@hot-updater/js 0.20.10 → 0.20.12

package/dist/index.cjs

@@ -419,8 +419,7 @@ var require_diff = /* @__PURE__ */ __commonJS({ "../../node_modules/.pnpm/semver
 		const highVersion = v1Higher ? v1 : v2;
 		const lowVersion = v1Higher ? v2 : v1;
 		const highHasPre = !!highVersion.prerelease.length;
-		const lowHasPre = !!lowVersion.prerelease.length;
-		if (lowHasPre && !highHasPre) {
+		if (!!lowVersion.prerelease.length && !highHasPre) {
 			if (!lowVersion.patch && !lowVersion.minor) return "major";
 			if (lowVersion.compareMain(highVersion) === 0) {
 				if (lowVersion.minor && !lowVersion.patch) return "minor";
@@ -628,11 +627,7 @@ var require_coerce = /* @__PURE__ */ __commonJS({ "../../node_modules/.pnpm/semv
 		}
 		if (match === null) return null;
 		const major$2 = match[2];
-		const minor$2 = match[3] || "0";
-		const patch$2 = match[4] || "0";
-		const prerelease$2 = options.includePrerelease && match[5] ? `-${match[5]}` : "";
-		const build = options.includePrerelease && match[6] ? `+${match[6]}` : "";
-		return parse$1(`${major$2}.${minor$2}.${patch$2}${prerelease$2}${build}`, options);
+		return parse$1(`${major$2}.${match[3] || "0"}.${match[4] || "0"}${options.includePrerelease && match[5] ? `-${match[5]}` : ""}${options.includePrerelease && match[6] ? `+${match[6]}` : ""}`, options);
 	};
 	module.exports = coerce$1;
 }) });
@@ -647,7 +642,7 @@ var require_lrucache = /* @__PURE__ */ __commonJS({ "../../node_modules/.pnpm/se
 		}
 		get(key) {
 			const value = this.map.get(key);
-			if (value === void 0) return void 0;
+			if (value === void 0) return;
 			else {
 				this.map.delete(key);
 				this.map.set(key, value);
@@ -658,8 +653,7 @@ var require_lrucache = /* @__PURE__ */ __commonJS({ "../../node_modules/.pnpm/se
 			return this.map.delete(key);
 		}
 		set(key, value) {
-			const deleted = this.delete(key);
-			if (!deleted && value !== void 0) {
+			if (!this.delete(key) && value !== void 0) {
 				if (this.map.size >= this.max) {
 					const firstKey = this.map.keys().next().value;
 					this.delete(firstKey);
@@ -727,8 +721,7 @@ var require_range = /* @__PURE__ */ __commonJS({ "../../node_modules/.pnpm/semve
 			return this.range;
 		}
 		parseRange(range) {
-			const memoOpts = (this.options.includePrerelease && FLAG_INCLUDE_PRERELEASE) | (this.options.loose && FLAG_LOOSE);
-			const memoKey = memoOpts + ":" + range;
+			const memoKey = ((this.options.includePrerelease && FLAG_INCLUDE_PRERELEASE) | (this.options.loose && FLAG_LOOSE)) + ":" + range;
 			const cached = cache$1.get(memoKey);
 			if (cached) return cached;
 			const loose = this.options.loose;
@@ -782,8 +775,7 @@ var require_range = /* @__PURE__ */ __commonJS({ "../../node_modules/.pnpm/semve
 		}
 	};
 	module.exports = Range$11;
-	const LRU = require_lrucache();
-	const cache$1 = new LRU();
+	const cache$1 = new (require_lrucache())();
 	const parseOptions$1 = require_parse_options();
 	const Comparator$4 = require_comparator();
 	const debug$1 = require_debug();
@@ -1242,16 +1234,13 @@ var require_simplify = /* @__PURE__ */ __commonJS({ "../../node_modules/.pnpm/se
 		let first = null;
 		let prev = null;
 		const v = versions.sort((a, b) => compare$2(a, b, options));
-		for (const version of v) {
-			const included = satisfies$2(version, range, options);
-			if (included) {
-				prev = version;
-				if (!first) first = version;
-			} else {
-				if (prev) set.push([first, prev]);
-				prev = null;
-				first = null;
-			}
+		for (const version of v) if (satisfies$2(version, range, options)) {
+			prev = version;
+			if (!first) first = version;
+		} else {
+			if (prev) set.push([first, prev]);
+			prev = null;
+			first = null;
 		}
 		if (first) set.push([first, null]);
 		const ranges = [];
@@ -1464,6 +1453,20 @@ const semverSatisfies = (targetAppVersion, currentVersion) => {
 	return import_semver.default.satisfies(currentCoerce.version, targetAppVersion);
 };
 
+//#endregion
+//#region src/filterCompatibleAppVersions.ts
+/**
+* Filters target app versions that are compatible with the current app version.
+* Returns only versions that are compatible with the current version according to semver rules.
+*
+* @param targetAppVersionList - List of target app versions to filter
+* @param currentVersion - Current app version
+* @returns Array of target app versions compatible with the current version
+*/
+const filterCompatibleAppVersions = (targetAppVersionList, currentVersion) => {
+	return targetAppVersionList.filter((version) => semverSatisfies(version, currentVersion)).sort((a, b) => b.localeCompare(a));
+};
+
 //#endregion
 //#region src/getUpdateInfo.ts
 const INIT_BUNDLE_ROLLBACK_UPDATE_INFO = {
@@ -1500,7 +1503,7 @@ const appVersionStrategy = async (bundles, { channel = "production", minBundleId
 	let latestCandidate = null;
 	let updateCandidate = null;
 	let rollbackCandidate = null;
-	let currentBundle = void 0;
+	let currentBundle;
 	for (const b of candidateBundles) {
 		if (!latestCandidate || b.id.localeCompare(latestCandidate.id) > 0) latestCandidate = b;
 		if (b.id === bundleId) currentBundle = b;
@@ -1538,7 +1541,7 @@ const fingerprintStrategy = async (bundles, { channel = "production", minBundleI
 	let latestCandidate = null;
 	let updateCandidate = null;
 	let rollbackCandidate = null;
-	let currentBundle = void 0;
+	let currentBundle;
 	for (const b of candidateBundles) {
 		if (!latestCandidate || b.id.localeCompare(latestCandidate.id) > 0) latestCandidate = b;
 		if (b.id === bundleId) currentBundle = b;
@@ -1564,21 +1567,6 @@ const fingerprintStrategy = async (bundles, { channel = "production", minBundleI
 	return INIT_BUNDLE_ROLLBACK_UPDATE_INFO;
 };
 
-//#endregion
-//#region src/filterCompatibleAppVersions.ts
-/**
-* Filters target app versions that are compatible with the current app version.
-* Returns only versions that are compatible with the current version according to semver rules.
-*
-* @param targetAppVersionList - List of target app versions to filter
-* @param currentVersion - Current app version
-* @returns Array of target app versions compatible with the current version
-*/
-const filterCompatibleAppVersions = (targetAppVersionList, currentVersion) => {
-	const compatibleAppVersionList = targetAppVersionList.filter((version) => semverSatisfies(version, currentVersion));
-	return compatibleAppVersionList.sort((a, b) => b.localeCompare(a));
-};
-
 //#endregion
 //#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/lib/buffer_utils.js
 const encoder = new TextEncoder();
@@ -1741,8 +1729,7 @@ function checkSigCryptoKey(key, alg, usage) {
 		case "HS512": {
 			if (!isAlgorithm(key.algorithm, "HMAC")) throw unusable("HMAC");
 			const expected = parseInt(alg.slice(2), 10);
-			const actual = getHashLength(key.algorithm.hash);
-			if (actual !== expected) throw unusable(`SHA-${expected}`, "algorithm.hash");
+			if (getHashLength(key.algorithm.hash) !== expected) throw unusable(`SHA-${expected}`, "algorithm.hash");
 			break;
 		}
 		case "RS256":
@@ -1750,8 +1737,7 @@ function checkSigCryptoKey(key, alg, usage) {
 		case "RS512": {
 			if (!isAlgorithm(key.algorithm, "RSASSA-PKCS1-v1_5")) throw unusable("RSASSA-PKCS1-v1_5");
 			const expected = parseInt(alg.slice(2), 10);
-			const actual = getHashLength(key.algorithm.hash);
-			if (actual !== expected) throw unusable(`SHA-${expected}`, "algorithm.hash");
+			if (getHashLength(key.algorithm.hash) !== expected) throw unusable(`SHA-${expected}`, "algorithm.hash");
 			break;
 		}
 		case "PS256":
@@ -1759,8 +1745,7 @@ function checkSigCryptoKey(key, alg, usage) {
 		case "PS512": {
 			if (!isAlgorithm(key.algorithm, "RSA-PSS")) throw unusable("RSA-PSS");
 			const expected = parseInt(alg.slice(2), 10);
-			const actual = getHashLength(key.algorithm.hash);
-			if (actual !== expected) throw unusable(`SHA-${expected}`, "algorithm.hash");
+			if (getHashLength(key.algorithm.hash) !== expected) throw unusable(`SHA-${expected}`, "algorithm.hash");
 			break;
 		}
 		case "Ed25519":
@@ -1772,8 +1757,7 @@ function checkSigCryptoKey(key, alg, usage) {
 		case "ES512": {
 			if (!isAlgorithm(key.algorithm, "ECDSA")) throw unusable("ECDSA");
 			const expected = getNamedCurve(alg);
-			const actual = key.algorithm.namedCurve;
-			if (actual !== expected) throw unusable(expected, "algorithm.namedCurve");
+			if (key.algorithm.namedCurve !== expected) throw unusable(expected, "algorithm.namedCurve");
 			break;
 		}
 		default: throw new TypeError("CryptoKey does not support this operation");
@@ -1987,7 +1971,7 @@ var validate_crit_default = (Err, recognizedDefault, recognizedOption, protected
 //#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/lib/validate_algorithms.js
 var validate_algorithms_default = (option, algorithms) => {
 	if (algorithms !== void 0 && (!Array.isArray(algorithms) || algorithms.some((s) => typeof s !== "string"))) throw new TypeError(`"${option}" option must be an array of strings`);
-	if (!algorithms) return void 0;
+	if (!algorithms) return;
 	return new Set(algorithms);
 };
 
@@ -2076,12 +2060,11 @@ const handleKeyObject = (keyObject, alg) => {
 		}, extractable, [isPublic ? "verify" : "sign"]);
 	}
 	if (keyObject.asymmetricKeyType === "ec") {
-		const nist = new Map([
+		const namedCurve = new Map([
 			["prime256v1", "P-256"],
 			["secp384r1", "P-384"],
 			["secp521r1", "P-521"]
-		]);
-		const namedCurve = nist.get(keyObject.asymmetricKeyDetails?.namedCurve);
+		]).get(keyObject.asymmetricKeyDetails?.namedCurve);
 		if (!namedCurve) throw new TypeError("given KeyObject instance cannot be used for this algorithm");
 		if (alg === "ES256" && namedCurve === "P-256") cryptoKey = keyObject.toCryptoKey({
 			name: "ECDSA",
@@ -2115,8 +2098,7 @@ var normalize_key_default = async (key, alg) => {
 		} catch (err) {
 			if (err instanceof TypeError) throw err;
 		}
-		let jwk = key.export({ format: "jwk" });
-		return handleJWK(key, jwk, alg);
+		return handleJWK(key, key.export({ format: "jwk" }), alg);
 	}
 	if (isJWK(key)) {
 		if (key.k) return decode(key.k);
@@ -2204,8 +2186,7 @@ const asymmetricTypeCheck = (alg, key, usage) => {
 	}
 };
 var check_key_type_default = (alg, key, usage) => {
-	const symmetric = alg.startsWith("HS") || alg === "dir" || alg.startsWith("PBES2") || /^A(?:128|192|256)(?:GCM)?(?:KW)?$/.test(alg) || /^A(?:128|192|256)CBC-HS(?:256|384|512)$/.test(alg);
-	if (symmetric) symmetricTypeCheck(alg, key, usage);
+	if (alg.startsWith("HS") || alg === "dir" || alg.startsWith("PBES2") || /^A(?:128|192|256)(?:GCM)?(?:KW)?$/.test(alg) || /^A(?:128|192|256)CBC-HS(?:256|384|512)$/.test(alg)) symmetricTypeCheck(alg, key, usage);
 	else asymmetricTypeCheck(alg, key, usage);
 };
 
@@ -2321,8 +2302,7 @@ async function flattenedVerify(jws, key, options) {
 		throw new JWSInvalid("Failed to base64url decode the signature");
 	}
 	const k = await normalize_key_default(key, alg);
-	const verified = await verify_default(alg, k, signature, data);
-	if (!verified) throw new JWSSignatureVerificationFailed();
+	if (!await verify_default(alg, k, signature, data)) throw new JWSSignatureVerificationFailed();
 	let payload;
 	if (b64) try {
 		payload = decode(jws.payload);
@@ -2537,9 +2517,8 @@ var JWTClaimsBuilder = class {
 async function jwtVerify(jwt, key, options) {
 	const verified = await compactVerify(jwt, key, options);
 	if (verified.protectedHeader.crit?.includes("b64") && verified.protectedHeader.b64 === false) throw new JWTInvalid("JWTs MUST NOT use unencoded payload");
-	const payload = validateClaimsSet(verified.protectedHeader, verified.payload, options);
 	const result = {
-		payload,
+		payload: validateClaimsSet(verified.protectedHeader, verified.payload, options),
 		protectedHeader: verified.protectedHeader
 	};
 	if (typeof key === "function") return {
@@ -2600,10 +2579,8 @@ var FlattenedSign = class {
 		if (this.#protectedHeader) protectedHeader = encoder.encode(encode(JSON.stringify(this.#protectedHeader)));
 		else protectedHeader = encoder.encode("");
 		const data = concat(protectedHeader, encoder.encode("."), payload);
-		const k = await normalize_key_default(key, alg);
-		const signature = await sign_default(alg, k, data);
 		const jws = {
-			signature: encode(signature),
+			signature: encode(await sign_default(alg, await normalize_key_default(key, alg), data)),
 			payload: ""
 		};
 		if (b64) jws.payload = decoder.decode(payload);
@@ -2679,41 +2656,6 @@ var SignJWT = class {
 	}
 };
 
-//#endregion
-//#region src/withJwtSignedUrl.ts
-/**
-* Creates a JWT-signed download URL based on the provided update information.
-*
-* @param {Object} options - Function options
-* @param {T|null} options.data - Update information (null if none)
-* @param {string} options.reqUrl - Request URL (base URL for token generation)
-* @param {string} options.jwtSecret - Secret key for JWT signing
-* @returns {Promise<T|null>} - Update response object with fileUrl or null
-*/
-const withJwtSignedUrl = async ({ data, reqUrl, jwtSecret }) => {
-	if (!data) return null;
-	const { storageUri,...rest } = data;
-	if (data.id === __hot_updater_core.NIL_UUID || !storageUri) return {
-		...rest,
-		fileUrl: null
-	};
-	const storageUrl = new URL(storageUri);
-	const key = `${storageUrl.host}${storageUrl.pathname}`;
-	const token = await signToken(key, jwtSecret);
-	const url = new URL(reqUrl);
-	url.pathname = key;
-	url.searchParams.set("token", token);
-	return {
-		...rest,
-		fileUrl: url.toString()
-	};
-};
-const signToken = async (key, jwtSecret) => {
-	const secretKey = new TextEncoder().encode(jwtSecret);
-	const token = await new SignJWT({ key }).setProtectedHeader({ alg: "HS256" }).setExpirationTime("60s").sign(secretKey);
-	return token;
-};
-
 //#endregion
 //#region src/verifyJwtSignedUrl.ts
 /**
@@ -2726,8 +2668,7 @@ const verifyJwtToken = async ({ path, token, jwtSecret }) => {
 		error: "Missing token"
 	};
 	try {
-		const secretKey = new TextEncoder().encode(jwtSecret);
-		const { payload } = await jwtVerify(token, secretKey);
+		const { payload } = await jwtVerify(token, new TextEncoder().encode(jwtSecret));
 		if (!payload || payload.key !== key) return {
 			valid: false,
 			error: "Token does not match requested file"
@@ -2736,7 +2677,7 @@ const verifyJwtToken = async ({ path, token, jwtSecret }) => {
 			valid: true,
 			key
 		};
-	} catch (error) {
+	} catch {
 		return {
 			valid: false,
 			error: "Invalid or expired token"
@@ -2754,13 +2695,12 @@ const getFileResponse = async ({ key, handler }) => {
 	};
 	const pathParts = key.split("/");
 	const fileName = pathParts[pathParts.length - 1];
-	const headers = {
-		"Content-Type": object.contentType || "application/octet-stream",
-		"Content-Disposition": `attachment; filename=${fileName}`
-	};
 	return {
 		status: 200,
-		responseHeaders: headers,
+		responseHeaders: {
+			"Content-Type": object.contentType || "application/octet-stream",
+			"Content-Disposition": `attachment; filename=${fileName}`
+		},
 		responseBody: object.body
 	};
 };
@@ -2791,6 +2731,40 @@ const verifyJwtSignedUrl = async ({ path, token, jwtSecret, handler }) => {
 	});
 };
 
+//#endregion
+//#region src/withJwtSignedUrl.ts
+/**
+* Creates a JWT-signed download URL based on the provided update information.
+*
+* @param {Object} options - Function options
+* @param {T|null} options.data - Update information (null if none)
+* @param {string} options.reqUrl - Request URL (base URL for token generation)
+* @param {string} options.jwtSecret - Secret key for JWT signing
+* @returns {Promise<T|null>} - Update response object with fileUrl or null
+*/
+const withJwtSignedUrl = async ({ data, reqUrl, jwtSecret }) => {
+	if (!data) return null;
+	const { storageUri,...rest } = data;
+	if (data.id === __hot_updater_core.NIL_UUID || !storageUri) return {
+		...rest,
+		fileUrl: null
+	};
+	const storageUrl = new URL(storageUri);
+	const key = `${storageUrl.host}${storageUrl.pathname}`;
+	const token = await signToken(key, jwtSecret);
+	const url = new URL(reqUrl);
+	url.pathname = key;
+	url.searchParams.set("token", token);
+	return {
+		...rest,
+		fileUrl: url.toString()
+	};
+};
+const signToken = async (key, jwtSecret) => {
+	const secretKey = new TextEncoder().encode(jwtSecret);
+	return await new SignJWT({ key }).setProtectedHeader({ alg: "HS256" }).setExpirationTime("60s").sign(secretKey);
+};
+
 //#endregion
 exports.filterCompatibleAppVersions = filterCompatibleAppVersions;
 exports.getUpdateInfo = getUpdateInfo;

package/dist/index.d.cts

@@ -1,12 +1,7 @@
 import { Bundle, GetBundlesArgs, UpdateInfo } from "@hot-updater/core";
 
-//#region src/getUpdateInfo.d.ts
-declare const getUpdateInfo: (bundles: Bundle[], args: GetBundlesArgs) => Promise<UpdateInfo | null>;
-//#endregion
-//#region src/semverSatisfies.d.ts
-declare const semverSatisfies: (targetAppVersion: string, currentVersion: string) => boolean;
-//#endregion
 //#region src/filterCompatibleAppVersions.d.ts
+
 /**
  * Filters target app versions that are compatible with the current app version.
  * Returns only versions that are compatible with the current version according to semver rules.
@@ -17,31 +12,11 @@ declare const semverSatisfies: (targetAppVersion: string, currentVersion: string
  */
 declare const filterCompatibleAppVersions: (targetAppVersionList: string[], currentVersion: string) => string[];
 //#endregion
-//#region src/withJwtSignedUrl.d.ts
-/**
- * Creates a JWT-signed download URL based on the provided update information.
- *
- * @param {Object} options - Function options
- * @param {T|null} options.data - Update information (null if none)
- * @param {string} options.reqUrl - Request URL (base URL for token generation)
- * @param {string} options.jwtSecret - Secret key for JWT signing
- * @returns {Promise<T|null>} - Update response object with fileUrl or null
- */
-declare const withJwtSignedUrl: <T extends {
-  id: string;
-  storageUri: string | null;
-}>({
-  data,
-  reqUrl,
-  jwtSecret
-}: {
-  data: T | null;
-  reqUrl: string;
-  jwtSecret: string;
-}) => Promise<(Omit<T, "storageUri"> & {
-  fileUrl: string | null;
-}) | null>;
-declare const signToken: (key: string, jwtSecret: string) => Promise<string>;
+//#region src/getUpdateInfo.d.ts
+declare const getUpdateInfo: (bundles: Bundle[], args: GetBundlesArgs) => Promise<UpdateInfo | null>;
+//#endregion
+//#region src/semverSatisfies.d.ts
+declare const semverSatisfies: (targetAppVersion: string, currentVersion: string) => boolean;
 //#endregion
 //#region src/verifyJwtSignedUrl.d.ts
 type SuccessResponse = {
@@ -90,4 +65,30 @@ declare const verifyJwtSignedUrl: ({
   } | null>;
 }) => Promise<VerifyJwtSignedUrlResponse>;
 //#endregion
+//#region src/withJwtSignedUrl.d.ts
+/**
+ * Creates a JWT-signed download URL based on the provided update information.
+ *
+ * @param {Object} options - Function options
+ * @param {T|null} options.data - Update information (null if none)
+ * @param {string} options.reqUrl - Request URL (base URL for token generation)
+ * @param {string} options.jwtSecret - Secret key for JWT signing
+ * @returns {Promise<T|null>} - Update response object with fileUrl or null
+ */
+declare const withJwtSignedUrl: <T extends {
+  id: string;
+  storageUri: string | null;
+}>({
+  data,
+  reqUrl,
+  jwtSecret
+}: {
+  data: T | null;
+  reqUrl: string;
+  jwtSecret: string;
+}) => Promise<(Omit<T, "storageUri"> & {
+  fileUrl: string | null;
+}) | null>;
+declare const signToken: (key: string, jwtSecret: string) => Promise<string>;
+//#endregion
 export { ErrorResponse, SuccessResponse, VerifyJwtSignedUrlResponse, filterCompatibleAppVersions, getUpdateInfo, semverSatisfies, signToken, verifyJwtSignedUrl, verifyJwtToken, withJwtSignedUrl };

package/dist/index.d.ts

@@ -1,12 +1,7 @@
 import { Bundle, GetBundlesArgs, UpdateInfo } from "@hot-updater/core";
 
-//#region src/getUpdateInfo.d.ts
-declare const getUpdateInfo: (bundles: Bundle[], args: GetBundlesArgs) => Promise<UpdateInfo | null>;
-//#endregion
-//#region src/semverSatisfies.d.ts
-declare const semverSatisfies: (targetAppVersion: string, currentVersion: string) => boolean;
-//#endregion
 //#region src/filterCompatibleAppVersions.d.ts
+
 /**
  * Filters target app versions that are compatible with the current app version.
  * Returns only versions that are compatible with the current version according to semver rules.
@@ -17,31 +12,11 @@ declare const semverSatisfies: (targetAppVersion: string, currentVersion: string
  */
 declare const filterCompatibleAppVersions: (targetAppVersionList: string[], currentVersion: string) => string[];
 //#endregion
-//#region src/withJwtSignedUrl.d.ts
-/**
- * Creates a JWT-signed download URL based on the provided update information.
- *
- * @param {Object} options - Function options
- * @param {T|null} options.data - Update information (null if none)
- * @param {string} options.reqUrl - Request URL (base URL for token generation)
- * @param {string} options.jwtSecret - Secret key for JWT signing
- * @returns {Promise<T|null>} - Update response object with fileUrl or null
- */
-declare const withJwtSignedUrl: <T extends {
-  id: string;
-  storageUri: string | null;
-}>({
-  data,
-  reqUrl,
-  jwtSecret
-}: {
-  data: T | null;
-  reqUrl: string;
-  jwtSecret: string;
-}) => Promise<(Omit<T, "storageUri"> & {
-  fileUrl: string | null;
-}) | null>;
-declare const signToken: (key: string, jwtSecret: string) => Promise<string>;
+//#region src/getUpdateInfo.d.ts
+declare const getUpdateInfo: (bundles: Bundle[], args: GetBundlesArgs) => Promise<UpdateInfo | null>;
+//#endregion
+//#region src/semverSatisfies.d.ts
+declare const semverSatisfies: (targetAppVersion: string, currentVersion: string) => boolean;
 //#endregion
 //#region src/verifyJwtSignedUrl.d.ts
 type SuccessResponse = {
@@ -90,4 +65,30 @@ declare const verifyJwtSignedUrl: ({
   } | null>;
 }) => Promise<VerifyJwtSignedUrlResponse>;
 //#endregion
+//#region src/withJwtSignedUrl.d.ts
+/**
+ * Creates a JWT-signed download URL based on the provided update information.
+ *
+ * @param {Object} options - Function options
+ * @param {T|null} options.data - Update information (null if none)
+ * @param {string} options.reqUrl - Request URL (base URL for token generation)
+ * @param {string} options.jwtSecret - Secret key for JWT signing
+ * @returns {Promise<T|null>} - Update response object with fileUrl or null
+ */
+declare const withJwtSignedUrl: <T extends {
+  id: string;
+  storageUri: string | null;
+}>({
+  data,
+  reqUrl,
+  jwtSecret
+}: {
+  data: T | null;
+  reqUrl: string;
+  jwtSecret: string;
+}) => Promise<(Omit<T, "storageUri"> & {
+  fileUrl: string | null;
+}) | null>;
+declare const signToken: (key: string, jwtSecret: string) => Promise<string>;
+//#endregion
 export { ErrorResponse, SuccessResponse, VerifyJwtSignedUrlResponse, filterCompatibleAppVersions, getUpdateInfo, semverSatisfies, signToken, verifyJwtSignedUrl, verifyJwtToken, withJwtSignedUrl };

package/dist/index.js

@@ -418,8 +418,7 @@ var require_diff = /* @__PURE__ */ __commonJS({ "../../node_modules/.pnpm/semver
 		const highVersion = v1Higher ? v1 : v2;
 		const lowVersion = v1Higher ? v2 : v1;
 		const highHasPre = !!highVersion.prerelease.length;
-		const lowHasPre = !!lowVersion.prerelease.length;
-		if (lowHasPre && !highHasPre) {
+		if (!!lowVersion.prerelease.length && !highHasPre) {
 			if (!lowVersion.patch && !lowVersion.minor) return "major";
 			if (lowVersion.compareMain(highVersion) === 0) {
 				if (lowVersion.minor && !lowVersion.patch) return "minor";
@@ -627,11 +626,7 @@ var require_coerce = /* @__PURE__ */ __commonJS({ "../../node_modules/.pnpm/semv
 		}
 		if (match === null) return null;
 		const major$2 = match[2];
-		const minor$2 = match[3] || "0";
-		const patch$2 = match[4] || "0";
-		const prerelease$2 = options.includePrerelease && match[5] ? `-${match[5]}` : "";
-		const build = options.includePrerelease && match[6] ? `+${match[6]}` : "";
-		return parse$1(`${major$2}.${minor$2}.${patch$2}${prerelease$2}${build}`, options);
+		return parse$1(`${major$2}.${match[3] || "0"}.${match[4] || "0"}${options.includePrerelease && match[5] ? `-${match[5]}` : ""}${options.includePrerelease && match[6] ? `+${match[6]}` : ""}`, options);
 	};
 	module.exports = coerce$1;
 }) });
@@ -646,7 +641,7 @@ var require_lrucache = /* @__PURE__ */ __commonJS({ "../../node_modules/.pnpm/se
 		}
 		get(key) {
 			const value = this.map.get(key);
-			if (value === void 0) return void 0;
+			if (value === void 0) return;
 			else {
 				this.map.delete(key);
 				this.map.set(key, value);
@@ -657,8 +652,7 @@ var require_lrucache = /* @__PURE__ */ __commonJS({ "../../node_modules/.pnpm/se
 			return this.map.delete(key);
 		}
 		set(key, value) {
-			const deleted = this.delete(key);
-			if (!deleted && value !== void 0) {
+			if (!this.delete(key) && value !== void 0) {
 				if (this.map.size >= this.max) {
 					const firstKey = this.map.keys().next().value;
 					this.delete(firstKey);
@@ -726,8 +720,7 @@ var require_range = /* @__PURE__ */ __commonJS({ "../../node_modules/.pnpm/semve
 			return this.range;
 		}
 		parseRange(range) {
-			const memoOpts = (this.options.includePrerelease && FLAG_INCLUDE_PRERELEASE) | (this.options.loose && FLAG_LOOSE);
-			const memoKey = memoOpts + ":" + range;
+			const memoKey = ((this.options.includePrerelease && FLAG_INCLUDE_PRERELEASE) | (this.options.loose && FLAG_LOOSE)) + ":" + range;
 			const cached = cache$1.get(memoKey);
 			if (cached) return cached;
 			const loose = this.options.loose;
@@ -781,8 +774,7 @@ var require_range = /* @__PURE__ */ __commonJS({ "../../node_modules/.pnpm/semve
 		}
 	};
 	module.exports = Range$11;
-	const LRU = require_lrucache();
-	const cache$1 = new LRU();
+	const cache$1 = new (require_lrucache())();
 	const parseOptions$1 = require_parse_options();
 	const Comparator$4 = require_comparator();
 	const debug$1 = require_debug();
@@ -1241,16 +1233,13 @@ var require_simplify = /* @__PURE__ */ __commonJS({ "../../node_modules/.pnpm/se
 		let first = null;
 		let prev = null;
 		const v = versions.sort((a, b) => compare$2(a, b, options));
-		for (const version of v) {
-			const included = satisfies$2(version, range, options);
-			if (included) {
-				prev = version;
-				if (!first) first = version;
-			} else {
-				if (prev) set.push([first, prev]);
-				prev = null;
-				first = null;
-			}
+		for (const version of v) if (satisfies$2(version, range, options)) {
+			prev = version;
+			if (!first) first = version;
+		} else {
+			if (prev) set.push([first, prev]);
+			prev = null;
+			first = null;
 		}
 		if (first) set.push([first, null]);
 		const ranges = [];
@@ -1463,6 +1452,20 @@ const semverSatisfies = (targetAppVersion, currentVersion) => {
 	return import_semver.default.satisfies(currentCoerce.version, targetAppVersion);
 };
 
+//#endregion
+//#region src/filterCompatibleAppVersions.ts
+/**
+* Filters target app versions that are compatible with the current app version.
+* Returns only versions that are compatible with the current version according to semver rules.
+*
+* @param targetAppVersionList - List of target app versions to filter
+* @param currentVersion - Current app version
+* @returns Array of target app versions compatible with the current version
+*/
+const filterCompatibleAppVersions = (targetAppVersionList, currentVersion) => {
+	return targetAppVersionList.filter((version) => semverSatisfies(version, currentVersion)).sort((a, b) => b.localeCompare(a));
+};
+
 //#endregion
 //#region src/getUpdateInfo.ts
 const INIT_BUNDLE_ROLLBACK_UPDATE_INFO = {
@@ -1499,7 +1502,7 @@ const appVersionStrategy = async (bundles, { channel = "production", minBundleId
 	let latestCandidate = null;
 	let updateCandidate = null;
 	let rollbackCandidate = null;
-	let currentBundle = void 0;
+	let currentBundle;
 	for (const b of candidateBundles) {
 		if (!latestCandidate || b.id.localeCompare(latestCandidate.id) > 0) latestCandidate = b;
 		if (b.id === bundleId) currentBundle = b;
@@ -1537,7 +1540,7 @@ const fingerprintStrategy = async (bundles, { channel = "production", minBundleI
 	let latestCandidate = null;
 	let updateCandidate = null;
 	let rollbackCandidate = null;
-	let currentBundle = void 0;
+	let currentBundle;
 	for (const b of candidateBundles) {
 		if (!latestCandidate || b.id.localeCompare(latestCandidate.id) > 0) latestCandidate = b;
 		if (b.id === bundleId) currentBundle = b;
@@ -1563,21 +1566,6 @@ const fingerprintStrategy = async (bundles, { channel = "production", minBundleI
 	return INIT_BUNDLE_ROLLBACK_UPDATE_INFO;
 };
 
-//#endregion
-//#region src/filterCompatibleAppVersions.ts
-/**
-* Filters target app versions that are compatible with the current app version.
-* Returns only versions that are compatible with the current version according to semver rules.
-*
-* @param targetAppVersionList - List of target app versions to filter
-* @param currentVersion - Current app version
-* @returns Array of target app versions compatible with the current version
-*/
-const filterCompatibleAppVersions = (targetAppVersionList, currentVersion) => {
-	const compatibleAppVersionList = targetAppVersionList.filter((version) => semverSatisfies(version, currentVersion));
-	return compatibleAppVersionList.sort((a, b) => b.localeCompare(a));
-};
-
 //#endregion
 //#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/lib/buffer_utils.js
 const encoder = new TextEncoder();
@@ -1740,8 +1728,7 @@ function checkSigCryptoKey(key, alg, usage) {
 		case "HS512": {
 			if (!isAlgorithm(key.algorithm, "HMAC")) throw unusable("HMAC");
 			const expected = parseInt(alg.slice(2), 10);
-			const actual = getHashLength(key.algorithm.hash);
-			if (actual !== expected) throw unusable(`SHA-${expected}`, "algorithm.hash");
+			if (getHashLength(key.algorithm.hash) !== expected) throw unusable(`SHA-${expected}`, "algorithm.hash");
 			break;
 		}
 		case "RS256":
@@ -1749,8 +1736,7 @@ function checkSigCryptoKey(key, alg, usage) {
 		case "RS512": {
 			if (!isAlgorithm(key.algorithm, "RSASSA-PKCS1-v1_5")) throw unusable("RSASSA-PKCS1-v1_5");
 			const expected = parseInt(alg.slice(2), 10);
-			const actual = getHashLength(key.algorithm.hash);
-			if (actual !== expected) throw unusable(`SHA-${expected}`, "algorithm.hash");
+			if (getHashLength(key.algorithm.hash) !== expected) throw unusable(`SHA-${expected}`, "algorithm.hash");
 			break;
 		}
 		case "PS256":
@@ -1758,8 +1744,7 @@ function checkSigCryptoKey(key, alg, usage) {
 		case "PS512": {
 			if (!isAlgorithm(key.algorithm, "RSA-PSS")) throw unusable("RSA-PSS");
 			const expected = parseInt(alg.slice(2), 10);
-			const actual = getHashLength(key.algorithm.hash);
-			if (actual !== expected) throw unusable(`SHA-${expected}`, "algorithm.hash");
+			if (getHashLength(key.algorithm.hash) !== expected) throw unusable(`SHA-${expected}`, "algorithm.hash");
 			break;
 		}
 		case "Ed25519":
@@ -1771,8 +1756,7 @@ function checkSigCryptoKey(key, alg, usage) {
 		case "ES512": {
 			if (!isAlgorithm(key.algorithm, "ECDSA")) throw unusable("ECDSA");
 			const expected = getNamedCurve(alg);
-			const actual = key.algorithm.namedCurve;
-			if (actual !== expected) throw unusable(expected, "algorithm.namedCurve");
+			if (key.algorithm.namedCurve !== expected) throw unusable(expected, "algorithm.namedCurve");
 			break;
 		}
 		default: throw new TypeError("CryptoKey does not support this operation");
@@ -1986,7 +1970,7 @@ var validate_crit_default = (Err, recognizedDefault, recognizedOption, protected
 //#region ../../node_modules/.pnpm/jose@6.0.10/node_modules/jose/dist/webapi/lib/validate_algorithms.js
 var validate_algorithms_default = (option, algorithms) => {
 	if (algorithms !== void 0 && (!Array.isArray(algorithms) || algorithms.some((s) => typeof s !== "string"))) throw new TypeError(`"${option}" option must be an array of strings`);
-	if (!algorithms) return void 0;
+	if (!algorithms) return;
 	return new Set(algorithms);
 };
 
@@ -2075,12 +2059,11 @@ const handleKeyObject = (keyObject, alg) => {
 		}, extractable, [isPublic ? "verify" : "sign"]);
 	}
 	if (keyObject.asymmetricKeyType === "ec") {
-		const nist = new Map([
+		const namedCurve = new Map([
 			["prime256v1", "P-256"],
 			["secp384r1", "P-384"],
 			["secp521r1", "P-521"]
-		]);
-		const namedCurve = nist.get(keyObject.asymmetricKeyDetails?.namedCurve);
+		]).get(keyObject.asymmetricKeyDetails?.namedCurve);
 		if (!namedCurve) throw new TypeError("given KeyObject instance cannot be used for this algorithm");
 		if (alg === "ES256" && namedCurve === "P-256") cryptoKey = keyObject.toCryptoKey({
 			name: "ECDSA",
@@ -2114,8 +2097,7 @@ var normalize_key_default = async (key, alg) => {
 		} catch (err) {
 			if (err instanceof TypeError) throw err;
 		}
-		let jwk = key.export({ format: "jwk" });
-		return handleJWK(key, jwk, alg);
+		return handleJWK(key, key.export({ format: "jwk" }), alg);
 	}
 	if (isJWK(key)) {
 		if (key.k) return decode(key.k);
@@ -2203,8 +2185,7 @@ const asymmetricTypeCheck = (alg, key, usage) => {
 	}
 };
 var check_key_type_default = (alg, key, usage) => {
-	const symmetric = alg.startsWith("HS") || alg === "dir" || alg.startsWith("PBES2") || /^A(?:128|192|256)(?:GCM)?(?:KW)?$/.test(alg) || /^A(?:128|192|256)CBC-HS(?:256|384|512)$/.test(alg);
-	if (symmetric) symmetricTypeCheck(alg, key, usage);
+	if (alg.startsWith("HS") || alg === "dir" || alg.startsWith("PBES2") || /^A(?:128|192|256)(?:GCM)?(?:KW)?$/.test(alg) || /^A(?:128|192|256)CBC-HS(?:256|384|512)$/.test(alg)) symmetricTypeCheck(alg, key, usage);
 	else asymmetricTypeCheck(alg, key, usage);
 };
 
@@ -2320,8 +2301,7 @@ async function flattenedVerify(jws, key, options) {
 		throw new JWSInvalid("Failed to base64url decode the signature");
 	}
 	const k = await normalize_key_default(key, alg);
-	const verified = await verify_default(alg, k, signature, data);
-	if (!verified) throw new JWSSignatureVerificationFailed();
+	if (!await verify_default(alg, k, signature, data)) throw new JWSSignatureVerificationFailed();
 	let payload;
 	if (b64) try {
 		payload = decode(jws.payload);
@@ -2536,9 +2516,8 @@ var JWTClaimsBuilder = class {
 async function jwtVerify(jwt, key, options) {
 	const verified = await compactVerify(jwt, key, options);
 	if (verified.protectedHeader.crit?.includes("b64") && verified.protectedHeader.b64 === false) throw new JWTInvalid("JWTs MUST NOT use unencoded payload");
-	const payload = validateClaimsSet(verified.protectedHeader, verified.payload, options);
 	const result = {
-		payload,
+		payload: validateClaimsSet(verified.protectedHeader, verified.payload, options),
 		protectedHeader: verified.protectedHeader
 	};
 	if (typeof key === "function") return {
@@ -2599,10 +2578,8 @@ var FlattenedSign = class {
 		if (this.#protectedHeader) protectedHeader = encoder.encode(encode(JSON.stringify(this.#protectedHeader)));
 		else protectedHeader = encoder.encode("");
 		const data = concat(protectedHeader, encoder.encode("."), payload);
-		const k = await normalize_key_default(key, alg);
-		const signature = await sign_default(alg, k, data);
 		const jws = {
-			signature: encode(signature),
+			signature: encode(await sign_default(alg, await normalize_key_default(key, alg), data)),
 			payload: ""
 		};
 		if (b64) jws.payload = decoder.decode(payload);
@@ -2678,41 +2655,6 @@ var SignJWT = class {
 	}
 };
 
-//#endregion
-//#region src/withJwtSignedUrl.ts
-/**
-* Creates a JWT-signed download URL based on the provided update information.
-*
-* @param {Object} options - Function options
-* @param {T|null} options.data - Update information (null if none)
-* @param {string} options.reqUrl - Request URL (base URL for token generation)
-* @param {string} options.jwtSecret - Secret key for JWT signing
-* @returns {Promise<T|null>} - Update response object with fileUrl or null
-*/
-const withJwtSignedUrl = async ({ data, reqUrl, jwtSecret }) => {
-	if (!data) return null;
-	const { storageUri,...rest } = data;
-	if (data.id === NIL_UUID || !storageUri) return {
-		...rest,
-		fileUrl: null
-	};
-	const storageUrl = new URL(storageUri);
-	const key = `${storageUrl.host}${storageUrl.pathname}`;
-	const token = await signToken(key, jwtSecret);
-	const url = new URL(reqUrl);
-	url.pathname = key;
-	url.searchParams.set("token", token);
-	return {
-		...rest,
-		fileUrl: url.toString()
-	};
-};
-const signToken = async (key, jwtSecret) => {
-	const secretKey = new TextEncoder().encode(jwtSecret);
-	const token = await new SignJWT({ key }).setProtectedHeader({ alg: "HS256" }).setExpirationTime("60s").sign(secretKey);
-	return token;
-};
-
 //#endregion
 //#region src/verifyJwtSignedUrl.ts
 /**
@@ -2725,8 +2667,7 @@ const verifyJwtToken = async ({ path, token, jwtSecret }) => {
 		error: "Missing token"
 	};
 	try {
-		const secretKey = new TextEncoder().encode(jwtSecret);
-		const { payload } = await jwtVerify(token, secretKey);
+		const { payload } = await jwtVerify(token, new TextEncoder().encode(jwtSecret));
 		if (!payload || payload.key !== key) return {
 			valid: false,
 			error: "Token does not match requested file"
@@ -2735,7 +2676,7 @@ const verifyJwtToken = async ({ path, token, jwtSecret }) => {
 			valid: true,
 			key
 		};
-	} catch (error) {
+	} catch {
 		return {
 			valid: false,
 			error: "Invalid or expired token"
@@ -2753,13 +2694,12 @@ const getFileResponse = async ({ key, handler }) => {
 	};
 	const pathParts = key.split("/");
 	const fileName = pathParts[pathParts.length - 1];
-	const headers = {
-		"Content-Type": object.contentType || "application/octet-stream",
-		"Content-Disposition": `attachment; filename=${fileName}`
-	};
 	return {
 		status: 200,
-		responseHeaders: headers,
+		responseHeaders: {
+			"Content-Type": object.contentType || "application/octet-stream",
+			"Content-Disposition": `attachment; filename=${fileName}`
+		},
 		responseBody: object.body
 	};
 };
@@ -2790,5 +2730,39 @@ const verifyJwtSignedUrl = async ({ path, token, jwtSecret, handler }) => {
 	});
 };
 
+//#endregion
+//#region src/withJwtSignedUrl.ts
+/**
+* Creates a JWT-signed download URL based on the provided update information.
+*
+* @param {Object} options - Function options
+* @param {T|null} options.data - Update information (null if none)
+* @param {string} options.reqUrl - Request URL (base URL for token generation)
+* @param {string} options.jwtSecret - Secret key for JWT signing
+* @returns {Promise<T|null>} - Update response object with fileUrl or null
+*/
+const withJwtSignedUrl = async ({ data, reqUrl, jwtSecret }) => {
+	if (!data) return null;
+	const { storageUri,...rest } = data;
+	if (data.id === NIL_UUID || !storageUri) return {
+		...rest,
+		fileUrl: null
+	};
+	const storageUrl = new URL(storageUri);
+	const key = `${storageUrl.host}${storageUrl.pathname}`;
+	const token = await signToken(key, jwtSecret);
+	const url = new URL(reqUrl);
+	url.pathname = key;
+	url.searchParams.set("token", token);
+	return {
+		...rest,
+		fileUrl: url.toString()
+	};
+};
+const signToken = async (key, jwtSecret) => {
+	const secretKey = new TextEncoder().encode(jwtSecret);
+	return await new SignJWT({ key }).setProtectedHeader({ alg: "HS256" }).setExpirationTime("60s").sign(secretKey);
+};
+
 //#endregion
 export { filterCompatibleAppVersions, getUpdateInfo, semverSatisfies, signToken, verifyJwtSignedUrl, verifyJwtToken, withJwtSignedUrl };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hot-updater/js",
-  "version": "0.20.10",
+  "version": "0.20.12",
   "type": "module",
   "description": "React Native OTA solution for self-hosted",
   "sideEffects": false,
@@ -38,7 +38,7 @@
     "access": "public"
   },
   "dependencies": {
-    "@hot-updater/core": "0.20.10"
+    "@hot-updater/core": "0.20.12"
   },
   "devDependencies": {
     "@types/node": "^20",