@blamejs/core 0.9.14 → 0.9.15

package/lib/webhook.js

@@ -48,11 +48,11 @@
  */
 
 var nodeCrypto = require("crypto");
-var crypto = require("./crypto");
+var bCrypto = require("./crypto");
 var httpClient = require("./http-client");
 var safeBuffer = require("./safe-buffer");
 var safeUrl = require("./safe-url");
-var retry = require("./retry");
+var retryHelper = require("./retry");
 var C = require("./constants");
 var lazyRequire = require("./lazy-require");
 var numericChecks = require("./numeric-checks");
@@ -220,13 +220,13 @@ function _composeSignedString(algo, kid, timestamp, id, body) {
 // ---- Sign / verify primitives ----
 
 function _hmacSign(key, data) {
-  return crypto.hmacSha3(key, data);    // hex string
+  return bCrypto.hmacSha3(key, data);    // hex string
 }
 
 function _hmacVerify(key, data, expectedHex) {
   if (!safeBuffer.isHex(expectedHex)) return false;
-  var actualHex = crypto.hmacSha3(key, data);
-  return crypto.timingSafeEqual(actualHex, expectedHex);
+  var actualHex = bCrypto.hmacSha3(key, data);
+  return bCrypto.timingSafeEqual(actualHex, expectedHex);
 }
 
 // PQC signatures encode as base64url. SLH-DSA-SHAKE-256f signatures
@@ -242,7 +242,7 @@ function _hmacVerify(key, data, expectedHex) {
 // shaped value is decoded as hex. New signatures are emitted as
 // base64url; old hex-encoded signatures still verify.
 function _pqcSign(privateKeyPem, data) {
-  return crypto.sign(data, privateKeyPem).toString("base64url");
+  return bCrypto.sign(data, privateKeyPem).toString("base64url");
 }
 
 var _BASE64URL_RE = safeBuffer.BASE64URL_RE;
@@ -260,7 +260,7 @@ function _pqcVerify(publicKeyPem, data, expectedSig) {
       return false;
     }
   } catch (_e) { return false; }
-  try { return crypto.verify(data, sigBuf, publicKeyPem); }
+  try { return bCrypto.verify(data, sigBuf, publicKeyPem); }
   catch (_e) { return false; }
 }
 
@@ -364,9 +364,9 @@ function signer(opts) {
   var kids = _objectKeys(keys);
   var defaultKid = opts.defaultKid || kids[0];
   var sigHeader = cfg.signatureHeader;
-  var idGen = opts.idGenerator || function () { return crypto.generateToken(C.BYTES.bytes(16)); };
+  var idGen = opts.idGenerator || function () { return bCrypto.generateToken(C.BYTES.bytes(16)); };
   var nowFn = opts.now || function () { return Date.now(); };
-  var retryOpts = opts.retry || retry.DEFAULT_RETRY;
+  var retryOpts = opts.retry || retryHelper.DEFAULT_RETRY;
   var httpOpts = opts.http || {};
   var audit = opts.audit || null;
   var auditFailures = cfg.auditFailures;
@@ -452,7 +452,7 @@ function signer(opts) {
       }).host;
     } catch (_e) { hostLabel = ""; }
     try {
-      var res = await retry.withRetry(function () {
+      var res = await retryHelper.withRetry(function () {
         return httpClient.request(requestOpts);
       }, retryOpts);
       var statusCode = (res && (res.statusCode || res.status)) || 0;

package/lib/worker-pool.js

@@ -24,7 +24,7 @@
  *   var pool = b.workerPool.create("/abs/path/to/worker.js", {
  *     size:           4,
  *     maxQueueDepth:  C.BYTES.kib(1),                  // 1024 max queued tasks
- *     taskTimeoutMs:  b.constants.TIME.minutes(2),
+ *     taskTimeoutMs:  b.C.TIME.minutes(2),
  *     onExit:         function (code, workerId) { ... },
  *   });
  *   var result = await pool.run({ kind: "hash", payload: buf },
@@ -67,11 +67,11 @@
  */
 
 var os = require("node:os");
-var path = require("node:path");
+var nodePath = require("node:path");
 var lazyRequire = require("./lazy-require");
 var validateOpts = require("./validate-opts");
 var numericBounds = require("./numeric-bounds");
-var constants = require("./constants");
+var C = require("./constants");
 var { WorkerPoolError } = require("./framework-error");
 
 var audit = lazyRequire(function () { return require("./audit"); });
@@ -80,8 +80,8 @@ var MIN_SIZE = 1;
 var MAX_SIZE = 256;                                                              // allow:raw-byte-literal — sanity ceiling on worker count, not bytes
 var DEFAULT_MAX_QUEUE_DEPTH = 1024;                                              // allow:raw-byte-literal — task-queue depth, not bytes
 var MAX_QUEUE_DEPTH_CAP = 1048576;                                               // allow:raw-byte-literal — task-queue depth ceiling, not bytes
-var DEFAULT_TASK_TIMEOUT_MS = constants.TIME.minutes(5);
-var MAX_TASK_TIMEOUT_MS = constants.TIME.hours(1);
+var DEFAULT_TASK_TIMEOUT_MS = C.TIME.minutes(5);
+var MAX_TASK_TIMEOUT_MS = C.TIME.hours(1);
 
 // Refuse operator-supplied `eval`-style script paths. Worker_threads
 // supports `{ eval: true }` to spawn from a string; this primitive
@@ -90,7 +90,7 @@ var MAX_TASK_TIMEOUT_MS = constants.TIME.hours(1);
 function _validateScriptPath(scriptPath) {
   validateOpts.requireNonEmptyString(scriptPath,
     "workerPool.create: scriptPath", WorkerPoolError, "workerpool/bad-script-path");
-  if (!path.isAbsolute(scriptPath)) {
+  if (!nodePath.isAbsolute(scriptPath)) {
     throw new WorkerPoolError("workerpool/bad-script-path",
       "workerPool.create: scriptPath must be an absolute path; got " +
       JSON.stringify(scriptPath));

package/lib/ws-client.js

@@ -46,7 +46,7 @@
  */
 
 var net          = require("net");
-var url          = require("url");
+var nodeUrl      = require("url");
 var nodeCrypto   = require("crypto");
 var EventEmitter = require("events");
 
@@ -146,7 +146,7 @@ function _expectedAccept(secKey, handshakeGuid) {
 
 function _parseUrl(target) {
   var parsed;
-  try { parsed = new url.URL(target); }
+  try { parsed = new nodeUrl.URL(target); }
   catch (e) {
     throw new WsClientError("ws-client/bad-url",
       "wsClient.connect: url is malformed - " + e.message);
@@ -252,7 +252,7 @@ function connect(target, opts) {
   // rebinding TOCTOU window). Cloud-metadata IPs are unconditional
   // hard-deny — `allowInternal: true` does not bypass them.
   var hostnameForUrl = parsed.protocol === "wss:" ? "https:" : "http:";
-  var probeUrl = new url.URL(hostnameForUrl + "//" + parsed.host + parsed.pathname + parsed.search);
+  var probeUrl = new nodeUrl.URL(hostnameForUrl + "//" + parsed.host + parsed.pathname + parsed.search);
   ssrfGuard.checkUrl(probeUrl, {
     allowInternal: opts.allowInternal,
     errorClass:    WsClientError,
@@ -334,7 +334,7 @@ class WsClient extends EventEmitter {
           dialParsed = _parseUrl(nextTarget);
           dialTarget = nextTarget;
           var probeProto = dialParsed.protocol === "wss:" ? "https:" : "http:";
-          var probeUrl = new url.URL(probeProto + "//" + dialParsed.host + dialParsed.pathname + dialParsed.search);
+          var probeUrl = new nodeUrl.URL(probeProto + "//" + dialParsed.host + dialParsed.pathname + dialParsed.search);
           var probe = ssrfGuard.checkUrl(probeUrl, {
             allowInternal: opts.allowInternal,
             errorClass:    WsClientError,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/core",
-  "version": "0.9.14",
+  "version": "0.9.15",
   "description": "The Node framework that owns its stack.",
   "license": "Apache-2.0",
   "author": "blamejs contributors",

package/sbom.cdx.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:cc380387-6002-4e34-863f-7bb3090533eb",
+  "serialNumber": "urn:uuid:40df0b28-c547-4f48-9bbf-f005b59cbd1b",
   "version": 1,
   "metadata": {
-    "timestamp": "2026-05-13T20:27:26.640Z",
+    "timestamp": "2026-05-14T00:04:25.956Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -19,14 +19,14 @@
       }
     ],
     "component": {
-      "bom-ref": "@blamejs/core@0.9.14",
+      "bom-ref": "@blamejs/core@0.9.15",
       "type": "library",
       "name": "blamejs",
-      "version": "0.9.14",
+      "version": "0.9.15",
       "scope": "required",
       "author": "blamejs contributors",
       "description": "The Node framework that owns its stack.",
-      "purl": "pkg:npm/%40blamejs/core@0.9.14",
+      "purl": "pkg:npm/%40blamejs/core@0.9.15",
       "properties": [],
       "externalReferences": [
         {
@@ -54,7 +54,7 @@
   "components": [],
   "dependencies": [
     {
-      "ref": "@blamejs/core@0.9.14",
+      "ref": "@blamejs/core@0.9.15",
       "dependsOn": []
     }
   ]