datomic-client-js 0.1.10 → 0.1.12

package/.github/workflows/publish.yml

@@ -0,0 +1,60 @@
+name: Publish to NPM
+
+on:
+  push:
+    branches: [master]
+  workflow_dispatch:
+    inputs:
+      version_type:
+        description: "Version increment type"
+        required: true
+        default: "patch"
+        type: choice
+        options:
+          - patch
+          - minor
+          - major
+
+permissions:
+  contents: write
+  id-token: write
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Use Node.js 20.x
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20.x"
+          registry-url: "https://registry.npmjs.org"
+
+      - name: Configure git
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
+      - name: Update NPM
+        run: npm i -g npm@latest
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run tests
+        env:
+          SKIP_CLOUD_TESTS: "1"
+        run: npm test
+
+      - name: Bump version
+        run: npm version ${{ inputs.version_type || 'patch' }} -m "Release %s"
+
+      - name: Publish to NPM with provenance
+        run: npm publish --access public --provenance
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+      - name: Push version commit and tag
+        run: git push --follow-tags

package/.github/workflows/test.yml

@@ -0,0 +1,34 @@
+name: Tests
+
+on:
+  pull_request:
+    branches: [master]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        # Node 18 EOL is April 2025; supporting Node 20+ only
+        node-version: ['20.x', '22.x']
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'npm'
+
+      - name: Show Node.js version
+        run: node --version
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run tests
+        env:
+          SKIP_CLOUD_TESTS: '1'
+        run: npm test -- --reporter spec

package/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Change Log
 
+## 0.1.11 (January 9, 2026).
+
+* Update aws-sdk dependency version.
+
 ## 0.1.9 (January 16, 2020).
 
 * Handle EDN strings with template variables properly.
@@ -30,4 +34,4 @@
 
 ## 0.1.3 (January 12, 2020).
 
-* Initial semi-working release.
+* Initial semi-working release.

package/README.md

@@ -23,13 +23,15 @@ let peerConf = {
 
 // cloud config map example
 let cloudConf = {
-    endpoint: 'http://entry.your-system-name.your-region.datomic.net:8182/',
+    endpoint: 'https://your-apigateway-url',
     serverType: 'cloud',
     region: 'your-region',
     system: 'your-system',
     dbName: 'your-db-name',
-    proxyPort: 8182  // if connecting via the bastion server
 };
+// Can also still set endpoint to a private datomic.net URL,
+// and set proxyPort if using an older Datomic cloud release
+// with a proxy server for access.
 
 let client = require('datomic-client-js');
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "datomic-client-js",
-  "version": "0.1.10",
+  "version": "0.1.12",
   "description": "Client for Datomic Cloud and Peer Server",
   "scripts": {
     "test": "mocha",
@@ -12,15 +12,15 @@
   "author": "Casey Marshall",
   "license": "Apache-2.0",
   "dependencies": {
-    "aws-sdk": "2.599.0",
+    "aws-sdk": "^1.18.0",
     "jsedn": "~0.4.1",
-    "npm": "^6.13.6",
-    "socks-proxy-agent": "4.0.2",
-    "transit-js": "0.8.861",
-    "uuid": "latest"
+    "mocha": "^11.3.0",
+    "npm": "^11.7.0",
+    "socks-proxy-agent": "8.0.5",
+    "transit-js": "0.8.861"
   },
   "devDependencies": {
-    "jsdoc": "~3.6.3",
+    "jsdoc": "^4.0.5",
     "promise": "~8.0.3"
   },
   "main": "index.js",

package/src/pro.js

@@ -1,5 +1,13 @@
 'use strict';
 
+/**
+ * TLS validation modes for peer-server connections:
+ * - 'strict': Full certificate validation including expiration and CA chain
+ * - 'allow-expired': Validate CA chain but allow expired certificates (default)
+ * - 'none': Disable all certificate validation (not recommended)
+ */
+const TLS_VALIDATION_MODES = ['strict', 'allow-expired', 'none'];
+
 function routingMap(endpoint) {
     let parts = endpoint.split(':', 2);
     let host = parts[0];
@@ -16,10 +24,11 @@ function routingMap(endpoint) {
     };
 }
 
-function Spi(signingMap, routingMap) {
+function Spi(signingMap, routingMap, tlsConfig) {
     this.signingMap = signingMap;
     this.routingMap = routingMap;
     this.serverType = 'peer-server';
+    this.tlsConfig = tlsConfig;
 }
 
 Spi.prototype.addRouting = function(request) {
@@ -42,7 +51,12 @@ Spi.prototype.getAgent = function() {
 };
 
 Spi.prototype.usePrivateTrustAnchor = function () {
-    return true;
+    // Use private trust anchor unless user provided their own CA with strict validation
+    return this.tlsConfig.validation !== 'strict' || !this.tlsConfig.ca;
+}
+
+Spi.prototype.getTlsConfig = function () {
+    return this.tlsConfig;
 }
 
 function createSpi(args) {
@@ -54,10 +68,19 @@ function createSpi(args) {
             service: "peer-server",
             region: "none"
         };
-        return new Spi(signParams, routing);
+        let tlsValidation = args.tlsValidation || 'allow-expired';
+        if (TLS_VALIDATION_MODES.indexOf(tlsValidation) === -1) {
+            throw Error(`invalid tlsValidation mode: ${tlsValidation}. Must be one of: ${TLS_VALIDATION_MODES.join(', ')}`);
+        }
+        let tlsConfig = {
+            validation: tlsValidation,
+            ca: args.tlsCa || null
+        };
+        return new Spi(signParams, routing, tlsConfig);
     } else {
         throw Error('invalid connection config');
     }
 }
 
-exports.createSpi = createSpi;
+exports.createSpi = createSpi;
+exports.TLS_VALIDATION_MODES = TLS_VALIDATION_MODES;