All notable changes to OmniScript Format will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
This release aligns documentation and package metadata with the v1.3 ecosystem updates.
- Documentation clarifies editor tooling as a roadmap item.
- Release notes updated for consistency with v1.3 ecosystem behavior.
- No breaking changes from v1.2.
1.2.0 - 2025-10-16
This is a major feature release bringing tables, file composition, and comprehensive security hardening.
- @table blocks - Markdown-style tables with captions, alignment, and
styling
- Pipe syntax (
| Header | Header |) - Column alignment (left, center, right)
- Optional captions and style variants
- Full HTML rendering support
- Pipe syntax (
- @include directive - File composition for modular documents
- Recursive includes with depth protection
- Circular reference detection
- Path traversal protection
- Relative path resolution
- Security grade A+ - Comprehensive security hardening
- Path traversal protection
- ReDoS prevention with bounded regex
- Strict input validation
- Defense-in-depth architecture
- 19 security tests - Comprehensive security test coverage
- Path traversal tests
- Input validation tests
- ReDoS protection tests
- Edge case tests
- Refactored parser - 904 lines β 173 lines (81% reduction)
- Split into lexer, block-parsers, serializers, utils
- 25 focused modules
- Refactored CLI - 1,147 lines β 172 lines (85% reduction)
- Split into commands, renderers, utils
- 21 focused modules
- Defense-in-depth - Multi-layer security validation
- Parser validation (primary)
- Renderer sanitization (secondary)
- Runtime checks (tertiary)
- 70% increase in test coverage (56 β 130 tests)
- Parser: 64 β 83 tests (+19 security tests)
- CLI: 42 β 47 tests (+5 table rendering tests)
- All 203 tests passing across all packages
- Path validation - Prevents directory escape attacks
- Regex bounds - Prevents ReDoS with bounded quantifiers (
\s{0,20}vs\s*) - Input validation - All inputs validated at multiple layers
- Error messages - More contextual, helpful debugging information
- Number parsing - Validates against NaN and Infinity
- Zero
anytypes throughout codebase - TypeScript strict mode with
exactOptionalPropertyTypes - All files under 300 lines (maintainability)
- Comprehensive JSDoc documentation
- Better error messages with line/column info
- Clear validation failures
- Improved type inference
- Enhanced IntelliSense support
- [P1] Path traversal vulnerability in @include
- [P1] Unsafe basePath default (browser compatibility)
- [P1] No alignment validation in @table
- [P1] No column count validation in @table
- [P1] Unvalidated style injection in HTML renderer
- [P2] ReDoS vulnerability in include regex
- [P2] Weak number parsing (NaN/Infinity)
- [P2] Weak error messages (added context)
- Grade: C+ β A+
- Vulnerabilities Fixed: 8 (5 P1, 3 P2)
- Security Tests: 0 β 19
- Audit: Full staff engineer-level P# review
- No performance degradation
- Validation overhead: <1ms per document
- Build times unchanged (<5s)
- Test times: <30s for 130 tests
- None - Fully backward compatible with v1.0 and v1.1
1.1.0 - 2025-10-15
- Strikethrough text support (
~~text~~) - Unicode escape sequences (
\uXXXX,\xXX) - Line:column error tracking
- Extended HTML rendering (ordered lists, blockquotes, code, images)
- Enhanced Markdown export
- HTML escaping to prevent XSS attacks
- 56 tests passing (all new features covered)
1.0.0 - 2025-10-14
- Initial production release
- Core block types: @meta, @doc, @slide, @sheet
- Advanced blocks: @chart, @diagram, @code
- Export formats: PDF, DOCX, PPTX, XLSX
- CLI tools: parse, lint, render, export, format, diff
- Editor support (roadmap)
- 16+ professional examples
- 10+ themes
0.6.0 - 2025-10-13
- Beta release with core functionality
- Parser engine
- Basic converters
- CLI prototype
0.5.0 - 2025-10-12
- Initial alpha release
- Proof of concept
- Basic parsing