@blamejs/core 0.16.0 → 0.16.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +2 -0
- package/bin/blamejs.js +2 -0
- package/index.js +2 -0
- package/lib/_test/crypto-fixtures.js +2 -0
- package/lib/a2a-tasks.js +2 -0
- package/lib/a2a.js +2 -0
- package/lib/acme.js +2 -0
- package/lib/agent-audit.js +2 -0
- package/lib/agent-envelope-mac.js +2 -0
- package/lib/agent-event-bus.js +2 -0
- package/lib/agent-idempotency.js +2 -0
- package/lib/agent-orchestrator.js +2 -0
- package/lib/agent-posture-chain.js +2 -0
- package/lib/agent-saga.js +2 -0
- package/lib/agent-snapshot.js +2 -0
- package/lib/agent-stream.js +2 -0
- package/lib/agent-tenant.js +2 -0
- package/lib/agent-trace.js +2 -0
- package/lib/ai-adverse-decision.js +2 -0
- package/lib/ai-aedt-bias-audit.js +2 -0
- package/lib/ai-capability.js +2 -0
- package/lib/ai-content-detect.js +2 -0
- package/lib/ai-disclosure.js +2 -0
- package/lib/ai-dp.js +2 -0
- package/lib/ai-frontier-protocol.js +2 -0
- package/lib/ai-input.js +2 -0
- package/lib/ai-model-manifest.js +2 -0
- package/lib/ai-output.js +2 -0
- package/lib/ai-pref.js +2 -0
- package/lib/ai-prompt.js +2 -0
- package/lib/ai-quota.js +2 -0
- package/lib/api-key.js +2 -0
- package/lib/api-snapshot.js +2 -0
- package/lib/app-shutdown.js +2 -0
- package/lib/app.js +2 -0
- package/lib/archive-adapters.js +2 -0
- package/lib/archive-entry-policy.js +2 -0
- package/lib/archive-gz.js +2 -0
- package/lib/archive-read.js +2 -0
- package/lib/archive-tar-read.js +2 -0
- package/lib/archive-tar.js +2 -0
- package/lib/archive-wrap.js +2 -0
- package/lib/archive.js +2 -0
- package/lib/arg-parser.js +2 -0
- package/lib/argon2-builtin.js +2 -0
- package/lib/asn1-der.js +2 -0
- package/lib/asyncapi-bindings.js +2 -0
- package/lib/asyncapi-traits.js +2 -0
- package/lib/asyncapi.js +2 -0
- package/lib/atomic-file.js +2 -0
- package/lib/audit-chain.js +2 -0
- package/lib/audit-daily-review.js +2 -0
- package/lib/audit-emit.js +2 -0
- package/lib/audit-sign.js +2 -0
- package/lib/audit-tools.js +2 -0
- package/lib/audit.js +2 -0
- package/lib/auth/aal.js +2 -0
- package/lib/auth/access-lock.js +2 -0
- package/lib/auth/acr-vocabulary.js +2 -0
- package/lib/auth/ato-kill-switch.js +2 -0
- package/lib/auth/auth-time-tracker.js +2 -0
- package/lib/auth/bot-challenge.js +2 -0
- package/lib/auth/ciba.js +2 -0
- package/lib/auth/dpop.js +2 -0
- package/lib/auth/elevation-grant.js +2 -0
- package/lib/auth/fal.js +2 -0
- package/lib/auth/fido-mds3.js +2 -0
- package/lib/auth/jar.js +2 -0
- package/lib/auth/jwt-external.js +2 -0
- package/lib/auth/jwt.js +2 -0
- package/lib/auth/lockout.js +2 -0
- package/lib/auth/oauth.js +2 -0
- package/lib/auth/oid4vci.js +2 -0
- package/lib/auth/oid4vp.js +2 -0
- package/lib/auth/openid-federation.js +2 -0
- package/lib/auth/passkey.js +2 -0
- package/lib/auth/password.js +2 -0
- package/lib/auth/saml.js +2 -0
- package/lib/auth/sd-jwt-vc-disclosure.js +2 -0
- package/lib/auth/sd-jwt-vc-holder.js +2 -0
- package/lib/auth/sd-jwt-vc-issuer.js +2 -0
- package/lib/auth/sd-jwt-vc.js +2 -0
- package/lib/auth/status-list.js +2 -0
- package/lib/auth/step-up-policy.js +2 -0
- package/lib/auth/step-up.js +2 -0
- package/lib/auth-bot-challenge.js +2 -0
- package/lib/auth-header.js +2 -0
- package/lib/backup/bundle.js +2 -0
- package/lib/backup/crypto.js +2 -0
- package/lib/backup/index.js +2 -0
- package/lib/backup/manifest.js +2 -0
- package/lib/base32.js +2 -0
- package/lib/boot-gates.js +2 -0
- package/lib/bounded-map.js +2 -0
- package/lib/breach-deadline.js +2 -0
- package/lib/break-glass.js +2 -0
- package/lib/budr.js +2 -0
- package/lib/bundler.js +2 -0
- package/lib/cache-redis.js +2 -0
- package/lib/cache-status.js +2 -0
- package/lib/cache.js +2 -0
- package/lib/calendar.js +2 -0
- package/lib/canonical-json.js +2 -0
- package/lib/cbor.js +2 -0
- package/lib/cdn-cache-control.js +2 -0
- package/lib/cert.js +2 -0
- package/lib/chain-writer.js +2 -0
- package/lib/circuit-breaker.js +2 -0
- package/lib/cli-helpers.js +2 -0
- package/lib/cli.js +2 -0
- package/lib/client-hints.js +2 -0
- package/lib/cloud-events.js +2 -0
- package/lib/cluster-provider-db.js +2 -0
- package/lib/cluster-storage.js +2 -0
- package/lib/cluster.js +2 -0
- package/lib/cms-codec.js +2 -0
- package/lib/codepoint-class.js +2 -0
- package/lib/compliance-ai-act-logging.js +2 -0
- package/lib/compliance-ai-act-prohibited.js +2 -0
- package/lib/compliance-ai-act-risk.js +2 -0
- package/lib/compliance-ai-act-transparency.js +2 -0
- package/lib/compliance-ai-act.js +2 -0
- package/lib/compliance-eaa.js +2 -0
- package/lib/compliance-sanctions-aliases.js +2 -0
- package/lib/compliance-sanctions-fetcher.js +2 -0
- package/lib/compliance-sanctions-fuzzy.js +2 -0
- package/lib/compliance-sanctions.js +2 -0
- package/lib/compliance.js +2 -0
- package/lib/config-drift.js +2 -0
- package/lib/config.js +2 -0
- package/lib/consent.js +2 -0
- package/lib/constants.js +2 -0
- package/lib/content-credentials.js +2 -0
- package/lib/content-digest.js +2 -0
- package/lib/cookies.js +2 -0
- package/lib/cose.js +2 -0
- package/lib/cra-report.js +2 -0
- package/lib/crdt.js +2 -0
- package/lib/credential-hash.js +2 -0
- package/lib/crypto-field.js +2 -0
- package/lib/crypto-hpke-pq.js +2 -0
- package/lib/crypto-hpke.js +2 -0
- package/lib/crypto-oprf.js +2 -0
- package/lib/crypto-xwing.js +2 -0
- package/lib/crypto.js +2 -0
- package/lib/csp.js +2 -0
- package/lib/csv.js +2 -0
- package/lib/cwt.js +2 -0
- package/lib/daemon.js +2 -0
- package/lib/dark-patterns.js +2 -0
- package/lib/data-act.js +2 -0
- package/lib/db-collection.js +2 -0
- package/lib/db-declare-row-policy.js +2 -0
- package/lib/db-declare-view.js +2 -0
- package/lib/db-file-lifecycle.js +2 -0
- package/lib/db-query.js +2 -0
- package/lib/db-role-context.js +2 -0
- package/lib/db-schema.js +2 -0
- package/lib/db.js +2 -0
- package/lib/dbsc.js +2 -0
- package/lib/ddl-change-control.js +2 -0
- package/lib/deprecate.js +2 -0
- package/lib/dev.js +2 -0
- package/lib/did.js +2 -0
- package/lib/dora.js +2 -0
- package/lib/dr-runbook.js +2 -0
- package/lib/dsa.js +2 -0
- package/lib/dsr.js +2 -0
- package/lib/dual-control.js +2 -0
- package/lib/early-hints.js +2 -0
- package/lib/eat.js +2 -0
- package/lib/error-page.js +2 -0
- package/lib/events.js +2 -0
- package/lib/external-db-migrate.js +2 -0
- package/lib/external-db.js +2 -0
- package/lib/fapi2.js +2 -0
- package/lib/fda-21cfr11.js +2 -0
- package/lib/fdx.js +2 -0
- package/lib/fedcm.js +2 -0
- package/lib/file-type.js +2 -0
- package/lib/file-upload.js +2 -0
- package/lib/flag-cache.js +2 -0
- package/lib/flag-evaluation-context.js +2 -0
- package/lib/flag-providers.js +2 -0
- package/lib/flag-targeting.js +2 -0
- package/lib/flag.js +2 -0
- package/lib/forms.js +2 -0
- package/lib/framework-error.js +2 -0
- package/lib/framework-files.js +2 -0
- package/lib/framework-schema.js +2 -0
- package/lib/framework-sha1-hibp.js +2 -0
- package/lib/fsm.js +2 -0
- package/lib/gate-contract.js +2 -0
- package/lib/gdpr-ropa.js +2 -0
- package/lib/graphql-federation.js +2 -0
- package/lib/guard-agent-registry.js +2 -0
- package/lib/guard-all.js +2 -0
- package/lib/guard-archive.js +2 -0
- package/lib/guard-auth.js +2 -0
- package/lib/guard-cidr.js +2 -0
- package/lib/guard-csv.js +2 -0
- package/lib/guard-domain.js +2 -0
- package/lib/guard-dsn.js +2 -0
- package/lib/guard-email.js +2 -0
- package/lib/guard-envelope.js +2 -0
- package/lib/guard-event-bus-payload.js +2 -0
- package/lib/guard-event-bus-topic.js +2 -0
- package/lib/guard-filename.js +2 -0
- package/lib/guard-graphql.js +2 -0
- package/lib/guard-html-wcag-aria.js +2 -0
- package/lib/guard-html-wcag-forms.js +2 -0
- package/lib/guard-html-wcag-tables.js +2 -0
- package/lib/guard-html-wcag-tagwalk.js +2 -0
- package/lib/guard-html-wcag.js +2 -0
- package/lib/guard-html.js +2 -0
- package/lib/guard-idempotency-key.js +2 -0
- package/lib/guard-image.js +2 -0
- package/lib/guard-imap-command.js +2 -0
- package/lib/guard-jmap.js +2 -0
- package/lib/guard-json.js +2 -0
- package/lib/guard-jsonpath.js +2 -0
- package/lib/guard-jwt.js +2 -0
- package/lib/guard-list-id.js +2 -0
- package/lib/guard-list-unsubscribe.js +2 -0
- package/lib/guard-mail-compose.js +2 -0
- package/lib/guard-mail-move.js +2 -0
- package/lib/guard-mail-query.js +2 -0
- package/lib/guard-mail-reply.js +2 -0
- package/lib/guard-mail-sieve.js +2 -0
- package/lib/guard-managesieve-command.js +2 -0
- package/lib/guard-markdown.js +2 -0
- package/lib/guard-message-id.js +2 -0
- package/lib/guard-mime.js +2 -0
- package/lib/guard-oauth.js +2 -0
- package/lib/guard-pdf.js +2 -0
- package/lib/guard-pop3-command.js +2 -0
- package/lib/guard-posture-chain.js +2 -0
- package/lib/guard-regex.js +2 -0
- package/lib/guard-saga-config.js +2 -0
- package/lib/guard-shell.js +2 -0
- package/lib/guard-smtp-command.js +2 -0
- package/lib/guard-snapshot-envelope.js +2 -0
- package/lib/guard-sql.js +2 -0
- package/lib/guard-stream-args.js +2 -0
- package/lib/guard-svg.js +2 -0
- package/lib/guard-template.js +2 -0
- package/lib/guard-tenant-id.js +2 -0
- package/lib/guard-text.js +2 -0
- package/lib/guard-time.js +2 -0
- package/lib/guard-trace-context.js +2 -0
- package/lib/guard-uuid.js +2 -0
- package/lib/guard-xml.js +2 -0
- package/lib/guard-yaml.js +2 -0
- package/lib/hal.js +2 -0
- package/lib/handlers.js +2 -0
- package/lib/honeytoken.js +2 -0
- package/lib/html-balance.js +2 -0
- package/lib/http-client-cache.js +2 -0
- package/lib/http-client-cookie-jar.js +2 -0
- package/lib/http-client.js +2 -0
- package/lib/http-message-signature.js +2 -0
- package/lib/http2-teardown.js +2 -0
- package/lib/i18n-messageformat.js +2 -0
- package/lib/i18n.js +2 -0
- package/lib/iab-mspa.js +2 -0
- package/lib/iab-tcf.js +2 -0
- package/lib/importmap-integrity.js +2 -0
- package/lib/inbox.js +2 -0
- package/lib/incident-report.js +2 -0
- package/lib/ip-utils.js +2 -0
- package/lib/jobs.js +2 -0
- package/lib/jose-jwe-experimental.js +2 -0
- package/lib/json-merge-patch.js +2 -0
- package/lib/json-patch.js +2 -0
- package/lib/json-path.js +2 -0
- package/lib/json-pointer.js +2 -0
- package/lib/json-schema.js +2 -0
- package/lib/jsonapi.js +2 -0
- package/lib/jtd.js +2 -0
- package/lib/jwk.js +2 -0
- package/lib/keychain.js +2 -0
- package/lib/lazy-require.js +2 -0
- package/lib/legal-hold.js +2 -0
- package/lib/link-header.js +2 -0
- package/lib/local-db-thin.js +2 -0
- package/lib/log-stream-cloudwatch.js +2 -0
- package/lib/log-stream-local.js +2 -0
- package/lib/log-stream-otlp-grpc.js +2 -0
- package/lib/log-stream-otlp.js +2 -0
- package/lib/log-stream-syslog.js +2 -0
- package/lib/log-stream-webhook.js +2 -0
- package/lib/log-stream.js +2 -0
- package/lib/log.js +2 -0
- package/lib/lro.js +2 -0
- package/lib/mail-agent.js +2 -0
- package/lib/mail-arc-reuse-token.js +2 -0
- package/lib/mail-arc-sign.js +2 -0
- package/lib/mail-arf.js +2 -0
- package/lib/mail-auth.js +2 -0
- package/lib/mail-bimi.js +2 -0
- package/lib/mail-bounce.js +2 -0
- package/lib/mail-crypto-pgp.js +2 -0
- package/lib/mail-crypto-smime.js +2 -0
- package/lib/mail-crypto.js +2 -0
- package/lib/mail-dav.js +2 -0
- package/lib/mail-deploy.js +2 -0
- package/lib/mail-dkim.js +2 -0
- package/lib/mail-greylist.js +2 -0
- package/lib/mail-helo.js +2 -0
- package/lib/mail-journal.js +2 -0
- package/lib/mail-mdn.js +2 -0
- package/lib/mail-rbl.js +2 -0
- package/lib/mail-require-tls.js +2 -0
- package/lib/mail-scan.js +2 -0
- package/lib/mail-send-deliver.js +2 -0
- package/lib/mail-server-imap.js +2 -0
- package/lib/mail-server-jmap.js +2 -0
- package/lib/mail-server-managesieve.js +2 -0
- package/lib/mail-server-mx.js +2 -0
- package/lib/mail-server-net.js +2 -0
- package/lib/mail-server-pop3.js +2 -0
- package/lib/mail-server-rate-limit.js +2 -0
- package/lib/mail-server-registry.js +2 -0
- package/lib/mail-server-submission.js +2 -0
- package/lib/mail-server-tls.js +2 -0
- package/lib/mail-sieve.js +2 -0
- package/lib/mail-spam-score.js +2 -0
- package/lib/mail-srs.js +2 -0
- package/lib/mail-store-fts.js +2 -0
- package/lib/mail-store.js +2 -0
- package/lib/mail-unsubscribe.js +2 -0
- package/lib/mail.js +2 -0
- package/lib/markup-escape.js +2 -0
- package/lib/markup-tokenizer.js +2 -0
- package/lib/mcp-tool-registry.js +2 -0
- package/lib/mcp.js +2 -0
- package/lib/mdoc.js +2 -0
- package/lib/metrics.js +2 -0
- package/lib/middleware/age-gate.js +2 -0
- package/lib/middleware/ai-act-disclosure.js +2 -0
- package/lib/middleware/api-encrypt.js +2 -0
- package/lib/middleware/assetlinks.js +2 -0
- package/lib/middleware/asyncapi-serve.js +2 -0
- package/lib/middleware/attach-user.js +2 -0
- package/lib/middleware/bearer-auth.js +2 -0
- package/lib/middleware/body-parser.js +2 -0
- package/lib/middleware/bot-disclose.js +2 -0
- package/lib/middleware/bot-guard.js +2 -0
- package/lib/middleware/clear-site-data.js +2 -0
- package/lib/middleware/compose-pipeline.js +2 -0
- package/lib/middleware/compression.js +2 -0
- package/lib/middleware/cookies.js +2 -0
- package/lib/middleware/cors.js +2 -0
- package/lib/middleware/csp-nonce.js +2 -0
- package/lib/middleware/csp-report.js +2 -0
- package/lib/middleware/csrf-protect.js +2 -0
- package/lib/middleware/daily-byte-quota.js +2 -0
- package/lib/middleware/db-role-for.js +2 -0
- package/lib/middleware/deny-response.js +2 -0
- package/lib/middleware/dpop.js +2 -0
- package/lib/middleware/error-handler.js +2 -0
- package/lib/middleware/fetch-metadata.js +2 -0
- package/lib/middleware/flag-context.js +2 -0
- package/lib/middleware/gpc.js +2 -0
- package/lib/middleware/headers.js +2 -0
- package/lib/middleware/health.js +2 -0
- package/lib/middleware/host-allowlist.js +2 -0
- package/lib/middleware/idempotency-key.js +2 -0
- package/lib/middleware/index.js +2 -0
- package/lib/middleware/nel.js +2 -0
- package/lib/middleware/network-allowlist.js +2 -0
- package/lib/middleware/no-cache.js +2 -0
- package/lib/middleware/openapi-serve.js +2 -0
- package/lib/middleware/protected-resource-metadata.js +2 -0
- package/lib/middleware/rate-limit.js +2 -0
- package/lib/middleware/request-id.js +2 -0
- package/lib/middleware/request-log.js +2 -0
- package/lib/middleware/require-aal.js +2 -0
- package/lib/middleware/require-auth.js +2 -0
- package/lib/middleware/require-bound-key.js +2 -0
- package/lib/middleware/require-content-type.js +2 -0
- package/lib/middleware/require-methods.js +2 -0
- package/lib/middleware/require-mtls.js +2 -0
- package/lib/middleware/require-step-up.js +2 -0
- package/lib/middleware/scim-server.js +2 -0
- package/lib/middleware/security-headers.js +2 -0
- package/lib/middleware/security-txt.js +2 -0
- package/lib/middleware/span-http-server.js +2 -0
- package/lib/middleware/speculation-rules.js +2 -0
- package/lib/middleware/sse.js +2 -0
- package/lib/middleware/trace-log-correlation.js +2 -0
- package/lib/middleware/trace-propagate.js +2 -0
- package/lib/middleware/tus-upload.js +2 -0
- package/lib/middleware/web-app-manifest.js +2 -0
- package/lib/migration-files.js +2 -0
- package/lib/migrations.js +2 -0
- package/lib/mime-parse.js +2 -0
- package/lib/module-loader.js +2 -0
- package/lib/money.js +2 -0
- package/lib/mtls-ca.js +2 -0
- package/lib/mtls-engine-default.js +2 -0
- package/lib/network-byte-quota.js +2 -0
- package/lib/network-dane.js +2 -0
- package/lib/network-dns-resolver.js +2 -0
- package/lib/network-dns.js +2 -0
- package/lib/network-dnssec.js +2 -0
- package/lib/network-heartbeat.js +2 -0
- package/lib/network-nts.js +2 -0
- package/lib/network-proxy.js +2 -0
- package/lib/network-smtp-policy.js +2 -0
- package/lib/network-tls.js +2 -0
- package/lib/network-tsig.js +2 -0
- package/lib/network.js +2 -0
- package/lib/nis2-report.js +2 -0
- package/lib/nist-crosswalk.js +2 -0
- package/lib/nonce-store.js +2 -0
- package/lib/notify.js +2 -0
- package/lib/ntp-check.js +2 -0
- package/lib/numeric-bounds.js +2 -0
- package/lib/numeric-checks.js +2 -0
- package/lib/object-store/azure-blob-bucket-ops.js +2 -0
- package/lib/object-store/azure-blob.js +2 -0
- package/lib/object-store/gcs-bucket-ops.js +2 -0
- package/lib/object-store/gcs.js +2 -0
- package/lib/object-store/http-put.js +2 -0
- package/lib/object-store/http-request.js +2 -0
- package/lib/object-store/index.js +2 -0
- package/lib/object-store/local.js +2 -0
- package/lib/object-store/sigv4-bucket-ops.js +2 -0
- package/lib/object-store/sigv4.js +2 -0
- package/lib/observability-otlp-exporter.js +2 -0
- package/lib/observability-tracer.js +2 -0
- package/lib/observability.js +2 -0
- package/lib/openapi-paths-builder.js +2 -0
- package/lib/openapi-schema-walk.js +2 -0
- package/lib/openapi-security.js +2 -0
- package/lib/openapi-yaml.js +2 -0
- package/lib/openapi.js +2 -0
- package/lib/otel-export.js +2 -0
- package/lib/outbox.js +2 -0
- package/lib/pagination.js +2 -0
- package/lib/parsers/index.js +2 -0
- package/lib/parsers/safe-env.js +2 -0
- package/lib/parsers/safe-ini.js +2 -0
- package/lib/parsers/safe-toml.js +2 -0
- package/lib/parsers/safe-xml.js +2 -0
- package/lib/parsers/safe-yaml.js +2 -0
- package/lib/permissions.js +2 -0
- package/lib/pick.js +2 -0
- package/lib/pipl-cn.js +2 -0
- package/lib/pqc-agent.js +2 -0
- package/lib/pqc-gate.js +2 -0
- package/lib/pqc-software.js +2 -0
- package/lib/privacy-pass.js +2 -0
- package/lib/privacy.js +2 -0
- package/lib/problem-details.js +2 -0
- package/lib/process-spawn.js +2 -0
- package/lib/promise-pool.js +2 -0
- package/lib/protobuf-encoder.js +2 -0
- package/lib/protocol-dispatcher.js +2 -0
- package/lib/public-suffix.js +2 -0
- package/lib/pubsub-cluster.js +2 -0
- package/lib/pubsub-redis.js +2 -0
- package/lib/pubsub.js +2 -0
- package/lib/queue-local.js +2 -0
- package/lib/queue-redis.js +2 -0
- package/lib/queue-sqs.js +2 -0
- package/lib/queue.js +2 -0
- package/lib/redact.js +2 -0
- package/lib/redis-client.js +2 -0
- package/lib/render.js +2 -0
- package/lib/request-helpers.js +2 -0
- package/lib/resource-access-lock.js +2 -0
- package/lib/restore-bundle.js +2 -0
- package/lib/restore-rollback.js +2 -0
- package/lib/restore.js +2 -0
- package/lib/retention.js +2 -0
- package/lib/retry.js +2 -0
- package/lib/rfc3339.js +2 -0
- package/lib/router.js +2 -0
- package/lib/safe-archive.js +2 -0
- package/lib/safe-async.js +2 -0
- package/lib/safe-buffer.js +2 -0
- package/lib/safe-decompress.js +2 -0
- package/lib/safe-dns.js +2 -0
- package/lib/safe-ical.js +2 -0
- package/lib/safe-icap.js +2 -0
- package/lib/safe-json.js +2 -0
- package/lib/safe-jsonpath.js +2 -0
- package/lib/safe-mime.js +2 -0
- package/lib/safe-mount-info.js +2 -0
- package/lib/safe-path.js +2 -0
- package/lib/safe-redirect.js +2 -0
- package/lib/safe-schema.js +2 -0
- package/lib/safe-sieve.js +2 -0
- package/lib/safe-smtp.js +2 -0
- package/lib/safe-sql.js +2 -0
- package/lib/safe-url.js +2 -0
- package/lib/safe-vcard.js +2 -0
- package/lib/sandbox-worker.js +2 -0
- package/lib/sandbox.js +2 -0
- package/lib/scheduler.js +2 -0
- package/lib/scitt.js +2 -0
- package/lib/sd-notify.js +2 -0
- package/lib/sec-cyber.js +2 -0
- package/lib/security-assert.js +2 -0
- package/lib/seeders.js +2 -0
- package/lib/self-update-standalone-verifier.js +2 -0
- package/lib/self-update.js +2 -0
- package/lib/server-timing.js +2 -0
- package/lib/session-device-binding.js +2 -0
- package/lib/session-stores.js +2 -0
- package/lib/session.js +2 -0
- package/lib/slug.js +2 -0
- package/lib/sql.js +2 -0
- package/lib/sse.js +2 -0
- package/lib/ssrf-guard.js +2 -0
- package/lib/standard-webhooks.js +2 -0
- package/lib/static.js +2 -0
- package/lib/storage.js +2 -0
- package/lib/stream-throttle.js +2 -0
- package/lib/structured-fields.js +2 -0
- package/lib/subject.js +2 -0
- package/lib/tcpa-10dlc.js +2 -0
- package/lib/template.js +2 -0
- package/lib/tenant-quota.js +2 -0
- package/lib/test-harness.js +2 -0
- package/lib/testing.js +2 -0
- package/lib/time.js +2 -0
- package/lib/tls-exporter.js +2 -0
- package/lib/totp.js +2 -0
- package/lib/tracing.js +2 -0
- package/lib/tsa.js +2 -0
- package/lib/uri-template.js +2 -0
- package/lib/uuid.js +2 -0
- package/lib/validate-opts.js +2 -0
- package/lib/vault/index.js +2 -0
- package/lib/vault/passphrase-ops.js +2 -0
- package/lib/vault/passphrase-source.js +2 -0
- package/lib/vault/rotate.js +2 -0
- package/lib/vault/seal-pem-file.js +2 -0
- package/lib/vault/wrap.js +2 -0
- package/lib/vault-aad.js +2 -0
- package/lib/vc.js +2 -0
- package/lib/vendor-data.js +2 -0
- package/lib/vex.js +2 -0
- package/lib/watcher.js +2 -0
- package/lib/web-push-vapid.js +2 -0
- package/lib/webhook-dispatcher.js +2 -0
- package/lib/webhook.js +2 -0
- package/lib/websocket-channels.js +2 -0
- package/lib/websocket.js +2 -0
- package/lib/wiki-concepts.js +2 -0
- package/lib/worker-pool.js +2 -0
- package/lib/worm.js +2 -0
- package/lib/ws-client.js +2 -0
- package/lib/x509-chain.js +2 -0
- package/lib/xml-c14n.js +2 -0
- package/package.json +1 -1
- package/sbom.cdx.json +6 -6
package/CHANGELOG.md
CHANGED
|
@@ -8,6 +8,8 @@ upgrading across more than a few patches at a time.
|
|
|
8
8
|
|
|
9
9
|
## v0.16.x
|
|
10
10
|
|
|
11
|
+
- v0.16.1 (2026-07-03) — **Every source file now carries an SPDX license + copyright header; the wiki example emits its full HSTS when it runs behind a TLS-terminating reverse proxy; and a good-first-issue on-ramp lands for new contributors.** This patch stamps a per-file `SPDX-License-Identifier: Apache-2.0` and a copyright line onto every first-party source file, so the license of any single file is unambiguous when it is read, audited, or vendored in isolation. The project stays Apache-2.0 — this is a clarity change, not a license change, and vendored third-party files under lib/vendor/ keep their own upstream headers. The wiki example now passes its trusted-proxy CIDRs to the securityHeaders middleware: a deployment behind a TLS-terminating reverse proxy (Caddy or nginx) that forwards `X-Forwarded-Proto: https` now emits the framework's strong HSTS (two-year max-age, includeSubDomains, preload) instead of suppressing it on the plain-HTTP hop from the proxy — the wiki e2e asserts both the proxied-https and the direct-http cases. CONTRIBUTING gains a good-first-issue on-ramp so new contributors have a clear, small first step. **Added:** *Per-file SPDX license and copyright headers* — Every first-party source file now begins with `// SPDX-License-Identifier: Apache-2.0` and a copyright line, so the license and holder of any individual file are explicit when it is read or extracted on its own. No license change — the project remains Apache-2.0. Vendored files under `lib/vendor/` are untouched and retain their upstream license headers. **Changed:** *Good-first-issue on-ramp for new contributors* — CONTRIBUTING now points new contributors at issues labelled `good first issue` — small, self-contained tasks (a doc or wiki-example fix, a test for an uncovered branch) that are the easiest first step into the codebase. **Security:** *Wiki example emits its full HSTS behind a TLS-terminating reverse proxy* — The wiki example app now hands its trusted-proxy CIDRs to `securityHeaders`, so behind Caddy or nginx forwarding `X-Forwarded-Proto: https` it emits `Strict-Transport-Security: max-age=63072000; includeSubDomains; preload` rather than dropping HSTS on the internal HTTP hop from the proxy. Operators modelling their own app on the example inherit the fix by declaring their proxy CIDRs via `WIKI_ADMIN_TRUSTED_PROXIES` (the production compose already defaults to the private ranges). The framework's `securityHeaders` primitive is unchanged; this closes a wiring gap in the example.
|
|
12
|
+
|
|
11
13
|
- v0.16.0 (2026-07-03) — **Raises the minimum Node.js engine to 24.18.0; the status-list verifier now binds the token type against a typ-confusion replay; and CI supply-chain pinning is consolidated behind committed dev/example lockfiles, `npm ci`, and a single aggregating pin tool that closes the OpenSSF Scorecard pinned-dependency gaps.** This minor raises the supported Node.js floor from 24.16.0 to 24.18.0 — operators must run Node 24.18.0 or newer (24.17.0 was a security release; 24.18.0 bundles SQLite 3.53.1 and a backup-path fix, and guarantees the native OpenSSL 3.5 SLH-DSA surface). b.auth.statusList.fromJwt now enforces RFC 8725 §3.11 by binding the JWS header typ to the "statuslist+jwt" that toJwt stamps, so a token minted for another purpose can't be replayed as a status list. The build's supply-chain pinning is reworked so OpenSSF Scorecard sees pinned installs everywhere it can: the dev-tool, example, and fuzz manifests now ship committed lockfiles and CI installs them with `npm ci` (Scorecard keys pinning on the `ci` verb, not on an `@version` specifier), the vendored fuzz toolchain and the oss-fuzz base image are pinned, and a new scripts/pin-all.js aggregates every pin — regenerating all lockfiles, pinning the GitHub Action SHAs, and syncing the Docker base-image digests in one `--fix`, with a `--check` gate wired into CI and the release flow so no pin can silently drift. The committed lockfiles are dev/example-only and excluded from the published tarball; the zero-npm-RUNTIME-deps rule is unchanged. **Added:** *scripts/pin-all.js — aggregated supply-chain pin tool* — One command re-pins every supply-chain segment: `--fix` regenerates the committed lockfiles (root / examples/wiki / fuzz), pins the GitHub Action SHAs, and syncs the Docker base-image digests; `--check` (wired into CI and the release flow) verifies the lockfile and digest segments — including each lockfile's package version — are in sync and fails closed on drift. Contributor tooling — it does not ship in the tarball. · *Project-governance and assurance documentation; OpenSSF Best Practices silver badge* — Adds a ROADMAP.md (documented direction plus an explicit out-of-scope list), a Developer Certificate of Origin policy in CONTRIBUTING.md (contributions carry a Signed-off-by; releases sign off through the release tooling), and an explicit security assurance case in SECURITY.md (a top security claim decomposed into evidence-backed sub-claims, with a residual-risk statement). The project earned the OpenSSF Best Practices silver badge, linked from the README. **Changed:** *Minimum Node.js engine raised to 24.18.0* — engines.node is now >=24.18.0 (was >=24.16.0). Operators must run Node 24.18.0 or newer. 24.17.0 was a security release and 24.18.0 bundles SQLite 3.53.1 plus a backup-keepalive fix; the floor also guarantees the native OpenSSL 3.5 SLH-DSA sign/verify surface. CI, the release container, and the docs are updated to the new floor. · *Supply-chain pinning consolidated behind committed lockfiles + `npm ci` + one aggregating pin tool* — The root dev-tool (esbuild, postject), examples/wiki, and fuzz (jazzer.js) manifests now ship committed package-lock.json files, and CI installs them with `npm ci` instead of `npm install pkg@version` — OpenSSF Scorecard's Pinned-Dependencies check treats only the `npm ci` verb as pinned, so this is what actually clears those alerts (an exact `@version` specifier does not). The vendored fuzz toolchain is pinned to an exact jazzer version and the oss-fuzz base image is digest-pinned (mirroring the Dependabot-tracked .clusterfuzzlite digest). A new scripts/pin-all.js aggregates every pinning segment — it regenerates all committed lockfiles, pins the GitHub Action SHAs (via check-actions-currency), and syncs the Docker base-image digests in one `--fix`; a `--check` mode runs in CI and scripts/release.js so a stale lockfile or drifted digest fails closed. The committed lockfiles are dev/example-only, excluded from the published tarball's files allowlist; the zero-npm-RUNTIME-deps rule is unchanged. **Security:** *Status-list verification binds the token type (RFC 8725 §3.11 typ-confusion)* — b.auth.statusList.fromJwt now passes expectedTyp "statuslist+jwt" to the JWT verifier, matching the typ that b.auth.statusList.toJwt stamps and every sibling verifier enforces. A token minted for another purpose — even one that happens to carry a status_list.lst claim — is now refused on the type binding before the claim is read, closing the typ-confusion class where such a token could be replayed as a status list.
|
|
12
14
|
|
|
13
15
|
## v0.15.x
|
package/bin/blamejs.js
CHANGED
package/index.js
CHANGED
package/lib/a2a-tasks.js
CHANGED
package/lib/a2a.js
CHANGED
package/lib/acme.js
CHANGED
package/lib/agent-audit.js
CHANGED
package/lib/agent-event-bus.js
CHANGED
package/lib/agent-idempotency.js
CHANGED
package/lib/agent-saga.js
CHANGED
package/lib/agent-snapshot.js
CHANGED
package/lib/agent-stream.js
CHANGED
package/lib/agent-tenant.js
CHANGED
package/lib/agent-trace.js
CHANGED
package/lib/ai-capability.js
CHANGED
package/lib/ai-content-detect.js
CHANGED
package/lib/ai-disclosure.js
CHANGED
package/lib/ai-dp.js
CHANGED
package/lib/ai-input.js
CHANGED
package/lib/ai-model-manifest.js
CHANGED
package/lib/ai-output.js
CHANGED
package/lib/ai-pref.js
CHANGED
package/lib/ai-prompt.js
CHANGED
package/lib/ai-quota.js
CHANGED
package/lib/api-key.js
CHANGED
package/lib/api-snapshot.js
CHANGED
package/lib/app-shutdown.js
CHANGED
package/lib/app.js
CHANGED
package/lib/archive-adapters.js
CHANGED
package/lib/archive-gz.js
CHANGED
package/lib/archive-read.js
CHANGED
package/lib/archive-tar-read.js
CHANGED
package/lib/archive-tar.js
CHANGED
package/lib/archive-wrap.js
CHANGED
package/lib/archive.js
CHANGED
package/lib/arg-parser.js
CHANGED
package/lib/argon2-builtin.js
CHANGED
package/lib/asn1-der.js
CHANGED
package/lib/asyncapi-bindings.js
CHANGED
package/lib/asyncapi-traits.js
CHANGED
package/lib/asyncapi.js
CHANGED
package/lib/atomic-file.js
CHANGED
package/lib/audit-chain.js
CHANGED
package/lib/audit-emit.js
CHANGED
package/lib/audit-sign.js
CHANGED
package/lib/audit-tools.js
CHANGED
package/lib/audit.js
CHANGED
package/lib/auth/aal.js
CHANGED
package/lib/auth/access-lock.js
CHANGED
package/lib/auth/ciba.js
CHANGED
package/lib/auth/dpop.js
CHANGED
package/lib/auth/fal.js
CHANGED
package/lib/auth/fido-mds3.js
CHANGED
package/lib/auth/jar.js
CHANGED
package/lib/auth/jwt-external.js
CHANGED
package/lib/auth/jwt.js
CHANGED
package/lib/auth/lockout.js
CHANGED
package/lib/auth/oauth.js
CHANGED
package/lib/auth/oid4vci.js
CHANGED
package/lib/auth/oid4vp.js
CHANGED
package/lib/auth/passkey.js
CHANGED
package/lib/auth/password.js
CHANGED
package/lib/auth/saml.js
CHANGED
package/lib/auth/sd-jwt-vc.js
CHANGED
package/lib/auth/status-list.js
CHANGED