🚀 Socket Launch Week Day 5:Introducing Repository Access Permissions and Custom Roles.Learn more →
@blamejs/core
Advanced tools
@blamejs/core - npm Package Compare versions
+12
-1
@@ -299,3 +299,14 @@ "use strict"; | ||
| } | ||
| } catch (_e) { /* drop-silent — operator-supplied store */ } | ||
| } catch (_e) { | ||
| // A replay-store error means we cannot prove the authorization code is | ||
| // unused — that is a denial, not "the code is fresh". codeReusePolicy is | ||
| // "reject" at every profile, so the replay check is unconditional: fail | ||
| // CLOSED with a high-severity refusal rather than silently skipping it. | ||
| issues.push({ | ||
| kind: "code-reuse-unverifiable", severity: "high", | ||
| ruleId: "oauth.code-reuse-unverifiable", | ||
| snippet: "replay store (seenCodeStore.hasSeen) errored — cannot prove " + | ||
| "the authorization code is unused; refusing (fail-closed, RFC 6749 §10.5)", | ||
| }); | ||
| } | ||
| } | ||
@@ -302,0 +313,0 @@ |
+1
-1
| { | ||
| "name": "@blamejs/core", | ||
| "version": "0.15.50", | ||
| "version": "0.15.51", | ||
| "description": "The Node framework that owns its stack.", | ||
@@ -5,0 +5,0 @@ "license": "Apache-2.0", |
+6
-6
@@ -5,6 +5,6 @@ { | ||
| "specVersion": "1.5", | ||
| "serialNumber": "urn:uuid:74c051d6-47fc-4a6b-a557-b70f7fd7afdf", | ||
| "serialNumber": "urn:uuid:28e40053-c854-460c-bb90-e65917309220", | ||
| "version": 1, | ||
| "metadata": { | ||
| "timestamp": "2026-06-29T02:26:06.809Z", | ||
| "timestamp": "2026-06-29T03:31:54.302Z", | ||
| "lifecycles": [ | ||
@@ -23,10 +23,10 @@ { | ||
| "component": { | ||
| "bom-ref": "@blamejs/core@0.15.50", | ||
| "bom-ref": "@blamejs/core@0.15.51", | ||
| "type": "application", | ||
| "name": "blamejs", | ||
| "version": "0.15.50", | ||
| "version": "0.15.51", | ||
| "scope": "required", | ||
| "author": "blamejs contributors", | ||
| "description": "The Node framework that owns its stack.", | ||
| "purl": "pkg:npm/%40blamejs/core@0.15.50", | ||
| "purl": "pkg:npm/%40blamejs/core@0.15.51", | ||
| "properties": [], | ||
@@ -59,3 +59,3 @@ "externalReferences": [ | ||
| { | ||
| "ref": "@blamejs/core@0.15.50", | ||
| "ref": "@blamejs/core@0.15.51", | ||
| "dependsOn": [] | ||
@@ -62,0 +62,0 @@ } |
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
New alerts
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Fixed alerts
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Improved metrics
- Total package byte prevSize
17354126
0.03%- Lines of code
301258
0.01%No dependency changes