npm - agentic-rss-parser - Versions diffs - 1.0.1 → 1.0.3 - Mend

agentic-rss-parser 1.0.1 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,20 @@
 # Changelog
+## 1.0.3
+- Republished after pnpm registry version conflict during publish verification.
+## 1.0.2
+### Changed
+- prepared the package for pnpm publication with supply-chain hardening and reproducible lockfiles
+- added enterprise-oriented repo hygiene, security, and publishing documentation
+### Notes
+- no runtime API changes intended
 ## 1.0.1
 ### Added

package/README.md CHANGED Viewed

@@ -258,6 +258,7 @@ pnpm test
 - dependency updates should be reviewed before release
 - `npm audit` should stay clean before merging
 - release steps are documented in [PUBLISHING.md](./PUBLISHING.md)
+- pnpm supply-chain settings are enforced in [pnpm-workspace.yaml](./pnpm-workspace.yaml)
 ## Project Structure

package/SECURITY.md CHANGED Viewed

@@ -26,6 +26,11 @@ Instead:
 - prefer local stdio MCP when possible over exposed remote transports
 - do not trust tool descriptions or tool names from unvetted MCP servers
 - treat feed content as untrusted input, especially when it can influence agent prompts
+- lock dependency versions with a committed lockfile
+- keep postinstall scripts disabled in CI
+- avoid exotic transitive dependencies
+- delay dependency updates with pnpm minimum release age
+- enforce trust policy checks with pnpm
 ## Threat Model Notes

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
-{
-  "name": "agentic-rss-parser",
-  "version": "1.0.1",
+{
+  "name": "agentic-rss-parser",
+  "version": "1.0.3",
   "type": "module",
   "engines": {
     "node": ">=22.5.0"
@@ -22,10 +22,10 @@
     "access": "public"
   },
   "main": "./src/index.js",
-  "types": "./src/index.d.ts",
+  "types": "./src/index.d.ts",
   "repository": {
     "type": "git",
-    "url": "https://github.com/bluecarbons/agentic-rss-parser.git"
+    "url": "git+https://github.com/bluecarbons/agentic-rss-parser.git"
   },
   "homepage": "https://github.com/bluecarbons/agentic-rss-parser#readme",
   "bugs": {
@@ -35,21 +35,14 @@
     "agentic-rss-parser": "./agentic-rss-parser",
     "agentic-rss-mcp": "./agentic-rss-mcp"
   },
-  "exports": {
-    ".": {
-      "types": "./src/index.d.ts",
-      "default": "./src/index.js"
-    },
-    "./cli": "./src/cli.js",
-    "./mcp": "./src/mcp/server.js"
-  },
-  "scripts": {
-    "start": "node ./src/cli.js",
-    "mcp": "node ./src/mcp/server.js",
-    "test": "node --test",
-    "lint": "node --check ./src/cli.js"
+  "exports": {
+    ".": {
+      "types": "./src/index.d.ts",
+      "default": "./src/index.js"
+    },
+    "./cli": "./src/cli.js",
+    "./mcp": "./src/mcp/server.js"
   },
-  "packageManager": "pnpm@9.15.4",
   "files": [
     "agentic-rss-parser",
     "agentic-rss-mcp",
@@ -63,12 +56,18 @@
     "LICENSE",
     "CONTRIBUTING.md"
   ],
-  "dependencies": {
-    "@ai-sdk/anthropic": "3.0.85",
-    "@ai-sdk/openai": "3.0.73",
-    "@modelcontextprotocol/sdk": "^1.29.0",
-    "ai": "6.0.208",
-    "fast-xml-parser": "5.9.3",
-    "zod": "4.4.3"
-  }
-}
+  "dependencies": {
+    "@ai-sdk/anthropic": "3.0.85",
+    "@ai-sdk/openai": "3.0.73",
+    "@modelcontextprotocol/sdk": "^1.29.0",
+    "ai": "6.0.208",
+    "fast-xml-parser": "5.9.3",
+    "zod": "4.4.3"
+  },
+  "scripts": {
+    "start": "node ./src/cli.js",
+    "mcp": "node ./src/mcp/server.js",
+    "test": "node --test",
+    "lint": "node --check ./src/cli.js"
+  }
+}