@blamejs/core 0.9.14 → 0.9.16

package/lib/self-update.js

@@ -47,13 +47,13 @@
  *   Framework / vendored-deps integrity check plus version pinning — refuses to install a new build when the asset's detached signature does not verify against the operator-supplied public key, or when the vendored SHA the new build would ship does not match the manifest the opera...
  */
 
-var fs = require("fs");
-var path = require("path");
+var nodeFs = require("fs");
+var nodePath = require("path");
 var nodeCrypto = require("crypto");
-var nb = require("./numeric-bounds");
+var numericBounds = require("./numeric-bounds");
 var atomicFile = require("./atomic-file");
 var validateOpts = require("./validate-opts");
-var bjCrypto = require("./crypto");
+var bCrypto = require("./crypto");
 var httpClient = require("./http-client");
 var safeJson = require("./safe-json");
 var { URL: NodeUrl } = require("url");
@@ -153,9 +153,9 @@ function _validatePollOpts(opts) {
     throw new SelfUpdateError("selfupdate/bad-sig-pattern",
       "selfUpdate.poll: opts.signaturePattern must be a RegExp or string when present");
   }
-  nb.requirePositiveFiniteIntIfPresent(opts.maxBytes,
+  numericBounds.requirePositiveFiniteIntIfPresent(opts.maxBytes,
     "selfUpdate.poll: opts.maxBytes", SelfUpdateError, "selfupdate/bad-max-bytes");
-  nb.requirePositiveFiniteIntIfPresent(opts.timeoutMs,
+  numericBounds.requirePositiveFiniteIntIfPresent(opts.timeoutMs,
     "selfUpdate.poll: opts.timeoutMs", SelfUpdateError, "selfupdate/bad-timeout");
 }
 
@@ -178,7 +178,7 @@ function _matchAsset(name, pattern, fallback) {
  * Fetch a releases feed and report whether a newer tag is available.
  * Tags are compared semver-style with a leading `v` stripped. When
  * `opts.etag` is supplied an `If-None-Match` header makes a 304 a fast
- * "no update" path. The match against asset and signature URLs uses
+ * "no update" nodePath. The match against asset and signature URLs uses
  * `opts.assetPattern` and `opts.signaturePattern` (RegExp or substring)
  * with conservative fallbacks. Throws SelfUpdateError on a non-2xx
  * upstream, malformed JSON, or unexpected shape.
@@ -367,7 +367,7 @@ function _validateVerifyOpts(opts) {
     throw new SelfUpdateError("selfupdate/bad-hash-algo",
       "selfUpdate.verify: opts.hashAlgo must be one of " + ALLOWED_HASH_ALGS.join(", "));
   }
-  nb.requirePositiveFiniteIntIfPresent(opts.maxBytes,
+  numericBounds.requirePositiveFiniteIntIfPresent(opts.maxBytes,
     "selfUpdate.verify: opts.maxBytes", SelfUpdateError, "selfupdate/bad-max-bytes");
 }
 
@@ -426,7 +426,7 @@ async function verify(opts) {
   }
 
   var ok = false;
-  try { ok = bjCrypto.verify(assetBytes, sigBytes, opts.pubkeyPem); }
+  try { ok = bCrypto.verify(assetBytes, sigBytes, opts.pubkeyPem); }
   catch (e) {
     _safeAuditEmit("selfupdate.verify.failed", "denied", {
       assetPath: opts.assetPath, signaturePath: opts.signaturePath,
@@ -515,19 +515,19 @@ async function swap(opts) {
   var to       = opts.to;
   var backupTo = opts.backupTo;
 
-  if (!fs.existsSync(from)) {
+  if (!nodeFs.existsSync(from)) {
     throw new SelfUpdateError("selfupdate/missing-from",
       "selfUpdate.swap: from path does not exist: " + from);
   }
 
-  var toDir       = path.dirname(to);
-  var backupDir   = path.dirname(backupTo);
+  var toDir       = nodePath.dirname(to);
+  var backupDir   = nodePath.dirname(backupTo);
   atomicFile.ensureDir(toDir);
   atomicFile.ensureDir(backupDir);
 
   // Step 2 — backup if `to` exists. Use atomicFile.copy so the backup
   // hits disk via temp+fsync+rename.
-  var hadOriginal = fs.existsSync(to);
+  var hadOriginal = nodeFs.existsSync(to);
   if (hadOriginal) {
     try {
       await atomicFile.copy(to, backupTo, { fileMode: 0o600 });
@@ -541,14 +541,14 @@ async function swap(opts) {
   // Step 3 — install. Rename is atomic on same FS; on cross-device we
   // fall back to copy + unlink.
   try {
-    fs.renameSync(from, to);
+    nodeFs.renameSync(from, to);
   } catch (e) {
     if (e && e.code === "EXDEV") {
       // Cross-device — copy + unlink. Use atomicFile.copy for the safety
       // net (temp+fsync+rename on dest FS); then remove the source.
       try {
         await atomicFile.copy(from, to, { fileMode: 0o600 });
-        try { fs.unlinkSync(from); } catch (_u) { /* tmp source leak — operator-cleanable */ }
+        try { nodeFs.unlinkSync(from); } catch (_u) { /* tmp source leak — operator-cleanable */ }
       } catch (ce) {
         // Roll back from backup if we have one.
         if (hadOriginal) {
@@ -613,12 +613,12 @@ async function rollback(opts) {
   var to       = opts.to;
   var backupTo = opts.backupTo;
 
-  if (!fs.existsSync(backupTo)) {
+  if (!nodeFs.existsSync(backupTo)) {
     throw new SelfUpdateError("selfupdate/missing-backup",
       "selfUpdate.rollback: backupTo path does not exist: " + backupTo);
   }
 
-  atomicFile.ensureDir(path.dirname(to));
+  atomicFile.ensureDir(nodePath.dirname(to));
   try {
     await atomicFile.copy(backupTo, to, { fileMode: 0o600 });
   } catch (e) {
@@ -626,7 +626,7 @@ async function rollback(opts) {
       "selfUpdate.rollback: copy " + backupTo + " -> " + to + " failed: " +
       ((e && e.message) || String(e)));
   }
-  atomicFile.fsyncDir(path.dirname(to));
+  atomicFile.fsyncDir(nodePath.dirname(to));
 
   _safeAuditEmit("selfupdate.rollback.completed", "success", {
     to: to, backupTo: backupTo,

package/lib/session-device-binding.js

@@ -69,7 +69,7 @@
  */
 
 var C            = require("./constants");
-var blamejsCrypto = require("./crypto");
+var bCrypto = require("./crypto");
 var nodeCrypto   = require("crypto");
 var lazyRequire  = require("./lazy-require");
 var requestHelpers = require("./request-helpers");
@@ -386,7 +386,7 @@ function create(opts) {
       return { ok: false, reason: "missing-bind" };
     }
     if (!Buffer.isBuffer(stored) || stored.length !== fpResult.fingerprint.length ||
-        !blamejsCrypto.timingSafeEqual(stored, fpResult.fingerprint)) {
+        !bCrypto.timingSafeEqual(stored, fpResult.fingerprint)) {
       _emitObs("session.device.drift", {});
       _emitAudit("session.device.drift", _hashTokenForAudit(token), "denied",
         { components: fpResult.components, stage: "verify" }, req);

package/lib/static.js

@@ -31,10 +31,10 @@
  * passing while opening the surface.
  */
 
-var fs = require("node:fs");
+var nodeFs = require("node:fs");
 var fsp = require("node:fs/promises");
 var nodeCrypto = require("node:crypto");
-var path = require("node:path");
+var nodePath = require("node:path");
 var C = require("./constants");
 var gateContract = require("./gate-contract");
 var lazyRequire = require("./lazy-require");
@@ -157,7 +157,7 @@ async function _readMeta(absPath) {
   var sri = nodeCrypto.createHash("sha384");
   var sha3 = nodeCrypto.createHash("sha3-512");
   await new Promise(function (resolve, reject) {
-    var s = fs.createReadStream(absPath);
+    var s = nodeFs.createReadStream(absPath);
     s.on("data", function (chunk) { sri.update(chunk); sha3.update(chunk); });
     s.on("end", resolve);
     s.on("error", reject);
@@ -181,10 +181,10 @@ async function _readMeta(absPath) {
 function _resolveSafe(root, requestedPath) {
   if (typeof requestedPath !== "string" || requestedPath.length === 0) return null;
   if (requestedPath.indexOf("\0") !== -1) return null;
-  var resolved = path.resolve(root, "." + requestedPath);
-  var rootResolved = path.resolve(root);
+  var resolved = nodePath.resolve(root, "." + requestedPath);
+  var rootResolved = nodePath.resolve(root);
   if (resolved !== rootResolved &&
-      !resolved.startsWith(rootResolved + path.sep)) return null;
+      !resolved.startsWith(rootResolved + nodePath.sep)) return null;
 
   // Symlink-escape defense — the lexical resolve above only sees the
   // requested path tokens; a symlink anywhere along `resolved` can
@@ -195,9 +195,9 @@ function _resolveSafe(root, requestedPath) {
   // breaks deploys where the OS prefix-symlinks the temp dir
   // (macOS: /var/folders/X/Y → /private/var/folders/X/Y).
   try {
-    var real = fs.realpathSync(resolved);
-    var rootReal = fs.realpathSync(rootResolved);
-    if (real !== rootReal && !real.startsWith(rootReal + path.sep)) return null;
+    var real = nodeFs.realpathSync(resolved);
+    var rootReal = nodeFs.realpathSync(rootResolved);
+    if (real !== rootReal && !real.startsWith(rootReal + nodePath.sep)) return null;
   } catch (_e) {
     // Path doesn't exist (or is denied) — fall through with the lexical
     // resolution so the caller's stat() returns the natural ENOENT and
@@ -213,7 +213,7 @@ function _resolveSafe(root, requestedPath) {
   // legitimate `<name>.<hash>.js` bundler output) are valid here. The
   // other balanced checks still reject the traversal + smuggling
   // surface the user surfaced.
-  var fname = path.basename(resolved);
+  var fname = nodePath.basename(resolved);
   var rv = guardFilename().validate(fname, {
     profile:             "balanced",
     shellExecExtPolicy:  "allow",
@@ -224,7 +224,7 @@ function _resolveSafe(root, requestedPath) {
 }
 
 function _contentTypeFor(filePath, table) {
-  var ext = path.extname(filePath).toLowerCase();
+  var ext = nodePath.extname(filePath).toLowerCase();
   return (table && table[ext]) || DEFAULT_CONTENT_TYPES[ext] || "application/octet-stream";
 }
 
@@ -293,7 +293,7 @@ function _bareMime(contentType) {
 // gate is wired AND `safeRenderSvg` is enabled, PDF renders inline
 // ONLY when `safeRenderPdf` is explicitly enabled. text/html and
 // text/javascript are inside `text/*` but the browser executes them
-// — they go through the risky path. Everything else (HTML, JS, MJS,
+// — they go through the risky nodePath. Everything else (HTML, JS, MJS,
 // XML, executables, archives, fonts when served from a user-upload
 // directory) gets forced download to defeat stored-XSS via the
 // upload directory.
@@ -301,7 +301,7 @@ function _shouldForceAttachment(contentType, ext, contentSafetyMap, allowSvgRend
   var bare = _bareMime(contentType);
   if (bare.length === 0) return true; // unknown MIME → safest path
   // text/html / text/xml / text/javascript / xhtml are inside `text/*`
-  // but the browser executes them — risky path.
+  // but the browser executes them — risky nodePath.
   if (bare === "text/html" || bare === "text/xml" ||
       bare === "text/javascript" || bare === "application/xhtml+xml") {
     return true;
@@ -339,7 +339,7 @@ function _shouldForceAttachment(contentType, ext, contentSafetyMap, allowSvgRend
 // filename is RFC 5987-encoded so non-ASCII characters survive without
 // allowing CR/LF header injection.
 function _attachmentDisposition(filePath) {
-  var name = path.basename(filePath);
+  var name = nodePath.basename(filePath);
   // Refuse CR/LF/NUL outright — they're already filtered upstream by
   // the path-traversal guard, but defense-in-depth here.
   if (/[\r\n\0]/.test(name)) name = "download";
@@ -399,7 +399,7 @@ function _httpDate(date) {
 function _validateCreateOpts(opts) {
   validateOpts.requireObject(opts, "staticServe.create", StaticServeError);
   validateOpts.requireNonEmptyString(opts.root, "staticServe.create: root", StaticServeError, "BAD_OPT");
-  if (!fs.existsSync(opts.root)) {
+  if (!nodeFs.existsSync(opts.root)) {
     throw _err("BAD_OPT", "staticServe.create: root does not exist: " + opts.root);
   }
   if (typeof opts.mountPath === "string" && opts.mountPath.length === 0) {
@@ -586,7 +586,7 @@ async function integrity(absPath) {
   if (typeof absPath !== "string" || absPath.length === 0) {
     throw _err("BAD_OPT", "staticServe.integrity: absPath must be a non-empty string");
   }
-  var meta = await _readMeta(path.resolve(absPath));
+  var meta = await _readMeta(nodePath.resolve(absPath));
   if (!meta) throw _err("NOT_FOUND", "staticServe.integrity: file not found: " + absPath);
   return meta.integrity;
 }
@@ -609,7 +609,7 @@ function create(opts) {
   ], "staticServe.create");
   _validateCreateOpts(opts);
   var cfg = validateOpts.applyDefaults(opts, DEFAULTS);
-  var root            = path.resolve(opts.root);
+  var root            = nodePath.resolve(opts.root);
   var mountPath       = opts.mountPath || "";
   var hashedPattern   = opts.hashedPathPattern || DEFAULT_HASHED_PATTERN;
   var indexFile       = opts.indexFile === null ? null : (opts.indexFile || DEFAULT_INDEX_FILE);
@@ -772,7 +772,7 @@ function create(opts) {
     catch (_e) { return next(); }
     if (stat.isDirectory()) {
       if (!indexFile) return next();
-      absPath = path.join(absPath, indexFile);
+      absPath = nodePath.join(absPath, indexFile);
     }
 
     // Force-revoke (404 — opaque to clients)
@@ -831,7 +831,7 @@ function create(opts) {
     //   - audit-only / warn → continue (gate emits to audit)
     var gateBytesOverride = null;
     if (contentSafety) {
-      var ext = path.extname(absPath).toLowerCase();
+      var ext = nodePath.extname(absPath).toLowerCase();
       var safetyGate = contentSafety[ext];
       if (safetyGate && typeof safetyGate.check === "function") {
         var gateBuf;
@@ -846,7 +846,7 @@ function create(opts) {
           gateDecision = await safetyGate.check({
             bytes:       gateBuf,
             contentType: _contentTypeFor(absPath, contentTypes),
-            filename:    path.basename(absPath),
+            filename:    nodePath.basename(absPath),
             actor:       actorCtx,
             route:       urlPath,
             direction:   "outbound",
@@ -1026,7 +1026,7 @@ function create(opts) {
     // explicitly on). Pairs with X-Content-Type-Options: nosniff so
     // browsers can't sniff the bytes back into an executable type.
     if (forceAttachmentForNonText) {
-      var dispoExt = path.extname(absPath).toLowerCase();
+      var dispoExt = nodePath.extname(absPath).toLowerCase();
       if (_shouldForceAttachment(headers["Content-Type"], dispoExt, contentSafety,
                                  allowSvgRender, allowPdfRender)) {
         headers["Content-Disposition"] = _attachmentDisposition(absPath);
@@ -1110,7 +1110,7 @@ function create(opts) {
     }
 
     var streamOpts = range ? { start: range.start, end: range.end } : {};
-    var fileStream = fs.createReadStream(absPath, streamOpts);
+    var fileStream = nodeFs.createReadStream(absPath, streamOpts);
 
     // Idle timeout — close the connection if the client stalls. Pattern is
     // a deadline-style debounce (clearTimeout + setTimeout) tied directly

package/lib/template.js

@@ -89,8 +89,8 @@
  * is the second line: even if a template loaded, it can't execute
  * arbitrary JS — only the limited expression grammar above.
  */
-var fs = require("fs");
-var path = require("path");
+var nodeFs = require("fs");
+var nodePath = require("path");
 var lazyRequire = require("./lazy-require");
 var validateOpts = require("./validate-opts");
 
@@ -149,13 +149,13 @@ function _resolveViewPath(viewsDir, viewName) {
   if (viewName.indexOf("..") !== -1 || viewName.indexOf("\0") !== -1) {
     throw new Error("template: view name contains forbidden character: " + JSON.stringify(viewName));
   }
-  var resolved = path.resolve(viewsDir, viewName + ".html");
-  var resolvedDir = path.resolve(viewsDir);
+  var resolved = nodePath.resolve(viewsDir, viewName + ".html");
+  var resolvedDir = nodePath.resolve(viewsDir);
   if (resolved !== resolvedDir &&
-      !resolved.startsWith(resolvedDir + path.sep)) {
+      !resolved.startsWith(resolvedDir + nodePath.sep)) {
     throw new Error("template: view path escapes viewsDir: " + viewName);
   }
-  if (!fs.existsSync(resolved)) {
+  if (!nodeFs.existsSync(resolved)) {
     throw new Error("template: view not found: " + viewName);
   }
   return resolved;
@@ -164,11 +164,11 @@ function _resolveViewPath(viewsDir, viewName) {
 function _resolvePartialPath(viewsDir, partialName) {
   if (typeof partialName !== "string" || partialName.length === 0) return null;
   if (partialName.indexOf("..") !== -1 || partialName.indexOf("\0") !== -1) return null;
-  var resolved = path.resolve(viewsDir, "partials", partialName + ".html");
-  var partialsDir = path.resolve(viewsDir, "partials");
+  var resolved = nodePath.resolve(viewsDir, "partials", partialName + ".html");
+  var partialsDir = nodePath.resolve(viewsDir, "partials");
   if (resolved !== partialsDir &&
-      !resolved.startsWith(partialsDir + path.sep)) return null;
-  return fs.existsSync(resolved) ? resolved : null;
+      !resolved.startsWith(partialsDir + nodePath.sep)) return null;
+  return nodeFs.existsSync(resolved) ? resolved : null;
 }
 
 // ============================================================
@@ -227,7 +227,7 @@ function _resolveExtends(viewsDir, source) {
       }
     }
     var parentPath = _resolveViewPath(viewsDir, parentName);
-    current = fs.readFileSync(parentPath, "utf8");
+    current = nodeFs.readFileSync(parentPath, "utf8");
     depth++;
   }
   return _substituteBlocks(current, allOverrides);
@@ -245,7 +245,7 @@ function _inlinePartials(viewsDir, source, depth) {
   return source.replace(/\{\{>\s*([A-Za-z_][A-Za-z0-9_-]*)\s*\}\}/g, function (_, name) {
     var p = _resolvePartialPath(viewsDir, name);
     if (!p) return "";   // missing partial → silent empty so a stale `{{> name}}` reference doesn't crash the render
-    return _inlinePartials(viewsDir, fs.readFileSync(p, "utf8"), depth + 1);
+    return _inlinePartials(viewsDir, nodeFs.readFileSync(p, "utf8"), depth + 1);
   });
 }
 
@@ -771,10 +771,10 @@ function create(opts) {
   if (!opts.viewsDir) {
     throw new Error("template.create({ viewsDir }) is required");
   }
-  if (!fs.existsSync(opts.viewsDir)) {
+  if (!nodeFs.existsSync(opts.viewsDir)) {
     throw new Error("template: viewsDir does not exist: " + opts.viewsDir);
   }
-  var viewsDir = path.resolve(opts.viewsDir);
+  var viewsDir = nodePath.resolve(opts.viewsDir);
   var cacheOn = opts.cache !== false;
   var customEscape = typeof opts.escapeHtml === "function" ? opts.escapeHtml : escapeHtml;
   var astCache = {};
@@ -823,7 +823,7 @@ function create(opts) {
   function compile(viewName) {
     if (cacheOn && astCache[viewName]) return astCache[viewName];
     var viewPath = _resolveViewPath(viewsDir, viewName);
-    var source = fs.readFileSync(viewPath, "utf8");
+    var source = nodeFs.readFileSync(viewPath, "utf8");
     source = _resolveExtends(viewsDir, source);
     source = _inlinePartials(viewsDir, source, 0);
     var tokens = _tokenize(source);
@@ -847,12 +847,12 @@ function create(opts) {
   function precompileAll() {
     var compiled = [];
     function walk(dir, prefix) {
-      var entries = fs.readdirSync(dir, { withFileTypes: true });
+      var entries = nodeFs.readdirSync(dir, { withFileTypes: true });
       for (var i = 0; i < entries.length; i++) {
         var e = entries[i];
         var rel = prefix ? prefix + "/" + e.name : e.name;
         if (e.isDirectory()) {
-          walk(path.join(dir, e.name), rel);
+          walk(nodePath.join(dir, e.name), rel);
         } else if (e.isFile() && /\.html$/.test(e.name)) {
           var viewName = rel.replace(/\.html$/, "");
           try {
@@ -890,8 +890,8 @@ function create(opts) {
 var _default = null;
 function _ensureDefault() {
   if (!_default) {
-    var defaultDir = path.resolve(process.cwd(), "views");
-    if (!fs.existsSync(defaultDir)) {
+    var defaultDir = nodePath.resolve(process.cwd(), "views");
+    if (!nodeFs.existsSync(defaultDir)) {
       throw new Error("template.render() default uses <cwd>/views which doesn't exist; " +
         "call template.create({ viewsDir }) for a custom location");
     }

package/lib/testing.js

@@ -42,7 +42,7 @@
  *   Operator-facing test helpers.
  */
 
-var fs = require("node:fs");
+var nodeFs = require("node:fs");
 // testing.js IS the test injector — bypasses b.httpClient by design so
 // tests can assert on raw request shape. This is the one production
 // module where direct http.request is the contract.
@@ -62,7 +62,7 @@ var { TestingError } = require("./framework-error");
 // metrics is the only place that exposes the global `tap` slot the
 // captureMetricsTap helper swaps; pulling it lazily keeps testing.js
 // safe to require at any framework load order.
-var metricsModule = lazyRequire(function () { return require("./metrics"); });
+var metrics = lazyRequire(function () { return require("./metrics"); });
 
 var _err = TestingError.factory;
 
@@ -563,7 +563,7 @@ function captureObservability() {
  *   }
  */
 function captureMetricsTap() {
-  var m = metricsModule();
+  var m = metrics();
   var original = m.tap;
   var captured = [];
   m.tap = function (name, value, labels) {
@@ -792,9 +792,9 @@ async function waitFor(predicate, opts) {
  * @example
  *   var dir = b.testing.tempDir("my-fixture");
  *   try {
- *     var nodeFs = require("node:fs");
- *     var nodePath2 = require("node:path");
- *     nodeFs.writeFileSync(nodePath2.join(dir.path, "fixture.json"), '{"ok":1}');
+ *     var fs = require("node:fs");
+ *     var path = require("node:path");
+ *     fs.writeFileSync(path.join(dir.path, "fixture.json"), '{"ok":1}');
  *     dir.path.indexOf("my-fixture-") !== -1;     // → true
  *   } finally {
  *     dir.cleanup();
@@ -813,9 +813,9 @@ function tempDir(prefix) {
       "tempDir: prefix must not contain '..', '/', '\\', or null bytes; got " + JSON.stringify(prefix));
   }
   // Path containment check mirroring static.js _resolveSafe — verify
-  // the resolved tempdir is actually inside os.tmpdir() before fs.mkdir.
+  // the resolved tempdir is actually inside os.tmpdir() before nodeFs.mkdir.
   var root = nodePath.resolve(os.tmpdir());
-  var dirPath = fs.mkdtempSync(nodePath.join(root, prefix + "-"));
+  var dirPath = nodeFs.mkdtempSync(nodePath.join(root, prefix + "-"));
   var resolved = nodePath.resolve(dirPath);
   if (resolved !== root && !resolved.startsWith(root + nodePath.sep)) {
     throw _err("BAD_STATE",
@@ -827,7 +827,7 @@ function tempDir(prefix) {
     cleanup: function () {
       if (cleanedUp) return;
       cleanedUp = true;
-      try { fs.rmSync(resolved, { recursive: true, force: true }); }
+      try { nodeFs.rmSync(resolved, { recursive: true, force: true }); }
       catch (_e) { /* best-effort on Windows locked files */ }
     },
   };

package/lib/tls-exporter.js

@@ -31,10 +31,10 @@
  *   RFC 5705 / RFC 9266 TLS Exporter for binding application-layer keys and tokens to the live TLS session.
  */
 
-var crypto = require("./crypto");
+var bCrypto = require("./crypto");
 var C = require("./constants");
 var lazyRequire = require("./lazy-require");
-var nb = require("./numeric-bounds");
+var numericBounds = require("./numeric-bounds");
 var { TlsExporterError } = require("./framework-error");
 
 var _err = TlsExporterError.factory;
@@ -119,7 +119,7 @@ function fromSocket(socketOrReq, opts) {
   // length is operator-tunable; validate-when-present via numeric-bounds
   // so a non-finite / negative / NaN input surfaces with the same error
   // shape every other framework primitive uses for numeric opts.
-  nb.requirePositiveFiniteIntIfPresent(opts.length,
+  numericBounds.requirePositiveFiniteIntIfPresent(opts.length,
     "tlsExporter.fromSocket: length", TlsExporterError, "BAD_LENGTH");
   var length = opts.length !== undefined ? opts.length : EXPORTER_LENGTH;
   if (length < C.BYTES.bytes(16) || length > C.BYTES.bytes(255)) {
@@ -193,7 +193,7 @@ function bindToken(socketOrReq, token) {
   // does NOT produce the same hash if used in another framework
   // primitive (e.g., the audit-chain row hash).
   var labelBuf = Buffer.from("blamejs/tls-exporter/bind/v1", "utf8");
-  return crypto.sha3Hash(Buffer.concat([labelBuf, exporter, tokenBuf]));
+  return bCrypto.sha3Hash(Buffer.concat([labelBuf, exporter, tokenBuf]));
 }
 
 /**
@@ -226,7 +226,7 @@ function verifyTokenBinding(socketOrReq, token, claimedBinding) {
   if (typeof claimedBinding !== "string" || claimedBinding.length === 0) {
     return false;
   }
-  return crypto.timingSafeEqual(actual, claimedBinding);
+  return bCrypto.timingSafeEqual(actual, claimedBinding);
 }
 
 module.exports = {

package/lib/tracing.js

@@ -39,7 +39,7 @@
  */
 
 var C = require("./constants");
-var crypto = require("./crypto");
+var bCrypto = require("./crypto");
 var validateOpts = require("./validate-opts");
 var { defineClass } = require("./framework-error");
 var { resolveRoute, captureResponseStatus } = require("./request-helpers");
@@ -101,10 +101,10 @@ function _formatTraceparent(traceId, spanId, flags) {
 }
 
 function _newTraceId() {
-  return crypto.generateToken(W3C_TRACE_ID_BYTES);
+  return bCrypto.generateToken(W3C_TRACE_ID_BYTES);
 }
 function _newSpanId() {
-  return crypto.generateToken(W3C_SPAN_ID_BYTES);
+  return bCrypto.generateToken(W3C_SPAN_ID_BYTES);
 }
 
 // ---- Pass-through span (used when OTel isn't installed) ----

package/lib/vault/index.js

@@ -62,8 +62,8 @@
  * @card
  *   Sealed keystore that anchors every other framework subsystem holding secrets at rest: db field encryption, encrypted session storage, audit-log signing keys, OAuth refresh tokens, anything that flows through `b.vault.seal` / `b.vault.unseal`.
  */
-var fs = require("fs");
-var path = require("path");
+var nodeFs = require("fs");
+var nodePath = require("path");
 var atomicFile = require("../atomic-file");
 var C = require("../constants");
 var { generateEncryptionKeyPair, encrypt, decrypt } = require("../crypto");
@@ -99,9 +99,9 @@ var log = boot("vault");
 function resolvePaths(dataDir) {
   return {
     dataDir:           dataDir,
-    plaintext:         path.join(dataDir, "vault.key"),
-    sealed:            path.join(dataDir, "vault.key.sealed"),
-    derivedHashSalt:   path.join(dataDir, "vault.derived-hash-salt"),
+    plaintext:         nodePath.join(dataDir, "vault.key"),
+    sealed:            nodePath.join(dataDir, "vault.key.sealed"),
+    derivedHashSalt:   nodePath.join(dataDir, "vault.derived-hash-salt"),
   };
 }
 
@@ -118,7 +118,7 @@ function _readOrCreateDerivedHashSalt() {
     throw new VaultError("vault/not-initialized",
       "vault.derivedHashSalt() requires init()");
   }
-  if (fs.existsSync(paths.derivedHashSalt)) {
+  if (nodeFs.existsSync(paths.derivedHashSalt)) {
     var raw = atomicFile.readSync(paths.derivedHashSalt);
     if (raw.length !== 32) {                                                       // allow:raw-byte-literal — 32-byte (256-bit) salt
       throw new VaultError("vault/derived-hash-salt-corrupted",
@@ -242,16 +242,16 @@ async function init(opts) {
   currentMode = mode;
   paths = resolvePaths(opts.dataDir);
 
-  if (!fs.existsSync(paths.dataDir)) {
-    fs.mkdirSync(paths.dataDir, { recursive: true });
+  if (!nodeFs.existsSync(paths.dataDir)) {
+    nodeFs.mkdirSync(paths.dataDir, { recursive: true });
   }
 
   // Sweep tmp files left behind by a previously-crashed write
   atomicFile.cleanOrphans(paths.sealed);
   atomicFile.cleanOrphans(paths.plaintext);
 
-  var hasPlaintext = fs.existsSync(paths.plaintext);
-  var hasSealed    = fs.existsSync(paths.sealed);
+  var hasPlaintext = nodeFs.existsSync(paths.plaintext);
+  var hasSealed    = nodeFs.existsSync(paths.sealed);
 
   // Refuse to guess when both files coexist
   if (hasPlaintext && hasSealed) {
@@ -287,7 +287,7 @@ async function init(opts) {
 }
 
 function initPlaintext() {
-  if (fs.existsSync(paths.plaintext)) {
+  if (nodeFs.existsSync(paths.plaintext)) {
     var loaded;
     try {
       loaded = safeJson.parse(atomicFile.readSync(paths.plaintext), {