From 2ccb634fc6250fac106378fe3c5a0fd52d95dd84 Mon Sep 17 00:00:00 2001
From: Saurabh Kumar Bajpai <saurabhkumarbajpaiai@Saurabhs-MacBook-Air.local>
Date: Fri, 12 Jun 2026 19:13:04 +0530
Subject: [PATCH] fix: strict GitHub username validation

---
 lib/validations.accessibility.test.ts | 2 ++
 lib/validations.ts                    | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/validations.accessibility.test.ts b/lib/validations.accessibility.test.ts
index e69bb2d86..5ed8bff39 100644
--- a/lib/validations.accessibility.test.ts
+++ b/lib/validations.accessibility.test.ts
@@ -6,6 +6,8 @@ describe('validations.ts - Accessibility Standards & Screen Reader Aria Complian
     // Assert schema function returns expected output
     expect(validateGitHubUsername('octocat')).toBe(true);
     expect(validateGitHubUsername('invalid--user')).toBe(false);
+    expect(validateGitHubUsername('a'.repeat(39))).toBe(true);
+    expect(validateGitHubUsername('a'.repeat(40))).toBe(false);
 
     const validationAlert = {
       role: 'alert',
diff --git a/lib/validations.ts b/lib/validations.ts
index b5119196d..e37cc11ef 100644
--- a/lib/validations.ts
+++ b/lib/validations.ts
@@ -67,7 +67,7 @@ export function toDimensionValue(val?: string): number | undefined {
 }
 
 export function validateGitHubUsername(username: string): boolean {
-  return /^[a-z\d](?:[a-z\d]|-(?=[a-z\d])){0,38}$/i.test(username);
+  return GITHUB_USERNAME_REGEX.test(username);
 }
 
 /**
@@ -141,7 +141,7 @@ const timeZoneParam = z
   .optional()
   .refine(isValidTimeZone, { message: 'Invalid timezone' });
 
-export const GITHUB_USERNAME_REGEX = /^[a-zA-Z0-9](?:[a-zA-Z0-9]|-(?=[a-zA-Z0-9]))*$/;
+export const GITHUB_USERNAME_REGEX = /^[a-zA-Z0-9](?:[a-zA-Z0-9]|-(?=[a-zA-Z0-9])){0,38}$/;
 
 export const githubUsernameSchema = z
   .string({ error: 'Invalid GitHub username' })