v1.0.0-alpha.0

1.0.0 alpha is here! This update brings a lot of improvements to Javelin's API, performance, and networking utilities. Below is a high level summary of the changes that I hope to outline in a blog post or on the website as we get closer to a full release.

API Changes

• Built-in effects are now prefixed with use instead of eff. For example, effMonitor becomes useMonitor.
• query -> createQuery
• world.component -> component
• array -> arrayOf

Component Types

Component types are now defined as simple objects, e.g.,

const Position = createComponentType({
  type: 1,
  schema: {
    x: number,
    y: number,
  },
})

becomes the following:

const Position = {
  x: number,
  y: number,
}

A component type (schema) can be registered with a specified type id (integer) using the registerSchema function:

import { registerSchema } from "@javelin/ecs"
registerSchema(Position, 99)

Monitors

Triggers were removed and monitors were made a bit more flexible. useMonitor now provides an array of changed components that caused a transition to happen.

const q = createQuery(A, B, C)
useMonitor(
  q,
  (entity, [a, b, c]) => { /* component a, b, or c is non-null if it was attached */ },
  (entity, [a, b, c]) => { /* component a, b, or c is non-null if it was detached */ },
)

Queries

query.forEach was removed in favor of a slightly simpler syntax for iteration. To iterate a query using callbacks, simply invoke the query as a function:

q.forEach((e, [a, b, c]) => {})

becomes the following:

q((e, [a, b, c]) => {})

Networking

The entire @javelin/net package was rewritten. Not only does the protocol now have a built-in, efficient ArrayBuffer protocol, users will now have more control of how network messages are sent. MessageProducer and MessageHandler both remain but were also rewritten to support the new networking model. MessageProducer has slightly different responsibilities now, as it will not automatically generate messages with a declarative configuration; it will instead expose an imperative API over the lower-level protocol functions but handle common patterns, like sorting patches by priority and partitioning messages by maximum length.

Below is an example of how MessageProducer is used. MessageHandler remains largely unchanged.

import { createMessageProducer, encode, decode } from "@javelin/net"
const producer = createMessageProducer({ maxByteLength: 1000 })
const a = component(A)
const b = component(B)
producer.spawn(1, [a])
producer.attach(1, [b])
producer.detach(1, [a])
producer.update(1, [{...a, x: 1}])
// etc.

const message = producer.take(true /* include component model? */)
const encoded = encode(message)

decode(message, {
  onSpawn(entity, components) {
    // entity = 1, components = [a]
  }
})

@javelin/pack views are now supported inside of component schemas. If you're building a multiplayer game, consider using views over number to save bytes:

import { uint8 } from "@javelin/pack"
const Fighter = {
  attackMode: uint8, // saves you 7 bytes over `number`!
}

Change Detection

The current strategy of change detection using Proxies is just too slow. After a lot of trial and error, I came to the conclusion that both getters/setters and proxies are both too slow for the types of games I would expect Javelin to support (games with hundreds to thousands of dynamic, networked entities). So, similar to the MessageProducer rewrite, control is given back to the user for detecting changes and generating patches.

Since change tracking is optional and kind of an advanced feature, its implementation was split out into a new package named @javelin/pack. Below is an example of the API:

import { ChangeSet, set } from "@javelin/track"
const entity = world.spawn(
  component(Position),
  component(ChangeSet),
)
const query = createQuery(Position, ChangeSet).bind(world)
const [position, changes] = query.match(entity)
set(position, changes, "x", 1)
set(position, changes, "y", 2)
// then, to write the patch to a message...
producer.patch(entity, changes)

Thanks for reading, and if you get a chance to test the new release, please open an issue with any feedback or issues you run into!!

v0.22.0

@javelin/net

Bug Fixes

• add spawn op type to message producer getReliableMessages (#159) (207c5ce)

@javelin/hrtimer-loop

Bug Fixes

• fix callback argument type (#157) (01945a4)

Features

• hrtimer-loop: add isRunning method (#158) (a5a2440)

v0.21.0

Bug Fixes

• fix tests (debfc16)
• use WeakMap for system ids (8982d44)
• world: assign systems auto-incrementing unique ids (#144) (861afcb)

Features

• query improvements, monitors, triggers and not filters (#149) (9f7e45a)
• pack: add pack lib (#146) (d8ffb52)
• world.snapshot (#145) (32b7b53)

v0.20.0

Features

• add effects lib and fix global effect bug (#142) (337c8ba)
• fix request effect and tests (1c35e62)
• merge effects package into ecs; update examples (099a9d7)
• world.reset (#135) (756aeb4)

v0.19.4

v0.19.4

Breaking Changes

• Simplified iterable interface
  • for (const [e, [a, b]] of q(world)) becomes for (const [e, a, b] of q)

Features

• Added effects.

Bug Fixes

• N/A

chore(deps): bump dompurify from 2.0.12 to 2.2.6

Bumps dompurify from 2.0.12 to 2.2.6.

Release notes

Sourced from dompurify's releases.

DOMPurify 2.2.6

• Added new mXSS prevention logic created by SecurityMB

DOMPurify 2.2.4

• Fixed a new MathML-based bypass submitted by PewGrand
• Fixed a new SVG-related bypass submitted by SecurityMB
• Updated NodeJS CI to Node 14.x and Node 15.x
• Cleaned up _forceRemove logic for better reliability

DOMPurify 2.2.3

• Fixed an mXSS issue reported by PewGrand
• Fixed a minor issue with the license header
• Fixed a problem with overly-eager CSS stripping
• Updated the README and removed an XSS warning

DOMPurify 2.2.2

• Fixed an mXSS bypass dropped on us publicly via #482
• Fixed an mXSS variation that was reported privately short after
• Added dialog to permitted elements list
• Fixed a small typo in the README

DOMPurify 2.2.0

• Fix a possible XSS in Chrome that is hidden behind #enable-experimental-web-platform-features, reported by @neilj and @mfreed7
• Changed RETURN_DOM_IMPORT default to true to address said possible XSS
• Updated README to reflect the new change and inform about the risks of manually setting RETURN_DOM_IMPORT back to false
• Fixed the tests to properly address the new default

DOMPurify 2.1.1

• Removed some code targeting old Safari versions
• Removed some code targeting older MS Edge versions
• Re-added some code targeting older Chrome versions, thanks @terjanq
• Added new tests and removed unused SAFE_FOR_JQUERY test cases
• Added Node 14.x to existing test coverage

DOMPurify 2.1.0

• Fixed several possible mXSS patterns, thanks @hackvertor
• Removed the SAFE_FOR_JQUERY flag (we are safe by default now for jQuery)
• Removed several now useless mXSS checks
• Updated the mXSS check for elements
• Updated test cases to cover new sanitization strategy
• Updated test website to use newer jQuery
• Updated array of tested browsers and removed legacy browsers
• Added "auto convert" checkbox to test website, thanks @hackvertor

DOMPurify 2.0.17

• Fixed another bypass causing mXSS by using MathML

DOMPurify 2.0.16

• Fixed an mXSS-based bypass caused by nested forms inside MathML
• Fixed a security error thrown on older Chrome on Android versions, see #470

... (truncated)

Commits

• b11cb72 chore: Preparing 2.2.6 release after failed 2.2.5 attempt /2
• 395cc83 chore: Preparing 2.2.6 release after failed 2.2.5 attempt
• 8a1c887 chore: Preparing 2.2.5 release
• 77e740e Merge pull request #496 from securityMB/main
• 9dd47cb Create a polyfill for lookupGetter to make IE10 happy
• 8e29990 fix: Made use of proper helper method to get parentNode
• 7e3a705 fix: Fixed an issue with parent node mapping in MSIE11
• d1cf8c6 test: Fixed additional Edge 17 and MSIE11 tests
• 1446372 test: Fixed a bunch of Edge 17 and MSIE11 tests
• 7d9bc6a fix: Removed usage of has()
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

v0.19.2

v0.19.2

Bug Fixes

• Fixes function signature of createComponentType. Previously, the first argument to the component initializer (the component itself) would be typed as a generic component, e.g. Component<{ [key: string]: any }>. This release improves the type by inferring the component props from the component type's schema.

v0.19.1

v0.19.1

Bug Fixes

• Improve performance of tryGetComponent

v0.19.0

v0.19.0

Features

• Adds world.removeSystem method.

v0.17.0

v0.17.0

Breaking Changes

• getMutableComponent renamed to getObservableComponent
• Components retrieved via API methods are now always mutable.