String is long¶
stringIsLong is a built‑in scan rule that detects strings whose length exceeds a conservative safety threshold.
When the value is a string and its length is greater than 10,000 characters, the rule emits a warn‑level string.is.long scan event containing the observed length and the configured maximum. If the value is not a string or does not exceed the threshold, no events are emitted.
Signature¶
export const stringIsLong: ScanRule (raw: unknown, path: FieldPath) => JaneEvent[]
Events¶
| Event code | Description |
|---|---|
string.is.long |
String length exceeded the safe threshold. |
Design rationale¶
- Detects extremely long text that may indicate malformed payloads, unbounded user input, or adversarial attempts to stress memory.
- Uses a fixed conservative limit (10,000 characters) to prevent excessive allocation or downstream processing costs.
- Emits a warning when the string length exceeds the threshold.
- Provides metadata (
{ length, max }) for policy and analysis. - Performs no mutation, truncation, or normalization of the input.
Invoke¶
stringIsLong runs automatically whenever the scan stage is enabled.
Activation methods:
- Enable scan explicitly:
jane.value(input).scan(). - Use a mode that enables scan:
strict()enables scan by default.moderate()andlax()do not enable scan unless.scan()is called.- Enable scan with policy:
jane.value(input).withPolicy({ mode: 'strict' }).
If scan is not enabled, stringIsLong does not run and no length detection occurs.
Examples¶
Long string detected¶
const long = "x".repeat(20000);
const result = stringIsLong(long, "$");
// → [ JaneEvent{ kind: "warn", code: "string.is.long", ... } ]
String within safe length¶
const result = stringIsLong("hello", "$");
// → []
Non‑string value¶
const result = stringIsLong(123, "$");
// → []