Modernize tooling and Node runtime imports

.github/workflows/publish.yml

@@ -1,49 +1,73 @@
 name: Release
 
 on:
-  push:
-    tags:
-      - "v*"
+  workflow_dispatch:
+    inputs:
+      version:
+        description: "patch | minor | major | 1.2.3"
+        required: true
+        default: "patch"
 
 permissions:
-  id-token: write
   contents: write
-  packages: write
+  id-token: write
 
 jobs:
   release:
     runs-on: ubuntu-latest
+    environment: npm
 
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v6
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.RELEASE_BOT_TOKEN }}
 
-      - name: Setup Node.js
-        uses: actions/setup-node@v6
+      - uses: actions/setup-node@v6
         with:
-          node-version: "24"
-          cache: "npm"
-          registry-url: "https://registry.npmjs.org"
+          node-version: 24
+          registry-url: https://registry.npmjs.org
+          cache: npm
 
-      - name: Install dependencies
-        run: npm ci
+      - run: npm ci
+      - run: npm test
+      - run: npm run build
 
-      - name: Run tests
-        run: npm run test
+      - name: Configure git
+        run: |
+          git config user.name "release-bot"
+          git config user.email "release-bot@users.noreply.github.com"
 
-      - name: Build
-        run: npm run build
+      - name: Bump version and create release tag
+        id: version
+        run: |
+          npm version "${{ inputs.version }}" -m "chore(release): v%s"
 
-      - name: Publish to NPM
-        run: npm publish --provenance --access public
+          VERSION=$(node -p "require('./package.json').version")
+          MAJOR=$(node -p "require('./package.json').version.split('.')[0]")
 
-      - name: Create GitHub Release
-        uses: softprops/action-gh-release@v2
-        with:
-          tag_name: ${{ github.ref_name }}
-          name: Release ${{ github.ref_name }}
-          generate_release_notes: true
-          draft: false
-          prerelease: false
+          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
+          echo "release_tag=v$VERSION" >> "$GITHUB_OUTPUT"
+          echo "major_tag=v$MAJOR" >> "$GITHUB_OUTPUT"
+
+      - name: Push release commit and immutable tag
+        run: |
+          git push origin HEAD:${{ github.event.repository.default_branch }}
+          git push origin "${{ steps.version.outputs.release_tag }}"
+
+      - name: Update movable major tag
+        run: |
+          git tag -f "${{ steps.version.outputs.major_tag }}" "${{ steps.version.outputs.release_tag }}"
+          git push origin "${{ steps.version.outputs.major_tag }}" --force
+
+      - name: Create GitHub Release with generated changelog
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_TOKEN: ${{ secrets.RELEASE_BOT_TOKEN }}
+        run: |
+          gh release create "${{ steps.version.outputs.release_tag }}" \
+            --verify-tag \
+            --title "${{ steps.version.outputs.release_tag }}" \
+            --generate-notes
+
+      - name: Publish to npm via Trusted Publisher
+        run: npm publish --provenance --access public

LICENSE.md

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2020 Peculiar Ventures, LLC
+Copyright (c) 2019-2026 Peculiar Ventures, LLC
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -27,7 +27,7 @@ We wanted to be able to write Javascript that used crypto on both the client and
 
 **At this time this solution should be considered suitable for research and experimentation, further code and security review is needed before utilization in a production application.**
 
-**Module is based on NodeJS v10 Crypto API. It would work only with Node v10 and higher.**
+**Module is based on the Node.js crypto API. It requires Node v14.18.0 or higher.**
 
 ## Installing
 
@@ -65,7 +65,7 @@ npm install @peculiar/webcrypto
 | shake128<sup>2</sup>|             |    X    |               |             |                 |                   |         |
 | shake256<sup>2</sup>|             |    X    |               |             |                 |                   |         |
 
-<sup>1</sup> Mechanism supports extended list of named curves `P-256`, `P-384`, `P-521`, `K-256`, 
+<sup>1</sup> Mechanism supports extended list of named curves `P-256`, `P-384`, `P-521`, `K-256`,
 `brainpoolP160r1`, `brainpoolP160t1`, `brainpoolP192r1`, `brainpoolP192t1`, `brainpoolP224r1`, `brainpoolP224t1`, `brainpoolP256r1`, `brainpoolP256t1`, `brainpoolP320r1`, `brainpoolP320t1`, `brainpoolP384r1`, `brainpoolP384t1`, `brainpoolP512r1`, and `brainpoolP512t1`
 
 <sup>2</sup> Mechanism is not defined by the WebCrypto specifications. Use of mechanism in a safe way is hard, it was added for the purpose of enabling interoperability with an existing system. We recommend against its use unless needed for interoperability.
@@ -87,10 +87,11 @@ const crypto = new Crypto();
 See [WebCrypto Docs](https://github.com/PeculiarVentures/webcrypto-docs/blob/master/README.md) for examples
 
 ## Bug Reporting
-Please report bugs either as pull requests or as issues in the issue tracker. `@peculiar/webcrypto` has a full disclosure vulnerability policy. Please do NOT attempt to report any security vulnerability in this code privately to anybody.
 
+Please report bugs either as pull requests or as issues in the issue tracker. `@peculiar/webcrypto` has a full disclosure vulnerability policy. Please do NOT attempt to report any security vulnerability in this code privately to anybody.
 
 ## Related
- - [node-webcrypto-ossl](https://github.com/PeculiarVentures/node-webcrypto-ossl)
- - [node-webcrypto-p11](https://github.com/PeculiarVentures/node-webcrypto-p11)
- - [webcrypto-liner](https://github.com/PeculiarVentures/webcrypto-liner)
+
+* [node-webcrypto-ossl](https://github.com/PeculiarVentures/node-webcrypto-ossl)
+* [node-webcrypto-p11](https://github.com/PeculiarVentures/node-webcrypto-p11)
+* [webcrypto-liner](https://github.com/PeculiarVentures/webcrypto-liner)