Update implementation for spec changes

Author: jdalton

package-lock.json

@@ -64,7 +64,7 @@
     "@biomejs/biome": "2.1.4",
     "@eslint/compat": "1.3.2",
     "@eslint/js": "9.32.0",
-    "@socketsecurity/registry": "1.0.265",
+    "@socketsecurity/registry": "1.0.266",
     "all-the-package-names": "2.0.0",
     "all-the-package-names-v1.3905.0": "npm:[email protected]",
     "custompatch": "1.1.8",

package.json

@@ -12,25 +12,31 @@ const { encodeURIComponent: encodeComponent } = globalThis
 
 function encodeName(name) {
   return isNonEmptyString(name)
-    ? encodeComponent(name).replace(/%3A/g, ':')
+    ? encodeComponent(name).replaceAll('%3A', ':')
     : ''
 }
 
 function encodeNamespace(namespace) {
   return isNonEmptyString(namespace)
-    ? encodeComponent(namespace).replace(/%3A/g, ':').replace(/%2F/g, '/')
+    ? encodeComponent(namespace).replaceAll('%3A', ':').replaceAll('%2F', '/')
     : ''
 }
 
 function encodeQualifierParam(param) {
   if (isNonEmptyString(param)) {
+    // Replace spaces with %20's so they don't get converted to plus signs.
+    const value = String(param).replaceAll(' ', '%20')
+    // Use URLSearchParams#set to preserve plus signs.
+    // https://developer.mozilla.org/en-US/docs/Web/API/URLSearchParams#preserving_plus_signs
+    REUSED_SEARCH_PARAMS.set(REUSED_SEARCH_PARAMS_KEY, value)
     // Param key and value are encoded with `percentEncodeSet` of
     // 'application/x-www-form-urlencoded' and `spaceAsPlus` of `true`.
     // https://url.spec.whatwg.org/#urlencoded-serializing
-    REUSED_SEARCH_PARAMS.set(REUSED_SEARCH_PARAMS_KEY, param)
-    return replacePlusSignWithPercentEncodedSpace(
-      REUSED_SEARCH_PARAMS.toString().slice(REUSED_SEARCH_PARAMS_OFFSET)
-    )
+    const search = REUSED_SEARCH_PARAMS.toString()
+    return search
+      .slice(REUSED_SEARCH_PARAMS_OFFSET)
+      .replaceAll('%2520', '%20')
+      .replaceAll('+', '%2B')
   }
   return ''
 }
@@ -42,30 +48,32 @@ function encodeQualifiers(qualifiers) {
     const searchParams = new URLSearchParams()
     for (let i = 0, { length } = qualifiersKeys; i < length; i += 1) {
       const key = qualifiersKeys[i]
-      searchParams.set(key, qualifiers[key])
+      // Replace spaces with %20's so they don't get converted to plus signs.
+      const value = String(qualifiers[key]).replaceAll(' ', '%20')
+      // Use URLSearchParams#set to preserve plus signs.
+      // https://developer.mozilla.org/en-US/docs/Web/API/URLSearchParams#preserving_plus_signs
+      searchParams.set(key, value)
     }
-    return replacePlusSignWithPercentEncodedSpace(searchParams.toString())
+    return searchParams
+      .toString()
+      .replaceAll('%2520', '%20')
+      .replaceAll('+', '%2B')
   }
   return ''
 }
 
 function encodeSubpath(subpath) {
   return isNonEmptyString(subpath)
-    ? encodeComponent(subpath).replace(/%2F/g, '/')
+    ? encodeComponent(subpath).replaceAll('%2F', '/')
     : ''
 }
 
 function encodeVersion(version) {
   return isNonEmptyString(version)
-    ? encodeComponent(version).replace(/%3A/g, ':').replace(/%2B/g, '+')
+    ? encodeComponent(version).replaceAll('%3A', ':')
     : ''
 }
 
-function replacePlusSignWithPercentEncodedSpace(str) {
-  // Convert plus signs to %20 for better portability.
-  return str.replace(/\+/g, '%20')
-}
-
 module.exports = {
   encodeComponent,
   encodeName,

src/encode.js

@@ -50,6 +50,7 @@ function normalizePath(pathname, callback) {
 
 function normalizeQualifiers(rawQualifiers) {
   let qualifiers
+  // Use for-of to work with entries iterators.
   for (const { 0: key, 1: value } of qualifiersToEntries(rawQualifiers)) {
     const strValue = typeof value === 'string' ? value : String(value)
     const trimmed = strValue.trim()
@@ -85,7 +86,8 @@ function normalizeVersion(rawVersion) {
 
 function qualifiersToEntries(rawQualifiers) {
   if (isObject(rawQualifiers)) {
-    return rawQualifiers instanceof URLSearchParams
+    // URLSearchParams instances have an "entries" method that returns an iterator.
+    return typeof rawQualifiers.entries === 'function'
       ? rawQualifiers.entries()
       : Object.entries(rawQualifiers)
   }

src/normalize.js

@@ -214,9 +214,17 @@ class PackageURL {
     }
 
     let rawQualifiers
-    const { searchParams } = url
-    if (searchParams.size !== 0) {
-      searchParams.forEach(value => decodePurlComponent('qualifiers', value))
+    if (url.searchParams.size !== 0) {
+      const search = url.search.slice(1)
+      const searchParams = new URLSearchParams()
+      const entries = search.split('&')
+      for (let i = 0, { length } = entries; i < length; i += 1) {
+        const pairs = entries[i].split('=')
+        const value = decodePurlComponent('qualifiers', pairs.at(1) ?? '')
+        // Use URLSearchParams#append to preserve plus signs.
+        // https://developer.mozilla.org/en-US/docs/Web/API/URLSearchParams#preserving_plus_signs
+        searchParams.append(pairs[0], value)
+      }
       // Split the remainder once from right on '?'.
       rawQualifiers = searchParams
     }

src/package-url.js

@@ -36,10 +36,11 @@ function validateQualifiers(qualifiers, throws) {
     return false
   }
   const keysIterable =
-    // URL searchParams have an "keys" method that returns an iterator.
+    // URLSearchParams instances have a "keys" method that returns an iterator.
     typeof qualifiers.keys === 'function'
       ? qualifiers.keys()
       : Object.keys(qualifiers)
+  // Use for-of to work with URLSearchParams#keys iterators.
   for (const key of keysIterable) {
     if (!validateQualifierKey(key, throws)) {
       return false
@@ -136,7 +137,7 @@ function validateType(type, throws) {
     return false
   }
   // The package type is composed only of ASCII letters and numbers,
-  // '.', '+' and '-' (period, plus, and dash)
+  // '.' (period), and '-' (dash).
   for (let i = 0, { length } = type; i < length; i += 1) {
     const code = type.charCodeAt(i)
     // biome-ignore format: newlines
@@ -147,7 +148,6 @@ function validateType(type, throws) {
           (code >= 65 && code <= 90) || // A-Z
           (code >= 97 && code <= 122) || // a-z
           code === 46 || // .
-          code === 43 || // +
           code === 45
         ) // -
       )

src/validate.js

@@ -1,15 +1,33 @@
 'use strict'
 
 const assert = require('node:assert/strict')
+const path = require('node:path')
 const { describe, it } = require('node:test')
 
-const TEST_FILE = require('./data/test-suite-data.json')
+const { glob } = require('fast-glob')
+
+const { readJson } = require('@socketsecurity/registry/lib/fs')
+const { isObject } = require('@socketsecurity/registry/lib/objects')
+
 const { PackageURL } = require('../src/package-url')
 
 describe('PackageURL', () => {
-  it('Benchmarking the library', () => {
+  it('Benchmarking the library', async () => {
+    const TEST_FILES = (
+      await Promise.all(
+        (
+          await glob(['**/**.json'], {
+            absolute: true,
+            cwd: path.join(__dirname, 'data')
+          })
+        ).map(p => readJson(p))
+      )
+    )
+      .filter(Boolean)
+      .flatMap(o => o.tests ?? [])
+
     const iterations = 10000
-    const data = TEST_FILE.filter(obj => !obj.is_invalid)
+    const data = TEST_FILES.filter(obj => isObject(obj.expected_output))
     const { length: dataLength } = data
     const objects = []
     for (let i = 0; i < iterations; i += dataLength) {
@@ -23,13 +41,14 @@ describe('PackageURL', () => {
     const start = Date.now()
     for (let i = 0; i < iterations; i += 1) {
       const obj = objects[i]
+      const { expected_output } = obj
       const purl = new PackageURL(
-        obj.type,
-        obj.namespace,
-        obj.name,
-        obj.version,
-        obj.qualifiers,
-        obj.subpath
+        expected_output.type,
+        expected_output.namespace,
+        expected_output.name,
+        expected_output.version,
+        expected_output.qualifiers,
+        expected_output.subpath
       )
       PackageURL.fromString(purl.toString())
     }