chore: sync package-lock.json

Ref: https://github.blog/2023-04-19-introducing-npm-package-provenance/

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,6 +1,6 @@
 <!-- Please first discuss the change you wish to make via issue before making a change. It might avoid a waste of your time. -->
 
-## What changes this PR introduce?
+# What changes this PR introduce?
 
 ## List any relevant issue numbers
 

.github/workflows/build.yml

@@ -10,16 +10,18 @@ jobs:
   build:
     runs-on: 'ubuntu-latest'
     steps:
-      - uses: 'actions/checkout@v3.0.0'
+      - uses: 'actions/checkout@v3.5.3'
 
-      - name: 'Use Node.js'
-        uses: 'actions/setup-node@v3.1.0'
+      - name: 'Setup Node.js'
+        uses: 'actions/setup-node@v3.6.0'
         with:
           node-version: 'lts/*'
           cache: 'npm'
 
-      - name: 'Install'
-        run: 'npm install'
+      - name: 'Install dependencies'
+        run: 'npm clean-install'
 
       - name: 'Build'
         run: 'npm run build'
+
+      - run: 'npm run build:typescript'

.github/workflows/lint.yml

@@ -10,19 +10,19 @@ jobs:
   lint:
     runs-on: 'ubuntu-latest'
     steps:
-      - uses: 'actions/checkout@v3.0.0'
+      - uses: 'actions/checkout@v3.5.3'
 
-      - name: 'Use Node.js'
-        uses: 'actions/setup-node@v3.1.0'
+      - name: 'Setup Node.js'
+        uses: 'actions/setup-node@v3.6.0'
         with:
           node-version: 'lts/*'
           cache: 'npm'
 
-      - name: 'Install'
-        run: 'npm install'
+      - name: 'Install dependencies'
+        run: 'npm clean-install'
 
       - run: 'npm run lint:commit -- --to "${{ github.sha }}"'
       - run: 'npm run lint:editorconfig'
       - run: 'npm run lint:markdown'
-      - run: 'npm run lint:typescript'
+      - run: 'npm run lint:eslint'
       - run: 'npm run lint:prettier'

.github/workflows/release.yml

@@ -7,21 +7,31 @@ on:
 jobs:
   release:
     runs-on: 'ubuntu-latest'
+    permissions:
+      contents: 'write'
+      issues: 'write'
+      pull-requests: 'write'
+      id-token: 'write'
     steps:
-      - uses: 'actions/checkout@v3.0.0'
+      - uses: 'actions/checkout@v3.5.3'
 
-      - name: 'Use Node.js'
-        uses: 'actions/setup-node@v3.1.0'
+      - name: 'Setup Node.js'
+        uses: 'actions/setup-node@v3.6.0'
         with:
           node-version: 'lts/*'
           cache: 'npm'
 
-      - name: 'Install'
-        run: 'npm install'
+      - name: 'Install dependencies'
+        run: 'npm clean-install'
 
       - name: 'Build Package'
         run: 'npm run build'
 
+      - run: 'npm run build:typescript'
+
+      - name: 'Verify the integrity of provenance attestations and registry signatures for installed dependencies'
+        run: 'npm audit signatures'
+
       - name: 'Release'
         run: 'npm run release'
         env:

.github/workflows/test.yml

@@ -10,16 +10,16 @@ jobs:
   test:
     runs-on: 'ubuntu-latest'
     steps:
-      - uses: 'actions/checkout@v3.0.0'
+      - uses: 'actions/checkout@v3.5.3'
 
-      - name: 'Use Node.js'
-        uses: 'actions/setup-node@v3.1.0'
+      - name: 'Setup Node.js'
+        uses: 'actions/setup-node@v3.6.0'
         with:
           node-version: 'lts/*'
           cache: 'npm'
 
-      - name: 'Install'
-        run: 'npm install'
+      - name: 'Install dependencies'
+        run: 'npm clean-install'
 
       - name: 'Build'
         run: 'npm run build'

.husky/pre-commit

@@ -3,3 +3,4 @@
 
 npm run lint:staged
 npm run build
+npm run build:typescript

.markdownlint-cli2.jsonc

@@ -1,10 +1,11 @@
 {
   "config": {
+    "extends": "markdownlint/style/prettier",
+    "relative-links": true,
     "default": true,
-    "MD013": false,
-    "MD033": false,
-    "MD041": false
+    "MD033": false
   },
   "globs": ["**/*.{md,mdx}"],
-  "ignores": ["**/node_modules"]
+  "ignores": ["**/node_modules"],
+  "customRules": ["markdownlint-rule-relative-links"]
 }

.npmrc

@@ -1 +1,2 @@
 save-exact=true
+provenance=true

CODE_OF_CONDUCT.md

@@ -60,7 +60,7 @@ representative at an online or offline event.
 
 Instances of abusive, harassing, or otherwise unacceptable behavior may be
 reported to the community leaders responsible for enforcement at
-contact@divlo.fr.
+<contact@theoludwig.fr>.
 All complaints will be reviewed and investigated promptly and fairly.
 
 All community leaders are obligated to respect the privacy and security of the

CONTRIBUTING.md

@@ -29,26 +29,4 @@ If you're adding new features to **Thream/socketio-jwt**, please include tests.
 
 ## Commits
 
-The commit message guidelines respect [@commitlint/config-conventional](https://github.com/conventional-changelog/commitlint/tree/master/%40commitlint/config-conventional) and [Semantic Versioning](https://semver.org/) for releases.
-
-### Types
-
-Types define which kind of changes you made to the project.
-
-| Types    | Description                                                                                                  |
-| -------- | ------------------------------------------------------------------------------------------------------------ |
-| feat     | A new feature.                                                                                               |
-| fix      | A bug fix.                                                                                                   |
-| docs     | Documentation only changes.                                                                                  |
-| style    | Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc).      |
-| refactor | A code change that neither fixes a bug nor adds a feature.                                                   |
-| perf     | A code change that improves performance.                                                                     |
-| test     | Adding missing tests or correcting existing tests.                                                           |
-| build    | Changes that affect the build system or external dependencies (example scopes: gulp, broccoli, npm).         |
-| ci       | Changes to our CI configuration files and scripts (example scopes: Travis, Circle, BrowserStack, SauceLabs). |
-| chore    | Other changes that don't modify src or test files.                                                           |
-| revert   | Reverts a previous commit.                                                                                   |
-
-### Scopes
-
-Scopes define what part of the code changed.
+The commit message guidelines adheres to [Conventional Commits](https://www.conventionalcommits.org/) and [Semantic Versioning](https://semver.org/) for releases.

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) Auth0, Inc. <support@auth0.com> (http://auth0.com) and Thream contributors
+Copyright (c) Auth0, Inc. <support@auth0.com> (<https://auth0.com/>) and Thream contributors
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -132,7 +132,7 @@ io.on('connection', async (socket) => {
 
 ```ts
 import { io } from 'socket.io-client'
-import { isUnauthorizedError } from '@thream/socketio-jwt/UnauthorizedError.js'
+import { isUnauthorizedError } from '@thream/socketio-jwt/build/UnauthorizedError.js'
 
 // Require Bearer Token
 const socket = io('http://localhost:9000', {

package.json

@@ -8,20 +8,24 @@
   "main": "build/index.js",
   "types": "build/index.d.ts",
   "files": [
-    "build"
+    "build",
+    "!**/*.test.js",
+    "!**/*.test.d.ts"
   ],
   "engines": {
-    "node": ">=16.0.0"
+    "node": ">=16.0.0",
+    "npm": ">=9.0.0"
   },
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "keywords": [
     "socket",
     "socket.io",
     "jwt"
   ],
-  "author": "Divlo <contact@divlo.fr>",
+  "author": "Théo LUDWIG <contact@theoludwig.fr>",
   "repository": {
     "type": "git",
     "url": "https://github.com/Thream/socketio-jwt"
@@ -31,13 +35,14 @@
   },
   "homepage": "https://github.com/Thream/socketio-jwt#readme",
   "scripts": {
-    "build": "rimraf ./build && swc ./src --out-dir ./build && tsc",
+    "build": "rimraf ./build && swc ./src --out-dir ./build",
     "build:dev": "swc ./src --out-dir ./build --watch",
+    "build:typescript": "tsc",
     "lint:commit": "commitlint",
     "lint:editorconfig": "editorconfig-checker",
     "lint:markdown": "markdownlint-cli2",
-    "lint:typescript": "eslint \"**/*.{js,jsx,ts,tsx}\" --ignore-path \".gitignore\"",
-    "lint:prettier": "prettier \".\" --check --ignore-path \".gitignore\"",
+    "lint:eslint": "eslint . --ignore-path .gitignore",
+    "lint:prettier": "prettier . --check --ignore-path .gitignore",
     "lint:staged": "lint-staged",
     "test": "c8 tap",
     "release": "semantic-release",
@@ -49,39 +54,41 @@
     "socket.io": ">=3.0.0"
   },
   "dependencies": {
-    "jsonwebtoken": "8.5.1"
+    "jsonwebtoken": "9.0.0"
   },
   "devDependencies": {
-    "@commitlint/cli": "17.1.2",
-    "@commitlint/config-conventional": "17.1.0",
-    "@swc/cli": "0.1.57",
-    "@swc/core": "1.2.249",
-    "@types/jsonwebtoken": "8.5.9",
-    "@types/node": "18.7.16",
-    "@types/tap": "15.0.7",
-    "@typescript-eslint/eslint-plugin": "5.36.2",
-    "@typescript-eslint/parser": "5.36.2",
-    "axios": "0.27.2",
-    "c8": "7.12.0",
-    "editorconfig-checker": "4.0.2",
-    "eslint": "8.23.0",
-    "eslint-config-conventions": "4.0.0",
-    "eslint-config-prettier": "8.5.0",
-    "eslint-plugin-import": "2.26.0",
+    "@commitlint/cli": "17.6.6",
+    "@commitlint/config-conventional": "17.6.6",
+    "@swc/cli": "0.1.62",
+    "@swc/core": "1.3.67",
+    "@tsconfig/strictest": "2.0.1",
+    "@types/jsonwebtoken": "9.0.2",
+    "@types/node": "20.3.3",
+    "@types/tap": "15.0.8",
+    "@typescript-eslint/eslint-plugin": "5.60.1",
+    "@typescript-eslint/parser": "5.60.1",
+    "axios": "1.4.0",
+    "c8": "8.0.0",
+    "editorconfig-checker": "5.1.1",
+    "eslint": "8.44.0",
+    "eslint-config-conventions": "10.0.0",
+    "eslint-config-prettier": "8.8.0",
+    "eslint-plugin-import": "2.27.5",
     "eslint-plugin-prettier": "4.2.1",
-    "eslint-plugin-promise": "6.0.1",
-    "eslint-plugin-unicorn": "43.0.2",
-    "fastify": "4.5.3",
-    "husky": "8.0.1",
-    "lint-staged": "13.0.3",
-    "markdownlint-cli2": "0.5.1",
+    "eslint-plugin-promise": "6.1.1",
+    "eslint-plugin-unicorn": "47.0.0",
+    "fastify": "4.19.1",
+    "husky": "8.0.3",
+    "lint-staged": "13.2.3",
+    "markdownlint-cli2": "0.8.1",
+    "markdownlint-rule-relative-links": "2.1.0",
     "pinst": "3.0.0",
-    "prettier": "2.7.1",
-    "rimraf": "3.0.2",
-    "semantic-release": "19.0.5",
-    "socket.io": "4.5.2",
-    "socket.io-client": "4.5.2",
-    "tap": "16.3.0",
-    "typescript": "4.8.3"
+    "prettier": "2.8.8",
+    "rimraf": "5.0.1",
+    "semantic-release": "21.0.6",
+    "socket.io": "4.7.1",
+    "socket.io-client": "4.7.1",
+    "tap": "16.3.7",
+    "typescript": "5.0.4"
   }
 }

src/UnauthorizedError.ts

@@ -15,6 +15,16 @@ export class UnauthorizedError extends Error {
   }
 }
 
-export const isUnauthorizedError = (error: any): error is UnauthorizedError => {
-  return error.data.type === 'UnauthorizedError'
+export const isUnauthorizedError = (
+  error: unknown
+): error is UnauthorizedError => {
+  return (
+    typeof error === 'object' &&
+    error != null &&
+    'data' in error &&
+    typeof error.data === 'object' &&
+    error.data != null &&
+    'type' in error.data &&
+    error.data.type === 'UnauthorizedError'
+  )
 }

src/authorize.ts

@@ -62,7 +62,7 @@ export const authorize = (options: AuthorizeOptions): SocketIOMiddleware => {
     }
     socket.encodedToken = encodedToken
     let keySecret: string | null = null
-    let decodedToken: any
+    let decodedToken: any = null
     if (typeof secret === 'string') {
       keySecret = secret
     } else {

tsconfig.json

@@ -1,4 +1,5 @@
 {
+  "extends": "@tsconfig/strictest/tsconfig.json",
   "compilerOptions": {
     "target": "ESNext",
     "module": "ESNext",
@@ -7,9 +8,6 @@
     "outDir": "./build",
     "rootDir": "./src",
     "emitDeclarationOnly": true,
-    "declaration": true,
-    "strict": true,
-    "skipLibCheck": true,
-    "esModuleInterop": true
+    "declaration": true
   }
 }