1+ {
2+ "$schema" : "https://json-schema.org/draft-07/schema#" ,
3+ "version" : "1.0.0" ,
4+
5+ // Configuration for building custom Node.js binaries
6+ // Size optimizations: ~24.5MB saved from configure flags
7+ "node" : {
8+ "defaultVersion" : "v22.19.0" ,
9+ "currentVersion" : "v24.9.0" ,
10+
11+ "build" : {
12+ // Configure flags for custom Node.js build
13+ // These remove unnecessary features to reduce binary size
14+ "configureArgs" : [
15+ "--without-intl" , // Remove ICU/Internationalization (saves ~12MB)
16+ "--without-npm" , // Remove npm package manager (saves ~2MB)
17+ "--without-corepack" , // Remove corepack (yarn/pnpm) (saves ~1MB)
18+ "--without-inspector" , // Remove Chrome DevTools debugger (saves ~1MB)
19+ "--without-amaro" , // Remove TypeScript support (saves ~0.5MB)
20+ "--without-sqlite" , // Remove SQLite database (saves ~1MB)
21+ "--without-node-snapshot" , // Disable V8 snapshot (saves ~4MB)
22+ "--without-node-code-cache" , // Disable V8 code cache (saves ~3MB)
23+ "--without-node-options" , // Remove NODE_OPTIONS support (saves ~0.1MB, security)
24+ // Security patches:
25+ // - disable-eval-flag-v24.patch: ALWAYS removes -e/--eval (no exceptions)
26+ // - restrict-require-flag-v24.patch: Removes -r/--require unless IPC subprocess
27+ // - make-issea-detect-pkg-v24.patch: Makes isSea() return true for pkg binaries
28+ "--disable-single-executable-application" , // Disable SEA support (saves ~0.5MB)
29+ "--openssl-no-asm" , // Disable OpenSSL assembly (saves ~0.5MB, but slower crypto)
30+ "--enable-lto" , // Link Time Optimization (saves ~2-3MB, slower build)
31+ "--v8-lite-mode" // V8 lite mode for embedded systems (saves ~5MB)
32+
33+ // Size reduction options
34+ // "--without-ssl", // Remove OpenSSL/crypto (saves ~3MB) - WARNING: Breaks HTTPS
35+ // "--without-dtrace", // INVALID in v24 - DTrace support is auto-detected
36+ // "--without-etw", // INVALID in v24 - ETW is Windows-specific, auto-detected
37+ // "--without-perfctr", // INVALID in v24 - Windows performance counters (saves ~0.1MB)
38+
39+ // Feature flags
40+ // "--shared", // Build shared library instead of executable
41+ // "--fully-static", // INVALID in v24 - Use --enable-static
42+ // "--partly-static", // INVALID in v24 - No longer supported
43+ // "--enable-pgo-generate", // Profile Guided Optimization - generate
44+ // "--enable-pgo-use", // Profile Guided Optimization - use profile
45+
46+ // V8 options
47+ // "--v8-enable-hugepage", // INVALID in v24 - Use runtime flag instead
48+ // "--without-v8-platform-macos", // INVALID in v24 - Use --without-v8-platform
49+ // "--without-bundled-v8", // Use system V8 instead of bundled
50+
51+ // OpenSSL options
52+ // "--shared-openssl", // Use system OpenSSL instead of bundled
53+ // "--openssl-fips", // Enable FIPS 140-2 compliance
54+
55+ // Build options
56+ // "--ninja", // Use Ninja build system instead of Make
57+ // "--debug", // Debug build (much larger)
58+ // "--gdb", // Add GDB debugging support
59+ // "--coverage", // Add code coverage support
60+ // "--asan", // AddressSanitizer (memory error detector)
61+ // "--ubsan", // UndefinedBehaviorSanitizer
62+
63+ // Target options
64+ // "--dest-cpu=x64", // Target CPU architecture
65+ // "--dest-os=linux", // Target operating system
66+ // "--cross-compiling", // Enable cross-compilation
67+ // "--without-siphash", // Remove SipHash (hash flooding protection)
68+ // "--with-ltcg", // Link-time code generation (Windows)
69+
70+ // Experimental
71+ // "--experimental-http-parser", // Use experimental HTTP parser
72+ // "--experimental-sea-config" // Single Executable Application config
73+ ]
74+ } ,
75+
76+ // V8 runtime flags - these generate patches for V8 behavior
77+ "v8Flags" : [
78+ // "--harmony-import-assertions", // REMOVED in v24 - replaced by harmony-import-attributes
79+ "--harmony-import-attributes" // Enable import attributes (for @yao-pkg/pkg) - Already default in v24
80+
81+ // Memory management
82+ // "--max-old-space-size=4096", // Set max heap memory (MB)
83+ // "--max-semi-space-size=16", // Set semi-space size (MB)
84+ // "--expose-gc", // Expose global.gc() for manual GC
85+ // "--trace-gc", // Trace garbage collection
86+ // "--trace-gc-verbose", // Verbose GC tracing
87+
88+ // Debugging & tracing
89+ // "--trace-deprecation", // Trace deprecation warnings
90+ // "--throw-deprecation", // Throw on deprecation
91+ // "--pending-deprecation", // Show pending deprecations
92+ // "--trace-warnings", // Trace warning origins
93+ // "--trace-sync-io", // Trace synchronous I/O
94+ // "--abort-on-uncaught-exception", // Abort on uncaught exceptions
95+
96+ // Module system
97+ // "--preserve-symlinks", // Don't resolve symlinks for modules
98+ // "--preserve-symlinks-main", // Don't resolve symlinks for main module
99+ // "--experimental-modules", // Enable experimental ESM features
100+ // "--experimental-wasm-modules", // Enable WASM modules
101+ // "--experimental-vm-modules", // Enable VM modules support
102+
103+ // Security & policy
104+ // "--experimental-policy", // Enable policy feature
105+ // "--zero-fill-buffers", // Zero-fill Buffer/Uint8Array allocations
106+ // "--disable-proto=throw", // Disable __proto__ (security)
107+ // "--no-expose-wasm", // Don't expose WASM (security) - Can't use: We need WASM for yoga-layout (base64-encoded WASM module)
108+
109+ // Performance & profiling
110+ // "--no-force-async-hooks-checks", // Disable async hooks checks (faster)
111+ // "--track-heap-objects", // Track heap object allocations
112+ // "--heap-prof", // Enable heap profiling
113+ // "--prof", // Generate V8 profiler output
114+
115+ // Reporting
116+ // "--diagnostic-dir=./reports", // Set diagnostics directory
117+ // "--report-uncaught-exception", // Report on uncaught exceptions
118+ // "--report-on-signal", // Generate report on signal (SIGUSR2)
119+ // "--report-on-fatalerror" // Generate report on fatal error
120+ ] ,
121+
122+ // Node.js process flags (separate from V8 flags)
123+ "nodeFlags" : [
124+ "--no-deprecation" , // Disable deprecation warnings
125+ "--no-warnings" // Disable process warnings
126+
127+ // Available Node.js flags
128+ // "--enable-source-maps", // Enable source map support
129+ // "--preserve-symlinks", // Preserve symbolic links
130+ // "--preserve-symlinks-main", // Preserve symlinks for main module
131+ // "--inspect", // Enable inspector (requires --without-inspector not set)
132+ // "--inspect-brk", // Enable inspector with break (requires --without-inspector not set)
133+ // "--napi-modules", // REMOVED - N-API is always enabled
134+ // "--trace-event-categories", // Trace event categories
135+ // "--trace-event-file-pattern", // Trace event file pattern
136+ // "--trace-exit", // Trace exit
137+ // "--trace-sigint", // Trace SIGINT
138+ // "--trace-tls", // Trace TLS
139+ // "--tls-min-v1.0", // Allow TLS 1.0
140+ // "--tls-min-v1.1", // Allow TLS 1.1
141+ // "--tls-min-v1.2", // Minimum TLS 1.2
142+ // "--tls-min-v1.3", // Minimum TLS 1.3
143+ // "--use-openssl-ca", // Use OpenSSL CA store
144+ // "--use-bundled-ca", // Use bundled CA store
145+ // "--enable-fips", // Enable FIPS crypto
146+ // "--force-fips", // Force FIPS crypto
147+ // "--redirect-warnings", // Redirect warnings to file
148+ // "--throw-deprecation", // Throw on deprecation
149+ // "--pending-deprecation", // Show pending deprecations
150+ // "--input-type", // Set input type (commonjs/module)
151+ // "--experimental-loader", // Custom ESM loader hooks
152+ // "--experimental-modules", // REMOVED - ESM is stable
153+ // "--experimental-wasm-modules", // REMOVED - Use --experimental-wasm-modules in V8 flags
154+ // "--experimental-json-modules", // REMOVED - JSON modules are stable
155+ // "--experimental-top-level-await" // REMOVED - Top-level await is stable
156+ ]
157+ } ,
158+
159+ // Node.js SEA (Single Executable Application) configuration
160+ // Used for injecting empty SEA blob into socket-node binary
161+ // Makes isSea() return true for both yao-pkg and native SEA builds
162+ // See: https://nodejs.org/api/single-executable-applications.html
163+ "sea" : {
164+ "main" : "// Empty SEA main - actual code injected via other mechanism\n"
165+ } ,
166+
167+ // @yao -pkg/pkg configuration for creating standalone executables
168+ // This follows the @yao -pkg/pkg configuration format
169+ // See: https://github.com/yao-pkg/pkg#config
170+ // Size optimizations: bytecode disabled, Brotli compression (up to 60% reduction)
171+ "yao" : {
172+ "name" : "socket" ,
173+ "bytecode" : false , // Disabled to reduce binary size
174+ "compress" : "Brotli" , // Use Brotli compression to reduce size of JavaScript bundle (up to 60% reduction)
175+ // Dictionaries map native .node files and dynamic requires that pkg can't detect at build time
176+ // Typically includes: native C/C++ modules (bcrypt, sqlite3, canvas), WASM files, binary assets
177+ // We use empty {} because Socket CLI is pure JS/TS without native dependencies - reduces binary size
178+ "dictionary" : { } ,
179+
180+ // Entry points for different CLI commands
181+ "binaries" : {
182+ "socket" : "dist/cli.js" ,
183+ "socket-npm" : "dist/npm-cli.js" ,
184+ "socket-npx" : "dist/npx-cli.js" ,
185+ "socket-pnpm" : "dist/pnpm-cli.js" ,
186+ "socket-yarn" : "dist/yarn-cli.js"
187+ } ,
188+
189+ // Build targets for all platforms
190+ // Linux targets work for both glibc and musl (Alpine) due to static compilation
191+ // linuxstatic targets create fully static binaries (best for Docker containers)
192+ // Note: linuxstatic cannot load native .node modules
193+ "targets" : [
194+ "node24-macos-arm64" ,
195+ "node24-macos-x64" ,
196+ "node24-linux-arm64" ,
197+ "node24-linux-x64" ,
198+ "node24-linuxstatic-arm64" , // Fully static for Docker/Alpine ARM64
199+ "node24-linuxstatic-x64" , // Fully static for Docker/Alpine x64
200+ "node24-win-arm64" ,
201+ "node24-win-x64"
202+ ] ,
203+
204+ // Files to include in the packaged binary
205+ "assets" : [
206+ "dist/**/*" ,
207+ "requirements.json" ,
208+ "translations.json" ,
209+ "shadow-bin/**/*"
210+ ]
211+ } ,
212+
213+ // Build-related paths (all relative to repo root)
214+ "paths" : {
215+ "buildDir" : "build/socket-node" ,
216+ "outputDir" : "build/output" ,
217+ "patchesDir" : "build/patches" ,
218+ "distDir" : "dist" ,
219+ // @yao -pkg/pkg's cache directory - hardcoded format, not configurable
220+ // Must be: ~/.pkg-cache/{version}/built-{node_version}-{platform}-{arch}
221+ "yaoCache" : "~/.pkg-cache/{yao_version}" ,
222+
223+ // Node.js build artifacts and their locations
224+ "socketNode" : {
225+ // Where Node.js build system outputs (hardcoded in GYP/GN, not configurable)
226+ "buildOutput" : "build/socket-node/{node_version}/out/Release/node" ,
227+
228+ // Processed versions (following Node's out/ structure)
229+ "strippedOutput" : "build/socket-node/{node_version}/out/Stripped/node" ,
230+ "signedOutput" : "build/socket-node/{node_version}/out/Signed/node"
231+ }
232+ } ,
233+
234+ // Source download configuration
235+ "source" : {
236+ "baseUrl" : "https://github.com/nodejs/node/archive/refs/tags"
237+ }
238+ }
0 commit comments