@blamejs/core - npm Package Compare versions

Comparing version 0.15.41 to 0.15.42

lib/agent-orchestrator.js

@@ -63,2 +63,3 @@ "use strict";
 var validateOpts      = require("./validate-opts");
+var safeAsync         = require("./safe-async");
 
@@ -169,2 +170,7 @@ var audit             = lazyRequire(function () { return require("./audit"); });
     backend:     backend,
+    // Serializes register/unregister per name so a concurrent pair for the same
+    // name can't interleave the check-then-create (await get -> throw-if-exists
+    // -> await set) and both write — a duplicate-create / lost-registration. In
+    // process only; a shared persistent backend also needs its own uniqueness.
+    registrySerializer: safeAsync.keyedSerializer(),
     cluster:     clusterImpl,
@@ -240,5 +246,5 @@ audit:       auditImpl,
   return {
-    register:        function (name, agent, regOpts)         { return _register(ctx, name, agent, regOpts || {}); },
+    register:        function (name, agent, regOpts)         { return ctx.registrySerializer.run(name, function () { return _register(ctx, name, agent, regOpts || {}); }); },
     hydrate:         function (name, agent)                  { return _hydrate(ctx, name, agent); },
-    unregister:      function (name, args)                   { return _unregister(ctx, name, args || {}); },
+    unregister:      function (name, args)                   { return ctx.registrySerializer.run(name, function () { return _unregister(ctx, name, args || {}); }); },
     lookup:          function (name, args)                   { return _lookup(ctx, name, args || {}); },
@@ -245,0 +251,0 @@ list:            function (args)                         { return _list(ctx, args || {}); },

lib/agent-tenant.js

@@ -63,2 +63,3 @@ "use strict";
 var validateOpts     = require("./validate-opts");
+var safeAsync        = require("./safe-async");
 
@@ -163,2 +164,8 @@ var audit            = lazyRequire(function () { return require("./audit"); });
     backend: backend, audit: auditImpl, permissions: permissions,
+    // Serializes register/unregister per tenantId so a concurrent pair for the
+    // same tenant can't interleave the check-then-create (await get ->
+    // throw-if-exists -> await set) and both write — a duplicate-create /
+    // lost-registration. In process only; a shared persistent backend also
+    // needs its own uniqueness constraint.
+    registrySerializer: safeAsync.keyedSerializer(),
     // Archived tenants — keys retained but no live config; restore
@@ -169,4 +176,4 @@ // requires explicit operator opt-in.
   return {
-    register:    function (tenantId, regOpts)      { return _register(ctx, tenantId, regOpts || {}); },
-    unregister:  function (tenantId, args)         { return _unregister(ctx, tenantId, args || {}); },
+    register:    function (tenantId, regOpts)      { return ctx.registrySerializer.run(tenantId, function () { return _register(ctx, tenantId, regOpts || {}); }); },
+    unregister:  function (tenantId, args)         { return ctx.registrySerializer.run(tenantId, function () { return _unregister(ctx, tenantId, args || {}); }); },
     lookup:      function (tenantId, args)         { return _lookup(ctx, tenantId, args || {}); },
@@ -173,0 +180,0 @@ list:        function (args)                   { return _list(ctx, args || {}); },

lib/auth-bot-challenge.js

@@ -44,2 +44,3 @@ "use strict";
 var numericBounds = require("./numeric-bounds");
+var safeAsync = require("./safe-async");
 var { AuthBotChallengeError } = require("./framework-error");
@@ -284,11 +285,5 @@
   // race the gate actually depends on.)
-  var _advanceChains = new Map();
+  var _advanceSerializer = safeAsync.keyedSerializer();
   function _advanceFailure(key, req) {
-    var prev = _advanceChains.get(key) || Promise.resolve();
-    var run = prev.then(function () { return _doAdvanceFailure(key, req); },
-                        function () { return _doAdvanceFailure(key, req); });
-    var tail = run.then(function () {}, function () {});
-    _advanceChains.set(key, tail);
-    tail.then(function () { if (_advanceChains.get(key) === tail) _advanceChains.delete(key); });
-    return run;
+    return _advanceSerializer.run(key, function () { return _doAdvanceFailure(key, req); });
   }
@@ -295,0 +290,0 @@

lib/auth/lockout.js

@@ -87,2 +87,3 @@ "use strict";
 var validateOpts = require("../validate-opts");
+var safeAsync = require("../safe-async");
 var { LockoutError } = require("../framework-error");
@@ -268,13 +269,7 @@
   // async store): concurrent recordFailure calls for the same key would lose
-  // updates, letting parallel failures stay under the lockout threshold. A
-  // per-key promise chain applies them sequentially in-process.
-  var _recordChains = new Map();
+  // updates, letting parallel failures stay under the lockout threshold. The
+  // keyed serializer applies them sequentially in-process.
+  var _recordSerializer = safeAsync.keyedSerializer();
   function recordFailure(key, callOpts) {
-    var prev = _recordChains.get(key) || Promise.resolve();
-    var run = prev.then(function () { return _doRecordFailure(key, callOpts); },
-                        function () { return _doRecordFailure(key, callOpts); });
-    var tail = run.then(function () {}, function () {});
-    _recordChains.set(key, tail);
-    tail.then(function () { if (_recordChains.get(key) === tail) _recordChains.delete(key); });
-    return run;
+    return _recordSerializer.run(key, function () { return _doRecordFailure(key, callOpts); });
   }
@@ -281,0 +276,0 @@

package.json

 {
   "name": "@blamejs/core",
-  "version": "0.15.41",
+  "version": "0.15.42",
   "description": "The Node framework that owns its stack.",
@@ -5,0 +5,0 @@ "license": "Apache-2.0",

sbom.cdx.json

@@ -5,6 +5,6 @@ {
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:b6890c56-a06c-431c-b27d-d91ce739441d",
+  "serialNumber": "urn:uuid:25fff8f4-b758-413d-b63d-fc1b5b5a19ad",
   "version": 1,
   "metadata": {
-    "timestamp": "2026-06-28T08:26:04.321Z",
+    "timestamp": "2026-06-28T09:41:21.905Z",
     "lifecycles": [
@@ -23,10 +23,10 @@ {
     "component": {
-      "bom-ref": "@blamejs/core@0.15.41",
+      "bom-ref": "@blamejs/core@0.15.42",
       "type": "application",
       "name": "blamejs",
-      "version": "0.15.41",
+      "version": "0.15.42",
       "scope": "required",
       "author": "blamejs contributors",
       "description": "The Node framework that owns its stack.",
-      "purl": "pkg:npm/%40blamejs/core@0.15.41",
+      "purl": "pkg:npm/%40blamejs/core@0.15.42",
       "properties": [],
@@ -59,3 +59,3 @@ "externalReferences": [
     {
-      "ref": "@blamejs/core@0.15.41",
+      "ref": "@blamejs/core@0.15.42",
       "dependsOn": []
@@ -62,0 +62,0 @@ }

New alerts

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Fixed alerts

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Improved metrics

Total package byte prevSize

17310149

0.03%

Lines of code

300947

0.01%

No dependency changes