@blamejs/core 0.9.14 → 0.9.16

package/lib/restore-rollback.js

@@ -6,7 +6,7 @@
  *
  * @intro
  *   Backup-restore safety net — atomic dataDir swap with a versioned
- *   rollback path. The primitive `b.restore` calls to put a
+ *   rollback nodePath. The primitive `b.restore` calls to put a
  *   freshly-decrypted bundle into place: filesystem rename is atomic
  *   on POSIX (and on Windows when nothing has the dir open), so the
  *   swap either fully completes or the previous `dataDir` is
@@ -39,14 +39,14 @@
  *   corrupting state.
  *
  * @card
- *   Backup-restore safety net — atomic dataDir swap with a versioned rollback path.
+ *   Backup-restore safety net — atomic dataDir swap with a versioned rollback nodePath.
  */
 
-var fs = require("fs");
-var path = require("path");
+var nodeFs = require("fs");
+var nodePath = require("path");
 var atomicFile = require("./atomic-file");
 var C = require("./constants");
-var nb = require("./numeric-bounds");
+var numericBounds = require("./numeric-bounds");
 var safeJson = require("./safe-json");
 var { defineClass } = require("./framework-error");
 
@@ -94,7 +94,7 @@ function _resolveRollbackRoot(opts) {
  */
 function swap(opts) {
   opts = opts || {};
-  if (typeof opts.stagingDir !== "string" || !fs.existsSync(opts.stagingDir)) {
+  if (typeof opts.stagingDir !== "string" || !nodeFs.existsSync(opts.stagingDir)) {
     throw new RestoreRollbackError("restore-rollback/no-staging",
       "swap: opts.stagingDir is required and must exist");
   }
@@ -106,20 +106,20 @@ function swap(opts) {
   atomicFile.ensureDir(rollbackRoot);
 
   var swappedAt = atomicFile.pathTimestamp();
-  var rollbackPath = path.join(rollbackRoot, swappedAt);
-  var markerPath = path.join(rollbackRoot, swappedAt + ".marker.json");
+  var rollbackPath = nodePath.join(rollbackRoot, swappedAt);
+  var markerPath = nodePath.join(rollbackRoot, swappedAt + ".marker.json");
 
-  if (fs.existsSync(rollbackPath) || fs.existsSync(markerPath)) {
+  if (nodeFs.existsSync(rollbackPath) || nodeFs.existsSync(markerPath)) {
     throw new RestoreRollbackError("restore-rollback/collision",
       "swap: a rollback at " + rollbackPath + " already exists — refusing to overwrite");
   }
 
-  var hadDataDir = fs.existsSync(opts.dataDir);
+  var hadDataDir = nodeFs.existsSync(opts.dataDir);
 
-  // Step 1: rename current dataDir → rollback path. Skipped on first
+  // Step 1: rename current dataDir → rollback nodePath. Skipped on first
   // restore (no existing dataDir).
   if (hadDataDir) {
-    try { fs.renameSync(opts.dataDir, rollbackPath); }
+    try { nodeFs.renameSync(opts.dataDir, rollbackPath); }
     catch (e) {
       throw new RestoreRollbackError("restore-rollback/rename-existing-failed",
         "swap: could not move existing dataDir to rollback: " + ((e && e.message) || String(e)));
@@ -127,11 +127,11 @@ function swap(opts) {
   }
 
   // Step 2: rename staging → dataDir
-  try { fs.renameSync(opts.stagingDir, opts.dataDir); }
+  try { nodeFs.renameSync(opts.stagingDir, opts.dataDir); }
   catch (e) {
     // Step 2 failed — try to undo step 1 so the operator's dataDir is back
     if (hadDataDir) {
-      try { fs.renameSync(rollbackPath, opts.dataDir); }
+      try { nodeFs.renameSync(rollbackPath, opts.dataDir); }
       catch (_e) { /* dataDir is now in rollbackPath; operator must recover manually */ }
     }
     throw new RestoreRollbackError("restore-rollback/rename-staging-failed",
@@ -148,7 +148,7 @@ function swap(opts) {
     operator:     opts.marker || null,
   };
   try {
-    fs.writeFileSync(markerPath, JSON.stringify(marker, null, 2) + "\n", { mode: 0o600 });
+    nodeFs.writeFileSync(markerPath, JSON.stringify(marker, null, 2) + "\n", { mode: 0o600 });
   } catch (_e) { /* marker write is best-effort */ }
 
   return {
@@ -193,19 +193,19 @@ async function rollback(opts) {
     throw new RestoreRollbackError("restore-rollback/no-datadir",
       "rollback: opts.dataDir is required");
   }
-  if (typeof opts.rollbackPath !== "string" || !fs.existsSync(opts.rollbackPath)) {
+  if (typeof opts.rollbackPath !== "string" || !nodeFs.existsSync(opts.rollbackPath)) {
     throw new RestoreRollbackError("restore-rollback/no-rollback",
       "rollback: opts.rollbackPath is required and must exist");
   }
 
   // Move the current dataDir aside (so the rollback's rename target is empty)
   var discardedAt = null;
-  if (fs.existsSync(opts.dataDir)) {
+  if (nodeFs.existsSync(opts.dataDir)) {
     var rollbackRoot = _resolveRollbackRoot(opts);
     atomicFile.ensureDir(rollbackRoot);
     discardedAt = atomicFile.pathTimestamp();
-    var discardedPath = path.join(rollbackRoot, "discarded-" + discardedAt);
-    try { fs.renameSync(opts.dataDir, discardedPath); }
+    var discardedPath = nodePath.join(rollbackRoot, "discarded-" + discardedAt);
+    try { nodeFs.renameSync(opts.dataDir, discardedPath); }
     catch (e) {
       throw new RestoreRollbackError("restore-rollback/rename-existing-failed",
         "rollback: could not move current dataDir aside: " + ((e && e.message) || String(e)));
@@ -214,7 +214,7 @@ async function rollback(opts) {
   }
 
   // Rename the rollback dir back into dataDir's place
-  try { fs.renameSync(opts.rollbackPath, opts.dataDir); }
+  try { nodeFs.renameSync(opts.rollbackPath, opts.dataDir); }
   catch (e) {
     throw new RestoreRollbackError("restore-rollback/rollback-rename-failed",
       "rollback: could not move rollback into dataDir: " + ((e && e.message) || String(e)) +
@@ -223,7 +223,7 @@ async function rollback(opts) {
 
   // Best-effort: clean up the marker file alongside the rollback path
   var markerPath = opts.rollbackPath + ".marker.json";
-  try { if (fs.existsSync(markerPath)) fs.unlinkSync(markerPath); }
+  try { if (nodeFs.existsSync(markerPath)) nodeFs.unlinkSync(markerPath); }
   catch (_e) { /* marker cleanup is best-effort */ }
 
   return {
@@ -258,22 +258,22 @@ async function rollback(opts) {
 function list(opts) {
   opts = opts || {};
   var rollbackRoot = _resolveRollbackRoot(opts);
-  if (!fs.existsSync(rollbackRoot)) return [];
-  var entries = fs.readdirSync(rollbackRoot, { withFileTypes: true });
+  if (!nodeFs.existsSync(rollbackRoot)) return [];
+  var entries = nodeFs.readdirSync(rollbackRoot, { withFileTypes: true });
   var out = [];
   for (var i = 0; i < entries.length; i++) {
     if (!entries[i].isDirectory()) continue;
     var name = entries[i].name;
     if (name.indexOf("discarded-") === 0) continue; // discarded dirs aren't restore points
-    var p = path.join(rollbackRoot, name);
+    var p = nodePath.join(rollbackRoot, name);
     var markerPath = p + ".marker.json";
     var marker = null;
-    if (fs.existsSync(markerPath)) {
-      try { marker = safeJson.parse(fs.readFileSync(markerPath, "utf8"), { maxBytes: C.BYTES.kib(64) }); }
+    if (nodeFs.existsSync(markerPath)) {
+      try { marker = safeJson.parse(nodeFs.readFileSync(markerPath, "utf8"), { maxBytes: C.BYTES.kib(64) }); }
       catch (_e) { marker = null; }
     }
     var stat;
-    try { stat = fs.statSync(p); } catch (_e) { continue; }
+    try { stat = nodeFs.statSync(p); } catch (_e) { continue; }
     out.push({
       rollbackPath: p,
       swappedAt:    (marker && marker.swappedAt) || stat.mtime.toISOString(),
@@ -311,18 +311,18 @@ function list(opts) {
  */
 function purge(opts) {
   opts = opts || {};
-  nb.requireNonNegativeFiniteIntIfPresent(opts.keep,
+  numericBounds.requireNonNegativeFiniteIntIfPresent(opts.keep,
     "restore-rollback.purge: opts.keep", RestoreRollbackError, "restore-rollback/bad-keep");
   var keep = opts.keep !== undefined ? opts.keep : 0;
   var rollbackRoot = _resolveRollbackRoot(opts);
-  if (!fs.existsSync(rollbackRoot)) return { kept: keep, deleted: [] };
+  if (!nodeFs.existsSync(rollbackRoot)) return { kept: keep, deleted: [] };
   // Always sweep "discarded-*" dirs — they're never restore points
-  var entries = fs.readdirSync(rollbackRoot, { withFileTypes: true });
+  var entries = nodeFs.readdirSync(rollbackRoot, { withFileTypes: true });
   var deleted = [];
   for (var i = 0; i < entries.length; i++) {
     if (entries[i].isDirectory() && entries[i].name.indexOf("discarded-") === 0) {
-      var p = path.join(rollbackRoot, entries[i].name);
-      try { fs.rmSync(p, { recursive: true, force: true }); deleted.push(p); }
+      var p = nodePath.join(rollbackRoot, entries[i].name);
+      try { nodeFs.rmSync(p, { recursive: true, force: true }); deleted.push(p); }
       catch (_e) { /* best-effort */ }
     }
   }
@@ -333,9 +333,9 @@ function purge(opts) {
   for (var j = 0; j < toDelete.length; j++) {
     var rbPath = toDelete[j].rollbackPath;
     var mkPath = rbPath + ".marker.json";
-    try { fs.rmSync(rbPath, { recursive: true, force: true }); deleted.push(rbPath); }
+    try { nodeFs.rmSync(rbPath, { recursive: true, force: true }); deleted.push(rbPath); }
     catch (_e) { /* best-effort */ }
-    try { if (fs.existsSync(mkPath)) fs.unlinkSync(mkPath); }
+    try { if (nodeFs.existsSync(mkPath)) nodeFs.unlinkSync(mkPath); }
     catch (_e) { /* best-effort */ }
   }
   return { kept: keep, deleted: deleted };

package/lib/restore.js

@@ -51,11 +51,11 @@
  *     manual recovery)
  */
 
-var fs = require("fs");
+var nodeFs = require("fs");
 var os = require("os");
-var path = require("path");
+var nodePath = require("path");
 var C = require("./constants");
-var crypto = require("./crypto");
+var bCrypto = require("./crypto");
 var numericChecks = require("./numeric-checks");
 var restoreBundle = require("./restore-bundle");
 var restoreRollback = require("./restore-rollback");
@@ -128,11 +128,11 @@ function create(opts) {
     while (stack.length > 0) {
       var current = stack.pop();
       var entries;
-      try { entries = fs.readdirSync(current, { withFileTypes: true }); }
+      try { entries = nodeFs.readdirSync(current, { withFileTypes: true }); }
       catch (_e) { continue; }
       for (var i = 0; i < entries.length; i++) {
         var entry = entries[i];
-        var full = path.join(current, entry.name);
+        var full = nodePath.join(current, entry.name);
         if (entry.isDirectory()) {
           stack.push(full);
         } else if (entry.isFile()) {
@@ -141,7 +141,7 @@ function create(opts) {
             return { tooManyFiles: true, fileCount: fileCount };
           }
           try {
-            totalBytes += fs.statSync(full).size;
+            totalBytes += nodeFs.statSync(full).size;
             if (totalBytes > maxPulledBytes) {
               return { tooManyBytes: true, totalBytes: totalBytes };
             }
@@ -200,8 +200,8 @@ function create(opts) {
         "inspect: bundle '" + bundleId + "' not in storage");
     }
     await _preflightBundleSize(bundleId);
-    var pullDir = path.join(os.tmpdir(),
-      "blamejs-restore-inspect-" + crypto.generateToken(4));
+    var pullDir = nodePath.join(os.tmpdir(),
+      "blamejs-restore-inspect-" + bCrypto.generateToken(4));
     try {
       await storage.readBundle(bundleId, pullDir);
       var pulled = _walkPullDirFootprint(pullDir);
@@ -217,7 +217,7 @@ function create(opts) {
       }
       return restoreBundle.inspect({ bundleDir: pullDir });
     } finally {
-      try { fs.rmSync(pullDir, { recursive: true, force: true }); } catch (_e) { /* best-effort tmpdir cleanup */ }
+      try { nodeFs.rmSync(pullDir, { recursive: true, force: true }); } catch (_e) { /* best-effort tmpdir cleanup */ }
     }
   }
 
@@ -234,13 +234,13 @@ function create(opts) {
         "run: bundle '" + bundleId + "' not in storage");
     }
 
-    var pullId = crypto.generateToken(4);
-    var pullDir    = path.join(os.tmpdir(), "blamejs-restore-pull-"    + pullId);
-    var stagingDir = path.join(os.tmpdir(), "blamejs-restore-staging-" + pullId);
+    var pullId = bCrypto.generateToken(4);
+    var pullDir    = nodePath.join(os.tmpdir(), "blamejs-restore-pull-"    + pullId);
+    var stagingDir = nodePath.join(os.tmpdir(), "blamejs-restore-staging-" + pullId);
 
     function _cleanupTmp() {
-      try { fs.rmSync(pullDir,    { recursive: true, force: true }); } catch (_e) { /* best-effort tmpdir cleanup */ }
-      try { fs.rmSync(stagingDir, { recursive: true, force: true }); } catch (_e) { /* best-effort tmpdir cleanup */ }
+      try { nodeFs.rmSync(pullDir,    { recursive: true, force: true }); } catch (_e) { /* best-effort tmpdir cleanup */ }
+      try { nodeFs.rmSync(stagingDir, { recursive: true, force: true }); } catch (_e) { /* best-effort tmpdir cleanup */ }
     }
 
     // 1. Pull bundle out of storage
@@ -319,7 +319,7 @@ function create(opts) {
     } catch (e) {
       // Pull dir is safe to clean (the source bundle is in storage);
       // staging stays for manual recovery.
-      try { fs.rmSync(pullDir, { recursive: true, force: true }); } catch (_e) { /* best-effort tmpdir cleanup */ }
+      try { nodeFs.rmSync(pullDir, { recursive: true, force: true }); } catch (_e) { /* best-effort tmpdir cleanup */ }
       _emitAudit("restore.failure",
         { bundleId: bundleId, reason: "swap: " + ((e && e.message) || String(e)) },
         "failure");
@@ -331,7 +331,7 @@ function create(opts) {
     }
 
     // 4. Clean up the pull dir (source bundle still in storage)
-    try { fs.rmSync(pullDir, { recursive: true, force: true }); } catch (_e) { /* best-effort tmpdir cleanup */ }
+    try { nodeFs.rmSync(pullDir, { recursive: true, force: true }); } catch (_e) { /* best-effort tmpdir cleanup */ }
 
     var summary = {
       bundleId:     bundleId,

package/lib/router.js

@@ -34,8 +34,8 @@
  */
 var http  = require("http");
 var http2 = require("http2");
-var fs = require("fs");
-var path = require("path");
+var nodeFs = require("fs");
+var nodePath = require("path");
 var C = require("./constants");
 var requestHelpers = require("./request-helpers");
 var lazyRequire = require("./lazy-require");
@@ -46,11 +46,11 @@ var websocket = require("./websocket");
 var { boot } = require("./log");
 var { RouterError } = require("./framework-error");
 
-var auditFwk = lazyRequire(function () { return require("./audit"); });
+var audit = lazyRequire(function () { return require("./audit"); });
 // compliance — lazy because router.js is required during boot before
 // the operator's `b.compliance.set(...)` runs; the posture lookup only
 // matters at listen() time, well after boot finishes.
-var complianceLazy = lazyRequire(function () { return require("./compliance"); });
+var compliance = lazyRequire(function () { return require("./compliance"); });
 
 var log = boot("router");
 var HTTP_STATUS = requestHelpers.HTTP_STATUS;
@@ -296,8 +296,8 @@ class Router {
     this.routes = [];
     this.middleware = [];
     // WebSocket routes are kept separate from HTTP routes — they're
-    // matched on the upgrade / Extended CONNECT path, not on a method
-    // verb. Map<path, { handler, opts }>.
+    // matched on the upgrade / Extended CONNECT nodePath, not on a method
+    // verb. Map<nodePath, { handler, opts }>.
     this._wsRoutes = new Map();
     // Active WebSocket connections opened through router.ws(). Tracked
     // so router.closeWebSockets() can do a clean rolling-shutdown.
@@ -407,7 +407,7 @@ class Router {
   //   process.exit(0);
   //
   // Tests use the same primitive in teardown — no parallel cleanup
-  // path, no h1-upgrade detached-socket workaround.
+  // nodePath, no h1-upgrade detached-socket workaround.
   async closeWebSockets(opts) {
     opts = opts || {};
     var timeoutMs = typeof opts.timeoutMs === "number" ? opts.timeoutMs : C.TIME.seconds(5);
@@ -603,7 +603,7 @@ class Router {
 
   // ---- WebSocket route registration ----
   //
-  // ws(path, handler, opts?)
+  // ws(nodePath, handler, opts?)
   //   path     — exact match. Path-param patterns aren't supported on
   //              upgrade requests; operators that need dynamic paths
   //              register one ws route per stable shape.
@@ -733,12 +733,12 @@ class Router {
     if (declared !== "replay-cache") return declared;
     var active = null;
     try {
-      var compliance = complianceLazy();
-      if (compliance && typeof compliance.current === "function") active = compliance.current();
+      var complianceInst = compliance();
+      if (complianceInst && typeof complianceInst.current === "function") active = complianceInst.current();
     } catch (_e) { /* compliance not initialized */ }
     if (active && TLS_0RTT_FAILCLOSED_POSTURES.indexOf(active) !== -1) {
       try {
-        auditFwk().safeEmit({
+        audit().safeEmit({
           action:   "tls.0rtt.refused",
           outcome:  "denied",
           metadata: { reason: "posture-failclosed", posture: active, declared: declared },
@@ -759,7 +759,7 @@ class Router {
     if (String(earlyDataHeader).trim() !== "1") return null;                       // RFC 8470: only "1" means early data
     if (posture === "refuse") {
       try {
-        auditFwk().safeEmit({
+        audit().safeEmit({
           action:   "tls.0rtt.refused",
           outcome:  "denied",
           metadata: { reason: "posture-refuse", method: req.method, url: req.url },
@@ -783,7 +783,7 @@ class Router {
     var key = hash.digest("hex");
     if (this._tls0RttReplayCache.has(key)) {
       try {
-        auditFwk().safeEmit({
+        audit().safeEmit({
           action:   "tls.0rtt.replayed",
           outcome:  "denied",
           metadata: { reason: "cache-hit", method: req.method, url: req.url,
@@ -805,7 +805,7 @@ class Router {
     }
     this._tls0RttReplayCache.set(key, nowMs + TLS_0RTT_REPLAY_WINDOW_MS);
     try {
-      auditFwk().safeEmit({
+      audit().safeEmit({
         action:   "tls.0rtt.accepted",
         outcome:  "success",
         metadata: { method: req.method, url: req.url, windowMs: TLS_0RTT_REPLAY_WINDOW_MS },
@@ -889,7 +889,7 @@ class Router {
           });
         } catch (parseErr) {
           try {
-            auditFwk().safeEmit({
+            audit().safeEmit({
               action:   "router.redirect.cross_origin.refused",
               outcome:  "denied",
               metadata: {
@@ -913,7 +913,7 @@ class Router {
         }
         if (!match) {
           try {
-            auditFwk().safeEmit({
+            audit().safeEmit({
               action:   "router.redirect.cross_origin.refused",
               outcome:  "denied",
               metadata: {
@@ -930,7 +930,7 @@ class Router {
           );
         }
         try {
-          auditFwk().safeEmit({
+          audit().safeEmit({
             action:   "router.redirect.cross_origin.allowed",
             outcome:  "success",
             metadata: { target: url, origin: targetOrigin },
@@ -1064,7 +1064,7 @@ class Router {
         // (a clean peer would not initiate after GOAWAY).
         h2session.on("stream", function (stream) {
           if (h2session._blamejsGoawaySent) {
-            try { auditFwk().safeEmit({
+            try { audit().safeEmit({
               action:   "http2.window_update.refused",
               outcome:  "denied",
               metadata: { reason: "post-goaway-stream", streamId: stream.id || null,
@@ -1089,7 +1089,7 @@ class Router {
     // server's emitter list clean for HTTP-only deployments.
     if (self._wsRoutes.size > 0) {
       // h1 upgrade event — fires for "Upgrade: websocket" from h1
-      // clients. Routes by path; refuses with 426 in h2-only mode.
+      // clients. Routes by nodePath; refuses with 426 in h2-only mode.
       server.on("upgrade", function (req, socket, head) {
         var pathname = String(req.url || "/").split("?")[0];
         var route = self._wsRoutes.get(pathname);
@@ -1201,18 +1201,18 @@ class Router {
  */
 // Static file serving middleware
 function serveStatic(dir) {
-  var root = path.resolve(dir);
+  var root = nodePath.resolve(dir);
   return (req, res, next) => {
     if (req.method !== "GET") return next();
     var rel = req.pathname;
     if (rel.includes("\0")) return next();
-    var filePath = path.resolve(path.join(root, rel));
+    var filePath = nodePath.resolve(nodePath.join(root, rel));
     if (!filePath.startsWith(root)) return next();
-    if (!fs.existsSync(filePath) || fs.statSync(filePath).isDirectory()) return next();
+    if (!nodeFs.existsSync(filePath) || nodeFs.statSync(filePath).isDirectory()) return next();
 
-    var ext = path.extname(filePath).toLowerCase();
+    var ext = nodePath.extname(filePath).toLowerCase();
     var mime = MIME_TYPES[ext] || "application/octet-stream";
-    var stat = fs.statSync(filePath);
+    var stat = nodeFs.statSync(filePath);
     var hasVersion = req.url && req.url.includes("?v=");
     var cacheControl = hasVersion
       ? "public, max-age=31536000, immutable"
@@ -1222,7 +1222,7 @@ function serveStatic(dir) {
       "Content-Length": stat.size,
       "Cache-Control":  cacheControl,
     });
-    fs.createReadStream(filePath).pipe(res);
+    nodeFs.createReadStream(filePath).pipe(res);
   };
 }
 

package/lib/sandbox.js

@@ -78,11 +78,11 @@
  * arbitrary source from the public internet.
  */
 
-var path = require("path");
+var nodePath = require("path");
 var lazyRequire = require("./lazy-require");
 var validateOpts = require("./validate-opts");
 var numericBounds = require("./numeric-bounds");
-var constants = require("./constants");
+var C = require("./constants");
 var { SandboxError } = require("./framework-error");
 
 var audit = lazyRequire(function () { return require("./audit"); });
@@ -110,14 +110,14 @@ var ALWAYS_AVAILABLE = Object.freeze([
   "Promise", "Error", "TypeError", "RangeError", "RegExp",
 ]);
 
-var WORKER_PATH = path.resolve(__dirname, "sandbox-worker.js");
+var WORKER_PATH = nodePath.resolve(__dirname, "sandbox-worker.js");
 
 // Default caps. Sourced from C.* helpers so the unit lives at the call site.
 var DEFAULT_TIMEOUT_MS = 250;
-var MAX_TIMEOUT_MS = constants.TIME.seconds(10);
-var DEFAULT_MAX_BYTES = constants.BYTES.mib(64);
-var MAX_MAX_BYTES = constants.BYTES.gib(1);
-var MIN_MAX_BYTES = constants.BYTES.mib(4);
+var MAX_TIMEOUT_MS = C.TIME.seconds(10);
+var DEFAULT_MAX_BYTES = C.BYTES.mib(64);
+var MAX_MAX_BYTES = C.BYTES.gib(1);
+var MIN_MAX_BYTES = C.BYTES.mib(4);
 
 function _validateAllowed(allowed) {
   if (allowed === undefined || allowed === null) return [];
@@ -217,7 +217,7 @@ function run(opts) {
   // floor so the worker can boot. Round each cap down to a MiB integer.
   // Floors / caps are quanta of MiB chosen to fit a small embedded
   // worker; passed straight to v8's resourceLimits.
-  var oneMib = constants.BYTES.mib(1);
+  var oneMib = C.BYTES.mib(1);
   // The MiB-unit caps below are integers passed directly to v8's
   // resourceLimits (already typed in MiB by the v8 API), not byte
   // counts - the constants helpers don't apply.

package/lib/sec-cyber.js

@@ -69,7 +69,7 @@
 var audit = require("./audit");
 var C = require("./constants");
 var validateOpts = require("./validate-opts");
-var nb = require("./numeric-bounds");
+var numericBounds = require("./numeric-bounds");
 var { defineClass } = require("./framework-error");
 var SecCyberError = defineClass("SecCyberError", { alwaysPermanent: true });
 
@@ -104,9 +104,9 @@ function eightKArtifact(opts) {
     "secCyber.eightKArtifact: registrant.name", SecCyberError, "BAD_REGISTRANT_NAME");
   validateOpts.requireNonEmptyString(opts.registrant.cik,
     "secCyber.eightKArtifact: registrant.cik", SecCyberError, "BAD_CIK");
-  nb.requirePositiveFiniteIntIfPresent(opts.detectedAt,
+  numericBounds.requirePositiveFiniteIntIfPresent(opts.detectedAt,
     "secCyber.eightKArtifact: detectedAt", SecCyberError, "BAD_DETECTED_AT");
-  nb.requirePositiveFiniteIntIfPresent(opts.materialityDeterminedAt,
+  numericBounds.requirePositiveFiniteIntIfPresent(opts.materialityDeterminedAt,
     "secCyber.eightKArtifact: materialityDeterminedAt", SecCyberError, "BAD_MAT_AT");
 
   if (FINDINGS.indexOf(opts.materialityFinding) === -1) {

package/lib/security-assert.js

@@ -67,7 +67,7 @@
  * non-function extra entry, etc.) so the operator catches typos at
  * boot, not at the moment they were trying to gate the boot.
  */
-var fs = require("fs");
+var nodeFs = require("fs");
 var nodeTls = require("node:tls");
 var lazyRequire = require("./lazy-require");
 var safeEnv = require("./parsers/safe-env");
@@ -286,7 +286,7 @@ async function assertProduction(opts) {
   if (typeof opts.dataDir === "string" && opts.dataDir.length > 0 && process.platform !== "win32") {
     var maxMode = typeof opts.maxDataDirMode === "number" ? opts.maxDataDirMode : 0o750;
     try {
-      var stat = fs.statSync(opts.dataDir);
+      var stat = nodeFs.statSync(opts.dataDir);
       var mode = stat.mode & 0o777;
       if (mode > maxMode) {
         failures.push({ ok: false, code: "security/datadir-permissions",

package/lib/seeders.js

@@ -15,7 +15,7 @@
  *
  *   module.exports = {
  *     description: "Create default admin user for local dev",
- *     // Optional — when omitted, the env is inferred from the path.
+ *     // Optional — when omitted, the env is inferred from the nodePath.
  *     // When present, this seed only applies under one of these envs.
  *     envs:        ["dev", "test"],
  *     // Default false — applied once and recorded in registry.
@@ -54,7 +54,7 @@
  *     applied state)
  */
 
-var path = require("path");
+var nodePath = require("path");
 var atomicFile = require("./atomic-file");
 var C = require("./constants");
 var dbSchema = require("./db-schema");
@@ -67,7 +67,7 @@ var { SeederError } = require("./framework-error");
 
 var log = boot("seeders");
 
-var dbModule = lazyRequire(function () { return require("./db"); });
+var db = lazyRequire(function () { return require("./db"); });
 var observability = lazyRequire(function () { return require("./observability"); });
 
 var _err = SeederError.factory;
@@ -151,7 +151,7 @@ function _validateCreateOpts(opts) {
 
 function _resolveDb(opts) {
   if (opts && opts.db && typeof opts.db.prepare === "function") return opts.db;
-  var d = dbModule();
+  var d = db();
   if (typeof d.prepare !== "function") {
     throw _err("NO_DB", "seeders: no db handle: pass opts.db or initialize b.db before create()");
   }
@@ -161,7 +161,7 @@ function _resolveDb(opts) {
 // ---- Directory walking + seed loading ----
 
 function _envDir(rootDir, env) {
-  return path.join(rootDir, env);
+  return nodePath.join(rootDir, env);
 }
 
 function _listSeedFiles(rootDir, env) {
@@ -171,7 +171,7 @@ function _listSeedFiles(rootDir, env) {
 }
 
 function _loadSeed(rootDir, env, file) {
-  var fullPath = path.join(_envDir(rootDir, env), file);
+  var fullPath = nodePath.join(_envDir(rootDir, env), file);
   // Drop require cache for this path so a test rewriting a fixture
   // between calls picks it up. Production restarts the process anyway.
   try { delete require.cache[require.resolve(fullPath)]; } catch (_e) { /* not yet cached */ }