@blamejs/core 0.9.16 → 0.9.17

package/lib/watcher.js

@@ -3,7 +3,7 @@
  * b.watcher — recursive filesystem-watch primitive with cross-platform
  * event normalization.
  *
- * Wraps `nodeFs.watch(root, { recursive: true })` and turns the per-platform
+ * Wraps `fs.watch(root, { recursive: true })` and turns the per-platform
  * event soup (Linux inotify "rename" + "change", macOS FSEvents
  * coalesced "rename", Windows ReadDirectoryChangesW pure "rename" /
  * "change") into a single shape:
@@ -15,7 +15,7 @@
  * `type` is one of "file" or "dir". The watcher is build-tool-shaped:
  * use it to drive incremental rebuilds, hot-reload-on-change,
  * config-file watching, or content-store cache busts. It is NOT a
- * security primitive — nodeFs.watch is best-effort across kernels and the
+ * security primitive — fs.watch is best-effort across kernels and the
  * caller must not rely on it for audit-grade change detection.
  *
  * Cross-platform notes baked in:
@@ -45,8 +45,8 @@
  *   watcher.WatcherError
  */
 
-var nodeFs   = require("fs");
-var nodePath = require("path");
+var nodeFs   = require("node:fs");
+var nodePath = require("node:path");
 var lazyRequire = require("./lazy-require");
 var validateOpts = require("./validate-opts");
 var { WatcherError } = require("./framework-error");

package/lib/webhook.js

@@ -47,7 +47,7 @@
  *   Outbound webhook delivery with cryptographic signing in a single `Webhook-Signature` header, retry + dead-letter via `b.retry`, and idempotency keys baked into the signed string so a captured signature cannot be replayed with a fresh id.
  */
 
-var nodeCrypto = require("crypto");
+var nodeCrypto = require("node:crypto");
 var bCrypto = require("./crypto");
 var httpClient = require("./http-client");
 var safeBuffer = require("./safe-buffer");

package/lib/websocket.js

@@ -74,9 +74,9 @@
  *   RFC 6455 WebSocket server on top of Node's `'upgrade'` event, plus RFC 8441 Extended CONNECT for HTTP/2.
  */
 
-var nodeCrypto = require("crypto");
-var zlib = require("zlib");
-var { EventEmitter } = require("events");
+var nodeCrypto = require("node:crypto");
+var zlib = require("node:zlib");
+var { EventEmitter } = require("node:events");
 var C                = require("./constants");
 var requestHelpers   = require("./request-helpers");
 var safeAsync        = require("./safe-async");

package/lib/ws-client.js

@@ -45,10 +45,10 @@
  * (operator opts in to mTLS via tlsOpts). HSTS-style, no soft-fail.
  */
 
-var net          = require("net");
-var nodeUrl      = require("url");
-var nodeCrypto   = require("crypto");
-var EventEmitter = require("events");
+var net          = require("node:net");
+var nodeUrl      = require("node:url");
+var nodeCrypto   = require("node:crypto");
+var { EventEmitter } = require("node:events");
 
 var lazyRequire    = require("./lazy-require");
 var validateOpts   = require("./validate-opts");
@@ -389,7 +389,7 @@ class WsClient extends EventEmitter {
 
     var socket;
     if (parsed.protocol === "wss:") {
-      var tls = require("tls");                                                          // allow:inline-require — node:tls only on TLS path
+      var tls = require("node:tls");                                                          // allow:inline-require — node:tls only on TLS path
       var tlsOpts = Object.assign({
         host:         host,
         port:         port,
@@ -710,7 +710,7 @@ class WsClient extends EventEmitter {
       this._fragmentRsv1 = false;
       if (this._negotiatedDeflate && firstFrameRsv1) {
         try {
-          var zlib = require("zlib");                                                     // allow:inline-require — zlib only on deflate-negotiated path
+          var zlib = require("node:zlib");                                                     // allow:inline-require — zlib only on deflate-negotiated path
           var compressed = Buffer.concat([fullPayload, Buffer.from([0x00, 0x00, 0xff, 0xff])]); // allow:raw-byte-literal — RFC 7692 §7.2.2 deflate trailer
           // Decompression-bomb defense: zlib.inflateRawSync's
           // `maxOutputLength` aborts the inflate the moment the

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/core",
-  "version": "0.9.16",
+  "version": "0.9.17",
   "description": "The Node framework that owns its stack.",
   "license": "Apache-2.0",
   "author": "blamejs contributors",

package/sbom.cdx.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:8e662af8-d254-46ec-8625-aa19174598d2",
+  "serialNumber": "urn:uuid:bfd9c116-6a09-4b5c-a673-96fa322cab83",
   "version": 1,
   "metadata": {
-    "timestamp": "2026-05-14T04:47:34.904Z",
+    "timestamp": "2026-05-14T06:23:47.607Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -19,14 +19,14 @@
       }
     ],
     "component": {
-      "bom-ref": "@blamejs/core@0.9.16",
+      "bom-ref": "@blamejs/core@0.9.17",
       "type": "library",
       "name": "blamejs",
-      "version": "0.9.16",
+      "version": "0.9.17",
       "scope": "required",
       "author": "blamejs contributors",
       "description": "The Node framework that owns its stack.",
-      "purl": "pkg:npm/%40blamejs/core@0.9.16",
+      "purl": "pkg:npm/%40blamejs/core@0.9.17",
       "properties": [],
       "externalReferences": [
         {
@@ -54,7 +54,7 @@
   "components": [],
   "dependencies": [
     {
-      "ref": "@blamejs/core@0.9.16",
+      "ref": "@blamejs/core@0.9.17",
       "dependsOn": []
     }
   ]