Skip to content

ast-guard@2.2.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 07 Jan 20:55
· 41 commits to main since this release
ast-guard@2.2.0
3928642
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

ast-guard v2.2.0

📦 npm: ast-guard@2.2.0

Added

  • AgentScript transformer now whitelists URI encoding helpers (encodeURI, decodeURI, encodeURIComponent, decodeURIComponent) so they survive transformation.
  • AgentScript preset exports security-level-specific global lists (AGENTSCRIPT_*), a getAgentScriptGlobals helper, and accepts a new securityLevel option; the public index also re-exports the new constants and SecurityLevel type.

Changed

  • Default AgentScript allowed globals are derived from the chosen security level (falling back to STANDARD) before merging in user-specified identifiers.

Fixed

  • Regex pre-scanner analyzes user patterns through the new safePatternTest/safePatternMatch helpers so the detector’s own regular expressions are not exploitable.

Security

  • REDOS detection patterns now use bounded quantifiers and truncate inspected patterns, eliminating analyzer-driven ReDoS vectors.
Assets 2
Loading