remotely-save

bruno/remotely-save

Fork 0

Commit Graph

Author	SHA1	Message	Date
Bruno Miiller	6a6f192942	Make build pass on Node 24 and reduce npm audit surface Build fixes: - tsconfig.json: moduleResolution "node" → "bundler" (resolves node-diff3 v3.2.0 exports-only package); add "es2021" to lib for AggregateError - webpack.config.js: NormalModuleReplacementPlugin to strip "node:" URI prefix so resolve.fallback browserify shims apply - Remove "aggregate-error" import in src/main.ts, src/fsS3.ts, pro/src/sync.ts — use native global AggregateError (Node 15+, Electron 98+, both satisfied by Obsidian runtime) - .gitignore: ignore *.main.js webpack chunks Audit reduction (22 → 4 low): - Remove npm-check-updates devDep (use `npx ncu` ad-hoc) — kills 15 vulns from transitive cacache/sigstore/tar/pacote chain - Pin to versions ≥ 30 days old (supply-chain hygiene): @types/node 24.12.2, c8 11.0.0, mocha 11.7.5, esbuild 0.28.0, crypto-browserify 3.12.1 - package.json overrides: elliptic@6.6.1, diff@9.0.0, serialize-javascript@7.0.5 to push transitive fixes - Remaining 4 lows are all elliptic (advisory marks all versions vulnerable; no upstream fix available)	2026-05-19 22:57:29 -03:00
Bruno Miiller	f92bcd630d	Add full CI pipeline (Lint → Test → Security) - ci.yml: 3-stage GitHub Actions following code-standards/ci pattern - Lint (3min): biome ci - Test (10min): npm test with c8 coverage + webpack build + artifacts - Security (5min): npm audit (high) + biome lint - Replace auto-build.yml (single-job install+test+build) - Add c8 devDep + test:coverage script (text/lcov/html) - .c8rc.json: include src/ and pro/src/, exclude tests/langs - Track package-lock.json (required by npm ci in CI) - Clean up .gitignore: remove .* allowlist antipattern, list specific ignores	2026-05-19 22:12:33 -03:00

Author

SHA1

Message

Date

Bruno Miiller

6a6f192942

Make build pass on Node 24 and reduce npm audit surface

Build fixes:
- tsconfig.json: moduleResolution "node" → "bundler" (resolves node-diff3
  v3.2.0 exports-only package); add "es2021" to lib for AggregateError
- webpack.config.js: NormalModuleReplacementPlugin to strip "node:" URI
  prefix so resolve.fallback browserify shims apply
- Remove "aggregate-error" import in src/main.ts, src/fsS3.ts,
  pro/src/sync.ts — use native global AggregateError (Node 15+, Electron
  98+, both satisfied by Obsidian runtime)
- .gitignore: ignore *.main.js webpack chunks

Audit reduction (22 → 4 low):
- Remove npm-check-updates devDep (use `npx ncu` ad-hoc) — kills 15 vulns
  from transitive cacache/sigstore/tar/pacote chain
- Pin to versions ≥ 30 days old (supply-chain hygiene): @types/node 24.12.2,
  c8 11.0.0, mocha 11.7.5, esbuild 0.28.0, crypto-browserify 3.12.1
- package.json overrides: elliptic@6.6.1, diff@9.0.0,
  serialize-javascript@7.0.5 to push transitive fixes
- Remaining 4 lows are all elliptic (advisory marks all versions
  vulnerable; no upstream fix available)

2026-05-19 22:57:29 -03:00

Bruno Miiller

f92bcd630d

Add full CI pipeline (Lint → Test → Security)

- ci.yml: 3-stage GitHub Actions following code-standards/ci pattern
  - Lint (3min): biome ci
  - Test (10min): npm test with c8 coverage + webpack build + artifacts
  - Security (5min): npm audit (high) + biome lint
- Replace auto-build.yml (single-job install+test+build)
- Add c8 devDep + test:coverage script (text/lcov/html)
- .c8rc.json: include src/ and pro/src/, exclude tests/langs
- Track package-lock.json (required by npm ci in CI)
- Clean up .gitignore: remove .* allowlist antipattern, list specific ignores

2026-05-19 22:12:33 -03:00

2 Commits