fix(validation): resolve version leading zeros and token expiration bugs 🐛

- Enhanced regex pattern for proper version format validation
- Fixed token expiration logic for very small expiration times
- Fixed version validation to reject leading zeros (e.g., 01.0.0)
- Improved time comparison to use <= instead of < for accurate expiration
- Updated security policy version support range to 1.x.x - 2.x.x

Author: NeaByteLab

CHANGELOG.md

@@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ---
 
+## [1.4.3] - 2025-09-06
+
+### Fixed
+- **Version validation**: Fixed leading zeros bug (e.g., "01.0.0" now properly rejected)
+- **Token expiration**: Fixed decimal expireIn bug for very small expiration times
+
+---
+
 ## [1.4.2] - 2025-09-06
 
 ### Added

SECURITY.md

@@ -6,10 +6,7 @@ We release patches for security vulnerabilities in the following versions:
 
 | Version | Supported          |
 | ------- | ------------------ |
-| 1.3.x   | ✅                 |
-| 1.2.x   | ✅                 |
-| 1.1.x   | ✅                 |
-| 1.0.x   | ✅                 |
+| 1.x.x - 2.x.x  | ✅          |
 | < 1.0   | ❌                 |
 
 ## Security Features
@@ -105,4 +102,4 @@ For security-related questions or concerns:
 ---
 
 **Last Updated**: September 6, 2025
-**Version**: 1.3.0
+**Version**: 1.4.3

package.json

@@ -1,7 +1,7 @@
 {
   "name": "@neabyte/secure-jwt",
   "description": "Secure JWT with AES-256-GCM & ChaCha20-Poly1305 encryption, built-in caching, tamper detection, and TypeScript support",
-  "version": "1.4.2",
+  "version": "1.4.3",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",

src/index.ts

@@ -127,7 +127,7 @@ export default class SecureJWT {
     try {
       ErrorHandler.validateData(data)
       const now = Math.floor(Date.now() / 1000)
-      const exp = now + Math.floor(this.#expireInMs / 1000)
+      const exp = now + Math.max(1, Math.floor(this.#expireInMs / 1000))
       const maxExp = now + 365 * 24 * 60 * 60
       ErrorHandler.validateExpiration(exp, maxExp)
       const payload: PayloadData = {

src/utils/ErrorHandler.ts

@@ -142,7 +142,10 @@ export class ErrorHandler {
     if (version.length === 0) {
       throw new ValidationError(getErrorMessage('VERSION_CANNOT_BE_EMPTY'))
     }
-    if (!/^\d+\.\d+\.\d+$/.test(version)) {
+    if (
+      !/^(0|[1-9]\d{0,8})\.(0|[1-9]\d{0,8})\.(0|[1-9]\d{0,8})$/.test(version) ||
+      version === '0.0.0'
+    ) {
       throw new ValidationError(getErrorMessage('VERSION_INVALID_FORMAT'))
     }
   }
@@ -214,7 +217,7 @@ export class ErrorHandler {
    */
   static checkTokenExpiration(exp: number): void {
     const now = Math.floor(Date.now() / 1000)
-    if (exp < now) {
+    if (exp <= now) {
       throw new TokenExpiredError(getErrorMessage('TOKEN_EXPIRED'))
     }
   }

src/utils/TimeParser.ts

@@ -36,12 +36,12 @@ export function timeToMs(timeUnit: TimeUnit): number {
  * @throws {TimeFormatError} When time string format is invalid or value is negative
  */
 export function parseTimeString(timeString: string): TimeUnit {
-  const timeRegex = /^(\d+(?:\.\d+)?)(ms|s|m|h|d|M|y)$/
+  const timeRegex = /^(\d+)(ms|s|m|h|d|M|y)$/
   const match = timeRegex.exec(timeString)
   if (!match || match.length < 3 || match[1] === undefined || match[2] === undefined) {
     throw new TimeFormatError(errorMessages.TIME_FORMAT_INVALID)
   }
-  const value = parseFloat(match[1])
+  const value = parseInt(match[1], 10)
   const unit = match[2] as TimeUnit['unit']
   if (value <= 0) {
     throw new TimeFormatError(errorMessages.TIME_VALUE_NEGATIVE)

tests/TimeParser.test.ts

@@ -32,7 +32,7 @@ describe('TimeParser', () => {
     })
 
     it('should handle decimal values', () => {
-      expect(timeToMs({ value: 1.5, unit: 'm' })).toBe(90000)
+      expect(timeToMs({ value: 1, unit: 'm' })).toBe(60000)
     })
 
     it('should throw TimeFormatError for unsupported unit', () => {
@@ -51,9 +51,9 @@ describe('TimeParser', () => {
       expect(parseTimeString('1y')).toEqual({ value: 1, unit: 'y' })
     })
 
-    it('should parse decimal values', () => {
-      expect(parseTimeString('1.5m')).toEqual({ value: 1.5, unit: 'm' })
-      expect(parseTimeString('2.5h')).toEqual({ value: 2.5, unit: 'h' })
+    it('should reject decimal values', () => {
+      expect(() => parseTimeString('1.5m')).toThrow(TimeFormatError)
+      expect(() => parseTimeString('2.5h')).toThrow(TimeFormatError)
     })
 
     it('should throw TimeFormatError for invalid format', () => {