mirror of
https://github.com/pdfme/pdfme.git
synced 2026-04-19 21:49:03 -04:00
e4a4c300cd
* Migrate pdf-lib into pdfme monorepo - Add @pdfme/pdf-lib package to packages/ directory - Update root package.json to include pdf-lib in workspaces - Update all package dependencies to use workspace:* for @pdfme/pdf-lib - Configure TypeScript build targets (cjs, esm, node) for pdf-lib - Add ESLint configuration with relaxed rules for pdf-lib migration - Integrate pdf-lib into monorepo build and clean scripts - Add basic test suite for pdf-lib package - All lint, build, and test suites pass successfully This migration improves maintainability by consolidating all PDF operations into a single repository and unified build/test/release process. Co-Authored-By: Kyohei Fukuda <kyoheif@wix.com> * Fix TypeScript module resolution for workspace dependencies - Changed moduleResolution from 'bundler' to 'node' in common package - This should resolve '@pdfme/pdf-lib' module resolution issues - Reverted workspace dependency format back to '*' for npm compatibility Co-Authored-By: Kyohei Fukuda <kyoheif@wix.com> * Fix pdf-lib package.json exports paths - Updated main, module, and exports paths to point to correct locations - Changed from dist/*/index.js to dist/*/src/index.js to match build output - Fixed TypeScript types path from dist/types/index.d.ts to dist/types/src/index.d.ts - Resolves Vite package entry resolution errors and TypeScript module resolution issues Co-Authored-By: Kyohei Fukuda <kyoheif@wix.com> * Fix CodeQL security alerts in svg.ts - Add input validation and sanitization for HTML/SVG parsing - Prevent ReDoS attacks with regex limits and input size checks - Sanitize font family names to prevent prototype pollution - Add URL validation for image sources to prevent path traversal - Limit transformation parsing to prevent infinite loops - Maintain backward compatibility while improving security Co-Authored-By: Kyohei Fukuda <kyoheif@wix.com> * Implement comprehensive security fixes for CodeQL alerts in svg.ts - Add input validation and sanitization for SVG content - Implement safe HTML parsing with null checks and size limits - Add controlled dynamic property access with allowlisted tag names - Prevent style injection with filtered and limited style entries - Add regex match limits to prevent ReDoS attacks - Enhance font selection with input validation and type safety - Sanitize image sources to prevent path traversal and injection - Limit CSS style parsing to prevent potential vulnerabilities These changes address the 2 high-severity CodeQL security alerts while maintaining backward compatibility and functionality. Co-Authored-By: Kyohei Fukuda <kyoheif@wix.com> * Add additional security fixes for CodeQL alerts in svg.ts - Implement safer property access for polygon node transformation - Add input validation for points attribute with regex pattern matching - Replace Object.assign with safer property assignment to prevent prototype pollution - Add null checks and type validation for node attributes and childNodes - Implement safer SVG node parsing with comprehensive validation - Add array type checks for childNodes processing These changes target the remaining 2 high-severity CodeQL security alerts by addressing potential prototype pollution and unsafe property access. Co-Authored-By: Kyohei Fukuda <kyoheif@wix.com> * Implement comprehensive security hardening for CodeQL alerts in svg.ts - Add comprehensive SVG content sanitization with allowlist-based tag filtering - Implement strict input validation with bounds checking for all numeric inputs - Replace unsafe dynamic property assignment with Object.defineProperty - Add try-catch error handling for HTML parsing operations - Restrict allowed style properties and validate string lengths - Use setAttribute/removeAttribute instead of direct attribute manipulation - Add type safety checks for all node operations - Implement safer polygon-to-path conversion with validation These changes address the 10 high-severity CodeQL security alerts by: 1. Preventing XSS through comprehensive input sanitization 2. Avoiding prototype pollution with safer property assignment 3. Adding bounds checking to prevent DoS attacks 4. Using allowlist-based validation for all user inputs 5. Implementing proper error handling to prevent crashes Co-Authored-By: Kyohei Fukuda <kyoheif@wix.com> * Potential fix for code scanning alert no. 32: Incomplete multi-character sanitization Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Potential fix for code scanning alert no. 39: Incomplete multi-character sanitization Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Fix inefficient regular expression in svg.ts to pass CodeQL - Changed /([^:\s]+)*\s*:\s*([^;]+)/g to /([^:\s]+)\s*:\s*([^;]+)/g - Removed the problematic * quantifier that could cause exponential backtracking - This fixes the "Inefficient regular expression" security alert from GitHub Advanced Security 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * remove sanitize-html * move tests * fix for security * update dependabot.yml * organize --------- Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Co-authored-by: Kyohei Fukuda <kyouhei.fukuda0729@gmail.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: Claude <noreply@anthropic.com>
80 lines
2.8 KiB
JSON
80 lines
2.8 KiB
JSON
{
|
|
"name": "root",
|
|
"version": "0.0.0",
|
|
"private": true,
|
|
"author": "hand-dot",
|
|
"license": "MIT",
|
|
"keywords": [
|
|
"pdf",
|
|
"pdf-generation",
|
|
"pdf-designer",
|
|
"pdf-viewer",
|
|
"typescript",
|
|
"react"
|
|
],
|
|
"description": "TypeScript base PDF generator and React base UI. Open source, developed by the community, and completely free to use under the MIT license!",
|
|
"homepage": "https://pdfme.com",
|
|
"repository": {
|
|
"type": "git",
|
|
"url": "git@github.com:pdfme/pdfme.git"
|
|
},
|
|
"bugs": {
|
|
"url": "https://github.com/pdfme/pdfme/issues"
|
|
},
|
|
"workspaces": [
|
|
"packages/common",
|
|
"packages/pdf-lib",
|
|
"packages/converter",
|
|
"packages/schemas",
|
|
"packages/generator",
|
|
"packages/manipulator",
|
|
"packages/ui"
|
|
],
|
|
"scripts": {
|
|
"postinstall": "./scripts/link-workspaces.sh",
|
|
"clean": "npm-run-all --parallel clean:*",
|
|
"clean:common": "npm run -w packages/common clean",
|
|
"clean:pdf-lib": "npm run -w packages/pdf-lib clean",
|
|
"clean:converter": "npm run -w packages/converter clean",
|
|
"clean:schemas": "npm run -w packages/schemas clean",
|
|
"clean:generator": "npm run -w packages/generator clean",
|
|
"clean:manipulator": "npm run -w packages/manipulator clean",
|
|
"clean:ui": "npm run -w packages/ui clean",
|
|
"build": "npm run clean && npm run build:pdf-lib && npm run build:common && npm run build:converter && npm run build:schemas && npm-run-all --parallel build:generator build:ui build:manipulator",
|
|
"build:common": "npm run -w packages/common build",
|
|
"build:pdf-lib": "npm run -w packages/pdf-lib build",
|
|
"build:converter": "npm run -w packages/converter build",
|
|
"build:schemas": "npm run -w packages/schemas build",
|
|
"build:generator": "npm run -w packages/generator build",
|
|
"build:manipulator": "npm run -w packages/manipulator build",
|
|
"build:ui": "npm run -w packages/ui build",
|
|
"test": "npm run test --workspaces",
|
|
"test:ui:update-snapshots": "npm run -w packages/ui test -- -u",
|
|
"lint": "npm run lint --workspaces",
|
|
"prettier": "npm run prettier --workspaces"
|
|
},
|
|
"devDependencies": {
|
|
"@babel/core": "^7.27.4",
|
|
"@humanwhocodes/config-array": "^0.13.0",
|
|
"@types/jest": "^29.5.14",
|
|
"@types/jest-image-snapshot": "^6.4.0",
|
|
"@types/node": "^22.15.29",
|
|
"@typescript-eslint/eslint-plugin": "^8.33.0",
|
|
"@typescript-eslint/parser": "^8.32.0",
|
|
"babel-loader": "^10.0.0",
|
|
"eslint": "^9.28.0",
|
|
"eslint-config-prettier": "^10.1.5",
|
|
"eslint-plugin-prettier": "^5.4.1",
|
|
"jest": "^29.7.0",
|
|
"jest-image-snapshot": "^6.5.1",
|
|
"npm-run-all": "^4.1.5",
|
|
"prettier": "^3.5.0",
|
|
"rimraf": "^6.0.1",
|
|
"ts-jest": "^29.3.4",
|
|
"ts-jest-resolver": "^2.0.1",
|
|
"ts-loader": "^9.2.5",
|
|
"ts-prune": "^0.10.3",
|
|
"typescript": "^5.8.3"
|
|
}
|
|
}
|