npm - @deepv-code/safe-npm - Versions diffs - 0.1.0 → 0.1.1 - Mend

@deepv-code/safe-npm 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/cli/check.d.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 export interface CheckOptions {
     isForce?: boolean;
     install?: boolean;
+    isGlobal?: boolean;
 }
 export declare function checkPackages(packages: string[], options?: CheckOptions): Promise<boolean>;

package/dist/cli/check.js CHANGED Viewed

@@ -114,7 +114,11 @@ export async function checkPackages(packages, options = {}) {
             const shouldInstall = await promptInstallCorrect(result.suggestedPackage);
             if (shouldInstall) {
                 console.log(chalk.green(`\n${t('installingCorrect')}: ${result.suggestedPackage}...`));
-                await runNpm(['install', result.suggestedPackage]);
+                const installArgs = ['install', result.suggestedPackage];
+                if (options.isGlobal) {
+                    installArgs.push('-g');
+                }
+                await runNpm(installArgs);
                 // Return false to stop the original (malicious) installation logic
                 // But we essentially succeeded in the user's intent.
                 // However, to keep flow clean, we exit the process here or return false to block original.

package/dist/index.js CHANGED Viewed

@@ -62,6 +62,7 @@ async function main() {
         const safe = await checkPackages(parsed.packages, {
             isForce: parsed.isForce,
             install: true,
+            isGlobal: parsed.isGlobal,
         });
         if (!safe) {
             process.exit(1);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@deepv-code/safe-npm",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "description": "A security-focused npm wrapper that scans packages before installation",
   "main": "dist/index.js",
   "type": "module",
@@ -11,7 +11,11 @@
     "start": "node dist/index.js",
     "build": "tsc",
     "dev": "tsc -w",
-    "test": "vitest"
+    "test": "vitest",
+    "prepublishOnly": "npm run build && npm run test",
+    "patch": "npm version patch && npm publish",
+    "minor": "npm version minor && npm publish",
+    "major": "npm version major && npm publish"
   },
   "keywords": [
     "npm",