Fix linting issues and update CLAUDE.md

- Remove trailing spaces in test file to satisfy neostandard linting
- Update CLAUDE.md with current project structure and tooling:
  * Changed from standard to neostandard with ESLint 9
  * Updated test commands and structure (test/ directory)
  * Added TypeScript support information
  * Enhanced security details about constructor.prototype handling

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>
Signed-off-by: Matteo Collina <[email protected]>

Author: mcollina

CLAUDE.md

@@ -0,0 +1,62 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Project Overview
+
+This is **secure-json-parse**, a drop-in replacement for `JSON.parse()` that protects against prototype poisoning attacks. The library detects and handles dangerous `__proto__` and `constructor` properties in JSON that could lead to prototype pollution vulnerabilities.
+
+## Architecture
+
+- **Single-file module**: `index.js` contains the core functionality
+- **Three main functions**:
+  - `parse()`: Main JSON parsing with security checks (supports reviver and options)
+  - `scan()` (exported as `filter`): Scans existing objects for dangerous properties  
+  - `safeParse()`: Returns undefined instead of throwing errors
+- **Security approach**: Uses regex pre-scanning for performance, then deep object traversal for thorough cleanup
+- **Enhanced security**: Now specifically targets `constructor.prototype` patterns rather than any `constructor` property
+- **Action modes**: `error` (default), `remove`, or `ignore` for both `protoAction` and `constructorAction`
+- **TypeScript support**: Includes TypeScript definitions in `types/` directory
+
+## Commands
+
+### Testing
+```bash
+npm test                # Run linting, unit tests, and TypeScript tests
+npm run test:unit       # Run unit tests only (tape)
+npm run test:typescript # Run TypeScript definition tests (tsd)
+npm run test:browser    # Run tests in browsers using airtap
+```
+
+### Linting
+```bash
+npm run lint            # Run ESLint with neostandard config
+npm run lint:fix        # Auto-fix linting issues where possible
+```
+
+### Benchmarking
+```bash
+npm run benchmark       # Run performance benchmarks against standard JSON.parse
+```
+
+### Code Standards
+- Uses **neostandard** with **ESLint 9** for linting
+- **Tape** for testing framework
+- **nyc** for test coverage
+- **tsd** for TypeScript definition testing
+- Test files located in `test/` directory (not root)
+
+### Git Workflow
+- Use `git commit -s` to add Developer Certificate of Origin signoff
+- Create feature branches for changes
+- All commits should include proper signoff for contribution tracking
+
+## Testing Notes
+
+- Tests cover all action combinations (`error`/`remove`/`ignore`)
+- Unicode escape sequence handling is thoroughly tested  
+- Buffer and BOM (Byte Order Mark) support included
+- Tests verify behavior with overwritten `hasOwnProperty`
+- Constructor null handling is tested to prevent TypeError
+- Enhanced security tests for `constructor.prototype` patterns specifically
+- TypeScript definitions are validated with test files in `types/`

test/index.test.js

@@ -263,13 +263,13 @@ test('parse', t => {
         j.parse('{"constructor": null}', { constructorAction: 'remove' }),
         { constructor: null }
       )
-      
+
       // Test that constructor: null doesn't throw error when using error action
       t.deepEqual(
         j.parse('{"constructor": null}', { constructorAction: 'error' }),
         { constructor: null }
       )
-      
+
       // Test that constructor: null is preserved when using ignore action
       t.deepEqual(
         j.parse('{"constructor": null}', { constructorAction: 'ignore' }),