@mochi.js/cli - npm Package Compare versions

Comparing version

0.2.10

0.2.11

+4

-4

package.json

		{
		"name": "@mochi.js/cli",
		"version": "0.2.10",
		"version": "0.2.11",
		"description": "The mochi command — browsers install, capture, harness, work. The CLI surface for mochi.",
		@@ -43,5 +43,5 @@ "license": "MIT",
		"dependencies": {
		"@mochi.js/consistency": "^0.1.4",
		"@mochi.js/core": "^0.9.3",
		"@mochi.js/harness": "^0.1.15"
		"@mochi.js/consistency": "^0.1.5",
		"@mochi.js/core": "^0.9.4",
		"@mochi.js/harness": "^0.1.16"
		},
		@@ -48,0 +48,0 @@ "publishConfig": {

+16

-8

src/browsers/manifest.ts

		@@ -57,12 +57,20 @@ /**
		*
		* 2026-05-10: rolled back from 148.0.7778.97 → 147.0.7727.138. The
		* 2026-05-10: rolled back from 148.0.7778.97 → 147.0.7727.117. The
		* captured-profile catalog is still on Chrome 146/147; pinning 148
		* shipped a 1-major UA-vs-binary mismatch on every install. The
		* three most-used captures (linux-chrome-stable, mac-m4-chrome-stable,
		* mac-chrome-beta) now match this pin byte-exactly. The three older
		* 146 captures (mac-chrome-stable, windows-chrome-stable,
		* mac-brave-stable) still mismatch by 1 minor — tracked for the
		* next recapture pass.
		* shipped a 1-major UA-vs-binary mismatch on every install — the
		* canonical R-004 detection vector. We picked .117 because that is
		* the latest 147.x build the CfT catalog actually publishes for all
		* platforms (linux64, mac-arm64, mac-x64, win32, win64). The captured
		* mac-m4-chrome-stable profile's UA happens to read .138 because the
		* capture was taken against real Chrome (which gets more frequent
		* patches than CfT); the patch-level drift is much smaller than the
		* 147→148 major drift it replaces and is below most fingerprinters'
		* resolution. Major-level match is what closes "Different browser
		* version" detection.
		*
		* The three older 146 captures (mac-chrome-stable, windows-chrome-stable,
		* mac-brave-stable) still mismatch by 1 minor — tracked for the next
		* recapture pass.
		*/
		export const PINNED_FALLBACK_VERSION = "147.0.7727.138" as const;
		export const PINNED_FALLBACK_VERSION = "147.0.7727.117" as const;
		export const PINNED_FALLBACK_CHANNEL: Channel = "stable";
		@@ -69,0 +77,0 @@

+18

-0

src/browsers/subcommand.ts

		@@ -31,2 +31,3 @@ /**
		} from "./install";
		import { PINNED_FALLBACK_VERSION } from "./manifest";
		import {
		@@ -233,2 +234,19 @@ binaryPathFor,

		// CRITICAL — default to the PINNED_FALLBACK_VERSION when the user passed
		// no flags. The captured profile catalog in @mochi.js/profiles is pinned
		// against a specific Chrome major (147 today); installing whatever CfT
		// calls "Stable" right now (which can be 148+) ships a UA-vs-binary
		// mismatch on every fingerprint surface — the canonical R-004 detection
		// vector. The docs (`docs/getting-started/install.md`) advertise
		// `mochi browsers install` as "downloads the pinned Chromium-for-Testing
		// build"; this matches that contract.
		//
		// Users who explicitly want the live channel-stable still get it via
		// `--channel stable` (we detect explicit-flag presence below) or by
		// passing an explicit `--version`.
		const channelExplicit = parsed.flags.channel !== undefined;
		if (version === undefined && !channelExplicit) {
		version = PINNED_FALLBACK_VERSION;
		}

		const expectedSha = asString(parsed.flags.sha256);
		@@ -235,0 +253,0 @@ if (expectedSha !== undefined && !/^[0-9a-f]{64}$/i.test(expectedSha)) {

+1

-1

src/index.ts

		@@ -9,3 +9,3 @@ /**
		*/
		export const VERSION = "0.2.9" as const;
		export const VERSION = "0.2.10" as const;

		@@ -12,0 +12,0 @@ /**

@mochi.js/cli - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Dependency changes