npm - @openclaw/nostr - Versions diffs - 2026.2.21 → 2026.2.23 - Mend

@openclaw/nostr 2026.2.21 → 2026.2.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/CHANGELOG.md +6 -0
package/package.json +1 -1
package/src/nostr-profile-http.test.ts +19 -28

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,11 @@
 # Changelog
+## 2026.2.22
+### Changes
+- Version alignment with core OpenClaw release numbers.
 ## 2026.1.19-1
 Initial release.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/nostr",
-  "version": "2026.2.21",
+  "version": "2026.2.23",
   "description": "OpenClaw Nostr channel plugin for NIP-04 encrypted DMs",
   "type": "module",
   "dependencies": {

package/src/nostr-profile-http.test.ts CHANGED Viewed

@@ -204,6 +204,23 @@ describe("nostr-profile-http", () => {
   });
   describe("PUT /api/channels/nostr/:accountId/profile", () => {
+    async function expectPrivatePictureRejected(pictureUrl: string) {
+      const ctx = createMockContext();
+      const handler = createNostrProfileHttpHandler(ctx);
+      const req = createMockRequest("PUT", "/api/channels/nostr/default/profile", {
+        name: "hacker",
+        picture: pictureUrl,
+      });
+      const res = createMockResponse();
+      await handler(req, res);
+      expect(res._getStatusCode()).toBe(400);
+      const data = JSON.parse(res._getData());
+      expect(data.ok).toBe(false);
+      expect(data.error).toContain("private");
+    }
     it("validates profile and publishes", async () => {
       const ctx = createMockContext();
       const handler = createNostrProfileHttpHandler(ctx);
@@ -263,37 +280,11 @@ describe("nostr-profile-http", () => {
     });
     it("rejects private IP in picture URL (SSRF protection)", async () => {
-      const ctx = createMockContext();
-      const handler = createNostrProfileHttpHandler(ctx);
-      const req = createMockRequest("PUT", "/api/channels/nostr/default/profile", {
-        name: "hacker",
-        picture: "https://127.0.0.1/evil.jpg",
-      });
-      const res = createMockResponse();
-      await handler(req, res);
-      expect(res._getStatusCode()).toBe(400);
-      const data = JSON.parse(res._getData());
-      expect(data.ok).toBe(false);
-      expect(data.error).toContain("private");
+      await expectPrivatePictureRejected("https://127.0.0.1/evil.jpg");
     });
     it("rejects ISATAP-embedded private IPv4 in picture URL", async () => {
-      const ctx = createMockContext();
-      const handler = createNostrProfileHttpHandler(ctx);
-      const req = createMockRequest("PUT", "/api/channels/nostr/default/profile", {
-        name: "hacker",
-        picture: "https://[2001:db8:1234::5efe:127.0.0.1]/evil.jpg",
-      });
-      const res = createMockResponse();
-      await handler(req, res);
-      expect(res._getStatusCode()).toBe(400);
-      const data = JSON.parse(res._getData());
-      expect(data.ok).toBe(false);
-      expect(data.error).toContain("private");
+      await expectPrivatePictureRejected("https://[2001:db8:1234::5efe:127.0.0.1]/evil.jpg");
     });
     it("rejects non-https URLs", async () => {