Skip to content

fix(search): strip control characters from registry version field#9705

Open
ubeddulla wants to merge 1 commit into
npm:latestfrom
ubeddulla:search-strip-version
Open

fix(search): strip control characters from registry version field#9705
ubeddulla wants to merge 1 commit into
npm:latestfrom
ubeddulla:search-strip-version

Conversation

@ubeddulla

Copy link
Copy Markdown
Contributor
  1. the search text formatter runs every registry field through stripVTControlCharacters except version, which is interpolated as-is.
  2. the global output filter only escapes C0/C1 controls and deliberately keeps SGR sequences, so a package whose version carries ANSI escapes lands in the printed results.

Pass version through the same strip() the sibling fields use. Added a regression test that a crafted version no longer reaches the terminal.

@ubeddulla ubeddulla requested review from a team as code owners June 30, 2026 10:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant