Switch from terser to esbuild for build:release

Author: paulmillr

.github/workflows/release.yml

@@ -4,10 +4,11 @@ on:
     types: [created]
 jobs:
   release-js:
-    name: "jsbt v0.3.1" # Should match commit below
-    uses: paulmillr/jsbt/.github/workflows/release.yml@c45f03360e0171b138f04568d2fdd35d7bbc0d35
+    name: "jsbt v0.3.3" # Should match commit below
+    uses: paulmillr/jsbt/.github/workflows/release.yml@c9a9f2cd6b4841aa3117b174e9ea468b1650e5ea
     secrets:
       NPM_PUBLISH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}
     permissions:
       contents: write
       id-token: write
+      attestations: write

README.md

@@ -278,6 +278,8 @@ Use low-level libraries & languages.
 
 - **Commits** are signed with PGP keys, to prevent forgery. Make sure to verify commit signatures
 - **Releases** are transparent and built on GitHub CI. Make sure to verify [provenance](https://docs.npmjs.com/generating-provenance-statements) logs
+  - Use GitHub CLI to verify single-file builds:
+    `gh attestation verify --owner paulmillr noble-secp256k1.js`
 - **Rare releasing** is followed to ensure less re-audit need for end-users
 - **Dependencies** are minimized and locked-down: any dependency could get hacked and users will be downloading malware with every install.
   - We make sure to use as few dependencies as possible

package.json

@@ -14,9 +14,8 @@
   "sideEffects": false,
   "scripts": {
     "build": "tsc",
-    "build:min": "cd test/build; npm install; npm run terser",
-    "build:mingz": "npm run --silent build:min | gzip -c8",
-    "build:release": "npm run --silent build:min > test/build/noble-secp256k1.min.js; npm run --silent build:mingz > test/build/noble-secp256k1.min.js.gz",
+    "build:release": "npx jsbt esbuild test/build",
+    "build:smaller": "cd test/build; npm install terser@5.29.2; terser --ecma 2020 -m -c < ../../index.js",
     "test": "node test/index.js",
     "test:bun": "bun test/index.js",
     "test:deno": "deno --allow-env --allow-read test/index.js",