From 583eac58c145c2d23af7062288a0c2589c4be31b Mon Sep 17 00:00:00 2001 From: larabr <7375870+larabr@users.noreply.github.com> Date: Wed, 17 Sep 2025 14:07:51 +0200 Subject: [PATCH] Linter: enable stricter set of default rules (`strict-type-checked`) --- eslint.config.mjs | 6 +++++- lib/crypto/_md5.ts | 1 + lib/crypto/hash.ts | 2 +- lib/key/forwarding.ts | 14 ++++++++------ lib/message/context.ts | 2 +- lib/message/processMIME.ts | 5 ++--- lib/message/sign.js | 2 +- test/bigInteger.spec.ts | 2 +- test/key/forwarding.spec.ts | 4 ++-- 9 files changed, 22 insertions(+), 16 deletions(-) diff --git a/eslint.config.mjs b/eslint.config.mjs index 5709d9b..6fa4d37 100644 --- a/eslint.config.mjs +++ b/eslint.config.mjs @@ -12,7 +12,7 @@ import pluginStylistic from '@stylistic/eslint-plugin'; export default defineConfig( eslint.configs.recommended, - tseslint.configs.recommendedTypeChecked, + tseslint.configs.strictTypeChecked, { languageOptions: { ecmaVersion: 2022, @@ -111,6 +111,10 @@ export default defineConfig( '@typescript-eslint/no-unsafe-member-access': 'off', '@typescript-eslint/no-unsafe-argument': 'off', '@typescript-eslint/no-unsafe-assignment': 'off', + '@typescript-eslint/no-confusing-void-expression': 'off', + '@typescript-eslint/restrict-template-expressions': 'off', + '@typescript-eslint/no-unnecessary-condition': 'off', // due to https://typescript-eslint.io/rules/no-unnecessary-condition/#possibly-undefined-indexed-access + '@typescript-eslint/no-non-null-assertion': 'off', '@stylistic/indent': ['error', 4], '@stylistic/quotes': ['error', 'single'], '@stylistic/no-multiple-empty-lines': ['error', { max: 1 }], diff --git a/lib/crypto/_md5.ts b/lib/crypto/_md5.ts index ddb8134..a868cfd 100644 --- a/lib/crypto/_md5.ts +++ b/lib/crypto/_md5.ts @@ -73,6 +73,7 @@ class MD5 extends HashMD { this.set(A, B, C, D); } + // eslint-disable-next-line class-methods-use-this protected roundClean() { MD5_W.fill(0); } diff --git a/lib/crypto/hash.ts b/lib/crypto/hash.ts index a498f41..f4a7c69 100644 --- a/lib/crypto/hash.ts +++ b/lib/crypto/hash.ts @@ -27,7 +27,7 @@ export async function unsafeSHA1(data: MaybeWebStream>) return new Uint8Array(digest); } - const { sha1 } = await import('@noble/hashes/sha1'); + const { sha1 } = await import('@noble/hashes/legacy'); const hashInstance = sha1.create(); const inputReader = data.getReader(); // AsyncInterator is still not widely supported while (true) { diff --git a/lib/key/forwarding.ts b/lib/key/forwarding.ts index b1d8773..1b1a980 100644 --- a/lib/key/forwarding.ts +++ b/lib/key/forwarding.ts @@ -121,16 +121,17 @@ export async function generateForwardingMaterial( const forwarderSubkeyPacket = forwarderSubkey.keyPacket as SecretSubkeyPacket; const forwardeeSubkeyPacket = forwardeeKeyToSetup.subkeys[i].keyPacket as SecretSubkeyPacket; + const forwarderKeyFingerprint = forwarderSubkeyPacket.getFingerprintBytes()!; // Add KDF params for forwarding - // @ts-ignore missing publicParams definition + // @ts-expect-error missing publicParams definition const { hash, cipher } = forwarderSubkeyPacket.publicParams.kdfParams; - // @ts-ignore missing publicParams definition + // @ts-expect-error missing publicParams definition forwardeeSubkeyPacket.publicParams.kdfParams = new KDFParams({ version: 0xFF, hash, cipher, - replacementFingerprint: forwarderSubkeyPacket.getFingerprintBytes()!.subarray(0, 20) + replacementFingerprint: forwarderKeyFingerprint.subarray(0, 20) }); // Generate proxy factor k (server secret) @@ -142,14 +143,15 @@ export async function generateForwardingMaterial( ); // fingerprint to be updated with the new KDFParams - // @ts-ignore `computeFingerprintAndKeyID` not declared + // @ts-expect-error `computeFingerprintAndKeyID` not declared await forwardeeSubkeyPacket.computeFingerprintAndKeyID(); + const forwardeeKeyFingerprint = forwardeeSubkeyPacket.getFingerprintBytes()!; return { keyVersion: forwarderSubkeyPacket.version, proxyParameter, - forwarderKeyFingerprint: forwarderSubkeyPacket.getFingerprintBytes()!, - forwardeeKeyFingerprint: forwardeeSubkeyPacket.getFingerprintBytes()! + forwarderKeyFingerprint, + forwardeeKeyFingerprint }; })); diff --git a/lib/message/context.ts b/lib/message/context.ts index a7e8f1c..64e161b 100644 --- a/lib/message/context.ts +++ b/lib/message/context.ts @@ -59,7 +59,7 @@ export const getNotationForContext = (contextValue: string, critical: boolean): */ export const isValidSignatureContext = (contextOptions: ContextVerificationOptions, signature: SignaturePacket) => { const { value: expectedValue, required, requiredAfter } = contextOptions; - const isContextRequired = requiredAfter ? signature.created! >= normalizeDate(requiredAfter) : !!required; + const isContextRequired = requiredAfter ? signature.created! >= normalizeDate(requiredAfter) : required; // `rawNotations` are always hashed (i.e. signed), otherwise OpenPGP's ignores them on parsing const contextNotations = signature.rawNotations.filter(({ name }) => (name === CONTEXT_NOTATION_NAME)); diff --git a/lib/message/processMIME.ts b/lib/message/processMIME.ts index 441183c..3658c21 100644 --- a/lib/message/processMIME.ts +++ b/lib/message/processMIME.ts @@ -26,7 +26,7 @@ const verifySignature = async ( data: string ) => { const { headers } = await parseMail(data.split(/\r?\n\s*\r?\n/g)[0] + '\n\n'); - const [contentType] = headers['content-type'] || ['']; + const [contentType] = headers['content-type'] ?? ['']; const [baseContentType] = contentType.split(';'); if (baseContentType.toLowerCase() !== 'multipart/signed') { return { subdata: data, verificationStatus: VERIFICATION_STATUS.NOT_SIGNED, signatures: [] }; @@ -42,8 +42,7 @@ const verifySignature = async ( return { subdata: data, verificationStatus: VERIFICATION_STATUS.NOT_SIGNED, signatures: [] }; } const { attachments: [sigAttachment] = [] } = await parseMail(parts[2].trim()); - - const { contentType: sigAttachmentContentType = '', content: sigAttachmentContent = new Uint8Array() } = sigAttachment || {}; + const { contentType: sigAttachmentContentType = '', content: sigAttachmentContent = new Uint8Array() } = sigAttachment ?? {}; if (sigAttachmentContentType.toLowerCase() !== 'application/pgp-signature') { return { subdata: data, verificationStatus: VERIFICATION_STATUS.NOT_SIGNED, signatures: [] }; } diff --git a/lib/message/sign.js b/lib/message/sign.js index 7c8cfec..607697d 100644 --- a/lib/message/sign.js +++ b/lib/message/sign.js @@ -34,7 +34,7 @@ export default async function signMessage({ undefined }; - return sign(sanitizedOptions).catch((err) => { + return sign(sanitizedOptions).catch((/** @type {unknown} */ err) => { console.error(err); throw err; }); diff --git a/test/bigInteger.spec.ts b/test/bigInteger.spec.ts index a34a9b0..b4dc1a4 100644 --- a/test/bigInteger.spec.ts +++ b/test/bigInteger.spec.ts @@ -33,7 +33,7 @@ describe('BigInt utils', () => { it('toUint8Array is correct', () => { const nString = '417653931840771530406225971293556769925351769207235721650257629558293828796031115397206059067934284452829611906818956352854418342467914729341523414945427019410284762464062112274326172407819051167058569790660930309496043254270888417520676082271432948852231332576271876251597199882908964994070268531832274431027'; const n = BigInt(nString); - const paddedSize = Number(byteLength(n)) + 1; + const paddedSize = byteLength(n) + 1; // big endian, unpadded // @ts-expect-error `toArrayLike` incomplete definition let expected = new BN(nString).toArrayLike(Uint8Array); diff --git a/test/key/forwarding.spec.ts b/test/key/forwarding.spec.ts index daadcb8..8eda6d8 100644 --- a/test/key/forwarding.spec.ts +++ b/test/key/forwarding.spec.ts @@ -107,7 +107,7 @@ yGZuVVMAK/ypFfebDf4D/rlEw3cysv213m8aoK8nAUO8xQX3XQq3Sg+EGm0BNV8E const bobSubkey = await bobKey.getEncryptionKey(undefined, serverTime()); const charlieSubkey = charlieKey.subkeys[0]; - expect(charlieSubkey.bindingSignatures[0].keyFlags![0]).to.equal(enums.keyFlags.forwardedCommunication); + expect(charlieSubkey.bindingSignatures[0].keyFlags?.[0]).to.equal(enums.keyFlags.forwardedCommunication); // @ts-ignore oid field not defined expect(charlieSubkey.keyPacket.publicParams.oid).to.deep.equal(bobSubkey.keyPacket.publicParams.oid); // Check KDF params @@ -148,7 +148,7 @@ P0GnopWOyFNNFWK77LQN const bobSubkey = await bobKey.getEncryptionKey(); const charlieSubkey = charlieKey.subkeys[0]; - expect(charlieSubkey.bindingSignatures[0].keyFlags![0]).to.equal(enums.keyFlags.forwardedCommunication); + expect(charlieSubkey.bindingSignatures[0].keyFlags?.[0]).to.equal(enums.keyFlags.forwardedCommunication); // @ts-ignore oid field not defined expect(charlieSubkey.keyPacket.publicParams.oid).to.deep.equal(bobSubkey.keyPacket.publicParams.oid);