npm - @codyswann/lisa - Versions diffs - 1.92.0 → 1.94.0 - Mend

@codyswann/lisa 1.92.0 → 1.94.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/package.json CHANGED Viewed

@@ -78,7 +78,7 @@
     "lodash": ">=4.18.1"
   },
   "name": "@codyswann/lisa",
-  "version": "1.92.0",
+  "version": "1.94.0",
   "description": "Claude Code governance framework that applies guardrails, guidance, and automated enforcement to projects",
   "main": "dist/index.js",
   "exports": {

package/plugins/lisa/.claude-plugin/plugin.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "lisa",
-  "version": "1.92.0",
+  "version": "1.94.0",
   "description": "Universal governance — agents, skills, commands, hooks, and rules for all projects",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-cdk/.claude-plugin/plugin.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "lisa-cdk",
-  "version": "1.92.0",
+  "version": "1.94.0",
   "description": "AWS CDK-specific plugin",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-expo/.claude-plugin/plugin.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "lisa-expo",
-  "version": "1.92.0",
+  "version": "1.94.0",
   "description": "Expo/React Native-specific skills, agents, rules, and MCP servers",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-nestjs/.claude-plugin/plugin.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "lisa-nestjs",
-  "version": "1.92.0",
+  "version": "1.94.0",
   "description": "NestJS-specific skills (GraphQL, TypeORM) and hooks (migration write-protection)",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-rails/.claude-plugin/plugin.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "lisa-rails",
-  "version": "1.92.0",
+  "version": "1.94.0",
   "description": "Ruby on Rails-specific hooks — RuboCop linting/formatting and ast-grep scanning on edit",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-typescript/.claude-plugin/plugin.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "lisa-typescript",
-  "version": "1.92.0",
+  "version": "1.94.0",
   "description": "TypeScript-specific hooks — Prettier formatting, ESLint linting, and ast-grep scanning on edit",
   "author": {
     "name": "Cody Swann"

package/typescript/copy-contents/.husky/pre-push CHANGED Viewed

@@ -272,6 +272,20 @@ fi
 #   fi
 # fi
+# Project-specific extension slot (see .husky/pre-push.local).
+# This hook sources pre-push.local if present so per-project checks
+# (e.g., app-boot verification, schema validation) survive Lisa template
+# updates without editing the governance block above.
+if [ -f .husky/pre-push.local ]; then
+  echo "🔌 Running project-specific pre-push checks (.husky/pre-push.local)..."
+  # shellcheck source=/dev/null
+  . .husky/pre-push.local
+  if [ $? -ne 0 ]; then
+    echo "❌ Project-specific pre-push checks failed."
+    exit 1
+  fi
+fi
 exit 0
 # END: AI GUARDRAILS

package/typescript/copy-overwrite/audit.ignore.config.json CHANGED Viewed

@@ -117,6 +117,26 @@
       "id": "GHSA-fvcv-3m26-pcqx",
       "package": "axios",
       "reason": "Cloud metadata exfiltration requires attacker-controlled outbound request header values. Keep this exclusion only if axios request headers are never sourced from untrusted input."
+    },
+    {
+      "id": "GHSA-2v35-w6hq-6mfw",
+      "package": "@xmldom/xmldom",
+      "reason": "Uncontrolled recursion in XML serialization leading to DoS. Transitive via expo > @expo/config-plugins > @expo/plist; only serializes developer-authored plist files at build/prebuild time, no runtime code path parses or serializes attacker-controlled XML."
+    },
+    {
+      "id": "GHSA-f6ww-3ggp-fr8h",
+      "package": "@xmldom/xmldom",
+      "reason": "XML injection via unvalidated DocumentType serialization. Transitive via expo > @expo/config-plugins > @expo/plist; only serializes developer-authored plist files at build/prebuild time, no runtime code path serializes attacker-controlled XML."
+    },
+    {
+      "id": "GHSA-x6wf-f3px-wcqx",
+      "package": "@xmldom/xmldom",
+      "reason": "XML node injection via unvalidated processing instruction serialization. Transitive via expo > @expo/config-plugins > @expo/plist; only serializes developer-authored plist files at build/prebuild time, no runtime code path serializes attacker-controlled XML."
+    },
+    {
+      "id": "GHSA-j759-j44w-7fr8",
+      "package": "@xmldom/xmldom",
+      "reason": "XML node injection via unvalidated comment serialization. Transitive via expo > @expo/config-plugins > @expo/plist; only serializes developer-authored plist files at build/prebuild time, no runtime code path serializes attacker-controlled XML."
     }
   ]
 }

package/typescript/create-only/.husky/pre-push.local ADDED Viewed

@@ -0,0 +1,17 @@
+# Project-specific pre-push checks
+#
+# This file is sourced by .husky/pre-push after Lisa's governance block.
+# Add commands here that are unique to this project — Lisa will never
+# overwrite or delete this file on future template updates.
+#
+# The file runs as a sourced POSIX script. Any non-zero exit aborts the push.
+#
+# Examples:
+#   # NestJS AppModule + GraphQL schema boot verification
+#   $RUNNER verify:boot || exit 1
+#
+#   # Project-specific migration lint
+#   $RUNNER migrations:check || exit 1
+#
+# $RUNNER is set by the parent hook based on the detected package manager
+# (bun run / yarn run / npm run).