From 3611d412401c6b224cfa3db0ed50074e3caf9d47 Mon Sep 17 00:00:00 2001
From: tcely <tcely@users.noreply.github.com>
Date: Tue, 25 Nov 2025 23:52:45 -0500
Subject: [PATCH 01/26] Add a submodule for `ejs`

---
 .gitmodules | 3 +++
 ejs         | 1 +
 2 files changed, 4 insertions(+)
 create mode 100644 .gitmodules
 create mode 160000 ejs

diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 00000000..da970314
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "ejs"]
+	path = ejs
+	url = https://github.com/yt-dlp/ejs.git
diff --git a/ejs b/ejs
new file mode 160000
index 00000000..2655b1f5
--- /dev/null
+++ b/ejs
@@ -0,0 +1 @@
+Subproject commit 2655b1f55f98e5870d4e124704a21f4d793b4e1c

From c03119330a2f0877bb67c6d2b59674e7331025a8 Mon Sep 17 00:00:00 2001
From: tcely <tcely@users.noreply.github.com>
Date: Tue, 25 Nov 2025 23:55:56 -0500
Subject: [PATCH 02/26] Remove `ejs` from .gitignore

---
 .gitignore | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index defe4625..1d74e219 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1 @@
-ejs/
-.vscode/
\ No newline at end of file
+.vscode/

From fe537a5b1a4a84fdb333acd0a8de678fc712d842 Mon Sep 17 00:00:00 2001
From: tcely <tcely@users.noreply.github.com>
Date: Wed, 26 Nov 2025 00:11:31 -0500
Subject: [PATCH 03/26] Update `ejs` with git in Dockerfile

---
 Dockerfile | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index d6c98202..c7771ec9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,16 +4,11 @@ WORKDIR /usr/src/app
 
 RUN apt-get update && apt-get install -y git npm
 
-RUN git clone https://github.com/yt-dlp/ejs.git
-# Pin to a specific commit
-RUN cd ejs && git checkout 2655b1f55f98e5870d4e124704a21f4d793b4e1c && cd ..
-
-COPY scripts/patch-ejs.ts ./scripts/patch-ejs.ts
-RUN deno run --allow-read --allow-write ./scripts/patch-ejs.ts
+COPY . .
 
-RUN rm -rf ./ejs/.git ./ejs/node_modules || true
+RUN git submodule update --init --recursive
 
-COPY . .
+RUN deno run --allow-read --allow-write ./scripts/patch-ejs.ts
 
 RUN deno compile \
     --no-check \
@@ -35,4 +30,4 @@ COPY --from=builder --chown=nonroot:nonroot /usr/src/app/player_cache /app/playe
 
 USER nonroot
 EXPOSE 8001
-ENTRYPOINT ["/app/server"]
\ No newline at end of file
+ENTRYPOINT ["/app/server"]

From 862abe7c3fd7c0237ea438ae0e97feb974fe8cb9 Mon Sep 17 00:00:00 2001
From: tcely <tcely@users.noreply.github.com>
Date: Wed, 26 Nov 2025 00:39:47 -0500
Subject: [PATCH 04/26] Checkout submodules recursively

---
 .github/workflows/main.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 0b8eed2f..86124530 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -14,6 +14,8 @@ jobs:
     steps:
     - name: Checkout repository
       uses: actions/checkout@v4
+      with:
+        submodules: recursive
 
     - name: Log in to GitHub Container Registry
       uses: docker/login-action@v3
@@ -41,4 +43,4 @@ jobs:
         platforms: linux/amd64,linux/arm64
         push: true
         tags: ${{ steps.meta.outputs.tags }}
-        labels: ${{ steps.meta.outputs.labels }}
\ No newline at end of file
+        labels: ${{ steps.meta.outputs.labels }}

From c8609a3b61e64ceeb7950c3719f58de1b6f44674 Mon Sep 17 00:00:00 2001
From: tcely <tcely@users.noreply.github.com>
Date: Wed, 26 Nov 2025 04:24:08 -0500
Subject: [PATCH 05/26] Create deno.json

---
 deno.json | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 deno.json

diff --git a/deno.json b/deno.json
new file mode 100644
index 00000000..5fd5a312
--- /dev/null
+++ b/deno.json
@@ -0,0 +1,9 @@
+{
+  "compilerOptions": {
+    "lib": [ "deno.worker" ]
+  },
+  "imports": {
+    "astring": "npm:astring@^1.9.0",
+    "meriyah": "npm:meriyah@^6.1.4"
+  }
+}

From b499a59feca254be55183ad8c6d0a4fea761dc72 Mon Sep 17 00:00:00 2001
From: tcely <tcely@users.noreply.github.com>
Date: Wed, 26 Nov 2025 04:42:18 -0500
Subject: [PATCH 06/26] Update imports to use jsr

---
 src/playerCache.ts | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/playerCache.ts b/src/playerCache.ts
index 57fca1b0..75bd2ed3 100644
--- a/src/playerCache.ts
+++ b/src/playerCache.ts
@@ -1,6 +1,6 @@
-import { crypto } from "https://deno.land/std@0.224.0/crypto/mod.ts";
-import { ensureDir } from "https://deno.land/std@0.224.0/fs/ensure_dir.ts";
-import { join } from "https://deno.land/std@0.224.0/path/mod.ts";
+import { crypto } from "jsr:@std/crypto@0.224.0";
+import { ensureDir } from "jsr:@std/fs@0.224.0";
+import { join } from "jsr:@std/path@0.224.0";
 import { cacheSize, playerScriptFetches } from "./metrics.ts";
 
 export const CACHE_DIR = join(Deno.cwd(), 'player_cache');
@@ -65,4 +65,4 @@ export async function initializeCache() {
     }
     cacheSize.labels({ cache_name: 'player' }).set(fileCount);
     console.log(`Player cache directory ensured at: ${CACHE_DIR}`);
-}
\ No newline at end of file
+}

From 61e8aa36c640b9baf3a8522e8c205c7574c7baf0 Mon Sep 17 00:00:00 2001
From: tcely <tcely@users.noreply.github.com>
Date: Wed, 26 Nov 2025 04:47:46 -0500
Subject: [PATCH 07/26] Remove old work-arounds

- Patching ejs is no longer needed with the imports defined in `deno.json`
- The compiler options allow including the worker
---
 Dockerfile | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index c7771ec9..9cac9518 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,10 +8,7 @@ COPY . .
 
 RUN git submodule update --init --recursive
 
-RUN deno run --allow-read --allow-write ./scripts/patch-ejs.ts
-
 RUN deno compile \
-    --no-check \
     --output server \
     --allow-net --allow-read --allow-write --allow-env \
     --include worker.ts \

From e0b14887039455b6e18dfe62b46a571427ae1945 Mon Sep 17 00:00:00 2001
From: tcely <tcely@users.noreply.github.com>
Date: Wed, 26 Nov 2025 04:49:14 -0500
Subject: [PATCH 08/26] Delete scripts directory

---
 scripts/patch-ejs.ts | 36 ------------------------------------
 1 file changed, 36 deletions(-)
 delete mode 100644 scripts/patch-ejs.ts

diff --git a/scripts/patch-ejs.ts b/scripts/patch-ejs.ts
deleted file mode 100644
index 11f6890d..00000000
--- a/scripts/patch-ejs.ts
+++ /dev/null
@@ -1,36 +0,0 @@
-import { walk } from "https://deno.land/std@0.224.0/fs/walk.ts";
-import { join } from "https://deno.land/std@0.224.0/path/mod.ts";
-
-const EJS_SRC_DIR = join(Deno.cwd(), "ejs/src");
-
-async function patchFile(path: string) {
-    let content = await Deno.readTextFile(path);
-    let changed = false;
-
-    const replacements = [
-        { from: /from ["']meriyah["']/g, to: 'from "npm:meriyah"' },
-        { from: /from ["']astring["']/g, to: 'from "npm:astring"' }
-    ];
-
-    for (const replacement of replacements) {
-        if (replacement.from.test(content)) {
-            content = content.replace(replacement.from, replacement.to);
-            changed = true;
-        }
-    }
-
-    if (changed) {
-        await Deno.writeTextFile(path, content);
-        console.log(`Patched ${path}`);
-    }
-}
-
-console.log(`Starting to patch files in ${EJS_SRC_DIR}...`);
-
-for await (const entry of walk(EJS_SRC_DIR, { exts: [".ts"] })) {
-    if (entry.isFile) {
-        await patchFile(entry.path);
-    }
-}
-
-console.log("Patching complete.");
\ No newline at end of file

From a179f23b2164433a8d092333376efcfad99156ed Mon Sep 17 00:00:00 2001
From: tcely <tcely@users.noreply.github.com>
Date: Wed, 26 Nov 2025 05:31:38 -0500
Subject: [PATCH 09/26] Update imports to use jsr in server.ts

---
 server.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server.ts b/server.ts
index baf42ba1..91d1bb39 100644
--- a/server.ts
+++ b/server.ts
@@ -1,4 +1,4 @@
-import { serve } from "https://deno.land/std@0.224.0/http/server.ts";
+import { serve } from "jsr:@std/http@0.224.0";
 import { initializeWorkers } from "./src/workerPool.ts";
 import { initializeCache } from "./src/playerCache.ts";
 import { handleDecryptSignature } from "./src/handlers/decryptSignature.ts";
@@ -68,4 +68,4 @@ await initializeCache();
 initializeWorkers();
 
 console.log(`Server listening on http://${host}:${port}`);
-await serve(handler, { port: Number(port), hostname: host });
\ No newline at end of file
+await serve(handler, { port: Number(port), hostname: host });

From d7792a4f10012137ce090fe0a962f2069c228685 Mon Sep 17 00:00:00 2001
From: tcely <tcely@users.noreply.github.com>
Date: Wed, 26 Nov 2025 06:41:08 -0500
Subject: [PATCH 10/26] Use a later version of std/http

---
 server.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server.ts b/server.ts
index 91d1bb39..0d95fec0 100644
--- a/server.ts
+++ b/server.ts
@@ -1,4 +1,4 @@
-import { serve } from "jsr:@std/http@0.224.0";
+import { serve } from "jsr:@std/http@0.224.5";
 import { initializeWorkers } from "./src/workerPool.ts";
 import { initializeCache } from "./src/playerCache.ts";
 import { handleDecryptSignature } from "./src/handlers/decryptSignature.ts";

From cb5398f1b2e14a7883b5e671fa6976722ceff86a Mon Sep 17 00:00:00 2001
From: tcely <tcely@users.noreply.github.com>
Date: Wed, 26 Nov 2025 06:48:47 -0500
Subject: [PATCH 11/26] Add imports for src/playerCache.ts

---
 deno.json | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/deno.json b/deno.json
index 5fd5a312..7416ae14 100644
--- a/deno.json
+++ b/deno.json
@@ -3,6 +3,9 @@
     "lib": [ "deno.worker" ]
   },
   "imports": {
+    "@std/crypto": "jsr:@std/crypto@^0.224.0",
+    "@std/fs": "jsr:@std/fs@^0.224.0",
+    "@std/path": "jsr:@std/path@^0.224.0",
     "astring": "npm:astring@^1.9.0",
     "meriyah": "npm:meriyah@^6.1.4"
   }

From 3db5cd86de6aa07fe5d8771d166f5fb830086744 Mon Sep 17 00:00:00 2001
From: tcely <tcely@users.noreply.github.com>
Date: Wed, 26 Nov 2025 06:51:13 -0500
Subject: [PATCH 12/26] Use imports from deno.json

---
 src/playerCache.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/playerCache.ts b/src/playerCache.ts
index 75bd2ed3..7391d1ba 100644
--- a/src/playerCache.ts
+++ b/src/playerCache.ts
@@ -1,6 +1,6 @@
-import { crypto } from "jsr:@std/crypto@0.224.0";
-import { ensureDir } from "jsr:@std/fs@0.224.0";
-import { join } from "jsr:@std/path@0.224.0";
+import { crypto } from "@std/crypto";
+import { ensureDir } from "@std/fs";
+import { join } from "@std/path";
 import { cacheSize, playerScriptFetches } from "./metrics.ts";
 
 export const CACHE_DIR = join(Deno.cwd(), 'player_cache');

From 19b3cb0c308d5cbcaf27d6594b36271346fc730b Mon Sep 17 00:00:00 2001
From: tcely <tcely@users.noreply.github.com>
Date: Wed, 26 Nov 2025 07:02:43 -0500
Subject: [PATCH 13/26] Create deno.lock

---
 deno.lock | 105 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 105 insertions(+)
 create mode 100644 deno.lock

diff --git a/deno.lock b/deno.lock
new file mode 100644
index 00000000..995c6e6a
--- /dev/null
+++ b/deno.lock
@@ -0,0 +1,105 @@
+{
+  "version": "5",
+  "specifiers": {
+    "jsr:@std/assert@0.224": "0.224.0",
+    "jsr:@std/async@^1.0.0-rc.1": "1.0.15",
+    "jsr:@std/cli@~0.224.7": "0.224.7",
+    "jsr:@std/crypto@0.224": "0.224.0",
+    "jsr:@std/encoding@0.224": "0.224.3",
+    "jsr:@std/encoding@1.0.0-rc.2": "1.0.0-rc.2",
+    "jsr:@std/fmt@~0.225.4": "0.225.6",
+    "jsr:@std/fs@0.224": "0.224.0",
+    "jsr:@std/http@~0.224.5": "0.224.5",
+    "jsr:@std/media-types@^1.0.0-rc.1": "1.1.0",
+    "jsr:@std/net@~0.224.3": "0.224.5",
+    "jsr:@std/path@0.224": "0.224.0",
+    "jsr:@std/path@1.0.0-rc.2": "1.0.0-rc.2",
+    "jsr:@std/streams@~0.224.5": "0.224.5",
+    "npm:astring@^1.9.0": "1.9.0",
+    "npm:meriyah@^6.1.4": "6.1.4"
+  },
+  "jsr": {
+    "@std/assert@0.224.0": {
+      "integrity": "8643233ec7aec38a940a8264a6e3eed9bfa44e7a71cc6b3c8874213ff401967f"
+    },
+    "@std/async@1.0.15": {
+      "integrity": "55d1d9d04f99403fe5730ab16bdcc3c47f658a6bf054cafb38a50f046238116e"
+    },
+    "@std/cli@0.224.7": {
+      "integrity": "654ca6477518e5e3a0d3fabafb2789e92b8c0febf1a1d24ba4b567aba94b5977"
+    },
+    "@std/crypto@0.224.0": {
+      "integrity": "154ef3ff08ef535562ef1a718718c5b2c5fc3808f0f9100daad69e829bfcdf2d",
+      "dependencies": [
+        "jsr:@std/assert",
+        "jsr:@std/encoding@0.224"
+      ]
+    },
+    "@std/encoding@0.224.3": {
+      "integrity": "5e861b6d81be5359fad4155e591acf17c0207b595112d1840998bb9f476dbdaf"
+    },
+    "@std/encoding@1.0.0-rc.2": {
+      "integrity": "160d7674a20ebfbccdf610b3801fee91cf6e42d1c106dd46bbaf46e395cd35ef"
+    },
+    "@std/fmt@0.225.6": {
+      "integrity": "aba6aea27f66813cecfd9484e074a9e9845782ab0685c030e453a8a70b37afc8"
+    },
+    "@std/fs@0.224.0": {
+      "integrity": "52a5ec89731ac0ca8f971079339286f88c571a4d61686acf75833f03a89d8e69",
+      "dependencies": [
+        "jsr:@std/assert",
+        "jsr:@std/path@0.224"
+      ]
+    },
+    "@std/http@0.224.5": {
+      "integrity": "b03b5d1529f6c423badfb82f6640f9f2557b4034cd7c30655ba5bb447ff750a4",
+      "dependencies": [
+        "jsr:@std/async",
+        "jsr:@std/cli",
+        "jsr:@std/encoding@1.0.0-rc.2",
+        "jsr:@std/fmt",
+        "jsr:@std/media-types",
+        "jsr:@std/net",
+        "jsr:@std/path@1.0.0-rc.2",
+        "jsr:@std/streams"
+      ]
+    },
+    "@std/media-types@1.1.0": {
+      "integrity": "c9d093f0c05c3512932b330e3cc1fe1d627b301db33a4c2c2185c02471d6eaa4"
+    },
+    "@std/net@0.224.5": {
+      "integrity": "9c2ae90a5c3dc7771da5ae5e13b6f7d5d0b316c1954c5d53f2bfc1129fb757ff"
+    },
+    "@std/path@0.224.0": {
+      "integrity": "55bca6361e5a6d158b9380e82d4981d82d338ec587de02951e2b7c3a24910ee6",
+      "dependencies": [
+        "jsr:@std/assert"
+      ]
+    },
+    "@std/path@1.0.0-rc.2": {
+      "integrity": "39f20d37a44d1867abac8d91c169359ea6e942237a45a99ee1e091b32b921c7d"
+    },
+    "@std/streams@0.224.5": {
+      "integrity": "bcde7818dd5460d474cdbd674b15f6638b9cd73cd64e52bd852fba2bd4d8ec91"
+    }
+  },
+  "npm": {
+    "astring@1.9.0": {
+      "integrity": "sha512-LElXdjswlqjWrPpJFg1Fx4wpkOCxj1TDHlSV4PlaRxHGWko024xICaa97ZkMfs6DRKlCguiAI+rbXv5GWwXIkg==",
+      "bin": true
+    },
+    "meriyah@6.1.4": {
+      "integrity": "sha512-Sz8FzjzI0kN13GK/6MVEsVzMZEPvOhnmmI1lU5+/1cGOiK3QUahntrNNtdVeihrO7t9JpoH75iMNXg6R6uWflQ=="
+    }
+  },
+  "workspace": {
+    "dependencies": [
+      "jsr:@std/crypto@0.224",
+      "jsr:@std/fs@0.224",
+      "jsr:@std/http@~0.224.5",
+      "jsr:@std/path@0.224",
+      "npm:astring@^1.9.0",
+      "npm:meriyah@^6.1.4"
+    ]
+  }
+}

From 0d20392e291a7b761616c43b99d32c9bc4047619 Mon Sep 17 00:00:00 2001
From: tcely <tcely@users.noreply.github.com>
Date: Wed, 26 Nov 2025 15:32:29 -0500
Subject: [PATCH 14/26] Update Dockerfile

- Specify Debian for builder
- Use `tini` for proper signals
- Create appropriate cache directories
---
 Dockerfile | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 9cac9518..10d15b86 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,8 +1,11 @@
-FROM denoland/deno:latest AS builder
+FROM denoland/deno:debian AS builder
 
 WORKDIR /usr/src/app
 
-RUN apt-get update && apt-get install -y git npm
+RUN install -v -d -m 1777 /cache && \
+    install -v -d -o deno -g deno player_cache
+
+RUN apt-get update && apt-get install -y git
 
 COPY . .
 
@@ -14,17 +17,17 @@ RUN deno compile \
     --include worker.ts \
     server.ts
 
-RUN mkdir -p /usr/src/app/player_cache && \
-    chown -R deno:deno /usr/src/app/player_cache
-
 FROM gcr.io/distroless/cc-debian12
 
 WORKDIR /app
 
+COPY --from=builder /tini /tini
 COPY --from=builder /usr/src/app/server /app/server
+COPY --from=builder /cache /cache
 
 COPY --from=builder --chown=nonroot:nonroot /usr/src/app/player_cache /app/player_cache
+COPY --from=builder --chown=nonroot:nonroot /usr/src/app/player_cache /home/nonroot/.cache
 
 USER nonroot
 EXPOSE 8001
-ENTRYPOINT ["/app/server"]
+ENTRYPOINT ["/tini", "--", "/app/server"]

From aa23c49085b045b382f2707490ed4c3ba74176d1 Mon Sep 17 00:00:00 2001
From: tcely <tcely@users.noreply.github.com>
Date: Wed, 26 Nov 2025 17:32:06 -0500
Subject: [PATCH 15/26] Handle HOME returning undefined

---
 src/playerCache.ts | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/playerCache.ts b/src/playerCache.ts
index ad7341e2..d4c32db2 100644
--- a/src/playerCache.ts
+++ b/src/playerCache.ts
@@ -3,8 +3,13 @@ import { ensureDir } from "@std/fs";
 import { join } from "@std/path";
 import { cacheSize, playerScriptFetches } from "./metrics.ts";
 
-export const CACHE_HOME = Deno.env.get("XDG_CACHE_HOME") || join(Deno.env.get("HOME"), '.cache');
-export const CACHE_DIR = join(CACHE_HOME, 'yt-cipher', 'player_cache');
+let cache_prefix = Deno.cwd();
+const HOME = Deno.env.get("HOME");
+const CACHE_HOME = Deno.env.get("XDG_CACHE_HOME");
+if ( HOME !== undefined ) {
+    cache_prefix = join(CACHE_HOME || join(HOME, '.cache'), 'yt-cipher');
+}
+export const CACHE_DIR = join(cache_prefix, 'player_cache');
 
 export async function getPlayerFilePath(playerUrl: string): Promise<string> {
     // This hash of the player script url will mean that diff region scripts are treated as unequals, even for the same version #

From 23d783d26f38a6084c02c843adcc521cb7cb3e92 Mon Sep 17 00:00:00 2001
From: tcely <tcely@users.noreply.github.com>
Date: Wed, 26 Nov 2025 18:01:42 -0500
Subject: [PATCH 16/26] Set the owner with COPY

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 10d15b86..ff065e56 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -23,7 +23,7 @@ WORKDIR /app
 
 COPY --from=builder /tini /tini
 COPY --from=builder /usr/src/app/server /app/server
-COPY --from=builder /cache /cache
+COPY --from=builder --chown=nonroot:nonroot /cache /cache
 
 COPY --from=builder --chown=nonroot:nonroot /usr/src/app/player_cache /app/player_cache
 COPY --from=builder --chown=nonroot:nonroot /usr/src/app/player_cache /home/nonroot/.cache

From 841fc81756be251e7ff7b5de211f7b3b544feedb Mon Sep 17 00:00:00 2001
From: tcely <tcely@users.noreply.github.com>
Date: Wed, 26 Nov 2025 22:17:57 -0500
Subject: [PATCH 17/26] Re-work cache_prefix logic

---
 src/playerCache.ts | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/playerCache.ts b/src/playerCache.ts
index d4c32db2..b1fd3c47 100644
--- a/src/playerCache.ts
+++ b/src/playerCache.ts
@@ -5,9 +5,12 @@ import { cacheSize, playerScriptFetches } from "./metrics.ts";
 
 let cache_prefix = Deno.cwd();
 const HOME = Deno.env.get("HOME");
+if ( HOME ) {
+    cache_prefix = join(HOME, '.cache', 'yt-cipher');
+}
 const CACHE_HOME = Deno.env.get("XDG_CACHE_HOME");
-if ( HOME !== undefined ) {
-    cache_prefix = join(CACHE_HOME || join(HOME, '.cache'), 'yt-cipher');
+if ( CACHE_HOME ) {
+    cache_prefix = join(CACHE_HOME, 'yt-cipher');
 }
 export const CACHE_DIR = join(cache_prefix, 'player_cache');
 

From fb889f849fa93edcb79aa91742b77efd27cc94f4 Mon Sep 17 00:00:00 2001
From: tcely <tcely@users.noreply.github.com>
Date: Thu, 27 Nov 2025 01:53:06 -0500
Subject: [PATCH 18/26] Switch to the debian13 image

All the other images used are on 13 now anyway.

Also, use the debug tag so that busybox is included.
We can use that to run shell commands to avoid issues with COPY.
---
 Dockerfile | 21 +++++++++------------
 1 file changed, 9 insertions(+), 12 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index ff065e56..6b1de72e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,14 +2,11 @@ FROM denoland/deno:debian AS builder
 
 WORKDIR /usr/src/app
 
-RUN install -v -d -m 1777 /cache && \
-    install -v -d -o deno -g deno player_cache
-
-RUN apt-get update && apt-get install -y git
-
 COPY . .
 
-RUN git submodule update --init --recursive
+# needs --build-arg BUILDKIT_CONTEXT_KEEP_GIT_DIR=1 when using a URL
+#RUN apt-get update && apt-get install -y git && \
+#    git submodule update --init --recursive
 
 RUN deno compile \
     --output server \
@@ -17,17 +14,17 @@ RUN deno compile \
     --include worker.ts \
     server.ts
 
-FROM gcr.io/distroless/cc-debian12
+FROM gcr.io/distroless/cc-debian13:debug
+SHELL ["/busybox/busybox", "sh", "-c"]
 
 WORKDIR /app
 
 COPY --from=builder /tini /tini
 COPY --from=builder /usr/src/app/server /app/server
-COPY --from=builder --chown=nonroot:nonroot /cache /cache
 
-COPY --from=builder --chown=nonroot:nonroot /usr/src/app/player_cache /app/player_cache
-COPY --from=builder --chown=nonroot:nonroot /usr/src/app/player_cache /home/nonroot/.cache
+RUN install -v -d -m 1777 /cache && \
+    install -v -d -o nonroot -g nonroot -m 750 /app/player_cache /home/nonroot/.cache
 
-USER nonroot
 EXPOSE 8001
-ENTRYPOINT ["/tini", "--", "/app/server"]
+ENTRYPOINT ["/tini", "--"]
+CMD ["/busybox/busybox", "su", "-s", "/app/server", "nonroot"]

From a21e6af2885b9e4c6703243e3da504aba2b44230 Mon Sep 17 00:00:00 2001
From: tcely <tcely@users.noreply.github.com>
Date: Fri, 28 Nov 2025 17:16:34 -0500
Subject: [PATCH 19/26] Adjust Dockerfile based on review

---
 Dockerfile | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 6b1de72e..29d1c8fa 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,13 +1,11 @@
+ARG XDG_CACHE_HOME
+
 FROM denoland/deno:debian AS builder
 
 WORKDIR /usr/src/app
 
 COPY . .
 
-# needs --build-arg BUILDKIT_CONTEXT_KEEP_GIT_DIR=1 when using a URL
-#RUN apt-get update && apt-get install -y git && \
-#    git submodule update --init --recursive
-
 RUN deno compile \
     --output server \
     --allow-net --allow-read --allow-write --allow-env \
@@ -22,9 +20,16 @@ WORKDIR /app
 COPY --from=builder /tini /tini
 COPY --from=builder /usr/src/app/server /app/server
 
-RUN install -v -d -m 1777 /cache && \
-    install -v -d -o nonroot -g nonroot -m 750 /app/player_cache /home/nonroot/.cache
+ARG XDG_CACHE_HOME
+ENV XDG_CACHE_HOME="${XDG_CACHE_HOME}"
+# Create the fall-back cache directories
+RUN install -v -d -o nonroot -g nonroot -m 750 \
+        /app/player_cache /home/nonroot/.cache && \
+    test -z "${XDG_CACHE_HOME}" || install -v -d -m 1777 "${XDG_CACHE_HOME}"
 
 EXPOSE 8001
+USER nonroot
 ENTRYPOINT ["/tini", "--"]
-CMD ["/busybox/busybox", "su", "-s", "/app/server", "nonroot"]
+# Run the server as nonroot even when /tini runs as root
+# CMD ["/busybox/busybox", "su", "-s", "/app/server", "nonroot"]
+CMD ["/app/server"]

From cea36e28e5e5a3301beb150c3b82692e49faf07c Mon Sep 17 00:00:00 2001
From: PadowYT2 <me@padow.ru>
Date: Mon, 1 Dec 2025 22:57:10 +0300
Subject: [PATCH 20/26] update lock

---
 deno.lock | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/deno.lock b/deno.lock
index 995c6e6a..dc8f8dc3 100644
--- a/deno.lock
+++ b/deno.lock
@@ -9,7 +9,7 @@
     "jsr:@std/encoding@1.0.0-rc.2": "1.0.0-rc.2",
     "jsr:@std/fmt@~0.225.4": "0.225.6",
     "jsr:@std/fs@0.224": "0.224.0",
-    "jsr:@std/http@~0.224.5": "0.224.5",
+    "jsr:@std/http@0.224.5": "0.224.5",
     "jsr:@std/media-types@^1.0.0-rc.1": "1.1.0",
     "jsr:@std/net@~0.224.3": "0.224.5",
     "jsr:@std/path@0.224": "0.224.0",
@@ -92,11 +92,24 @@
       "integrity": "sha512-Sz8FzjzI0kN13GK/6MVEsVzMZEPvOhnmmI1lU5+/1cGOiK3QUahntrNNtdVeihrO7t9JpoH75iMNXg6R6uWflQ=="
     }
   },
+  "redirects": {
+    "https://deno.land/x/ts_prometheus/mod.ts": "https://deno.land/x/ts_prometheus@v0.3.0/mod.ts"
+  },
+  "remote": {
+    "https://deno.land/x/lru@1.0.2/mod.ts": "1d44b87c4d40ff33749ae5fd85fe234344e0dace835fdfeb48413edea9461159",
+    "https://deno.land/x/ts_prometheus@v0.3.0/collector.ts": "12305e262e60de3b9b2db22670f95e388b6f4c0ff8da0fdbaf4cd4758bb5b1b6",
+    "https://deno.land/x/ts_prometheus@v0.3.0/counter.ts": "c6a03fc6ceb732a70728e2633a6781f607615c5ce5e6ee46fdff34b37bde0ef5",
+    "https://deno.land/x/ts_prometheus@v0.3.0/gauge.ts": "d2d3b79df3fae07652ee3b72c118cf6e96c834c82c81eb2ebf52e8f136b24fa5",
+    "https://deno.land/x/ts_prometheus@v0.3.0/histogram.ts": "7585024285ef52b29054adc02d480f5ac4595e0037a8ad5bd1d75ddc205a3fd0",
+    "https://deno.land/x/ts_prometheus@v0.3.0/metric.ts": "c7635f8b4ec92742e01244712bb8264c32ce91c03f3a8332b9119926dab027cb",
+    "https://deno.land/x/ts_prometheus@v0.3.0/mod.ts": "9fef6a6c301da262dfa38d111cb4011e96d0c6b1c9f1a233526506c8ce8723bb",
+    "https://deno.land/x/ts_prometheus@v0.3.0/registry.ts": "b7d4b4b6e008d7ffb8b4acff6a1a56b27463bfb4ecec4f0455562187f7941891",
+    "https://deno.land/x/ts_prometheus@v0.3.0/summary.ts": "d1ef0341e265fa8d2a2bc42e8d732428d8aadbfa0f60ce4c2baa0486910590df",
+  },
   "workspace": {
     "dependencies": [
       "jsr:@std/crypto@0.224",
       "jsr:@std/fs@0.224",
-      "jsr:@std/http@~0.224.5",
       "jsr:@std/path@0.224",
       "npm:astring@^1.9.0",
       "npm:meriyah@^6.1.4"

From 646fc4bfd1a52f27ff20054e0ced75f8742d1a16 Mon Sep 17 00:00:00 2001
From: PadowYT2 <me@padow.ru>
Date: Mon, 1 Dec 2025 22:57:49 +0300
Subject: [PATCH 21/26] use esm.sh instead of a submodule for ejs

---
 .gitmodules   | 3 ---
 deno.json     | 2 ++
 deno.lock     | 4 ++++
 ejs           | 1 -
 src/solver.ts | 2 +-
 src/types.ts  | 2 --
 worker.ts     | 2 +-
 7 files changed, 8 insertions(+), 8 deletions(-)
 delete mode 100644 .gitmodules
 delete mode 160000 ejs

diff --git a/.gitmodules b/.gitmodules
deleted file mode 100644
index da970314..00000000
--- a/.gitmodules
+++ /dev/null
@@ -1,3 +0,0 @@
-[submodule "ejs"]
-	path = ejs
-	url = https://github.com/yt-dlp/ejs.git
diff --git a/deno.json b/deno.json
index 7416ae14..fefbef81 100644
--- a/deno.json
+++ b/deno.json
@@ -7,6 +7,8 @@
     "@std/fs": "jsr:@std/fs@^0.224.0",
     "@std/path": "jsr:@std/path@^0.224.0",
     "astring": "npm:astring@^1.9.0",
+    "ejs": "https://esm.sh/gh/yt-dlp/ejs@0.3.0?standalone",
+    "ejs/": "https://esm.sh/gh/yt-dlp/ejs@0.3.0&standalone/",
     "meriyah": "npm:meriyah@^6.1.4"
   }
 }
diff --git a/deno.lock b/deno.lock
index dc8f8dc3..15b4b5c1 100644
--- a/deno.lock
+++ b/deno.lock
@@ -105,6 +105,10 @@
     "https://deno.land/x/ts_prometheus@v0.3.0/mod.ts": "9fef6a6c301da262dfa38d111cb4011e96d0c6b1c9f1a233526506c8ce8723bb",
     "https://deno.land/x/ts_prometheus@v0.3.0/registry.ts": "b7d4b4b6e008d7ffb8b4acff6a1a56b27463bfb4ecec4f0455562187f7941891",
     "https://deno.land/x/ts_prometheus@v0.3.0/summary.ts": "d1ef0341e265fa8d2a2bc42e8d732428d8aadbfa0f60ce4c2baa0486910590df",
+    "https://esm.sh/gh/yt-dlp/ejs@0.3.0&standalone/src/yt/solver/main.ts": "8b2cdc4da906b66f79df57d9cc715badfe92a793faa59841e6ccb641c604ea55",
+    "https://esm.sh/gh/yt-dlp/ejs@0.3.0&standalone/src/yt/solver/solvers.ts": "269a7e74a2f021621402fbee5872168564196151df892df8fb17229b593dd0b3",
+    "https://esm.sh/gh/yt-dlp/ejs@0.3.0/denonext/src/yt/solver/main.ts.bundle.mjs": "1dcc16eb6921cac07e440b991c74fb928f49a22554bd422df3aa8ddd09c46e26",
+    "https://esm.sh/gh/yt-dlp/ejs@0.3.0/denonext/src/yt/solver/solvers.ts.bundle.mjs": "88c7e36c180c2f9416fd26ba9a7db344d8008a7f1069e5d7a91c0bdde44a5656"
   },
   "workspace": {
     "dependencies": [
diff --git a/ejs b/ejs
deleted file mode 160000
index 2655b1f5..00000000
--- a/ejs
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 2655b1f55f98e5870d4e124704a21f4d793b4e1c
diff --git a/src/solver.ts b/src/solver.ts
index a87e99c7..dc617fbb 100644
--- a/src/solver.ts
+++ b/src/solver.ts
@@ -2,7 +2,7 @@ import { execInPool } from "./workerPool.ts";
 import { getPlayerFilePath } from "./playerCache.ts";
 import { preprocessedCache } from "./preprocessedCache.ts";
 import { solverCache } from "./solverCache.ts";
-import { getFromPrepared } from "../ejs/src/yt/solver/solvers.ts";
+import { getFromPrepared } from "ejs/src/yt/solver/solvers.ts";
 import type { Solvers } from "./types.ts";
 import { workerErrors } from "./metrics.ts";
 import { extractPlayerId } from "./utils.ts";
diff --git a/src/types.ts b/src/types.ts
index 1f8c5e93..c82a275c 100644
--- a/src/types.ts
+++ b/src/types.ts
@@ -1,5 +1,3 @@
-import type { Input as MainInput, Output as MainOutput } from "../ejs/src/yt/solver/main.ts";
-
 export interface Solvers {
     n: ((val: string) => string) | null;
     sig: ((val: string) => string) | null;
diff --git a/worker.ts b/worker.ts
index 7448192c..6a35aae2 100644
--- a/worker.ts
+++ b/worker.ts
@@ -1,4 +1,4 @@
-import { preprocessPlayer } from "./ejs/src/yt/solver/solvers.ts";
+import { preprocessPlayer } from "ejs/src/yt/solver/solvers.ts";
 
 self.onmessage = (e: MessageEvent<string>) => {
     try {

From aa90b1042d8f5accc4454487662272070a430e45 Mon Sep 17 00:00:00 2001
From: tcely <tcely@users.noreply.github.com>
Date: Mon, 1 Dec 2025 15:34:52 -0500
Subject: [PATCH 22/26] Clean up imports from the ejs submodule

---
 deno.json | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/deno.json b/deno.json
index fefbef81..14e7e38e 100644
--- a/deno.json
+++ b/deno.json
@@ -5,10 +5,8 @@
   "imports": {
     "@std/crypto": "jsr:@std/crypto@^0.224.0",
     "@std/fs": "jsr:@std/fs@^0.224.0",
+    "@std/http": "jsr:@std/http@0.224.5",
     "@std/path": "jsr:@std/path@^0.224.0",
-    "astring": "npm:astring@^1.9.0",
-    "ejs": "https://esm.sh/gh/yt-dlp/ejs@0.3.0?standalone",
-    "ejs/": "https://esm.sh/gh/yt-dlp/ejs@0.3.0&standalone/",
-    "meriyah": "npm:meriyah@^6.1.4"
+    "ejs/": "https://esm.sh/gh/yt-dlp/ejs@0.3.0&standalone/"
   }
 }

From 99b900247bc9838e74409bab45e98dcb7a1bf251 Mon Sep 17 00:00:00 2001
From: tcely <tcely@users.noreply.github.com>
Date: Mon, 1 Dec 2025 15:36:26 -0500
Subject: [PATCH 23/26] Use the mapped import in server.ts

---
 server.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server.ts b/server.ts
index 58c1f72c..c7296e05 100644
--- a/server.ts
+++ b/server.ts
@@ -1,4 +1,4 @@
-import { serve } from "jsr:@std/http@0.224.5";
+import { serve } from "@std/http";
 import { initializeWorkers } from "./src/workerPool.ts";
 import { initializeCache } from "./src/playerCache.ts";
 import { handleDecryptSignature } from "./src/handlers/decryptSignature.ts";

From aa113066988e415629a328c872169848c712ec89 Mon Sep 17 00:00:00 2001
From: tcely <tcely@users.noreply.github.com>
Date: Mon, 1 Dec 2025 15:58:26 -0500
Subject: [PATCH 24/26] Update deno.lock

---
 deno.lock | 18 +++---------------
 1 file changed, 3 insertions(+), 15 deletions(-)

diff --git a/deno.lock b/deno.lock
index 15b4b5c1..40cb7ba7 100644
--- a/deno.lock
+++ b/deno.lock
@@ -14,9 +14,7 @@
     "jsr:@std/net@~0.224.3": "0.224.5",
     "jsr:@std/path@0.224": "0.224.0",
     "jsr:@std/path@1.0.0-rc.2": "1.0.0-rc.2",
-    "jsr:@std/streams@~0.224.5": "0.224.5",
-    "npm:astring@^1.9.0": "1.9.0",
-    "npm:meriyah@^6.1.4": "6.1.4"
+    "jsr:@std/streams@~0.224.5": "0.224.5"
   },
   "jsr": {
     "@std/assert@0.224.0": {
@@ -83,15 +81,6 @@
       "integrity": "bcde7818dd5460d474cdbd674b15f6638b9cd73cd64e52bd852fba2bd4d8ec91"
     }
   },
-  "npm": {
-    "astring@1.9.0": {
-      "integrity": "sha512-LElXdjswlqjWrPpJFg1Fx4wpkOCxj1TDHlSV4PlaRxHGWko024xICaa97ZkMfs6DRKlCguiAI+rbXv5GWwXIkg==",
-      "bin": true
-    },
-    "meriyah@6.1.4": {
-      "integrity": "sha512-Sz8FzjzI0kN13GK/6MVEsVzMZEPvOhnmmI1lU5+/1cGOiK3QUahntrNNtdVeihrO7t9JpoH75iMNXg6R6uWflQ=="
-    }
-  },
   "redirects": {
     "https://deno.land/x/ts_prometheus/mod.ts": "https://deno.land/x/ts_prometheus@v0.3.0/mod.ts"
   },
@@ -114,9 +103,8 @@
     "dependencies": [
       "jsr:@std/crypto@0.224",
       "jsr:@std/fs@0.224",
-      "jsr:@std/path@0.224",
-      "npm:astring@^1.9.0",
-      "npm:meriyah@^6.1.4"
+      "jsr:@std/http@0.224.5",
+      "jsr:@std/path@0.224"
     ]
   }
 }

From 39c7ccac09a37b96cfd964154f496e590fa5954a Mon Sep 17 00:00:00 2001
From: tcely <tcely@users.noreply.github.com>
Date: Mon, 1 Dec 2025 16:16:14 -0500
Subject: [PATCH 25/26] Update README.md

---
 README.md | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index c7357fee..3928da1e 100644
--- a/README.md
+++ b/README.md
@@ -39,19 +39,16 @@ docker-compose up
 
 If you have Deno installed, you can run the service directly.
 
-Clone the repository and patch the `ejs` dependency:
+Clone the repository:
 
 ```bash
 git clone https://github.com/kikkia/yt-cipher.git
-cd yt-cipher
-git clone https://github.com/yt-dlp/ejs.git
-cd ejs
-git checkout 5d7bf090bb9a2a8f3e2dd13ded4a21a009224f87
-cd ..
-deno run --allow-read --allow-write ./scripts/patch-ejs.ts
 ```
 
+Run the server:
+
 ```bash
+cd yt-cipher && \
 deno run --allow-net --allow-read --allow-write --allow-env server.ts
 ```
 NOTE: If using an `.env` file then also add the `--env` flag

From 532a33124527a42d0b5de7f1eb61e7361fb50370 Mon Sep 17 00:00:00 2001
From: tcely <tcely@users.noreply.github.com>
Date: Mon, 8 Dec 2025 18:22:24 -0500
Subject: [PATCH 26/26] Undo workflow change for submodules

---
 .github/workflows/main.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 86124530..936dc8f9 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -14,8 +14,6 @@ jobs:
     steps:
     - name: Checkout repository
       uses: actions/checkout@v4
-      with:
-        submodules: recursive
 
     - name: Log in to GitHub Container Registry
       uses: docker/login-action@v3