Review fixes: key order, response limit, archive validation, HTML escaping

- Preserve JSON key order: API methods return json.RawMessage (raw bytes);
  PrintJSON passes them directly to tidwall/pretty without re-encoding.
  Pagination merged output still re-encodes (map merge loses order, accepted).
- Response body limit: io.LimitReader(100MB) in doGet to prevent OOM.
- Archive ID validation: reject non-alphanumeric/dash/underscore IDs
  before URL construction (defense-in-depth against path traversal).
- Consistent HTML escaping: errors.go now uses SetEscapeHTML(false)
  matching output.go; & in URLs no longer escaped to \u0026 in errors.
- goreleaser brews: section added for automatic tap updates on release.
- jq path uses json.Decoder with UseNumber() to preserve integer fidelity.

Author: ilyazub

.goreleaser.yml

@@ -43,3 +43,18 @@ changelog:
     exclude:
       - "^docs:"
       - "^test:"
+
+brews:
+  - name: serpapi-cli
+    repository:
+      owner: serpapi
+      name: homebrew-tap
+      token: "{{ .Env.HOMEBREW_TAP_TOKEN }}"
+    folder: Formula
+    homepage: https://serpapi.com
+    description: "HTTP client for structured web search data via SerpApi"
+    license: MIT
+    install: |
+      bin.install "serpapi"
+    test: |
+      assert_match version.to_s, shell_output("#{bin}/serpapi --version")

pkg/api/client.go

@@ -58,7 +58,7 @@ func (c *Client) doGet(endpoint string, params map[string]string) ([]byte, error
 	}
 	defer resp.Body.Close()
 
-	body, err := io.ReadAll(resp.Body)
+	body, err := io.ReadAll(io.LimitReader(resp.Body, 100<<20)) // 100 MB limit
 	if err != nil {
 		return nil, &clierrors.NetworkError{Message: "Failed to read response: " + err.Error()}
 	}
@@ -81,24 +81,19 @@ func (c *Client) doGet(endpoint string, params map[string]string) ([]byte, error
 	return body, nil
 }
 
-func checkAPIError(data []byte, target any) error {
-	if err := json.Unmarshal(data, target); err != nil {
-		return &clierrors.ApiError{Message: "Failed to parse JSON response: " + err.Error()}
+// checkAPIError returns an ApiError if the JSON body contains a top-level "error" key.
+func checkAPIError(body []byte) error {
+	var envelope struct {
+		Error string `json:"error"`
 	}
-	// Check for top-level "error" key in map results
-	if m, ok := target.(*map[string]any); ok {
-		if errVal, exists := (*m)["error"]; exists {
-			if msg, ok := errVal.(string); ok {
-				return &clierrors.ApiError{Message: msg}
-			}
-			return &clierrors.ApiError{Message: "Unknown API error"}
-		}
+	if json.Unmarshal(body, &envelope) == nil && envelope.Error != "" {
+		return &clierrors.ApiError{Message: envelope.Error}
 	}
 	return nil
 }
 
 // Search performs a search request. If the client has an API key it is added to params.
-func (c *Client) Search(params map[string]string) (map[string]any, error) {
+func (c *Client) Search(params map[string]string) (json.RawMessage, error) {
 	p := make(map[string]string, len(params)+1)
 	for k, v := range params {
 		p[k] = v
@@ -111,65 +106,52 @@ func (c *Client) Search(params map[string]string) (map[string]any, error) {
 	if err != nil {
 		return nil, err
 	}
-
-	var result map[string]any
-	if err := checkAPIError(body, &result); err != nil {
+	if err := checkAPIError(body); err != nil {
 		return nil, err
 	}
-	return result, nil
+	return json.RawMessage(body), nil
 }
 
 // Account retrieves account information.
-func (c *Client) Account() (map[string]any, error) {
+func (c *Client) Account() (json.RawMessage, error) {
 	params := map[string]string{"api_key": c.apiKey}
 
 	body, err := c.doGet("/account.json", params)
 	if err != nil {
 		return nil, err
 	}
-
-	var result map[string]any
-	if err := checkAPIError(body, &result); err != nil {
+	if err := checkAPIError(body); err != nil {
 		return nil, err
 	}
-	return result, nil
+	return json.RawMessage(body), nil
 }
 
 // Locations queries the locations endpoint. No API key is added.
-func (c *Client) Locations(params map[string]string) ([]any, error) {
+func (c *Client) Locations(params map[string]string) (json.RawMessage, error) {
 	body, err := c.doGet("/locations.json", params)
 	if err != nil {
 		return nil, err
 	}
-
-	var result []any
-	if err := json.Unmarshal(body, &result); err != nil {
-		// Maybe it's an object with an error key
-		var obj map[string]any
-		if json.Unmarshal(body, &obj) == nil {
-			if errVal, ok := obj["error"]; ok {
-				if msg, ok := errVal.(string); ok {
-					return nil, &clierrors.ApiError{Message: msg}
-				}
-			}
+	// Locations returns a JSON array; check for an error object.
+	if len(body) > 0 && body[0] == '{' {
+		if err := checkAPIError(body); err != nil {
+			return nil, err
 		}
-		return nil, &clierrors.ApiError{Message: "Failed to parse JSON response: " + err.Error()}
+		return nil, &clierrors.ApiError{Message: "Unexpected response from locations endpoint"}
 	}
-	return result, nil
+	return json.RawMessage(body), nil
 }
 
 // Archive retrieves a previously cached search result by ID.
-func (c *Client) Archive(id string) (map[string]any, error) {
+func (c *Client) Archive(id string) (json.RawMessage, error) {
 	params := map[string]string{"api_key": c.apiKey}
 
 	body, err := c.doGet("/archive/"+id+".json", params)
 	if err != nil {
 		return nil, err
 	}
-
-	var result map[string]any
-	if err := checkAPIError(body, &result); err != nil {
+	if err := checkAPIError(body); err != nil {
 		return nil, err
 	}
-	return result, nil
+	return json.RawMessage(body), nil
 }

pkg/cmd/archive.go

@@ -1,11 +1,16 @@
 package cmd
 
 import (
+	"regexp"
+
 	"github.com/spf13/cobra"
 
 	"github.com/serpapi/serpapi-cli/pkg/api"
+	clierrors "github.com/serpapi/serpapi-cli/pkg/errors"
 )
 
+var reArchiveID = regexp.MustCompile(`^[a-zA-Z0-9_-]+$`)
+
 var archiveCmd = &cobra.Command{
 	Use:   "archive <id>",
 	Short: "Retrieve a previously cached search by ID",
@@ -18,6 +23,11 @@ func init() {
 }
 
 func runArchive(cmd *cobra.Command, args []string) error {
+	id := args[0]
+	if !reArchiveID.MatchString(id) {
+		return &clierrors.UsageError{Message: "Invalid archive ID: must contain only alphanumeric characters, dashes, and underscores"}
+	}
+
 	apiKey, err := resolveAPIKey()
 	if err != nil {
 		return err

pkg/cmd/login.go

@@ -2,6 +2,7 @@ package cmd
 
 import (
 	"bufio"
+	"encoding/json"
 	"fmt"
 	"io"
 	"os"
@@ -52,16 +53,17 @@ func runLogin(cmd *cobra.Command, args []string) error {
 	}
 
 	client := api.New(apiKey)
-	result, err := client.Account()
+	raw, err := client.Account()
 	if err != nil {
 		return err
 	}
 
 	email := "unknown"
-	if e, ok := result["account_email"]; ok {
-		if s, ok := e.(string); ok {
-			email = s
-		}
+	var account struct {
+		AccountEmail string `json:"account_email"`
+	}
+	if json.Unmarshal(raw, &account) == nil && account.AccountEmail != "" {
+		email = account.AccountEmail
 	}
 
 	if err := config.SaveConfig(apiKey); err != nil {

pkg/cmd/root.go

@@ -1,6 +1,8 @@
 package cmd
 
 import (
+	"bytes"
+	"encoding/json"
 	"fmt"
 	"os"
 
@@ -72,20 +74,27 @@ func resolveAPIKeyOptional() string {
 }
 
 // handleOutput applies --jq filtering and prints result.
-func handleOutput(result any) error {
+func handleOutput(raw json.RawMessage) error {
 	if jqFlag != "" {
-		results, err := jq.Apply(jqFlag, result)
+		// Unmarshal for jq processing; use decoder with UseNumber to preserve integer fidelity.
+		var v any
+		dec := json.NewDecoder(bytes.NewReader(raw))
+		dec.UseNumber()
+		if err := dec.Decode(&v); err != nil {
+			return &clierrors.ApiError{Message: "Failed to parse response: " + err.Error()}
+		}
+		results, err := jq.Apply(jqFlag, v)
 		if err != nil {
 			return &clierrors.UsageError{Message: err.Error()}
 		}
-		for _, v := range results {
-			if err := output.PrintJQValue(v, os.Stdout); err != nil {
+		for _, val := range results {
+			if err := output.PrintJQValue(val, os.Stdout); err != nil {
 				return &clierrors.ApiError{Message: fmt.Sprintf("Output error: %s", err)}
 			}
 		}
 		return nil
 	}
-	if err := output.PrintJSON(result); err != nil {
+	if err := output.PrintJSON(raw); err != nil {
 		return &clierrors.ApiError{Message: fmt.Sprintf("Output error: %s", err)}
 	}
 	return nil

pkg/cmd/search.go

@@ -1,6 +1,8 @@
 package cmd
 
 import (
+	"bytes"
+	"encoding/json"
 	"fmt"
 	"net/url"
 	"sort"
@@ -50,12 +52,12 @@ func runSearch(cmd *cobra.Command, args []string) error {
 		sp := newSpinner("Searching...")
 		sp.Start()
 		client := api.New(apiKey)
-		result, err := client.Search(paramsMap)
+		raw, err := client.Search(paramsMap)
 		sp.Stop()
 		if err != nil {
 			return err
 		}
-		return handleOutput(result)
+		return handleOutput(raw)
 	}
 
 	// Pagination mode
@@ -73,13 +75,21 @@ func runSearch(cmd *cobra.Command, args []string) error {
 	for {
 		sp := newSpinner(fmt.Sprintf("Fetching page %d...", pagesFetched+1))
 		sp.Start()
-		result, err := client.Search(currentParams)
+		raw, err := client.Search(currentParams)
 		sp.Stop()
 		if err != nil {
 			return err
 		}
 		pagesFetched++
 
+		// Unmarshal for pagination logic (merge requires map access).
+		var result map[string]any
+		dec := json.NewDecoder(bytes.NewReader(raw))
+		dec.UseNumber()
+		if err := dec.Decode(&result); err != nil {
+			return &clierrors.ApiError{Message: "Failed to parse response: " + err.Error()}
+		}
+
 		// Extract next pagination URL
 		var nextURL string
 		if pag, ok := result["serpapi_pagination"]; ok {
@@ -95,7 +105,6 @@ func runSearch(cmd *cobra.Command, args []string) error {
 		if accumulated == nil {
 			accumulated = result
 		} else {
-			// Merge: arrays are extended, scalars kept from page 1
 			for key, val := range result {
 				if newItems, ok := val.([]any); ok {
 					if existing, ok := accumulated[key]; ok {
@@ -139,10 +148,16 @@ func runSearch(cmd *cobra.Command, args []string) error {
 		return &clierrors.ApiError{Message: "No results returned"}
 	}
 
-	// Strip pagination metadata from merged result
 	delete(accumulated, "serpapi_pagination")
 
-	return handleOutput(accumulated)
+	// Re-encode merged result. Key order is lost (map merge), but & < > are not escaped.
+	var buf bytes.Buffer
+	enc := json.NewEncoder(&buf)
+	enc.SetEscapeHTML(false)
+	if err := enc.Encode(accumulated); err != nil {
+		return &clierrors.ApiError{Message: "Failed to encode result: " + err.Error()}
+	}
+	return handleOutput(json.RawMessage(bytes.TrimRight(buf.Bytes(), "\n")))
 }
 
 // parseNextParams extracts query parameters from a full URL.

pkg/errors/errors.go

@@ -1,6 +1,7 @@
 package errors
 
 import (
+	"bytes"
 	"encoding/json"
 	"fmt"
 	"os"
@@ -72,14 +73,16 @@ func PrintError(err error) {
 		},
 	}
 
-	data, jsonErr := json.MarshalIndent(payload, "", "  ")
-	if jsonErr != nil {
-		// Fallback if JSON marshalling fails
+	var buf bytes.Buffer
+	enc := json.NewEncoder(&buf)
+	enc.SetEscapeHTML(false)
+	if jsonErr := enc.Encode(payload); jsonErr != nil {
+		// Fallback if JSON encoding fails
 		fmt.Fprintf(os.Stderr, "{\"error\":{\"code\":\"%s\",\"message\":\"%s\"}}\n",
 			code, strings.ReplaceAll(strings.ReplaceAll(message, "\\", "\\\\"), "\"", "\\\""))
 		return
 	}
-	fmt.Fprintln(os.Stderr, string(data))
+	fmt.Fprint(os.Stderr, buf.String())
 }
 
 // RedactAPIKey replaces api_key values in s with [REDACTED].