mongodb-client-encryption
Advanced tools
Comparing version 6.1.0-alpha to 6.1.0-alpha.0
@@ -5,2 +5,10 @@ # Changelog | ||
## [6.1.0-alpha.0](https://github.com/mongodb-js/mongodb-client-encryption/compare/v6.1.0-alpha...v6.1.0-alpha.0) (2024-06-28) | ||
### Bug Fixes | ||
* **MONGOSH-1808:** static building on intel macs and windows ([#24](https://github.com/mongodb-js/mongodb-client-encryption/issues/24)) ([f27e8e1](https://github.com/mongodb-js/mongodb-client-encryption/commit/f27e8e1d658dfa269d684d632727b5abf89ecae5)) | ||
* **NODE-6237:** build against glibc 2.27 ([#28](https://github.com/mongodb-js/mongodb-client-encryption/issues/28)) ([1c9b74a](https://github.com/mongodb-js/mongodb-client-encryption/commit/1c9b74a2fe2d4974e0d09ab25f2e5740111bbe07)) | ||
## [6.1.0-alpha](https://github.com/mongodb-js/mongodb-client-encryption/compare/v6.0.1...v6.1.0-alpha) (2024-06-17) | ||
@@ -7,0 +15,0 @@ |
{ | ||
"name": "mongodb-client-encryption", | ||
"version": "6.1.0-alpha", | ||
"version": "6.1.0-alpha.0", | ||
"description": "Official client encryption module for the MongoDB Node.js driver", | ||
@@ -49,3 +49,3 @@ "main": "lib/index.js", | ||
"@typescript-eslint/eslint-plugin": "^7.7.0", | ||
"bson": "^6.6.0", | ||
"bson": "^6.7.0", | ||
"chai": "^4.4.1", | ||
@@ -52,0 +52,0 @@ "chai-subset": "^1.6.0", |
@@ -26,2 +26,30 @@ # MongoDB Client Encryption | ||
### Release Integrity | ||
Releases are created automatically and signed using the [Node team's GPG key](https://pgp.mongodb.com/node-driver.asc). This applies to the git tag as well as all release packages provided as part of a GitHub release. To verify the provided packages, download the key and import it using gpg: | ||
``` | ||
gpg --import node-driver.asc | ||
``` | ||
The GitHub release contains a detached signature file for the NPM package (named | ||
`mongodb-client-encryption-X.Y.Z.tgz.sig`). | ||
The following command returns the link npm package. | ||
```shell | ||
npm view mongodb-client-encryption@vX.Y.Z dist.tarball | ||
``` | ||
Using the result of the above command, a `curl` command can return the official npm package for the release. | ||
To verify the integrity of the downloaded package, run the following command: | ||
```shell | ||
gpg --verify mongodb-client-encryption-X.Y.Z.tgz.sig mongodb-client-encryption-X.Y.Z.tgz | ||
``` | ||
>[!Note] | ||
No verification is done when using npm to install the package. The contents of the Github tarball and npm's tarball are identical. | ||
To verify the native `.node` packages, follow the same steps as above using `mongodb-client-encryption-X.Y.Z-platform.tgz` and the corresponding `.sig` file. | ||
### Development | ||
@@ -31,8 +59,32 @@ | ||
Run the following command to build libmongocrypt and setup the node bindings for development: | ||
Run the following command to build libmongocrypt and you are setup to develop the node bindings: | ||
```shell | ||
bash ./etc/build-static.sh | ||
npm run install:libmongocrypt | ||
``` | ||
#### `libmongocrypt.mjs` | ||
``` | ||
node libmongocrypt.mjs [optional flags] | ||
By default attempts to download and compile the bindings with the crypto prebuilds of libmongocrypt. | ||
Can be configured to clone and build without crypto. | ||
--gitURL=string A custom remote git repository to clone libmongocrypt from. You must also set --build to use this. | ||
--libVersion=string A custom version reference to either download or checkout after cloning. | ||
You may use "latest" to get current libmongocrypt `HEAD`. | ||
--clean Combined with --build, the script will not skip cloning and rebuilding libmongocrypt. | ||
--build Instead of downloading, clone and build libmongocrypt along with the bindings. | ||
--dynamic Skips cloning or downloading libmongocrypt, runs prebuild with build_type set to "dynamic" to compile | ||
a prebuild that links to a system copy of libmongocrypt. | ||
--skip-bindings Skips running prebuild. Useful if only the libmongocrypt dependency is desired. | ||
Only suitable for local development: | ||
--fastDownload If you are improving this script or otherwise repeatedly downloading libmongocrypt, | ||
this flag will interrupt the un-tar operation as early as possible. It should work, most of the time. | ||
``` | ||
#### Prebuild Platforms | ||
@@ -39,0 +91,0 @@ |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
92270
114
1