Package: purescript-lua-numbers
File: src/Data/Number.lua
Function: fromStringImpl
Class: semantics Severity: high

Reimplements the finiteness test as x ~= math.huge and x ~= -math.huge instead of invoking the passed-in isFinite predicate, and uses Lua tonumber instead of JS parseFloat. Two concrete failures: (1) On a parse failure tonumber returns nil; nil passes the inf/-inf check, so fromString "bad" returns Just(nil) — a Just Number wrapping nil — instead of Nothing (Number.purs docstring line 103-104 requires Nothing). (2) parseFloat tolerates trailing junk: the docstring (lines 109-112) requires fromString " 1.2 ??" = Just 1.2, but tonumber(" 1.2 ??") = nil, so it returns Just(nil). Additionally a NaN value would pass the inf-check (nan ~= inf is true) and leak through as Just nan, whereas the isFinite argument would reject it.

Current (Lua):

local x = tonumber(str)
          if x ~= math.huge and x ~= -math.huge then
            return just(x)
          else
            return nothing
          end

Expected: fromString "bad" = Nothing; fromString " 1.2 ??" = Just 1.2; only finite parsed numbers wrapped in Just, everything else Nothing.

Proposed fix:

Guard the parse first and actually use the supplied isFinite predicate: `local x = tonumber(str); if x ~= nil and isFinite(x) then return just(x) else return nothing end`. (Note this still will not replicate parseFloat's trailing-garbage tolerance for "  1.2 ??"; matching that requires a leading-numeric-prefix extraction, e.g. tonumber(str:match("^%s*([%-+]?%d*%.?%d+[eE]?[%-+]?%d*)")) before the isFinite check.)

Found by the FFI audit; reproduced under Lua 5.1.