Skip to content

fix(config): type-guard remaining CLI option validation against non-strings#128

Merged
pchuri merged 1 commit intomainfrom
fix/config-validation-non-string-fields
Apr 27, 2026
Merged

fix(config): type-guard remaining CLI option validation against non-strings#128
pchuri merged 1 commit intomainfrom
fix/config-validation-non-string-fields

Conversation

@pchuri
Copy link
Copy Markdown
Owner

@pchuri pchuri commented Apr 27, 2026

Description

Follow-up to #124. The previous PR fixed --token and --cookie against the same crash, but the same pattern (truthy gate, then unguarded string method) lived on for the rest of validateCliOptions and one earlier-running line in initConfig. This PR applies the established type-guard pattern uniformly so non-string values from programmatic callers surface a clean validation error instead of a TypeError.

What changes

In lib/config.js:

  • --domain, --email: type-check before .trim()
  • --api-path: type-check before .startsWith('/')
  • --protocol, --auth-type: type-check before .toLowerCase()
  • normAuthType calculation: only call normalizeAuthType when authType is a non-empty string (otherwise the helper itself crashes on numeric input)
  • initConfig's upfront authType.trim().toLowerCase() (which runs before validateCliOptions) is also guarded — without this, the crash would happen before validation could surface it

What was caught during review

While writing tests for the above, the --auth-type test exposed exactly the early-crash issue at lib/config.js:517. Without the second fix, the auth-type validation error would never be reachable. Test was added first, fix derived from the failure.

Type of Change

  • Bug fix (non-breaking change which fixes an issue)

Testing

Checklist

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • New and existing unit tests pass locally with my changes
  • My changes generate no new warnings

Additional Context

Behavior for valid string inputs is unchanged. Null/undefined are still treated as "not provided" (consistent with the rest of the function). The only observable difference is: numeric/object/etc. inputs that previously crashed with TypeError now produce the matching cannot be empty / must be ... validation error.

@pchuri
fix(config): type-guard remaining CLI option validation against non-s…
63e06fe 
…trings

Follow-up to #124, applying the same defensive pattern to the rest of
validateCliOptions and the providedValues construction in initConfig:

- domain, email, apiPath, protocol, authType: type-check before calling
  string methods (trim/startsWith/toLowerCase/includes), so non-string
  truthy inputs (e.g. numeric values from programmatic callers) surface
  a clean validation error instead of a TypeError
- The early authType normalization in initConfig (`.trim().toLowerCase()`
  before validateCliOptions runs) is also guarded so the crash cannot
  occur before validation gets a chance to report it
- Adds regression tests covering domain, apiPath, protocol, and authType
@pchuri pchuri merged commit c7c1a31 into main Apr 27, 2026
6 checks passed
@pchuri pchuri deleted the fix/config-validation-non-string-fields branch April 27, 2026 13:30
github-actions Bot pushed a commit that referenced this pull request Apr 27, 2026
@semantic-release-bot
chore(release): 2.0.1 [skip ci]
cde5798 
## [2.0.1](v2.0.0...v2.0.1) (2026-04-27)

### Bug Fixes

* **config:** type-guard remaining CLI option validation against non-strings ([#128](#128)) ([c7c1a31](c7c1a31)), closes [#124](#124)
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 27, 2026

🎉 This PR is included in version 2.0.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pchuri