Thank you for your interest in contributing to safe-formdata!
- README.md: Understand the design principles and what safe-formdata is (and isn't)
- AGENTS.md: Review the non-negotiable implementation rules
- Design decisions (Why not?): Understand why certain features are intentionally excluded
Critical: If your contribution makes the parser smarter, more convenient, or more opinionated, it likely violates the boundary and will be rejected.
- Node.js ^20.19.0 || >= 22.12.0
- Package manager: Bun
This project uses Bun for development. Other package managers are not supported.
git clone https://github.com/roottool/safe-formdata.git
cd safe-formdata
bun installbun run dev # Watch mode for building
bun run test:watch # Watch mode for testing- 🧱 Keys are opaque: Never interpret key naming conventions
- 🚫 No silent fixes: Report issues, never correct them
- ⚖️ Parsing is not validation: Schema logic belongs outside the boundary
- 🔒️ Security over convenience: Surface unsafe input explicitly
Features that violate these principles:
- Structural inference (arrays, objects, nested data)
- Duplicate key resolution (first-wins, last-wins, merging)
- Value validation or type coercion
- Configuration options or flags
- Framework-specific behavior
- Performance optimizations that compromise correctness
See AGENTS.md: Non-goals for the complete list.
Before implementing:
- Confirm alignment with README.md design principles
- Apply AGENTS.md technical constraints
- If unsure, open an issue for discussion
Run these commands before submitting:
bun run check:source # Linting and formatting must pass
bun run check:type:source # TypeScript type checking must pass
bun run test # All tests must pass
bun run build # Build must succeedFor local validation before pushing (mimics publish workflow):
bun run prepare:publish # Runs all checks: type checking, tests, build, package validation- Write tests for all new functionality
- Maintain full coverage for boundary and security-critical paths
- Test security constraints (forbidden keys, prototype pollution)
bun run test:coverage # View coverage reportMandatory security rules (AGENTS.md)
- Use
Object.create(null)for parsed data (no prototype) - Reject forbidden keys:
__proto__,constructor,prototype - Never throw for input-derived errors (return ParseResult with issues)
Before submitting a PR:
- Read README.md design principles
- Read AGENTS.md implementation rules
- Confirmed change does not violate the boundary
- Added tests for new functionality
- Linting and formatting passes (
bun run check:source) - Type checking passes (
bun run check:type:source) - All tests pass (
bun run test) - Build succeeds (
bun run build)
Include the following:
- Problem: What issue does this solve?
- Solution: How does this maintain the boundary?
- AGENTS.md compliance: Which rules does this follow?
- Tests: What test cases were added?
PRs are evaluated against:
- Alignment with design principles (README.md)
- Compliance with technical rules (AGENTS.md)
- Review rule of thumb: Does it make the parser smarter/more convenient? → Likely rejected
- Feature requests: Check README.md: Design decisions (Why not?) first
- Bug reports: Ensure it's a boundary violation, not expected behavior
Most feature requests will be declined because they violate the boundary.
Acceptable: Bugs in boundary enforcement, security issues, documentation improvements Not acceptable: Convenience features, structural inference, schema validation
For security vulnerabilities, please open an issue or contact the maintainer directly.
- Open an issue for discussion
- Reference AGENTS.md for implementation questions
- Reference README.md for design philosophy questions
By contributing, you agree that your contributions will be licensed under the MIT License.