@carddb/browser 0.2.0 → 0.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -36,6 +36,8 @@ for await (const card of cards) {
36
36
 
37
37
  Use `accessToken` instead of `publishableKey` for user-authorized OAuth deck workflows. `secretKey` is server-only and the browser client rejects it at construction time. The browser client also rejects legacy `apiKey` because it is ambiguous and can accidentally expose a secret key; use `publishableKey` explicitly for public browser reads.
38
38
 
39
+ Publisher management helpers such as `games.create`, `records.upsertBatch`, `imports.run`, `exports.run`, and `files.requestUpload` require a server-side secret credential and should be called from `@carddb/node` in a trusted backend, not directly from browser code. Keep content pipelines, source URL imports, uploaded file imports, bulk deletes, and exports on the server side.
40
+
39
41
  ```typescript
40
42
  const client = new CardDBClient({
41
43
  accessToken: oauthAccessToken,