@atproto/common - npm Package Compare versions

Comparing version 0.3.3 to 0.3.4-next.0

CHANGELOG.md

 # @atproto/common
 
+## 0.3.4-next.0
+
+### Patch Changes
+
+- Overhaul of package builds, no longer bundling deps.
+
+- Updated dependencies []:
+  - @atproto/common-web@0.2.4-next.0
+
 ## 0.3.3
@@ -4,0 +13,0 @@

dist/buffers.d.ts

 /// <reference types="node" />
 export declare function ui8ToBuffer(bytes: Uint8Array): Buffer;
 export declare function ui8ToArrayBuffer(bytes: Uint8Array): ArrayBuffer;
+//# sourceMappingURL=buffers.d.ts.map

dist/dates.d.ts

 export declare function toSimplifiedISOSafe(dateStr: string): string;
+//# sourceMappingURL=dates.d.ts.map

dist/fs.d.ts

 export declare const fileExists: (location: string) => Promise<boolean>;
+export declare const readIfExists: (filepath: string) => Promise<Uint8Array | undefined>;
+export declare const rmIfExists: (filepath: string, recursive?: boolean) => Promise<void>;
+//# sourceMappingURL=fs.d.ts.map

dist/index.d.ts

 export * from '@atproto/common-web';
 export * from './dates';
+export * from './env';
 export * from './fs';
@@ -9,1 +10,2 @@ export * from './ipld';
 export * from './buffers';
+//# sourceMappingURL=index.d.ts.map

dist/ipld-multi.d.ts

 export declare const cborDecodeMulti: (encoded: Uint8Array) => unknown[];
+//# sourceMappingURL=ipld-multi.d.ts.map

dist/ipld.d.ts

@@ -30,1 +30,2 @@ /// <reference types="node" />
 }
+//# sourceMappingURL=ipld.d.ts.map

dist/logger.d.ts

 import pino from 'pino';
 export declare const subsystemLogger: (name: string) => pino.Logger;
+//# sourceMappingURL=logger.d.ts.map

dist/streams.d.ts

@@ -15,3 +15,4 @@ /// <reference types="node" />
     constructor(maxSize: number, createError: () => Error);
-    _transform(chunk: Uint8Array, _enc: BufferEncoding, cb: TransformCallback): void | this;
+    _transform(chunk: Uint8Array, _enc: BufferEncoding, cb: TransformCallback): void;
 }
+//# sourceMappingURL=streams.d.ts.map

jest.config.js

@@ -1,6 +0,6 @@
-const base = require('../../jest.config.base.js')
-
+/** @type {import('jest').Config} */
 module.exports = {
-  ...base,
   displayName: 'Common',
+  transform: { '^.+\\.(t|j)s$': '@swc/jest' },
+  setupFiles: ['<rootDir>/../../jest.setup.ts'],
 }

LICENSE.txt

 Dual MIT/Apache-2.0 License
 
-Copyright (c) 2022-2023 Bluesky PBC, and Contributors
+Copyright (c) 2022-2024 Bluesky PBC, and Contributors
 
@@ -5,0 +5,0 @@ Except as otherwise noted in individual files, this software is licensed under the MIT license (<http://opensource.org/licenses/MIT>), or the Apache License, Version 2.0 (<http://www.apache.org/licenses/LICENSE-2.0>).

package.json

 {
   "name": "@atproto/common",
-  "version": "0.3.3",
+  "version": "0.3.4-next.0",
   "license": "MIT",
@@ -16,2 +16,3 @@ "description": "Shared web-platform-friendly code for atproto libraries",
   "main": "dist/index.js",
+  "types": "dist/index.d.ts",
   "dependencies": {
@@ -24,11 +25,13 @@ "@ipld/dag-cbor": "^7.0.3",
     "zod": "3.21.4",
-    "@atproto/common-web": "^0.2.3"
+    "@atproto/common-web": "^0.2.4-next.0"
   },
+  "devDependencies": {
+    "jest": "^28.1.2",
+    "typescript": "^5.3.3",
+    "uint8arrays": "3.0.0"
+  },
   "scripts": {
     "test": "jest",
-    "build": "node ./build.js",
-    "postbuild": "tsc --build tsconfig.build.json",
-    "update-main-to-dist": "node ../../update-main-to-dist.js packages/common"
-  },
-  "types": "dist/index.d.ts"
+    "build": "tsc --build tsconfig.build.json"
+  }
 }

src/fs.ts

@@ -16,1 +16,28 @@ import { isErrnoException } from '@atproto/common-web'
 }
+
+export const readIfExists = async (
+  filepath: string,
+): Promise<Uint8Array | undefined> => {
+  try {
+    return await fs.readFile(filepath)
+  } catch (err) {
+    if (isErrnoException(err) && err.code === 'ENOENT') {
+      return
+    }
+    throw err
+  }
+}
+
+export const rmIfExists = async (
+  filepath: string,
+  recursive = false,
+): Promise<void> => {
+  try {
+    await fs.rm(filepath, { recursive })
+  } catch (err) {
+    if (isErrnoException(err) && err.code === 'ENOENT') {
+      return
+    }
+    throw err
+  }
+}

src/index.ts

 export * from '@atproto/common-web'
 export * from './dates'
+export * from './env'
 export * from './fs'
@@ -4,0 +5,0 @@ export * from './ipld'

src/streams.ts

@@ -62,6 +62,7 @@ import {
     if (this.totalSize > this.maxSize) {
-      return this.destroy(this.createError())
+      cb(this.createError())
+    } else {
+      cb(null, chunk)
     }
-    return cb(null, chunk)
   }
 }

tsconfig.build.json

 {
-  "extends": "./tsconfig.json",
-  "exclude": ["**/*.spec.ts", "**/*.test.ts"]
+  "extends": "../../tsconfig/node.json",
+  "compilerOptions": {
+    "rootDir": "./src",
+    "outDir": "./dist"
+  },
+  "include": ["./src"]
 }

tsconfig.json

 {
-  "extends": "../../tsconfig.json",
-  "compilerOptions": {
-    "rootDir": "./src",
-    "outDir": "./dist", // Your outDir,
-    "emitDeclarationOnly": true
-  },
-  "include": ["./src", "__tests__/**/**.ts"],
-  "references": [{ "path": "../common-web/tsconfig.build.json" }]
+  "include": [],
+  "references": [
+    { "path": "./tsconfig.build.json" },
+    { "path": "./tsconfig.tests.json" }
+  ]
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 7 instances in 1 package

Improved metrics

Number of package files

57

increased by83.87%

Number of low supply chain risk alerts

12

decreased by-47.83%

Number of medium supply chain risk alerts

2

decreased by-60%

Worsened metrics

Total package byte prevSize

62910

decreased by-97.59%

Dev dependency count

3

increased byInfinity%

Lines of code

1264

decreased by-94.58%

Dependency changes

• Updated@atproto/common-web@^0.2.4-next.0