Skip to content

Disable unicorn/prefer-uint8array-base64#295

Merged
twschiller merged 1 commit into
mainfrom
disable-unicorn-prefer-uint8array-base64
Jun 22, 2026
Merged

Disable unicorn/prefer-uint8array-base64#295
twschiller merged 1 commit into
mainfrom
disable-unicorn-prefer-uint8array-base64

Conversation

@twschiller

Copy link
Copy Markdown
Contributor

Part of the #279 unicorn ratchet. This row turns out not to be a clean ratchet — it's blocked by the test runtime, not the codebase.

Why off, not error

The suggested Uint8Array.fromBase64() / Uint8Array#toBase64():

Runtime Has the API?
Chrome target (133+; manifest.json requires 148)
Bun (the build-injection-patterns.ts build script)
Node 24 (Jest/jsdom in CI) ❌ — gated behind the experimental --js-base-64 flag, off by default

The 8 sites include two security-relevant decode paths — encoded-payload-redact.ts and encoded-fixture.ts — plus their test fixtures. Rewriting them would either:

  • break the Jest suite (the methods don't exist under Node 24), or
  • require polyfilling an atob/btoa-based shim into jsdom — which would then exercise the shim, not Chrome's native implementation, masking any prod divergence on a decode path (loose vs. strict last-chunk handling, base64url alphabet, whitespace). That's a new blind spot on exactly the code that least wants one.

Adding that risk for a stylistic rule isn't worth it. Turning it off (rather than leaving a standing warn) matches the project convention for intentional/blocked rules (#287, #288, #294). Revisit once Node ships these methods unflagged.

Changes

  • extension/eslint.config.js: move unicorn/prefer-uint8array-base64 from warn to off with the rationale above.

Verification

I'll update the issue #279 table to move this row into the "Not worth ratcheting" section.

🤖 Generated with Claude Code

The suggested `Uint8Array.fromBase64()`/`#toBase64()` are present in the
Chrome target and in Bun (the build script), but Node 24 — which runs
Jest/jsdom in CI — only exposes them behind the experimental
`--js-base-64` flag, so they're absent under test. Rewriting the 8 sites
(which include the `encoded-payload-redact.ts` / `encoded-fixture.ts`
security decode paths and their fixtures) would either break the suite or
force an atob/btoa-based polyfill into jsdom that exercises the shim
instead of Chrome's native impl, masking prod divergence on a decode path.

Not worth it for a stylistic rule. Turn off with rationale and move the
row to the "not worth ratcheting" section of #279; revisit once Node
ships these unflagged.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@vercel

vercel Bot commented Jun 22, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
agent-browser-shield-demo-site Ready Ready Preview, Comment Jun 22, 2026 2:34pm

Request Review

@twschiller twschiller merged commit b163323 into main Jun 22, 2026
7 checks passed
@twschiller twschiller deleted the disable-unicorn-prefer-uint8array-base64 branch June 22, 2026 14:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant