@platformatic/itc - npm Package Compare versions

Comparing version 3.38.1 to 3.39.0

lib/index.js

@@ -95,7 +95,61 @@ import { Unpromise } from '@watchable/unpromise'
 
+function sanitizeError (error, transferList) {
+  let needsSanitization = false
+
+  for (const value of Object.values(error)) {
+    const valueType = typeof value
+    if (valueType === 'function' || valueType === 'symbol') {
+      needsSanitization = true
+      break
+    }
+
+    if (value && typeof value === 'object') {
+      const sanitized = sanitize(value, transferList)
+      if (sanitized !== value) {
+        needsSanitization = true
+        break
+      }
+    }
+  }
+
+  if (!needsSanitization) {
+    return error
+  }
+
+  // Build a plain object with all safe error properties.
+  // We intentionally do NOT create a new Error() because @fastify/error instances
+  // (used by avvio and ITC errors) go through structured clone as plain objects,
+  // which preserves all enumerable own properties. A standard new Error() would
+  // instead be cloned as an Error, silently dropping custom properties like code.
+  const sanitized = {}
+  if (error.message) sanitized.message = error.message
+  if (error.name) sanitized.name = error.name
+  if (error.stack) sanitized.stack = error.stack
+  if (error.code) sanitized.code = error.code
+  if (error.statusCode) sanitized.statusCode = error.statusCode
+
+  for (const [key, value] of Object.entries(error)) {
+    if (key === 'message' || key === 'stack' || key === 'name' || key === 'code' || key === 'statusCode') continue
+    const valueType = typeof value
+    if (valueType === 'function' || valueType === 'symbol') continue
+
+    if (value && typeof value === 'object') {
+      sanitized[key] = sanitize(value, transferList)
+    } else {
+      sanitized[key] = value
+    }
+  }
+
+  return sanitized
+}
+
 export function sanitize (data, transferList) {
-  if (!data || typeof data !== 'object' || transferList?.includes(data) || data instanceof Error) {
+  if (!data || typeof data !== 'object' || transferList?.includes(data)) {
     return data
   }
 
+  if (data instanceof Error) {
+    return sanitizeError(data, transferList)
+  }
+
   if (Buffer.isBuffer(data) || data instanceof Uint8Array) {
@@ -102,0 +156,0 @@ // This will convert as Uint8Array

package.json

 {
   "name": "@platformatic/itc",
-  "version": "3.38.1",
+  "version": "3.39.0",
   "description": "",
@@ -5,0 +5,0 @@ "main": "lib/index.js",

New alerts

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Fixed alerts

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

27780

6.51%

Lines of code

449

11.14%

No dependency changes