kamiazya
web-csv-toolbox
BlogDocsChangelog

feat: implement multi-layered supply chain attack defense

#617Merged
Comparing
security/supply-chain-defense
(
c5cb82a
) with
main
(
25d49ee
)
CodSpeed Performance Gauge
-89%
Regressions
2
Untouched
63
Skipped
8

Benchmarks

Skipped (8)

Failed

Quote ratio: 50% (1000 rows)
benchmark/main.ts
Regression
CodSpeed Performance Gauge
-89%
9.4 ms82 ms
Scaling: 100 rows
benchmark/main.ts
Regression
CodSpeed Performance Gauge
-62%
1.6 ms4 ms

Passed

Engine comparison: wasm (500 rows)
benchmark/main.ts
CodSpeed Performance Gauge
+11%
10.1 ms9.1 ms
Scaling: 5000 rows
benchmark/main.ts
CodSpeed Performance Gauge
+9%
123.8 ms113.1 ms
Quote ratio: 100% (1000 rows)
benchmark/main.ts
CodSpeed Performance Gauge
+7%
12.2 ms11.4 ms
Field length: 100 chars (1000 rows)
benchmark/main.ts
CodSpeed Performance Gauge
+4%
17.4 ms16.7 ms
Stream approach: parseBinaryStream (100KB)
benchmark/main.ts
CodSpeed Performance Gauge
+2%
200.1 ms195.5 ms
Scaling: 1000 rows
benchmark/main.ts
CodSpeed Performance Gauge
+2%
16.1 ms15.8 ms
Quote ratio: 0% (1000 rows)
benchmark/main.ts
CodSpeed Performance Gauge
+2%
15.9 ms15.6 ms
Engine comparison: mainThread (5000 rows)
benchmark/main.ts
CodSpeed Performance Gauge
+1%
86.2 ms85.1 ms
Memory: toArraySync (allocate all at once)
benchmark/main.ts
CodSpeed Performance Gauge
+1%
15.8 ms15.6 ms
Field length: 1KB (1000 rows)
benchmark/main.ts
CodSpeed Performance Gauge
+1%
29.4 ms29 ms
Binary approach: parseBinary (1MB)
benchmark/main.ts
CodSpeed Performance Gauge
+1%
196.3 ms194.5 ms
Custom delimiter: TSV (100 rows)
benchmark/main.ts
CodSpeed Performance Gauge
+1%
655.7 µs650.9 µs
Stream approach: parseBinaryStream (1MB)
benchmark/main.ts
CodSpeed Performance Gauge
+1%
3.1 s3.1 s
parseString.toArraySync(10 cols, 50 rows, quoted)
benchmark/main.ts
CodSpeed Performance Gauge
+1%
2.3 ms2.3 ms
Stream approach: parseBinaryStream (1KB)
benchmark/main.ts
CodSpeed Performance Gauge
+1%
2.8 ms2.8 ms
parseString.toArraySync(50 cols, 50 rows, quoted)
benchmark/main.ts
CodSpeed Performance Gauge
+1%
5.3 ms5.3 ms
parseStringStream: medium (1000 rows)
benchmark/main.ts
CodSpeed Performance Gauge
0%
110.5 ms110.1 ms
Queuing: large (10000 rows) - default HWM
benchmark/main.ts
CodSpeed Performance Gauge
0%
2.3 s2.3 s
Concurrent: Sequential mainThread
benchmark/main.ts
CodSpeed Performance Gauge
0%
24.8 ms24.7 ms
Binary approach: parseBinary (100KB)
benchmark/main.ts
CodSpeed Performance Gauge
0%
19.8 ms19.7 ms
parseBinary.toArraySync(50 rows)
benchmark/main.ts
CodSpeed Performance Gauge
0%
1 ms1 ms
Binary approach: parseBinary (10KB)
benchmark/main.ts
CodSpeed Performance Gauge
0%
2 ms2 ms
Worker perf: tiny (10 rows) - mainThread
benchmark/main.ts
CodSpeed Performance Gauge
0%
373.9 µs373.3 µs
parseString.toIterableIterator(50 rows)
benchmark/main.ts
CodSpeed Performance Gauge
0%
2.1 ms2.1 ms
Concurrent: Parallel mainThread
benchmark/main.ts
CodSpeed Performance Gauge
0%
23.8 ms23.8 ms
Queuing: medium (1000 rows) - default HWM
benchmark/main.ts
CodSpeed Performance Gauge
0%
445.9 ms445.3 ms
Custom delimiter: PSV (100 rows)
benchmark/main.ts
CodSpeed Performance Gauge
0%
639 µs638.2 µs
parseString.toArraySync(100 cols, 50 rows, quoted)
benchmark/main.ts
CodSpeed Performance Gauge
0%
12.4 ms12.4 ms
parseString engine:stable (1000 rows)
benchmark/main.ts
CodSpeed Performance Gauge
0%
20.7 ms20.7 ms
parseString.toArraySync(50 rows)
benchmark/main.ts
CodSpeed Performance Gauge
0%
1.7 ms1.7 ms
Field length: 10KB (100 rows)
benchmark/main.ts
CodSpeed Performance Gauge
0%
15.7 ms15.7 ms
Data transformation: no conversion (100 rows)
benchmark/main.ts
CodSpeed Performance Gauge
0%
1.3 ms1.3 ms
parseString.toStream(50 rows)
benchmark/main.ts
CodSpeed Performance Gauge
0%
5.2 ms5.2 ms
parseString.toArraySync(50 cols, 50 rows, unquoted)
benchmark/main.ts
CodSpeed Performance Gauge
0%
8.7 ms8.7 ms
Memory: toIterableIterator (streaming)
benchmark/main.ts
CodSpeed Performance Gauge
0%
15.2 ms15.2 ms
Low-level: CSVLexer only (1000 rows)
benchmark/main.ts
CodSpeed Performance Gauge
0%
5.8 ms5.8 ms
parseBinary.toIterableIterator(50 rows)
benchmark/main.ts
CodSpeed Performance Gauge
0%
2.3 ms2.3 ms
Data transformation: type conversion (100 rows)
benchmark/main.ts
CodSpeed Performance Gauge
0%
1.4 ms1.4 ms
parseString.toArraySync(100 cols, 50 rows, unquoted)
benchmark/main.ts
CodSpeed Performance Gauge
0%
16.1 ms16.1 ms
Engine comparison: mainThread (500 rows)
benchmark/main.ts
CodSpeed Performance Gauge
0%
9 ms9 ms
parseString.toArraySync(10 cols, 50 rows, unquoted)
benchmark/main.ts
CodSpeed Performance Gauge
0%
1.9 ms1.9 ms
Worker perf: medium (1000 rows) - mainThread
benchmark/main.ts
CodSpeed Performance Gauge
0%
13.6 ms13.6 ms
parseBinary.toStream(50 rows)
benchmark/main.ts
CodSpeed Performance Gauge
0%
2.6 ms2.6 ms
parseString engine:fast (50 rows)
benchmark/main.ts
CodSpeed Performance Gauge
0%
1 ms1 ms
parseStringToArraySyncWASM(50 rows)
benchmark/main.ts
CodSpeed Performance Gauge
0%
1.3 ms1.3 ms
parseString.toArraySync(10000 cols, 10 rows, quoted)
benchmark/main.ts
CodSpeed Performance Gauge
0%
279 ms279.2 ms
Worker perf: large (10000 rows) - mainThread
benchmark/main.ts
CodSpeed Performance Gauge
0%
121.2 ms121.3 ms
Worker perf: small (100 rows) - mainThread
benchmark/main.ts
CodSpeed Performance Gauge
0%
1.3 ms1.3 ms
Queuing: small (100 rows) - default HWM
benchmark/main.ts
CodSpeed Performance Gauge
0%
18.4 ms18.5 ms
parseString engine:stable (50 rows)
benchmark/main.ts
CodSpeed Performance Gauge
0%
1.2 ms1.2 ms
Engine comparison: wasm (5000 rows)
benchmark/main.ts
CodSpeed Performance Gauge
-1%
87.6 ms88.1 ms
parseString.toArraySync(10000 cols, 10 rows, unquoted)
benchmark/main.ts
CodSpeed Performance Gauge
-1%
171.3 ms172.8 ms
Binary approach: parseBinary (1KB)
benchmark/main.ts
CodSpeed Performance Gauge
-1%
289.7 µs293 µs
Scaling: 50 rows
benchmark/main.ts
CodSpeed Performance Gauge
-1%
815.2 µs825.6 µs
parseStringStream: small (100 rows)
benchmark/main.ts
CodSpeed Performance Gauge
-2%
20.3 ms20.7 ms
Quote ratio: 25% (1000 rows)
benchmark/main.ts
CodSpeed Performance Gauge
-3%
16.3 ms16.8 ms
Low-level: CSVLexer + CSVRecordAssembler (1000 rows)
benchmark/main.ts
CodSpeed Performance Gauge
-3%
15.3 ms15.8 ms
Stream approach: parseBinaryStream (10KB)
benchmark/main.ts
CodSpeed Performance Gauge
-4%
24.7 ms25.6 ms
Line ending: LF (1000 rows)
benchmark/main.ts
CodSpeed Performance Gauge
-4%
7.7 ms8 ms
Field length: 10 chars (1000 rows)
benchmark/main.ts
CodSpeed Performance Gauge
-7%
15.3 ms16.4 ms
Scaling: 500 rows
benchmark/main.ts
CodSpeed Performance Gauge
-17%
7.5 ms9 ms
parseString engine:fast (1000 rows)
benchmark/main.ts
CodSpeed Performance Gauge
-19%
46.2 ms56.7 ms
Line ending: CRLF (1000 rows)
benchmark/main.ts
CodSpeed Performance Gauge
-22%
5.6 ms7.1 ms

Commits

Click on a commit to change the comparison range
Base
main
25d49ee
-54.69%
feat: implement multi-layered supply chain attack defense Implement comprehensive protection against npm supply chain attacks (such as Shai-Hulud 2.0) using a three-layer defense strategy. Layer 1: New Package Release Delay - Add minimumReleaseAge (48 hours) to pnpm-workspace.yaml - Blocks installation of recently published packages - Provides time buffer for community to detect malicious updates Layer 2: Install Script Prevention - Configure ignore-scripts=true in .npmrc - Prevents execution of preinstall/postinstall scripts - Includes whitelist support via onlyBuiltDependencies (currently unused) Layer 3: Continuous Vulnerability Scanning - Add OSV-Scanner workflow for dependency scanning - Integrate security scan into CI/CD pipeline - Fail builds on detected vulnerabilities Documentation: - Add comprehensive supply chain protection section to SECURITY.md - Document configuration, trade-offs, and compromise detection - Include references to defense resources 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
8e55ed4
10 days ago
by kamiazya
-33.58%
fix: correct pnpm whitelist configuration key Change onlyBuiltDependencies to only-built-dependencies (kebab-case) to match pnpm's actual configuration format. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
447e629
10 days ago
by kamiazya
+88.27%
fix: correct typo in malicious repo search example Change "Sha1-Hulud" to "Shai-Hulud" to match the actual attack name. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
9602a14
10 days ago
by kamiazya
-88.58%
chore: add changeset for supply chain defense 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
c5cb82a
10 days ago
by kamiazya
© 2025 CodSpeed Technology
Home Terms Privacy Docs