Update contributor guide with emoji for clarity

Distributions like JetBrains Runtime publish 4-segment versions such as
'17.0.8.1+1080.1' that the semver package rejects. Both compareBuild and
satisfies throw on these, which surfaced to users as "Error: Invalid
Version: 17.0.8.1+1080.1" and aborted the whole install when any
available version was non-semver. Guard with an early semver.valid check
so unparseable versions are treated as a non-match.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

.github/workflows/codeql-analysis.yml

@@ -10,5 +10,9 @@ on:
 
 jobs:
   call-codeQL-analysis:
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
     name: CodeQL analysis
     uses: actions/reusable-workflows/.github/workflows/codeql-analysis.yml@main

.licenses/npm/debug.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: debug
-version: 4.3.4
+version: 4.4.3
 type: npm
 summary: Lightweight debugging utility for Node.js and the browser
 homepage:

.licenses/npm/ms.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: ms
-version: 2.1.2
+version: 2.1.3
 type: npm
 summary: Tiny millisecond conversion utility
 homepage:
@@ -10,7 +10,7 @@ licenses:
   text: |
     The MIT License (MIT)
 
-    Copyright (c) 2016 Zeit, Inc.
+    Copyright (c) 2020 Vercel, Inc.
 
     Permission is hereby granted, free of charge, to any person obtaining a copy
     of this software and associated documentation files (the "Software"), to deal

__tests__/util.test.ts

@@ -29,7 +29,11 @@ describe('isVersionSatisfies', () => {
     ['2.5.1+3', '2.5.1+3', true],
     ['2.5.1+3', '2.5.1+2', false],
     ['15.0.0+14', '15.0.0+14.1.202003190635', false],
-    ['15.0.0+14.1.202003190635', '15.0.0+14.1.202003190635', true]
+    ['15.0.0+14.1.202003190635', '15.0.0+14.1.202003190635', true],
+    // 4-segment versions (e.g. JetBrains Runtime '17.0.8.1+1080.1') are not
+    // valid semver — they should be rejected, not throw.
+    ['25.0.3+480.61', '17.0.8.1+1080.1', false],
+    ['17', '17.0.8.1+1080.1', false]
   ])(
     '%s, %s -> %s',
     (inputRange: string, inputVersion: string, expected: boolean) => {

dist/cleanup/index.js

@@ -18118,14 +18118,17 @@ function useColors() {
 		return false;
 	}
 
+	let m;
+
 	// Is webkit? http://stackoverflow.com/a/16459606/376773
 	// document is undefined in react-native: https://github.com/facebook/react-native/pull/1632
+	// eslint-disable-next-line no-return-assign
 	return (typeof document !== 'undefined' && document.documentElement && document.documentElement.style && document.documentElement.style.WebkitAppearance) ||
 		// Is firebug? http://stackoverflow.com/a/398120/376773
 		(typeof window !== 'undefined' && window.console && (window.console.firebug || (window.console.exception && window.console.table))) ||
 		// Is firefox >= v31?
 		// https://developer.mozilla.org/en-US/docs/Tools/Web_Console#Styling_messages
-		(typeof navigator !== 'undefined' && navigator.userAgent && navigator.userAgent.toLowerCase().match(/firefox\/(\d+)/) && parseInt(RegExp.$1, 10) >= 31) ||
+		(typeof navigator !== 'undefined' && navigator.userAgent && (m = navigator.userAgent.toLowerCase().match(/firefox\/(\d+)/)) && parseInt(m[1], 10) >= 31) ||
 		// Double check webkit in userAgent just in case we are in a worker
 		(typeof navigator !== 'undefined' && navigator.userAgent && navigator.userAgent.toLowerCase().match(/applewebkit\/(\d+)/));
 }
@@ -18209,7 +18212,7 @@ function save(namespaces) {
 function load() {
 	let r;
 	try {
-		r = exports.storage.getItem('debug');
+		r = exports.storage.getItem('debug') || exports.storage.getItem('DEBUG') ;
 	} catch (error) {
 		// Swallow
 		// XXX (@Qix-) should we be logging these?
@@ -18435,26 +18438,64 @@ function setup(env) {
 		createDebug.names = [];
 		createDebug.skips = [];
 
-		let i;
-		const split = (typeof namespaces === 'string' ? namespaces : '').split(/[\s,]+/);
-		const len = split.length;
+		const split = (typeof namespaces === 'string' ? namespaces : '')
+			.trim()
+			.replace(/\s+/g, ',')
+			.split(',')
+			.filter(Boolean);
 
-		for (i = 0; i < len; i++) {
-			if (!split[i]) {
-				// ignore empty strings
-				continue;
-			}
-
-			namespaces = split[i].replace(/\*/g, '.*?');
-
-			if (namespaces[0] === '-') {
-				createDebug.skips.push(new RegExp('^' + namespaces.slice(1) + '$'));
+		for (const ns of split) {
+			if (ns[0] === '-') {
+				createDebug.skips.push(ns.slice(1));
 			} else {
-				createDebug.names.push(new RegExp('^' + namespaces + '$'));
+				createDebug.names.push(ns);
 			}
 		}
 	}
 
+	/**
+	 * Checks if the given string matches a namespace template, honoring
+	 * asterisks as wildcards.
+	 *
+	 * @param {String} search
+	 * @param {String} template
+	 * @return {Boolean}
+	 */
+	function matchesTemplate(search, template) {
+		let searchIndex = 0;
+		let templateIndex = 0;
+		let starIndex = -1;
+		let matchIndex = 0;
+
+		while (searchIndex < search.length) {
+			if (templateIndex < template.length && (template[templateIndex] === search[searchIndex] || template[templateIndex] === '*')) {
+				// Match character or proceed with wildcard
+				if (template[templateIndex] === '*') {
+					starIndex = templateIndex;
+					matchIndex = searchIndex;
+					templateIndex++; // Skip the '*'
+				} else {
+					searchIndex++;
+					templateIndex++;
+				}
+			} else if (starIndex !== -1) { // eslint-disable-line no-negated-condition
+				// Backtrack to the last '*' and try to match more characters
+				templateIndex = starIndex + 1;
+				matchIndex++;
+				searchIndex = matchIndex;
+			} else {
+				return false; // No match
+			}
+		}
+
+		// Handle trailing '*' in template
+		while (templateIndex < template.length && template[templateIndex] === '*') {
+			templateIndex++;
+		}
+
+		return templateIndex === template.length;
+	}
+
 	/**
 	* Disable debug output.
 	*
@@ -18463,8 +18504,8 @@ function setup(env) {
 	*/
 	function disable() {
 		const namespaces = [
-			...createDebug.names.map(toNamespace),
-			...createDebug.skips.map(toNamespace).map(namespace => '-' + namespace)
+			...createDebug.names,
+			...createDebug.skips.map(namespace => '-' + namespace)
 		].join(',');
 		createDebug.enable('');
 		return namespaces;
@@ -18478,21 +18519,14 @@ function setup(env) {
 	* @api public
 	*/
 	function enabled(name) {
-		if (name[name.length - 1] === '*') {
-			return true;
-		}
-
-		let i;
-		let len;
-
-		for (i = 0, len = createDebug.skips.length; i < len; i++) {
-			if (createDebug.skips[i].test(name)) {
+		for (const skip of createDebug.skips) {
+			if (matchesTemplate(name, skip)) {
 				return false;
 			}
 		}
 
-		for (i = 0, len = createDebug.names.length; i < len; i++) {
-			if (createDebug.names[i].test(name)) {
+		for (const ns of createDebug.names) {
+			if (matchesTemplate(name, ns)) {
 				return true;
 			}
 		}
@@ -18500,19 +18534,6 @@ function setup(env) {
 		return false;
 	}
 
-	/**
-	* Convert regexp to namespace
-	*
-	* @param {RegExp} regxep
-	* @return {String} namespace
-	* @api private
-	*/
-	function toNamespace(regexp) {
-		return regexp.toString()
-			.substring(2, regexp.toString().length - 2)
-			.replace(/\.\*\?$/, '*');
-	}
-
 	/**
 	* Coerce `val`.
 	*
@@ -18754,11 +18775,11 @@ function getDate() {
 }
 
 /**
- * Invokes `util.format()` with the specified arguments and writes to stderr.
+ * Invokes `util.formatWithOptions()` with the specified arguments and writes to stderr.
  */
 
 function log(...args) {
-	return process.stderr.write(util.format(...args) + '\n');
+	return process.stderr.write(util.formatWithOptions(exports.inspectOpts, ...args) + '\n');
 }
 
 /**
@@ -20338,7 +20359,7 @@ var y = d * 365.25;
  * @api public
  */
 
-module.exports = function(val, options) {
+module.exports = function (val, options) {
   options = options || {};
   var type = typeof val;
   if (type === 'string' && val.length > 0) {
@@ -52187,6 +52208,13 @@ function getDownloadArchiveExtension() {
 exports.getDownloadArchiveExtension = getDownloadArchiveExtension;
 function isVersionSatisfies(range, version) {
     var _a;
+    // Some distributions (e.g. JetBrains Runtime) publish 4-segment versions
+    // like '17.0.8.1+1080.1' that semver rejects. If the candidate version
+    // isn't valid semver, it can't match — bail out rather than letting
+    // compareBuild / satisfies throw.
+    if (!semver.valid(version)) {
+        return false;
+    }
     if (semver.valid(range)) {
         // if full version with build digit is provided as a range (such as '1.2.3+4')
         // we should check for exact equal via compareBuild

dist/setup/index.js

@@ -39730,14 +39730,17 @@ function useColors() {
 		return false;
 	}
 
+	let m;
+
 	// Is webkit? http://stackoverflow.com/a/16459606/376773
 	// document is undefined in react-native: https://github.com/facebook/react-native/pull/1632
+	// eslint-disable-next-line no-return-assign
 	return (typeof document !== 'undefined' && document.documentElement && document.documentElement.style && document.documentElement.style.WebkitAppearance) ||
 		// Is firebug? http://stackoverflow.com/a/398120/376773
 		(typeof window !== 'undefined' && window.console && (window.console.firebug || (window.console.exception && window.console.table))) ||
 		// Is firefox >= v31?
 		// https://developer.mozilla.org/en-US/docs/Tools/Web_Console#Styling_messages
-		(typeof navigator !== 'undefined' && navigator.userAgent && navigator.userAgent.toLowerCase().match(/firefox\/(\d+)/) && parseInt(RegExp.$1, 10) >= 31) ||
+		(typeof navigator !== 'undefined' && navigator.userAgent && (m = navigator.userAgent.toLowerCase().match(/firefox\/(\d+)/)) && parseInt(m[1], 10) >= 31) ||
 		// Double check webkit in userAgent just in case we are in a worker
 		(typeof navigator !== 'undefined' && navigator.userAgent && navigator.userAgent.toLowerCase().match(/applewebkit\/(\d+)/));
 }
@@ -39821,7 +39824,7 @@ function save(namespaces) {
 function load() {
 	let r;
 	try {
-		r = exports.storage.getItem('debug');
+		r = exports.storage.getItem('debug') || exports.storage.getItem('DEBUG') ;
 	} catch (error) {
 		// Swallow
 		// XXX (@Qix-) should we be logging these?
@@ -40047,26 +40050,64 @@ function setup(env) {
 		createDebug.names = [];
 		createDebug.skips = [];
 
-		let i;
-		const split = (typeof namespaces === 'string' ? namespaces : '').split(/[\s,]+/);
-		const len = split.length;
+		const split = (typeof namespaces === 'string' ? namespaces : '')
+			.trim()
+			.replace(/\s+/g, ',')
+			.split(',')
+			.filter(Boolean);
 
-		for (i = 0; i < len; i++) {
-			if (!split[i]) {
-				// ignore empty strings
-				continue;
-			}
-
-			namespaces = split[i].replace(/\*/g, '.*?');
-
-			if (namespaces[0] === '-') {
-				createDebug.skips.push(new RegExp('^' + namespaces.slice(1) + '$'));
+		for (const ns of split) {
+			if (ns[0] === '-') {
+				createDebug.skips.push(ns.slice(1));
 			} else {
-				createDebug.names.push(new RegExp('^' + namespaces + '$'));
+				createDebug.names.push(ns);
 			}
 		}
 	}
 
+	/**
+	 * Checks if the given string matches a namespace template, honoring
+	 * asterisks as wildcards.
+	 *
+	 * @param {String} search
+	 * @param {String} template
+	 * @return {Boolean}
+	 */
+	function matchesTemplate(search, template) {
+		let searchIndex = 0;
+		let templateIndex = 0;
+		let starIndex = -1;
+		let matchIndex = 0;
+
+		while (searchIndex < search.length) {
+			if (templateIndex < template.length && (template[templateIndex] === search[searchIndex] || template[templateIndex] === '*')) {
+				// Match character or proceed with wildcard
+				if (template[templateIndex] === '*') {
+					starIndex = templateIndex;
+					matchIndex = searchIndex;
+					templateIndex++; // Skip the '*'
+				} else {
+					searchIndex++;
+					templateIndex++;
+				}
+			} else if (starIndex !== -1) { // eslint-disable-line no-negated-condition
+				// Backtrack to the last '*' and try to match more characters
+				templateIndex = starIndex + 1;
+				matchIndex++;
+				searchIndex = matchIndex;
+			} else {
+				return false; // No match
+			}
+		}
+
+		// Handle trailing '*' in template
+		while (templateIndex < template.length && template[templateIndex] === '*') {
+			templateIndex++;
+		}
+
+		return templateIndex === template.length;
+	}
+
 	/**
 	* Disable debug output.
 	*
@@ -40075,8 +40116,8 @@ function setup(env) {
 	*/
 	function disable() {
 		const namespaces = [
-			...createDebug.names.map(toNamespace),
-			...createDebug.skips.map(toNamespace).map(namespace => '-' + namespace)
+			...createDebug.names,
+			...createDebug.skips.map(namespace => '-' + namespace)
 		].join(',');
 		createDebug.enable('');
 		return namespaces;
@@ -40090,21 +40131,14 @@ function setup(env) {
 	* @api public
 	*/
 	function enabled(name) {
-		if (name[name.length - 1] === '*') {
-			return true;
-		}
-
-		let i;
-		let len;
-
-		for (i = 0, len = createDebug.skips.length; i < len; i++) {
-			if (createDebug.skips[i].test(name)) {
+		for (const skip of createDebug.skips) {
+			if (matchesTemplate(name, skip)) {
 				return false;
 			}
 		}
 
-		for (i = 0, len = createDebug.names.length; i < len; i++) {
-			if (createDebug.names[i].test(name)) {
+		for (const ns of createDebug.names) {
+			if (matchesTemplate(name, ns)) {
 				return true;
 			}
 		}
@@ -40112,19 +40146,6 @@ function setup(env) {
 		return false;
 	}
 
-	/**
-	* Convert regexp to namespace
-	*
-	* @param {RegExp} regxep
-	* @return {String} namespace
-	* @api private
-	*/
-	function toNamespace(regexp) {
-		return regexp.toString()
-			.substring(2, regexp.toString().length - 2)
-			.replace(/\.\*\?$/, '*');
-	}
-
 	/**
 	* Coerce `val`.
 	*
@@ -40366,11 +40387,11 @@ function getDate() {
 }
 
 /**
- * Invokes `util.format()` with the specified arguments and writes to stderr.
+ * Invokes `util.formatWithOptions()` with the specified arguments and writes to stderr.
  */
 
 function log(...args) {
-	return process.stderr.write(util.format(...args) + '\n');
+	return process.stderr.write(util.formatWithOptions(exports.inspectOpts, ...args) + '\n');
 }
 
 /**
@@ -46064,7 +46085,7 @@ var y = d * 365.25;
  * @api public
  */
 
-module.exports = function(val, options) {
+module.exports = function (val, options) {
   options = options || {};
   var type = typeof val;
   if (type === 'string' && val.length > 0) {
@@ -81018,6 +81039,13 @@ function getDownloadArchiveExtension() {
 exports.getDownloadArchiveExtension = getDownloadArchiveExtension;
 function isVersionSatisfies(range, version) {
     var _a;
+    // Some distributions (e.g. JetBrains Runtime) publish 4-segment versions
+    // like '17.0.8.1+1080.1' that semver rejects. If the candidate version
+    // isn't valid semver, it can't match — bail out rather than letting
+    // compareBuild / satisfies throw.
+    if (!semver.valid(version)) {
+        return false;
+    }
     if (semver.valid(range)) {
         // if full version with build digit is provided as a range (such as '1.2.3+4')
         // we should check for exact equal via compareBuild

docs/contributors.md

@@ -6,13 +6,13 @@ We have prepared a short guide so that the process of making your contribution i
 
 ## How can I contribute...
 
-* [Contribute Documentation:green_book:](#contribute-documentation)
+* [:green_book: Contribute Documentation](#contribute-documentation)
 
-* [Contribute Code :computer:](#contribute-code)
+* [:computer: Contribute Code](#contribute-code)
 
-* [Provide Support on Issues:pencil:](#provide-support-on-issues)
+* [:pencil: Provide Support on Issues](#provide-support-on-issues)
 
-* [Review Pull Requests:mag:](#review-pull-requests)
+* [:mag: Review Pull Requests](#review-pull-requests)
 
 ## Contribute documentation
 
@@ -111,4 +111,4 @@ Another great way to contribute is is to review pull request. Please, be extra k
 - Make sure you're familiar with the code or documentation is updated, unless it's a minor change (spellchecking, minor formatting, etc.)
 - Review changes using the GitHub functionality. You can ask a clarifying question, point out an error or suggest an alternative. 
 > Note: You may ask for minor changes - "nitpicks", but consider whether they are real blockers to merging or not
-- Submit your review, which may include comments, an approval, or a changes request
+- Submit your review, which may include comments, an approval, or a changes request

package.json

@@ -44,9 +44,9 @@
     "@types/node": "^25.9.3",
     "@types/semver": "^7.5.8",
     "@typescript-eslint/eslint-plugin": "^8.48.0",
-    "@typescript-eslint/parser": "^8.35.1",
+    "@typescript-eslint/parser": "^8.61.1",
     "@vercel/ncc": "^0.44.0",
-    "eslint": "^10.5.0",
+    "eslint": "^8.57.0",
     "eslint-config-prettier": "^10.1.8",
     "eslint-plugin-jest": "^29.0.1",
     "eslint-plugin-node": "^11.1.0",

src/util.ts

@@ -55,6 +55,14 @@ export function getDownloadArchiveExtension() {
 }
 
 export function isVersionSatisfies(range: string, version: string): boolean {
+  // Some distributions (e.g. JetBrains Runtime) publish 4-segment versions
+  // like '17.0.8.1+1080.1' that semver rejects. If the candidate version
+  // isn't valid semver, it can't match — bail out rather than letting
+  // compareBuild / satisfies throw.
+  if (!semver.valid(version)) {
+    return false;
+  }
+
   if (semver.valid(range)) {
     // if full version with build digit is provided as a range (such as '1.2.3+4')
     // we should check for exact equal via compareBuild