layercache 1.3.1 → 1.3.3

package/dist/cli.js

@@ -1,7 +1,10 @@
 #!/usr/bin/env node
 import {
-  RedisTagIndex
-} from "./chunk-BQLL6IM5.js";
+  RedisTagIndex,
+  validateCacheKey,
+  validatePattern,
+  validateTag
+} from "./chunk-BORDQ3LA.js";
 import {
   isStoredValueEnvelope,
   resolveStoredValue
@@ -46,13 +49,17 @@ async function main(argv = process.argv.slice(2)) {
       throw new Error(`Failed to connect to Redis at ${maskRedisUrl(redisUrl)}: ${message}`);
     });
     if (args.command === "stats") {
-      const keys = await scanKeys(redis, args.pattern ?? "*");
-      process.stdout.write(`${JSON.stringify({ totalKeys: keys.length, pattern: args.pattern ?? "*" }, null, 2)}
+      const pattern = args.pattern ?? "*";
+      if (args.pattern && !validateCliInput(args.pattern, validatePattern)) return;
+      const keys = await scanKeys(redis, pattern);
+      process.stdout.write(`${JSON.stringify({ totalKeys: keys.length, pattern }, null, 2)}
 `);
       return;
     }
     if (args.command === "keys") {
-      const keys = await scanKeys(redis, args.pattern ?? "*");
+      const pattern = args.pattern ?? "*";
+      if (args.pattern && !validateCliInput(args.pattern, validatePattern)) return;
+      const keys = await scanKeys(redis, pattern);
       if (keys.length > 0) {
         process.stdout.write(`${keys.join("\n")}
 `);
@@ -61,6 +68,7 @@ async function main(argv = process.argv.slice(2)) {
     }
     if (args.command === "invalidate") {
       if (args.tag) {
+        if (!validateCliInput(args.tag, validateTag)) return;
         const tagIndex = new RedisTagIndex({ client: redis, prefix: args.tagIndexPrefix ?? "layercache:tag-index" });
         const keys2 = await tagIndex.keysForTag(args.tag);
         if (keys2.length > 0) {
@@ -70,11 +78,18 @@ async function main(argv = process.argv.slice(2)) {
 `);
         return;
       }
-      const keys = await scanKeys(redis, args.pattern ?? "*");
+      const effectivePattern = args.pattern ?? "*";
+      if (args.pattern && !validateCliInput(args.pattern, validatePattern)) return;
+      const keys = await scanKeys(redis, effectivePattern);
+      if (!args.pattern && !args.force && keys.length > 0) {
+        process.stderr.write(`Warning: this operation will invalidate ${keys.length} keys. Use --force to confirm.
+`);
+        return;
+      }
       if (keys.length > 0) {
         await batchDelete(redis, keys);
       }
-      process.stdout.write(`${JSON.stringify({ deletedKeys: keys.length, pattern: args.pattern ?? "*" }, null, 2)}
+      process.stdout.write(`${JSON.stringify({ deletedKeys: keys.length, pattern: effectivePattern }, null, 2)}
 `);
       return;
     }
@@ -82,6 +97,7 @@ async function main(argv = process.argv.slice(2)) {
       if (!args.key) {
         throw new Error("inspect requires --key <key>.");
       }
+      if (!validateCliInput(args.key, validateCacheKey)) return;
       const payload = await redis.getBuffer(args.key);
       const ttl = await redis.ttl(args.key);
       const decoded = decodeInspectablePayload(payload);
@@ -156,6 +172,8 @@ function parseArgs(argv) {
       index += 1;
     } else if (token === "--require-tls") {
       parsed.requireTls = true;
+    } else if (token === "--force") {
+      parsed.force = true;
     }
   }
   return parsed;
@@ -232,6 +250,18 @@ function maskRedisUrl(url) {
     return url.replace(/:([^@/]+)@/, ":***@");
   }
 }
+function validateCliInput(value, validator) {
+  try {
+    validator(value);
+    return true;
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error);
+    process.stderr.write(`Error: ${message}
+`);
+    process.exitCode = 1;
+    return false;
+  }
+}
 if (process.argv[1]?.endsWith("cli.cjs") || process.argv[1]?.endsWith("cli.js")) {
   void main();
 }

package/dist/edge.cjs

@@ -339,7 +339,7 @@ var MAX_PATTERN_RECURSION_DEPTH = 500;
 var TagIndex = class {
   tagToKeys = /* @__PURE__ */ new Map();
   keyToTags = /* @__PURE__ */ new Map();
-  knownKeys = /* @__PURE__ */ new Set();
+  knownKeys = /* @__PURE__ */ new Map();
   maxKnownKeys;
   nextNodeId = 1;
   root = this.createTrieNode();
@@ -427,10 +427,11 @@ var TagIndex = class {
     };
   }
   insertKnownKey(key) {
-    if (this.knownKeys.has(key)) {
+    const isNew = !this.knownKeys.has(key);
+    this.knownKeys.set(key, Date.now());
+    if (!isNew) {
       return;
     }
-    this.knownKeys.add(key);
     let node = this.root;
     for (const character of key) {
       let child = node.children.get(character);
@@ -525,14 +526,13 @@ var TagIndex = class {
     if (this.maxKnownKeys === void 0 || this.knownKeys.size <= this.maxKnownKeys) {
       return;
     }
+    const sorted = [...this.knownKeys.entries()].sort((a, b) => a[1] - b[1]);
     const toRemove = Math.ceil(this.maxKnownKeys * 0.1);
-    let removed = 0;
-    for (const key of this.knownKeys) {
-      if (removed >= toRemove) {
-        break;
+    for (let i = 0; i < toRemove && i < sorted.length; i += 1) {
+      const entry = sorted[i];
+      if (entry) {
+        this.removeKey(entry[0]);
       }
-      this.removeKey(key);
-      removed += 1;
     }
   }
   removeKey(key) {

package/dist/edge.js

@@ -2,7 +2,7 @@ import {
   MemoryLayer,
   TagIndex,
   createHonoCacheMiddleware
-} from "./chunk-GJBKCFE6.js";
+} from "./chunk-5RCAX2BQ.js";
 import {
   PatternMatcher
 } from "./chunk-4PPBOOXT.js";

package/dist/index.cjs

@@ -961,6 +961,7 @@ var CacheStackLayerWriter = class {
 };
 
 // src/internal/CacheStackMaintenance.ts
+var MAX_KEY_EPOCHS = 5e4;
 var CacheStackMaintenance = class {
   keyEpochs = /* @__PURE__ */ new Map();
   writeBehindQueue = [];
@@ -1004,6 +1005,7 @@ var CacheStackMaintenance = class {
     for (const key of keys) {
       this.keyEpochs.set(key, this.currentKeyEpoch(key) + 1);
     }
+    this.pruneKeyEpochsIfNeeded();
   }
   isWriteOutdated(key, expectedClearEpoch, expectedKeyEpoch) {
     if (expectedClearEpoch !== void 0 && expectedClearEpoch !== this.clearEpoch) {
@@ -1056,6 +1058,16 @@ var CacheStackMaintenance = class {
   async waitForGenerationCleanup() {
     await this.generationCleanupPromise;
   }
+  pruneKeyEpochsIfNeeded() {
+    if (this.keyEpochs.size <= MAX_KEY_EPOCHS) {
+      return;
+    }
+    const sorted = [...this.keyEpochs.entries()].sort((a, b) => a[1] - b[1]);
+    const toDelete = Math.ceil(sorted.length * 0.1);
+    for (let i = 0; i < toDelete; i++) {
+      this.keyEpochs.delete(sorted[i][0]);
+    }
+  }
 };
 
 // src/internal/CacheStackRuntimePolicy.ts
@@ -1095,16 +1107,16 @@ function planFreshReadPolicies({
 }
 
 // src/internal/CacheStackSnapshotManager.ts
-var import_node_crypto = require("crypto");
 var import_node_fs = require("fs");
-var import_node_path = __toESM(require("path"), 1);
 
 // src/internal/CacheSnapshotFile.ts
-function isWithinSnapshotBase(realBaseDir, candidatePath, pathSeparator, path2) {
-  const relative = path2.relative(realBaseDir, candidatePath);
-  return !(relative === ".." || relative.startsWith(`..${pathSeparator}`) || path2.isAbsolute(relative));
+var import_node_crypto = require("crypto");
+var import_promises = require("fs/promises");
+function isWithinSnapshotBase(realBaseDir, candidatePath, pathSeparator, path) {
+  const relative = path.relative(realBaseDir, candidatePath);
+  return !(relative === ".." || relative.startsWith(`..${pathSeparator}`) || path.isAbsolute(relative));
 }
-async function findExistingAncestor(directory, fs3, path2) {
+async function findExistingAncestor(directory, fs3, path) {
   let current = directory;
   while (true) {
     try {
@@ -1115,7 +1127,7 @@ async function findExistingAncestor(directory, fs3, path2) {
         throw error;
       }
     }
-    const parent = path2.dirname(current);
+    const parent = path.dirname(current);
     if (parent === current) {
       return current;
     }
@@ -1130,36 +1142,36 @@ async function validateSnapshotFilePath(filePath, mode, snapshotBaseDir, cwd = p
     throw new Error("filePath must not contain null bytes.");
   }
   const { promises: fs3 } = await import("fs");
-  const path2 = await import("path");
-  const resolved = path2.resolve(filePath);
-  const baseDir = snapshotBaseDir === false ? false : path2.resolve(snapshotBaseDir ?? cwd);
+  const path = await import("path");
+  const resolved = path.resolve(filePath);
+  const baseDir = snapshotBaseDir === false ? false : path.resolve(snapshotBaseDir ?? cwd);
   if (baseDir === false) {
     return resolved;
   }
   await fs3.mkdir(baseDir, { recursive: true });
   const realBaseDir = await fs3.realpath(baseDir);
-  if (!isWithinSnapshotBase(realBaseDir, resolved, path2.sep, path2)) {
+  if (!isWithinSnapshotBase(realBaseDir, resolved, path.sep, path)) {
     throw new Error(`filePath is outside the allowed snapshot directory: ${realBaseDir}`);
   }
   if (mode === "read") {
     const realTarget = await fs3.realpath(resolved);
-    if (!isWithinSnapshotBase(realBaseDir, realTarget, path2.sep, path2)) {
+    if (!isWithinSnapshotBase(realBaseDir, realTarget, path.sep, path)) {
       throw new Error(`filePath is outside the allowed snapshot directory: ${realBaseDir}`);
     }
     return realTarget;
   }
-  const parentDir = path2.dirname(resolved);
-  const existingAncestor = await findExistingAncestor(parentDir, fs3, path2);
+  const parentDir = path.dirname(resolved);
+  const existingAncestor = await findExistingAncestor(parentDir, fs3, path);
   const realExistingAncestor = await fs3.realpath(existingAncestor);
-  if (!isWithinSnapshotBase(realBaseDir, realExistingAncestor, path2.sep, path2)) {
+  if (!isWithinSnapshotBase(realBaseDir, realExistingAncestor, path.sep, path)) {
     throw new Error(`filePath is outside the allowed snapshot directory: ${realBaseDir}`);
   }
   await fs3.mkdir(parentDir, { recursive: true });
   const realParentDir = await fs3.realpath(parentDir);
-  if (!isWithinSnapshotBase(realBaseDir, realParentDir, path2.sep, path2)) {
+  if (!isWithinSnapshotBase(realBaseDir, realParentDir, path.sep, path)) {
     throw new Error(`filePath is outside the allowed snapshot directory: ${realBaseDir}`);
   }
-  const targetPath = path2.join(realParentDir, path2.basename(resolved));
+  const targetPath = path.join(realParentDir, path.basename(resolved));
   try {
     const existing = await fs3.lstat(targetPath);
     if (existing.isSymbolicLink()) {
@@ -1194,6 +1206,17 @@ async function readUtf8HandleWithLimit(handle, byteLimit) {
   }
   return Buffer.concat(chunks).toString("utf8");
 }
+function atomicWriteTempPath(targetPath) {
+  return `${targetPath}.tmp-${(0, import_node_crypto.randomBytes)(8).toString("hex")}`;
+}
+async function commitAtomicWrite(tempPath, targetPath) {
+  try {
+    await (0, import_promises.rename)(tempPath, targetPath);
+  } catch (error) {
+    await (0, import_promises.unlink)(tempPath).catch(() => void 0);
+    throw error;
+  }
+}
 
 // src/internal/StructuredDataSanitizer.ts
 var DANGEROUS_KEYS = /* @__PURE__ */ new Set(["__proto__", "prototype", "constructor"]);
@@ -1272,10 +1295,7 @@ var CacheStackSnapshotManager = class {
   }
   async persistToFile(filePath, snapshotBaseDir, maxEntries) {
     const targetPath = await validateSnapshotFilePath(filePath, "write", snapshotBaseDir);
-    const tempPath = import_node_path.default.join(
-      import_node_path.default.dirname(targetPath),
-      `.layercache-${process.pid}-${Date.now()}-${(0, import_node_crypto.randomBytes)(8).toString("hex")}.tmp`
-    );
+    const tempPath = atomicWriteTempPath(targetPath);
     let handle;
     try {
       handle = await import_node_fs.promises.open(tempPath, "wx");
@@ -1290,7 +1310,7 @@ var CacheStackSnapshotManager = class {
       await openedHandle.writeFile(wroteAny ? "\n]" : "]", "utf8");
       await openedHandle.close();
       handle = void 0;
-      await import_node_fs.promises.rename(tempPath, targetPath);
+      await commitAtomicWrite(tempPath, targetPath);
     } catch (error) {
       await handle?.close().catch(() => void 0);
       await import_node_fs.promises.unlink(tempPath).catch(() => void 0);
@@ -1605,6 +1625,7 @@ var CircuitBreakerManager = class {
 
 // src/internal/FetchRateLimiter.ts
 var MAX_BUCKETS = 1e4;
+var MAX_QUEUE_PER_BUCKET = 1e4;
 var FetchRateLimiter = class {
   buckets = /* @__PURE__ */ new Map();
   queuesByBucket = /* @__PURE__ */ new Map();
@@ -1613,6 +1634,7 @@ var FetchRateLimiter = class {
   nextFetcherBucketId = 0;
   drainTimer;
   isDisposed = false;
+  rateLimitBypasses = 0;
   async schedule(options, context, task) {
     if (this.isDisposed) {
       throw new Error("FetchRateLimiter has been disposed.");
@@ -1627,6 +1649,11 @@ var FetchRateLimiter = class {
     return new Promise((resolve2, reject) => {
       const bucketKey = this.resolveBucketKey(normalized, context);
       const queue = this.queuesByBucket.get(bucketKey) ?? [];
+      if (queue.length >= MAX_QUEUE_PER_BUCKET) {
+        this.rateLimitBypasses += 1;
+        task().then(resolve2, reject);
+        return;
+      }
       queue.push({
         bucketKey,
         options: normalized,
@@ -1931,7 +1958,13 @@ var MetricsCollector = class {
 };
 
 // src/internal/TtlResolver.ts
+var import_node_crypto2 = require("crypto");
 var DEFAULT_NEGATIVE_TTL_SECONDS = 60;
+var secureRandom = {
+  value() {
+    return (0, import_node_crypto2.randomBytes)(4).readUInt32BE(0) / 4294967296;
+  }
+};
 var TtlResolver = class {
   accessProfiles = /* @__PURE__ */ new Map();
   maxProfileEntries;
@@ -1994,7 +2027,7 @@ var TtlResolver = class {
     if (!ttl || ttl <= 0 || !jitter || jitter <= 0) {
       return ttl;
     }
-    const delta = (Math.random() * 2 - 1) * jitter;
+    const delta = (secureRandom.value() * 2 - 1) * jitter;
     return Math.max(1, Math.round(ttl + delta));
   }
   resolvePolicyTtl(key, value, policy) {
@@ -2046,7 +2079,7 @@ var MAX_PATTERN_RECURSION_DEPTH = 500;
 var TagIndex = class {
   tagToKeys = /* @__PURE__ */ new Map();
   keyToTags = /* @__PURE__ */ new Map();
-  knownKeys = /* @__PURE__ */ new Set();
+  knownKeys = /* @__PURE__ */ new Map();
   maxKnownKeys;
   nextNodeId = 1;
   root = this.createTrieNode();
@@ -2134,10 +2167,11 @@ var TagIndex = class {
     };
   }
   insertKnownKey(key) {
-    if (this.knownKeys.has(key)) {
+    const isNew = !this.knownKeys.has(key);
+    this.knownKeys.set(key, Date.now());
+    if (!isNew) {
       return;
     }
-    this.knownKeys.add(key);
     let node = this.root;
     for (const character of key) {
       let child = node.children.get(character);
@@ -2232,14 +2266,13 @@ var TagIndex = class {
     if (this.maxKnownKeys === void 0 || this.knownKeys.size <= this.maxKnownKeys) {
       return;
     }
+    const sorted = [...this.knownKeys.entries()].sort((a, b) => a[1] - b[1]);
     const toRemove = Math.ceil(this.maxKnownKeys * 0.1);
-    let removed = 0;
-    for (const key of this.knownKeys) {
-      if (removed >= toRemove) {
-        break;
+    for (let i = 0; i < toRemove && i < sorted.length; i += 1) {
+      const entry = sorted[i];
+      if (entry) {
+        this.removeKey(entry[0]);
       }
-      this.removeKey(key);
-      removed += 1;
     }
   }
   removeKey(key) {
@@ -2264,19 +2297,19 @@ var TagIndex = class {
     if (!this.knownKeys.delete(key)) {
       return;
     }
-    const path2 = [];
+    const path = [];
     let node = this.root;
     for (const character of key) {
       const child = node.children.get(character);
       if (!child) {
         return;
       }
-      path2.push([node, character]);
+      path.push([node, character]);
       node = child;
     }
     node.terminal = false;
-    for (let index = path2.length - 1; index >= 0; index -= 1) {
-      const entry = path2[index];
+    for (let index = path.length - 1; index >= 0; index -= 1) {
+      const entry = path[index];
       if (!entry) {
         continue;
       }
@@ -3359,7 +3392,7 @@ var CacheStack = class extends import_node_events.EventEmitter {
       } catch (error) {
         if (this.backgroundRefreshAbort.get(key)) return;
         this.metricsCollector.increment("refreshErrors");
-        this.logger.debug?.("refresh-error", { key, error: this.formatError(error) });
+        this.logger.warn?.("background-refresh-error", { key, error: this.formatError(error) });
       } finally {
         this.backgroundRefreshes.delete(key);
         this.backgroundRefreshAbort.delete(key);
@@ -3657,7 +3690,12 @@ var CacheStack = class extends import_node_events.EventEmitter {
     }
   }
   shouldSkipLayer(layer) {
-    return shouldSkipLayer(this.layerDegradedUntil.get(layer.name));
+    const degradedUntil = this.layerDegradedUntil.get(layer.name);
+    const skip = shouldSkipLayer(degradedUntil);
+    if (!skip && degradedUntil !== void 0) {
+      this.layerDegradedUntil.delete(layer.name);
+    }
+    return skip;
   }
   async handleLayerFailure(layer, operation, error) {
     const recovery = resolveRecoverableLayerFailure(this.options.gracefulDegradation);
@@ -4872,12 +4910,12 @@ var RedisLayer = class {
 };
 
 // src/layers/DiskLayer.ts
-var import_node_crypto3 = require("crypto");
+var import_node_crypto4 = require("crypto");
 var import_node_fs2 = require("fs");
-var import_node_path2 = require("path");
+var import_node_path = require("path");
 
 // src/internal/PayloadProtection.ts
-var import_node_crypto2 = require("crypto");
+var import_node_crypto3 = require("crypto");
 var MAGIC_ENCRYPTED = Buffer.from("LCP1:");
 var MAGIC_SIGNED = Buffer.from("LCS1:");
 var ALGORITHM = "aes-256-gcm";
@@ -4890,11 +4928,11 @@ var PayloadProtection = class {
   constructor(options) {
     if (options.encryptionKey) {
       const raw = Buffer.isBuffer(options.encryptionKey) ? options.encryptionKey : Buffer.from(options.encryptionKey, "utf8");
-      this.encryptionKey = (0, import_node_crypto2.createHash)("sha256").update(raw).digest();
+      this.encryptionKey = (0, import_node_crypto3.createHash)("sha256").update(raw).digest();
     }
     if (options.signingKey && !options.encryptionKey) {
       const raw = Buffer.isBuffer(options.signingKey) ? options.signingKey : Buffer.from(options.signingKey, "utf8");
-      this.signingKey = (0, import_node_crypto2.createHash)("sha256").update(raw).digest();
+      this.signingKey = (0, import_node_crypto3.createHash)("sha256").update(raw).digest();
     }
   }
   /** Returns `true` when any protection (encryption or signing) is configured. */
@@ -4941,8 +4979,8 @@ var PayloadProtection = class {
   }
   // ── Encryption (AES-256-GCM) ──────────────────────────────────────────
   encrypt(plaintext, key) {
-    const iv = (0, import_node_crypto2.randomBytes)(IV_LENGTH);
-    const cipher = (0, import_node_crypto2.createCipheriv)(ALGORITHM, key, iv, { authTagLength: AUTH_TAG_LENGTH });
+    const iv = (0, import_node_crypto3.randomBytes)(IV_LENGTH);
+    const cipher = (0, import_node_crypto3.createCipheriv)(ALGORITHM, key, iv, { authTagLength: AUTH_TAG_LENGTH });
     const encrypted = Buffer.concat([cipher.update(plaintext), cipher.final()]);
     const authTag = cipher.getAuthTag();
     return Buffer.concat([MAGIC_ENCRYPTED, iv, authTag, encrypted]);
@@ -4953,7 +4991,7 @@ var PayloadProtection = class {
     const authTag = payload.subarray(headerEnd + IV_LENGTH, headerEnd + IV_LENGTH + AUTH_TAG_LENGTH);
     const ciphertext = payload.subarray(headerEnd + IV_LENGTH + AUTH_TAG_LENGTH);
     try {
-      const decipher = (0, import_node_crypto2.createDecipheriv)(ALGORITHM, key, iv, {
+      const decipher = (0, import_node_crypto3.createDecipheriv)(ALGORITHM, key, iv, {
         authTagLength: AUTH_TAG_LENGTH
       });
       decipher.setAuthTag(authTag);
@@ -4966,15 +5004,15 @@ var PayloadProtection = class {
   }
   // ── Signing (HMAC-SHA256) ─────────────────────────────────────────────
   sign(payload, key) {
-    const hmac = (0, import_node_crypto2.createHmac)("sha256", key).update(payload).digest();
+    const hmac = (0, import_node_crypto3.createHmac)("sha256", key).update(payload).digest();
     return Buffer.concat([MAGIC_SIGNED, hmac, payload]);
   }
   verify(payload, key) {
     const headerEnd = MAGIC_SIGNED.length;
     const receivedHmac = payload.subarray(headerEnd, headerEnd + HMAC_LENGTH);
     const data = payload.subarray(headerEnd + HMAC_LENGTH);
-    const expectedHmac = (0, import_node_crypto2.createHmac)("sha256", key).update(data).digest();
-    if (receivedHmac.length !== HMAC_LENGTH || !(0, import_node_crypto2.timingSafeEqual)(receivedHmac, expectedHmac)) {
+    const expectedHmac = (0, import_node_crypto3.createHmac)("sha256", key).update(data).digest();
+    if (receivedHmac.length !== HMAC_LENGTH || !(0, import_node_crypto3.timingSafeEqual)(receivedHmac, expectedHmac)) {
       throw new PayloadProtectionError(
         "HMAC verification failed. The data may have been tampered with or the signingKey is incorrect."
       );
@@ -5054,7 +5092,7 @@ var DiskLayer = class {
       const raw = Buffer.isBuffer(payload) ? payload : Buffer.from(payload, "utf8");
       const protectedPayload = this.protection.protect(raw);
       const targetPath = this.keyToPath(key);
-      const tempPath = `${targetPath}.${process.pid}.${Date.now()}.${(0, import_node_crypto3.randomBytes)(8).toString("hex")}.tmp`;
+      const tempPath = `${targetPath}.${process.pid}.${Date.now()}.${(0, import_node_crypto4.randomBytes)(8).toString("hex")}.tmp`;
       try {
         await import_node_fs2.promises.writeFile(tempPath, protectedPayload);
         await import_node_fs2.promises.rename(tempPath, targetPath);
@@ -5116,7 +5154,7 @@ var DiskLayer = class {
         return;
       }
       await this.deletePathsWithConcurrency(
-        entries.filter((name) => name.endsWith(".lc")).map((name) => (0, import_node_path2.join)(this.directory, name))
+        entries.filter((name) => name.endsWith(".lc")).map((name) => (0, import_node_path.join)(this.directory, name))
       );
     });
   }
@@ -5154,8 +5192,8 @@ var DiskLayer = class {
   async dispose() {
   }
   keyToPath(key) {
-    const hash = (0, import_node_crypto3.createHash)("sha256").update(key).digest("hex");
-    return (0, import_node_path2.join)(this.directory, `${hash}.lc`);
+    const hash = (0, import_node_crypto4.createHash)("sha256").update(key).digest("hex");
+    return (0, import_node_path.join)(this.directory, `${hash}.lc`);
   }
   resolveDirectory(directory) {
     if (typeof directory !== "string" || directory.trim().length === 0) {
@@ -5164,7 +5202,7 @@ var DiskLayer = class {
     if (directory.includes("\0")) {
       throw new Error("DiskLayer.directory must not contain null bytes.");
     }
-    return (0, import_node_path2.resolve)(directory);
+    return (0, import_node_path.resolve)(directory);
   }
   normalizeMaxFiles(maxFiles) {
     if (maxFiles === void 0) {
@@ -5247,7 +5285,7 @@ var DiskLayer = class {
           if (name === void 0) {
             return;
           }
-          const filePath = (0, import_node_path2.join)(this.directory, name);
+          const filePath = (0, import_node_path.join)(this.directory, name);
           const raw = await this.readEntryFile(filePath);
           if (raw === null) {
             continue;
@@ -5323,7 +5361,7 @@ var DiskLayer = class {
     }
     const withStats = await Promise.all(
       lcFiles.map(async (name) => {
-        const filePath = (0, import_node_path2.join)(this.directory, name);
+        const filePath = (0, import_node_path.join)(this.directory, name);
         try {
           const stat = await import_node_fs2.promises.stat(filePath);
           return { filePath, mtimeMs: stat.mtimeMs };
@@ -5439,7 +5477,7 @@ var MsgpackSerializer = class {
 };
 
 // src/singleflight/RedisSingleFlightCoordinator.ts
-var import_node_crypto4 = require("crypto");
+var import_node_crypto5 = require("crypto");
 var RELEASE_SCRIPT = `
 if redis.call("get", KEYS[1]) == ARGV[1] then
   return redis.call("del", KEYS[1])
@@ -5463,7 +5501,7 @@ var RedisSingleFlightCoordinator = class {
   }
   async execute(key, options, worker, waiter) {
     const lockKey = `${this.prefix}:${encodeURIComponent(key)}`;
-    const token = (0, import_node_crypto4.randomUUID)();
+    const token = (0, import_node_crypto5.randomUUID)();
     const acquired = await this.runCommand(
       `acquire("${key}")`,
       () => this.client.set(lockKey, token, "PX", options.leaseMs, "NX")