fix: Remove @octokit/rest to fix security vulnerability

close #105

Author: liuweiGL

.gitignore

@@ -97,3 +97,5 @@ build
 
 # TernJS port file
 .tern-port
+
+.mkcert

biome.json

@@ -33,7 +33,7 @@
 				"useNamespaceKeyword": "error"
 			}
 		},
-		"ignore": ["**/build", "**/dist", "**/scripts", "**/node_modules"]
+		"ignore": ["dist", "node_modules"]
 	},
 	"javascript": {
 		"formatter": {

package.json

@@ -36,28 +36,29 @@
     }
   },
   "scripts": {
-    "test": "pnpm build && del /Q \"./node_modules/.mkcert\" && vite -c playground/vite.config.ts --clearScreen false",
-    "build": "tsx ./script/build.mts",
+    "test": "pnpm build && pnpm playground",
+    "playground": "rimraf .mkcert && vite -c playground/vite.config.ts --clearScreen false",
+    "build": "tsx ./scripts/build.mts",
     "lint": "tsc --noEmit && biome lint --colors=force --fix --unsafe  \"plugin\" ",
     "release": "semantic-release"
   },
   "dependencies": {
-    "@octokit/rest": "^21.0.2",
-    "axios": "^1.7.7",
-    "debug": "^4.3.7",
+    "axios": "^1.8.1",
+    "debug": "^4.4.0",
     "picocolors": "^1.1.1"
   },
   "devDependencies": {
     "@biomejs/biome": "1.9.4",
     "@semantic-release/changelog": "^6.0.3",
     "@semantic-release/git": "^10.0.1",
     "@types/debug": "^4.1.12",
-    "@types/node": "^22.9.0",
-    "esbuild": "^0.24.0",
-    "semantic-release": "^24.2.0",
-    "tsx": "^4.19.2",
-    "typescript": "^5.6.3",
-    "vite": "5.4.11"
+    "@types/node": "^22.13.5",
+    "esbuild": "^0.25.0",
+    "semantic-release": "^24.2.3",
+    "tsx": "^4.19.3",
+    "rimraf": "^6.0.1",
+    "vite": "6.2.0",
+    "typescript": "^5.7.3"
   },
   "peerDependencies": {
     "vite": ">=3"

playground/main.ts

@@ -1,5 +1,6 @@
 import './style.css'
 
+// biome-ignore lint/style/noNonNullAssertion: <explanation>
 const app = document.querySelector<HTMLDivElement>('#app')!
 
 app.innerHTML = `

playground/vite.config.ts

@@ -1,5 +1,5 @@
 import { defineConfig } from 'vite'
-import path from 'path'
+import path from 'node:path'
 
 import mkcert from '..'
 
@@ -8,7 +8,7 @@ export default defineConfig({
   plugins: [
     mkcert({
       source: 'coding',
-      savePath: path.resolve(process.cwd(), 'node_modules/.mkcert')
+      savePath: path.resolve(process.cwd(), '.mkcert')
     })
   ]
 })

plugin/mkcert/source.ts

@@ -1,5 +1,3 @@
-import { Octokit } from '@octokit/rest'
-
 import request from '../lib/request'
 
 export type SourceInfo = {
@@ -31,15 +29,13 @@ export class GithubSource extends BaseSource {
   }
 
   public async getSourceInfo(): Promise<SourceInfo | undefined> {
-    const octokit = new Octokit()
-    const { data } = await octokit.repos.getLatestRelease({
-      owner: 'FiloSottile',
-      repo: 'mkcert'
+    const { data } = await request({
+      method: 'GET',
+      url: 'https://api.github.com/repos/FiloSottile/mkcert/releases/latest',
     })
     const platformIdentifier = this.getPlatformIdentifier()
-
     const version = data.tag_name
-    const downloadUrl = data.assets.find(item =>
+    const downloadUrl = data.assets.find((item: any) =>
       item.name.includes(platformIdentifier)
     )?.browser_download_url