v0.12.1
Supply-chain hardening: the npm install is now inert and auditable at a glance.
Changed
- Per-platform binary packages. The prebuilt binary ships as five
buildwithnexus-<os>-<cpu>packages selected automatically via
optionalDependencies(the esbuild pattern). The main package is ~7 readable
files with no install scripts, no network code, no shell-outs (beyond
spawning the CLI itself), no bundled sources, no eval — supply-chain
scanners have nothing to flag. Binaries are SHA-256-verified when packaged
and carry build-provenance attestations. - Auto-update moved into the binary. The daily npm-registry check and
silentnpm install -grefresh now run inside the CLI (background thread,
never blocks startup) instead of the npm wrapper.BWN_NO_AUTO_UPDATE=1
still disables installs; an update notice prints on the next launch. - Installs with
--omit=optionalskip the platform binary; pointBWN_BIN
at a self-built binary (documented in the launcher's error message and at
buildwithnexus.dev/docs/install). - Added a
mainentry point (index.js) with a tiny programmatic API
({ version, binaryPath, run }) so bundle analyzers stop erroring on the
bin-only package.
What's Changed
- release 0.12.1: zero supply-chain flags, crates.io publishing (
cargo install bwn), CI action bumps (supersedes #47) by @geaglin in #49 - release: ship-now/tokens-later publishing (npm OIDC day one) + inline image rendering in the TUI by @geaglin in #50
Full Changelog: v0.12.0...v0.12.1
Supply-chain hardening: the npm install is now inert and auditable at a glance.
Changed
- Per-platform binary packages. The prebuilt binary ships as five
buildwithnexus-<os>-<cpu>packages selected automatically via
optionalDependencies(the esbuild pattern). The main package is ~7 readable
files with no install scripts, no network code, no shell-outs (beyond
spawning the CLI itself), no bundled sources, no eval — supply-chain
scanners have nothing to flag. Binaries are SHA-256-verified when packaged
and carry build-provenance attestations. - Auto-update moved into the binary. The daily npm-registry check and
silentnpm install -grefresh now run inside the CLI (background thread,
never blocks startup) instead of the npm wrapper.BWN_NO_AUTO_UPDATE=1
still disables installs; an update notice prints on the next launch. - Installs with
--omit=optionalskip the platform binary; pointBWN_BIN
at a self-built binary (documented in the launcher's error message and at
buildwithnexus.dev/docs/install). - Added a
mainentry point (index.js) with a tiny programmatic API
({ version, binaryPath, run }) so bundle analyzers stop erroring on the
bin-only package.
What's Changed
- release 0.12.1: zero supply-chain flags, crates.io publishing (
cargo install bwn), CI action bumps (supersedes #47) by @geaglin in #49 - release: ship-now/tokens-later publishing (npm OIDC day one) + inline image rendering in the TUI by @geaglin in #50
Full Changelog: v0.12.0...v0.12.1
Supply-chain hardening: the npm install is now inert and auditable at a glance.
Changed
- Per-platform binary packages. The prebuilt binary ships as five
buildwithnexus-<os>-<cpu>packages selected automatically via
optionalDependencies(the esbuild pattern). The main package is ~7 readable
files with no install scripts, no network code, no shell-outs (beyond
spawning the CLI itself), no bundled sources, no eval — supply-chain
scanners have nothing to flag. Binaries are SHA-256-verified when packaged
and carry build-provenance attestations. - Auto-update moved into the binary. The daily npm-registry check and
silentnpm install -grefresh now run inside the CLI (background thread,
never blocks startup) instead of the npm wrapper.BWN_NO_AUTO_UPDATE=1
still disables installs; an update notice prints on the next launch. - Installs with
--omit=optionalskip the platform binary; pointBWN_BIN
at a self-built binary (documented in the launcher's error message and at
buildwithnexus.dev/docs/install). - Added a
mainentry point (index.js) with a tiny programmatic API
({ version, binaryPath, run }) so bundle analyzers stop erroring on the
bin-only package.
What's Changed
- release 0.12.1: zero supply-chain flags, crates.io publishing (
cargo install bwn), CI action bumps (supersedes #47) by @geaglin in #49 - release: ship-now/tokens-later publishing (npm OIDC day one) + inline image rendering in the TUI by @geaglin in #50
Full Changelog: v0.12.0...v0.12.1
Supply-chain hardening: the npm install is now inert and auditable at a glance.
Changed
- Per-platform binary packages. The prebuilt binary ships as five
buildwithnexus-<os>-<cpu>packages selected automatically via
optionalDependencies(the esbuild pattern). The main package is ~7 readable
files with no install scripts, no network code, no shell-outs (beyond
spawning the CLI itself), no bundled sources, no eval — supply-chain
scanners have nothing to flag. Binaries are SHA-256-verified when packaged
and carry build-provenance attestations. - Auto-update moved into the binary. The daily npm-registry check and
silentnpm install -grefresh now run inside the CLI (background thread,
never blocks startup) instead of the npm wrapper.BWN_NO_AUTO_UPDATE=1
still disables installs; an update notice prints on the next launch. - Installs with
--omit=optionalskip the platform binary; pointBWN_BIN
at a self-built binary (documented in the launcher's error message and at
buildwithnexus.dev/docs/install). - Added a
mainentry point (index.js) with a tiny programmatic API
({ version, binaryPath, run }) so bundle analyzers stop erroring on the
bin-only package.
What's Changed
- release 0.12.1: zero supply-chain flags, crates.io publishing (
cargo install bwn), CI action bumps (supersedes #47) by @geaglin in #49 - release: ship-now/tokens-later publishing (npm OIDC day one) + inline image rendering in the TUI by @geaglin in #50
Full Changelog: v0.12.0...v0.12.1
Supply-chain hardening: the npm install is now inert and auditable at a glance.
Changed
- Per-platform binary packages. The prebuilt binary ships as five
buildwithnexus-<os>-<cpu>packages selected automatically via
optionalDependencies(the esbuild pattern). The main package is ~7 readable
files with no install scripts, no network code, no shell-outs (beyond
spawning the CLI itself), no bundled sources, no eval — supply-chain
scanners have nothing to flag. Binaries are SHA-256-verified when packaged
and carry build-provenance attestations. - Auto-update moved into the binary. The daily npm-registry check and
silentnpm install -grefresh now run inside the CLI (background thread,
never blocks startup) instead of the npm wrapper.BWN_NO_AUTO_UPDATE=1
still disables installs; an update notice prints on the next launch. - Installs with
--omit=optionalskip the platform binary; pointBWN_BIN
at a self-built binary (documented in the launcher's error message and at
buildwithnexus.dev/docs/install). - Added a
mainentry point (index.js) with a tiny programmatic API
({ version, binaryPath, run }) so bundle analyzers stop erroring on the
bin-only package.
What's Changed
- release 0.12.1: zero supply-chain flags, crates.io publishing (
cargo install bwn), CI action bumps (supersedes #47) by @geaglin in #49 - release: ship-now/tokens-later publishing (npm OIDC day one) + inline image rendering in the TUI by @geaglin in #50
Full Changelog: v0.12.0...v0.12.1