Conversation
Tests added
- add/validate do not mutate caller conditions arrays (packages/bundle-source/test/cache.test.js:23)
- validateOrAdd throws SyntaxError with consistent message for malformed metadata (packages/bundle-source/test/
cache.test.js:51)
- load can recover after a failed attempt for the same target name (packages/bundle-source/test/cache.test.js:69)
- Existing metadata test updated to use isolated temp cache dir (packages/bundle-source/test/cache.test.js:12)
🦋 Changeset detectedLatest commit: 644ab15 The changes in this PR will be included in the next version bump. This PR includes changesets to release 2 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
turadg
force-pushed
the
ta/bundle-docs
branch
from
de0b7d5 to
859dcef
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
This PR improves @endo/bundle-source maintainability and correctness by tightening types/docs around BundleCache, adding targeted regression tests, and doing some runtime cleanup and CLI doc tweaks (notably mentioning the endoScript format).
Changes:
- Add new tests for
BundleCachebehavior (immutability, malformed metadata errors, recovery after failed loads) and CLI usage output. - Strengthen/clarify runtime behavior in bundling/cache code (type cleanup, root validation tightening, memoization cleanup).
- Expand/centralize TypeScript type definitions and enable
// @ts-checkin more JS modules.
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/bundle-source/test/tool-command.test.js | Adds a CLI usage assertion that endoScript appears in --format help output. |
| packages/bundle-source/test/cache.test.js | Adds regression tests for cache immutability, malformed metadata handling, and load recovery behavior. |
| packages/bundle-source/src/zip-base64.js | Converts to // @ts-check and refactors bundling inputs/types (including conditions handling). |
| packages/bundle-source/src/types.ts | Introduces richer exported types for cache/bundling, including shared “powers” and cache interfaces. |
| packages/bundle-source/src/tool.js | Replaces a TS suppression with an explicit argv type assertion before calling main(). |
| packages/bundle-source/src/script.js | Converts to // @ts-check and refactors bundling inputs/types (including conditions handling). |
| packages/bundle-source/src/main.js | Updates CLI usage text to include endoScript in the supported format list. |
| packages/bundle-source/src/fs.js | Adds/clarifies JSDoc return types and aligns neighbor() typing for atomic writers. |
| packages/bundle-source/src/endo.js | Converts to // @ts-check, strengthens source-map caching requirements, and refactors transform plumbing. |
| packages/bundle-source/src/bundle-source.js | Refactors option handling to a typed implementation wrapper and removes previous casting suppressions. |
| packages/bundle-source/cache.js | Adds docstrings, improves option/conditions handling, improves root validation, and hardens memoized-load failure behavior. |
| .changeset/olive-socks-join.md | Adds a patch changeset describing cache fixes and CLI doc clarification. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
packages/bundle-source/src/tool.js
Outdated
Comment on lines
18
to
20
| const args = /** @type {[to: string, dest: string, ...rest: string[]]} */ ( | ||
| process.argv.slice(2) | ||
| ); |
There was a problem hiding this comment.
This JSDoc assertion types argv as a tuple with at least two positional args ([to, dest, ...rest]), but the CLI accepts flags-only invocations and main() handles arbitrary-length argv. Using an incorrect tuple type can hide real type issues. Consider typing this as string[] (and updating main's JSDoc accordingly) instead of asserting a tuple shape that isn't guaranteed.
Suggested change
| const args = /** @type {[to: string, dest: string, ...rest: string[]]} */ ( | |
| process.argv.slice(2) | |
| ); | |
| const args = /** @type {string[]} */ (process.argv.slice(2)); |
packages/bundle-source/src/types.ts
Outdated
|
|
||
| export interface BundleZipBase64Options extends BundleScriptOptions { | ||
| importHook?: | ||
| | import('@endo/compartment-mapper/node-powers.js').ExitModuleImportHook |
There was a problem hiding this comment.
BundleZipBase64Options.importHook references import('@endo/compartment-mapper/node-powers.js').ExitModuleImportHook, but ExitModuleImportHook is defined/exported from the compartment-mapper types module (e.g. @endo/compartment-mapper/src/types.js), not from node-powers.js. As written, this is likely to fail TypeScript type resolution for consumers. Please update the type reference to import ExitModuleImportHook from the module that actually exports it (matching how other compartment-mapper types are imported elsewhere in the repo).
Suggested change
| | import('@endo/compartment-mapper/node-powers.js').ExitModuleImportHook | |
| | import('@endo/compartment-mapper/src/types.js').ExitModuleImportHook |
Comment on lines
+129
to
+141
| const priorSourceMap = | ||
| typeof sourceMap === 'string' ? sourceMap : undefined; | ||
| const { code: object, map } = await evadeCensor(source, { | ||
| sourceType: babelSourceType, | ||
| sourceMap, | ||
| sourceMapUrl: new URL(specifier, location).href, | ||
| sourceMap: priorSourceMap, | ||
| elideComments, | ||
| })); | ||
| }); | ||
| const objectBytes = textEncoder.encode(object); | ||
| return { bytes: objectBytes, parser, sourceMap }; | ||
| return { | ||
| bytes: objectBytes, | ||
| parser, | ||
| sourceMap: typeof map === 'string' ? map : undefined, | ||
| }; |
There was a problem hiding this comment.
evadeCensor() returns a source map object when sourceUrl is provided (and undefined otherwise). This code never passes sourceUrl, so map will always be undefined and transforms will drop source maps. Additionally, even if sourceUrl were provided, the typeof map === 'string' check will discard the returned map object. Consider passing sourceUrl: new URL(specifier, location).href and serializing the returned map (e.g., JSON.stringify(map)) so sourceMap is a string as expected by compartment-mapper.
Comment on lines
+10
to
+19
| const makeTempDest = async () => { | ||
| const dest = await fs.mkdtemp(path.join(os.tmpdir(), 'endo-cache-')); | ||
| // Node 18 treats .js as CommonJS unless a nearby package.json declares | ||
| // "type":"module", so this temp cache must opt into ESM for `import()`. | ||
| await fs.writeFile( | ||
| path.join(dest, 'package.json'), | ||
| JSON.stringify({ type: 'module' }), | ||
| ); | ||
| return dest; | ||
| }; |
There was a problem hiding this comment.
The tests create a new temp cache directory via fs.mkdtemp(...) but never remove it. Over many runs (or in watch mode) this can leak files in the OS temp directory. Consider registering a cleanup with t.teardown(() => fs.rm(dest, { recursive: true, force: true })) (or equivalent) in each test or inside makeTempDest by passing t in.
michaelfig
approved these changes
Feb 19, 2026
Member
michaelfig
left a comment
michaelfig
left a comment
There was a problem hiding this comment.
Looks really good! I just noticed a few things that could be clarified.
Comment on lines
+82
to
+83
| const error = await t.throwsAsync(() => shellOutInvalidFormat()); | ||
| t.regex(error.message, /-f,--format .*endoScript/); |
Member
There was a problem hiding this comment.
There's a more succinct way:
Suggested change
| const error = await t.throwsAsync(() => shellOutInvalidFormat()); | |
| t.regex(error.message, /-f,--format .*endoScript/); | |
| await t.throwsAsync(() => shellOutInvalidFormat(), { message: /-f,--format .*endoScript/ }); |
| ); | ||
| t.true(error instanceof SyntaxError); | ||
| t.regex(error.message, /Cannot parse JSON from cache-test-malformed-meta/); | ||
| }); |
Member
There was a problem hiding this comment.
More idiomatic:
Suggested change
| }); | |
| await t.throwsAsync(() => | |
| cache.validateOrAdd(entry, targetName, t.log), | |
| { | |
| instanceOf: SyntaxError, | |
| message: /Cannot parse JSON from cache-test-malformed-meta/, | |
| }, | |
| ); |
Comment on lines
+382
to
+383
| // This promise may be rejected before any concurrent caller awaits it. | ||
| todo.promise.catch(() => {}); |
Member
There was a problem hiding this comment.
I'm curious about the rationale, but this at least should have a comment:
Suggested change
| // This promise may be rejected before any concurrent caller awaits it. | |
| todo.promise.catch(() => {}); | |
| // This promise may be rejected before any concurrent caller awaits it. | |
| // HardenedJS only logs a warning if the promise is never awaited. | |
| // We silence the promise completely because we want to ensure the | |
| // rejection is never logged, with or without HardenedJS. | |
| todo.promise.catch(() => {}); |
- Added shared metadata parser so validate and validateOrAdd now throw consistent parse errors for malformed JSON
(packages/bundle-source/cache.js:45, packages/bundle-source/cache.js:199, packages/bundle-source/cache.js:285).
- Stopped mutating caller-provided conditions arrays by sorting copies instead (packages/bundle-source/cache.js:78,
packages/bundle-source/cache.js:195, packages/bundle-source/cache.js:216).
- Removed duplicate cache directory creation in add (kept single mkdir) (packages/bundle-source/cache.js:99, removed second
call near previous write path).
- Fixed load memoization failure behavior:
- clear poisoned entry on failure so same target can retry,
- reject shared in-flight promise for concurrent waiters,
- prevent unhandled rejection noise for internal promise (packages/bundle-source/cache.js:378).
turadg
force-pushed
the
ta/bundle-docs
branch
from
ecd7ad0 to
644ab15
Compare
Merged
boneskull
added a commit
that referenced
this pull request
Feb 26, 2026
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and publish to npm yourself or [setup this action to publish automatically](https://github.com/changesets/action#with-publishing). If you're not ready to do a release yet, that's fine, whenever you add more changesets to master, this PR will be updated. # Releases ## @endo/compartment-mapper@2.0.0 ### Major Changes - [#3082](#3082) [`2e00276`](2e00276) Thanks [@boneskull](https://github.com/boneskull)! - - **Breaking:** `CompartmentMapDescriptor` no longer has a `path` property. - **Breaking:** `CompartmentMapDescriptor`'s `label` property is now a _canonical name_ (a string of one or more npm package names separated by `>`). - **Breaking:** The `CompartmentMapDescriptor` returned by `captureFromMap()` now uses canonical names as the keys in its `compartments` property. - Breaking types: `CompartmentMapDescriptor`, `CompartmentDescriptor`, `ModuleConfiguration` (renamed from `ModuleDescriptor`) and `ModuleSource` have all been narrowed into discrete subtypes. - `captureFromMap()`, `loadLocation()` and `importLocation()` now accept a `moduleSourceHook` option. This hook is called when processing each module source, receiving the module source data (location, language, bytes, or error information) and the canonical name of the containing package. - `captureFromMap()` now accepts a `packageConnectionsHook` option. This hook is called for each retained compartment with its canonical name and the set of canonical names of compartments it links to (its connections). Useful for analyzing or visualizing the dependency graph. - `mapNodeModules()`, `loadLocation()`, `importLocation()`, `makeScript()`, `makeFunctor()`, and `writeScript()` now accept the following hook options: - `unknownCanonicalNameHook`: Called for each canonical name mentioned in policy but not found in the compartment map. Useful for detecting policy misconfigurations. - `packageDependenciesHook`: Called for each package with its set of dependencies. Can return partial updates to modify the dependencies, enabling dependency filtering or injection based on policy. - `packageDataHook`: Called once with data about all packages found while crawling `node_modules`, just prior to creation of a compartment map. - When dynamic requires are enabled via configuration, execution now takes policy into consideration when no other relationship (for example, a dependent/dependee relationship) between two Compartments exists. When policy explicitly allows access from package _A_ to _B_ and _A_ dynamically requires _B_ (via absolute path or otherwise), the operation will succeed. This can occur _if and only if_ dynamic requires are enabled _and_ a policy is provided. - Improved error messaging for policy enforcement failures. ### Patch Changes - [#3055](#3055) [`81b4c40`](81b4c40) Thanks [@naugtur](https://github.com/naugtur)! - - Introduces additional signal to consider an export from a package an ESM module when it's selected via an `import` key in `exports` in package.json in case no other indication of it being an ESM module is present. - Updated dependencies \[[`2e00276`](2e00276), [`a29ecd4`](a29ecd4), [`a7d3d26`](a7d3d26), [`d83b1ab`](d83b1ab)]: - ses@1.15.0 - @endo/module-source@1.4.0 - @endo/zip@1.1.0 ## @endo/bundle-source@4.2.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - [#3083](#3083) [`644ab15`](644ab15) Thanks [@turadg](https://github.com/turadg)! - Fix bundle cache corner cases, improve cache-root validation, and clarify CLI docs for `endoScript` bundle format. - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`d83b1ab`](d83b1ab), [`b8b52ce`](b8b52ce), [`a2c32ec`](a2c32ec), [`81b4c40`](81b4c40)]: - @endo/compartment-mapper@2.0.0 - @endo/harden@1.1.0 - @endo/promise-kit@1.2.0 - @endo/init@1.1.13 - @endo/evasive-transform@2.1.0 ## @endo/captp@4.5.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`d83b1ab`](d83b1ab), [`98f77e9`](98f77e9)]: - @endo/errors@1.3.0 - @endo/harden@1.1.0 - @endo/eventual-send@1.4.0 - @endo/marshal@1.9.0 - @endo/nat@5.2.0 - @endo/pass-style@1.7.0 - @endo/promise-kit@1.2.0 ## @endo/check-bundle@1.1.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`2e00276`](2e00276), [`029dcc4`](029dcc4), [`81b4c40`](81b4c40)]: - @endo/errors@1.3.0 - @endo/compartment-mapper@2.0.0 - @endo/harden@1.1.0 ## @endo/common@1.3.0 ### Minor Changes - [#3082](#3082) [`2e00276`](2e00276) Thanks [@boneskull](https://github.com/boneskull)! - Deprecates this package's support for the checkFoo/assertCheck pattern (`Checker`, `identChecker`) in favor of the confirm/reject pattern supported by @endo/errors/rejector.js. - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`d83b1ab`](d83b1ab)]: - @endo/errors@1.3.0 - @endo/harden@1.1.0 - @endo/eventual-send@1.4.0 - @endo/promise-kit@1.2.0 ## @endo/errors@1.3.0 ### Minor Changes - [#3082](#3082) [`2e00276`](2e00276) Thanks [@boneskull](https://github.com/boneskull)! - - Exports `assert.details` under its own name (i.e., `details`). - `hideAndHardenFunction` - If a function `foo` is first frozen with `hideAndHardenFunction(foo)` rather than `freeze(foo)` or `harden(foo)`, then `foo.name` is changed from `'foo'` to `'__HIDE_foo'`. When `stackFiltering: 'concise'` or `stackFiltering: 'omit-frames'`, then (currently only on v8), the stack frames for that function are omitted from the stacks reported by our causal console. - The new `Rejector` type supports the confirmFoo/reject pattern: ```js @import {FAIL, hideAndHardenFunction} from '@Endo@errors'; @import {Rejector} from '@endo/errors/rejector.js'; const confirmFoo = (specimen, reject: Rejector) => test(specimen) || reject && reject`explanation of what went wrong`; export const isFoo = specimen => confirmFoo(specimen, false); hideAndHardenFunction(isFoo); export const assertFoo = specimen => { confirmFoo(specimen, FAIL); }; hideAndHardenFunction(assertFoo); ``` Both `false` and `Fail` satisfy the `Rejector` type. We also deprecate the old checkFoo/assertChecker pattern from @endo/common. The exported `isFoo` and `assertFoo` behave the same as they had when then they were using the checkFoo/assertChecker pattern, but are now internally faster and clearer. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4)]: - ses@1.15.0 - @endo/harden@1.1.0 ## @endo/evasive-transform@2.1.0 ### Minor Changes - [#3026](#3026) [`a2c32ec`](a2c32ec) Thanks [@naugtur](https://github.com/naugtur)! - - Add meaning-preserving transformation of expressions and literals containing content that would otherwise be rejected by SES for looking like dynamic import or HTML-like comments. Previously only comments were transformed. Use `onlyComments` option to opt-out of the new behavior. ## @endo/eventual-send@1.4.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`029dcc4`](029dcc4)]: - @endo/harden@1.1.0 ## @endo/exo@1.6.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`98f77e9`](98f77e9), [`029dcc4`](029dcc4), [`2e00276`](2e00276), [`98f77e9`](98f77e9), [`d83b1ab`](d83b1ab), [`c488503`](c488503), [`98f77e9`](98f77e9)]: - @endo/errors@1.3.0 - @endo/patterns@1.8.0 - @endo/harden@1.1.0 - @endo/common@1.3.0 - @endo/eventual-send@1.4.0 - @endo/pass-style@1.7.0 ## @endo/harden@1.1.0 ### Minor Changes - [#3008](#3008) [`029dcc4`](029dcc4) Thanks [@kriskowal](https://github.com/kriskowal)! - - Introduces `@endo/harden`, providing a `harden` implementation that works both inside and outside HardenedJS. - Supports the `hardened` and `harden:unsafe` build conditions to select hardened-environment and no-op behaviors. - Detects pre-lockdown use of `harden` so `lockdown()` fails with a helpful error instead of leaving modules incorrectly hardened. All notable changes to this project will be documented in this file. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. ## @endo/import-bundle@1.6.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`2e00276`](2e00276), [`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4), [`81b4c40`](81b4c40)]: - ses@1.15.0 - @endo/errors@1.3.0 - @endo/compartment-mapper@2.0.0 - @endo/harden@1.1.0 ## @endo/lp32@1.2.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4), [`d83b1ab`](d83b1ab)]: - ses@1.15.0 - @endo/errors@1.3.0 - @endo/harden@1.1.0 - @endo/stream@1.3.0 ## @endo/marshal@1.9.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`2e00276`](2e00276), [`d83b1ab`](d83b1ab), [`98f77e9`](98f77e9)]: - @endo/errors@1.3.0 - @endo/harden@1.1.0 - @endo/common@1.3.0 - @endo/eventual-send@1.4.0 - @endo/nat@5.2.0 - @endo/pass-style@1.7.0 - @endo/promise-kit@1.2.0 ## @endo/memoize@1.2.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4)]: - ses@1.15.0 - @endo/harden@1.1.0 ## @endo/module-source@1.4.0 ### Minor Changes - [#3008](#3008) [`a7d3d26`](a7d3d26) Thanks [@kriskowal](https://github.com/kriskowal)! - - Transitively freezes the properties of `ModuleSource` constructors and instances without requiring lockdown, for greater safety against supply-chain-attack. `ModuleSource`, particularly through the `@endo/module-source/shim.js`, necessarily runs before `lockdown` is called (if ever) and cannot rely on `harden`, so must preemptively transitively freeze its properties to be a hardened module, regardless of whether `lockdown` is ever called. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4)]: - ses@1.15.0 - @endo/harden@1.1.0 ## @endo/nat@5.2.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ## @endo/netstring@1.1.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4), [`d83b1ab`](d83b1ab), [`b8b52ce`](b8b52ce)]: - ses@1.15.0 - @endo/harden@1.1.0 - @endo/promise-kit@1.2.0 - @endo/stream@1.3.0 - @endo/init@1.1.13 ## @endo/pass-style@1.7.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. - [#3082](#3082) [`98f77e9`](98f77e9) Thanks [@boneskull](https://github.com/boneskull)! - - Deprecates `assertChecker`. Use `Fail` in the confirm/reject pattern instead, as supported by `@endo/errors/rejector.js`. - Enables `passStyleOf` to make errors passable as a side-effect when SES locks down with `hardenTaming` set to `unsafe`, which impacts errors on V8 starting with Node.js 21, and similar engines, that own a `stack` getter and setter that would otherwise be repaired as a side-effect of `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`2e00276`](2e00276), [`d83b1ab`](d83b1ab)]: - @endo/errors@1.3.0 - @endo/harden@1.1.0 - @endo/common@1.3.0 - @endo/eventual-send@1.4.0 - @endo/promise-kit@1.2.0 ## @endo/patterns@1.8.0 ### Minor Changes - [#3082](#3082) [`98f77e9`](98f77e9) Thanks [@boneskull](https://github.com/boneskull)! - `@endo/patterns` now exports a new `getNamedMethodGuards(interfaceGuard)` that returns that interface guard's record of method guards. The motivation is to support interface inheritance expressed by patterns like ```js const I2 = M.interface('I2', { ...getNamedMethodGuards(I1), doMore: M.call().returns(M.any()), }); ``` See `@endo/exo`'s `exo-wobbly-point.test.js` to see it in action together with an experiment in class inheritance. - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - [#3082](#3082) [`98f77e9`](98f77e9) Thanks [@boneskull](https://github.com/boneskull)! - The `sloppy` option for `@endo/patterns` interface guards is deprecated. Use `defaultGuards` instead. - [#3065](#3065) [`c488503`](c488503) Thanks [@gibson042](https://github.com/gibson042)! - - `containerHasSplit` now hardens its output(s) when working with copyArrays, ensuring that each output is itself a copyArray instance. - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`2e00276`](2e00276), [`d83b1ab`](d83b1ab), [`98f77e9`](98f77e9)]: - @endo/errors@1.3.0 - @endo/harden@1.1.0 - @endo/common@1.3.0 - @endo/eventual-send@1.4.0 - @endo/marshal@1.9.0 - @endo/pass-style@1.7.0 - @endo/promise-kit@1.2.0 ## @endo/promise-kit@1.2.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4)]: - ses@1.15.0 - @endo/harden@1.1.0 ## ses@1.15.0 ### Minor Changes - [#3082](#3082) [`2e00276`](2e00276) Thanks [@boneskull](https://github.com/boneskull)! - - Adds `assert.makeError` and deprecates `assert.error` as an alias, matching the API already exported from `@endo/errors`. - Before this version, the `assert` left in global scope before `lockdown` would redact errors and would be replaced by `lockdown` with a version that did _not_ redact errors if the caller opted-in with `errorTaming` set to one of the `unsafe` variants. After this version, the reverse is true: the `assert` left in global scope before `lockdown` does not redact. Then, `lockdown` replaces `assert` with a redacting `assert` unless the caller opted-out with `errorTaming` set to one of the `unsafe` variants. - [#3008](#3008) [`a29ecd4`](a29ecd4) Thanks [@kriskowal](https://github.com/kriskowal)! - - `lockdown` and `repairIntrinsics` now detect when code has already called a `harden` imported from `@endo/harden` before lockdown, and fail with a clear error about hardened modules executing before lockdown. - Adds `Object[Symbol.for('harden')]` as a variant of `globalThis.harden` that cannot be overridden by an endowment named `harden` in compartments. ## @endo/ses-ava@1.4.0 ### Minor Changes - [#3082](#3082) [`2e00276`](2e00276) Thanks [@boneskull](https://github.com/boneskull)! - - Introduces a `ses-ava` command for running tests with multiple AVA configurations. - Adds an `@endo/ses-ava/test.js` module for getting a `test` function appropriate for your configuration. - Adds an `@endo/ses-ava/prepare-endo-config.js` module suitable for use in the `require` clause of an AVA configuration, such that `@endo/ses-ava/test.js` exports a wrapped SES-AVA `test` function. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4), [`b8b52ce`](b8b52ce)]: - ses@1.15.0 - @endo/harden@1.1.0 - @endo/init@1.1.13 ## @endo/stream@1.3.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4), [`d83b1ab`](d83b1ab)]: - ses@1.15.0 - @endo/harden@1.1.0 - @endo/eventual-send@1.4.0 - @endo/promise-kit@1.2.0 ## @endo/stream-node@1.2.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4), [`d83b1ab`](d83b1ab), [`b8b52ce`](b8b52ce)]: - ses@1.15.0 - @endo/errors@1.3.0 - @endo/harden@1.1.0 - @endo/stream@1.3.0 - @endo/init@1.1.13 ## @endo/zip@1.1.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ## @endo/init@1.1.13 ### Patch Changes - [#3085](#3085) [`b8b52ce`](b8b52ce) Thanks [@copilot-swe-agent](https://github.com/apps/copilot-swe-agent)! - Move async_hooks patch to dedicated entrypoint for Node.js 24 compatibility The async_hooks patch was originally added in #1115 to address debugger issues (#1105) for local debugging of Node.js processes in lockdown mode. However, the patch is breaking in Node.js 24, and it's unclear whether it's still necessary in Node.js 20+. To maintain backward compatibility while fixing the Node.js 24 breakage, the patch has been moved from the default import path to a new dedicated entrypoint `@endo/init/debug-async-hooks.js`. This allows users who need the async_hooks patch for debugging in older Node.js versions to opt-in explicitly, while preventing breakage for users on Node.js 24+. If you were relying on the async_hooks patch, import `@endo/init/debug-async-hooks.js` instead of `@endo/init/debug.js`. Note that this entrypoint may not work correctly in Node.js 24+. - Updated dependencies \[[`029dcc4`](029dcc4), [`d83b1ab`](d83b1ab)]: - @endo/harden@1.1.0 - @endo/eventual-send@1.4.0 - @endo/promise-kit@1.2.0 ## @endo/cli@2.3.12 ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`2e00276`](2e00276), [`98f77e9`](98f77e9), [`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4), [`644ab15`](644ab15), [`98f77e9`](98f77e9), [`d83b1ab`](d83b1ab), [`b8b52ce`](b8b52ce), [`c488503`](c488503), [`98f77e9`](98f77e9), [`81b4c40`](81b4c40)]: - ses@1.15.0 - @endo/errors@1.3.0 - @endo/patterns@1.8.0 - @endo/compartment-mapper@2.0.0 - @endo/harden@1.1.0 - @endo/bundle-source@4.2.0 - @endo/eventual-send@1.4.0 - @endo/exo@1.6.0 - @endo/import-bundle@1.6.0 - @endo/pass-style@1.7.0 - @endo/promise-kit@1.2.0 - @endo/stream-node@1.2.0 - @endo/init@1.1.13 - @endo/daemon@2.5.2 ## @endo/daemon@2.5.2 ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`2e00276`](2e00276), [`98f77e9`](98f77e9), [`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4), [`98f77e9`](98f77e9), [`d83b1ab`](d83b1ab), [`b8b52ce`](b8b52ce), [`c488503`](c488503), [`81b4c40`](81b4c40)]: - ses@1.15.0 - @endo/errors@1.3.0 - @endo/patterns@1.8.0 - @endo/compartment-mapper@2.0.0 - @endo/harden@1.1.0 - @endo/captp@4.5.0 - @endo/eventual-send@1.4.0 - @endo/exo@1.6.0 - @endo/import-bundle@1.6.0 - @endo/marshal@1.9.0 - @endo/netstring@1.1.0 - @endo/promise-kit@1.2.0 - @endo/stream-node@1.2.0 - @endo/stream@1.3.0 - @endo/init@1.1.13 ## @endo/test262-runner@0.1.49 ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`2e00276`](2e00276), [`a29ecd4`](a29ecd4), [`81b4c40`](81b4c40)]: - ses@1.15.0 - @endo/compartment-mapper@2.0.0
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
incidental
Description
There was some confusion recently about the API of
BundleCache. This adds docs for it.It also adds tests coverage, fixes up types and some runtime cleanup.
The new tests fail under Node 18 because it defaults to CJS for
.jsfiles.Since that version is past EOL this also removes it from CI matrix. And while searching it unpinsThis provides a package.json and defers CI changes to #3084node-versionfrom jobs which aren't meant to test release compatibility (and should always work with latest default Node version).Security Considerations
none
Scaling Considerations
none
Documentation Considerations
This should go out in a release so it needs a changeset. Patch release I suppose.
Testing Considerations
CI
Compatibility Considerations
no, just docs and types and some small bug fixes
Upgrade Considerations
will address in a changeset file