1

[Jasnode]

尽量按此模板PR内容，或粘贴相关的ISSUE链接。

已知问题

1. (示例)版本号管理不规范
   • 版本号直接写在环境变量中，容易出错
   • 多处维护版本号，可能不一致

解决方案

1. (示例)将版本号管理从 .env.local 迁移到 package.json
   • 统一从 package.json 读取版本号
   • 使用 IIFE 优雅处理版本号获取逻辑
   • 保持向后兼容，支持环境变量覆盖

改动收益

1. (示例)更规范的版本管理
   • 统一从 package.json 读取
   • 保持与 npm 生态一致
   • 减少人为错误

具体改动

1. （示例）blog.config.js
   • 移除原有的静态版本号配置
   • 在文件末尾添加动态版本号获取逻辑
   • 保持向后兼容，优先使用环境变量
   • 添加错误处理和默认值

测试确认

• 本地开发环境测试通过
• 生产环境构建测试通过
• （如适用）版本号正确显示
• （如适用）环境变量配置正常工作

用户文档（docs/user-guide/）

若本 PR 未 修改 docs/user-guide/、docs/developer/ 中与站长相关的说明，可勾选「不适用」并跳过本节。

• 不适用（无文档改动）
• 已按 维护工作流 自检
• 路径符合 docs/user-guide/ 目录约定
• 已更新 user-guide/README.md（新增/移动文章时）
• 已更新 ARTICLE_INDEX.md（新 slug 或路径变更时）
• 环境变量名与 conf/*.config.js 一致（若文档涉及配置）
• 示例中无真实 Token、.env、私有 ID
• 保留或更新了「原文链接」（若源自 docs.tangly1024.com）

文档说明（可选）：对应官方 slug / URL、是否与功能 PR 配套

---

PR-Codex overview

This PR focuses on updating the GitHub Actions workflow schedule and modifying middleware and data validation functions in the codebase.

Detailed summary

• Updated cron schedule in .github/workflows/sync.yaml from "0 0 15 * *" to "0 0 1,15 * *".
• Changed upstream_sync_repo in .github/workflows/sync.yaml from tangly1024/NotionNext to 88lin/NotionNext.
• Removed verifyRuntimeEnv function from middleware.ts.
• Removed validateDataIntegrity function from lib/db/SiteDataApi.js.

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	next@​14.2.35
	remixicon-react@​1.0.0
	react-tweet-embed@​2.0.0
	next-sitemap@​1.9.12
	react-notion-x@​7.10.0
	react-share@​5.2.2
	patch-package@​8.0.1
	postcss@​8.5.15
	react-facebook@​8.1.4
	p-limit@​7.3.0
	react@​18.3.1
	vitepress@​1.6.4
	notion-utils@​7.10.0
	tailwindcss@​3.4.19
	react-hotkeys-hook@​4.6.2
	webpack-bundle-analyzer@​4.10.2
	sharp@​0.34.5
	typescript@​5.9.3
	react-dom@​18.3.1
	prettier@​3.8.3
	notion-client@​7.10.0

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm node-fetch-native is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/notion-client@7.10.0 → npm/node-fetch-native@1.6.7 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/node-fetch-native@1.6.7. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm pdfjs-dist is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/react-notion-x@7.10.0 → npm/pdfjs-dist@4.8.69 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/pdfjs-dist@4.8.69. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm pdfjs-dist is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/react-notion-x@7.10.0 → npm/pdfjs-dist@4.8.69 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/pdfjs-dist@4.8.69. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm pdfjs-dist is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/react-notion-x@7.10.0 → npm/pdfjs-dist@4.8.69 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/pdfjs-dist@4.8.69. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm pdfjs-dist is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/react-notion-x@7.10.0 → npm/pdfjs-dist@4.8.69 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/pdfjs-dist@4.8.69. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm pdfjs-dist is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/react-notion-x@7.10.0 → npm/pdfjs-dist@4.8.69 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/pdfjs-dist@4.8.69. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm pdfjs-dist is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/react-notion-x@7.10.0 → npm/pdfjs-dist@4.8.69 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/pdfjs-dist@4.8.69. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm pdfjs-dist is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/react-notion-x@7.10.0 → npm/pdfjs-dist@4.8.69 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/pdfjs-dist@4.8.69. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm preact is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/vitepress@1.6.4 → npm/preact@10.29.2 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/preact@10.29.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm puppeteer-core is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/@lhci/cli@0.15.1 → npm/puppeteer-core@24.42.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/puppeteer-core@24.42.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm string.prototype.trimend is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/eslint-config-next@13.5.11 → npm/eslint-plugin-react@7.37.5 → npm/eslint-plugin-import@2.32.0 → npm/string.prototype.trimend@1.0.9 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/string.prototype.trimend@1.0.9. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm ts-api-utils is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/@typescript-eslint/eslint-plugin@7.18.0 → npm/@typescript-eslint/parser@7.18.0 → npm/eslint-config-next@13.5.11 → npm/ts-api-utils@1.4.3 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/ts-api-utils@1.4.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report