chore(deps): remove validator lib (#1372)

kanadgupta · web-flow · commit 5c47c5f60269 · 2025-10-22T13:43:51.000-07:00
| 🚥 Resolves https://github.com/readmeio/rdme/security/dependabot/46 | | :------------------- | ## 🧰 Changes the dependabot alert above is technically for a function we don't use, but in digging into this i realized we really don't need this `validator` library at all. decided to swap out the `isEmail` function for a li'l regex and call it a day 💨
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -76,8 +76,7 @@
     "tmp-promise": "^3.0.3",
     "toposort": "^2.0.2",
     "undici": "^5.28.4",
-    "unzipper": "^0.12.3",
-    "validator": "^13.7.0"
+    "unzipper": "^0.12.3"
   },
   "devDependencies": {
     "@biomejs/biome": "^2.1.4",
@@ -98,7 +97,6 @@
     "@types/semver": "^7.3.12",
     "@types/toposort": "^2.0.7",
     "@types/unzipper": "^0.10.11",
-    "@types/validator": "^13.7.6",
     "@vitest/coverage-v8": "^3.0.0",
     "@vitest/expect": "^3.0.0",
     "alex": "^11.0.0",
diff --git a/src/lib/loginFlow.ts b/src/lib/loginFlow.ts
@@ -1,7 +1,6 @@
 import type { Hook } from '@oclif/core';
 
 import chalk from 'chalk';
-import isEmail from 'validator/lib/isEmail.js';
 
 import configStore from './configstore.js';
 import getCurrentConfig from './getCurrentConfig.js';
@@ -24,6 +23,14 @@ function loginFetch(body: LoginBody) {
   });
 }
 
+function isEmail(value: string) {
+  // Simple email regex sourced from https://emailregex.com/
+  const emailRegex =
+    /^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
+
+  return emailRegex.test(value);
+}
+
 /**
  * The prompt flow for logging a user in and writing the credentials to
  * `configstore`. This is a separate lib function because we reuse it both
@@ -47,7 +54,7 @@ export default async function loginFlow(
       message: 'What is your email address?',
       initial: storedConfig.email,
       validate(val) {
-        return isEmail.default(val) ? true : 'Please provide a valid email address.';
+        return isEmail(val) ? true : 'Please provide a valid email address.';
       },
     },
     {
@@ -68,7 +75,7 @@ export default async function loginFlow(
     return Promise.reject(new Error('No project subdomain provided. Please use `--project`.'));
   }
 
-  if (!isEmail.default(email)) {
+  if (!isEmail(email)) {
     return Promise.reject(new Error('You must provide a valid email address.'));
   }
 
