Bruno Miiller
|
6a6f192942
|
Make build pass on Node 24 and reduce npm audit surface
Build fixes:
- tsconfig.json: moduleResolution "node" → "bundler" (resolves node-diff3
v3.2.0 exports-only package); add "es2021" to lib for AggregateError
- webpack.config.js: NormalModuleReplacementPlugin to strip "node:" URI
prefix so resolve.fallback browserify shims apply
- Remove "aggregate-error" import in src/main.ts, src/fsS3.ts,
pro/src/sync.ts — use native global AggregateError (Node 15+, Electron
98+, both satisfied by Obsidian runtime)
- .gitignore: ignore *.main.js webpack chunks
Audit reduction (22 → 4 low):
- Remove npm-check-updates devDep (use `npx ncu` ad-hoc) — kills 15 vulns
from transitive cacache/sigstore/tar/pacote chain
- Pin to versions ≥ 30 days old (supply-chain hygiene): @types/node 24.12.2,
c8 11.0.0, mocha 11.7.5, esbuild 0.28.0, crypto-browserify 3.12.1
- package.json overrides: elliptic@6.6.1, diff@9.0.0,
serialize-javascript@7.0.5 to push transitive fixes
- Remaining 4 lows are all elliptic (advisory marks all versions
vulnerable; no upstream fix available)
|
2026-05-19 22:57:29 -03:00 |
|