refactor(i18n):

[naheel0]

This pull request improves locale file loading security, enhances robustness in locale translation and extraction scripts, and updates translations in the German and Spanish locale files. The main changes focus on preventing path traversal in locale loading, handling edge cases in translation and extraction, and refining translation phrasing.

Locale loading and security improvements:

• Improved the loadLocale function in lib/matcher.js to prevent path traversal attacks by validating and normalizing the locale name, ensuring only safe locale files can be loaded. Also added robust error handling with clear error messages if both the requested and fallback locale files fail to load.

Locale translation and extraction robustness:

• Updated both translateEntry in lib/matcher.js and the extraction logic in scripts/extractlocals.js to safely handle cases where fixes is not an array, preventing runtime errors. [1] [2]

Translation updates:

• Refined several German translations in locales/de.json for more formal and consistent phrasing.
• Improved a Spanish translation in locales/es.json for clarity and correctness.

Minor cleanup:

• Removed unnecessary whitespace in package.json. [1] [2]

Summary by CodeRabbit

• Localization

  • German translations updated to use formal, polite language.
  • Spanish translation updated for file permission guidance.

• Bug Fixes

  • Enhanced error handling with fallback mechanism for locale loading.
  • Improved resilience when handling missing or invalid language configurations.

• Chores

  • Code formatting and whitespace cleanup.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR refactors locale loading with input validation and improved error handling in lib/matcher.js, updates German and Spanish locale strings to use formal addressing, adds resilience to non-array entry.fixes handling, and applies formatting cleanup to CLI wiring and package.json.

Changes

Cohort / File(s)	Summary
CLI Command Wiring bin/index.js	Removes unused argument declaration, reformats action callback signature and console output statements with no control-flow changes.
Locale Loading & Error Handling lib/matcher.js	Adds language input validation against /^[a-zA-Z0-9_-]+$/, path resolution safety checks, nested try/catch error handling with detailed messages, and defensive entry.fixes array checking in translateEntry.
Locale Translations locales/de.json, locales/es.json	Updates German strings from informal second-person to formal third-person addressing; updates Spanish EACCES__fix_1 to second-person imperative form.
Locale Extraction Resilience scripts/extractlocals.js	Makes iteration over entry.fixes resilient to non-array values by falling back to empty array when entry.fixes is not an Array.
Formatting & Whitespace package.json	Removes extraneous whitespace and adds trailing newline.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• errlens#44: Modifies analyze command in bin/index.js with argument/declaration and action signature changes
• errlens#56: Updates CLI wiring in bin/index.js, locale handling in lib/matcher.js, and extraction logic in scripts/extractlocals.js
• errlens#35: Adjusts analyze command arguments and CLI wiring in bin/index.js

Suggested labels

core, cli

Suggested reviewers

• jaseel0

Poem

🐰 A rabbit's rejoicing rites,
Locales dressed in formal sights,
Validation guards the tongue so true,
With safety checks for paths anew, 🌿
From broken fixes, code takes flight!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'refactor(i18n)' is vague and overly broad. While the PR does involve i18n changes, it fails to convey the specific nature of the improvements (security, robustness, locale updates).	Consider using a more descriptive title that highlights the primary improvement, such as 'refactor(i18n): Add locale validation and improve error handling' or similar.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch pr-56

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (3)

locales/de.json (1)

190-198: Inconsistent formal/informal addressing within the locale file.

These entries are correctly updated to formal "Sie" form, but nearby unchanged entries still use informal addressing:

• Line 177: "Prüfe auf unsichtbare Zeichen" (informal)
• Line 178-181: "Dein Test", "Prüfe" (informal)
• Line 194: "Stelle sicher, dass alle Anführungszeichen..." (informal, within the same error group)

Consider updating line 194 (Unexpected end of input__fix_2) to match the formal style of the other fixes for this error:

-  "Unexpected end of input__fix_2": "Stelle sicher, dass alle Anführungszeichen ' oder \" geschlossen sind",
+  "Unexpected end of input__fix_2": "Stellen Sie sicher, dass alle Anführungszeichen ' oder \" geschlossen sind",

A follow-up pass to standardize the entire file to formal "Sie" form would improve consistency.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@locales/de.json` around lines 190 - 198, Update the translation value for the
key "Unexpected end of input__fix_2" so it uses the formal "Sie" form to match
the other entries in the same error group; locate the JSON entry with key
Unexpected end of input__fix_2 and change the string "Stelle sicher, dass alle
Anführungszeichen ' oder \" geschlossen sind" to a formal phrasing (e.g.,
"Stellen Sie sicher, dass alle Anführungszeichen ' oder \" geschlossen sind")
and ensure punctuation/quoting style matches the surrounding entries.

bin/index.js (2)

121-121: Minor: Inconsistent indentation.

Line 121 has extra leading spaces before program compared to the run command definition at line 19. Consider aligning for consistency.

-  program
+program

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@bin/index.js` at line 121, The file has inconsistent indentation: the
standalone `program` token on the line with `program` is over-indented compared
to the `run` command definition (see `run`), so fix by aligning the leading
whitespace of the `program` line to match the same indentation level used for
the `run` command definition; update the indentation (spaces or tabs) for the
`program` line so it matches the existing style and lint rules used elsewhere in
the file.

---

125-128: Consider adding error handling for locale loading failures.

The new loadLocale implementation in lib/matcher.js throws an error when both the requested and fallback locale files fail to load. This error propagates through findError to the CLI without being caught, potentially causing an ungraceful crash with a stack trace instead of a user-friendly message.

🛡️ Suggested improvement

   .action(async (errorString, options) => {
     const { default: chalk } = await import("chalk");
     const isJson = Boolean(program.opts().json);
-    const { count, matches } = findError(errorString, options.lang);
+    let count, matches;
+    try {
+      ({ count, matches } = findError(errorString, options.lang));
+    } catch (err) {
+      if (isJson) {
+        console.log(JSON.stringify({ code: 1, error: err.message }, null, 2));
+      } else {
+        console.log(chalk.red.bold(`\n❌ ${err.message}`));
+      }
+      process.exit(1);
+    }
     const exitCode = count > 0 ? 1 : 0;

The same pattern would apply to the run command's findError call at line 63.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@bin/index.js` around lines 125 - 128, The CLI currently lets errors from
loadLocale (thrown via findError) bubble up to Node and produce a stack trace;
wrap the calls to findError in both the top-level .action anonymous handler (the
async function using findError at lines shown) and the run command's findError
call in a try/catch, detect locale-loading failures (errors propagated from
loadLocale/findError), print a clear, user-friendly error message (e.g., using
chalk to color it) and exit with a non-zero code instead of letting the
exception crash the process; reference the functions loadLocale and findError
and the .action handler/run command when making the change.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@bin/index.js`:
- Line 121: The file has inconsistent indentation: the standalone `program`
token on the line with `program` is over-indented compared to the `run` command
definition (see `run`), so fix by aligning the leading whitespace of the
`program` line to match the same indentation level used for the `run` command
definition; update the indentation (spaces or tabs) for the `program` line so it
matches the existing style and lint rules used elsewhere in the file.
- Around line 125-128: The CLI currently lets errors from loadLocale (thrown via
findError) bubble up to Node and produce a stack trace; wrap the calls to
findError in both the top-level .action anonymous handler (the async function
using findError at lines shown) and the run command's findError call in a
try/catch, detect locale-loading failures (errors propagated from
loadLocale/findError), print a clear, user-friendly error message (e.g., using
chalk to color it) and exit with a non-zero code instead of letting the
exception crash the process; reference the functions loadLocale and findError
and the .action handler/run command when making the change.

In `@locales/de.json`:
- Around line 190-198: Update the translation value for the key "Unexpected end
of input__fix_2" so it uses the formal "Sie" form to match the other entries in
the same error group; locate the JSON entry with key Unexpected end of
input__fix_2 and change the string "Stelle sicher, dass alle Anführungszeichen '
oder \" geschlossen sind" to a formal phrasing (e.g., "Stellen Sie sicher, dass
alle Anführungszeichen ' oder \" geschlossen sind") and ensure
punctuation/quoting style matches the surrounding entries.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e7f2be17-3eb9-4af7-bd21-91b7d3a47961

📥 Commits

Reviewing files that changed from the base of the PR and between 42b7ccf and 9e5b545.

📒 Files selected for processing (6)

• bin/index.js
• lib/matcher.js
• locales/de.json
• locales/es.json
• package.json
• scripts/extractlocals.js