Linter: enable stricter set of default rules (strict-type-checked)

eslint.config.mjs

@@ -12,7 +12,7 @@ import pluginStylistic from '@stylistic/eslint-plugin';
 
 export default defineConfig(
     eslint.configs.recommended,
-    tseslint.configs.recommendedTypeChecked,
+    tseslint.configs.strictTypeChecked,
     {
         languageOptions: {
             ecmaVersion: 2022,
@@ -111,6 +111,10 @@ export default defineConfig(
             '@typescript-eslint/no-unsafe-member-access': 'off',
             '@typescript-eslint/no-unsafe-argument': 'off',
             '@typescript-eslint/no-unsafe-assignment': 'off',
+            '@typescript-eslint/no-confusing-void-expression': 'off',
+            '@typescript-eslint/restrict-template-expressions': 'off',
+            '@typescript-eslint/no-unnecessary-condition': 'off', // due to https://typescript-eslint.io/rules/no-unnecessary-condition/#possibly-undefined-indexed-access
+            '@typescript-eslint/no-non-null-assertion': 'off',
             '@stylistic/indent': ['error', 4],
             '@stylistic/quotes': ['error', 'single'],
             '@stylistic/no-multiple-empty-lines': ['error', { max: 1 }],

lib/crypto/_md5.ts

@@ -73,6 +73,7 @@ class MD5 extends HashMD<MD5> {
         this.set(A, B, C, D);
     }
 
+    // eslint-disable-next-line class-methods-use-this
     protected roundClean() {
         MD5_W.fill(0);
     }

lib/crypto/hash.ts

@@ -27,7 +27,7 @@ export async function unsafeSHA1(data: MaybeWebStream<Uint8Array<ArrayBuffer>>)
         return new Uint8Array(digest);
     }
 
-    const { sha1 } = await import('@noble/hashes/sha1');
+    const { sha1 } = await import('@noble/hashes/legacy');
     const hashInstance = sha1.create();
     const inputReader = data.getReader(); // AsyncInterator is still not widely supported
     while (true) {

lib/key/forwarding.ts

@@ -121,16 +121,17 @@ export async function generateForwardingMaterial(
 
         const forwarderSubkeyPacket = forwarderSubkey.keyPacket as SecretSubkeyPacket;
         const forwardeeSubkeyPacket = forwardeeKeyToSetup.subkeys[i].keyPacket as SecretSubkeyPacket;
+        const forwarderKeyFingerprint = forwarderSubkeyPacket.getFingerprintBytes()!;
 
         // Add KDF params for forwarding
-        // @ts-ignore missing publicParams definition
+        // @ts-expect-error missing publicParams definition
         const { hash, cipher } = forwarderSubkeyPacket.publicParams.kdfParams;
-        // @ts-ignore missing publicParams definition
+        // @ts-expect-error missing publicParams definition
         forwardeeSubkeyPacket.publicParams.kdfParams = new KDFParams({
             version: 0xFF,
             hash,
             cipher,
-            replacementFingerprint: forwarderSubkeyPacket.getFingerprintBytes()!.subarray(0, 20)
+            replacementFingerprint: forwarderKeyFingerprint.subarray(0, 20)
         });
 
         // Generate proxy factor k (server secret)
@@ -142,14 +143,15 @@ export async function generateForwardingMaterial(
         );
 
         // fingerprint to be updated with the new KDFParams
-        // @ts-ignore `computeFingerprintAndKeyID` not declared
+        // @ts-expect-error `computeFingerprintAndKeyID` not declared
         await forwardeeSubkeyPacket.computeFingerprintAndKeyID();
+        const forwardeeKeyFingerprint = forwardeeSubkeyPacket.getFingerprintBytes()!;
 
         return {
             keyVersion: forwarderSubkeyPacket.version,
             proxyParameter,
-            forwarderKeyFingerprint: forwarderSubkeyPacket.getFingerprintBytes()!,
-            forwardeeKeyFingerprint: forwardeeSubkeyPacket.getFingerprintBytes()!
+            forwarderKeyFingerprint,
+            forwardeeKeyFingerprint
         };
     }));
 

lib/message/context.ts

@@ -59,7 +59,7 @@ export const getNotationForContext = (contextValue: string, critical: boolean):
  */
 export const isValidSignatureContext = (contextOptions: ContextVerificationOptions, signature: SignaturePacket) => {
     const { value: expectedValue, required, requiredAfter } = contextOptions;
-    const isContextRequired = requiredAfter ? signature.created! >= normalizeDate(requiredAfter) : !!required;
+    const isContextRequired = requiredAfter ? signature.created! >= normalizeDate(requiredAfter) : required;
 
     // `rawNotations` are always hashed (i.e. signed), otherwise OpenPGP's ignores them on parsing
     const contextNotations = signature.rawNotations.filter(({ name }) => (name === CONTEXT_NOTATION_NAME));

lib/message/processMIME.ts

@@ -26,7 +26,7 @@ const verifySignature = async (
     data: string
 ) => {
     const { headers } = await parseMail(data.split(/\r?\n\s*\r?\n/g)[0] + '\n\n');
-    const [contentType] = headers['content-type'] || [''];
+    const [contentType] = headers['content-type'] ?? [''];
     const [baseContentType] = contentType.split(';');
     if (baseContentType.toLowerCase() !== 'multipart/signed') {
         return { subdata: data, verificationStatus: VERIFICATION_STATUS.NOT_SIGNED, signatures: [] };
@@ -42,8 +42,7 @@ const verifySignature = async (
         return { subdata: data, verificationStatus: VERIFICATION_STATUS.NOT_SIGNED, signatures: [] };
     }
     const { attachments: [sigAttachment] = [] } = await parseMail(parts[2].trim());
-
-    const { contentType: sigAttachmentContentType = '', content: sigAttachmentContent = new Uint8Array() } = sigAttachment || {};
+    const { contentType: sigAttachmentContentType = '', content: sigAttachmentContent = new Uint8Array() } = sigAttachment ?? {};
     if (sigAttachmentContentType.toLowerCase() !== 'application/pgp-signature') {
         return { subdata: data, verificationStatus: VERIFICATION_STATUS.NOT_SIGNED, signatures: [] };
     }

lib/message/sign.js

@@ -34,7 +34,7 @@ export default async function signMessage({
             undefined
     };
 
-    return sign(sanitizedOptions).catch((err) => {
+    return sign(sanitizedOptions).catch((/** @type {unknown} */ err) => {
         console.error(err);
         throw err;
     });

test/bigInteger.spec.ts

@@ -33,7 +33,7 @@ describe('BigInt utils', () => {
     it('toUint8Array is correct', () => {
         const nString = '417653931840771530406225971293556769925351769207235721650257629558293828796031115397206059067934284452829611906818956352854418342467914729341523414945427019410284762464062112274326172407819051167058569790660930309496043254270888417520676082271432948852231332576271876251597199882908964994070268531832274431027';
         const n = BigInt(nString);
-        const paddedSize = Number(byteLength(n)) + 1;
+        const paddedSize = byteLength(n) + 1;
         // big endian, unpadded
         // @ts-expect-error `toArrayLike` incomplete definition
         let expected = new BN(nString).toArrayLike(Uint8Array);

test/key/forwarding.spec.ts

@@ -107,7 +107,7 @@ yGZuVVMAK/ypFfebDf4D/rlEw3cysv213m8aoK8nAUO8xQX3XQq3Sg+EGm0BNV8E
         const bobSubkey = await bobKey.getEncryptionKey(undefined, serverTime());
         const charlieSubkey = charlieKey.subkeys[0];
 
-        expect(charlieSubkey.bindingSignatures[0].keyFlags![0]).to.equal(enums.keyFlags.forwardedCommunication);
+        expect(charlieSubkey.bindingSignatures[0].keyFlags?.[0]).to.equal(enums.keyFlags.forwardedCommunication);
         // @ts-ignore oid field not defined
         expect(charlieSubkey.keyPacket.publicParams.oid).to.deep.equal(bobSubkey.keyPacket.publicParams.oid);
         // Check KDF params
@@ -148,7 +148,7 @@ P0GnopWOyFNNFWK77LQN
         const bobSubkey = await bobKey.getEncryptionKey();
         const charlieSubkey = charlieKey.subkeys[0];
 
-        expect(charlieSubkey.bindingSignatures[0].keyFlags![0]).to.equal(enums.keyFlags.forwardedCommunication);
+        expect(charlieSubkey.bindingSignatures[0].keyFlags?.[0]).to.equal(enums.keyFlags.forwardedCommunication);
         // @ts-ignore oid field not defined
         expect(charlieSubkey.keyPacket.publicParams.oid).to.deep.equal(bobSubkey.keyPacket.publicParams.oid);