@upstash/qstash - npm Package Compare versions

Comparing version 0.0.11 to 0.0.12

esm/_dnt.shims.js

@@ -1,7 +0,4 @@
-import { Deno } from "@deno/shim-deno";
-export { Deno } from "@deno/shim-deno";
 import { crypto } from "@deno/shim-crypto";
 export { crypto } from "@deno/shim-crypto";
 const dntGlobals = {
-    Deno,
     crypto,
@@ -8,0 +5,0 @@ };

esm/entrypoints/nextjs.js

@@ -0,5 +1,8 @@
+import * as dntShim from "../_dnt.shims.js";
+// @ts-ignore Deno can't compile
 import { buffer } from "micro";
-import { Consumer } from "../consumer.js";
+import { Consumer } from "../pkg/consumer.js";
 export function verifySignature(handler, config) {
     const currentSigningKey = config?.currentSigningKey ??
+        // @ts-ignore Deno can't compile
         process.env.get["QSTASH_CURRENT_SIGNING_KEY"];
@@ -10,2 +13,3 @@ if (!currentSigningKey) {
     const nextSigningKey = config?.nextSigningKey ??
+        // @ts-ignore Deno can't compile
         process.env.get["QSTASH_NEXT_SIGNING_KEY"];
@@ -18,2 +22,3 @@ if (!nextSigningKey) {
         nextSigningKey,
+        subtleCrypto: dntShim.crypto.subtle
     });
@@ -29,4 +34,4 @@ return async (req, res) => {
         const body = (await buffer(req)).toString();
-        const url = new URL(req.url, `https://${req.headers.host}`).href;
-        console.log({ reqUrl: req.url, url });
+        console.log(req.headers);
+        const url = config?.url ?? new URL(req.url, `https://${process.env.VERCEL_URL}`).href;
         const isValid = await consumer.verify({ signature, body, url });
@@ -33,0 +38,0 @@ if (!isValid) {

package.json

@@ -6,3 +6,3 @@ {
   "name": "@upstash/qstash",
-  "version": "v0.0.11",
+  "version": "v0.0.12",
   "description": "Official Deno/Typescript client for qStash",
@@ -26,9 +26,9 @@ "repository": {
   "homepage": "https://github.com/upstash/sdk-qstash-ts#readme",
-  "devDependencies": {
-    "micro": "latest",
-    "next": "latest"
+  "peerDependencies": {
+    "micro": "latest"
   },
   "typesVersions": {
     "*": {
-      "nextjs": "./types/entrypoints/nextjs.d.ts"
+      "nextjs": "./types/entrypoints/nextjs.d.ts",
+      "cloudflare": "./types/entrypoints/cloudflare.d.ts"
     }
@@ -41,8 +41,12 @@ },
       "types": "./types/entrypoints/nextjs.d.ts"
+    },
+    "./cloudflare": {
+      "import": "./esm/entrypoints/cloudflare.js",
+      "require": "./script/entrypoints/cloudflare.js",
+      "types": "./types/entrypoints/cloudflare.d.ts"
     }
   },
   "dependencies": {
-    "@deno/shim-crypto": "~0.2.0",
-    "@deno/shim-deno": "~0.5.0"
+    "@deno/shim-crypto": "~0.3.1"
   }
 }

README.md

@@ -69,3 +69,3 @@ # Upstash qStash SDK
 
-console.log(res.messageID)
+console.log(res.messageId)
 ```
@@ -89,3 +89,3 @@
   /**
-   * The signature from the `upstash-signature` header.
+   * The signature from the `Upstash-Signature` header.
    */
@@ -92,0 +92,0 @@ signature: "string";

script/_dnt.shims.js

 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.dntGlobalThis = exports.crypto = exports.Deno = void 0;
-const shim_deno_1 = require("@deno/shim-deno");
-var shim_deno_2 = require("@deno/shim-deno");
-Object.defineProperty(exports, "Deno", { enumerable: true, get: function () { return shim_deno_2.Deno; } });
+exports.dntGlobalThis = exports.crypto = void 0;
 const shim_crypto_1 = require("@deno/shim-crypto");
@@ -11,3 +8,2 @@ var shim_crypto_2 = require("@deno/shim-crypto");
 const dntGlobals = {
-    Deno: shim_deno_1.Deno,
     crypto: shim_crypto_1.crypto,
@@ -14,0 +10,0 @@ };

script/entrypoints/nextjs.js

 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.verifySignature = void 0;
+const dntShim = __importStar(require("../_dnt.shims.js"));
+// @ts-ignore Deno can't compile
 const micro_1 = require("micro");
-const consumer_js_1 = require("../consumer.js");
+const consumer_js_1 = require("../pkg/consumer.js");
 function verifySignature(handler, config) {
     const currentSigningKey = config?.currentSigningKey ??
+        // @ts-ignore Deno can't compile
         process.env.get["QSTASH_CURRENT_SIGNING_KEY"];
@@ -13,2 +39,3 @@ if (!currentSigningKey) {
     const nextSigningKey = config?.nextSigningKey ??
+        // @ts-ignore Deno can't compile
         process.env.get["QSTASH_NEXT_SIGNING_KEY"];
@@ -21,2 +48,3 @@ if (!nextSigningKey) {
         nextSigningKey,
+        subtleCrypto: dntShim.crypto.subtle
     });
@@ -32,4 +60,4 @@ return async (req, res) => {
         const body = (await (0, micro_1.buffer)(req)).toString();
-        const url = new URL(req.url, `https://${req.headers.host}`).href;
-        console.log({ reqUrl: req.url, url });
+        console.log(req.headers);
+        const url = config?.url ?? new URL(req.url, `https://${process.env.VERCEL_URL}`).href;
         const isValid = await consumer.verify({ signature, body, url });
@@ -36,0 +64,0 @@ if (!isValid) {

types/_dnt.shims.d.ts

@@ -1,7 +0,4 @@
-import { Deno } from "@deno/shim-deno";
-export { Deno } from "@deno/shim-deno";
 export { crypto, type Crypto, type SubtleCrypto, type AlgorithmIdentifier, type Algorithm, type RsaOaepParams, type BufferSource, type AesCtrParams, type AesCbcParams, type AesGcmParams, type CryptoKey, type KeyAlgorithm, type KeyType, type KeyUsage, type EcdhKeyDeriveParams, type HkdfParams, type HashAlgorithmIdentifier, type Pbkdf2Params, type AesDerivedKeyParams, type HmacImportParams, type JsonWebKey, type RsaOtherPrimesInfo, type KeyFormat, type RsaHashedKeyGenParams, type RsaKeyGenParams, type BigInteger, type EcKeyGenParams, type NamedCurve, type CryptoKeyPair, type AesKeyGenParams, type HmacKeyGenParams, type RsaHashedImportParams, type EcKeyImportParams, type AesKeyAlgorithm, type RsaPssParams, type EcdsaParams } from "@deno/shim-crypto";
-export declare const dntGlobalThis: Omit<typeof globalThis, "crypto" | "Deno"> & {
-    Deno: typeof Deno;
+export declare const dntGlobalThis: Omit<typeof globalThis, "crypto"> & {
     crypto: import("@deno/shim-crypto").Crypto;
 };

types/entrypoints/nextjs.d.ts

@@ -5,3 +5,9 @@ import type { NextApiHandler } from "next";
     nextSigningKey?: string;
+    /**
+     * The url of this api route, including the protocol.
+     *
+     * If you omit this, the url will be automatically determined by checking the `VERCEL_URL` env variable and assuming `https`
+     */
+    url?: string;
 };
 export declare function verifySignature(handler: NextApiHandler, config?: VerifySignaturConfig): NextApiHandler;

New alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Manifest confusion

Supply chain risk

This package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.

Found 1 instance in 1 package

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Fixed alerts

Manifest confusion

Supply chain risk

This package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

584359

1658%

Dev dependency count

0

-100%

Number of package files

71

255%

Lines of code

9545

1011.18%

Worsened metrics

Number of low supply chain risk alerts

6

50%

Number of medium supply chain risk alerts

4

300%

Dependency changes

• + Added

  @deno/shim-crypto@0.3.1
  (transitive)

• + Added

  arg@4.1.0
  (transitive)

• + Added

  bytes@3.1.0
  (transitive)

• + Added

  content-type@1.0.4
  (transitive)

• + Added

  depd@1.1.2
  (transitive)

• + Added

  http-errors@1.7.3
  (transitive)

• + Added

  iconv-lite@0.4.24
  (transitive)

• + Added

  inherits@2.0.4
  (transitive)

• + Added

  micro@10.0.1
  (transitive)

• + Added

  raw-body@2.4.1
  (transitive)

• + Added

  safer-buffer@2.1.2
  (transitive)

• + Added

  setprototypeof@1.1.1
  (transitive)

• + Added

  statuses@1.5.0
  (transitive)

• + Added

  toidentifier@1.0.0
  (transitive)

• + Added

  unpipe@1.0.0
  (transitive)

• - Removed

  @deno/shim-deno@~0.5.0

• - Removed

  @deno/shim-crypto@0.2.0
  (transitive)

• - Removed

  @deno/shim-deno@0.5.0
  (transitive)

• - Removed

  @deno/shim-deno-test@0.3.3
  (transitive)

• - Removed

  isexe@2.0.0
  (transitive)

• - Removed

  which@2.0.2
  (transitive)

• Updated

  @deno/shim-crypto@~0.3.1