Skip to content

v0.12.1

Choose a tag to compare

@github-actions github-actions released this 14 Jul 21:46
1458336

Supply-chain hardening: the npm install is now inert and auditable at a glance.

Changed

  • Per-platform binary packages. The prebuilt binary ships as five
    buildwithnexus-<os>-<cpu> packages selected automatically via
    optionalDependencies (the esbuild pattern). The main package is ~7 readable
    files with no install scripts, no network code, no shell-outs (beyond
    spawning the CLI itself), no bundled sources, no eval
    — supply-chain
    scanners have nothing to flag. Binaries are SHA-256-verified when packaged
    and carry build-provenance attestations.
  • Auto-update moved into the binary. The daily npm-registry check and
    silent npm install -g refresh now run inside the CLI (background thread,
    never blocks startup) instead of the npm wrapper. BWN_NO_AUTO_UPDATE=1
    still disables installs; an update notice prints on the next launch.
  • Installs with --omit=optional skip the platform binary; point BWN_BIN
    at a self-built binary (documented in the launcher's error message and at
    buildwithnexus.dev/docs/install).
  • Added a main entry point (index.js) with a tiny programmatic API
    ({ version, binaryPath, run }) so bundle analyzers stop erroring on the
    bin-only package.

What's Changed

  • release 0.12.1: zero supply-chain flags, crates.io publishing (cargo install bwn), CI action bumps (supersedes #47) by @geaglin in #49
  • release: ship-now/tokens-later publishing (npm OIDC day one) + inline image rendering in the TUI by @geaglin in #50

Full Changelog: v0.12.0...v0.12.1

Supply-chain hardening: the npm install is now inert and auditable at a glance.

Changed

  • Per-platform binary packages. The prebuilt binary ships as five
    buildwithnexus-<os>-<cpu> packages selected automatically via
    optionalDependencies (the esbuild pattern). The main package is ~7 readable
    files with no install scripts, no network code, no shell-outs (beyond
    spawning the CLI itself), no bundled sources, no eval
    — supply-chain
    scanners have nothing to flag. Binaries are SHA-256-verified when packaged
    and carry build-provenance attestations.
  • Auto-update moved into the binary. The daily npm-registry check and
    silent npm install -g refresh now run inside the CLI (background thread,
    never blocks startup) instead of the npm wrapper. BWN_NO_AUTO_UPDATE=1
    still disables installs; an update notice prints on the next launch.
  • Installs with --omit=optional skip the platform binary; point BWN_BIN
    at a self-built binary (documented in the launcher's error message and at
    buildwithnexus.dev/docs/install).
  • Added a main entry point (index.js) with a tiny programmatic API
    ({ version, binaryPath, run }) so bundle analyzers stop erroring on the
    bin-only package.

What's Changed

  • release 0.12.1: zero supply-chain flags, crates.io publishing (cargo install bwn), CI action bumps (supersedes #47) by @geaglin in #49
  • release: ship-now/tokens-later publishing (npm OIDC day one) + inline image rendering in the TUI by @geaglin in #50

Full Changelog: v0.12.0...v0.12.1

Supply-chain hardening: the npm install is now inert and auditable at a glance.

Changed

  • Per-platform binary packages. The prebuilt binary ships as five
    buildwithnexus-<os>-<cpu> packages selected automatically via
    optionalDependencies (the esbuild pattern). The main package is ~7 readable
    files with no install scripts, no network code, no shell-outs (beyond
    spawning the CLI itself), no bundled sources, no eval
    — supply-chain
    scanners have nothing to flag. Binaries are SHA-256-verified when packaged
    and carry build-provenance attestations.
  • Auto-update moved into the binary. The daily npm-registry check and
    silent npm install -g refresh now run inside the CLI (background thread,
    never blocks startup) instead of the npm wrapper. BWN_NO_AUTO_UPDATE=1
    still disables installs; an update notice prints on the next launch.
  • Installs with --omit=optional skip the platform binary; point BWN_BIN
    at a self-built binary (documented in the launcher's error message and at
    buildwithnexus.dev/docs/install).
  • Added a main entry point (index.js) with a tiny programmatic API
    ({ version, binaryPath, run }) so bundle analyzers stop erroring on the
    bin-only package.

What's Changed

  • release 0.12.1: zero supply-chain flags, crates.io publishing (cargo install bwn), CI action bumps (supersedes #47) by @geaglin in #49
  • release: ship-now/tokens-later publishing (npm OIDC day one) + inline image rendering in the TUI by @geaglin in #50

Full Changelog: v0.12.0...v0.12.1

Supply-chain hardening: the npm install is now inert and auditable at a glance.

Changed

  • Per-platform binary packages. The prebuilt binary ships as five
    buildwithnexus-<os>-<cpu> packages selected automatically via
    optionalDependencies (the esbuild pattern). The main package is ~7 readable
    files with no install scripts, no network code, no shell-outs (beyond
    spawning the CLI itself), no bundled sources, no eval
    — supply-chain
    scanners have nothing to flag. Binaries are SHA-256-verified when packaged
    and carry build-provenance attestations.
  • Auto-update moved into the binary. The daily npm-registry check and
    silent npm install -g refresh now run inside the CLI (background thread,
    never blocks startup) instead of the npm wrapper. BWN_NO_AUTO_UPDATE=1
    still disables installs; an update notice prints on the next launch.
  • Installs with --omit=optional skip the platform binary; point BWN_BIN
    at a self-built binary (documented in the launcher's error message and at
    buildwithnexus.dev/docs/install).
  • Added a main entry point (index.js) with a tiny programmatic API
    ({ version, binaryPath, run }) so bundle analyzers stop erroring on the
    bin-only package.

What's Changed

  • release 0.12.1: zero supply-chain flags, crates.io publishing (cargo install bwn), CI action bumps (supersedes #47) by @geaglin in #49
  • release: ship-now/tokens-later publishing (npm OIDC day one) + inline image rendering in the TUI by @geaglin in #50

Full Changelog: v0.12.0...v0.12.1

Supply-chain hardening: the npm install is now inert and auditable at a glance.

Changed

  • Per-platform binary packages. The prebuilt binary ships as five
    buildwithnexus-<os>-<cpu> packages selected automatically via
    optionalDependencies (the esbuild pattern). The main package is ~7 readable
    files with no install scripts, no network code, no shell-outs (beyond
    spawning the CLI itself), no bundled sources, no eval
    — supply-chain
    scanners have nothing to flag. Binaries are SHA-256-verified when packaged
    and carry build-provenance attestations.
  • Auto-update moved into the binary. The daily npm-registry check and
    silent npm install -g refresh now run inside the CLI (background thread,
    never blocks startup) instead of the npm wrapper. BWN_NO_AUTO_UPDATE=1
    still disables installs; an update notice prints on the next launch.
  • Installs with --omit=optional skip the platform binary; point BWN_BIN
    at a self-built binary (documented in the launcher's error message and at
    buildwithnexus.dev/docs/install).
  • Added a main entry point (index.js) with a tiny programmatic API
    ({ version, binaryPath, run }) so bundle analyzers stop erroring on the
    bin-only package.

What's Changed

  • release 0.12.1: zero supply-chain flags, crates.io publishing (cargo install bwn), CI action bumps (supersedes #47) by @geaglin in #49
  • release: ship-now/tokens-later publishing (npm OIDC day one) + inline image rendering in the TUI by @geaglin in #50

Full Changelog: v0.12.0...v0.12.1