Skip to content

fix(search): strip control characters from registry version field#9705

Open
ubeddulla wants to merge 1 commit into
npm:latestfrom
ubeddulla:search-strip-version
Open

fix(search): strip control characters from registry version field#9705
ubeddulla wants to merge 1 commit into
npm:latestfrom
ubeddulla:search-strip-version

Conversation

@ubeddulla

Copy link
Copy Markdown
Contributor
  1. the search text formatter runs every registry field through stripVTControlCharacters except version, which is interpolated as-is.
  2. the global output filter only escapes C0/C1 controls and deliberately keeps SGR sequences, so a package whose version carries ANSI escapes lands in the printed results.

Pass version through the same strip() the sibling fields use. Added a regression test that a crafted version no longer reaches the terminal.

@ubeddulla ubeddulla requested review from a team as code owners June 30, 2026 10:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

1 participant