@ts-graphviz/common

Using @ts-graphviz/common in production has been largely positive. The package provides well-structured types for Graphviz attributes, node shapes, and common utilities that make building graph visualizations type-safe. The enums and type definitions are comprehensive, covering most Graphviz attributes you'd need, and IDE autocomplete works beautifully—you rarely need to look up valid attribute names.

The package is deliberately minimalist, focusing on shared types and utilities rather than being a full-featured library. This means you'll likely use it alongside other @ts-graphviz packages. Error messages are straightforward TypeScript errors, nothing custom, which is actually fine since the types are self-explanatory. Documentation could be more extensive with real-world examples, but the type definitions themselves are readable enough to understand usage.

One gotcha: versioning across the @ts-graphviz ecosystem matters. Make sure your related packages are compatible versions to avoid type mismatches. Overall, it does what it promises without surprises—a solid foundation for TypeScript Graphviz projects.

This is a low-level utility package providing TypeScript types and basic helpers for Graphviz operations. In practice, it's straightforward to use - you get strongly-typed interfaces for DOT language constructs without much ceremony. The package is essentially a type definition layer with minimal runtime logic, which from a security perspective is actually reassuring.

The library doesn't handle user input directly or make network calls, so the attack surface is minimal. Since it's primarily type definitions and simple utilities, there's limited room for injection vulnerabilities. However, when building Graphviz DOT strings with user input in consuming code, you're responsible for sanitization - the library provides no built-in escaping or validation helpers. Error handling is basic but predictable; TypeScript catches most issues at compile time.

Dependency footprint is lean with no transitive dependencies beyond TypeScript dev dependencies. The MIT license is permissive and straightforward. For what it does - providing type safety for Graphviz operations - it accomplishes the goal without introducing unnecessary complexity or security concerns.

This is a utilities package that provides TypeScript types and basic helper functions for working with Graphviz data structures. It's part of the ts-graphviz ecosystem and handles the foundational type definitions. From a security perspective, it's refreshingly simple - no network calls, no file I/O, no crypto operations. It's essentially pure type definitions and data structure manipulation.

The package follows secure-by-default principles well because it has such a limited scope. Input validation is straightforward - it deals with string manipulation for DOT language constructs, and the type system catches most misuse at compile time. Error handling is minimal but appropriate for a utility library; TypeScript's type guards do most of the heavy lifting. No sensitive information leakage in errors because there's no sensitive data being processed.

Dependency-wise, it's extremely light with minimal transitive dependencies, which significantly reduces supply chain risk. The maintainer has been responsive to issues and the codebase is small enough to audit yourself in an afternoon. For a package dealing with graph structure representations, it does exactly what it needs to without overreaching.