starred/vld
1
0
Fork 0
mirror of https://github.com/ersinkoc/vld.git synced 2026-04-26 22:45:52 +03:00
Code Issues Projects Releases Packages Wiki Activity

[PR #12] fix: NPM package bug analysis - Fix 6 HIGH priority bugs #12

New issue
Closed
opened 2026-03-07 21:30:05 +03:00 by kerem · 0 comments
kerem commented 2026-03-07 21:30:05 +03:00
Owner
Copy link

Original Pull Request: https://github.com/ersinkoc/vld/pull/12

State: closed
Merged: Yes

Comprehensive bug analysis discovered 56+ bugs across the codebase.
This commit fixes 6 HIGH priority bugs with full test coverage.

Fixed Bugs

BUG-NPM-002: VldDefault - Validate default value at construction

  • Issue: Default values were not validated, allowing invalid data to bypass validation
  • Fix: Added validation in VldDefault constructor to ensure type safety
  • Impact: BREAKING CHANGE - Invalid defaults now throw at construction time
  • File: src/validators/base.ts:205-210

BUG-NPM-003: VldCatch - Validate fallback value at construction

  • Issue: Fallback values were not validated, allowing invalid data
  • Fix: Added validation in VldCatch constructor
  • Impact: BREAKING CHANGE - Invalid fallbacks now throw at construction time
  • File: src/validators/base.ts:237-242

BUG-NPM-006: hexToUint8Array - Silent data corruption

  • Issue: Invalid hex characters silently converted to NaN→0, corrupting data
  • Fix: Added regex validation for hex characters [0-9a-fA-F]
  • Impact: Now throws error for invalid hex instead of silent corruption
  • File: src/utils/codec-utils.ts:66-71

BUG-NPM-007: IPv6 validation - Overly permissive

  • Issue: Accepted invalid IPv6 addresses (double ::, wrong group counts)
  • Fix: Replaced permissive fallback with proper RFC 4291 structure validation
  • Impact: Stricter validation rejects previously accepted invalid addresses
  • File: src/utils/ip-validation.ts:70-110

BUG-NPM-004: jwtPayload - Missing error handling

  • Issue: JWT parsing could crash with uncaught exceptions
  • Fix: Wrapped decode logic in try-catch with descriptive errors
  • Impact: Better error messages and no uncaught exceptions
  • File: src/codecs/index.ts:355-378

BUG-NPM-005: base64Json - Missing error handling

  • Issue: JSON.parse could throw uncaught exceptions
  • Fix: Wrapped JSON.parse in try-catch
  • Impact: Better error messages and no uncaught exceptions
  • File: src/codecs/index.ts:328-336

Test Coverage

  • Added comprehensive test suite: tests/npm-package-bug-fixes.test.ts
  • Updated existing tests to use valid default/fallback values
  • All 758 tests passing ✓
  • Build successful ✓
  • Type checking passes ✓

Documentation

  • Complete bug analysis: BUG_ANALYSIS.md (56+ bugs documented)
  • Categorized by severity: 1 CRITICAL, 6 HIGH, 15 MEDIUM, 34+ LOW
  • Remaining bugs documented for future fixes

Breaking Changes

⚠️ BUG-NPM-002 & BUG-NPM-003: Invalid default/fallback values now throw errors
at construction time instead of silently accepting invalid data. Update code:

Before:

v.string().min(5).default("hi")  // Silently accepted
v.number().positive().catch(-1)   // Silently accepted

After:

v.string().min(5).default("hello")  // Valid default required
v.number().positive().catch(1)      // Valid fallback required
**Original Pull Request:** https://github.com/ersinkoc/vld/pull/12 **State:** closed **Merged:** Yes --- Comprehensive bug analysis discovered 56+ bugs across the codebase. This commit fixes 6 HIGH priority bugs with full test coverage. ## Fixed Bugs ### BUG-NPM-002: VldDefault - Validate default value at construction - **Issue**: Default values were not validated, allowing invalid data to bypass validation - **Fix**: Added validation in VldDefault constructor to ensure type safety - **Impact**: BREAKING CHANGE - Invalid defaults now throw at construction time - **File**: src/validators/base.ts:205-210 ### BUG-NPM-003: VldCatch - Validate fallback value at construction - **Issue**: Fallback values were not validated, allowing invalid data - **Fix**: Added validation in VldCatch constructor - **Impact**: BREAKING CHANGE - Invalid fallbacks now throw at construction time - **File**: src/validators/base.ts:237-242 ### BUG-NPM-006: hexToUint8Array - Silent data corruption - **Issue**: Invalid hex characters silently converted to NaN→0, corrupting data - **Fix**: Added regex validation for hex characters [0-9a-fA-F] - **Impact**: Now throws error for invalid hex instead of silent corruption - **File**: src/utils/codec-utils.ts:66-71 ### BUG-NPM-007: IPv6 validation - Overly permissive - **Issue**: Accepted invalid IPv6 addresses (double ::, wrong group counts) - **Fix**: Replaced permissive fallback with proper RFC 4291 structure validation - **Impact**: Stricter validation rejects previously accepted invalid addresses - **File**: src/utils/ip-validation.ts:70-110 ### BUG-NPM-004: jwtPayload - Missing error handling - **Issue**: JWT parsing could crash with uncaught exceptions - **Fix**: Wrapped decode logic in try-catch with descriptive errors - **Impact**: Better error messages and no uncaught exceptions - **File**: src/codecs/index.ts:355-378 ### BUG-NPM-005: base64Json - Missing error handling - **Issue**: JSON.parse could throw uncaught exceptions - **Fix**: Wrapped JSON.parse in try-catch - **Impact**: Better error messages and no uncaught exceptions - **File**: src/codecs/index.ts:328-336 ## Test Coverage - Added comprehensive test suite: tests/npm-package-bug-fixes.test.ts - Updated existing tests to use valid default/fallback values - All 758 tests passing ✓ - Build successful ✓ - Type checking passes ✓ ## Documentation - Complete bug analysis: BUG_ANALYSIS.md (56+ bugs documented) - Categorized by severity: 1 CRITICAL, 6 HIGH, 15 MEDIUM, 34+ LOW - Remaining bugs documented for future fixes ## Breaking Changes ⚠️ BUG-NPM-002 & BUG-NPM-003: Invalid default/fallback values now throw errors at construction time instead of silently accepting invalid data. Update code: Before: ```typescript v.string().min(5).default("hi") // Silently accepted v.number().positive().catch(-1) // Silently accepted ``` After: ```typescript v.string().min(5).default("hello") // Valid default required v.number().positive().catch(1) // Valid fallback required ```
kerem 2026-03-07 21:30:05 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
No results found.
Labels
Clear labels   
pull-request

Mirrored from GitHub Pull Request

No labels
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/vld#12
No description provided.