Merge pull request #350 from NodeSecure/sec-literal-ts

refactor: migrate sec-literal to TypeScript

Author: fraxken

.github/workflows/estree-ast-utils.yml

@@ -23,7 +23,7 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [20.x, 22.x]
+        node-version: [22.x, 24.x]
         # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
 
     steps:

.github/workflows/node.js.yml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        node-version: [20.x, 22.x]
+        node-version: [22.x, 24.x]
       fail-fast: false
     steps:
       - name: Harden Runner
@@ -28,6 +28,8 @@ jobs:
           node-version: ${{ matrix.node-version }}
       - name: Install dependencies
         run: npm install
+      - name: Build typescript sources
+        run: npm run build
       - name: Run tests
         run: npm run test
       - name: Send coverage report to Codecov

.github/workflows/sec-literal.yml

@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        node-version: [20.x, 22.x]
+        node-version: [22.x, 24.x]
       fail-fast: false
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -24,4 +24,5 @@ jobs:
         with:
           node-version: ${{ matrix.node-version }}
       - run: npm install
+      - run: npm run build
       - run: npm run test --workspace=workspaces/sec-literal

.github/workflows/ts-source-parser.yml

@@ -23,7 +23,7 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [20.x, 22.x]
+        node-version: [22.x, 24.x]
         # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
 
     steps:
@@ -38,4 +38,5 @@ jobs:
       with:
         node-version: ${{ matrix.node-version }}
     - run: npm install
+    - run: npm run build
     - run: npm run test --workspace=workspaces/ts-source-parser

base.tsconfig.json

@@ -18,7 +18,9 @@
     "node": ">=20.0.0"
   },
   "scripts": {
+    "build": "tsc -b",
     "lint": "eslint src workspaces test",
+    "test-all": "npm run test --ws --if-present",
     "test-only": "glob -c \"node --test-reporter=spec --test\" \"./test/**/*.spec.js\"",
     "test": "c8 --all --src ./src -r html npm run test-only",
     "check": "npm run lint && npm run test-only",

package.json

@@ -0,0 +1,3 @@
+{
+  "extends": "@openally/config.typescript"
+}

tsconfig.base.json

@@ -0,0 +1,11 @@
+{
+  "files": [],
+  "references": [
+    {
+      "path": "./workspaces/sec-literal"
+    },
+    {
+      "path": "./workspaces/ts-source-parser"
+    }
+  ]
+}

tsconfig.json

@@ -2,13 +2,14 @@
   "name": "@nodesecure/sec-literal",
   "version": "1.2.0",
   "description": "Package created to analyze JavaScript literals",
-  "exports": "./src/index.js",
+  "exports": "./dist/index.js",
   "private": false,
   "type": "module",
   "scripts": {
-    "lint": "eslint src",
-    "test-only": "node --test",
-    "test": "npm run lint && npm run test-only"
+    "prepublishOnly": "npm run build",
+    "build": "tsc",
+    "test-only": "tsx --test-reporter=spec --test \"./test/**/*.spec.ts\"",
+    "test": "npm run test-only"
   },
   "repository": {
     "type": "git",
@@ -22,7 +23,7 @@
     "scanner"
   ],
   "files": [
-    "src"
+    "dist"
   ],
   "author": "GENTILHOMME Thomas <gentilhomme.thomas@gmail.com>",
   "license": "MIT",
@@ -35,5 +36,8 @@
     "is-base64": "^1.1.0",
     "is-svg": "^6.0.0",
     "string-width": "^7.0.0"
+  },
+  "devDependencies": {
+    "@types/is-base64": "^1.1.3"
   }
 }

workspaces/sec-literal/package.json

@@ -1,13 +1,12 @@
 // Import Internal Dependencies
-import * as Literal from "./literal.js";
+import { toRaw, toValue, type ESTreeLiteral } from "./literal.js";
 import * as Utils from "./utils.js";
 
+// CONSTANTS
 const kUnsafeHexValues = new Set([
   "require",
   "length"
 ].map((value) => Buffer.from(value).toString("hex")));
-
-// CONSTANTS
 const kSafeHexValues = new Set([
   "0123456789",
   "123456789",
@@ -24,30 +23,36 @@ export const CONSTANTS = Object.freeze({
 
 /**
  * @description detect if the given string is an Hexadecimal value
- * @param {SecLiteral.Literal | string} anyValue
- * @returns {boolean}
  */
-export function isHex(anyValue) {
-  const value = Literal.toValue(anyValue);
+export function isHex(
+  anyValue: ESTreeLiteral | string
+): boolean {
+  const value = toValue(anyValue);
 
   return typeof value === "string" && /^[0-9A-Fa-f]{4,}$/g.test(value);
 }
 
 /**
  * @description detect if the given string is a safe Hexadecimal value
- * @param {SecLiteral.Literal | string} anyValue
- * @returns {boolean}
  */
-export function isSafe(anyValue) {
-  const rawValue = Literal.toRaw(anyValue);
-  if (kUnsafeHexValues.has(rawValue)) {
+export function isSafe(
+  anyValue: ESTreeLiteral | string
+): boolean {
+  const rawValue = toRaw(anyValue);
+  if (typeof rawValue === "undefined" || kUnsafeHexValues.has(rawValue)) {
     return false;
   }
 
   const charCount = Utils.stringCharDiversity(rawValue);
-  if (/^([0-9]+|[a-z]+|[A-Z]+)$/g.test(rawValue) || rawValue.length <= 5 || charCount <= 2) {
+  if (
+    /^([0-9]+|[a-z]+|[A-Z]+)$/g.test(rawValue)
+    || rawValue.length <= 5
+    || charCount <= 2
+  ) {
     return true;
   }
 
-  return [...kSafeHexValues].some((value) => rawValue.toLowerCase().startsWith(value));
+  return [...kSafeHexValues].some(
+    (value) => rawValue.toLowerCase().startsWith(value)
+  );
 }