npm - tokentrace - Versions diffs - 0.14.2 → 0.15.0 - Mend

tokentrace 0.14.2 → 0.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/CHANGELOG.md +20 -0
package/README.md +22 -2
package/dist/runtime/scan.mjs +5 -2
package/package.json +14 -13
package/scripts/package-inspect.mjs +2 -2
package/server.json +2 -2
package/src/ingestion/adapters/sqlite-history.ts +6 -2

package/CHANGELOG.md CHANGED Viewed

@@ -4,6 +4,26 @@ All notable changes to TokenTrace are documented here.
 ## Unreleased
+## [0.15.0] - 2026-05-22
+### Changed
+- Bumped minimum Node.js to 20.0.0 (Node 18 LTS reached end of life on 2025-04-30). This is a breaking change for users still on Node 18.
+- Upgraded `better-sqlite3` from 11 to 12 (latest major).
+- Upgraded `lucide-react` from 0.468 to 1.16 (first stable major release).
+- Upgraded `open` from 10 to 11 (now requires Node 20+, aligns with engines bump).
+- Bumped minor/patch versions for `tsx`, `postcss`, `autoprefixer`, `@types/react`, `@types/node`.
+### Fixed
+- `sqlite-history` adapter now uses SQLite identifier quoting (`""`) instead of `JSON.stringify()` when interpolating user table names into raw queries. Previously, a table name containing a quote could have caused a SQL parse error during read-only ingestion.
+- Made `eslint-plugin-react-hooks` an explicit devDependency so lint setup no longer relies on accidental dependency hoisting from `eslint-config-next`.
+- Raised global Vitest `testTimeout`/`hookTimeout` to 30s and bumped per-test/spawn timeouts in CLI subprocess tests (`mcp-server`, `serve-command`, `statusline-cli`) so they are no longer flaky under macOS process-spawn latency.
+### Documentation
+- Added a Troubleshooting section to the README covering the `prebuild-install` deprecation warning from `better-sqlite3`, native build errors, and `EBADENGINE` warnings.
 ## [0.14.2] - 2026-05-21
 ### Added

package/README.md CHANGED Viewed

@@ -244,8 +244,6 @@ The CLI sets `TOKENTRACE_DB` and `DATABASE_URL` automatically. You can override
 TOKENTRACE_HOME=/custom/path tokentrace
 ```
-If `npm install -g tokentrace` prints a `prebuild-install` deprecation warning, it is from the native SQLite dependency chain used by `better-sqlite3`. The install should continue normally, and TokenTrace still runs locally.
 ## Where TokenTrace Looks
 Default discovery checks these locations when present:
@@ -478,6 +476,28 @@ The ingestion system is intentionally pluggable:
 Contributions are welcome. See [CONTRIBUTING.md](CONTRIBUTING.md) for local setup, parser guidelines, pricing update notes, and the release policy.
+## Troubleshooting
+### `prebuild-install` deprecation warning during install
+```
+npm warn deprecated prebuild-install@7.1.3: No longer maintained...
+```
+This is a transitive dependency of `better-sqlite3` (the native SQLite driver TokenTrace uses to store local data). The warning is harmless — the install completes normally and TokenTrace runs as expected. It will go away once `better-sqlite3` upstream migrates to a different prebuilt binary loader; there is nothing to fix on the TokenTrace side.
+### Native build errors on `better-sqlite3`
+If the prebuilt binary cannot be downloaded (offline machine, restrictive proxy, unsupported Node ABI), `better-sqlite3` will try to compile from source and may fail. Workarounds:
+- Ensure Node.js is a supported LTS (TokenTrace requires `>= 20.0.0`; Node 20 or 22 LTS is recommended).
+- Install build tools: Xcode Command Line Tools on macOS, `build-essential` and `python3` on Linux, or the "Desktop development with C++" workload on Windows.
+- Retry the install with network access to `github.com` so the prebuilt binary can be fetched.
+### `EBADENGINE` warnings
+These appear when your local Node version is older than the `engines` field of a transitive dependency. They are warnings, not errors. Upgrading to the latest Node LTS resolves them.
 ## Known Limitations
 - Claude Code and Codex CLI log formats are inferred defensively and may need refinement with real sample logs.

package/dist/runtime/scan.mjs CHANGED Viewed

@@ -2909,12 +2909,15 @@ import Database2 from "better-sqlite3";
 function openReadonly(filePath) {
   return new Database2(filePath, { readonly: true, fileMustExist: true });
 }
+function quoteIdent(name) {
+  return `"${name.replace(/"/g, '""')}"`;
+}
 function candidateTables(db2) {
   const tables = db2.prepare("SELECT name FROM sqlite_master WHERE type = 'table' AND name NOT LIKE 'sqlite_%'").all();
   return tables.map((table) => table.name).filter((name) => usageTableNames.includes(name) || /usage|token|message|session/i.test(name));
 }
 function columnsFor(db2, tableName) {
-  const columns = db2.prepare(`PRAGMA table_info(${JSON.stringify(tableName)})`).all();
+  const columns = db2.prepare(`PRAGMA table_info(${quoteIdent(tableName)})`).all();
   return new Set(columns.map((column) => column.name.toLowerCase()));
 }
 function hasUsageShape(columns) {
@@ -2923,7 +2926,7 @@ function hasUsageShape(columns) {
   return hasModel && hasUsage2;
 }
 function tableRows(db2, tableName) {
-  return db2.prepare(`SELECT * FROM ${JSON.stringify(tableName)} LIMIT 50000`).all();
+  return db2.prepare(`SELECT * FROM ${quoteIdent(tableName)} LIMIT 50000`).all();
 }
 function providerId(value) {
   if (!value) return "local";

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "tokentrace",
-  "version": "0.14.2",
+  "version": "0.15.0",
   "mcpName": "io.github.abhiyoheswaran1/tokentrace",
   "description": "Local-first dashboard for AI CLI token, cost, and session analytics.",
   "author": {
@@ -74,10 +74,10 @@
     "prepack": "npm run build:runtime"
   },
   "overrides": {
-    "postcss": "^8.5.14"
+    "postcss": "^8.5.15"
   },
   "engines": {
-    "node": ">=18.18.0"
+    "node": ">=20.0.0"
   },
   "keywords": [
     "tokens",
@@ -94,24 +94,24 @@
   ],
   "license": "MIT",
   "dependencies": {
-    "@types/node": "^22.10.5",
-    "@types/react": "^19.0.4",
     "@radix-ui/react-slot": "^1.1.1",
-    "better-sqlite3": "^11.7.0",
+    "@types/node": "^22.19.19",
+    "@types/react": "^19.2.15",
+    "autoprefixer": "^10.5.0",
+    "better-sqlite3": "^12.10.0",
     "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.1",
     "drizzle-orm": "^0.45.2",
     "get-port": "^7.2.0",
-    "lucide-react": "^0.468.0",
+    "lucide-react": "^1.16.0",
     "next": "^15.5.18",
-    "open": "^10.1.0",
-    "autoprefixer": "^10.4.20",
-    "postcss": "^8.5.14",
+    "open": "^11.0.0",
+    "postcss": "^8.5.15",
     "react": "^19.0.0",
     "react-dom": "^19.0.0",
     "recharts": "^2.15.0",
-    "tailwindcss": "^3.4.17",
     "tailwind-merge": "^2.6.0",
+    "tailwindcss": "^3.4.17",
     "typescript": "^5.7.2"
   },
   "devDependencies": {
@@ -119,9 +119,10 @@
     "@types/better-sqlite3": "^7.6.12",
     "@types/react-dom": "^19.0.2",
     "esbuild": "^0.28.0",
-    "eslint": "^9.17.0",
+    "eslint": "^9.39.4",
     "eslint-config-next": "^15.1.4",
-    "tsx": "^4.21.0",
+    "eslint-plugin-react-hooks": "^5.2.0",
+    "tsx": "^4.22.3",
     "vitest": "^3.2.4"
   }
 }

package/scripts/package-inspect.mjs CHANGED Viewed

@@ -48,8 +48,8 @@ if (packageJson.dependencies?.["drizzle-orm"] !== "^0.45.2") {
   fail("Keep the published drizzle-orm dependency floor at ^0.45.2 or newer.");
 }
-if (packageJson.overrides?.postcss !== "^8.5.14") {
-  fail("Keep the PostCSS override at ^8.5.14 or newer.");
+if (packageJson.overrides?.postcss !== "^8.5.15") {
+  fail("Keep the PostCSS override at ^8.5.15 or newer.");
 }
 const blockedPackageEntries = [

package/server.json CHANGED Viewed

@@ -8,12 +8,12 @@
     "url": "https://github.com/abhiyoheswaran1/tokentrace",
     "source": "github"
   },
-  "version": "0.14.2",
+  "version": "0.15.0",
   "packages": [
     {
       "registryType": "npm",
       "identifier": "tokentrace",
-      "version": "0.14.2",
+      "version": "0.15.0",
       "runtimeHint": "npx",
       "packageArguments": [
         {

package/src/ingestion/adapters/sqlite-history.ts CHANGED Viewed

@@ -24,6 +24,10 @@ function openReadonly(filePath: string) {
   return new Database(filePath, { readonly: true, fileMustExist: true });
 }
+function quoteIdent(name: string) {
+  return `"${name.replace(/"/g, '""')}"`;
+}
 function candidateTables(db: Database.Database) {
   const tables = db
     .prepare("SELECT name FROM sqlite_master WHERE type = 'table' AND name NOT LIKE 'sqlite_%'")
@@ -34,7 +38,7 @@ function candidateTables(db: Database.Database) {
 }
 function columnsFor(db: Database.Database, tableName: string) {
-  const columns = db.prepare(`PRAGMA table_info(${JSON.stringify(tableName)})`).all() as Array<{ name: string }>;
+  const columns = db.prepare(`PRAGMA table_info(${quoteIdent(tableName)})`).all() as Array<{ name: string }>;
   return new Set(columns.map((column) => column.name.toLowerCase()));
 }
@@ -52,7 +56,7 @@ function hasUsageShape(columns: Set<string>) {
 }
 function tableRows(db: Database.Database, tableName: string) {
-  return db.prepare(`SELECT * FROM ${JSON.stringify(tableName)} LIMIT 50000`).all() as UsageRow[];
+  return db.prepare(`SELECT * FROM ${quoteIdent(tableName)} LIMIT 50000`).all() as UsageRow[];
 }
 function providerId(value: string | null) {