@checkstack/auth-backend 0.4.10 → 0.4.11

package/CHANGELOG.md

@@ -1,5 +1,18 @@
 # @checkstack/auth-backend
 
+## 0.4.11
+
+### Patch Changes
+
+- 67158e2: Standardize package metadata, unify AJV versions to 8.18.0, and enforce monorepo architecture rules via updated ESLint configuration. This ensures consistent package discovery and runtime dependency safety across the platform.
+- b839ccb: Security: Hardened production Docker image by upgrading Alpine system libraries, migrating to Drizzle beta (v1.0.0-beta.21), and implementing aggressive binary pruning to eliminate vulnerable build-time tools (esbuild/drizzle-kit).
+- Updated dependencies [67158e2]
+  - @checkstack/auth-common@0.5.7
+  - @checkstack/backend-api@0.8.2
+  - @checkstack/command-backend@0.1.13
+  - @checkstack/common@0.6.4
+  - @checkstack/notification-common@0.2.7
+
 ## 0.4.10
 
 ### Patch Changes

package/package.json

@@ -1,8 +1,11 @@
 {
   "name": "@checkstack/auth-backend",
-  "version": "0.4.10",
+  "version": "0.4.11",
   "type": "module",
   "main": "src/index.ts",
+  "checkstack": {
+    "type": "backend"
+  },
   "scripts": {
     "typecheck": "tsc --noEmit",
     "generate": "drizzle-kit generate",
@@ -11,24 +14,23 @@
     "test": "bun test"
   },
   "dependencies": {
-    "@checkstack/auth-common": "0.5.5",
-    "@checkstack/backend-api": "0.8.0",
-    "@checkstack/notification-common": "0.2.5",
-    "@checkstack/command-backend": "0.1.11",
+    "@checkstack/auth-common": "0.5.6",
+    "@checkstack/backend-api": "0.8.1",
+    "@checkstack/notification-common": "0.2.6",
+    "@checkstack/command-backend": "0.1.12",
     "better-auth": "^1.4.7",
-    "drizzle-orm": "^0.45.1",
-    "hono": "^4.0.0",
+    "drizzle-orm": "^0.45.0",
+    "hono": "^4.12.14",
     "jose": "^6.1.3",
     "zod": "^4.2.1",
-    "@checkstack/common": "0.6.2"
+    "@checkstack/common": "0.6.3",
+    "@orpc/server": "^1.13.2"
   },
   "devDependencies": {
     "@checkstack/drizzle-helper": "0.0.3",
     "@checkstack/scripts": "0.1.1",
     "@checkstack/tsconfig": "0.0.3",
-    "@orpc/server": "^1.13.2",
     "@types/node": "^20.0.0",
-    "drizzle-kit": "^0.31.8",
     "typescript": "^5.0.0"
   }
 }

package/src/index.ts

@@ -20,7 +20,7 @@ import { NotificationApi } from "@checkstack/notification-common";
 import * as schema from "./schema";
 import { eq, inArray } from "drizzle-orm";
 import { SafeDatabase } from "@checkstack/backend-api";
-import { User } from "better-auth/types";
+import { BetterAuthOptions, User } from "better-auth/types";
 import { verifyPassword } from "better-auth/crypto";
 import { createExtensionPoint } from "@checkstack/backend-api";
 import { enrichUser } from "./utils/user";
@@ -564,7 +564,7 @@ export default createBackendPlugin({
             } social providers: ${Object.keys(socialProviders).join(", ")}`,
           );
 
-          return betterAuth({
+          const authOptions: BetterAuthOptions = {
             database: drizzleAdapter(database, {
               provider: "pg",
               schema: { ...schema },
@@ -586,10 +586,13 @@ export default createBackendPlugin({
                 const resetToken = parsedUrl.searchParams.get("token");
                 if (!resetToken) {
                   throw new APIError("BAD_REQUEST", {
-                    message: "Malformed password reset URL: missing token parameter",
+                    message:
+                      "Malformed password reset URL: missing token parameter",
                   });
                 }
-                const resetUrl = `${frontendUrl}/auth/reset-password?token=${encodeURIComponent(resetToken)}`;
+                const resetUrl = `${frontendUrl}/auth/reset-password?token=${encodeURIComponent(
+                  resetToken,
+                )}`;
 
                 void notificationClient.sendTransactional({
                   userId: user.id,
@@ -648,7 +651,9 @@ export default createBackendPlugin({
                 },
               },
             },
-          });
+          };
+
+          return betterAuth(authOptions);
         };
 
         // Initialize better-auth