Merge pull request #7 from Enalmada/changeset-release/main

Enalmada · web-flow · commit 7b3f1ddacc7d · 2025-11-02T00:52:55.000-07:00
Version Packages
diff --git a/.changeset/middleware-nonce-support.md b/.changeset/middleware-nonce-support.md
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,38 @@
 # Changelog
 
+## 1.0.0
+
+### Major Changes
+
+- d95f3dd: Add native middleware pattern with per-request nonce generation for TanStack Start applications. This is a major update that introduces a new recommended API while maintaining backward compatibility.
+
+  **New Features:**
+
+  - `createCspMiddleware()` - Middleware factory for TanStack Start with per-request nonce generation
+  - `createNonceGetter()` - Isomorphic nonce retrieval (works on server and client)
+  - `generateNonce()` - Cryptographically secure random nonce generator
+  - `buildCspHeader()` - Low-level CSP header building utility
+  - CSP Level 3 support with automatic granular directive copying (`-elem`, `-attr`)
+  - Strict nonce-based CSP for scripts (no `'unsafe-inline'` in production)
+  - Integration with TanStack router's native `ssr.nonce` option
+
+  **Breaking Changes:**
+
+  - This release is a major version because it introduces a new peer dependency: `@tanstack/start-storage-context >= 1.0.0`
+  - The recommended API has changed from handler wrapper (`createSecureHandler`) to middleware pattern (`createCspMiddleware`)
+  - Projects should migrate to the new API for better security (per-request nonces vs static headers)
+
+  **Migration:**
+
+  The old `createSecureHandler` API is still available and fully functional, but is now deprecated. See README for migration guide from v0.1 to v0.2.
+
+  **Security Improvements:**
+
+  - Per-request nonce generation (previously static at startup)
+  - No `'unsafe-inline'` fallback for scripts in production
+  - Support for `'strict-dynamic'` CSP directive
+  - Automatic nonce application to all TanStack framework scripts
+
 ## 0.1.2
 
 ### Patch Changes
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "@enalmada/start-secure",
-	"version": "0.1.2",
+	"version": "1.0.0",
 	"scripts": {
 		"build": "bun run type-check && bun run clean && bun run build:bundle && bun run build:declaration",
 		"build:bundle": "bun build.ts",

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@enalmada/start-secure",`
`3`		`- "version": "0.1.2",`
	`3`	`+ "version": "1.0.0",`
`4`	`4`	`"scripts": {`
`5`	`5`	`"build": "bun run type-check && bun run clean && bun run build:bundle && bun run build:declaration",`
`6`	`6`	`"build:bundle": "bun build.ts",`