Release Date: 2025-12-14 Type: Patch Release (Dependency Resolution & Compatibility)
Version 1.4.3 resolves critical npm install failures caused by incompatible package overrides introduced in previous versions. This release focuses on dependency management, Node.js 22 compatibility, and ensuring a clean installation experience.
This release addresses a critical npm install failure that prevented the project from installing cleanly. The root cause was incompatible package overrides in package.json that conflicted with transitive dependencies and package availability.
Root Cause Analysis:
-
rimraf v5 API Incompatibility
- Problem: The override
rimraf@>=5.0.0was forcing rimraf v5+ installation - Impact:
grunt-contrib-cleandepends on rimraf v2.7.1 and is incompatible with v5's breaking API changes - Error:
TypeError: rimraf.sync is not a functionduringnpx grunt configTests - Solution: Removed the problematic override, allowing rimraf v2.7.1 to be used by grunt-contrib-clean
- Problem: The override
-
inflight Nonexistent Version
- Problem: The override
inflight@>=2.0.0specified a version that does not exist - Impact: npm attempted to fetch inflight v2.0.0, which is not available (latest is 1.0.6)
- Error:
ETARGET- No matching version found for inflight@>=2.0.0 - Solution: Removed the invalid override
- Problem: The override
-
glob Transitive Dependency Conflicts
- Problem: The override
glob@>=10.0.0conflicted with transitive dependencies expecting glob v7.x/8.x - Impact: Multiple packages (grunt-contrib-clean, others) failed to resolve compatible glob versions
- Error:
ERESOLVE unable to resolve dependency tree - Solution: Removed the override and added
glob@^10.5.0as a direct devDependency
- Problem: The override
-
Unused @babel/polyfill Dependency
- Problem:
@babel/polyfillwas listed in dependencies but not imported anywhere in source code - Impact: Unnecessary dependency bloat, deprecated package warnings
- Solution: Removed from
package.json
- Problem:
Before v1.4.3:
{
"overrides": {
"ws": ">=5.2.4",
"js-yaml": ">=4.1.1",
"serialize-javascript": ">=6.0.2",
"shelljs": ">=0.8.5",
"rimraf": ">=5.0.0", // BREAKING: Incompatible with grunt-contrib-clean
"inflight": ">=2.0.0", // ERROR: Version does not exist
"glob": ">=10.0.0" // CONFLICT: Transitive dependency issues
},
"dependencies": {
"@babel/polyfill": "^7.12.1" // UNUSED: Not imported anywhere
}
}After v1.4.3:
{
"overrides": {
"ws": ">=5.2.4",
"js-yaml": ">=4.1.1",
"serialize-javascript": ">=6.0.2",
"shelljs": ">=0.8.5"
},
"devDependencies": {
"glob": "^10.5.0" // ADDED: Direct dependency for Gruntfile.js
}
}- package-lock.json Regenerated: Full regeneration with Node.js 22 for compatibility
- lockfileVersion: 3: Modern npm lockfile format ensuring consistent installs
- Verification: All installation steps validated on Node.js 22.13.1
All tests passing with comprehensive validation:
# Unit Tests: 1,933 passing
npm test
✓ 1,716 operation tests (CyberChef core functionality)
✓ 217 Node API tests (ESM/CJS compatibility)
# Consumer Tests: Passing
npm run testnodeconsumer
✓ CommonJS consumer compatibility
✓ ES Module consumer compatibility
# Installation: Clean
npm install
✓ No errors
✓ No conflicting peer dependencies
✓ All overrides resolved successfullyThe MCP server remains fully functional with all 465 tools operational:
npm run mcp
=== CyberChef MCP Server v1.4.3 ===
Running on stdio
Max input size: 100MB
Operation timeout: 30000ms
Streaming threshold: 10MB
Streaming: enabled
Worker threads: enabled
Cache size: 100MB (1000 items max)While v1.4.3 resolves all critical installation failures, some transitive dependency warnings remain. These are informational only and do not affect functionality:
-
Web UI Dependencies (not used by MCP server):
bootstrap@4.6.2(Bootstrap 5 requires major migration)bootstrap-colorpicker@3.4.0(unmaintained, no replacement)popper.js@1.16.1(replaced in Bootstrap 5)
-
Build Tool Dependencies (transitive from grunt ecosystem):
glob@7.x/8.x(from grunt-contrib-clean and other grunt plugins)rimraf@2.7.1(required by grunt-contrib-clean v2.0.1)inflight@1.0.6(transitive from glob v7.x)
-
Engine Warnings:
@astronautlabs/amf@0.0.6(warns "node ^14", but works on Node 22)
Why Not Fixed:
- Web UI dependencies require complete frontend rewrite (Bootstrap 4 → 5)
- Build tool dependencies are locked by grunt plugin ecosystem (grunt-contrib-clean has no v3.0)
- Upgrading would break existing build infrastructure
- None impact MCP server runtime functionality
Impact: Low - warnings are informational, all functionality works correctly
No breaking changes. Simply update to v1.4.3:
# Pull latest Docker image
docker pull ghcr.io/doublegate/cyberchef-mcp_v1:latest
# Or rebuild from source
git pull origin master
git checkout v1.4.3
docker build -f Dockerfile.mcp -t cyberchef-mcp .Follow standard upgrade procedure. No configuration changes required.
- Node.js: v22+ (tested on 22.13.1)
- npm: v10+ (lockfileVersion 3)
- Docker: Any recent version
- MCP SDK: @modelcontextprotocol/sdk@^1.22.0
package.json # mcpVersion 1.4.2 → 1.4.3, dependency fixes
package-lock.json # Regenerated with Node.js 22
src/node/mcp-server.mjs # VERSION constant updated to 1.4.3
README.md # Version references updated
CHANGELOG.md # v1.4.3 section added
docs/releases/v1.4.3.md # This fileRegistry: ghcr.io/doublegate/cyberchef-mcp_v1
Tags: v1.4.3, latest
Size: ~270MB compressed
Base Image: node:22-alpine
# Latest version
docker pull ghcr.io/doublegate/cyberchef-mcp_v1:latest
# Specific version
docker pull ghcr.io/doublegate/cyberchef-mcp_v1:v1.4.3Download pre-built tarball from GitHub Releases:
# Download tarball (~270MB)
wget https://github.com/doublegate/CyberChef-MCP/releases/download/v1.4.3/cyberchef-mcp-v1.4.3-docker-image.tar.gz
# Load into Docker
docker load < cyberchef-mcp-v1.4.3-docker-image.tar.gz
# Tag for convenience
docker tag ghcr.io/doublegate/cyberchef-mcp_v1:v1.4.3 cyberchef-mcp- @doublegate - Dependency resolution and Node.js 22 compatibility