From 5f4c26529bcdb5372c8f5328b30ee1bf947a9e0f Mon Sep 17 00:00:00 2001 From: Akash Jag Date: Fri, 19 Jun 2026 03:20:00 -0700 Subject: [PATCH 1/3] chore: move shield to node v24 --- .github/workflows/ci.yml | 10 +++++----- .github/workflows/release.yml | 14 +++++++------- .nvmrc | 2 +- package.json | 8 ++++++-- pnpm-lock.yaml | 6 +++++- 5 files changed, 24 insertions(+), 16 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 877fd4b..7fa5e96 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - node-version: [20.17.0, 22.x] + node-version: [20.19.0, 22.x, 24.x] steps: - name: Harden runner @@ -38,7 +38,7 @@ jobs: run: | npm install -g corepack@0.35.0 corepack enable - corepack prepare pnpm@10.12.2 --activate + corepack prepare pnpm@10.33.1 --activate - name: Set up Socket Firewall uses: socketdev/action@937f824ec476dfd164d4a4d9995751427b0be143 # v1 @@ -60,7 +60,7 @@ jobs: run: pnpm run build - name: Upload coverage to Codecov - if: matrix.node-version == '20.17.0' + if: matrix.node-version == '24.x' uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de with: files: ./coverage/lcov.info @@ -86,14 +86,14 @@ jobs: - name: Setup Node.js uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 with: - node-version: 20.17.0 + node-version: 24.x - name: Install pnpm shell: bash run: | npm install -g corepack@0.35.0 corepack enable - corepack prepare pnpm@10.12.2 --activate + corepack prepare pnpm@10.33.1 --activate - name: Set up Socket Firewall uses: socketdev/action@937f824ec476dfd164d4a4d9995751427b0be143 # v1 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c5b22eb..40e6f5a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -43,14 +43,14 @@ jobs: - name: Setup Node.js uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 with: - node-version: "22" + node-version: "24" - name: Install pnpm shell: bash run: | npm install -g corepack@0.35.0 corepack enable - corepack prepare pnpm@10.12.2 --activate + corepack prepare pnpm@10.33.1 --activate - name: Set up Socket Firewall uses: socketdev/action@937f824ec476dfd164d4a4d9995751427b0be143 # v1 @@ -101,7 +101,7 @@ jobs: - name: Setup Node.js uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 with: - node-version: "22" + node-version: "24" registry-url: "https://registry.npmjs.org" - name: Install pnpm @@ -109,7 +109,7 @@ jobs: run: | npm install -g corepack@0.35.0 corepack enable - corepack prepare pnpm@10.12.2 --activate + corepack prepare pnpm@10.33.1 --activate - name: Update npm run: npm install -g npm@11.15.0 @@ -189,13 +189,13 @@ jobs: if: ${{ !matrix.node_arch }} uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 with: - node-version: "22" + node-version: "24" - name: Setup Node.js (x64 via Rosetta) if: ${{ matrix.node_arch }} uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 with: - node-version: "22" + node-version: "24" architecture: ${{ matrix.node_arch }} - name: Install pnpm @@ -203,7 +203,7 @@ jobs: run: | npm install -g corepack@0.35.0 corepack enable - corepack prepare pnpm@10.12.2 --activate + corepack prepare pnpm@10.33.1 --activate - name: Set up Socket Firewall uses: socketdev/action@937f824ec476dfd164d4a4d9995751427b0be143 # v1 diff --git a/.nvmrc b/.nvmrc index ec09f38..b832e40 100644 --- a/.nvmrc +++ b/.nvmrc @@ -1 +1 @@ -20.17.0 \ No newline at end of file +24.16.0 diff --git a/package.json b/package.json index f6d4db4..ecf5763 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,11 @@ "name": "@yieldxyz/shield", "version": "1.2.5", "description": "Zero-trust transaction validation library for Yield.xyz integrations.", - "packageManager": "pnpm@10.12.2", + "packageManager": "pnpm@10.33.1", + "engines": { + "node": ">=20.19.0", + "pnpm": ">=10.33.1" + }, "main": "./dist/index.js", "types": "./dist/index.d.ts", "repository": { @@ -59,7 +63,7 @@ "devDependencies": { "@rslib/core": "^0.0.11", "@types/jest": "^29.0.0", - "@types/node": "^20.0.0", + "@types/node": "^20.19.0", "@typescript-eslint/eslint-plugin": "^6.21.0", "@typescript-eslint/parser": "^6.21.0", "esbuild": "^0.27.2", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 0197efa..1c5889c 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -28,7 +28,7 @@ importers: specifier: ^29.0.0 version: 29.5.14 '@types/node': - specifier: ^20.0.0 + specifier: ^20.19.0 version: 20.19.19 '@typescript-eslint/eslint-plugin': specifier: ^6.21.0 @@ -597,21 +597,25 @@ packages: resolution: {integrity: sha512-JogYtL3VQS9wJ3p3FNhDqinm7avrMsdwz4erP7YCjD7idob93GYAE7dPrHUzSNVnCBYXRaHJYZHDQs7lKVcYZw==} cpu: [arm64] os: [linux] + libc: [glibc] '@rspack/binding-linux-arm64-musl@1.0.14': resolution: {integrity: sha512-qgybhxI/nnoa8CUz7zKTC0Oh37NZt9uRxsSV7+ZYrfxqbrVCoNVuutPpY724uUHy1M6W34kVEm1uT1N4Ka5cZg==} cpu: [arm64] os: [linux] + libc: [musl] '@rspack/binding-linux-x64-gnu@1.0.14': resolution: {integrity: sha512-5vzaDRw3/sGKo3ax/1cU3/cxqNjajwlt2LU288vXNe1/n8oe/pcDfYcTugpOe/A1DqzadanudJszLpFcKsaFtQ==} cpu: [x64] os: [linux] + libc: [glibc] '@rspack/binding-linux-x64-musl@1.0.14': resolution: {integrity: sha512-4U6QD9xVS1eGme52DuJr6Fg/KdcUfJ+iKwH49Up460dZ/fLvGylnVGA+V0mzPlKi8gfy7NwFuYXZdu3Pwi1YYg==} cpu: [x64] os: [linux] + libc: [musl] '@rspack/binding-win32-arm64-msvc@1.0.14': resolution: {integrity: sha512-SjeYw7qqRHYZ5RPClu+ffKZsShQdU3amA1OwC3M0AS6dbfEcji8482St3Y8Z+QSzYRapCEZij9LMM/9ypEhISg==} From 68396a8041956852ac4fbb6b043db683b751b8a2 Mon Sep 17 00:00:00 2001 From: Akash Jag Date: Sat, 20 Jun 2026 01:59:58 -0700 Subject: [PATCH 2/3] fix: cli truncated piped output --- .github/workflows/release.yml | 10 ++++++---- package.json | 2 +- src/cli.integration.test.ts | 36 +++++++++++++++++++++++++++++++++++ src/cli.ts | 11 +++++++---- 4 files changed, 50 insertions(+), 9 deletions(-) create mode 100644 src/cli.integration.test.ts diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 40e6f5a..225a2f5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -285,8 +285,10 @@ jobs: run: ls -la shield-* - name: Create Release - uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b - with: - files: shield-* env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh release create "${GITHUB_REF_NAME}" shield-* \ + --repo "${GITHUB_REPOSITORY}" \ + --title "${GITHUB_REF_NAME}" \ + --generate-notes \ No newline at end of file diff --git a/package.json b/package.json index 34e032a..e7bc1fe 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@yieldxyz/shield", - "version": "1.2.6", + "version": "1.3.0", "description": "Zero-trust transaction validation library for Yield.xyz integrations.", "packageManager": "pnpm@10.33.1", "engines": { diff --git a/src/cli.integration.test.ts b/src/cli.integration.test.ts new file mode 100644 index 0000000..f490b59 --- /dev/null +++ b/src/cli.integration.test.ts @@ -0,0 +1,36 @@ +import { execSync, spawnSync } from 'child_process'; +import { existsSync } from 'fs'; +import { join } from 'path'; + +const ROOT = join(__dirname, '..'); +const BUNDLE = join(ROOT, 'dist', 'cli.bundled.js'); + +describe('CLI stdout flush (large response not truncated over a pipe)', () => { + beforeAll(() => { + // CI builds after tests; ensure the SEA entry bundle exists. + if (!existsSync(BUNDLE)) { + execSync('pnpm build:cli:bundle', { cwd: ROOT, stdio: 'inherit' }); + } + }, 120_000); + + it('returns the full getSupportedYieldIds payload (>64KB) over a pipe', () => { + const req = JSON.stringify({ + apiVersion: '1.0', + operation: 'getSupportedYieldIds', + }); + + // spawnSync captures stdout via a pipe — the exact path that truncated at 64KB. + const res = spawnSync(process.execPath, [BUNDLE], { + input: req, + encoding: 'utf8', + maxBuffer: 10 * 1024 * 1024, + }); + + expect(res.status).toBe(0); + // Regression: output was truncated to exactly 65536 bytes. + expect(res.stdout.length).toBeGreaterThan(64 * 1024); + const parsed = JSON.parse(res.stdout); // would throw on truncated JSON + expect(parsed.ok).toBe(true); + expect(parsed.result.yieldIds.length).toBeGreaterThan(1000); + }); +}); \ No newline at end of file diff --git a/src/cli.ts b/src/cli.ts index dee90ee..0dd539d 100644 --- a/src/cli.ts +++ b/src/cli.ts @@ -30,8 +30,10 @@ async function main(): Promise { try { const input = await readStdin(); const output = handleJsonRequest(input); - process.stdout.write(output + '\n'); - process.exit(0); + // Wait for stdout to flush before exiting. process.exit() drops any + // unflushed buffer when stdout is a pipe, truncating large responses + // (e.g. getSupportedYieldIds) at the ~64KB pipe-buffer boundary. + process.stdout.write(output + '\n', () => process.exit(0)); } catch (error) { // SECURITY: Output valid JSON even on catastrophic failure const errorResponse = { @@ -43,9 +45,10 @@ async function main(): Promise { }, meta: { requestHash: 'unavailable' }, }; - process.stdout.write(JSON.stringify(errorResponse) + '\n'); process.stdin.destroy(); - process.exit(1); + process.stdout.write(JSON.stringify(errorResponse) + '\n', () => + process.exit(1), + ); } } From bc4be2fe44c7cd69c4e32120eb0af67bb4c506e5 Mon Sep 17 00:00:00 2001 From: Akash Jag Date: Sat, 20 Jun 2026 03:17:18 -0700 Subject: [PATCH 3/3] fix: lint and rabbit --- .github/workflows/ci.yml | 2 ++ .github/workflows/release.yml | 4 ++++ src/cli.integration.test.ts | 2 +- 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7fa5e96..a39d022 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -32,6 +32,7 @@ jobs: uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 with: node-version: ${{ matrix.node-version }} + package-manager-cache: false - name: Install pnpm shell: bash @@ -87,6 +88,7 @@ jobs: uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 with: node-version: 24.x + package-manager-cache: false - name: Install pnpm shell: bash diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 225a2f5..3b1198e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -44,6 +44,7 @@ jobs: uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 with: node-version: "24" + package-manager-cache: false - name: Install pnpm shell: bash @@ -103,6 +104,7 @@ jobs: with: node-version: "24" registry-url: "https://registry.npmjs.org" + package-manager-cache: false - name: Install pnpm shell: bash @@ -190,6 +192,7 @@ jobs: uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 with: node-version: "24" + package-manager-cache: false - name: Setup Node.js (x64 via Rosetta) if: ${{ matrix.node_arch }} @@ -197,6 +200,7 @@ jobs: with: node-version: "24" architecture: ${{ matrix.node_arch }} + package-manager-cache: false - name: Install pnpm shell: bash diff --git a/src/cli.integration.test.ts b/src/cli.integration.test.ts index f490b59..006c623 100644 --- a/src/cli.integration.test.ts +++ b/src/cli.integration.test.ts @@ -33,4 +33,4 @@ describe('CLI stdout flush (large response not truncated over a pipe)', () => { expect(parsed.ok).toBe(true); expect(parsed.result.yieldIds.length).toBeGreaterThan(1000); }); -}); \ No newline at end of file +});