@smartspectra/node-sdk 3.2.0-rc.7 → 3.2.0-rc.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/js/main/index.js CHANGED
@@ -62,6 +62,7 @@ function ensurePreconfigured() {
62
62
  // Pre-create the tree with restrictive permissions; Electron's
63
63
  // app.getPath('cache') root isn't always present on first launch.
64
64
  try {
65
+ // nosemgrep: detect-non-literal-fs-filename - safe: SDK cache dir derived from the app/OS cache path (app.getPath('cache') + app name), not untrusted input.
65
66
  fs.mkdirSync(sdkDirectory, { recursive: true, mode: 0o700 });
66
67
  } catch (err) {
67
68
  throw new Error(
@@ -6,8 +6,10 @@
6
6
  // Picks the right libsmartspectra_capi.{dll,dylib,so} for the current
7
7
  // platform+arch and returns a path that koffi.load() can consume.
8
8
  //
9
- // The native runtime closure (shim + libsmartspectra + OpenCV + Vulkan +
10
- // graph data) ships in per-platform packages `@smartspectra/node-sdk-<plat>-<arch>`
9
+ // The native runtime closure (shim + libsmartspectra + OpenCV + graph data,
10
+ // plus a Vulkan loader on Linux/Windows; on macOS MoltenVK is statically
11
+ // linked into libsmartspectra, so no separate Vulkan dylib ships) lives in
12
+ // per-platform packages — `@smartspectra/node-sdk-<plat>-<arch>`
11
13
  // — declared as regular (HARD) dependencies of the main package. There is no
12
14
  // postinstall download and no install script in the published tarball.
13
15
  //
@@ -60,6 +62,7 @@ function resolveNativeLibrary() {
60
62
 
61
63
  const override = process.env.SMARTSPECTRA_CAPI_PATH;
62
64
  if (override) {
65
+ // nosemgrep: detect-non-literal-fs-filename - safe: path is the consumer-set SMARTSPECTRA_CAPI_PATH override, same trust boundary as the process; no attacker input.
63
66
  if (!fs.existsSync(override)) {
64
67
  throw new Error(
65
68
  `@smartspectra/node-sdk: SMARTSPECTRA_CAPI_PATH=${override} ` +
@@ -96,6 +99,7 @@ function resolveNativeLibrary() {
96
99
  }
97
100
 
98
101
  const libPath = path.join(pkgRoot, libName);
102
+ // nosemgrep: detect-non-literal-fs-filename - safe: path is derived from require.resolve of the installed platform package plus a fixed library basename; same trust boundary as the process, no attacker input.
99
103
  if (!fs.existsSync(libPath)) {
100
104
  throw new Error(
101
105
  `@smartspectra/node-sdk: "${platformPkg}" is installed but ${libName} is missing from it ` +
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@smartspectra/node-sdk",
3
- "version": "3.2.0-rc.7",
3
+ "version": "3.2.0-rc.9",
4
4
  "description": "Node.js (Electron) FFI binding for SmartSpectra vitals measurement",
5
5
  "author": "Presage Technologies, Inc.",
6
6
  "license": "SEE LICENSE IN LICENSE",
@@ -65,10 +65,10 @@
65
65
  "dependencies": {
66
66
  "koffi": "^2.10.0",
67
67
  "protobufjs": "^7.5.0",
68
- "@smartspectra/node-sdk-linux-x64": "3.2.0-rc.7",
69
- "@smartspectra/node-sdk-linux-arm64": "3.2.0-rc.7",
70
- "@smartspectra/node-sdk-darwin-arm64": "3.2.0-rc.7",
71
- "@smartspectra/node-sdk-win32-x64": "3.2.0-rc.7"
68
+ "@smartspectra/node-sdk-linux-x64": "3.2.0-rc.9",
69
+ "@smartspectra/node-sdk-linux-arm64": "3.2.0-rc.9",
70
+ "@smartspectra/node-sdk-darwin-arm64": "3.2.0-rc.9",
71
+ "@smartspectra/node-sdk-win32-x64": "3.2.0-rc.9"
72
72
  },
73
73
  "devDependencies": {
74
74
  "@types/node": "^20.0.0",