kerberos - npm Package Compare versions

Comparing version 2.1.0 to 2.1.1-alpha.0

HISTORY.md

@@ -5,2 +5,16 @@ # Changelog
 
+## [2.1.1-alpha.0](https://github.com/mongodb-js/kerberos/compare/v2.1.1-alpha...v2.1.1-alpha.0) (2024-06-28)
+
+
+### Bug Fixes
+
+* release versioning ([#184](https://github.com/mongodb-js/kerberos/issues/184)) ([a39dfcb](https://github.com/mongodb-js/kerberos/commit/a39dfcb35819ea83642505788e75d91e7f527ca3))
+
+## [2.1.1](https://github.com/mongodb-js/kerberos/compare/v2.1.0...v2.1.1-alpha) (2024-06-27)
+
+
+### Bug Fixes
+
+* **NODE-6108:** allow building from source on latest Node.js 20.x ([#172](https://github.com/mongodb-js/kerberos/issues/172)) ([c1f7aca](https://github.com/mongodb-js/kerberos/commit/c1f7acafb211d1b449086433578495d4ae0b869f))
+
 ## [2.1.0](https://github.com/mongodb-js/kerberos/compare/v2.0.3...v2.1.0) (2023-11-21)
@@ -7,0 +21,0 @@

package.json

 {
   "name": "kerberos",
-  "version": "2.1.0",
+  "version": "2.1.1-alpha.0",
   "description": "Kerberos library for Node.js",
@@ -32,6 +32,6 @@ "main": "lib/index.js",
     "node-addon-api": "^6.1.0",
-    "prebuild-install": "7.1.1"
+    "prebuild-install": "^7.1.2"
   },
   "devDependencies": {
-    "chai": "^4.3.7",
+    "chai": "^4.4.1",
     "chai-string": "^1.5.0",
@@ -41,14 +41,19 @@ "chalk": "^4.1.2",
     "dmd-clear": "^0.1.2",
-    "eslint": "^8.46.0",
-    "eslint-config-prettier": "^8.10.0",
-    "eslint-plugin-prettier": "^4.2.1",
-    "jsdoc-to-markdown": "^8.0.0",
-    "mocha": "^10.2.0",
-    "mongodb": "^5.7.0",
-    "node-gyp": "^9.4.0",
-    "prebuild": "^11.0.4",
-    "prettier": "^2.8.8",
+    "eslint": "^8.57.0",
+    "eslint-config-prettier": "^9.1.0",
+    "eslint-plugin-prettier": "^5.1.3",
+    "jsdoc-to-markdown": "^8.0.1",
+    "mocha": "^10.4.0",
+    "mongodb": "^6.5.0",
+    "node-gyp": "^10.1.0",
+    "prebuild": "^13.0.0",
+    "prettier": "^3.2.5",
     "request": "^2.88.2",
     "standard-version": "^9.5.0"
   },
+  "overrides": {
+    "prebuild": {
+      "node-gyp": "$node-gyp"
+    }
+  },
   "scripts": {
@@ -55,0 +60,0 @@ "install": "prebuild-install --runtime napi || node-gyp rebuild",

README.md

@@ -48,2 +48,45 @@ Kerberos
 
+#### Prebuild Platforms
+
+Below are the platforms that are available as prebuilds on each github release.
+`prebuild-install` downloads these automatically depending on the platform you are running npm install on.
+
+- Linux GLIBC 2.23 or later
+    - s390x
+    - arm64
+    - x64
+- MacOS universal binary
+    - x64
+    - arm64
+- Windows
+    - x64
+
+### Release Integrity
+
+Releases are created automatically and signed using the [Node team's GPG key](https://pgp.mongodb.com/node-driver.asc). This applies to the git tag as well as all release packages provided as part of a GitHub release. To verify the provided packages, download the key and import it using gpg:
+
+```
+gpg --import node-driver.asc
+```
+
+The GitHub release contains a detached signature file for the NPM package (named
+`kerberos-X.Y.Z.tgz.sig`).
+
+The following command returns the link npm package. 
+```shell
+npm view kerberos@vX.Y.Z dist.tarball 
+```
+
+Using the result of the above command, a `curl` command can return the official npm package for the release.
+
+To verify the integrity of the downloaded package, run the following command:
+```shell
+gpg --verify kerberos-X.Y.Z.tgz.sig kerberos-X.Y.Z.tgz
+```
+
+>[!Note]
+No verification is done when using npm to install the package. To ensure release integrity when using npm, download the tarball manually from the GitHub release, verify the signature, then install the package from the downloaded tarball using npm install mongodb-X.Y.Z.tgz.
+
+To verify the native `.node` packages, follow the same steps as above. 
+
 ### Testing
@@ -237,4 +280,4 @@
 | [options.principal] | <code>string</code> | Optional string containing the client principal in the form 'user@realm' (e.g. 'jdoe@example.com'). |
-| [options.gssFlags] | <code>number</code> | Optional integer used to set GSS flags. (e.g.  GSS_C_DELEG_FLAG|GSS_C_MUTUAL_FLAG|GSS_C_SEQUENCE_FLAG will allow for forwarding credentials to the remote host) |
-| [options.mechOID] | <code>number</code> | Optional GSS mech OID. Defaults to None (GSS_C_NO_OID). Other possible values are `GSS_MECH_OID_KRB5`, `GSS_MECH_OID_SPNEGO`. |
+| [options.flags] | <code>number</code> | Optional integer used to set GSS flags. (e.g.  `GSS_C_DELEG_FLAG\|GSS_C_MUTUAL_FLAG\|GSS_C_SEQUENCE_FLAG` will allow for forwarding credentials to the remote host) |
+| [options.mechOID] | <code>number</code> | Optional GSS mech OID. Defaults to None (`GSS_C_NO_OID`). Other possible values are `GSS_MECH_OID_KRB5`, `GSS_MECH_OID_SPNEGO`. |
 | [callback] | <code>function</code> |  |
@@ -241,0 +284,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

137513

increased by1.84%

Number of lines in readme file

298

increased by16.86%

Worsened metrics

Number of low quality alerts

2

increased by100%

Number of medium supply chain risk alerts

3

increased by50%

Dependency changes

• + Addedprebuild-install@7.1.2(transitive)

• - Removedprebuild-install@7.1.1(transitive)

• Updatedprebuild-install@^7.1.2