value - JSON structure to be processed.
		* @returns Sanitized JSON structure.
		*/
		export declare function getSafeJson<Type extends Json = Json>(value: unknown): Type;
		/**
		* Get the size of a JSON value in bytes. This also validates the value.
		@@ -65,3 +78,3 @@ *
		message: Struct<string, null>;
		data: Struct<Json \| undefined, null>;
		data: Struct<Json \| undefined, unknown>;
		stack: Struct<string \| undefined, null>;
		@@ -172,3 +185,3 @@ }>;
		message: Struct<string, null>;
		data: Struct<Json \| undefined, null>;
		data: Struct<Json \| undefined, unknown>;
		stack: Struct<string \| undefined, null>;
		@@ -190,3 +203,3 @@ }>;
		jsonrpc: Struct<"2.0", "2.0">;
		result: Struct<Json, null>;
		result: Struct<Json, unknown>;
		}>;
		@@ -193,0 +206,0 @@ /**

dist/json.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.getJsonRpcIdValidator = exports.assertIsJsonRpcError = exports.isJsonRpcError = exports.assertIsJsonRpcFailure = exports.isJsonRpcFailure = exports.assertIsJsonRpcSuccess = exports.isJsonRpcSuccess = exports.assertIsJsonRpcResponse = exports.isJsonRpcResponse = exports.assertIsPendingJsonRpcResponse = exports.isPendingJsonRpcResponse = exports.JsonRpcResponseStruct = exports.JsonRpcFailureStruct = exports.JsonRpcSuccessStruct = exports.PendingJsonRpcResponseStruct = exports.assertIsJsonRpcRequest = exports.isJsonRpcRequest = exports.assertIsJsonRpcNotification = exports.isJsonRpcNotification = exports.JsonRpcNotificationStruct = exports.JsonRpcRequestStruct = exports.JsonRpcParamsStruct = exports.JsonRpcErrorStruct = exports.JsonRpcIdStruct = exports.JsonRpcVersionStruct = exports.jsonrpc2 = exports.getJsonSize = exports.isValidJson = exports.JsonStruct = exports.UnsafeJsonStruct = void 0;
		exports.getJsonRpcIdValidator = exports.assertIsJsonRpcError = exports.isJsonRpcError = exports.assertIsJsonRpcFailure = exports.isJsonRpcFailure = exports.assertIsJsonRpcSuccess = exports.isJsonRpcSuccess = exports.assertIsJsonRpcResponse = exports.isJsonRpcResponse = exports.assertIsPendingJsonRpcResponse = exports.isPendingJsonRpcResponse = exports.JsonRpcResponseStruct = exports.JsonRpcFailureStruct = exports.JsonRpcSuccessStruct = exports.PendingJsonRpcResponseStruct = exports.assertIsJsonRpcRequest = exports.isJsonRpcRequest = exports.assertIsJsonRpcNotification = exports.isJsonRpcNotification = exports.JsonRpcNotificationStruct = exports.JsonRpcRequestStruct = exports.JsonRpcParamsStruct = exports.JsonRpcErrorStruct = exports.JsonRpcIdStruct = exports.JsonRpcVersionStruct = exports.jsonrpc2 = exports.getJsonSize = exports.getSafeJson = exports.isValidJson = exports.JsonStruct = exports.UnsafeJsonStruct = void 0;
		const superstruct_1 = require("superstruct");
		@@ -35,44 +35,11 @@ const assert_1 = require("./assert");
		*/
		exports.JsonStruct = (0, superstruct_1.define)('Json', (value, context) => {
		/**
		* Helper function that runs the given struct validator and returns the
		* validation errors, if any. If the value is valid, it returns `true`.
		*
		* @param innerValue - The value to validate.
		* @param struct - The struct to use for validation.
		* @returns The validation errors, or `true` if the value is valid.
		*/
		function checkStruct(innerValue, struct) {
		const iterator = struct.validator(innerValue, context);
		const errors = [...iterator];
		if (errors.length > 0) {
		return errors;
		exports.JsonStruct = (0, superstruct_1.coerce)(exports.UnsafeJsonStruct, (0, superstruct_1.any)(), (value) => {
		(0, assert_1.assertStruct)(value, exports.UnsafeJsonStruct);
		return JSON.parse(JSON.stringify(value, (propKey, propValue) => {
		// Strip __proto__ and constructor properties to prevent prototype pollution.
		if (propKey === '__proto__' \|\| propKey === 'constructor') {
		return undefined;
		}
		return true;
		}
		try {
		// The plain value must be a valid JSON value, but it may be altered in the
		// process of JSON serialization, so we need to validate it again after
		// serialization. This has the added benefit that the returned error messages
		// will be more helpful, as they will point to the exact location of the
		// invalid value.
		//
		// This seems overcomplicated, but without checking the plain value first,
		// there are some cases where the validation passes, even though the value is
		// not valid JSON. For example, `undefined` is not valid JSON, but serializing
		// it will remove it from the object, so the validation will pass.
		const unsafeResult = checkStruct(value, exports.UnsafeJsonStruct);
		if (unsafeResult !== true) {
		return unsafeResult;
		}
		// JavaScript engines are highly optimized for this specific use case of
		// JSON parsing and stringifying, so there should be no performance impact.
		return checkStruct(JSON.parse(JSON.stringify(value)), exports.UnsafeJsonStruct);
		}
		catch (error) {
		if (error instanceof RangeError) {
		return 'Circular reference detected';
		}
		return false;
		}
		return propValue;
		}));
		});
		@@ -87,6 +54,28 @@ /**
		function isValidJson(value) {
		return (0, superstruct_1.is)(value, exports.JsonStruct);
		try {
		getSafeJson(value);
		return true;
		}
		catch {
		return false;
		}
		}
		exports.isValidJson = isValidJson;
		/**
		* Validate and return sanitized JSON.
		*
		* Note:
		* This function uses sanitized JsonStruct for validation
		* that applies stringify and then parse of a value provided
		* to ensure that there are no getters which can have side effects
		* that can cause security issues.
		*
		* @param value - JSON structure to be processed.
		* @returns Sanitized JSON structure.
		*/
		function getSafeJson(value) {
		return (0, superstruct_1.create)(value, exports.JsonStruct);
		}
		exports.getSafeJson = getSafeJson;
		/**
		* Get the size of a JSON value in bytes. This also validates the value.
		@@ -338,3 +327,8 @@ *
		function getJsonRpcIdValidator(options) {
		const { permitEmptyString, permitFractions, permitNull } = Object.assign({ permitEmptyString: true, permitFractions: false, permitNull: true }, options);
		const { permitEmptyString, permitFractions, permitNull } = {
		permitEmptyString: true,
		permitFractions: false,
		permitNull: true,
		...options,
		};
		/**
		@@ -341,0 +335,0 @@ * Type guard for {@link JsonRpcId}.

dist/keyring.d.ts

		@@ -219,2 +219,6 @@ import type { TypedTransaction, TxData } from '@ethereumjs/tx';
		generateRandomMnemonic?(): void;
		/**
		* Destroy the keyring.
		*/
		destroy?(): Promise<void>;
		};

dist/misc.js

		@@ -114,3 +114,2 @@ "use strict";
		function calculateStringSize(value) {
		var _a;
		const size = value.split('').reduce((total, character) => {
		@@ -123,3 +122,3 @@ if (isASCII(character)) {
		// Also detect characters that need backslash escape
		return size + ((_a = value.match(exports.ESCAPE_CHARACTERS_REGEXP)) !== null && _a !== void 0 ? _a : []).length;
		return size + (value.match(exports.ESCAPE_CHARACTERS_REGEXP) ?? []).length;
		}
		@@ -126,0 +125,0 @@ exports.calculateStringSize = calculateStringSize;

package.json

		{
		"name": "@metamask/utils",
		"version": "5.0.2",
		"description": "Various JavaScript/TypeScript utilities of wide relevance to the MetaMask codebase.",
		"version": "6.1.0",
		"description": "Various JavaScript/TypeScript utilities of wide relevance to the MetaMask codebase",
		"homepage": "https://github.com/MetaMask/utils#readme",
		"bugs": {
		"url": "https://github.com/MetaMask/utils/issues"
		},
		"repository": {
		@@ -10,4 +14,4 @@ "type": "git",
		"license": "ISC",
		"main": "dist/index.js",
		"types": "dist/index.d.ts",
		"main": "./dist/index.js",
		"types": "./dist/index.d.ts",
		"files": [
		@@ -20,9 +24,12 @@ "dist/"
		"build:docs": "typedoc",
		"lint": "yarn lint:eslint && yarn lint:misc --check",
		"lint": "yarn lint:eslint && yarn lint:misc --check && yarn lint:dependencies --check && yarn lint:changelog && yarn lint:constraints",
		"lint:changelog": "auto-changelog validate",
		"lint:constraints": "yarn constraints",
		"lint:dependencies": "depcheck && yarn dedupe",
		"lint:eslint": "eslint . --cache --ext js,ts",
		"lint:fix": "yarn lint:eslint --fix && yarn lint:misc --write",
		"lint:fix": "yarn lint:eslint --fix && yarn lint:misc --write && yarn lint:dependencies && yarn lint:changelog && yarn lint:constraints --fix",
		"lint:misc": "prettier '*/.json' '*/.md' '!CHANGELOG.md' '*/.yml' '!.yarnrc.yml' --ignore-path .gitignore --no-error-on-unmatched-pattern",
		"prepack": "./scripts/prepack.sh",
		"test": "yarn test:source && yarn test:types",
		"test:source": "jest",
		"test:source": "jest && jest-it-up",
		"test:types": "tsd",
		@@ -43,3 +50,4 @@ "test:watch": "jest --watch"
		"@lavamoat/allow-scripts": "^2.0.3",
		"@metamask/auto-changelog": "^2.3.0",
		"@lavamoat/preinstall-always-fail": "^1.0.0",
		"@metamask/auto-changelog": "^3.1.0",
		"@metamask/eslint-config": "^11.0.1",
		@@ -50,4 +58,6 @@ "@metamask/eslint-config-jest": "^11.0.0",
		"@types/jest": "^28.1.7",
		"@typescript-eslint/eslint-plugin": "^5.42.1",
		"@typescript-eslint/parser": "^5.42.1",
		"@types/node": "^17.0.23",
		"@typescript-eslint/eslint-plugin": "^5.43.0",
		"@typescript-eslint/parser": "^5.43.0",
		"depcheck": "^1.4.3",
		"eslint": "^8.27.0",
		@@ -61,10 +71,11 @@ "eslint-config-prettier": "^8.5.0",
		"jest": "^29.2.2",
		"json-bigint": "^1.0.0",
		"jest-it-up": "^2.0.2",
		"prettier": "^2.7.1",
		"prettier-plugin-packagejson": "^2.2.11",
		"prettier-plugin-packagejson": "^2.3.0",
		"rimraf": "^3.0.2",
		"stdio-mock": "^1.2.0",
		"ts-jest": "^29.0.3",
		"ts-node": "^10.7.0",
		"tsd": "^0.24.1",
		"typedoc": "^0.23.10",
		"typedoc": "^0.23.15",
		"typescript": "~4.8.4"
		@@ -74,3 +85,3 @@ },
		"engines": {
		"node": ">=14.0.0"
		"node": ">=16.0.0"
		},
		@@ -77,0 +88,0 @@ "publishConfig": {

README.md

		@@ -21,7 +21,6 @@ # MetaMask Utils

		- Install [Node.js](https://nodejs.org) version 12
		- Install [Node.js](https://nodejs.org) version 16
		- If you are using [nvm](https://github.com/creationix/nvm#installation) (recommended) running `nvm use` will automatically choose the right node version for you.
		- Install [Yarn v1](https://yarnpkg.com/en/docs/install)
		- Run `yarn setup` to install dependencies and run any required post-install scripts
		- Warning: Do not use the `yarn` / `yarn install` command directly. Use `yarn setup` instead. The normal install command will skip required post-install scripts, leaving your development environment in an invalid state.
		- Install [Yarn v3](https://yarnpkg.com/getting-started/install)
		- Run `yarn install` to install dependencies and run any required post-install scripts

		@@ -28,0 +27,0 @@ ### Testing and Linting

dist/assert.js.map