@blamejs/core 0.9.12 → 0.9.15

package/lib/vault/seal-pem-file.js

@@ -19,7 +19,7 @@
  *     source:       "/etc/letsencrypt/live/example.com/privkey.pem",
  *     destination:  "/var/lib/blamejs/server.key.sealed",
  *     audit:        true,                 // default
- *     pollInterval: b.constants.TIME.seconds(2),  // fs.watchFile cadence
+ *     pollInterval: b.constants.TIME.seconds(2),  // nodeFs.watchFile cadence
  *     onResealed:   function (info) { ... }, // { srcPath, destPath, bytes,
  *                                                resealedAt, generation }
  *     onError:      function (err)  { ... }, // sealing failed
@@ -42,10 +42,10 @@
  * (rename did not happen). The recovery routine re-runs the seal from
  * source — idempotent because the source PEM is the source of truth.
  *
- * fs.watchFile semantics:
+ * nodeFs.watchFile semantics:
  *
- * Node's fs.watchFile is a polling stat() loop with the configured
- * pollInterval. It fires on mtime / size change. fs.watch (the
+ * Node's nodeFs.watchFile is a polling stat() loop with the configured
+ * pollInterval. It fires on mtime / size change. nodeFs.watch (the
  * inotify / kqueue backend) is more efficient but inconsistent across
  * platforms — single rename events surface as multiple change events
  * on Linux (events fire on the directory entry, the file, and the
@@ -54,8 +54,8 @@
  * pollInterval) is acceptable for renewal cadences measured in days.
  */
 
-var fs = require("fs");
-var path = require("path");
+var nodeFs = require("fs");
+var nodePath = require("path");
 var atomicFile = require("../atomic-file");
 var C = require("../constants");
 var lazyRequire = require("../lazy-require");
@@ -76,7 +76,7 @@ var SealPemFileError = defineClass("SealPemFileError", { alwaysPermanent: true }
 // 2-second worst-case re-seal latency — negligible against the
 // renewal cadence. Operators with sub-second-sensitive use cases
 // override via opts.pollInterval.
-// H6 #6 — fs.watchFile default cadence reduced from 2s to 500ms so a
+// H6 #6 — nodeFs.watchFile default cadence reduced from 2s to 500ms so a
 // fast renewal-then-revert (mtime bump then second bump within ~2s)
 // doesn't sneak past the watcher. Operators with extremely-quiet
 // renewal cycles can override via opts.pollInterval; the cost of
@@ -126,7 +126,7 @@ var DEFAULT_MAX_SOURCE_BYTES = C.BYTES.mib(1);
  *     source:         string,    // plaintext PEM path (required)
  *     destination:    string,    // sealed-output path (required, must differ from source)
  *     audit:          boolean,   // emit b.audit events on every reseal (default true)
- *     pollInterval:   number,    // fs.watchFile cadence in ms (default 500)
+ *     pollInterval:   number,    // nodeFs.watchFile cadence in ms (default 500)
  *     onResealed:     function,  // (info) => void — { srcPath, destPath, bytes, resealedAt, generation }
  *     onError:        function,  // (err)  => void — sealing failed
  *     maxSourceBytes: number,    // refuse source larger than this (default 1 MiB)
@@ -219,7 +219,7 @@ function sealPemFile(opts) {
     // marker create and marker remove, the marker remains on disk
     // and _recoverIfNeeded() detects it on the next start().
     var markerPath = destination + ".rewriting";
-    var destDir    = path.dirname(destination);
+    var destDir    = nodePath.dirname(destination);
     atomicFile.ensureDir(destDir);
     // H6 #4 — assert parent-dir mode. If the directory is world-
     // writable, an attacker can swap the destination file or the
@@ -229,7 +229,7 @@ function sealPemFile(opts) {
     // skip the check there.
     if (process.platform !== "win32") {
       try {
-        var dirStat = fs.statSync(destDir);
+        var dirStat = nodeFs.statSync(destDir);
         if ((dirStat.mode & 0o022) !== 0) {                                       // allow:raw-byte-literal — POSIX mode mask
           throw new SealPemFileError("seal-pem-file/parent-dir-writable",
             "destination parent dir '" + destDir + "' is group/other-writable " +
@@ -242,23 +242,23 @@ function sealPemFile(opts) {
       }
     }
     var sealed = vault().seal(plaintextBytes);
-    fs.writeFileSync(markerPath, String(Date.now()), { mode: 0o600 });   // allow:raw-byte-literal — POSIX file mode
+    nodeFs.writeFileSync(markerPath, String(Date.now()), { mode: 0o600 });   // allow:raw-byte-literal — POSIX file mode
     try {
       atomicFile.writeSync(destination, sealed, { fileMode: 0o600 });    // allow:raw-byte-literal — POSIX file mode
     } catch (e) {
-      try { fs.unlinkSync(markerPath); } catch (_e) { /* best-effort */ }
+      try { nodeFs.unlinkSync(markerPath); } catch (_e) { /* best-effort */ }
       throw e;
     }
-    try { fs.unlinkSync(markerPath); } catch (_e) { /* marker cleanup best-effort */ }
+    try { nodeFs.unlinkSync(markerPath); } catch (_e) { /* marker cleanup best-effort */ }
     // H6 #5 — fsync the destination directory so the rename + marker
     // unlink survive a power loss. Crash + backup-snapshot edge case:
     // without dir-fsync, a journaled fs may have the new file inode
     // but not the directory entry update by the time the snapshot
     // reads.
     try {
-      var dirFd = fs.openSync(destDir, "r");
-      try { fs.fsyncSync(dirFd); }
-      finally { fs.closeSync(dirFd); }
+      var dirFd = nodeFs.openSync(destDir, "r");
+      try { nodeFs.fsyncSync(dirFd); }
+      finally { nodeFs.closeSync(dirFd); }
     } catch (_e) { /* dir fsync best-effort — Windows / non-POSIX may refuse */ }
   }
 
@@ -267,14 +267,14 @@ function sealPemFile(opts) {
     resealing = true;
     var plaintext = null;
     try {
-      // H6 #1 — bounded read. fs.readFileSync without a size cap on a
+      // H6 #1 — bounded read. nodeFs.readFileSync without a size cap on a
       // file the operator's renewal process writes is an OOM vector.
-      // H6 #3 — symlink TOCTOU defense. Open the file via fs.openSync
+      // H6 #3 — symlink TOCTOU defense. Open the file via nodeFs.openSync
       // with O_NOFOLLOW where possible; lstat first to verify the
       // source isn't a symlink we don't expect, then read via fd so
       // a swap-after-stat doesn't change which bytes we read.
       try {
-        var lstat = fs.lstatSync(source);
+        var lstat = nodeFs.lstatSync(source);
         if (lstat.isSymbolicLink()) {
           throw new SealPemFileError("seal-pem-file/symlink-refused",
             "source is a symlink (refused; follow + re-stat opens TOCTOU)");
@@ -283,9 +283,9 @@ function sealPemFile(opts) {
           throw new SealPemFileError("seal-pem-file/source-too-large",
             "source size " + lstat.size + " exceeds maxSourceBytes " + maxSourceBytes);
         }
-        var fd = fs.openSync(source, "r");
+        var fd = nodeFs.openSync(source, "r");
         try {
-          var fstat = fs.fstatSync(fd);
+          var fstat = nodeFs.fstatSync(fd);
           // H6 #3 — confirm the fd points at the same inode lstat saw.
           if (fstat.ino !== lstat.ino || fstat.size > maxSourceBytes) {
             throw new SealPemFileError("seal-pem-file/toctou-detected",
@@ -294,7 +294,7 @@ function sealPemFile(opts) {
           plaintext = Buffer.alloc(fstat.size);
           var read = 0;
           while (read < fstat.size) {
-            var n = fs.readSync(fd, plaintext, read, fstat.size - read, null);
+            var n = nodeFs.readSync(fd, plaintext, read, fstat.size - read, null);
             if (n === 0) break;
             read += n;
           }
@@ -303,7 +303,7 @@ function sealPemFile(opts) {
               "short read: " + read + " of " + fstat.size + " bytes");
           }
         } finally {
-          try { fs.closeSync(fd); } catch (_e) { /* close best-effort */ }
+          try { nodeFs.closeSync(fd); } catch (_e) { /* close best-effort */ }
         }
       }
       catch (e) {
@@ -390,7 +390,7 @@ function sealPemFile(opts) {
   // reseal was interrupted. Re-seal from source idempotently.
   function _recoverIfNeeded() {
     var markerPath = destination + ".rewriting";
-    if (fs.existsSync(markerPath)) {
+    if (nodeFs.existsSync(markerPath)) {
       log.info("vault.sealPemFile: recovery — marker '" + markerPath +
         "' present from prior crashed reseal; re-sealing from source");
       _emitAudit("recovery_started", "success", {
@@ -414,7 +414,7 @@ function sealPemFile(opts) {
         _resealNow();
       }
     };
-    fs.watchFile(source, { persistent: false, interval: pollInterval }, listener);
+    nodeFs.watchFile(source, { persistent: false, interval: pollInterval }, listener);
     watching = true;
     _emitAudit("watch_started", "success", {
       source:       source,
@@ -425,7 +425,7 @@ function sealPemFile(opts) {
 
   function stop() {
     if (!watching) return;
-    fs.unwatchFile(source, listener);
+    nodeFs.unwatchFile(source, listener);
     listener = null;
     watching = false;
     _emitAudit("watch_stopped", "success", {

package/lib/watcher.js

@@ -3,7 +3,7 @@
  * b.watcher — recursive filesystem-watch primitive with cross-platform
  * event normalization.
  *
- * Wraps `fs.watch(root, { recursive: true })` and turns the per-platform
+ * Wraps `nodeFs.watch(root, { recursive: true })` and turns the per-platform
  * event soup (Linux inotify "rename" + "change", macOS FSEvents
  * coalesced "rename", Windows ReadDirectoryChangesW pure "rename" /
  * "change") into a single shape:
@@ -15,7 +15,7 @@
  * `type` is one of "file" or "dir". The watcher is build-tool-shaped:
  * use it to drive incremental rebuilds, hot-reload-on-change,
  * config-file watching, or content-store cache busts. It is NOT a
- * security primitive — fs.watch is best-effort across kernels and the
+ * security primitive — nodeFs.watch is best-effort across kernels and the
  * caller must not rely on it for audit-grade change detection.
  *
  * Cross-platform notes baked in:
@@ -45,8 +45,8 @@
  *   watcher.WatcherError
  */
 
-var fs   = require("fs");
-var path = require("path");
+var nodeFs   = require("fs");
+var nodePath = require("path");
 var lazyRequire = require("./lazy-require");
 var validateOpts = require("./validate-opts");
 var { WatcherError } = require("./framework-error");
@@ -56,7 +56,7 @@ var observability = lazyRequire(function () { return require("./observability");
 
 var DEFAULT_DEBOUNCE_MS = 100;
 // Polling-mode defaults. The polling backend exists for environments
-// where fs.watch's native events don't reach userspace — most commonly
+// where nodeFs.watch's native events don't reach userspace — most commonly
 // Docker Desktop bind-mounts on Windows / macOS hosts (where the
 // inotify events from the Linux container's mount don't propagate
 // through the gRPC-FUSE / VirtioFS bridge to the host fs), or NFS /
@@ -166,8 +166,8 @@ function _compileIgnore(patterns) {
     }
   }
   return function (relPath) {
-    var base = path.basename(relPath);
-    var normalized = relPath.split(path.sep).join("/");
+    var base = nodePath.basename(relPath);
+    var normalized = relPath.split(nodePath.sep).join("/");
     for (var j = 0; j < compiled.length; j += 1) {
       var c = compiled[j];
       if (c.kind === "exact" && (c.value === relPath || c.value === normalized)) return true;
@@ -212,7 +212,7 @@ function _validateOpts(opts) {
 function create(opts) {
   _validateOpts(opts);
 
-  var root        = path.resolve(opts.root);
+  var root        = nodePath.resolve(opts.root);
   var debounceMs  = (opts.debounceMs !== undefined) ? opts.debounceMs : DEFAULT_DEBOUNCE_MS;
   var maxPending  = (opts.maxPending !== undefined) ? opts.maxPending : DEFAULT_MAX_PENDING;
   var mode        = opts.mode || "fs";
@@ -226,7 +226,7 @@ function create(opts) {
 
   // Pre-flight: root must exist and be a directory.
   var rootStat;
-  try { rootStat = fs.statSync(root); }
+  try { rootStat = nodeFs.statSync(root); }
   catch (e) {
     throw new WatcherError("watcher/root-missing",
       "watcher.create: root '" + root + "' is not accessible: " + ((e && e.message) || String(e)));
@@ -260,10 +260,10 @@ function create(opts) {
   function _normalizeAndDispatch(relPath) {
     if (stopped) return;
     if (isIgnored(relPath)) return;
-    var fullPath = path.join(root, relPath);
+    var fullPath = nodePath.join(root, relPath);
     // lstat (NOT stat) — refuses to follow symlinks out of root.
     var lst;
-    try { lst = fs.lstatSync(fullPath); }
+    try { lst = nodeFs.lstatSync(fullPath); }
     catch (e) {
       if (e && e.code === "ENOENT") {
         // Path is gone — delete event. Type unknown by the time we
@@ -335,9 +335,9 @@ function create(opts) {
     var stack = [""];
     while (stack.length > 0) {
       var relDir = stack.pop();
-      var absDir = relDir === "" ? root : path.join(root, relDir);
+      var absDir = relDir === "" ? root : nodePath.join(root, relDir);
       var entries;
-      try { entries = fs.readdirSync(absDir, { withFileTypes: true }); }
+      try { entries = nodeFs.readdirSync(absDir, { withFileTypes: true }); }
       catch (_e) {
         // Root vanished mid-walk OR an inner dir got deleted between
         // the parent listing and the descent. Skip — the next tick's
@@ -348,8 +348,8 @@ function create(opts) {
         var entry = entries[i];
         var relPath = relDir === "" ? entry.name : (relDir + "/" + entry.name);
         // Normalize to forward-slash so glob ignore-matching is
-        // consistent with the fs.watch path the operator's hooks see.
-        relPath = relPath.split(path.sep).join("/");
+        // consistent with the nodeFs.watch path the operator's hooks see.
+        relPath = relPath.split(nodePath.sep).join("/");
         if (isIgnored(relPath)) continue;
         if (entry.isSymbolicLink()) continue;            // never follow symlinks
         fileCount += 1;
@@ -358,9 +358,9 @@ function create(opts) {
             "watcher.poll: tree exceeds pollMaxFiles=" + pollMaxFiles +
             " — narrow `ignore` patterns OR raise pollMaxFiles, OR switch to mode: \"fs\"");
         }
-        var absPath = path.join(absDir, entry.name);
+        var absPath = nodePath.join(absDir, entry.name);
         var st;
-        try { st = fs.statSync(absPath); }
+        try { st = nodeFs.statSync(absPath); }
         catch (_e) { continue; }                          // race — entry vanished
         if (entry.isDirectory()) {
           snapshot.set(relPath, { type: "dir", size: 0, mtimeMs: st.mtimeMs });
@@ -382,13 +382,13 @@ function create(opts) {
     if (pollSnapshot === null) {
       // First tick — establish the baseline without firing events.
       // Operators get add events on file CREATION after start, not on
-      // pre-existing files (matches fs.watch semantics).
+      // pre-existing files (matches nodeFs.watch semantics).
       pollSnapshot = next;
       return;
     }
     // Diff: anything in `next` not in `pollSnapshot`, OR with size /
     // mtimeMs different, fires onChange via the same _enqueue path the
-    // fs.watch backend uses (so debounce + ignore + lstat dispatch
+    // nodeFs.watch backend uses (so debounce + ignore + lstat dispatch
     // stay uniform). Anything in `pollSnapshot` missing from `next`
     // fires onDelete (via _normalizeAndDispatch's ENOENT branch).
     next.forEach(function (info, relPath) {
@@ -416,12 +416,12 @@ function create(opts) {
     if (typeof pollTimer.unref === "function") pollTimer.unref();
   } else {
     try {
-      watcherHandle = fs.watch(root, { recursive: true, persistent: true }, function (eventType, filename) {
+      watcherHandle = nodeFs.watch(root, { recursive: true, persistent: true }, function (eventType, filename) {
         if (stopped) return;
         if (!filename) return;
         var rel = filename;
-        if (path.isAbsolute(rel) && rel.indexOf(root) === 0) {
-          rel = path.relative(root, rel);
+        if (nodePath.isAbsolute(rel) && rel.indexOf(root) === 0) {
+          rel = nodePath.relative(root, rel);
         }
         if (rel === "" || rel === ".") return;
         _enqueue(rel);
@@ -434,7 +434,7 @@ function create(opts) {
           ((e && e.message) || String(e)) + " — pass mode: \"poll\" to fall back to interval polling");
       }
       throw new WatcherError("watcher/start-failed",
-        "watcher.create: fs.watch failed: " + ((e && e.message) || String(e)));
+        "watcher.create: nodeFs.watch failed: " + ((e && e.message) || String(e)));
     }
   }
 

package/lib/webhook.js

@@ -48,11 +48,11 @@
  */
 
 var nodeCrypto = require("crypto");
-var crypto = require("./crypto");
+var bCrypto = require("./crypto");
 var httpClient = require("./http-client");
 var safeBuffer = require("./safe-buffer");
 var safeUrl = require("./safe-url");
-var retry = require("./retry");
+var retryHelper = require("./retry");
 var C = require("./constants");
 var lazyRequire = require("./lazy-require");
 var numericChecks = require("./numeric-checks");
@@ -220,13 +220,13 @@ function _composeSignedString(algo, kid, timestamp, id, body) {
 // ---- Sign / verify primitives ----
 
 function _hmacSign(key, data) {
-  return crypto.hmacSha3(key, data);    // hex string
+  return bCrypto.hmacSha3(key, data);    // hex string
 }
 
 function _hmacVerify(key, data, expectedHex) {
   if (!safeBuffer.isHex(expectedHex)) return false;
-  var actualHex = crypto.hmacSha3(key, data);
-  return crypto.timingSafeEqual(actualHex, expectedHex);
+  var actualHex = bCrypto.hmacSha3(key, data);
+  return bCrypto.timingSafeEqual(actualHex, expectedHex);
 }
 
 // PQC signatures encode as base64url. SLH-DSA-SHAKE-256f signatures
@@ -242,7 +242,7 @@ function _hmacVerify(key, data, expectedHex) {
 // shaped value is decoded as hex. New signatures are emitted as
 // base64url; old hex-encoded signatures still verify.
 function _pqcSign(privateKeyPem, data) {
-  return crypto.sign(data, privateKeyPem).toString("base64url");
+  return bCrypto.sign(data, privateKeyPem).toString("base64url");
 }
 
 var _BASE64URL_RE = safeBuffer.BASE64URL_RE;
@@ -260,7 +260,7 @@ function _pqcVerify(publicKeyPem, data, expectedSig) {
       return false;
     }
   } catch (_e) { return false; }
-  try { return crypto.verify(data, sigBuf, publicKeyPem); }
+  try { return bCrypto.verify(data, sigBuf, publicKeyPem); }
   catch (_e) { return false; }
 }
 
@@ -364,9 +364,9 @@ function signer(opts) {
   var kids = _objectKeys(keys);
   var defaultKid = opts.defaultKid || kids[0];
   var sigHeader = cfg.signatureHeader;
-  var idGen = opts.idGenerator || function () { return crypto.generateToken(C.BYTES.bytes(16)); };
+  var idGen = opts.idGenerator || function () { return bCrypto.generateToken(C.BYTES.bytes(16)); };
   var nowFn = opts.now || function () { return Date.now(); };
-  var retryOpts = opts.retry || retry.DEFAULT_RETRY;
+  var retryOpts = opts.retry || retryHelper.DEFAULT_RETRY;
   var httpOpts = opts.http || {};
   var audit = opts.audit || null;
   var auditFailures = cfg.auditFailures;
@@ -452,7 +452,7 @@ function signer(opts) {
       }).host;
     } catch (_e) { hostLabel = ""; }
     try {
-      var res = await retry.withRetry(function () {
+      var res = await retryHelper.withRetry(function () {
         return httpClient.request(requestOpts);
       }, retryOpts);
       var statusCode = (res && (res.statusCode || res.status)) || 0;

package/lib/worker-pool.js

@@ -24,7 +24,7 @@
  *   var pool = b.workerPool.create("/abs/path/to/worker.js", {
  *     size:           4,
  *     maxQueueDepth:  C.BYTES.kib(1),                  // 1024 max queued tasks
- *     taskTimeoutMs:  b.constants.TIME.minutes(2),
+ *     taskTimeoutMs:  b.C.TIME.minutes(2),
  *     onExit:         function (code, workerId) { ... },
  *   });
  *   var result = await pool.run({ kind: "hash", payload: buf },
@@ -67,11 +67,11 @@
  */
 
 var os = require("node:os");
-var path = require("node:path");
+var nodePath = require("node:path");
 var lazyRequire = require("./lazy-require");
 var validateOpts = require("./validate-opts");
 var numericBounds = require("./numeric-bounds");
-var constants = require("./constants");
+var C = require("./constants");
 var { WorkerPoolError } = require("./framework-error");
 
 var audit = lazyRequire(function () { return require("./audit"); });
@@ -80,8 +80,8 @@ var MIN_SIZE = 1;
 var MAX_SIZE = 256;                                                              // allow:raw-byte-literal — sanity ceiling on worker count, not bytes
 var DEFAULT_MAX_QUEUE_DEPTH = 1024;                                              // allow:raw-byte-literal — task-queue depth, not bytes
 var MAX_QUEUE_DEPTH_CAP = 1048576;                                               // allow:raw-byte-literal — task-queue depth ceiling, not bytes
-var DEFAULT_TASK_TIMEOUT_MS = constants.TIME.minutes(5);
-var MAX_TASK_TIMEOUT_MS = constants.TIME.hours(1);
+var DEFAULT_TASK_TIMEOUT_MS = C.TIME.minutes(5);
+var MAX_TASK_TIMEOUT_MS = C.TIME.hours(1);
 
 // Refuse operator-supplied `eval`-style script paths. Worker_threads
 // supports `{ eval: true }` to spawn from a string; this primitive
@@ -90,7 +90,7 @@ var MAX_TASK_TIMEOUT_MS = constants.TIME.hours(1);
 function _validateScriptPath(scriptPath) {
   validateOpts.requireNonEmptyString(scriptPath,
     "workerPool.create: scriptPath", WorkerPoolError, "workerpool/bad-script-path");
-  if (!path.isAbsolute(scriptPath)) {
+  if (!nodePath.isAbsolute(scriptPath)) {
     throw new WorkerPoolError("workerpool/bad-script-path",
       "workerPool.create: scriptPath must be an absolute path; got " +
       JSON.stringify(scriptPath));

package/lib/ws-client.js

@@ -46,7 +46,7 @@
  */
 
 var net          = require("net");
-var url          = require("url");
+var nodeUrl      = require("url");
 var nodeCrypto   = require("crypto");
 var EventEmitter = require("events");
 
@@ -146,7 +146,7 @@ function _expectedAccept(secKey, handshakeGuid) {
 
 function _parseUrl(target) {
   var parsed;
-  try { parsed = new url.URL(target); }
+  try { parsed = new nodeUrl.URL(target); }
   catch (e) {
     throw new WsClientError("ws-client/bad-url",
       "wsClient.connect: url is malformed - " + e.message);
@@ -252,7 +252,7 @@ function connect(target, opts) {
   // rebinding TOCTOU window). Cloud-metadata IPs are unconditional
   // hard-deny — `allowInternal: true` does not bypass them.
   var hostnameForUrl = parsed.protocol === "wss:" ? "https:" : "http:";
-  var probeUrl = new url.URL(hostnameForUrl + "//" + parsed.host + parsed.pathname + parsed.search);
+  var probeUrl = new nodeUrl.URL(hostnameForUrl + "//" + parsed.host + parsed.pathname + parsed.search);
   ssrfGuard.checkUrl(probeUrl, {
     allowInternal: opts.allowInternal,
     errorClass:    WsClientError,
@@ -334,7 +334,7 @@ class WsClient extends EventEmitter {
           dialParsed = _parseUrl(nextTarget);
           dialTarget = nextTarget;
           var probeProto = dialParsed.protocol === "wss:" ? "https:" : "http:";
-          var probeUrl = new url.URL(probeProto + "//" + dialParsed.host + dialParsed.pathname + dialParsed.search);
+          var probeUrl = new nodeUrl.URL(probeProto + "//" + dialParsed.host + dialParsed.pathname + dialParsed.search);
           var probe = ssrfGuard.checkUrl(probeUrl, {
             allowInternal: opts.allowInternal,
             errorClass:    WsClientError,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/core",
-  "version": "0.9.12",
+  "version": "0.9.15",
   "description": "The Node framework that owns its stack.",
   "license": "Apache-2.0",
   "author": "blamejs contributors",

package/sbom.cdx.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:d4b77800-e22b-4c36-be2e-cecdcb0c34da",
+  "serialNumber": "urn:uuid:40df0b28-c547-4f48-9bbf-f005b59cbd1b",
   "version": 1,
   "metadata": {
-    "timestamp": "2026-05-13T16:54:10.092Z",
+    "timestamp": "2026-05-14T00:04:25.956Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -19,14 +19,14 @@
       }
     ],
     "component": {
-      "bom-ref": "@blamejs/core@0.9.12",
+      "bom-ref": "@blamejs/core@0.9.15",
       "type": "library",
       "name": "blamejs",
-      "version": "0.9.12",
+      "version": "0.9.15",
       "scope": "required",
       "author": "blamejs contributors",
       "description": "The Node framework that owns its stack.",
-      "purl": "pkg:npm/%40blamejs/core@0.9.12",
+      "purl": "pkg:npm/%40blamejs/core@0.9.15",
       "properties": [],
       "externalReferences": [
         {
@@ -54,7 +54,7 @@
   "components": [],
   "dependencies": [
     {
-      "ref": "@blamejs/core@0.9.12",
+      "ref": "@blamejs/core@0.9.15",
       "dependsOn": []
     }
   ]