npm - @hasna/uptime - Versions diffs - 0.1.15 → 0.1.16 - Mend

@hasna/uptime 0.1.15 → 0.1.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/CHANGELOG.md +9 -0
package/Dockerfile.package +11 -4
package/dist/cli/index.js +1 -1
package/dist/cloud-plan.js +1 -1
package/dist/index.js +1 -1
package/infra/aws/terraform.tfvars.example +1 -1
package/infra/aws/variables.tf +1 -1
package/package.json +1 -1

package/CHANGELOG.md CHANGED Viewed

@@ -6,6 +6,15 @@ project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 ## [Unreleased]
+## [0.1.16] - 2026-06-28
+### Changed
+- Changed the packaged production Dockerfile to install Bun in an ECR Public
+  Node Alpine build stage, then copy only Bun, app files, and production
+  dependencies into an ECR Public Alpine runtime with CA certificates. This
+  reduces inherited OS vulnerability findings before live AWS scale-up.
 ## [0.1.15] - 2026-06-28
 ### Changed

package/Dockerfile.package CHANGED Viewed

@@ -1,13 +1,20 @@
 # syntax=docker/dockerfile:1
-FROM public.ecr.aws/docker/library/node:22-slim AS runtime
+FROM public.ecr.aws/docker/library/node:22-alpine AS bun
+RUN npm install -g bun@1.3.13
+FROM public.ecr.aws/docker/library/alpine:3.22 AS runtime
 ENV NODE_ENV=production \
     HASNA_UPTIME_MODE=hosted
 WORKDIR /app
-RUN npm install -g bun@1.3.13 \
-  && groupadd --system --gid 10001 uptime \
-  && useradd --system --uid 10001 --gid uptime --home-dir /app --shell /usr/sbin/nologin uptime
+RUN apk add --no-cache ca-certificates \
+  && addgroup -g 10001 -S uptime \
+  && adduser -S -D -H -u 10001 -G uptime uptime
+COPY --from=bun /usr/local/bin/bun /usr/local/bin/bun
+COPY --from=bun /usr/local/lib/node_modules/bun /usr/local/lib/node_modules/bun
 COPY package.json ./package.json
 COPY dist ./dist

package/dist/cli/index.js CHANGED Viewed

@@ -6932,7 +6932,7 @@ function buildAwsDeploymentPlan(options = {}) {
   const image = clean(options.image, `${imageRepositoryUri}@sha256:<image-digest>`);
   const evidenceBucket = clean(options.evidenceBucket, `hasna-${stage}-${prefix}-evidence`);
   const hostedSqliteDbPath = clean(options.hostedSqliteDbPath, DEFAULT_HOSTED_SQLITE_DB);
-  const runtimePackageVersion = clean(options.runtimePackageVersion, "0.1.15");
+  const runtimePackageVersion = clean(options.runtimePackageVersion, "0.1.16");
   const protectedAccessMode = options.protectedAccessMode ?? DEFAULT_PROTECTED_ACCESS_MODE;
   const protectedAccessUrl = protectedAccessMode === "cloudfront_default_domain" ? "https://<cloudfront-domain>" : `https://${hostname}`;
   const cluster = `${prefix}-${stage}`;

package/dist/cloud-plan.js CHANGED Viewed

@@ -21,7 +21,7 @@ function buildAwsDeploymentPlan(options = {}) {
   const image = clean(options.image, `${imageRepositoryUri}@sha256:<image-digest>`);
   const evidenceBucket = clean(options.evidenceBucket, `hasna-${stage}-${prefix}-evidence`);
   const hostedSqliteDbPath = clean(options.hostedSqliteDbPath, DEFAULT_HOSTED_SQLITE_DB);
-  const runtimePackageVersion = clean(options.runtimePackageVersion, "0.1.15");
+  const runtimePackageVersion = clean(options.runtimePackageVersion, "0.1.16");
   const protectedAccessMode = options.protectedAccessMode ?? DEFAULT_PROTECTED_ACCESS_MODE;
   const protectedAccessUrl = protectedAccessMode === "cloudfront_default_domain" ? "https://<cloudfront-domain>" : `https://${hostname}`;
   const cluster = `${prefix}-${stage}`;

package/dist/index.js CHANGED Viewed

@@ -4338,7 +4338,7 @@ function buildAwsDeploymentPlan(options = {}) {
   const image = clean(options.image, `${imageRepositoryUri}@sha256:<image-digest>`);
   const evidenceBucket = clean(options.evidenceBucket, `hasna-${stage}-${prefix}-evidence`);
   const hostedSqliteDbPath = clean(options.hostedSqliteDbPath, DEFAULT_HOSTED_SQLITE_DB);
-  const runtimePackageVersion = clean(options.runtimePackageVersion, "0.1.15");
+  const runtimePackageVersion = clean(options.runtimePackageVersion, "0.1.16");
   const protectedAccessMode = options.protectedAccessMode ?? DEFAULT_PROTECTED_ACCESS_MODE;
   const protectedAccessUrl = protectedAccessMode === "cloudfront_default_domain" ? "https://<cloudfront-domain>" : `https://${hostname}`;
   const cluster = `${prefix}-${stage}`;

package/infra/aws/terraform.tfvars.example CHANGED Viewed

@@ -16,7 +16,7 @@ alb_ingress_cidr_blocks = []
 private_subnet_ids       = ["subnet-replace-private-a", "subnet-replace-private-b"]
 private_route_table_ids  = ["rtb-replace-private"]
 container_image          = "123456789012.dkr.ecr.us-east-1.amazonaws.com/open-uptime@sha256:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
-runtime_package_version  = "0.1.15"
+runtime_package_version  = "0.1.16"
 certificate_arn          = null
 hosted_zone_id           = null
 app_env_secret_arn       = "arn:aws:secretsmanager:us-east-1:123456789012:secret:open-uptime/prod/app/env"

package/infra/aws/variables.tf CHANGED Viewed

@@ -116,7 +116,7 @@ variable "container_image" {
 variable "runtime_package_version" {
   description = "Published @hasna/uptime package version that CodeBuild should build into the ECR image."
   type        = string
-  default     = "0.1.15"
+  default     = "0.1.16"
   validation {
     condition     = can(regex("^[0-9]+\\.[0-9]+\\.[0-9]+(-[0-9A-Za-z.-]+)?$", var.runtime_package_version))

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@hasna/uptime",
-  "version": "0.1.15",
+  "version": "0.1.16",
   "description": "Local-first uptime and downtime monitoring service with CLI, MCP, SDK, SQLite persistence, and a dashboard.",
   "license": "Apache-2.0",
   "type": "module",