eser
diff --git a/‎.github/SECURITY.md‎
Lines changed: 114 additions & 7 deletions b/‎.github/SECURITY.md‎
Lines changed: 114 additions & 7 deletions
diff --git a/‎.github/workflows/build.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/build.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎README.md‎
Lines changed: 3 additions & 3 deletions b/‎README.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎deno.lock‎
Lines changed: 7 additions & 0 deletions b/‎deno.lock‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎pkg/@eser/bundler/deno.json‎
Lines changed: 1 addition & 0 deletions b/‎pkg/@eser/bundler/deno.json‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎pkg/@eser/bundler/esbuild.test.ts‎
Lines changed: 202 additions & 0 deletions b/‎pkg/@eser/bundler/esbuild.test.ts‎
Lines changed: 202 additions & 0 deletions
@@ -2,17 +2,124 @@
 
 ## Supported Versions
 
-Use this section to tell people about which versions of your project are
-currently being supported with security updates.
+We take security seriously and provide security updates for the following
+versions:
 
 | Version | Supported          |
 | ------- | ------------------ |
-| 1.0.x   | :white_check_mark: |
-| < 0.9   | :x:                |
+| 0.8.x   | :white_check_mark: |
+| 0.7.x   | :white_check_mark: |
+| < 0.7   | :x:                |
 
 ## Reporting a Vulnerability
 
-Use this section to tell people how to report a vulnerability.
+We greatly appreciate security research and responsible disclosure of
+vulnerabilities. If you discover a security vulnerability in eserstack, please
+report it to us promptly.
 
-Tell them where to go, how often they can expect to get an update on a reported
-vulnerability, what to expect if the vulnerability is accepted or declined, etc.
+### How to Report
+
+Please **DO NOT** report security vulnerabilities through public GitHub issues.
+Instead, use one of the following methods:
+
+1. **GitHub Security Advisories** (Preferred): Use GitHub's private
+   vulnerability reporting feature
+2. **Email**: Send details to
+   [[email protected]](mailto:[email protected])
+
+### What to Include
+
+When reporting a vulnerability, please provide:
+
+- A clear description of the vulnerability
+- Steps to reproduce the issue
+- Potential impact assessment
+- Any suggested mitigations or fixes
+- Your contact information for follow-up
+
+### Response Timeline
+
+- **Initial Response**: We will acknowledge receipt within 48 hours
+- **Status Update**: We will provide a status update within 7 days
+- **Resolution**: We aim to resolve critical vulnerabilities within 30 days
+
+### Security Best Practices
+
+When using eserstack, please follow these security best practices:
+
+#### Dependency Injection
+
+- Validate all service factory functions
+- Avoid registering sensitive data directly as singleton services
+- Use proper error handling in service factories
+- Don't expose internal services through public APIs
+
+#### Configuration Management
+
+- Never commit sensitive configuration data to version control
+- Use environment variables for secrets and credentials
+- Validate all configuration inputs
+- Use secure defaults for configuration options
+
+#### Parsing and Input Handling
+
+- Always validate input data before processing
+- Use proper error boundaries to prevent information leakage
+- Sanitize user-provided data before parsing
+- Be cautious with dynamic imports and code execution
+
+#### File System Operations
+
+- Validate file paths to prevent directory traversal attacks
+- Use proper permissions and access controls
+- Avoid processing untrusted file contents without validation
+- Implement resource limits for file operations
+
+## Security Features
+
+eserstack includes several security features:
+
+- **Input Validation**: Built-in validation for service tokens and configuration
+- **Error Boundaries**: Proper error handling to prevent information disclosure
+- **Type Safety**: Strong TypeScript typing to prevent common vulnerabilities
+- **Secure Defaults**: Conservative default configurations
+- **Dependency Isolation**: Controlled dependency injection to prevent
+  unauthorized access
+
+## Known Security Considerations
+
+### Dynamic Imports
+
+The collector module uses dynamic imports which could potentially be exploited
+if file paths are not properly validated. Always validate module paths before
+using the collector.
+
+### Configuration Loading
+
+Configuration files are loaded and parsed dynamically. Ensure configuration
+files come from trusted sources and validate their contents.
+
+### Service Factory Functions
+
+Service factory functions in the DI container execute arbitrary code. Only
+register trusted factory functions.
+
+## Updates and Patches
+
+Security updates will be:
+
+- Released as patch versions for supported major versions
+- Announced through GitHub Security Advisories
+- Documented in the CHANGELOG.md with security impact noted
+- Tagged with appropriate CVE numbers when applicable
+
+## Contact
+
+For general security questions or to report non-critical security concerns, you
+can:
+
+- Open a GitHub Discussion in the Security category
+- Contact the maintainers through the issue tracker
+- Email us at [[email protected]](mailto:[email protected])
+
+Thank you for helping keep eserstack and its users safe!
@@ -46,7 +46,7 @@ jobs:
           # - windows-latest
           # - macOS-latest
         deno-version:
-          - 2.4.4
+          - 2.4.5
 
     steps:
       - name: Checkout repository
 
@@ -143,8 +143,8 @@ portable across all these platforms.
 
 ## 🚀 Jumpstart
 
-Ensure that [Deno](https://deno.land/) 1.45 or higher is installed on your
-system first.
+Ensure that [Deno](https://deno.land/) 2.4 or higher is installed on your system
+first.
 
 First, install `cool cli` globally, then create a new project:
 
@@ -187,7 +187,7 @@ your fork, and then submit a pull request.
 
 ### Requirements
 
-- Deno 1.45 or higher (https://deno.land/)
+- Deno 2.4 or higher (https://deno.land/)
 
 ### Versioning
 
 
@@ -2,6 +2,7 @@
   "name": "@eser/bundler",
   "version": "0.7.20",
   "imports": {
+    "@std/assert": "jsr:@std/assert@^1.0.0",
     "@std/encoding": "jsr:@std/encoding@^1.0.1",
     "@std/fmt": "jsr:@std/fmt@^1.0.8",
     "@std/path": "jsr:@std/path@^1.0.0",
 
@@ -0,0 +1,202 @@
+// Copyright 2023-present Eser Ozvataf and other contributors. All rights reserved. Apache-2.0 license.
+
+import * as assert from "@std/assert";
+import {
+  createEsbuildBuilderState,
+  EsbuildBuilder,
+  type EsbuildBuilderOptions,
+} from "./esbuild.ts";
+
+Deno.test("createEsbuildBuilderState() creates valid state", () => {
+  const options: EsbuildBuilderOptions = {
+    buildID: "test-build-123",
+    entrypoints: {
+      "main": "./src/main.ts",
+      "worker": "./src/worker.ts",
+    },
+    dev: true,
+    configPath: "./deno.json",
+    target: "es2022",
+    absoluteWorkingDir: "/project/root",
+    jsx: "precompile",
+    jsxImportSource: "@eser/jsx-runtime",
+    basePath: "/static",
+  };
+
+  const state = createEsbuildBuilderState(options);
+
+  assert.assertEquals(state.options, options);
+  assert.assertEquals(state.options.buildID, "test-build-123");
+  assert.assertEquals(state.options.dev, true);
+  assert.assertEquals(state.options.target, "es2022");
+});
+
+Deno.test("EsbuildBuilder constructor initializes with state", () => {
+  const options: EsbuildBuilderOptions = {
+    buildID: "test-build",
+    entrypoints: { "main": "./main.ts" },
+    dev: false,
+    configPath: "./deno.json",
+    target: "es2022",
+    absoluteWorkingDir: "/test",
+  };
+
+  const state = createEsbuildBuilderState(options);
+  const builder = new EsbuildBuilder(state);
+
+  assert.assertEquals(builder.state, state);
+  assert.assertEquals(builder.state.options.buildID, "test-build");
+});
+
+Deno.test("EsbuildBuilderOptions supports string target", () => {
+  const options: EsbuildBuilderOptions = {
+    buildID: "test",
+    entrypoints: {},
+    dev: false,
+    configPath: "./deno.json",
+    target: "es2022",
+    absoluteWorkingDir: "/test",
+  };
+
+  assert.assertEquals(options.target, "es2022");
+});
+
+Deno.test("EsbuildBuilderOptions supports array target", () => {
+  const options: EsbuildBuilderOptions = {
+    buildID: "test",
+    entrypoints: {},
+    dev: false,
+    configPath: "./deno.json",
+    target: ["es2022", "chrome90", "firefox88"],
+    absoluteWorkingDir: "/test",
+  };
+
+  assert.assertInstanceOf(options.target, Array);
+  assert.assertEquals(options.target.length, 3);
+  assert.assertEquals(options.target[0], "es2022");
+});
+
+Deno.test("EsbuildBuilderOptions handles empty entrypoints", () => {
+  const options: EsbuildBuilderOptions = {
+    buildID: "test",
+    entrypoints: {},
+    dev: false,
+    configPath: "./deno.json",
+    target: "es2022",
+    absoluteWorkingDir: "/test",
+  };
+
+  const state = createEsbuildBuilderState(options);
+  assert.assertEquals(Object.keys(state.options.entrypoints).length, 0);
+});
+
+Deno.test("EsbuildBuilderOptions handles multiple entrypoints", () => {
+  const entrypoints = {
+    "main": "./src/main.ts",
+    "admin": "./src/admin.ts",
+    "worker": "./src/worker.ts",
+  };
+
+  const options: EsbuildBuilderOptions = {
+    buildID: "test",
+    entrypoints,
+    dev: false,
+    configPath: "./deno.json",
+    target: "es2022",
+    absoluteWorkingDir: "/test",
+  };
+
+  const state = createEsbuildBuilderState(options);
+  assert.assertEquals(Object.keys(state.options.entrypoints).length, 3);
+  assert.assertEquals(state.options.entrypoints["main"], "./src/main.ts");
+  assert.assertEquals(state.options.entrypoints["admin"], "./src/admin.ts");
+  assert.assertEquals(state.options.entrypoints["worker"], "./src/worker.ts");
+});
+
+Deno.test("EsbuildBuilderOptions jsx configuration", () => {
+  const options: EsbuildBuilderOptions = {
+    buildID: "test",
+    entrypoints: {},
+    dev: false,
+    configPath: "./deno.json",
+    target: "es2022",
+    absoluteWorkingDir: "/test",
+    jsx: "react-jsx",
+    jsxImportSource: "react",
+  };
+
+  assert.assertEquals(options.jsx, "react-jsx");
+  assert.assertEquals(options.jsxImportSource, "react");
+});
+
+Deno.test("EsbuildBuilderOptions optional jsx fields", () => {
+  const options: EsbuildBuilderOptions = {
+    buildID: "test",
+    entrypoints: {},
+    dev: false,
+    configPath: "./deno.json",
+    target: "es2022",
+    absoluteWorkingDir: "/test",
+  };
+
+  assert.assertEquals(options.jsx, undefined);
+  assert.assertEquals(options.jsxImportSource, undefined);
+});
+
+Deno.test("EsbuildBuilderOptions basePath configuration", () => {
+  const options: EsbuildBuilderOptions = {
+    buildID: "test",
+    entrypoints: {},
+    dev: false,
+    configPath: "./deno.json",
+    target: "es2022",
+    absoluteWorkingDir: "/test",
+    basePath: "/static/assets",
+  };
+
+  assert.assertEquals(options.basePath, "/static/assets");
+});
+
+Deno.test("EsbuildBuilderOptions dev flag affects behavior", () => {
+  const devOptions: EsbuildBuilderOptions = {
+    buildID: "test",
+    entrypoints: {},
+    dev: true,
+    configPath: "./deno.json",
+    target: "es2022",
+    absoluteWorkingDir: "/test",
+  };
+
+  const prodOptions: EsbuildBuilderOptions = {
+    buildID: "test",
+    entrypoints: {},
+    dev: false,
+    configPath: "./deno.json",
+    target: "es2022",
+    absoluteWorkingDir: "/test",
+  };
+
+  assert.assertEquals(devOptions.dev, true);
+  assert.assertEquals(prodOptions.dev, false);
+});
+
+Deno.test("EsbuildBuilder state is readonly", () => {
+  const options: EsbuildBuilderOptions = {
+    buildID: "test",
+    entrypoints: {},
+    dev: false,
+    configPath: "./deno.json",
+    target: "es2022",
+    absoluteWorkingDir: "/test",
+  };
+
+  const state = createEsbuildBuilderState(options);
+  const builder = new EsbuildBuilder(state);
+
+  // Verify state is readonly by checking if it's the same reference
+  assert.assertEquals(builder.state, state);
+
+  // Try to verify readonly nature (TypeScript would catch this, but test the runtime behavior)
+  const originalState = builder.state;
+  assert.assertEquals(builder.state, originalState);
+});