Skip to content

refactor!: move internal utils functions to a dedicated directory#738

Merged
tbouffard merged 3 commits intomainfrom
refactor/move_internal_code_to_dedicated_directory
Mar 29, 2025
Merged

refactor!: move internal utils functions to a dedicated directory#738
tbouffard merged 3 commits intomainfrom
refactor/move_internal_code_to_dedicated_directory

Conversation

@tbouffard
Copy link
Member

@tbouffard tbouffard commented Mar 29, 2025
edited by coderabbitai bot
Loading

Such functions are now easier to identify, so this should help for the maintenance and should prevent from exporting
them by mistake.

BREAKING CHANGES: Utils.copyTextToClipboard is no longer available. It was intended to be internal and had been made public by mistake.

Summary by CodeRabbit

  • New Features
    • Enhanced clipboard copy functionality is now integrated into the console log area for improved text copying.
  • Tests
    • Expanded test coverage to validate binary mask matching behavior.
  • Refactor
    • Streamlined module imports and reorganized internal utilities for better maintainability.
  • Chores
    • Removed deprecated functionalities and updated default configurations to enhance security.

@tbouffard
refactor!: move internal utils functions to a dedicated directory
af6a6cf 
Such functions are now easier to identify, so this should help for the maintenance and should prevent from exporting
them by mistake.

BREAKING CHANGES: `Utils.copyTextToClipboard` is no longer available. It was intended to be internal and had been made public by mistake.
@tbouffard tbouffard added the refactor Code refactoring label Mar 29, 2025
@coderabbitai
Copy link

coderabbitai bot commented Mar 29, 2025
edited
Loading

Walkthrough

The pull request restructures several utility functions across the codebase. Functions formerly exposed in public modules—such as copyTextToClipboard and matchBinaryMask—have been removed or relocated. New implementations for clipboard copy, shallow copying, elapsed time messaging, and additional utility functions were introduced in internal modules, with corresponding updates to JSDoc comments and visibility annotations. Import paths have been updated in many files across editors, views, serialization, and tests. Deprecated functions were removed from legacy utility modules, and a dedicated test suite for matchBinaryMask was added.

Changes

File(s) Change Summary
CHANGELOG.md, .../src/gui/MaxLog.ts, .../src/util/Utils.ts Removed public copyTextToClipboard (noted as a breaking change) and added a new implementation in MaxLog.ts using navigator.clipboard.writeText; removed related logging/imports from Utils.ts.
.../__tests__/internal/utils.test.ts, .../__tests__/util/styleUtils.test.ts, .../src/util/styleUtils.ts, .../src/internal/utils.ts, .../src/view/canvas/SvgCanvas2D.ts, .../src/view/geometry/node/TextShape.ts Relocated matchBinaryMask from styleUtils to internal/utils; added dedicated tests and updated import paths in view modules.
.../src/editor/Editor.ts, .../src/editor/EditorPopupMenu.ts, .../src/i18n/config.ts, .../src/util/mathUtils.ts, .../src/view/Graph.ts, .../src/view/cell/Cell.ts, .../src/view/geometry/Shape.ts, .../src/view/undoable_changes/CellAttributeChange.ts, .../src/view/mixins/_graph-mixins-apply.ts, .../src/view/style/config.ts, .../src/serialization/{Codec.ts,ObjectCodec.ts,codecs/*}, .../src/util/xmlUtils.ts Updated import paths for utility functions (e.g., isNullish, isElement, shallowCopy) to point to new internal modules, reflecting a reorganization of module structure.
.../src/internal/clone-utils.ts, .../src/internal/time-utils.ts, .../src/internal/utils.ts Introduced new utility functions: shallowCopy, getElapseMillisecondsMessage, isElement, isNullish, mixInto, and matchBinaryMask; updated function visibility (e.g., doEval changed from @internal to @Private).
.../src/util/{Utils.ts,cloneUtils.ts,domUtils.ts,logger.ts} Removed deprecated utility functions (copyTextToClipboard, isNullish, mixInto, shallowCopy, isElement, getElapseMillisecondsMessage) from legacy modules.

Sequence Diagram(s)

sequenceDiagram
    participant User as User
    participant MaxLog as MaxLog.ts
    participant Clipboard as navigator.clipboard

    User->>MaxLog: Trigger copy text action
    MaxLog->>Clipboard: writeText(text)
    Clipboard-->>MaxLog: Return success/error
    MaxLog->>MaxLog: Log result and provide feedback
    MaxLog-->>User: Update UI based on copy outcome
Loading

Possibly related PRs

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between af6a6cf and 288ac0d.

📒 Files selected for processing (1)
  • packages/core/src/internal/clone-utils.ts (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • packages/core/src/internal/clone-utils.ts
⏰ Context from checks skipped due to timeout of 90000ms (1)
  • GitHub Check: build (windows-2022)
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai plan to trigger planning for file edits and PR creation.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot reviewed Mar 29, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (2)
packages/core/src/view/mixins/_graph-mixins-apply.ts (1)

17-17: Updated Import Path for Internal Utilities
The mixInto function is now imported from the new internal location (../../internal/utils), which is consistent with the overall project refactor. Please verify that the new module correctly exports mixInto.

packages/core/src/internal/clone-utils.ts (1)

36-37: Consider using a more type-safe approach for array assignment.

The current implementation uses a type assertion (@ts-ignore) to bypass TypeScript's type checking for array assignment. Consider using a more type-safe approach or providing a more specific explanation in the comment about why the type assertion is necessary.

-      // @ts-ignore source and target are of the same type
-      target[key] = [...sourceValue];
+      // TypeScript cannot infer that the key in target will also be an array
+      // when source and target are of the same type
+      (target[key] as unknown[]) = [...sourceValue];
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4dec295 and af6a6cf.

📒 Files selected for processing (37)
  • CHANGELOG.md (1 hunks)
  • packages/core/__tests__/internal/utils.test.ts (1 hunks)
  • packages/core/__tests__/util/styleUtils.test.ts (0 hunks)
  • packages/core/src/editor/Editor.ts (1 hunks)
  • packages/core/src/editor/EditorPopupMenu.ts (1 hunks)
  • packages/core/src/gui/MaxLog.ts (1 hunks)
  • packages/core/src/i18n/config.ts (1 hunks)
  • packages/core/src/index.ts (1 hunks)
  • packages/core/src/internal/clone-utils.ts (1 hunks)
  • packages/core/src/internal/time-utils.ts (1 hunks)
  • packages/core/src/internal/types.ts (0 hunks)
  • packages/core/src/internal/utils.ts (1 hunks)
  • packages/core/src/serialization/Codec.ts (1 hunks)
  • packages/core/src/serialization/ObjectCodec.ts (1 hunks)
  • packages/core/src/serialization/codecs/CellCodec.ts (1 hunks)
  • packages/core/src/serialization/codecs/ChildChangeCodec.ts (1 hunks)
  • packages/core/src/serialization/codecs/RootChangeCodec.ts (1 hunks)
  • packages/core/src/serialization/codecs/StylesheetCodec.ts (1 hunks)
  • packages/core/src/serialization/codecs/editor/EditorToolbarCodec.ts (1 hunks)
  • packages/core/src/util/Utils.ts (0 hunks)
  • packages/core/src/util/cloneUtils.ts (0 hunks)
  • packages/core/src/util/config.ts (1 hunks)
  • packages/core/src/util/domUtils.ts (0 hunks)
  • packages/core/src/util/logger.ts (1 hunks)
  • packages/core/src/util/mathUtils.ts (1 hunks)
  • packages/core/src/util/styleUtils.ts (1 hunks)
  • packages/core/src/util/xmlUtils.ts (1 hunks)
  • packages/core/src/view/Graph.ts (1 hunks)
  • packages/core/src/view/canvas/SvgCanvas2D.ts (1 hunks)
  • packages/core/src/view/cell/Cell.ts (1 hunks)
  • packages/core/src/view/geometry/Shape.ts (1 hunks)
  • packages/core/src/view/geometry/node/StencilShape.ts (1 hunks)
  • packages/core/src/view/geometry/node/TextShape.ts (2 hunks)
  • packages/core/src/view/handler/config.ts (1 hunks)
  • packages/core/src/view/mixins/_graph-mixins-apply.ts (1 hunks)
  • packages/core/src/view/style/config.ts (1 hunks)
  • packages/core/src/view/undoable_changes/CellAttributeChange.ts (1 hunks)
💤 Files with no reviewable changes (5)
  • packages/core/tests/util/styleUtils.test.ts
  • packages/core/src/util/cloneUtils.ts
  • packages/core/src/internal/types.ts
  • packages/core/src/util/domUtils.ts
  • packages/core/src/util/Utils.ts
🧰 Additional context used
🧠 Learnings (2)
packages/core/src/util/config.ts (1) 
Learnt from: tbouffard
PR: maxGraph/maxGraph#582
File: packages/core/src/util/config.ts:0-0
Timestamp: 2025-03-27T09:34:54.875Z
Learning: The `shallowCopy` function in `cloneUtils.ts` is intentionally designed to perform a shallow copy on objects that contain only primitive properties, and deep copying is not necessary.
packages/core/src/internal/clone-utils.ts (1) 
Learnt from: tbouffard
PR: maxGraph/maxGraph#582
File: packages/core/src/util/config.ts:0-0
Timestamp: 2025-03-27T09:34:54.875Z
Learning: The `shallowCopy` function in `cloneUtils.ts` is intentionally designed to perform a shallow copy on objects that contain only primitive properties, and deep copying is not necessary.
🧬 Code Definitions (2)
packages/core/__tests__/internal/utils.test.ts (1)
packages/core/src/internal/utils.ts (1)
  • matchBinaryMask (68-70)
packages/core/src/internal/utils.ts (2)
packages/core/src/internal/types.ts (1)
  • UserObject (20-27)
packages/core/src/util/config.ts (1)
  • GlobalConfig (34-54)
🪛 LanguageTool
CHANGELOG.md

[style] ~14-~14: ‘by mistake’ might be wordy. Consider a shorter alternative.
Context: ...to be internal and had been made public by mistake. ## 0.16.0 Release date: 2025-03-02...

(EN_WORDINESS_PREMIUM_BY_MISTAKE)

🪛 Biome (1.9.4)
packages/core/src/internal/utils.ts

[error] 26-26: eval() exposes to security risks and performance issues.

See the MDN web docs for more details.
Refactor the code so that it doesn't need to call eval().

(lint/security/noGlobalEval)

🔇 Additional comments (40)
CHANGELOG.md (1)

14-14: Breaking change properly documented

The removal of Utils.copyTextToClipboard is correctly documented as a breaking change, with clear explanation that it was intended to be internal and had been made public by mistake.

🧰 Tools
🪛 LanguageTool

[style] ~14-~14: ‘by mistake’ might be wordy. Consider a shorter alternative.
Context: ...to be internal and had been made public by mistake. ## 0.16.0 Release date: 2025-03-02...

(EN_WORDINESS_PREMIUM_BY_MISTAKE)

packages/core/src/util/logger.ts (1)

19-19: Import from internal directory

The function getElapseMillisecondsMessage has been properly moved to an internal utility module and is now imported here. This is consistent with the PR's objective of reorganizing internal utility functions.

packages/core/src/gui/MaxLog.ts (5)

25-25: Import path updated to use internal utilities directory

The import path for getElapseMillisecondsMessage has been updated to use the new internal utilities directory structure, which aligns with the PR objective of moving internal utility functions to a dedicated directory.

27-27: Added import for GlobalConfig

New import for GlobalConfig to access the logger for the clipboard operations, which is a good practice for consistent logging throughout the application.

29-38: Reimplemented copyTextToClipboard as an internal function

This function previously existed in ../util/Utils and was mistakenly exposed as a public API. The new implementation:

  1. Uses modern navigator.clipboard.writeText API
  2. Properly handles success and error cases with logging
  3. Is now properly scoped as an internal function within this file

This change directly addresses the PR objective of removing the public Utils.copyTextToClipboard function.

119-125: Updated to use the local copyTextToClipboard implementation

The "Copy" button handler now uses the locally defined clipboard function, maintaining the same functionality while removing the dependency on the previously public utility.

284-287: Utilizing the relocated utility function

This section now uses the getElapseMillisecondsMessage function from its new location in the internal utilities directory, maintaining the same functionality with the reorganized structure.

packages/core/src/util/config.ts (1)

25-25: Update Import Path for shallowCopy
The import of shallowCopy has been updated from its old location to use the new internal module path (../internal/clone-utils). This change aligns well with the overall internal reorganization and maintains consistency across the codebase.

packages/core/src/view/handler/config.ts (1)

31-31: Update shallowCopy Import in Handler Config
The import statement for shallowCopy is now referencing ../../internal/clone-utils instead of the old path. This update is consistent with the broader refactor and helps ensure that internal utilities are properly encapsulated.

packages/core/src/serialization/codecs/ChildChangeCodec.ts (1)

20-20: Reorganize isElement Import
The import for isElement has been moved to ../../internal/utils, reflecting the new home for internal utility functions. This prevents accidental public exposure and consolidates the utilities.

packages/core/src/view/Graph.ts (1)

64-64: Update isNullish Import
The isNullish function is now imported from ../internal/utils, which is in line with the internal reorganization. This change does not impact functionality but improves the overall module structure.

packages/core/src/view/geometry/node/StencilShape.ts (2)

31-31: Retain Legacy DOM Utilities for Child Nodes
The import for getChildNodes and getTextContent remains from '../../../util/domUtils'. This is appropriate because these functions are still maintained in their current module and are separate from the internal utility functions now consolidated in internal/utils.

35-35: Update Utility Imports for doEval, isElement, and isNullish
The import of doEval, isElement, and isNullish has been updated to come from ../../../internal/utils. This reorganization consolidates these utility functions under a single internal module, enhancing maintainability and encapsulation.

packages/core/src/util/mathUtils.ts (1)

24-24: Updated import path for isNullish function.

The import path for isNullish has been correctly updated to source from the new internal utils directory, which aligns with the PR objective of relocating internal utility functions to a dedicated directory.

packages/core/src/serialization/Codec.ts (1)

24-25: Refactored imports to separate internal from utility functions.

The imports have been properly reorganized, keeping importNode and isNode in the existing domUtils while moving isElement to the new internal utils module. This clean separation helps clarify which utilities are meant for internal use.

packages/core/src/serialization/codecs/RootChangeCodec.ts (1)

20-20: Updated import path for isElement function.

The import path for isElement has been correctly updated to source from the internal utils directory, consistent with the same change in other files and aligning with the PR objective.

packages/core/src/view/style/config.ts (1)

18-18: Updated import path for shallowCopy function.

The import path for shallowCopy has been properly updated to use the new location in the internal directory. The naming convention change from cloneUtils to clone-utils is also consistent with internal module naming standards.

packages/core/__tests__/internal/utils.test.ts (2)

17-20: New test file correctly imports dependencies.

The imports are properly set up to test the matchBinaryMask function that has been moved to the internal utils module, with appropriate test dependencies and constants.

21-34: Well-structured tests for the matchBinaryMask function.

The test suite provides good coverage for the binary mask matching functionality, including both positive and negative test cases. This ensures that the function behaves correctly after being moved to the internal utils module.

packages/core/src/i18n/config.ts (1)

17-18: Updated Imports to Use Internal Utilities for i18n Configuration
The import statements for isNullish and shallowCopy have been updated to use the new internal paths. This change aligns with the objective of consolidating internal utilities. Ensure that both ../internal/utils and ../internal/clone-utils correctly export these functions and that downstream functionality remains unaffected.

packages/core/src/editor/Editor.ts (1)

61-61: Refactored Import for isNullish
The isNullish function import has been modified to use ../internal/utils instead of the old public utility path. This change is in line with the refactoring objective. Ensure that any other usages expecting the old implementation (if any) are updated accordingly.

packages/core/src/view/undoable_changes/CellAttributeChange.ts (1)

17-17: Revised Import for isNullish in CellAttributeChange
The import of isNullish is now sourced from ../../internal/utils, which is consistent with the internal reorganization. The logic in execute() remains intact, so no functional changes are expected.

packages/core/src/serialization/ObjectCodec.ts (1)

24-27: Updated Utility Imports in ObjectCodec
The changes update the import of doEval and isElement from the new internal utilities location (../internal/utils). This ensures consistency across the codebase. Please verify that the isElement function correctly distinguishes element nodes and that doEval behaves as expected when evaluating expressions during decoding.

packages/core/src/view/geometry/node/TextShape.ts (1)

35-35: Import reorganization as part of internal utils refactoring.

The matchBinaryMask utility function has been moved from styleUtils to the new dedicated internal/utils module as part of the codebase reorganization.

Also applies to: 51-51

packages/core/src/editor/EditorPopupMenu.ts (1)

25-25: Consolidated import statement for internal utilities.

The doEval and isNullish utility functions are now both imported from the internal/utils module, aligning with the refactoring effort to move internal utility functions to a dedicated directory.

packages/core/src/serialization/codecs/editor/EditorToolbarCodec.ts (1)

25-27: Reorganized import for isElement utility function.

The isElement function has been moved from domUtils to internal/utils as part of the refactoring effort to consolidate internal utility functions, while getChildNodes and getTextContent remain in their original location.

packages/core/src/util/xmlUtils.ts (1)

26-28: Relocated isElement utility function import.

The isElement function is now imported from internal/utils instead of domUtils, consistent with the refactoring to move internal utility functions to a dedicated directory, making them explicitly marked as internal utilities.

packages/core/src/serialization/codecs/CellCodec.ts (1)

21-23: Import reorganization aligns with the refactoring goal.

The change moves isElement from a public utility location to the new internal utilities directory while keeping importNode in its original location. This supports the PR's objective of relocating internal utility functions to improve maintenance and prevent accidental exports.

packages/core/src/serialization/codecs/StylesheetCodec.ts (1)

24-25: Import reorganization aligns with internal utilities refactoring.

The refactoring moves doEval and isElement to the internal utilities directory while maintaining getTextContent in its original location. This is consistent with the PR's objective of better organizing utility functions and ensuring they aren't unintentionally exposed.

packages/core/src/view/geometry/Shape.ts (1)

20-20: Import path updated to use internal utils directory.

The isNullish utility has been correctly moved from Utils to the new internal utilities directory, which aligns with the PR's refactoring goals.

packages/core/src/internal/clone-utils.ts (1)

17-43: Well-implemented utility with proper documentation and security considerations.

The new shallowCopy utility function is well-documented with JSDoc comments including warnings about its shallow copy behavior. It also includes proper security measures to prevent prototype pollution by checking for own properties.

The implementation correctly handles arrays by creating shallow copies while directly assigning other property types. The @private annotation appropriately signals that this is an internal utility not intended for public consumption.

packages/core/src/util/styleUtils.ts (1)

34-34: Refactoring successfully relocates utility function.

The import of matchBinaryMask from the internal utils module aligns with the PR's objective to relocate internal utilities to a dedicated directory, improving organization and reducing the risk of inadvertently exporting them.

packages/core/src/view/cell/Cell.ts (1)

25-26: Import paths successfully updated.

The import path changes for UserObject and utility functions isElement and isNullish align with the PR objective of moving internal utilities to a dedicated directory, enhancing maintainability.

packages/core/src/view/canvas/SvgCanvas2D.ts (1)

19-21: Properly updated utility import paths.

The imports have been correctly reorganized to reflect the new location of utility functions, with isNullish and matchBinaryMask now coming from the internal utils module while maintaining the import of getAlignmentAsPoint from styleUtils.

packages/core/src/internal/utils.ts (6)

17-20: Appropriate imports for new utility module.

These imports correctly bring in the necessary dependencies for the utility functions that follow. The import of GlobalConfig enables proper error logging in the mixInto function.

29-35: Well-documented Element type check implementation.

This utility function properly checks if a node is an Element by comparing its nodeType to the Element constant, with appropriate TypeScript type narrowing. The @private annotation clearly indicates this is an internal utility.

36-41: Simple but useful nullish check utility.

This function provides a standardized way to check for null or undefined values across the codebase, which helps maintain consistency. The @private annotation properly indicates its internal nature.

42-60: Robust mixin implementation with error handling.

The mixInto utility provides a clean way to merge properties from a mixin into a destination class. It includes proper error handling by logging errors through GlobalConfig.logger rather than failing silently or throwing exceptions.

62-70: Binary mask utility properly implemented.

The matchBinaryMask function, which was moved from styleUtils, is correctly implemented to check if a value matches a binary mask. This is essential for font style checks and other bitwise operations throughout the codebase.

21-27:

Details

❓ Verification inconclusive

Security consideration with eval usage.

The doEval function uses eval(), which poses security risks as identified by static analysis. While the eslint comment acknowledges this, consider if this function is truly necessary or if there are safer alternatives.

🏁 Script executed:

#!/bin/bash
# Check for usage of the doEval function in the codebase
echo "Checking for doEval usage in the codebase..."
rg -A 3 -B 3 "doEval\("

Length of output: 5734

Security Alert: Revisit and Validate All Eval Usages

The doEval function in packages/core/src/internal/utils.ts still uses eval(), which introduces critical security risks if inputs aren’t strictly controlled. Our search shows that doEval is invoked in multiple modules (e.g., in StylesheetCodec.ts, ObjectCodec.ts, EditorToolbarCodec.ts, StencilShape.ts, GraphView.ts, and EditorPopupMenu.ts). Although each use is gated by corresponding flags (like allowEval), this pattern warrants extra scrutiny.

Please consider the following:

  • Input Sanitization: Double-check that all strings passed to doEval are properly sanitized before evaluation.
  • Necessity versus Alternatives: Reassess if using eval() is truly necessary. If possible, explore safer alternatives such as a controlled DSL or custom parser.
  • Documentation & Flag Enforcement: Enhance documentation around the use of doEval and ensure that the associated allowEval flags reliably prevent misuse.

Review these aspects across all impacted modules to mitigate potential security vulnerabilities.

🧰 Tools
🪛 Biome (1.9.4)

[error] 26-26: eval() exposes to security risks and performance issues.

See the MDN web docs for more details.
Refactor the code so that it doesn't need to call eval().

(lint/security/noGlobalEval)

@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 29, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@tbouffard tbouffard merged commit dd4f1d8 into main Mar 29, 2025
7 checks passed
@tbouffard tbouffard deleted the refactor/move_internal_code_to_dedicated_directory branch March 29, 2025 12:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

refactor Code refactoring

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tbouffard