cspell-config-lib
Advanced tools
cspell-config-lib - npm Package Compare versions
Comparing version 8.2.4 to 8.3.0
@@ -13,2 +13,13 @@ import type { CSpellConfigFile, ICSpellConfigFile } from './CSpellConfigFile.js'; | ||
| clearCachedFiles(): void; | ||
| setUntrustedExtensions(ext: readonly string[]): this; | ||
| setTrustedUrls(urls: readonly (URL | string)[]): this; | ||
| /** | ||
| * Untrusted extensions are extensions that are not trusted to be loaded from a file system. | ||
| * Extension are case insensitive and should include the leading dot. | ||
| */ | ||
| readonly untrustedExtensions: string[]; | ||
| /** | ||
| * Urls starting with these urls are trusted to be loaded from a file system. | ||
| */ | ||
| readonly trustedUrls: URL[]; | ||
| } | ||
@@ -25,2 +36,13 @@ export declare class CSpellConfigFileReaderWriterImpl implements CSpellConfigFileReaderWriter { | ||
| constructor(io: IO, middleware: SerializerMiddleware[], loaders: FileLoaderMiddleware[]); | ||
| private _untrustedExtensions; | ||
| private _trustedUrls; | ||
| /** | ||
| * Untrusted extensions are extensions that are not trusted to be loaded from a file system. | ||
| * Extension are case insensitive and should include the leading dot. | ||
| */ | ||
| get untrustedExtensions(): string[]; | ||
| /** | ||
| * Urls starting with these urls are trusted to be loaded from a file system. | ||
| */ | ||
| get trustedUrls(): URL[]; | ||
| readConfig(uri: URL | string): Promise<CSpellConfigFile>; | ||
@@ -30,4 +52,9 @@ getDeserializer(): DeserializerNext; | ||
| writeConfig(configFile: ICSpellConfigFile): Promise<TextFileRef>; | ||
| setUntrustedExtensions(ext: readonly string[]): this; | ||
| setTrustedUrls(urls: readonly (URL | string)[]): this; | ||
| clearCachedFiles(): void; | ||
| } | ||
| export declare class UntrustedUrlError extends Error { | ||
| constructor(url: URL); | ||
| } | ||
| //# sourceMappingURL=CSpellConfigFileReaderWriter.d.ts.map |
@@ -0,1 +1,2 @@ | ||
| import { extname } from 'node:path/posix'; | ||
| import { getDeserializer, getLoader, getSerializer } from './middlewareHelper.js'; | ||
@@ -17,3 +18,22 @@ import { toURL } from './util/toURL.js'; | ||
| } | ||
| _untrustedExtensions = new Set(); | ||
| _trustedUrls = []; | ||
| /** | ||
| * Untrusted extensions are extensions that are not trusted to be loaded from a file system. | ||
| * Extension are case insensitive and should include the leading dot. | ||
| */ | ||
| get untrustedExtensions() { | ||
| return [...this._untrustedExtensions]; | ||
| } | ||
| /** | ||
| * Urls starting with these urls are trusted to be loaded from a file system. | ||
| */ | ||
| get trustedUrls() { | ||
| return [...this._trustedUrls].map((url) => new URL(url)); | ||
| } | ||
| readConfig(uri) { | ||
| const url = new URL(uri); | ||
| if (!isTrusted(url, this._trustedUrls, this._untrustedExtensions)) { | ||
| return Promise.reject(new UntrustedUrlError(url)); | ||
| } | ||
| const loader = getLoader(this.loaders); | ||
@@ -36,2 +56,11 @@ return loader({ url: toURL(uri), context: { deserialize: this.getDeserializer(), io: this.io } }); | ||
| } | ||
| setUntrustedExtensions(ext) { | ||
| this._untrustedExtensions.clear(); | ||
| ext.forEach((e) => this._untrustedExtensions.add(e.toLowerCase())); | ||
| return this; | ||
| } | ||
| setTrustedUrls(urls) { | ||
| this._trustedUrls = [...new Set([...urls.map((url) => new URL(url).href)])].sort(); | ||
| return this; | ||
| } | ||
| clearCachedFiles() { | ||
@@ -43,2 +72,15 @@ for (const loader of this.loaders) { | ||
| } | ||
| function isTrusted(url, trustedUrls, untrustedExtensions) { | ||
| const path = url.pathname; | ||
| const ext = extname(path).toLowerCase(); | ||
| if (!untrustedExtensions.has(ext)) | ||
| return true; | ||
| const href = url.href; | ||
| return trustedUrls.some((trustedUrl) => href.startsWith(trustedUrl)); | ||
| } | ||
| export class UntrustedUrlError extends Error { | ||
| constructor(url) { | ||
| super(`Untrusted URL: "${url.href}"`); | ||
| } | ||
| } | ||
| //# sourceMappingURL=CSpellConfigFileReaderWriter.js.map |
@@ -11,3 +11,4 @@ import { extname } from 'node:path/posix'; | ||
| const result = await import(_url.href); | ||
| const settings = result.default ?? result; | ||
| const settingsOrFunction = await (result.default ?? result); | ||
| const settings = typeof settingsOrFunction === 'function' ? await settingsOrFunction() : settingsOrFunction; | ||
| return new CSpellConfigFileJavaScript(url, settings); | ||
@@ -14,0 +15,0 @@ } |
| { | ||
| "name": "cspell-config-lib", | ||
| "version": "8.2.4", | ||
| "version": "8.3.0", | ||
| "description": "CSpell Config library", | ||
@@ -49,7 +49,7 @@ "keywords": [ | ||
| "dependencies": { | ||
| "@cspell/cspell-types": "8.2.4", | ||
| "@cspell/cspell-types": "8.3.0", | ||
| "comment-json": "^4.2.3", | ||
| "yaml": "^2.3.4" | ||
| }, | ||
| "gitHead": "d3c5ff685b3aa2bf984f557d81380f2c994547e0" | ||
| "gitHead": "019c7ccd326b7fc9e106069ddf6008d5079bbd12" | ||
| } |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by8.23%
35958
- Lines of code
- increased by9.72%
790
Dependency changes
+ Added@cspell/cspell-types@8.3.0(transitive)
- Removed@cspell/cspell-types@8.2.4(transitive)
Updated@cspell/cspell-types@8.3.0