agentic-rss-parser 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/CHANGELOG.md +11 -0
  2. package/README.md +1 -0
  3. package/SECURITY.md +5 -0
  4. package/package.json +27 -28
package/CHANGELOG.md CHANGED
@@ -1,5 +1,16 @@
1
1
  # Changelog
2
2
 
3
+ ## 1.0.2
4
+
5
+ ### Changed
6
+
7
+ - prepared the package for pnpm publication with supply-chain hardening and reproducible lockfiles
8
+ - added enterprise-oriented repo hygiene, security, and publishing documentation
9
+
10
+ ### Notes
11
+
12
+ - no runtime API changes intended
13
+
3
14
  ## 1.0.1
4
15
 
5
16
  ### Added
package/README.md CHANGED
@@ -258,6 +258,7 @@ pnpm test
258
258
  - dependency updates should be reviewed before release
259
259
  - `npm audit` should stay clean before merging
260
260
  - release steps are documented in [PUBLISHING.md](./PUBLISHING.md)
261
+ - pnpm supply-chain settings are enforced in [pnpm-workspace.yaml](./pnpm-workspace.yaml)
261
262
 
262
263
  ## Project Structure
263
264
 
package/SECURITY.md CHANGED
@@ -26,6 +26,11 @@ Instead:
26
26
  - prefer local stdio MCP when possible over exposed remote transports
27
27
  - do not trust tool descriptions or tool names from unvetted MCP servers
28
28
  - treat feed content as untrusted input, especially when it can influence agent prompts
29
+ - lock dependency versions with a committed lockfile
30
+ - keep postinstall scripts disabled in CI
31
+ - avoid exotic transitive dependencies
32
+ - delay dependency updates with pnpm minimum release age
33
+ - enforce trust policy checks with pnpm
29
34
 
30
35
  ## Threat Model Notes
31
36
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
- {
2
- "name": "agentic-rss-parser",
3
- "version": "1.0.1",
1
+ {
2
+ "name": "agentic-rss-parser",
3
+ "version": "1.0.2",
4
4
  "type": "module",
5
5
  "engines": {
6
6
  "node": ">=22.5.0"
@@ -22,10 +22,10 @@
22
22
  "access": "public"
23
23
  },
24
24
  "main": "./src/index.js",
25
- "types": "./src/index.d.ts",
25
+ "types": "./src/index.d.ts",
26
26
  "repository": {
27
27
  "type": "git",
28
- "url": "https://github.com/bluecarbons/agentic-rss-parser.git"
28
+ "url": "git+https://github.com/bluecarbons/agentic-rss-parser.git"
29
29
  },
30
30
  "homepage": "https://github.com/bluecarbons/agentic-rss-parser#readme",
31
31
  "bugs": {
@@ -35,21 +35,14 @@
35
35
  "agentic-rss-parser": "./agentic-rss-parser",
36
36
  "agentic-rss-mcp": "./agentic-rss-mcp"
37
37
  },
38
- "exports": {
39
- ".": {
40
- "types": "./src/index.d.ts",
41
- "default": "./src/index.js"
42
- },
43
- "./cli": "./src/cli.js",
44
- "./mcp": "./src/mcp/server.js"
45
- },
46
- "scripts": {
47
- "start": "node ./src/cli.js",
48
- "mcp": "node ./src/mcp/server.js",
49
- "test": "node --test",
50
- "lint": "node --check ./src/cli.js"
38
+ "exports": {
39
+ ".": {
40
+ "types": "./src/index.d.ts",
41
+ "default": "./src/index.js"
42
+ },
43
+ "./cli": "./src/cli.js",
44
+ "./mcp": "./src/mcp/server.js"
51
45
  },
52
- "packageManager": "pnpm@9.15.4",
53
46
  "files": [
54
47
  "agentic-rss-parser",
55
48
  "agentic-rss-mcp",
@@ -63,12 +56,18 @@
63
56
  "LICENSE",
64
57
  "CONTRIBUTING.md"
65
58
  ],
66
- "dependencies": {
67
- "@ai-sdk/anthropic": "3.0.85",
68
- "@ai-sdk/openai": "3.0.73",
69
- "@modelcontextprotocol/sdk": "^1.29.0",
70
- "ai": "6.0.208",
71
- "fast-xml-parser": "5.9.3",
72
- "zod": "4.4.3"
73
- }
74
- }
59
+ "dependencies": {
60
+ "@ai-sdk/anthropic": "3.0.85",
61
+ "@ai-sdk/openai": "3.0.73",
62
+ "@modelcontextprotocol/sdk": "^1.29.0",
63
+ "ai": "6.0.208",
64
+ "fast-xml-parser": "5.9.3",
65
+ "zod": "4.4.3"
66
+ },
67
+ "scripts": {
68
+ "start": "node ./src/cli.js",
69
+ "mcp": "node ./src/mcp/server.js",
70
+ "test": "node --test",
71
+ "lint": "node --check ./src/cli.js"
72
+ }
73
+ }