Fix security and performance issues across core, vendor, and examples
Security:
- S2: hexToRgb — explicit typeof branch + padStart(6) for numeric hex inputs;
makes the numeric-input path intentional and preserves leading zeros
- S3: FORCE_COLOR parsing — guard against NaN propagation when env value is
non-numeric (e.g. FORCE_COLOR=yes now correctly falls back to level 1)
- S4: _supportsColor — remove side-effecting mutation of module-level
flagForceColor; effective value is now computed locally, eliminating
cross-call state corruption in test environments
- S5: applyOptions — change `options.level &&` to `options.level !== undefined`
so null and NaN are properly rejected instead of silently stored as the level
- S6: browser.js — explicit Number(brand.version) > 93 instead of implicit
string-to-number coercion for Chromium UA version check
Performance / correctness:
- P1: rainbow.js — replace stateful global-regex test() in loop (which
misclassified every other non-printable character due to lastIndex advancing)
with a direct code-point comparison: character < '!' || character > '~'
- P4: stringEncaseCRLFWithFirstIndex — switch from += string concatenation in
loop to array-of-parts + single join(), reducing intermediate allocations for
multi-line strings
- P6: builder — detect tagged template literal calls via .raw property and route
through String.raw(), so chalk.red`hello ${name}` now produces correct output
Tests:
- instance.js: new Chalk({level: null/NaN}) now throws (S5 regression test)
- chalk.js: numeric hex with leading zeros (S2), template literal interpolations
(P6) covered by new tests; all 35 tests pass
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Ayush Kumar
parent
aa06bb5ac3
commit
ff7b1f0d60
8 changed files with 53 additions and 17 deletions
|
|
@ -124,3 +124,22 @@ test('keeps function prototype methods', t => {
|
|||
t.is(chalk.bind(chalk, 'foo')(), 'foo');
|
||||
t.is(chalk.call(chalk, 'foo'), 'foo');
|
||||
});
|
||||
|
||||
test('accept numeric hex values in .hex() (S2)', t => {
|
||||
// Numeric values should behave identically to their string equivalents
|
||||
t.is(new Chalk({level: 3}).hex(0xFF_00_00)('hello'), new Chalk({level: 3}).hex('#FF0000')('hello'));
|
||||
t.is(new Chalk({level: 3}).bgHex(0xFF_00_FF)('hello'), new Chalk({level: 3}).bgHex('#FF00FF')('hello'));
|
||||
// Leading zeros must be preserved: 0x0000FF is blue, not a garbled 3-char match
|
||||
t.is(new Chalk({level: 3}).hex(0x00_00_FF)('hello'), new Chalk({level: 3}).hex('#0000FF')('hello'));
|
||||
t.is(new Chalk({level: 3}).hex(0x00_FF_00)('hello'), new Chalk({level: 3}).hex('#00FF00')('hello'));
|
||||
});
|
||||
|
||||
test('support tagged template literals with interpolations (P6)', t => {
|
||||
const name = 'World';
|
||||
t.is(chalk.red`hello ${name}`, '\u001B[31mhello World\u001B[39m');
|
||||
t.is(chalk.bold`count: ${42}`, '\u001B[1mcount: 42\u001B[22m');
|
||||
// Without interpolations should still work
|
||||
t.is(chalk.red`hello`, '\u001B[31mhello\u001B[39m');
|
||||
// Array arguments (not template literals) must be unaffected
|
||||
t.is(chalk.bold(['foo', 'bar']), '\u001B[1mfoo,bar\u001B[22m');
|
||||
});
|
||||
|
|
|
|||
|
|
@ -22,3 +22,15 @@ test('the `level` option should be a number from 0 to 3', t => {
|
|||
}, {message: /should be an integer from 0 to 3/});
|
||||
/* eslint-enable no-new */
|
||||
});
|
||||
|
||||
test('the `level` option rejects null and NaN (S5)', t => {
|
||||
/* eslint-disable no-new */
|
||||
t.throws(() => {
|
||||
new Chalk({level: null});
|
||||
}, {message: /should be an integer from 0 to 3/});
|
||||
|
||||
t.throws(() => {
|
||||
new Chalk({level: Number.NaN});
|
||||
}, {message: /should be an integer from 0 to 3/});
|
||||
/* eslint-enable no-new */
|
||||
});
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue