wylab/claude-hub
1
0
Fork 0
forked from claude-did-this/claude-hub
Code Issues 1 Pull Requests Activity
Files
d5755681b30b8c578e9611f515350db1871b07e5
claude-hub/package.json
Jonathan Flatt d5755681b3 security: address all CodeQL security vulnerabilities 
## Security Fixes

1. **Log Injection Prevention**
   - Sanitize event names in webhook logging with replace(/[\r\n\t]/g, '_')
   - Sanitize HTTP method and URL in request logging
   - Prevents CRLF injection and log poisoning attacks

2. **Rate Limiting Implementation**
   - Add express-rate-limit middleware to prevent DoS attacks
   - General API: 100 requests per 15 minutes per IP
   - Webhooks: 50 requests per 5 minutes per IP
   - Skip rate limiting in test environment
   - Addresses CodeQL "Missing rate limiting" alerts

3. **Code Quality Improvements**
   - Remove useless conditional in processBotMention function
   - Simplify function signature by removing unused isPullRequest parameter
   - Fix TypeScript unused variable warning

## Technical Details
- All unit tests passing (67/67)
- TypeScript compilation clean
- Backward compatibility maintained
- Security-first approach with input sanitization

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-05-28 08:26:05 -05:00

68 lines
2.1 KiB
JSON
Raw Blame History

{
"name": "claude-github-webhook",
"version": "1.0.0",
"description": "A webhook endpoint for Claude to perform git and GitHub actions",
"main": "dist/index.js",
"scripts": {
"build": "tsc",
"build:watch": "tsc --watch",
"start": "node dist/index.js",
"start:dev": "node src/index.js",
"dev": "ts-node src/index.js",
"dev:watch": "nodemon --exec ts-node src/index.js",
"clean": "rm -rf dist",
"typecheck": "tsc --noEmit",
"test": "jest",
"test:unit": "jest --testMatch='**/test/unit/**/*.test.{js,ts}'",
"test:e2e": "jest --testMatch='**/test/e2e/**/*.test.{js,ts}'",
"test:coverage": "jest --coverage",
"test:watch": "jest --watch",
"test:ci": "jest --ci --coverage --testPathPattern='test/(unit|integration).*\\.test\\.(js|ts)$'",
"pretest": "./scripts/utils/ensure-test-dirs.sh",
"lint": "eslint src/ test/ --fix",
"lint:check": "eslint src/ test/",
"format": "prettier --write src/ test/",
"format:check": "prettier --check src/ test/",
"security:audit": "npm audit --audit-level=moderate",
"security:fix": "npm audit fix",
"setup:dev": "husky install"
},
"dependencies": {
"@octokit/rest": "^22.0.0",
"axios": "^1.6.2",
"body-parser": "^2.2.0",
"commander": "^14.0.0",
"dotenv": "^16.3.1",
"express": "^5.1.0",
"express-rate-limit": "^7.5.0",
"pino": "^9.7.0",
"pino-pretty": "^13.0.0"
},
"devDependencies": {
"@babel/core": "^7.27.3",
"@babel/preset-env": "^7.27.2",
"@jest/globals": "^30.0.0-beta.3",
"@types/body-parser": "^1.19.5",
"@types/express": "^5.0.2",
"@types/jest": "^29.5.14",
"@types/node": "^22.15.23",
"@typescript-eslint/eslint-plugin": "^8.33.0",
"@typescript-eslint/parser": "^8.33.0",
"babel-jest": "^29.7.0",
"eslint": "^9.27.0",
"eslint-config-node": "^4.1.0",
"husky": "^9.1.7",
"jest": "^29.7.0",
"jest-junit": "^16.0.0",
"nodemon": "^3.0.1",
"prettier": "^3.0.0",
"supertest": "^7.1.1",
"ts-jest": "^29.3.4",
"ts-node": "^10.9.2",
"typescript": "^5.8.3"
},
"engines": {
"node": ">=20.0.0"
}
}
Reference in New Issue View Git Blame Copy Permalink