vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-20 01:11:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

fix(spa): replace double JSON.parse with valibot validation in helpers.ts (#3210)
Some checks are pending
CLI Release / Build and release CLI (push) Waiting to run
Details
Lint / ShellCheck (push) Waiting to run
Details
Lint / Biome Lint (push) Waiting to run
Details
Lint / macOS Compatibility (push) Waiting to run
Details

Browse source 
Fixes #3203

Agent: security-auditor

Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
A 2026-04-06 17:51:07 -07:00 committed by GitHub
parent deb4b4f39e
commit 00d5a8cd58
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 15 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

20
.claude/skills/setup-spa/helpers.ts
View file

@ -54,6 +54,20 @@ interface RawThread {
pr_urls: string | null;
}
const PrUrlsSchema = v.array(v.string());
function parsePrUrls(raw: string | null): string[] | undefined {
if (!raw) return undefined;
let parsed: unknown;
try {
parsed = JSON.parse(raw);
} catch {
return undefined;
}
const result = v.safeParse(PrUrlsSchema, parsed);
return result.success ? result.output : undefined;
}
function rowToThread(r: RawThread): ThreadRow {
return {
channel: r.channel,
@ -62,11 +76,7 @@ function rowToThread(r: RawThread): ThreadRow {
createdAt: r.created_at,
userId: r.user_id ?? undefined,
lastActivityAt: r.last_activity_at ?? undefined,
prUrls: r.pr_urls
? Array.isArray(JSON.parse(r.pr_urls))
? JSON.parse(r.pr_urls).filter(isString)
: undefined
: undefined,
prUrls: parsePrUrls(r.pr_urls),
};
}