惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Engineering at Meta
Engineering at Meta
T
Threatpost
P
Palo Alto Networks Blog
NISL@THU
NISL@THU
O
OpenAI News
Project Zero
Project Zero
G
GRAHAM CLULEY
P
Privacy International News Feed
A
Arctic Wolf
Microsoft Azure Blog
Microsoft Azure Blog
H
Help Net Security
M
MIT News - Artificial intelligence
T
Threat Research - Cisco Blogs
S
Security @ Cisco Blogs
Google DeepMind News
Google DeepMind News
B
Blog RSS Feed
D
Docker
aimingoo的专栏
aimingoo的专栏
博客园 - 【当耐特】
N
Netflix TechBlog - Medium
云风的 BLOG
云风的 BLOG
雷峰网
雷峰网
W
WeLiveSecurity
P
Proofpoint News Feed
腾讯CDC
Cloudbric
Cloudbric
S
Secure Thoughts
C
Check Point Blog
博客园 - Franky
T
The Exploit Database - CXSecurity.com
T
Troy Hunt's Blog
GbyAI
GbyAI
Security Archives - TechRepublic
Security Archives - TechRepublic
Application and Cybersecurity Blog
Application and Cybersecurity Blog
月光博客
月光博客
C
Cyber Attacks, Cyber Crime and Cyber Security
I
Intezer
TaoSecurity Blog
TaoSecurity Blog
L
Lohrmann on Cybersecurity
V
Visual Studio Blog
F
Fortinet All Blogs
博客园 - 叶小钗
C
CXSECURITY Database RSS Feed - CXSecurity.com
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Recorded Future
Recorded Future
C
Cisco Blogs
博客园 - 司徒正美
Stack Overflow Blog
Stack Overflow Blog
Y
Y Combinator Blog
Apple Machine Learning Research
Apple Machine Learning Research

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
Handling Midnight SDK Breaking Changes: A Developer's Upgrade Playbook
Harrie · 2026-05-12 · via DEV Community

You run npm update on a Friday afternoon. Tests were passing that morning. Now your terminal looks like this:

CompactError: Version mismatch
  Expected circuit artifact version: 4.1.0
  Found: 3.8.2
  Contract: ./managed/counter/contract/index.cjs

Enter fullscreen mode Exit fullscreen mode

Nothing is actually wrong with your .compact source files. You just have stale compiled artifacts sitting in managed/ from before the upgrade, and the runtime now refuses to load them.

Breaking changes on Midnight split into two categories: TypeScript API renames and Compact compiler artifact incompatibility. Once you know which you're dealing with, the fix is usually fast.

What changed in the v3.x to v4.x migration

Package consolidation

The biggest structural change was flattening six individual packages into one barrel export. If you haven't done this migration yet, your package.json probably looks like this:

{
  "dependencies": {
    "@midnight-ntwrk/wallet": "^3.2.0",
    "@midnight-ntwrk/wallet-api": "^3.2.0",
    "@midnight-ntwrk/zswap": "^3.2.0",
    "@midnight-ntwrk/midnight-js-network-id": "^3.2.0",
    "@midnight-ntwrk/midnight-js-types": "^3.2.0",
    "@midnight-ntwrk/midnight-js-contracts": "^3.2.0"
  }
}

Enter fullscreen mode Exit fullscreen mode

After v4.0.3, one package replaces all of them:

{
  "dependencies": {
    "@midnight-ntwrk/midnight-js": "^4.0.3"
  }
}

Enter fullscreen mode Exit fullscreen mode

Your imports change accordingly:

// Before
import { WalletProvider } from '@midnight-ntwrk/wallet';
import { NetworkId } from '@midnight-ntwrk/midnight-js-network-id';
import { ContractAddress } from '@midnight-ntwrk/midnight-js-types';

// After
import { WalletProvider, NetworkId, ContractAddress } from '@midnight-ntwrk/midnight-js';

Enter fullscreen mode Exit fullscreen mode

API renames

Three function-level changes trip people up most.

Wallet initialization renamed one provider option:

// Before
const wallet = await Wallet.initialize({
  walletProvider: storageProvider,
  networkId: NetworkId.TestNet
});

// After
const wallet = await Wallet.initialize({
  privateStoragePasswordProvider: storageProvider,
  networkId: NetworkId.TestNet
});

Enter fullscreen mode Exit fullscreen mode

TypeScript catches walletProvider immediately with "Object literal may only specify known properties." One of the easier breaks to find.

Transaction signing merged two calls into one:

// Before
const balanced = await balanceTx(tx, walletProvider);
const signed = await signTx(balanced, walletProvider);
await submitTx(signed);

// After
const signed = await balanceAndSign(tx, walletProvider);
await submitTx(signed);

Enter fullscreen mode Exit fullscreen mode

Grep for balanceTx to find every instance. It tends to show up in more places than expected.

The CLI command changed from compact compile to compactc. CI pipelines and build scripts using the old command will either fail silently or error out, depending on how your shell handles missing executables.

Pragma version

Compact contracts now require an explicit version pragma at the top of every .compact file:

pragma language_version >= 0.20;

Enter fullscreen mode Exit fullscreen mode

Contracts without this line fail at compile time with CompactError: Language version not specified. Add it as the first non-comment line.

Diagnosing CompactError: Version mismatch

When you compile a .compact file, the Compact compiler generates circuit artifacts: .cjs JavaScript wrappers and .wasm zero-knowledge circuit binaries. These files contain an embedded version tag. When the SDK runtime (now v4.x) finds artifacts tagged for v3.x, it refuses to load them.

Upgrading the SDK packages doesn't touch your compiled artifacts. They stay in managed/ exactly as they were. The runtime just stops accepting them.

To confirm which contracts are affected:

# List all contract artifact directories
ls managed/

# Check the version inside one
cat managed/counter/contract/package.json | grep version

Enter fullscreen mode Exit fullscreen mode

In practice, if you upgraded the SDK, assume all contracts are affected and recompile everything. Checking individually isn't worth the time.

Fixing the version mismatch

Three steps, in order.

Delete the stale artifacts first:

rm -rf managed/*/contract/

Enter fullscreen mode Exit fullscreen mode

Then recompile:

# Single contract
compactc src/contracts/counter.compact managed/counter/contract

# All contracts at once
for contract in src/contracts/*.compact; do
  name=$(basename "$contract" .compact)
  mkdir -p "managed/$name/contract"
  compactc "$contract" "managed/$name/contract"
done

Enter fullscreen mode Exit fullscreen mode

Verify the artifacts exist:

ls managed/counter/contract/
# index.cjs  index.d.cts  zkir.wasm  ...

Enter fullscreen mode Exit fullscreen mode

If you see those files, the compile worked.

The dependency audit workflow

The order matters more than most people expect.

  1. Audit before touching anything:
# What's currently installed
npm list | grep midnight

# What updates are available
npm outdated | grep midnight

Enter fullscreen mode Exit fullscreen mode

Read the changelog before proceeding. Sometimes what looks like a routine upgrade removes a feature you're using.

  1. Update package.json. Replace old package names with the new barrel package. Remove old packages completely from both dependencies and devDependencies. Don't run install yet.

  2. Delete node_modules:

rm -rf node_modules

Enter fullscreen mode Exit fullscreen mode

npm sometimes partially updates packages and leaves old peer dependency resolutions cached. A clean install avoids half-upgraded states where you're running v4 types against v3 implementations.

  1. Delete compiled artifacts:
rm -rf managed/*/contract/

Enter fullscreen mode Exit fullscreen mode

Do this before reinstalling. If you install first and forget to delete artifacts, you'll think the upgrade worked until the first test run.

  1. Install:
npm install

Enter fullscreen mode Exit fullscreen mode

  1. Recompile contracts:
for contract in src/contracts/*.compact; do
  name=$(basename "$contract" .compact)
  compactc "$contract" "managed/$name/contract"
done

Enter fullscreen mode Exit fullscreen mode

  1. Run your test suite. TypeScript type errors from renamed imports surface here. Fix them as they come up.

The verified contract

The companion repository for this guide contains a minimal versioned feature-flag registry compiled against pragma language_version >= 0.20. CI passes on the latest Compact toolchain.

pragma language_version >= 0.20;
import CompactStandardLibrary;

export ledger owner: Bytes<32>;
export ledger contractVersion: Bytes<32>;
export ledger upgradeCount: Counter;
export ledger featureFlags: Map<Bytes<32>, Boolean>;

witness getOwnerSecret(): Bytes<32>;

circuit ownerKey(): Bytes<32> {
    return persistentHash<Vector<2, Bytes<32>>>([
        pad(32, "registry:owner:v1"),
        getOwnerSecret()
    ]);
}

circuit requireOwner(): [] {
    assert(disclose(ownerKey()) == owner, "Owner only");
}

export circuit initialize(ownerPubkey: Bytes<32>): [] {
    owner = disclose(ownerPubkey);
}

export circuit setVersion(newVersion: Bytes<32>): [] {
    requireOwner();
    contractVersion = disclose(newVersion);
    upgradeCount.increment(1);
}

export circuit enableFlag(flagKey: Bytes<32>): [] {
    requireOwner();
    featureFlags.insert(disclose(flagKey), disclose(true));
}

export circuit disableFlag(flagKey: Bytes<32>): [] {
    requireOwner();
    featureFlags.insert(disclose(flagKey), disclose(false));
}

export circuit isFlagEnabled(flagKey: Bytes<32>): Boolean {
    if (!featureFlags.member(disclose(flagKey))) {
        return false;
    }
    return featureFlags.lookup(disclose(flagKey));
}

Enter fullscreen mode Exit fullscreen mode

Five exported circuits, well under Lace's 13-circuit deployment limit. The non-exported helpers (ownerKey, requireOwner) don't count toward the limit. Only export circuit declarations do.

The feature-flag pattern is genuinely useful post-upgrade. You can gate new features behind flags and enable them on-chain once you've confirmed the upgraded contracts are stable in production.

Common pitfalls

Upgrading packages without deleting artifacts. The most common way to hit CompactError: Version mismatch. Packages update, old .wasm files stay. Delete and recompile after every SDK version change.

Partial barrel migration. Updating package.json to use @midnight-ntwrk/midnight-js but leaving old import paths in TypeScript files. This only works as long as the old packages are still in dependencies. Remove them completely and run npm list | grep @midnight-ntwrk after installing to confirm nothing old is lingering.

Missing pragma. Contracts compiled under older Compact versions don't have pragma language_version >= 0.20; at the top. The compiler error is clear, but unexpected if you haven't seen it before. Add the pragma to every .compact file as part of the upgrade.

compactc not in PATH. The toolchain manager (compact) downloads the actual compiler binary. After updating the manager, run compact update to pull the new compiler. If compactc is still missing afterward, check that ~/.compact/bin is in your PATH.

Reserved keywords as parameter names. from and to are reserved keywords in Compact and can't be used as circuit parameter names. If you're refactoring transfer circuits during an upgrade, rename from to sender and to to receiver. The error looks like this:

parse error: found keyword "from" looking for a typed pattern or ")"

Enter fullscreen mode Exit fullscreen mode

This one doesn't come from the SDK change itself, but tends to surface when people are reworking circuits during an upgrade.

Stale type definitions from mixed packages. If you add @midnight-ntwrk/midnight-js without removing the individual packages, TypeScript picks up conflicting type definitions. The build might succeed, but you'll have subtle mismatches at runtime. Remove old packages completely.

That's the playbook

Breaking SDK changes feel arbitrary until you've seen the pattern twice. The package consolidation is a one-time migration. CompactError: Version mismatch always means the same thing: delete artifacts and recompile. The API renames are search-and-replace.

The workflow: audit dependencies first, update package.json, delete node_modules and artifacts, clean install, recompile, fix imports. Same order every time. Skipping step 3 or 4 is how you spend four hours debugging a two-minute fix.