sharjeenux 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 Sharjeenux contributors
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
package/README.md ADDED
@@ -0,0 +1,175 @@
1
+ # Sharjeenux
2
+
3
+ Sharjeenux is a headless, in-memory Buildroot Linux VM controlled from Node.js.
4
+ It boots an i686 Linux image through v86 and exposes one persistent serial shell
5
+ as an async JavaScript API.
6
+
7
+ The guest includes:
8
+
9
+ - Node.js 20.20, npm, npx, TypeScript (`tsc` and `tsserver`)
10
+ - Python 3 and pip
11
+ - OpenJDK 21 (`java`, `javac`) and Apache Maven
12
+ - Git, curl, GNU wget, OpenSSL, and CA certificates
13
+ - Common archive tools: tar, gzip, bzip2, xz, zip, and unzip
14
+
15
+ It has no desktop, display server, SSH server, or host port-forwarding layer.
16
+
17
+ ## Install
18
+
19
+ ```sh
20
+ npm install sharjeenux
21
+ ```
22
+
23
+ To test the generated package before registry publication:
24
+
25
+ ```sh
26
+ npm install ./sharjeenux-0.3.0.tgz
27
+ ```
28
+
29
+ ## Use
30
+
31
+ ```js
32
+ import { initialize, send, exec, shutdown } from "sharjeenux";
33
+
34
+ await initialize();
35
+
36
+ console.log(await send("ls -la"));
37
+ console.log(await send("node -e 'console.log(6 * 7)'"));
38
+ console.log(await send("python3 -c 'print(6 * 7)'"));
39
+ console.log(await send("java --version"));
40
+ console.log(await send("git --version"));
41
+
42
+ const result = await exec("npm --version");
43
+ console.log(result.output, result.exitCode, result.durationMs);
44
+
45
+ await shutdown();
46
+ ```
47
+
48
+ CommonJS is supported:
49
+
50
+ ```js
51
+ const { initialize, send, shutdown } = require("sharjeenux");
52
+
53
+ await initialize();
54
+ console.log(await send("uname -a"));
55
+ await shutdown();
56
+ ```
57
+
58
+ Commands execute sequentially in one persistent shell rooted at
59
+ `/mnt/workspace`. Directory changes, environment variables, and installed
60
+ language packages remain available until `shutdown()`.
61
+
62
+ ## Package managers
63
+
64
+ Use npm/npx for JavaScript and TypeScript, pip for Python, and Maven for Java:
65
+
66
+ ```js
67
+ await send("npm install lodash");
68
+ await send("pip3 install requests");
69
+ await send("mvn --version");
70
+ ```
71
+
72
+ Buildroot images are intentionally assembled at build time and do not have a
73
+ compatible general-purpose remote system package feed. Therefore `apt`, `apk`,
74
+ and `dnf` are not included. Add native Linux packages through the reproducible
75
+ Buildroot configuration and rebuild the image.
76
+
77
+ Pure JavaScript and pure-Python packages are supported. Packages that must
78
+ compile native C/C++ extensions inside the guest are not guaranteed because
79
+ this image does not ship an on-target C/C++ compiler toolchain. Java source is
80
+ supported through `javac`.
81
+
82
+ ## Long-running commands
83
+
84
+ `send()` resolves only when a command exits. Use `spawn()` for a development
85
+ server or another long-lived process:
86
+
87
+ ```js
88
+ const vm = await initialize();
89
+
90
+ await vm.send("npm create vite@latest my-app -- --template react --no-interactive", {
91
+ onOutput: chunk => process.stdout.write(chunk),
92
+ });
93
+ await vm.send("cd my-app && npm install", {
94
+ onOutput: chunk => process.stdout.write(chunk),
95
+ });
96
+
97
+ // `cd my-app` persisted after the previous command.
98
+ const dev = vm.spawn("npm run dev -- --host 0.0.0.0", {
99
+ timeoutMs: 0,
100
+ onOutput: chunk => process.stdout.write(chunk),
101
+ });
102
+
103
+ // The server runs inside the VM. Stop it later:
104
+ dev.kill();
105
+ await dev.exit;
106
+ ```
107
+
108
+ Sharjeenux deliberately does not map guest listening ports to the host. A Vite
109
+ server can run inside Linux, but its URL is not exposed to the host, browser,
110
+ or public network.
111
+
112
+ ## Outbound networking
113
+
114
+ The default is v86's fetch transport:
115
+
116
+ ```js
117
+ await initialize({ networking: true });
118
+ ```
119
+
120
+ This is outbound-only and optimized for HTTP. npm is configured to use an HTTP
121
+ registry endpoint that the host fetch implementation can retrieve safely.
122
+ Direct guest TCP/TLS connections, including many `https://` Git, pip, Maven,
123
+ curl, and wget requests, require a Wisp relay supplied by the application:
124
+
125
+ ```js
126
+ await initialize({
127
+ networkRelayUrl: "wisps://your-wisp-relay.example/",
128
+ });
129
+ ```
130
+
131
+ A Wisp relay enables arbitrary outbound TCP; use only a relay you trust. It
132
+ still does not create inbound host-to-guest port forwarding. Set
133
+ `networking: false` to disable the guest network completely.
134
+
135
+ The fetch transport is much slower and less reliable for large dependency
136
+ graphs than normal TCP. Sharjeenux configures npm retries and conservative
137
+ parallelism, but a trusted Wisp relay is recommended for large installs.
138
+
139
+ ## Sandbox requirements
140
+
141
+ Sharjeenux works in Node.js sandboxes that permit:
142
+
143
+ - Node.js 20.6 or newer and WebAssembly execution
144
+ - reading installed package assets and writing the host temporary directory
145
+ - roughly 2 GiB of guest memory plus host/runtime overhead with the default configuration
146
+ - enough execution time to boot a software-emulated x86 Linux VM
147
+ - outbound `fetch` or WebSocket access when networking is enabled
148
+
149
+ It is not a browser package: its host wrapper imports Node.js APIs. Serverless
150
+ and edge runtimes with short CPU limits, no writable temporary storage, or no
151
+ WebAssembly support are not compatible.
152
+
153
+ ## Performance and Base64 assets
154
+
155
+ Every embedded binary is stored as Base64 text files of at most 1 KiB each.
156
+ The first initialization must open and decode those files. Decoded images are
157
+ hash-verified and cached under the host temporary directory, so later boots do
158
+ not reopen all chunks.
159
+
160
+ Sharjeenux emulates a complete 32-bit x86 computer. It will remain materially
161
+ slower than native Node.js or StackBlitz WebContainers, whose architecture is
162
+ designed specifically around browser-native execution. Streaming output with
163
+ `onOutput` makes long installs observable but does not remove emulation cost.
164
+
165
+ ## Licensing and corresponding source
166
+
167
+ The JavaScript wrapper is MIT-licensed. The Linux image contains components
168
+ under their own licenses, including GPLv2 BusyBox and the Linux kernel. See
169
+ `THIRD_PARTY_NOTICES.md`, `compliance/`, and `SOURCE_OFFER.md`.
170
+
171
+ The release process produces a matching
172
+ `sharjeenux-corresponding-source-0.3.0.tar.xz` archive. Use it together with
173
+ `compliance/build-definition.tar.xz`, retain both, and honor the written source
174
+ offer for its full stated period. This documentation is an engineering
175
+ compliance aid, not legal advice.
@@ -0,0 +1,22 @@
1
+ # Written offer for corresponding source
2
+
3
+ Sharjeel Baig offers any third party a complete machine-readable copy of the
4
+ corresponding source code for the GPL- and LGPL-licensed executable components
5
+ distributed in Sharjeenux 0.3.0, including the scripts and configuration used
6
+ to control compilation and installation.
7
+
8
+ This offer is valid for at least three years after the last distribution of
9
+ this version and, in any event, through July 4, 2029. Electronic delivery is
10
+ available at no charge. Physical delivery, if requested, will cost no more
11
+ than the reasonable cost of the medium and delivery.
12
+
13
+ To request the source, email `dr.sharjeel.6@gmail.com` with the subject
14
+ `Sharjeenux 0.3.0 corresponding source request`. Include the package version
15
+ and preferred delivery method.
16
+
17
+ The prepared source materials comprise the corresponding-source archive and
18
+ the exact `compliance/build-definition.tar.xz` shipped in the npm package.
19
+ Together they contain the Buildroot tree, Buildroot and Linux configurations,
20
+ Sharjeenux external tree and root-filesystem overlay, SeaBIOS/SeaVGABIOS source
21
+ and configuration, patches, build scripts, license manifests, and collected
22
+ package sources used for the distributed VM image.
@@ -0,0 +1,40 @@
1
+ # Third-party software
2
+
3
+ Sharjeenux boots third-party software inside an emulated x86 machine. The MIT
4
+ license in `LICENSE` applies only to Sharjeenux's own JavaScript wrapper.
5
+
6
+ Principal components include:
7
+
8
+ - v86 0.5.420: BSD-2-Clause, <https://github.com/copy/v86>
9
+ - ws 8.21.0: MIT, <https://github.com/websockets/ws>
10
+ - SeaBIOS/SeaVGABIOS 1.16.2: LGPL-3.0-only,
11
+ <https://www.seabios.org/>
12
+ - Linux 6.12.94: GPL-2.0-only, <https://kernel.org>
13
+ - Buildroot 2025.02.15: GPL-2.0-or-later, <https://buildroot.org>
14
+ - BusyBox 1.37.0: GPL-2.0-only, <https://busybox.net>
15
+ - GNU C Library 2.41: LGPL-2.1-or-later,
16
+ <https://www.gnu.org/software/libc/>
17
+ - GCC 13.4 runtime libraries: GPL with the GCC Runtime Library Exception,
18
+ <https://gcc.gnu.org/onlinedocs/libstdc++/manual/license.html>
19
+ - Node.js 20.20.2 (unofficial Linux x86 build): MIT,
20
+ <https://github.com/nodejs/node>
21
+ - npm CLI: Artistic-2.0, <https://github.com/npm/cli>
22
+ - TypeScript 6.0.3: Apache-2.0,
23
+ <https://github.com/microsoft/TypeScript>
24
+ - Python 3.12.13: Python-2.0, <https://www.python.org/>
25
+ - pip: MIT, <https://github.com/pypa/pip>
26
+ - OpenJDK 21.0.11+10: GPL-2.0 with Classpath Exception,
27
+ <https://github.com/openjdk/jdk21u>
28
+ - Apache Maven 3.9.16: Apache-2.0, <https://maven.apache.org/>
29
+ - Git 2.48.2: GPL-2.0-only, <https://git-scm.com/>
30
+ - curl/libcurl: curl license, <https://curl.se/>
31
+ - GNU Wget 1.25.0: GPL-3.0-or-later,
32
+ <https://www.gnu.org/software/wget/>
33
+
34
+ This list is a summary, not a replacement for the complete license manifest
35
+ and license texts produced by Buildroot. See `SOURCE_OFFER.md` for the offer
36
+ that accompanies the binary image. The matching release process also creates
37
+ `sharjeenux-corresponding-source-0.3.0.tar.xz`. Use that archive together
38
+ with `compliance/build-definition.tar.xz` for the collected sources, exact
39
+ patches and configurations, licenses, and Buildroot scripts used for the
40
+ image.
@@ -0,0 +1,38 @@
1
+ # Release build and compliance material
2
+
3
+ These files identify and reproduce the Linux image distributed in
4
+ Sharjeenux 0.3.0.
5
+
6
+ ## Binary image
7
+
8
+ - Embedded `bzImage` SHA-256:
9
+ `5918718a5e8189b8fe72c26497c441b097c7086c8a27cfcc1f9952c57f09d91e`
10
+ - Buildroot: 2025.02.15
11
+ - Linux: 6.12.94
12
+ - BusyBox: 1.37.0
13
+ - Architecture: i686
14
+
15
+ `buildroot.config` and `linux.config` are the complete configurations copied
16
+ from the release build output. `build-definition.tar.xz` contains the exact
17
+ Buildroot external tree, patches, root-filesystem overlay, Docker build
18
+ environment, and release scripts used for the final binary. Its SHA-256 is:
19
+
20
+ `0766caa8161b4a1cfe076ce6b7e429799ee08e51bbb0628aa532f472408caf13`
21
+
22
+ ## Corresponding source
23
+
24
+ The release process also produced
25
+ `sharjeenux-corresponding-source-0.3.0.tar.xz`. It contains the Buildroot tree,
26
+ Buildroot `legal-info` output and collected package sources, Linux and BusyBox
27
+ source, SeaBIOS/SeaVGABIOS source and configuration, package license files,
28
+ and build material. Its SHA-256 is:
29
+
30
+ `672c0e25a081b5ffce150909eded53c193ca639b76f5f134490c20f00ae6c94c`
31
+
32
+ Use that corresponding-source archive together with the exact
33
+ `build-definition.tar.xz` included here. The distributor must retain both and
34
+ honor `SOURCE_OFFER.md` for the stated period.
35
+
36
+ Buildroot's `legal-info` output is an aid, not an automatic legal conclusion.
37
+ Review the generated manifests and warnings before each release. This folder
38
+ is engineering compliance material, not legal advice.