@atproto/common - npm Package Compare versions

Comparing version 0.3.4 to 0.4.0

CHANGELOG.md

 # @atproto/common
 
+## 0.4.0
+
+### Minor Changes
+
+- [#2169](https://github.com/bluesky-social/atproto/pull/2169) [`f689bd51a`](https://github.com/bluesky-social/atproto/commit/f689bd51a2f4e02d4eca40eb2568a1fcb95494e9) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Build system rework, stop bundling dependencies.
+
+### Patch Changes
+
+- Updated dependencies [[`f689bd51a`](https://github.com/bluesky-social/atproto/commit/f689bd51a2f4e02d4eca40eb2568a1fcb95494e9)]:
+  - @atproto/common-web@0.3.0
+
 ## 0.3.4
@@ -4,0 +15,0 @@

dist/buffers.d.ts

 /// <reference types="node" />
 export declare function ui8ToBuffer(bytes: Uint8Array): Buffer;
 export declare function ui8ToArrayBuffer(bytes: Uint8Array): ArrayBuffer;
+//# sourceMappingURL=buffers.d.ts.map

dist/dates.d.ts

 export declare function toSimplifiedISOSafe(dateStr: string): string;
+//# sourceMappingURL=dates.d.ts.map

dist/env.d.ts

@@ -5,1 +5,2 @@ export declare const envInt: (name: string) => number | undefined;
 export declare const envList: (name: string) => string[];
+//# sourceMappingURL=env.d.ts.map

dist/fs.d.ts

 export declare const fileExists: (location: string) => Promise<boolean>;
 export declare const readIfExists: (filepath: string) => Promise<Uint8Array | undefined>;
 export declare const rmIfExists: (filepath: string, recursive?: boolean) => Promise<void>;
+//# sourceMappingURL=fs.d.ts.map

dist/index.d.ts

@@ -10,1 +10,2 @@ export * from '@atproto/common-web';
 export * from './buffers';
+//# sourceMappingURL=index.d.ts.map

dist/ipld-multi.d.ts

 export declare const cborDecodeMulti: (encoded: Uint8Array) => unknown[];
+//# sourceMappingURL=ipld-multi.d.ts.map

dist/ipld.d.ts

@@ -30,1 +30,2 @@ /// <reference types="node" />
 }
+//# sourceMappingURL=ipld.d.ts.map

dist/logger.d.ts

 import pino from 'pino';
 export declare const subsystemLogger: (name: string) => pino.Logger;
+//# sourceMappingURL=logger.d.ts.map

dist/streams.d.ts

@@ -15,3 +15,4 @@ /// <reference types="node" />
     constructor(maxSize: number, createError: () => Error);
-    _transform(chunk: Uint8Array, _enc: BufferEncoding, cb: TransformCallback): void | this;
+    _transform(chunk: Uint8Array, _enc: BufferEncoding, cb: TransformCallback): void;
 }
+//# sourceMappingURL=streams.d.ts.map

jest.config.js

@@ -1,6 +0,6 @@
-const base = require('../../jest.config.base.js')
-
+/** @type {import('jest').Config} */
 module.exports = {
-  ...base,
   displayName: 'Common',
+  transform: { '^.+\\.(t|j)s$': '@swc/jest' },
+  setupFiles: ['<rootDir>/../../jest.setup.ts'],
 }

package.json

 {
   "name": "@atproto/common",
-  "version": "0.3.4",
+  "version": "0.4.0",
   "license": "MIT",
@@ -16,2 +16,3 @@ "description": "Shared web-platform-friendly code for atproto libraries",
   "main": "dist/index.js",
+  "types": "dist/index.d.ts",
   "dependencies": {
@@ -23,12 +24,13 @@ "@ipld/dag-cbor": "^7.0.3",
     "pino": "^8.15.0",
-    "zod": "3.21.4",
-    "@atproto/common-web": "^0.2.4"
+    "@atproto/common-web": "^0.3.0"
   },
+  "devDependencies": {
+    "jest": "^28.1.2",
+    "typescript": "^5.3.3",
+    "uint8arrays": "3.0.0"
+  },
   "scripts": {
     "test": "jest",
-    "build": "node ./build.js",
-    "postbuild": "tsc --build tsconfig.build.json",
-    "update-main-to-dist": "node ../../update-main-to-dist.js packages/common"
-  },
-  "types": "dist/index.d.ts"
+    "build": "tsc --build tsconfig.build.json"
+  }
 }

src/streams.ts

@@ -62,6 +62,7 @@ import {
     if (this.totalSize > this.maxSize) {
-      return this.destroy(this.createError())
+      cb(this.createError())
+    } else {
+      cb(null, chunk)
     }
-    return cb(null, chunk)
   }
 }

tsconfig.build.json

 {
-  "extends": "./tsconfig.json",
-  "exclude": ["**/*.spec.ts", "**/*.test.ts"]
+  "extends": "../../tsconfig/node.json",
+  "compilerOptions": {
+    "rootDir": "./src",
+    "outDir": "./dist"
+  },
+  "include": ["./src"]
 }

tsconfig.json

 {
-  "extends": "../../tsconfig.json",
-  "compilerOptions": {
-    "rootDir": "./src",
-    "outDir": "./dist", // Your outDir,
-    "emitDeclarationOnly": true
-  },
-  "include": ["./src", "__tests__/**/**.ts"],
-  "references": [{ "path": "../common-web/tsconfig.build.json" }]
+  "include": [],
+  "references": [
+    { "path": "./tsconfig.build.json" },
+    { "path": "./tsconfig.tests.json" }
+  ]
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 8 instances in 1 package

Improved metrics

Dependency count

6

decreased by-14.29%

Number of package files

57

increased by72.73%

Number of low supply chain risk alerts

12

decreased by-58.62%

Number of medium supply chain risk alerts

1

decreased by-85.71%

Worsened metrics

Total package byte prevSize

63400

decreased by-97.61%

Dev dependency count

3

increased byInfinity%

Lines of code

1264

decreased by-94.69%

Dependency changes

• + Added@atproto/common-web@0.3.2(transitive)

• + Addedzod@3.24.1(transitive)

• - Removedzod@3.21.4

• - Removed@atproto/common-web@0.2.4(transitive)

• - Removedzod@3.21.4(transitive)

• Updated@atproto/common-web@^0.3.0