@jsenv/core 25.2.1 → 25.3.0-alpha.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jsenv/core",
-  "version": "25.2.1",
+  "version": "25.3.0-alpha.0",
   "description": "Tool to develop, test and build js projects",
   "license": "MIT",
   "repository": {
@@ -27,6 +27,9 @@
     "/src/",
     "/main.js"
   ],
+  "workspaces": [
+    "./packages/*"
+  ],
   "scripts": {
     "eslint": "node ./node_modules/eslint/bin/eslint.js . --ext=.js,.mjs,.cjs,.html",
     "importmap": "node ./script/importmap/importmap.js",
@@ -39,8 +42,8 @@
     "file-size": "node ./script/file_size/file_size.mjs --log",
     "prettier": "prettier --write .",
     "playwright-install": "npx playwright install-deps && npx playwright install",
-    "packages-install": "node ./script/packages/packages_install.js",
     "certificate-install": "node ./script/dev/install_certificate_authority.mjs",
+    "sync-workspace-versions": "node ./script/dev/sync_workspace_versions.mjs",
     "prepublishOnly": "npm run build"
   },
   "optionalDependencies": {
@@ -59,8 +62,9 @@
     "@babel/plugin-transform-modules-systemjs": "7.16.5",
     "@c88/v8-coverage": "0.1.1",
     "@jsenv/abort": "4.1.2",
-    "@jsenv/filesystem": "2.6.1",
+    "@jsenv/filesystem": "2.7.0",
     "@jsenv/importmap": "1.2.0",
+    "@jsenv/integrity": "0.0.1",
     "@jsenv/log": "1.5.0",
     "@jsenv/logger": "4.0.1",
     "@jsenv/server": "12.3.2",
@@ -112,12 +116,12 @@
     "@babel/plugin-transform-typescript": "7.16.1",
     "@babel/preset-env": "7.16.5",
     "@jsenv/assert": "2.4.1",
-    "@jsenv/babel-preset": "./packages/jsenv-babel-preset",
+    "@jsenv/babel-preset": "1.1.2",
     "@jsenv/eslint-config": "16.0.9",
     "@jsenv/file-size-impact": "12.1.1",
     "@jsenv/github-release-package": "1.2.3",
     "@jsenv/https-local": "1.0.3",
-    "@jsenv/importmap-eslint-resolver": "5.2.2",
+    "@jsenv/importmap-eslint-resolver": "5.2.5",
     "@jsenv/importmap-node-module": "5.1.0",
     "@jsenv/package-publish": "1.6.2",
     "@jsenv/performance-impact": "2.2.1",

package/readme.md

@@ -255,6 +255,60 @@ build duration: 1.85 seconds
 
 To read more about jsenv build tool, check [jsenv build documentation](./docs/building/readme.md#jsenv-build).
 
+# Installation
+
+```console
+npm install --save-dev @jsenv/core
+```
+
+_@jsenv/core_ is tested on Mac, Windows, Linux on Node.js 16.13.0. Other operating systems and Node.js versions are not tested.
+
+# Configuration
+
+We recommend to put some jsenv configuration in a top level file named _jsenv.config.mjs_.
+
+The presence of a jsenv configuration file is **optional**.
+
+```js
+/*
+ * This file exports configuration reused by other files such as
+ *
+ * script/test/test.mjs
+ * script/build/build.mjs
+ *
+ * Read more at https://github.com/jsenv/jsenv-core#configuration
+ */
+
+export const projectDirectoryUrl = new URL("./", import.meta.url)
+```
+
+_jsenv.config.mjs_ is meant to share configuration, other files will simply import what they need.
+
+```diff
+import { buildProject } from '@jsenv/core'
+
++ import { projectDirectoryUrl } from "./jsenv.config.mjs"
+
+await buildProject({
+-  projectDirectoryUrl: new URL('./', import.meta.url)
++  projectDirectoryUrl
+})
+```
+
+> We recommend to use ".mjs" extension when a file is written for Node.js but you can name the file as you want, "jsenv.config.js" is fine too.
+
+# Documentation
+
+| Link                                                     | Description                                |
+| -------------------------------------------------------- | ------------------------------------------ |
+| [Browser support](./docs/browser_support/readme.md)      | Documentation around browser support       |
+| [Assets](./docs/assets/readme.md)                        | How to use assets (CSS, JSON, images, ...) |
+| [Web workers](./docs/web_workers/readme.md)              | How to use web workers                     |
+| [NPM package](./docs/npm_package/readme.md)              | How to use a NPM package                   |
+| [CDN](./docs/cdn/readme.md)                              | How to use ressources from CDN             |
+| [React](./docs/react/readme.md)                          | How to enable react (or preact) and JSX    |
+| [TypeScript (Experimental)](./docs/typescript/readme.md) | How to enable TypeScript                   |
+
 # About
 
 Jsenv was first created to write tests that could be executed in different runtimes. It has naturally evolved to cover the core needs of a JavaScript project:
@@ -324,60 +378,6 @@ The logo is composed by the name at the center and two circles orbiting around i
 
 </details>
 
-# Installation
-
-```console
-npm install --save-dev @jsenv/core
-```
-
-_@jsenv/core_ is tested on Mac, Windows, Linux on Node.js 16.13.0. Other operating systems and Node.js versions are not tested.
-
-# Configuration
-
-We recommend to put some jsenv configuration in a top level file named _jsenv.config.mjs_.
-
-The presence of a jsenv configuration file is **optional**.
-
-```js
-/*
- * This file exports configuration reused by other files such as
- *
- * script/test/test.mjs
- * script/build/build.mjs
- *
- * Read more at https://github.com/jsenv/jsenv-core#configuration
- */
-
-export const projectDirectoryUrl = new URL("./", import.meta.url)
-```
-
-_jsenv.config.mjs_ is meant to share configuration, other files will simply import what they need.
-
-```diff
-import { buildProject } from '@jsenv/core'
-
-+ import { projectDirectoryUrl } from "./jsenv.config.mjs"
-
-await buildProject({
--  projectDirectoryUrl: new URL('./', import.meta.url)
-+  projectDirectoryUrl
-})
-```
-
-> We recommend to use ".mjs" extension when a file is written for Node.js but you can name the file as you want, "jsenv.config.js" is fine too.
-
-# Documentation
-
-| Link                                                     | Description                                |
-| -------------------------------------------------------- | ------------------------------------------ |
-| [Browser support](./docs/browser_support/readme.md)      | Documentation around browser support       |
-| [Assets](./docs/assets/readme.md)                        | How to use assets (CSS, JSON, images, ...) |
-| [CDN](./docs/cdn/readme.md)                              | How to use ressources from CDN             |
-| [Web workers](./docs/web_workers/readme.md)              | How to use web workers                     |
-| [NPM package](./docs/npm_package/readme.md)              | How to use a NPM package                   |
-| [React](./docs/react/readme.md)                          | How to enable react (or preact) and JSX    |
-| [TypeScript (Experimental)](./docs/typescript/readme.md) | How to enable TypeScript                   |
-
 # See also
 
 | Link                                                                                                                     | Description                                                               |

package/src/internal/building/html/parseHtmlRessource.js

@@ -17,6 +17,8 @@ Or be sure to also reference this url somewhere in the html file like
 */
 
 import { urlToFilename, urlToRelativeUrl, resolveUrl } from "@jsenv/filesystem"
+import { applyAlgoToRepresentationData } from "@jsenv/integrity"
+
 
 import {
   parseHtmlString,
@@ -48,7 +50,6 @@ import { collectNodesMutations } from "../parsing.utils.js"
 
 import { collectSvgMutations } from "../svg/parseSvgRessource.js"
 import { moveCssUrls } from "../css/moveCssUrls.js"
-import { applyAlgoToRepresentationData } from "../../integrity/integrity_algorithms.js"
 
 export const parseHtmlRessource = async (
   htmlRessource,

package/src/internal/jsenv_remote_directory.js

@@ -6,9 +6,9 @@ import {
   urlToMeta,
   writeFile,
 } from "@jsenv/filesystem"
+import { validateResponseIntegrity } from "@jsenv/integrity"
 
 import { fetchUrl } from "@jsenv/core/src/internal/fetchUrl.js"
-import { validateResponseIntegrity } from "@jsenv/core/src/internal/integrity/integrity_validation.js"
 
 import { originDirectoryConverter } from "./origin_directory_converter.js"
 

package/src/internal/integrity/integrity_algorithms.js

@@ -1,26 +0,0 @@
-import crypto from "node:crypto"
-
-export const isSupportedAlgorithm = (algo) => {
-  return SUPPORTED_ALGORITHMS.includes(algo)
-}
-
-// https://www.w3.org/TR/SRI/#priority
-export const getPrioritizedHashFunction = (firstAlgo, secondAlgo) => {
-  const firstIndex = SUPPORTED_ALGORITHMS.indexOf(firstAlgo)
-  const secondIndex = SUPPORTED_ALGORITHMS.indexOf(secondAlgo)
-  if (firstIndex === secondIndex) {
-    return ""
-  }
-  if (firstIndex < secondIndex) {
-    return secondAlgo
-  }
-  return firstAlgo
-}
-
-export const applyAlgoToRepresentationData = (algo, data) => {
-  const base64Value = crypto.createHash(algo).update(data).digest("base64")
-  return base64Value
-}
-
-// keep this ordered by collision resistance as it is also used by "getPrioritizedHashFunction"
-const SUPPORTED_ALGORITHMS = ["sha256", "sha384", "sha512"]

package/src/internal/integrity/integrity_parsing.js

@@ -1,50 +0,0 @@
-import { isSupportedAlgorithm } from "./integrity_algorithms.js"
-
-// see https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata
-export const parseIntegrity = (string) => {
-  const integrityMetadata = {}
-  string
-    .trim()
-    .split(/\s+/)
-    .forEach((token) => {
-      const { isValid, algo, base64Value, optionExpression } =
-        parseAsHashWithOptions(token)
-      if (!isValid) {
-        return
-      }
-      if (!isSupportedAlgorithm(algo)) {
-        return
-      }
-      const metadataList = integrityMetadata[algo]
-      const metadata = { base64Value, optionExpression }
-      integrityMetadata[algo] = metadataList
-        ? [...metadataList, metadata]
-        : [metadata]
-    })
-  return integrityMetadata
-}
-
-// see https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute
-const parseAsHashWithOptions = (token) => {
-  const dashIndex = token.indexOf("-")
-  if (dashIndex === -1) {
-    return { isValid: false }
-  }
-  const beforeDash = token.slice(0, dashIndex)
-  const afterDash = token.slice(dashIndex + 1)
-  const questionIndex = afterDash.indexOf("?")
-  const algo = beforeDash
-  if (questionIndex === -1) {
-    const base64Value = afterDash
-    const isValid = BASE64_REGEX.test(afterDash)
-    return { isValid, algo, base64Value }
-  }
-  const base64Value = afterDash.slice(0, questionIndex)
-  const optionExpression = afterDash.slice(questionIndex + 1)
-  const isValid =
-    BASE64_REGEX.test(afterDash) && VCHAR_REGEX.test(optionExpression)
-  return { isValid, algo, base64Value, optionExpression }
-}
-
-const BASE64_REGEX = /^[A-Za-z0-9+\/=+]+$/
-const VCHAR_REGEX = /^[\x21-\x7E]+$/

package/src/internal/integrity/integrity_update.js

@@ -1,23 +0,0 @@
-import { parseIntegrity } from "./integrity_parsing.js"
-import {
-  getPrioritizedHashFunction,
-  applyAlgoToRepresentationData,
-} from "./integrity_algorithms.js"
-
-export const updateIntegrity = (integrity, representationData) => {
-  const integrityMetadata = parseIntegrity(integrity)
-  const algos = Object.keys(integrityMetadata)
-  if (algos.length === 0) {
-    return ""
-  }
-  let strongestAlgo = algos[0]
-  algos.slice(1).forEach((algoCandidate) => {
-    strongestAlgo =
-      getPrioritizedHashFunction(strongestAlgo, algoCandidate) || strongestAlgo
-  })
-  const base64Value = applyAlgoToRepresentationData(
-    strongestAlgo,
-    representationData,
-  )
-  return `${strongestAlgo}-${base64Value}`
-}

package/src/internal/integrity/integrity_validation.js

@@ -1,49 +0,0 @@
-import { parseIntegrity } from "./integrity_parsing.js"
-import {
-  getPrioritizedHashFunction,
-  applyAlgoToRepresentationData,
-} from "./integrity_algorithms.js"
-
-// https://www.w3.org/TR/SRI/#does-response-match-metadatalist
-export const validateResponseIntegrity = (
-  { url, type, dataRepresentation },
-  integrity,
-) => {
-  if (!isResponseEligibleForIntegrityValidation({ type })) {
-    return false
-  }
-  const integrityMetadata = parseIntegrity(integrity)
-  const algos = Object.keys(integrityMetadata)
-  if (algos.length === 0) {
-    return true
-  }
-  let strongestAlgo = algos[0]
-  algos.slice(1).forEach((algoCandidate) => {
-    strongestAlgo =
-      getPrioritizedHashFunction(strongestAlgo, algoCandidate) || strongestAlgo
-  })
-  const metadataList = integrityMetadata[strongestAlgo]
-  const actualBase64Value = applyAlgoToRepresentationData(
-    strongestAlgo,
-    dataRepresentation,
-  )
-  const acceptedBase64Values = metadataList.map(
-    (metadata) => metadata.base64Value,
-  )
-  const someIsMatching = acceptedBase64Values.includes(actualBase64Value)
-  if (someIsMatching) {
-    return true
-  }
-  const error = new Error(
-    `Integrity validation failed for ressource "${url}". The integrity found for this ressource is "${strongestAlgo}-${actualBase64Value}"`,
-  )
-  error.code = "EINTEGRITY"
-  error.algorithm = strongestAlgo
-  error.found = actualBase64Value
-  throw error
-}
-
-// https://www.w3.org/TR/SRI/#is-response-eligible-for-integrity-validation
-const isResponseEligibleForIntegrityValidation = (response) => {
-  return ["basic", "cors", "default"].includes(response.type)
-}