@aspruyt/json-config-sync 2.0.1 → 2.0.2

package/dist/git-ops.d.ts

@@ -11,9 +11,17 @@ export declare class GitOps {
     clone(gitUrl: string): void;
     createBranch(branchName: string): void;
     writeFile(fileName: string, content: string): void;
+    /**
+     * Checks if writing the given content would result in changes.
+     * Works in both normal and dry-run modes by comparing content directly.
+     */
+    wouldChange(fileName: string, content: string): boolean;
     hasChanges(): boolean;
     commit(message: string): void;
     push(branchName: string): void;
-    getDefaultBranch(): string;
+    getDefaultBranch(): {
+        branch: string;
+        method: string;
+    };
 }
 export declare function sanitizeBranchName(fileName: string): string;

package/dist/git-ops.js

@@ -1,6 +1,7 @@
 import { execSync } from 'node:child_process';
-import { rmSync, existsSync, mkdirSync, writeFileSync } from 'node:fs';
+import { rmSync, existsSync, mkdirSync, writeFileSync, readFileSync } from 'node:fs';
 import { join } from 'node:path';
+import { escapeShellArg } from './shell-utils.js';
 export class GitOps {
     workDir;
     dryRun;
@@ -22,23 +23,46 @@ export class GitOps {
         mkdirSync(this.workDir, { recursive: true });
     }
     clone(gitUrl) {
-        this.exec(`git clone "${gitUrl}" .`, this.workDir);
+        this.exec(`git clone ${escapeShellArg(gitUrl)} .`, this.workDir);
     }
     createBranch(branchName) {
         try {
             // Check if branch exists on remote
-            this.exec(`git fetch origin ${branchName}`, this.workDir);
-            this.exec(`git checkout ${branchName}`, this.workDir);
+            this.exec(`git fetch origin ${escapeShellArg(branchName)}`, this.workDir);
+            this.exec(`git checkout ${escapeShellArg(branchName)}`, this.workDir);
         }
         catch {
             // Branch doesn't exist, create it
-            this.exec(`git checkout -b ${branchName}`, this.workDir);
+            this.exec(`git checkout -b ${escapeShellArg(branchName)}`, this.workDir);
         }
     }
     writeFile(fileName, content) {
+        if (this.dryRun) {
+            return;
+        }
         const filePath = join(this.workDir, fileName);
         writeFileSync(filePath, content + '\n', 'utf-8');
     }
+    /**
+     * Checks if writing the given content would result in changes.
+     * Works in both normal and dry-run modes by comparing content directly.
+     */
+    wouldChange(fileName, content) {
+        const filePath = join(this.workDir, fileName);
+        const newContent = content + '\n';
+        if (!existsSync(filePath)) {
+            // File doesn't exist, so writing it would be a change
+            return true;
+        }
+        try {
+            const existingContent = readFileSync(filePath, 'utf-8');
+            return existingContent !== newContent;
+        }
+        catch {
+            // If we can't read the file, assume it would change
+            return true;
+        }
+    }
     hasChanges() {
         const status = this.exec('git status --porcelain', this.workDir);
         return status.length > 0;
@@ -48,13 +72,13 @@ export class GitOps {
             return;
         }
         this.exec('git add -A', this.workDir);
-        this.exec(`git commit -m "${message}"`, this.workDir);
+        this.exec(`git commit -m ${escapeShellArg(message)}`, this.workDir);
     }
     push(branchName) {
         if (this.dryRun) {
             return;
         }
-        this.exec(`git push -u origin ${branchName}`, this.workDir);
+        this.exec(`git push -u origin ${escapeShellArg(branchName)}`, this.workDir);
     }
     getDefaultBranch() {
         try {
@@ -62,7 +86,7 @@ export class GitOps {
             const remoteInfo = this.exec('git remote show origin', this.workDir);
             const match = remoteInfo.match(/HEAD branch: (\S+)/);
             if (match) {
-                return match[1];
+                return { branch: match[1], method: 'remote HEAD' };
             }
         }
         catch {
@@ -71,19 +95,19 @@ export class GitOps {
         // Try common default branch names
         try {
             this.exec('git rev-parse --verify origin/main', this.workDir);
-            return 'main';
+            return { branch: 'main', method: 'origin/main exists' };
         }
         catch {
             // Try master
         }
         try {
             this.exec('git rev-parse --verify origin/master', this.workDir);
-            return 'master';
+            return { branch: 'master', method: 'origin/master exists' };
         }
         catch {
             // Default to main
         }
-        return 'main';
+        return { branch: 'main', method: 'fallback default' };
     }
 }
 export function sanitizeBranchName(fileName) {

package/dist/index.js

@@ -2,11 +2,21 @@
 import { program } from 'commander';
 import { resolve, join } from 'node:path';
 import { existsSync } from 'node:fs';
+import { randomUUID } from 'node:crypto';
 import { loadConfig, convertContentToString } from './config.js';
 import { parseGitUrl, getRepoDisplayName } from './repo-detector.js';
 import { GitOps, sanitizeBranchName } from './git-ops.js';
 import { createPR } from './pr-creator.js';
 import { logger } from './logger.js';
+/**
+ * Generates a unique workspace directory name to avoid collisions
+ * when multiple CLI instances run concurrently.
+ */
+function generateWorkspaceName(index) {
+    const timestamp = Date.now();
+    const uuid = randomUUID().slice(0, 8);
+    return `repo-${timestamp}-${index}-${uuid}`;
+}
 program
     .name('json-config-sync')
     .description('Sync JSON configuration files across multiple repositories')
@@ -45,7 +55,7 @@ async function main() {
             continue;
         }
         const repoName = getRepoDisplayName(repoInfo);
-        const workDir = resolve(join(options.workDir ?? './tmp', `repo-${i}`));
+        const workDir = resolve(join(options.workDir ?? './tmp', generateWorkspaceName(i)));
         try {
             logger.progress(current, repoName, 'Processing...');
             const gitOps = new GitOps({ workDir, dryRun: options.dryRun });
@@ -56,22 +66,29 @@ async function main() {
             logger.info('Cloning repository...');
             gitOps.clone(repoInfo.gitUrl);
             // Step 3: Get default branch for PR base
-            const baseBranch = gitOps.getDefaultBranch();
-            logger.info(`Default branch: ${baseBranch}`);
+            const { branch: baseBranch, method: detectionMethod } = gitOps.getDefaultBranch();
+            logger.info(`Default branch: ${baseBranch} (detected via ${detectionMethod})`);
             // Step 4: Create/checkout branch
             logger.info(`Switching to branch: ${branchName}`);
             gitOps.createBranch(branchName);
+            // Determine if creating or updating (check BEFORE writing)
+            const action = existsSync(join(workDir, config.fileName)) ? 'update' : 'create';
             // Step 5: Write config file
             logger.info(`Writing ${config.fileName}...`);
             const fileContent = convertContentToString(repoConfig.content, config.fileName);
-            gitOps.writeFile(config.fileName, fileContent);
             // Step 6: Check for changes
-            if (!gitOps.hasChanges()) {
+            // In dry-run mode, compare content directly since we don't write the file
+            // In normal mode, write the file first then check git status
+            const wouldHaveChanges = options.dryRun
+                ? gitOps.wouldChange(config.fileName, fileContent)
+                : (() => {
+                    gitOps.writeFile(config.fileName, fileContent);
+                    return gitOps.hasChanges();
+                })();
+            if (!wouldHaveChanges) {
                 logger.skip(current, repoName, 'No changes detected');
                 continue;
             }
-            // Determine if creating or updating
-            const action = existsSync(join(workDir, config.fileName)) ? 'update' : 'create';
             // Step 7: Commit
             logger.info('Committing changes...');
             gitOps.commit(`chore: sync ${config.fileName}`);

package/dist/pr-creator.d.ts

@@ -1,4 +1,5 @@
 import { RepoInfo } from './repo-detector.js';
+export { escapeShellArg } from './shell-utils.js';
 export interface PROptions {
     repoInfo: RepoInfo;
     branchName: string;
@@ -13,4 +14,5 @@ export interface PRResult {
     success: boolean;
     message: string;
 }
+export declare function formatPRBody(fileName: string, action: 'create' | 'update'): string;
 export declare function createPR(options: PROptions): Promise<PRResult>;

package/dist/pr-creator.js

@@ -2,10 +2,9 @@ import { execSync } from 'node:child_process';
 import { readFileSync, existsSync, writeFileSync, unlinkSync } from 'node:fs';
 import { join, dirname } from 'node:path';
 import { fileURLToPath } from 'node:url';
-function escapeShellArg(arg) {
-    // Use single quotes and escape any single quotes within
-    return `'${arg.replace(/'/g, "'\\''")}'`;
-}
+import { escapeShellArg } from './shell-utils.js';
+// Re-export for backwards compatibility and testing
+export { escapeShellArg } from './shell-utils.js';
 function loadPRTemplate() {
     // Try to find PR.md in the project root
     const __filename = fileURLToPath(import.meta.url);
@@ -24,7 +23,7 @@ Automated sync of \`{{FILE_NAME}}\` configuration file.
 ---
 *This PR was automatically generated by json-config-sync*`;
 }
-function formatPRBody(fileName, action) {
+export function formatPRBody(fileName, action) {
     const template = loadPRTemplate();
     const actionText = action === 'create' ? 'Created' : 'Updated';
     return template

package/dist/repo-detector.js

@@ -1,7 +1,7 @@
 export function detectRepoType(gitUrl) {
-    // Use strict pattern matching to prevent URL substring attacks
-    // Check for Azure DevOps SSH format: git@ssh.dev.azure.com:v3/...
-    if (/^git@ssh\.dev\.azure\.com:v3\//.test(gitUrl)) {
+    // Check for Azure DevOps SSH format: git@ssh.dev.azure.com:...
+    // Use broader pattern to catch malformed Azure URLs
+    if (/^git@ssh\.dev\.azure\.com:/.test(gitUrl)) {
         return 'azure-devops';
     }
     // Check for Azure DevOps HTTPS format: https://dev.azure.com/...
@@ -19,7 +19,8 @@ export function parseGitUrl(gitUrl) {
 }
 function parseGitHubUrl(gitUrl) {
     // Handle SSH format: git@github.com:owner/repo.git
-    const sshMatch = gitUrl.match(/git@github\.com:([^/]+)\/([^.]+)(?:\.git)?/);
+    // Use (.+?) with end anchor to handle repo names with dots (e.g., my.repo.git)
+    const sshMatch = gitUrl.match(/git@github\.com:([^/]+)\/(.+?)(?:\.git)?$/);
     if (sshMatch) {
         return {
             type: 'github',
@@ -29,7 +30,8 @@ function parseGitHubUrl(gitUrl) {
         };
     }
     // Handle HTTPS format: https://github.com/owner/repo.git
-    const httpsMatch = gitUrl.match(/https?:\/\/github\.com\/([^/]+)\/([^.]+)(?:\.git)?/);
+    // Use (.+?) with end anchor to handle repo names with dots
+    const httpsMatch = gitUrl.match(/https?:\/\/github\.com\/([^/]+)\/(.+?)(?:\.git)?$/);
     if (httpsMatch) {
         return {
             type: 'github',
@@ -42,7 +44,8 @@ function parseGitHubUrl(gitUrl) {
 }
 function parseAzureDevOpsUrl(gitUrl) {
     // Handle SSH format: git@ssh.dev.azure.com:v3/organization/project/repo
-    const sshMatch = gitUrl.match(/git@ssh\.dev\.azure\.com:v3\/([^/]+)\/([^/]+)\/([^.]+)/);
+    // Use (.+?) with end anchor to handle repo names with dots
+    const sshMatch = gitUrl.match(/git@ssh\.dev\.azure\.com:v3\/([^/]+)\/([^/]+)\/(.+?)(?:\.git)?$/);
     if (sshMatch) {
         return {
             type: 'azure-devops',
@@ -54,7 +57,8 @@ function parseAzureDevOpsUrl(gitUrl) {
         };
     }
     // Handle HTTPS format: https://dev.azure.com/organization/project/_git/repo
-    const httpsMatch = gitUrl.match(/https?:\/\/dev\.azure\.com\/([^/]+)\/([^/]+)\/_git\/([^.]+)/);
+    // Use (.+?) with end anchor to handle repo names with dots
+    const httpsMatch = gitUrl.match(/https?:\/\/dev\.azure\.com\/([^/]+)\/([^/]+)\/_git\/(.+?)(?:\.git)?$/);
     if (httpsMatch) {
         return {
             type: 'azure-devops',

package/dist/shell-utils.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Escapes a string for safe use as a shell argument.
+ * Uses single quotes and escapes any single quotes within the string.
+ *
+ * @param arg - The string to escape
+ * @returns The escaped string wrapped in single quotes
+ */
+export declare function escapeShellArg(arg: string): string;

package/dist/shell-utils.js

@@ -0,0 +1,12 @@
+/**
+ * Escapes a string for safe use as a shell argument.
+ * Uses single quotes and escapes any single quotes within the string.
+ *
+ * @param arg - The string to escape
+ * @returns The escaped string wrapped in single quotes
+ */
+export function escapeShellArg(arg) {
+    // Use single quotes and escape any single quotes within
+    // 'string' -> quote ends, escaped quote, quote starts again
+    return `'${arg.replace(/'/g, "'\\''")}'`;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aspruyt/json-config-sync",
-  "version": "2.0.1",
+  "version": "2.0.2",
   "description": "CLI tool to sync JSON or YAML configuration files across multiple GitHub and Azure DevOps repositories",
   "type": "module",
   "main": "dist/index.js",
@@ -26,12 +26,9 @@
     "build": "tsc",
     "start": "node dist/index.js",
     "dev": "ts-node src/index.ts",
-    "test": "node --import tsx --test src/config.test.ts src/merge.test.ts src/env.test.ts",
+    "test": "node --import tsx --test src/config.test.ts src/merge.test.ts src/env.test.ts src/repo-detector.test.ts src/pr-creator.test.ts",
     "test:integration": "npm run build && node --import tsx --test src/integration.test.ts",
-    "prepublishOnly": "npm run build",
-    "release:patch": "npm version patch && git push --follow-tags",
-    "release:minor": "npm version minor && git push --follow-tags",
-    "release:major": "npm version major && git push --follow-tags"
+    "prepublishOnly": "npm run build"
   },
   "keywords": [
     "config",