npm - @bobfrankston/npmglobalize - Versions diffs - 1.0.112 → 1.0.113 - Mend

@bobfrankston/npmglobalize 1.0.112 → 1.0.113

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/lib.js +111 -11
package/package.json +1 -1

package/lib.js CHANGED Viewed

@@ -1406,6 +1406,77 @@ function getSecurityNpmignorePatterns() {
 function lineHasPattern(lines, pattern) {
     return lines.some(line => line === pattern || line === pattern.replace('/', ''));
 }
+/** Detect OAuth credentials.json type: "installed" (public app ID, safe to include) or "web" (has real secret, must ignore).
+ *  Returns null if no credentials.json exists or it can't be parsed. */
+function detectCredentialsType(cwd) {
+    const credPath = path.join(cwd, 'credentials.json');
+    if (!fs.existsSync(credPath))
+        return null;
+    try {
+        const content = fs.readFileSync(credPath, 'utf-8');
+        const parsed = JSON.parse(content);
+        if (parsed.installed)
+            return 'installed';
+        if (parsed.web)
+            return 'web';
+        return null; // Unknown format (e.g., Microsoft OAuth)
+    }
+    catch {
+        return null;
+    }
+}
+/** Ensure credentials.json is handled correctly in ignore files based on OAuth type.
+ *  "installed" apps: client_secret is just a public app registration ID — must be INCLUDED.
+ *  "web" apps: client_secret is a real secret — must be IGNORED. */
+function conformCredentialsIgnore(cwd) {
+    const credType = detectCredentialsType(cwd);
+    if (!credType)
+        return;
+    for (const ignoreFile of ['.gitignore', '.npmignore']) {
+        const ignorePath = path.join(cwd, ignoreFile);
+        if (!fs.existsSync(ignorePath))
+            continue;
+        const content = fs.readFileSync(ignorePath, 'utf-8');
+        const lines = content.split('\n');
+        const trimmed = lines.map(l => l.trim());
+        if (credType === 'installed') {
+            // Ensure credentials.json is NOT ignored — add negation if it's being blocked
+            const hasBlock = trimmed.some(l => l === 'credentials.json' || l === 'credentials.json/');
+            const hasNegation = trimmed.some(l => l === '!credentials.json');
+            if (hasBlock && !hasNegation) {
+                // Add negation after the blocking line
+                const newLines = [...lines];
+                const blockIdx = trimmed.findIndex(l => l === 'credentials.json' || l === 'credentials.json/');
+                newLines.splice(blockIdx + 1, 0, '!credentials.json');
+                fs.writeFileSync(ignorePath, newLines.join('\n'));
+                console.log(colors.cyan(`  ✓ ${ignoreFile}: added !credentials.json (installed app — public OAuth app ID)`));
+            }
+            else if (!hasBlock && !hasNegation) {
+                // No block exists, but add negation defensively in case a broader pattern catches it
+                const newContent = content.trimEnd() + '\n!credentials.json\n';
+                fs.writeFileSync(ignorePath, newContent);
+                console.log(colors.cyan(`  ✓ ${ignoreFile}: added !credentials.json (installed app — public OAuth app ID)`));
+            }
+        }
+        else if (credType === 'web') {
+            // Ensure credentials.json IS ignored
+            const hasBlock = trimmed.some(l => l === 'credentials.json');
+            if (!hasBlock) {
+                const newContent = content.trimEnd() + '\ncredentials.json\n';
+                fs.writeFileSync(ignorePath, newContent);
+                console.log(colors.cyan(`  ✓ ${ignoreFile}: added credentials.json to ignore (web app — real secret)`));
+            }
+            // Remove any negation that would un-ignore it
+            const negIdx = trimmed.findIndex(l => l === '!credentials.json');
+            if (negIdx >= 0) {
+                const newLines = [...lines];
+                newLines.splice(negIdx, 1);
+                fs.writeFileSync(ignorePath, newLines.join('\n'));
+                console.log(colors.yellow(`  ✓ ${ignoreFile}: removed !credentials.json (web app — must not be public)`));
+            }
+        }
+    }
+}
 /** Check if ignore files need updates; separates security (auto-fix) from recommended (prompt) */
 function checkIgnoreFiles(cwd, options) {
     const changes = [];
@@ -2832,29 +2903,58 @@ export async function globalize(cwd, options = {}, configOptions = {}) {
                     }
                 }
                 else if (install) {
-                    waitForNpmVersion(pkgName, pkgVersion);
-                    console.log(`Installing ${pkgName}@${pkgVersion} globally from registry...`);
-                    const registryInstallResult = installGlobalWithRetry(`${pkgName}@${pkgVersion}`, cwd);
-                    if (registryInstallResult.success) {
-                        console.log(colors.green(`✓ Installed globally: ${pkgName}@${pkgVersion}`));
+                    // Quick check: does this version actually exist on npm?
+                    const vCheck = spawnSafe('npm', ['view', `${pkgName}@${pkgVersion}`, 'version'], {
+                        shell: process.platform === 'win32',
+                        stdio: ['pipe', 'pipe', 'pipe'],
+                        encoding: 'utf-8'
+                    });
+                    const versionOnNpm = vCheck.status === 0 && vCheck.stdout?.trim() === pkgVersion;
+                    if (versionOnNpm) {
+                        console.log(`Installing ${pkgName}@${pkgVersion} globally from registry...`);
+                        const registryInstallResult = installGlobalWithRetry(`${pkgName}@${pkgVersion}`, cwd);
+                        if (registryInstallResult.success) {
+                            console.log(colors.green(`✓ Installed globally: ${pkgName}@${pkgVersion}`));
+                        }
+                        else {
+                            console.error(colors.red(`✗ Global install failed`));
+                            console.error(colors.yellow(`  Try running manually: npm install -g ${pkgName}@${pkgVersion}`));
+                        }
                     }
                     else {
-                        console.error(colors.red(`✗ Global install failed`));
-                        console.error(colors.yellow(`  Try running manually: npm install -g ${pkgName}@${pkgVersion}`));
+                        console.log(colors.yellow(`${pkgName}@${pkgVersion} not found on npm — installing from local directory.`));
+                        console.log(colors.dim('  Use -m "message" to publish this version to npm.'));
+                        const localResult = runCommand('npm', ['install', '-g', '.'], { cwd, silent: false, showCommand: true });
+                        if (localResult.success) {
+                            console.log(colors.green(`✓ Installed globally from local: ${pkgName}@${pkgVersion}`));
+                        }
+                        else {
+                            console.error(colors.red(`✗ Local install failed`));
+                            console.error(colors.yellow('  Try running manually: npm install -g .'));
+                        }
                     }
                 }
                 if (wsl) {
-                    const wslArgs = link ? ['npm', 'install', '-g', '.'] : ['npm', 'install', '-g', `${pkgName}@${pkgVersion}`];
-                    if (!link && !install)
+                    // Check if version is on npm for registry-based WSL install
+                    const useLocal = link || (() => {
+                        const vc = spawnSafe('npm', ['view', `${pkgName}@${pkgVersion}`, 'version'], {
+                            shell: process.platform === 'win32',
+                            stdio: ['pipe', 'pipe', 'pipe'],
+                            encoding: 'utf-8'
+                        });
+                        return !(vc.status === 0 && vc.stdout?.trim() === pkgVersion);
+                    })();
+                    const wslArgs = useLocal ? ['npm', 'install', '-g', '.'] : ['npm', 'install', '-g', `${pkgName}@${pkgVersion}`];
+                    if (!useLocal)
                         waitForNpmVersion(pkgName, pkgVersion);
-                    console.log(`Installing ${pkgName} in WSL${link ? ' (link)' : ' from registry'}...`);
+                    console.log(`Installing ${pkgName} in WSL${useLocal ? ' (local)' : ' from registry'}...`);
                     const wslInstallResult = runCommand('wsl', wslArgs, { cwd, silent: false, showCommand: true });
                     if (wslInstallResult.success) {
                         console.log(colors.green(`✓ Installed in WSL: ${pkgName}@${pkgVersion}`));
                     }
                     else {
                         console.error(colors.red(`✗ WSL install failed`));
-                        console.error(colors.yellow('  Try running manually in WSL: npm install -g ' + (link ? '.' : pkgName)));
+                        console.error(colors.yellow('  Try running manually in WSL: npm install -g ' + (useLocal ? '.' : pkgName)));
                     }
                 }
             }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@bobfrankston/npmglobalize",
-  "version": "1.0.112",
+  "version": "1.0.113",
   "description": "Transform file: dependencies to npm versions for publishing",
   "main": "index.js",
   "type": "module",